Privacy Policy

This Privacy Policy explains how Fognini Tech ("we", "us", "Controller") collects, processes, and protects personal data (Personendaten) when you visit our website (fognini.tech), use our assessment tools, or interact with our services.

It applies to website use and pre-contractual contact. For personal data processed in the course of a service engagement, the provisions of Section 8 of our General Terms and Conditions and any data processing agreement apply in addition.

The controller (Verantwortlicher, Art. 5(j) FADP) for the data processing described in this policy is:

Fognini Tech – Roberto Fognini Sole Proprietorship Kreuzlingen, Canton of Thurgau, Switzerland Email: info@fognini.tech Commercial Register No.: CH-440.1.042.666-7 UID: CHE-229.320.610

We collect and process the following categories of personal data (Art. 19(2) FADP):

Contact Data: Name, email address, company name, job title, and other details you provide when submitting contact forms or booking meetings.

Assessment Data: When you complete our assessments ("AI Readiness", "SDLC Maturity"): company information (name, industry, size), your responses to assessment questions, contact details (name, email, role), calculated scores and maturity levels.

Newsletter Data: Email address and preferences when you subscribe to our newsletter.

Usage Data: IP address (anonymised after collection), browser type, device information, pages visited, and analytics data collected through cookies and similar technologies.

We do not collect sensitive personal data (besonders schützenswerte Personendaten, Art. 5(c) FADP) through the website.

4.1 Principles Under Swiss Law (FADP)

We process personal data lawfully, in good faith, and proportionately (Art. 6(1) and (2) FADP). Personal data is collected only for specified, discernible purposes and processed only in a manner compatible with those purposes (Art. 6(3) FADP). It is destroyed or anonymised as soon as it is no longer required for the purpose of processing (Art. 6(4) FADP).

Under the FADP, the processing of personal data by private persons is generally permissible provided the processing principles are observed and no unlawful infringement of personality occurs (Art. 30(2) FADP). An infringement of personality may be justified by consent, an overriding private or public interest, or a statutory basis (Art. 31 FADP).

4.2 Purposes and GDPR Legal Bases

Where the GDPR applies to the processing (in particular when offering services to persons in the EEA), the following legal bases under Art. 6(1) GDPR apply:

Where we rely on legitimate interest / overriding interest: our interest lies in improving and securing our services. This interest outweighs the interests of data subjects because the processing is limited to anonymised or pseudonymised data and data subjects may object at any time.

Your assessment data is treated with the highest level of confidentiality:

No Selling: We never sell assessment data or personal data to third parties.

No Sharing: Your individual responses are not shared with other organisations or used beyond providing your results.

Aggregate Analytics: We may use anonymised, aggregate data to improve our assessment tools and understand industry trends. Such data cannot be traced back to you and does not constitute personal data within the meaning of Art. 5(a) FADP.

Secure Storage: Assessment data is stored in encrypted databases with access controls (Art. 8 FADP).

Our newsletter uses a double opt-in process. After subscribing, you will receive a confirmation email to verify your address. Consent may be withdrawn at any time (Art. 7(3) GDPR). Upon withdrawal, the justification for processing ceases (Art. 31(1) FADP) and processing is discontinued. You may withdraw by clicking the unsubscribe link in any newsletter email or by emailing info@fognini.tech.

Our website uses cookies. On your first visit, you will see a consent banner where you can accept or customise your preferences.

Essential Cookies: Required for basic website functionality. No consent required.

Analytics Cookies: Help us understand how visitors use our site. Only with your consent.

Preference Cookies: Remember your settings and choices. Only with your consent.

You may withdraw your cookie consent at any time through our cookie settings or your browser preferences.

We use analytics tools to understand how visitors interact with our website. Analytics data is collected with IP anonymisation enabled, so that no complete IP addresses are stored. You may opt out of analytics tracking using browser privacy settings or opt-out tools.

We do not sell your personal data.

We share personal data only in the following cases:

Data Processors (Auftragsbearbeiter, Art. 9 FADP; Art. 28 GDPR): Service providers that process personal data on our behalf (e.g. hosting, email delivery, analytics tools). They are bound by data processing agreements and may process personal data only in accordance with our instructions and only in a manner in which we ourselves would be permitted to process it (Art. 9(1)(a) FADP).

