Datenschutz

Last updated: 24 March 2026

The protection of your personal data is of paramount importance to us. We place great emphasis on transparency and accountability regarding the collection, processing and use of your personal data. With this privacy policy, we aim to provide you with comprehensive information on what data we process, to what extent, for what reasons, to whom your data may be disclosed, and what rights you have as a data subject under the Federal Act on Data Protection.

Table of Contents

1. Data controller and contact details

2. Scope of the privacy policy

3. Legal basis for data processing

4. Categories and sources of the personal data processed

5. Purposes of data processing

6. Services and technologies used

7. Data recipients and categories of recipients

8. Transfer to third countries

9. Retention period and erasure

10. Rights of data subjects

11. Information on legal obligations to provide data

12. Data security

13. Amendments to the privacy policy

1. Data controller and contact details

The data controller responsible for the collection, processing and use of your personal data within the meaning of the Federal Act on Data Protection is:

Walter Feldmann

Riedhofstrasse 57

8049 Zurich

Data Protection Officer:

Walter Feldmann

walterfeldmann@sunrise.ch

2. Scope of the Privacy Policy

This Privacy Policy applies to all information and data collected, processed or used in connection with your use of our website www.walterfeldmann.com and all associated online services. It applies equally to all technologies and procedures we use to provide our services to you.

3. Legal basis for data processing

In principle, any processing of personal data takes place only if one of the following legal bases in accordance with the nDSG and any other applicable provisions is met:

Consent: Where you have given your explicit consent (e.g. newsletter subscription or cookie settings), the processing is based on this consent.
Performance of a contract or pre-contractual measures: Your data is processed in order to conclude or perform a contract with you (e.g. registration, order processing, provision of services).
Legal obligations: Where we are legally obliged to process or retain certain data (e.g. accounting and tax records), the processing is based on this obligation.
Overriding legitimate interests: In selected cases, we process your data to safeguard our legitimate interests (e.g. IT security, prevention of misuse, further development of our services), provided that no overriding legitimate interests on your part stand in the way.

4. Categories and sources of the personal data processed

As part of your interactions with us, we collect various types of personal data, in particular:

Personal master data: Name, email address, postal address, telephone number, date of birth, etc., when you provide this to us, for example via a contact form, a registration process or a purchase process.
Usage data: IP address, browser type, operating system, device type, etc. This data is collected automatically when you visit our websites.
Communication data: Content that you send to us via email, contact form or chat (e.g. support enquiries, feedback).
Location data: Roughly stored location data (country, region), insofar as we collect it technically (e.g. via the IP address) or you deliberately provide it to us.
Special categories of personal data: If you voluntarily provide us with special categories of data (Art. 5(c) nDSG) – e.g. health data, biometric or genetic data – we treat this information as strictly confidential and process it only where explicit consent has been given or where there is a legal basis for doing so.

Source of the data:

Direct collection from you: We receive most data directly from you (e.g. as part of your registration, order or when you contact us).
Automatic collection: For technical reasons, we automatically collect certain usage data when you visit our website (see above).
Third-party sources: If you provide us with data via external services (e.g. during payment transactions via a bank or when using external authentication services) or if we obtain it from publicly accessible directories, we will indicate this source accordingly and process only what is necessary for the respective purpose.

If we do not collect data directly from you, it may originate from the following sources:

Public registers: Commercial registers, Swiss company directories, professional associations.
External service providers: Address brokers, environmental portals, social media profiles (e.g. LinkedIn), if you have deliberately made this data publicly available.
Cooperation partners: Partner companies that transmit data to us in connection with joint products or services, provided that you have already given your consent there or another legal basis exists.

5. Purposes of data processing

We process your personal data for the following purposes:

Provision and operation of the website and online services

Displaying content, responding to enquiries, navigation on the website. Ensuring the availability and functionality of our IT systems.

Customer management and support

Supplementing, updating and maintaining contact details in our system. Processing your support or service enquiries.

Processing contracts, orders, payments, and the delivery of goods or services.

Marketing and communication

Sending newsletters, offers and promotional emails (only with prior consent).

Information about new products, promotions and events. Statistical analysis and performance monitoring of marketing campaigns, provided you have expressly consented to this.

Analysis of user behaviour and web analytics

Collection of anonymised usage statistics to continuously improve our online offering and make it more user-friendly.

