mazdek
Last updated: February 2026

Privacy Policy

Information in accordance with DSG 2023 (in force since 1 September 2023)

The protection of your personal data is of particular concern to us. In this privacy policy, we inform you about the processing of personal data when using our website and our services. This privacy policy applies to the website mazdek.ch and all related services.

1 Data Controller

The party responsible for data processing on this website is:

mazdek GmbH

Kirchbergstrasse 4c

8512 Thundorf

Switzerland

Email: [email protected]

2 Principles of Data Processing (DSG Art. 6)

We process personal data in accordance with the Swiss Data Protection Act (DSG 2023), which came into force on 1 September 2023, as well as the EU General Data Protection Regulation (GDPR), where applicable.

Processing Principles in accordance with DSG Art. 6:

  • Lawfulness: Data is only processed lawfully
  • Good Faith: Processing in good faith
  • Proportionality: Only necessary data is collected
  • Purpose Limitation: Data is only used for stated purposes
  • Accuracy: We ensure data accuracy
  • Storage Limitation: Deletion after purpose fulfilment

We collect and process personal data only:

  • With your express consent (DSG Art. 6 Para. 6)
  • For the performance of a contract or pre-contractual measures
  • To safeguard overriding legitimate interests
  • To fulfil legal obligations

3 Data Collected

3.1 Automatically Collected Data

When you visit our website, the following data is automatically collected:

  • IP address (anonymised)
  • Date and time of access
  • Pages visited
  • Browser type and version
  • Operating system
  • Referrer URL

3.2 Voluntarily Submitted Data

When using our services, you may provide us with the following data:

  • First and last name
  • Email address
  • Phone number
  • Company name
  • Project descriptions and requirements
  • Uploaded files (logos, images, documents)

4 Purpose of Data Processing

We use your data for the following purposes:

  • Provision and improvement of our website
  • Processing contact and project enquiries
  • Execution of projects and contract fulfilment
  • Communication about project status
  • Invoicing and payment processing
  • Sending newsletters (only with your consent)
  • Compliance with legal requirements

5 Cookies

Our website uses cookies. Cookies are small text files that are stored on your device.

Technically Necessary Cookies

These cookies are required for the operation of the website and cannot be disabled. They do not store any personal data.

Analytics Cookies

With your consent, we use analytics cookies to understand and improve the use of our website. You can revoke your consent at any time in the cookie settings.

6 AI-Powered Data Processing

Transparency Notice in accordance with Swiss AI Convention 2025

As an AI agency, we use artificial intelligence to provide our services. We inform you transparently about the type of AI processing.

6.1 Areas of AI Use

  • Project analysis and effort estimation
  • Code generation and optimisation
  • Design assistance and prototyping
  • Quality assurance and testing
  • Documentation creation

6.2 AI Providers and Data Processing

The following AI services are used:

  • Anthropic Claude: USA, Standard Contractual Clauses (SCCs)
  • OpenAI: USA, Standard Contractual Clauses (SCCs)
  • Local Models: Processing on our Swiss servers

6.3 Your Rights Regarding AI Processing

  • You may request AI-free processing (surcharge may apply)
  • You will be informed about AI-generated content
  • No automated individual decisions without human review
  • Your data will not be used for AI training

7 Third-Party Services and Data Transfer

We use the following third-party services:

Hosting (Switzerland)

Our website and customer data are hosted exclusively in Switzerland. Your data generally does not leave Switzerland or the EEA.

Payment Processing (Saferpay/Worldline)

For secure payments, we use Saferpay by Worldline (Switzerland). Payment data is processed PCI-DSS compliant and is not stored on our servers.

Email Service (Resend)

We use Resend (USA) for sending emails. The transfer is based on Standard Contractual Clauses (SCCs).

AI Services (various)

For AI-powered functions, we use various APIs. Details can be found in Section 6 'AI-Powered Data Processing'.

8 International Data Transfer (DSG Art. 16-17)

In accordance with the new Swiss Data Protection Act (DSG 2023), we inform you about data transfers to countries without an adequate level of data protection:

Transfer to the USA

Some of our service providers are based in the USA. The USA is currently not considered a country with an adequate level of data protection. We base the transfer on:

  • EU Standard Contractual Clauses (SCCs) pursuant to DSG Art. 16 Para. 2 lit. d
  • Additional technical and organisational measures
  • Contractual guarantees from the providers

Countries with Adequate Protection

Transfers to EU/EEA states and other countries recognised as adequate by the Federal Council are made without additional safeguards.

9 Newsletter

If you subscribe to our newsletter, we use your email address to send you regular information about our services. Registration is done via the double opt-in procedure.

Your Rights

  • Unsubscribe at any time via the link in each email
  • Withdraw consent by emailing [email protected]
  • No disclosure to third parties for advertising purposes

10 Data Security (DSG Art. 8)

In accordance with DSG Art. 8, we implement appropriate technical and organisational measures to ensure a level of protection appropriate to the risk:

Technical Measures

  • TLS 1.3 encryption
  • Encrypted databases
  • Regular security updates
  • Firewalls and DDoS protection
  • Automated backups

Organisational Measures

  • Need-to-know principle
  • Employee training
  • Access logs
  • Confidentiality agreements
  • Incident response plan

11 Data Breach Procedures (DSG Art. 24)

In the event of a data security breach that is likely to result in a high risk to you, we will inform you without delay in accordance with DSG Art. 24 Para. 4. Additionally:

  • Notification to the FDPIC in the event of high risk within 72 hours
  • Documentation of all incidents
  • Implementation of measures to minimise risk
  • Information about possible consequences and recommended measures

12 Automated Decision-Making (DSG Art. 21)

In accordance with DSG Art. 21, we inform you about automated individual decisions:

Principle

We do not make automated decisions that significantly affect you without human review. All AI-supported analyses are reviewed by our staff.

Should we use automated decisions in the future, you have the right to:

  • Express your point of view
  • Contest the decision
  • Request human review

13 Data Retention

We store your personal data only for as long as necessary for the respective purposes or as required by legal retention obligations:

Data Type Retention Period
Contact enquiries 2 years
Project data 10 years
Invoice data 10 years
Newsletter Until revocation
Log data 90 days

14 Your Rights (DSG Art. 25-29)

Under the new Swiss Data Protection Act, you have the following rights:

Right of Access (Art. 25)

Free information about your stored data within 30 days.

Data Portability (Art. 28)

Release of your data in a common electronic format.

Right to Rectification

Correction of inaccurate data upon your request.

Right to Erasure

Deletion of your data, provided there is no retention obligation.

Right to Object

Object to processing at any time.

Withdrawal of Consent

Revocable at any time without giving reasons.

How to Exercise Your Rights

Contact us by email at [email protected] with proof of your identity. We will respond within 30 days.

15 Right to Complain

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with the competent supervisory authority:

Federal Data Protection and Information Commissioner (FDPIC)

Feldeggweg 1

3003 Bern

Switzerland

Tel: +41 58 462 43 95
www.edoeb.admin.ch

We recommend that you contact us first with any concerns so that we can address your issue directly.

16 Changes to This Privacy Policy

We reserve the right to amend this privacy policy at any time. In the event of material changes, we will inform you by email or on our website.

The current version is always available on this page. The date of the last update can be found in the header of this page.

If you have any questions about data protection, please feel free to contact us.

Contact Legal Notice