Skip to content

Privacy Policy

Last updated: February 15, 2026

1. Responsible Body

Responsible for data processing on this website is:

Apesec GmbH
c/o Manuel Füllemann
Hubelweg 6
5723 Teufenthal
Switzerland
Email: info@apesec.ch
Phone: +41 56 520 60 67
UID: CHE-196.727.747

2. Scope and Legal Basis

This privacy policy applies to the website apesec.ch and informs you about the nature, scope, and purpose of the collection and use of personal data.

Personal data is processed in accordance with the Swiss Federal Act on Data Protection (FADP/DSG) and, where applicable, the European General Data Protection Regulation (GDPR). Depending on the processing activity, we rely on the following legal bases:

  • Consent (Art. 6(6) FADP / Art. 6(1)(a) GDPR) – e.g., appointment bookings
  • Contract performance or pre-contractual measures (Art. 6(1)(b) GDPR) – e.g., contact inquiries
  • Legitimate interest (Art. 6(1)(f) GDPR) – e.g., website analytics and ensuring operations

3. Categories of Personal Data Collected

Depending on how you use our website, the following categories of personal data may be collected:

  • Technical data: IP address, browser type, operating system, referrer URL, timestamp (via server logs and CDNs)
  • Contact data: Name, email address, message content (via the contact form)
  • Booking data: Name, email address, selected time slot (via Cal.com)
  • Usage data: Page URL, device type, country – anonymized (via Umami)
  • Preferences: Language setting (via LocalStorage)

4. Data Collection on our Website

4.1 Hosting (AWS S3 + CloudFront)

This website is hosted by Amazon Web Services (AWS), with content delivered via AWS CloudFront (Content Delivery Network). When you visit the website, technical data (IP address, browser type, timestamp) is automatically recorded in server logs. AWS processes this data in the Swiss region (Zurich, eu-central-2). AWS holds certifications (ISO 27001, SOC 2) ensuring compliance with data security standards.

Legal basis: Legitimate interest in the secure provision of the website.

4.2 Contact Form

If you send us inquiries via the contact form, your details (name, email, message) are processed via AWS API Gateway and AWS Lambda, and delivered to us as an email through AWS Simple Email Service (SES). All these services run in the Swiss AWS region (Zurich, eu-central-2). Your data is used exclusively to process your inquiry and will not be shared with third parties without your consent.

Legal basis: Pre-contractual measures / legitimate interest.

4.3 Appointment Booking (Cal.com)

We use the service Cal.com (Cal.com Inc.) for scheduling appointments. If you book an appointment via our website, the data entered (name, email, time slot) will be transferred to Cal.com and processed on servers in the EU.

Legal basis: Consent / pre-contractual measures.
Further information: cal.com/privacy

4.4 Web Analytics (Umami)

We use Umami (Umami Software Inc.) to analyze website usage. Umami is a privacy-friendly analytics solution that does not collect personal data, does not use cookies, and does not track users across websites. All collected data (page URL, referrer, device type, country) is anonymized.

Legal basis: Legitimate interest in improving our web presence.

4.5 Cookies and LocalStorage

This website uses no tracking cookies. We exclusively use the browser's LocalStorage to save your preferred language setting (DE/EN). This data is stored locally on your device only and is not transmitted to us.

Legal basis: Legitimate interest in user-friendliness.

4.6 External Resources (CDNs, Fonts)

The following external services are integrated for website display, whereby your IP address is transmitted to the respective provider upon retrieval:

  • Google Fonts (Google LLC, USA) – Web fonts
    policies.google.com/privacy
  • Bootstrap CDN (StackPath/OpenJS Foundation, USA) – CSS/JavaScript libraries

Legal basis: Legitimate interest in the technically sound display of the website.

5. International Data Transfers

In connection with the processing activities described in Section 4, personal data may be transferred to the following countries:

  • Switzerland (AWS Zurich, API Gateway, Lambda, SES) – Data processed in Switzerland
  • EU / EEA (Cal.com) – Adequate level of data protection as determined by the Swiss Federal Council
  • USA (Google Fonts, CDNs) – Transfer based on the Swiss-U.S. Data Privacy Framework and/or Standard Contractual Clauses (SCCs)

We ensure that an adequate level of data protection is guaranteed for any transfer to third countries, whether through adequacy decisions, Standard Contractual Clauses, or other appropriate safeguards.

6. Data Retention

We store personal data only for as long as necessary for the respective purpose or as required by statutory retention obligations:

  • Contact inquiries: Duration of the business relationship, then according to statutory retention periods (up to 10 years)
  • Server logs (CloudFront): Maximum 90 days
  • Appointment bookings (Cal.com): According to Cal.com's retention policies
  • Web analytics (Umami): Anonymized data, no personal reference
  • Language preference: Until the LocalStorage is cleared by the user

7. Data Security

We employ appropriate technical and organizational measures to protect your data against unauthorized access, loss, misuse, or destruction. These include:

  • Encrypted transmission via TLS/SSL (HTTPS)
  • Access controls and authorization concepts
  • Regular review of security measures

Despite these measures, absolute security cannot be guaranteed. We recommend that you also take protective measures yourself (e.g., strong passwords, up-to-date software).

8. Your Rights

You have the following rights regarding your personal data:

  • Right of access: You may request information about your data stored with us free of charge at any time.
  • Right to rectification: You may request the correction of inaccurate data.
  • Right to erasure: You may request the deletion of your data, provided no statutory retention obligations apply.
  • Right to restriction: You may request the restriction of processing.
  • Right to data portability: You may request that we provide your data in a commonly used format.
  • Right to object: You may object to the processing of your data.
  • Withdrawal of consent: You may withdraw consent at any time without affecting the lawfulness of processing carried out prior to the withdrawal.

To exercise your rights, please contact us by email at info@apesec.ch. We will process your request within 30 days.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with the competent supervisory authority:

Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
3003 Bern
Switzerland
www.edoeb.admin.ch

10. Changes to this Privacy Policy

We reserve the right to amend this privacy policy at any time to reflect changes in legal requirements, new technologies, or changes to our services. The current version is published on this website. We recommend that you visit this page regularly.