Technical monitoring and logging of access to detect and prevent misuse or attacks.

IT security and system administration

Protection of our IT infrastructure and the data we process against unauthorised access, loss, destruction or manipulation.

Carrying out backups, updates and security checks.

Fulfilment of legal obligations

Retention of business-related documents (e.g. invoices, contractual documents) in accordance with commercial and tax law regulations.
Reports to authorities (e.g. tax authorities, law enforcement agencies) – where required by law.

6. Services and technologies used

6.1 Server log files

We maintain server log files on our website in which technical connection data is automatically logged when our pages are accessed.

Data collected

The following information is stored as part of the log file recording:

IP address of your device
Date and time of the request
URL accessed and referrer (previous page)
Browser type, operating system and device data (user agent)
Access status or HTTP status code
Amount of data transferred

Purpose of processing

We use the log file data exclusively to

ensure the operation and availability of our servers,
detect and rectify technical errors (e.g. faulty page requests),
and identify and repel attacks or unauthorised access attempts.

Legal basis

The collection of this technical data is necessary for the secure and trouble-free operation of our website. We rely on our overriding legitimate interest in a functional IT infrastructure.

Opt-out option

Opting out is not possible here, as log file collection is technically necessary to provide and protect our services.

6.2 Cookies

We use cookies and similar technologies on our website to enable its operation and provide certain functions.

Data collected

Depending on the cookie category, the following data is collected and stored:

Session cookies: Temporary identifiers that identify end devices during a browser session.
Persistent cookies: Long-term identifiers to recognise repeat visits.
Functional cookies: Settings such as language selection or layout preferences.
Security cookies: Tokens or hash values to secure login sessions.

Purpose of processing

Technically necessary cookies:

Essential for the operation of shopping baskets, login sessions and load balancing.

Functional cookies: Store your preferences to improve the user experience.
Security cookies: Protect against manipulation and CSRF attacks.

Legal basis

We rely on our overriding legitimate interest in a functional IT infrastructure for cookies that are necessary for the operation of the website. Functional and security cookies also fall under this category.

Data recipients and transfers to third countries

Information collected via cookies may — depending on the service used — be passed on to internal departments as well as to external service providers. For details on recipients and possible transfers abroad, please refer to Section 7 “Data Recipients and Categories of Recipients” and Section 8 “Transfers to Third Countries” of this Privacy Policy.

Opt-out option

You can prevent or restrict the setting of cookies via your browser settings. Please note that some functions of the website will then no longer be fully usable.

7. Data Recipients and Categories of Recipients

Your personal data will generally only be disclosed to the extent necessary to achieve the purposes set out in Section 5, or where you have expressly consented to such disclosure. Potential recipients include:

Internal departments: Our staff in the IT, marketing, customer service, accounting and management departments – in each case only to the extent that they require the data to perform their duties.
External service providers: We use specialist companies or freelancers who assist us in delivering our services, e.g.:
- Hosting and server providers: Website operation, databases
- Email and newsletter service providers
- Payment service providers and banks:
- Credit card processing, payment verification
- IT support, system administration, developers
- External tax advisors, auditors, solicitors (where necessary)
- Logistics and shipping service providers
- (for physical goods deliveries)
- Tracking, conversion and advertising service providers

Public authorities: Where we are legally obliged to disclose certain data to authorities (e.g. in the event of tax audits or criminal proceedings), we will only disclose the minimum necessary.

Other recipients: In exceptional cases and only with your express consent or on a legal basis (e.g. in the event of a sale or merger of the company), your data may be transferred to third parties. In such cases, we will inform you in a timely and transparent manner of the change in recipients.

8. Transfer to third countries

In the course of order processing, your personal data may be transferred to recipients abroad. Such recipients (e.g. hosting providers, payment gateways or external support service providers) are contractually bound to data protection in the same way as we are.

A transfer to countries where there is no level of data protection equivalent to that under Swiss law is only possible if we have first carried out a risk assessment and agreed on appropriate safeguards. This is achieved in particular through:

Contractual safeguards:

We rely on protection mechanisms recognised by the Federal Data Protection and Information Commissioner (FDPIC), e.g. the EU Commission’s Standard Contractual Clauses or comparable agreements approved by the FDPIC.

Additional technical and organisational measures:

If our risk assessment concludes that a risk to your personal rights still exists, we will implement additional encryption, pseudonymisation or other measures to guarantee an appropriate level of data protection.

