Arktomys
DE EN

Privacy Policy

The following text is a translation of the German version, provided for your convenience. In the event of any inconsistency between this translation and the German version, the German version shall prevail.

This privacy notice explains the type, scope and purpose of collecting and using personal data on our website www.arktomys.ch.

We follow the Swiss Federal Act on Data Protection (FADP) and the related ordinances. Our services are primarily aimed at companies, organizations and private persons based in Switzerland. Should we, in individual cases (e.g. when processing personal data of EU persons), fall within the scope of the EU General Data Protection Regulation (GDPR), the relevant provisions of the GDPR shall additionally apply. Corresponding references are explicitly indicated in this privacy policy.

With this privacy policy, we particularly fulfill our duty to inform under Art. 19 FADP and — where applicable — Art. 13 and 14 GDPR. We also inform you about other aspects of how we handle data, including data provided to us in the context of consulting mandates.

1. Controller

The controller responsible for data processing on this website is:

Dominic Schuhmacher
Schaffhauserstrasse 76
8302 Kloten
Switzerland
Email: privacy@arktomys.ch

2. Visiting the website

When you visit our website purely for information purposes, we generally do not collect any personal data, except for the data that your browser technically transmits in order to display the website. This may include in particular:

  • IP address
  • Date and time of the request
  • URL of the page retrieved
  • Referrer URL (previously visited page)
  • Browser and operating system used
  • Transferred data volume and status messages

These data are stored in server log files by our hosting provider. Processing is carried out to ensure the technical operation, stability and security of our website. To the extent the GDPR applies, the legal basis is Art. 6(1)(f) GDPR (legitimate interest in the security and functionality of the website). Log files are stored only as long as necessary for security and error analysis purposes, and are then deleted or anonymized.

No tracking tools and no web analytics services are used. We use only technically necessary cookies. These serve the proper functioning of the contact form and are described in the next section. Where the GDPR applies, we rely on Art. 6(1)(f) GDPR (legitimate interest in a secure and functional online service) for the use of technically necessary cookies.

3. Contact form

If you contact us via the contact form provided on the website, the following information may be collected:

  • Name
  • Email address
  • Telephone number (optional)
  • Topic
  • Description (your message)
  • Objective
  • Services of interest
  • Preferred times for an online meeting

These personal data are processed exclusively for the following purposes:

  • Responding to your inquiry
  • Preparing and carrying out a potential collaboration or consulting mandate
  • Internal administration and documentation of the communication

Providing this data is voluntary. However, without the information marked as mandatory fields, we may not be able to respond to your inquiry or only to a limited extent. Where the GDPR applies, we rely on Art. 6(1)(b) GDPR (pre-contractual measures and performance of a contract) for inquiries in view of a mandate, and on Art. 6(1)(f) GDPR (legitimate interest) for general inquiries.

3.1 Third-party services

To operate the contact form, we rely on services whose servers are located outside Switzerland and the EEA, as described below. If you do not wish to use the contact form, you can contact us at privacy@arktomys.ch. We are happy to inform you about options for end-to-end encrypted communication with us (see also Section 4.1).

Web3Forms

For the technical handling of the contact form, we use Web3Forms, a form backend service. According to the provider, form contents are not stored but forwarded directly to our email address. However, technical log data (e.g. IP address, timestamp) are temporarily stored in order to prevent abuse and to ensure the stability of the service.

Based on its own statements, Web3Forms uses the cloud infrastructure of Amazon Web Services (AWS) on servers in the USA for processing. This constitutes a data transfer to a third country without a level of data protection recognized as adequate by Switzerland or the EU. Web3Forms does, however, have a privacy-friendly Privacy Policy.

In addition, our form page sets a technically necessary cookie via the integration of the Web3Forms script.

hCaptcha

Our contact form uses hCaptcha, a service of Intuition Machines, Inc., USA, to prevent automated spam and bot traffic. hCaptcha analyzes certain usage information to determine whether the access is made by a natural person or an automated system.

For this purpose, hCaptcha may process, among other things, the following information:

  • IP address
  • Device and browser information
  • Mouse movements, keyboard actions, time spent on the page
  • Technical cookies or similar technologies

This information is transmitted to and processed on hCaptcha's servers in the USA. hCaptcha promotes a privacy-friendly design of its service. Their GDPR Compliance page contains various details that are also relevant for Swiss privacy protection. Without hCaptcha, abuse of the contact form would be significantly easier; we therefore use the service to protect both our systems and other users.

To the extent that our use of Web3Forms and hCaptcha falls under the GDPR, we point out that both providers offer appropriate safeguards within the meaning of Art. 46 GDPR (e.g. standard contractual clauses). Nonetheless, a residual risk of government access in the USA cannot be completely excluded.

4. Data security

We take appropriate technical and organizational measures to protect your personal and other data against loss, misuse, unauthorized access, unauthorized disclosure, alteration or destruction. These include:

  • Use of TLS/SSL encryption (https) for data transmission
  • Use of trustworthy hosting infrastructure
  • Restriction of access to those members of staff who need the data to perform their tasks
  • Storage on encrypted hard drives according to the current state of the art

4.1 Data sets for consulting

We recommend that you send us any data sets you provide in the context of a consulting mandate in encrypted form.

If your data sets contain personal data that are not fully anonymized, we can only accept and process them if there is a legal basis for doing so (typically, the consent of the data subjects). In this case, we conclude with you a corresponding data processing agreement / data processing contract (Art. 9 FADP or Art. 28 GDPR) and insist on encrypted transmission of the data.

You have the following options to send us data in encrypted form:

  • By upload to our Proton Drive (end-to-end and zero-access encrypted)
  • For data sets under 10 MB: as an attachment of an end-to-end encrypted email (S/MIME or PGP/MIME)
  • As an encrypted zip file with a strong password which you send to us via a secure channel

We will be happy to inform you about the details before you transfer any data. Please note that emails that are not end-to-end encrypted, even with transport encryption (TLS) and encryption on mail servers, still carry a residual risk of compromise.

5. Disclosure of data to third parties

We generally do not share personal data with third parties unless:

  • it is technically necessary for the website to function (hosting provider, form, and security services as described in detail in Sections 2 and 3),
  • there is a legal obligation or official order, or
  • you have given your explicit consent.

Where data are transferred to countries without an adequate level of data protection (e.g. the USA), this is done — where the GDPR applies — wherever possible on the basis of appropriate safeguards within the meaning of Art. 44 et seq. GDPR (e.g. standard contractual clauses) and using additional technical and organizational measures where necessary.

Data sets provided to us in the context of a consulting mandate are not shared unless:

  • there is a legal obligation or official order, or
  • in the case of data sets consisting of factual data and fully anonymised personal data, after prior consultation with you, for example in order to use cloud servers for larger data volumes or more complex computations.

In all cases, we ensure that the protection of personal data in particular is preserved.

6. Retention period

We process and store personal data generally only for as long as required for the stated purposes or as long as legal obligations demand. In concrete terms, this means the following.

  • Contact inquiries
    Emails and correspondence from the contact form are stored in our mailbox or internal system as long as needed to answer your request, start or conduct a mandate, and comply with legal retention duties (e.g. tax or commercial law). Afterwards, the data is deleted or fully anonymized.
  • Data in the context of consulting mandates
    Data sets that you provide to us in the context of a consulting mandate, as well as all derived data (statistics, analyses, reports, visualizations), are stored in our internal system for as long as is necessary to carry out the mandate, including any follow-up queries, and to comply with legal retention duties. They are deleted afterwards unless a different arrangement was explicitly agreed.
  • Server log files
    Log data from the hosting provider are generally stored only for a short period and subsequently deleted or anonymized, unless security incidents or technical necessities require longer retention.

7. Your rights

Under the FADP, you have, in particular, the following rights:

  • Right of information
    Request confirmation of whether we process personal data about you and obtain details about that data.
  • Data provision and portability
    Receive certain personal data in a common electronic format or ask us to transfer it to another controller, provided the legal requirements are met.
  • Rectification
    Have inaccurate or incomplete personal data corrected. If accuracy cannot be determined, you can request a note of dispute.
  • Deletion / destruction
    Ask for deletion or destruction when data is processed unlawfully or is no longer required for the stated purposes and no retention duties apply.
  • Restriction of certain processing or disclosure
    Request that certain processing or disclosure activities be halted if they infringe your personality rights without proper justification.

To the extent the GDPR applies, you additionally have in particular the following rights:

  • Right to restriction of processing (Art. 18 GDPR)
  • Right to object to certain processing operations based on Art. 6(1)(e) or (f) GDPR (Art. 21 GDPR)
  • Right to data portability (Art. 20 GDPR), where the legal requirements are met
  • Right to withdraw consent at any time with effect for the future (Art. 7(3) GDPR)
  • Right to lodge a complaint with a competent supervisory authority (Art. 77 GDPR), in particular in the member state of your habitual residence, place of work or place of the alleged infringement.

To exercise your rights, you can contact us using the contact details provided above (Section 1). Please note that the rights mentioned are subject to legal restrictions and may in some cases impair or render impossible the provision of our services.

8. No automated individual decision-making

We do not engage in automated individual decision-making within the meaning of Art. 21 FADP or Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you (no “profiling” in the narrow sense for such purposes).

9. Changes to this privacy policy

We may update this privacy policy at any time, for example if our processing activities change or if new legal requirements or technical developments make this necessary. The most recent version can be found at www.arktomys.ch/en/datenschutzerklaerung.

Last updated: December 2025