Privacy
Policy

The controller responsible for the processing of personal data in connection with the platform defencetech.ch ("Platform") is:

This Privacy Policy explains how we collect, process, use, store, and protect personal data in compliance with the Swiss Federal Act on Data Protection (Datenschutzgesetz, nDSG, SR 235.1), the Ordinance on Data Protection (Datenschutzverordnung, DSV, SR 235.11), and, where applicable, the General Data Protection Regulation of the European Union (GDPR, Regulation (EU) 2016/679).

This Privacy Policy applies to all personal data processing activities in connection with the Platform, including the use of the website, the submission of enquiries and listings, and any other interaction with our services.

We collect and process the following categories of personal data, depending on how you interact with the Platform:

2.1 Contact and Enquiry Data

When you submit an enquiry through our contact form or request a listing, we collect: your name, email address, company name, website, company stage, sector, country of operation, description of your needs, and any additional information you choose to provide in the free-text message field.

2.2 Account Data

If you create an account on the Platform, we collect: your name, email address, and password (stored in hashed form only; we do not store plaintext passwords).

2.3 Listing and Directory Data

If you or your organisation are included in the Platform directory, we may process: company name, registered office location, business description, sector and category classifications, company website URL, and company stage information.

2.4 Technical and Usage Data

When you access the Platform, we automatically collect certain technical data, including: IP address, browser type and version, operating system, referring URL, pages viewed, date and time of access, and device identifiers. This data is collected through server logs and is necessary for the secure and reliable operation of the Platform.

2.5 Communication Data

If you contact us by email or other means, we process the content of your communication, including any personal data contained therein, for the purpose of responding to your enquiry and maintaining a record of our correspondence.

We process personal data for the following purposes and on the following legal bases:

• Provision of Platform services: Processing enquiries, displaying listings and directory entries, facilitating introductions between ecosystem participants. Legal basis: performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR; Art. 31(1) nDSG).
• Platform security and integrity: Protecting the Platform from unauthorised access, abuse, fraud, and technical failures. Legal basis: legitimate interest (Art. 6(1)(f) GDPR; Art. 31(1) nDSG).
• Communication: Responding to enquiries and maintaining correspondence records. Legal basis: legitimate interest and/or performance of a contract.
• Legal compliance: Fulfilling legal obligations under Swiss and applicable European law, including data retention obligations and responses to lawful requests from authorities. Legal basis: legal obligation (Art. 6(1)(c) GDPR; Art. 31(1) nDSG).
• Platform improvement: Analysing usage patterns to improve the Platform's functionality, content, and user experience. Legal basis: legitimate interest.

We do not process personal data for automated individual decision-making or profiling within the meaning of Art. 21 nDSG or Art. 22 GDPR.

We do not sell, rent, or trade your personal data. We may share personal data with the following categories of recipients, to the extent necessary:

• Other Platform users: Listing and directory information you submit is visible to other users of the Platform. Contact enquiries are forwarded to the relevant listed party.
• Service providers (data processors): We engage carefully selected third-party service providers for hosting, infrastructure, email delivery, and security services. These providers act as data processors on our behalf and are contractually bound to process personal data only in accordance with our instructions and applicable data protection law.
• Authorities: We may disclose personal data to competent authorities where required by law, court order, or regulatory directive, or where necessary to protect our legitimate interests (e.g., in legal proceedings).
• Professional advisors: Our legal counsel, auditors, and other professional advisors, subject to professional confidentiality obligations.

Personal data is primarily stored and processed in Switzerland, which is recognised by the European Commission as providing an adequate level of data protection (Commission Decision 2000/518/EC, as confirmed).

Where personal data is transferred to countries outside Switzerland or the EEA that do not provide an adequate level of data protection, we ensure that appropriate safeguards are in place, including:

• Standard contractual clauses approved by the European Commission or the Swiss Federal Data Protection and Information Commissioner (FDPIC);
• Binding corporate rules of the data recipient;
• Other legally recognised safeguards under Art. 16-17 nDSG or Art. 46 GDPR.

You may request information about the specific safeguards applied to international data transfers by contacting us at the address provided below.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Specifically:

• Account data: Retained for the duration of the account and for a reasonable period thereafter (generally 12 months) to allow for account reactivation, unless earlier deletion is requested.
• Enquiry and communication data: Retained for the duration of the business relationship and, thereafter, for the period required by Swiss commercial and tax law (generally 10 years pursuant to Art. 958f of the Swiss Code of Obligations).
• Technical and usage data (server logs): Retained for a maximum of 90 days for security and troubleshooting purposes, unless longer retention is required for the investigation of a specific security incident.
• Listing and directory data: Retained for as long as the listing is active and for a reasonable period after removal for archival and legal purposes.

Upon expiration of the applicable retention period, personal data is securely deleted or anonymised.

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction, in accordance with Art. 8 nDSG and Art. 32 GDPR. These measures include:

• Encryption of data in transit (TLS/HTTPS) and, where appropriate, at rest;
• Secure password storage using industry-standard hashing algorithms;
• Access controls and the principle of least privilege for system administration;
• Regular security assessments and updates;
• Contractual data protection obligations imposed on all service providers.

Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but commit to promptly notifying affected data subjects and the competent supervisory authority of any personal data breach in accordance with Art. 24 nDSG and Art. 33-34 GDPR.

Under the Swiss nDSG and, where applicable, the GDPR, you have the following rights:

• Right of access (Art. 25 nDSG / Art. 15 GDPR)
• Right to rectification (Art. 6(5) nDSG / Art. 16 GDPR)
• Right to erasure ("right to be forgotten") (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 28 nDSG / Art. 20 GDPR)
• Right to object to processing (Art. 21 GDPR)
• Right to withdraw consent at any time (Art. 7(3) GDPR)

To exercise any of these rights, please contact us at the address provided in Section 11 below. We will respond to your request within 30 days. We may request verification of your identity before processing your request. In certain circumstances, we may be entitled or required by law to refuse or limit your request.

You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, where applicable, with a competent supervisory authority in the EEA.

The Platform uses only technically necessary cookies that are essential for the proper functioning of the Platform. These cookies are required for authentication, session management, and security purposes. They do not require consent under Swiss law (Art. 45c(2) of the Swiss Telecommunications Act, FMG) or under the GDPR, as they are strictly necessary for the provision of the service.

We do not use:

• Third-party advertising cookies or tracking pixels;
• Analytics or performance cookies that track individual user behaviour;
• Social media plugins or embedded content that transmit data to third-party platforms.

Should we introduce additional cookies or tracking technologies in the future, we will update this Privacy Policy and, where required by law, obtain your prior consent.

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children or minors. If we become aware that we have collected personal data from a person under 18, we will take steps to delete such data promptly. If you believe that we may have collected data from a minor, please contact us immediately.

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or the functionality of the Platform. Material changes will be indicated by updating the "Last updated" date and, where practicable, by notice on the Platform. We encourage you to review this Privacy Policy periodically. Continued use of the Platform following the publication of an amended Privacy Policy constitutes acceptance of the changes.

For any questions regarding this Privacy Policy, to exercise your data subject rights, or to raise a concern about our data processing practices, please contact:

You have the right to lodge a complaint with the competent supervisory authority: