Introduction

This Privacy Policy informs you about the type, scope, and purpose of processing personal data (hereinafter referred to as ‘data’) within our company, our websites, and our internal processes.

We process personal data in accordance with the Swiss Federal Act on Data Protection (revDSG) and, where applicable, the EU General Data Protection Regulation (GDPR).

Responsible Party / Controller

Responsible for data processing:

CEO Samuel Marti

Gralsen Europe Ltd.
Mythenstrasse 7
6003 Luzern
Switzerland

Phone: +41 41 506 55 50
Email: info@gralsen.com
Website: www.gralsen.com

Categories of Data Processed

– Inventory data (e.g. names, addresses)

– Contact data (e.g. email addresses, phone numbers)

– Content data (e.g. text entries, photos, videos)

– Usage and technical data (e.g. IP addresses, device/browser information, log files, cookies)

Categories of Data Subjects

Data subjects include customers, website visitors, suppliers, service providers, business partners, and employees.

Purposes of Processing

– Responding to inquiries and communication with users

– Fulfillment of contracts and pre-contractual measures

– Operation and security of the website and IT systems

– Web analytics, marketing, and improvement of online services

– Compliance with legal and regulatory obligations

Legal Bases of Processing

Under revDSG: processing is permitted if based on consent, contract, overriding private/public interest, or legal obligations.

Under GDPR (for EU users):

– Consent: Art. 6(1)(a), Art. 7 GDPR

– Contract performance: Art. 6(1)(b) GDPR

– Legal obligation: Art. 6(1)(c) GDPR

– Vital interests: Art. 6(1)(d) GDPR

– Legitimate interests: Art. 6(1)(f) GDPR

Security Measures

We implement appropriate technical and organizational measures in line with Art. 8 revDSG and Art. 32 GDPR to ensure confidentiality, integrity, and availability of data.

Data Sharing with Third Parties

Data will only be shared with third parties where legally permitted, based on consent, due to contractual necessity, or for legitimate interests. Processors are bound by contracts ensuring compliance with Swiss and EU data protection laws.

Data Transfers Abroad

If personal data is transferred outside Switzerland or the EU/EEA, such transfer will only occur if:

– The Swiss Federal Council or the EU Commission recognizes an adequate level of protection, or

– Appropriate safeguards exist (e.g. EU Standard Contractual Clauses, binding corporate rules, or explicit consent).

Rights of Data Subjects

Under Swiss law (revDSG):

– Right of access and information (Art. 25 revDSG)

– Right to rectification (Art. 32 revDSG)

– Right to deletion (Art. 32 revDSG)

– Right to object to data processing (Art. 30 revDSG)

Under GDPR (EU users additionally):

– Right of access (Art. 15 GDPR)

– Right to rectification (Art. 16 GDPR)

– Right to erasure (Art. 17 GDPR)

– Right to restriction (Art. 18 GDPR)

– Right to data portability (Art. 20 GDPR)

– Right to lodge a complaint (Art. 77 GDPR)

Withdrawal of Consent and Objection

You may withdraw consent to processing at any time with effect for the future (Art. 7(3) GDPR). You may object to the processing of your data at any time, in particular for direct marketing (Art. 21 GDPR / Art. 30 revDSG).

Cookies and Tracking

Our website uses cookies and similar technologies:

– Session cookies (deleted after browser close)

– Persistent cookies (remain stored beyond the session)

– First-party cookies (set by us)

– Third-party cookies (set by external providers)

You may disable cookies in your browser settings, but this may limit functionality.

For online marketing opt-outs, see:

– www.aboutads.info/choices (US)

– www.youronlinechoices.com (EU)

Data Retention

We store data only as long as necessary for the stated purposes or as required by Swiss and EU law.

Typical retention obligations:

– Accounting & tax records: 10 years (Swiss Code of Obligations, Art. 958f)

– Contractual documents: until expiration of limitation periods (generally 10 years under Swiss law)

Contractual Services

We process the data of contractual partners to fulfill our obligations (revDSG & Art. 6(1)(b) GDPR), including:

– Master data (names, addresses)

– Contact data (emails, phone numbers)

– Contract data (services, contract content, communications)

– Payment data (bank details, history)

Data is disclosed only when necessary for contract performance.

Administration and Accounting

We process data for administration, accounting, office organization, and compliance with legal obligations.

Legal bases: Art. 6(1)(c) & (f) GDPR / overriding interest under revDSG.

Recipients may include tax authorities, auditors, consultants, and payment service providers.