9. Retention period and erasure

We retain personal data only for as long as is necessary for the respective processing purpose.

Contractual documents, on the other hand, are subject to statutory retention periods and are therefore retained for a longer period. In particular, we are required to retain business correspondence, concluded contracts and supporting documents for invoices for up to ten years (Art. 958f of the Swiss Code of Obligations, VAT Act). As soon as this data is no longer necessary for the provision of our services, we restrict its use and retain it solely for accounting and tax purposes.

10. Rights of data subjects

As a data subject, you have various rights under the nDSG which you may exercise vis-à-vis the controller. Below you will find an overview of your key rights and the relevant legal basis:

1. Right of access

You may request at any time to know whether we are processing your personal data. Furthermore, you have the right to obtain information about what data this is, for what purpose we collect it, where we obtain it from, to whom we may disclose it and for how long we store it.

2. Right to rectification and completion

Should the personal data we process be incomplete or incorrect, you may request that it be rectified or supplemented. We will correct your data without delay if we conclude that a correction is necessary.

3. Right to erasure and restriction of processing

Erasure:

You may request the erasure of your data if

a) the data is no longer necessary for the purposes for which it was collected,

b) you withdraw your consent and no other legal basis remains,

c) the data has been processed unlawfully, or

d) we are no longer legally obliged to retain it.

In these cases, we will erase your data unless there are compelling legal grounds for further storage (e.g. tax retention obligations).

Restriction:

You may request a restriction on processing if

a) you contest the accuracy of your data and we are verifying its accuracy,

b) the processing is unlawful and you wish to have the processing restricted rather than deleted,

c) we no longer require your data for the original purposes, but you still require it to establish, exercise or defend legal claims, or

d) you have objected to the processing and it has not yet been determined whether your legitimate interests or ours prevail.

In such cases, we will block the relevant data pending clarification and will only use it to defend against legal claims or for other permissible purposes.

4. Right to object

Where we process your data on the basis of a legitimate interest, you may object to such processing at any time. We will then assess whether we have compelling legitimate grounds for continuing the processing; if not, we will cease processing. You may object to processing for marketing purposes (direct marketing) at any time without giving reasons.

5. Right to data portability

You have the right to receive the personal data concerning you, which we process on the basis of your consent or to fulfil a contract, in a structured, commonly used and machine-readable format, or to request that it be transferred to another controller, insofar as this is technically feasible.

6. Right to withdraw consent

If you have previously given us your consent to process certain data (e.g. for cookies, tracking or marketing activities), you may withdraw this consent at any time with future effect without giving any reason. The lawfulness of the processing carried out up to the point of withdrawal remains unaffected.

7. Right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC)

If you believe that your rights under the nDSG have been infringed, you may lodge a complaint with the FDPIC.

Procedure for exercising your rights

To exercise your data subject rights, please contact our data protection office by email:

Email: walterfeldmann@sunrise.ch

We will generally respond to your enquiry within 30 days at the latest. Should your request be complex or should we require an extension of the deadline, we will inform you of this and explain the reasons.

11. Information on legal obligations regarding the provision of data

The provision of certain data is necessary for the performance of a contract or to comply with legal obligations. If you do not provide the required data, we cannot rule out the following consequences:

No registration or conclusion of a contract with us.
Delays in processing your enquiries or orders.
Refusal to provide certain services.

In every form or during the conclusion of a contract, we will specifically indicate which data is mandatory and which may be provided voluntarily.

12. Data security

We store your personal data securely and take all appropriate technical and organisational measures to protect it from loss, unauthorised access, misuse or alteration.

Our employees and all service and contractual partners who have access to your data are contractually bound to maintain confidentiality and comply with the applicable data protection regulations. Where necessary in the context of order processing, we may forward selected enquiries to affiliated or external companies; in such cases, too, your data will be treated as strictly confidential.

When you visit our website, we use the SSL/TLS protocol with the highest encryption level supported by your browser. This ensures that all data you transmit to us is protected from access by third parties during transmission. Please note that, despite all security measures, data transmission over the internet may be subject to security vulnerabilities over which we have no control. You should therefore protect your login details, use up-to-date software and log out after each session to ensure the highest level of security.

13. Changes to the Privacy Policy

We may amend this Privacy Policy at any time. The current version will be published here on our website; the date of the last update can be found at the top of the document.