Legal
How Gottshalden handles personal data on this website, under Swiss and EU data-protection law.
Last updated: 17 June 2026
Gottshalden (‘we’, ‘us’) operates the website gottshalden.ch and is the controller for the personal data processed through it. You can reach us at servicedesk@gottshalden.ch. Our base is in Horgen, Switzerland.
This policy applies to the public website gottshalden.ch. Our SwissAML application, reached at swissaml.gottshalden.ch, processes client data under its own terms and data-protection arrangements and is not covered here.
We process personal data in accordance with the revised Swiss Federal Act on Data Protection (revFADP / revDSG) and, for visitors in the European Economic Area, the EU General Data Protection Regulation (GDPR). We collect only what we need, use it only for the purposes described below, and do not sell it.
We keep data collection to a minimum. By ‘personal data’ we mean any information that identifies you or could identify you — such as a name, postal address, email address, telephone number, or payment-card details. On this website we collect only your name, email address and message when you contact us; your email address if you join the waitlist; and technical data such as your IP address in our server logs. We do not collect telephone numbers, postal addresses, or payment-card details on this site, and it sets no advertising or tracking cookies.
Our hosting provider records standard technical information for each request — your IP address, the time of the request, the page requested, and your browser type — which is necessary to operate and secure the site. The site is hosted on Microsoft Azure in the Switzerland North region.
We use Plausible Analytics to understand, in aggregate, how the site is used. Plausible is cookieless, stores no personal data, does not track you across other websites, and creates no persistent identifier. The analytics data is hosted in the European Union. Legal basis (GDPR): our legitimate interest in measuring and improving the site.
When you send us an enquiry — through the contact/support form or by email — we process the name, email address, and message you provide, solely to respond to you. Enquiries are handled through Microsoft services (Microsoft 365). Legal basis (GDPR): steps taken at your request before any contract, and our legitimate interest in answering enquiries.
If you ask to be notified when SwissAML becomes available, we store your email address for that single purpose and use it only to send that notification. We keep it until you ask us to remove it or the waitlist closes. Legal basis (GDPR): your consent. The data is stored on Microsoft Azure in the Switzerland North region.
Our forms are protected by Cloudflare Turnstile, which checks that a submission comes from a person rather than an automated script. Turnstile processes technical signals such as your IP address and browser characteristics for this purpose and uses no tracking cookies. Legal basis (GDPR): our legitimate interest in preventing abuse.
This website uses no advertising or analytics cookies. Our analytics is cookieless and we set no cross-site trackers. Any technical storage involved is strictly necessary to operate the site or its forms. Because we set no non-essential cookies, no cookie-consent banner is required under Swiss or EU law.
We use a small number of providers to run the site. Where they process personal data, they do so only as our processors and on our instructions: Microsoft Azure (hosting in Switzerland — server logs and stored waitlist email addresses) and Microsoft (handling of enquiry emails). Two further providers process only limited technical data and build no profile of you: Plausible Analytics (cookieless analytics, European Union) and Cloudflare (Turnstile bot protection on our forms).
Most processing takes place in Switzerland or the European Union. Some providers — notably Cloudflare (bot protection) — may process technical data, such as an IP address, outside Switzerland and the EEA, including in the United States. Where that happens, the transfer is covered by appropriate safeguards such as the European Commission’s Standard Contractual Clauses and the providers’ data-processing terms.
Server logs are retained for a short period for security and operational purposes. Contact and support messages are kept for as long as needed to handle your request and any follow-up. Waitlist email addresses are kept until the notification is sent or you unsubscribe. We do not keep personal data longer than necessary.
You may access the personal data we hold about you, have it corrected or deleted, object to or restrict its processing, and receive it in a portable form. To exercise any of these, contact us at servicedesk@gottshalden.ch. You may also lodge a complaint: in Switzerland with the Federal Data Protection and Information Commissioner (FDPIC), or in the EEA with your local data-protection supervisory authority.
We may update this policy as the site or applicable law changes. The current version is always available on this page, with the date of the last update shown above.
For any question about this policy or your personal data, write to servicedesk@gottshalden.ch.