Privacy Policy

Last updated: 2025-12-04

1. Controller

RiskZone GmbH
Schützenweidstrasse 4
6023 Rothenburg
Switzerland
Email: info@riskzone.ch

2. Data Collected

When you visit this website, the following technically necessary data is collected:

• IP address: Temporarily processed by our hosting provider (Cloudflare Pages) for technical delivery and anonymized after the session ends.
• Browser/User-Agent: Technical information about your browser and operating system.
• Access time: Date and time of the request.

We do not use cookies. Language selection is automatic based on your browser's language setting (Accept-Language header).

3. Purpose and Legal Basis

Processing is performed for the technical provision and security of the website as well as for providing the desired language version.

Legal basis:
Switzerland: Processing is carried out in accordance with the principles of the Data Protection Act (nDSG).
EU/EEA visitors: Legitimate interest pursuant to Art. 6(1)(f) GDPR.

We exclusively use technically necessary processing. We do not use Google Analytics, Matomo, third-party cookies, or social media plugins. No profiling is performed.

4. Hosting

This website is hosted on Cloudflare Pages (Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA). Cloudflare processes data partly as a data processor (Art. 28 GDPR) and partly as an independent controller, insofar as this is necessary for the global provision and security of the CDN. A Data Processing Addendum (DPA) is included in Cloudflare's Terms of Service. Cloudflare uses a global Content Delivery Network (CDN) with data centers worldwide (including EU, Switzerland, and USA). Cloudflare is certified under the EU-US Data Privacy Framework. More information: cloudflare.com/privacypolicy

4.1 International Data Transfers

Data processing may also occur in countries outside Switzerland and the EU/EEA. Where this is the case, we ensure an adequate level of data protection in accordance with Art. 16 of the Swiss nDSG and Art. 45-47 GDPR. Cloudflare and Resend are certified under the EU-US Data Privacy Framework or rely on recognized safeguards such as Standard Contractual Clauses (SCCs).

5. Disclosure to Third Parties

Your data is not shared with third parties, except with our hosting provider Cloudflare for technical delivery (see Section 4).

6. Contact Form

Please do not submit any confidential or particularly sensitive information via the contact form.

Our contact form uses Cloudflare Workers for server-side processing and sends your message via Resend (Resend, Inc., USA) to us.

Data processed:

• Name, email address, company (optional), message
• IP address (for spam protection and rate limiting, stored max. 1 hour)
• Request timestamp

Spam protection: We use Cloudflare Turnstile - a cookie-free, GDPR-compliant captcha alternative. Turnstile analyzes your browser behavior to detect bot traffic without permanently storing personal data.

Rate limiting: Your IP address is temporarily stored (max. 1 hour) in Cloudflare KV to prevent abuse (max. 5 requests per hour).

Email delivery: Transmission occurs TLS-encrypted (transport encryption) via Resend. Resend processes your data as a data processor in accordance with Art. 28 GDPR. More information: resend.com/legal/privacy-policy. For highly sensitive data, we offer secure upload solutions and encrypted communication channels after initial contact.

Your data is used exclusively to respond to your inquiry and is processed according to our internal retention policies.

Legal basis: Consent (Art. 6(1)(a) GDPR / nDSG) by submitting the form.

7. Retention Period

• Server logs (IP, User-Agent): Anonymized by Cloudflare after a maximum of 24 hours.
• Rate limiting (IP address): Automatic deletion after 1 hour (Cloudflare KV).
• Turnstile data: No permanent storage, only temporary analysis during form submission.

8. Your Rights

You have the following rights under GDPR (Art. 15-21) and nDSG:

• Access: Information about which data we process about you.
• Rectification: Correction of incorrect data.
• Erasure: Deletion of your data (unless there is a legal retention obligation).
• Restriction: Restriction of processing.
• Objection: Objection to processing.
• Data portability: Receive your data in structured form.

Contact for data protection inquiries: info@riskzone.ch

You also have the right to lodge a complaint with a data protection supervisory authority:
Switzerland: Federal Data Protection and Information Commissioner (FDPIC), edoeb.admin.ch
EU: Competent supervisory authority in your country (list: edpb.europa.eu)

9. SSL/TLS Encryption

This website uses HTTPS with TLS 1.3 (with fallback to TLS 1.2 for older clients) throughout for secure transmission. You can recognize this by the padlock icon in your browser's address bar.

10. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in legal requirements or website features. The current version is always available at riskzone.ch/en/privacy.