Legal Obligations: Authorities, where we are legally required to disclose data.

Personal data may be disclosed to recipients in the following countries, where our service providers operate data centres (Art. 19(4) FADP):

Countries with Federal Council adequacy decision (Art. 16(1) FADP): EEA states (based on the Federal Council's adequacy decision).

USA and other countries without adequacy decision: Where personal data is disclosed to countries for which no adequacy decision exists, we ensure appropriate safeguards within the meaning of Art. 16(2) FADP, in particular through standard data protection clauses (Art. 16(2)(d) FADP) or binding corporate data protection rules. For processing subject to the GDPR, the requirements of Art. 44–49 GDPR apply.

The specific service providers and their locations may be requested from us.

We retain personal data only for as long as necessary to fulfil the stated purposes (Art. 6(4) FADP):

Assessment Data: 24 months, to allow you to access your results and for us to provide follow-up support.

Contact Data: For the duration of the business relationship plus statutory retention periods (Art. 958f CO: 10 years for business-relevant correspondence).

Newsletter Data: Until consent is withdrawn (unsubscription).

Analytics Data: Up to 26 months in anonymised form. Anonymised data is not personal data and is not subject to the FADP.

After the retention period expires, personal data is deleted or anonymised.

We ensure appropriate data security through suitable technical and organisational measures (Art. 8 FADP; Art. 32 GDPR):

• Encryption in transit (TLS/SSL) and at rest
• Access-controlled hosting infrastructure
• Regular security assessments and updates
• Confidentiality obligations for all persons entrusted with processing
• Procedures for detecting and reporting data security breaches (Art. 24 FADP)

Our services are intended for business professionals and are not directed at minors. We do not knowingly collect personal data from persons under 16 years of age. If you believe a minor has provided us with personal data, please contact us immediately.

14.1 Rights Under Swiss Law (FADP)

You have the following rights under the Swiss Federal Act on Data Protection:

Right of Access (Art. 25 FADP): You may request information on whether and which personal data we process about you. Access is provided free of charge (Art. 25(6) FADP) and generally within 30 days (Art. 25(7) FADP).

Right to Data Portability (Art. 28 FADP): You may request that we provide your personal data in a common electronic format or transmit it to a third party designated by you.

Right to Rectification, Deletion, and Processing Ban (Art. 28 ZGB): You may bring civil proceedings to request the rectification of inaccurate personal data, the deletion or destruction of personal data, or a ban on specific processing activities.

14.2 Additional Rights Under GDPR

Where the GDPR applies to the processing, you additionally have the following rights:

Right to Restriction of Processing (Art. 18 GDPR): Restriction of processing under certain conditions.

Right to Object (Art. 21 GDPR): Objection to processing based on legitimate interests.

Right to Withdraw Consent (Art. 7(3) GDPR): At any time, without affecting the lawfulness of processing based on consent prior to withdrawal.

14.3 Exercising Your Rights

To exercise your rights, contact us at: info@fognini.tech

We respond to your request generally within 30 days (Art. 25(7) FADP) or without undue delay, at the latest within one month (Art. 12(3) GDPR).

If you believe your data protection rights have been violated, you may lodge a complaint with:

In Switzerland: Federal Data Protection and Information Commissioner (FDPIC / EDÖB) Feldeggweg 1, 3003 Bern www.edoeb.admin.ch

In the EU/EEA: The data protection supervisory authority in your country of residence.

Our assessment tools use algorithmic scoring to calculate maturity levels and generate recommendations. This does not constitute automated individual decision-making with legal effects (Art. 21 FADP; Art. 22 GDPR), because the results are informational and advisory only, no legal or similarly significant decisions are made automatically, and you retain full control over how you use the insights provided.

Some content on our website may be created or enhanced using artificial intelligence. AI-generated content is reviewed by our team before publication. We recommend verifying important information independently. We accept no liability beyond the general duty of care for decisions based on website content, in particular not for inherent characteristics of AI systems beyond our control, provided we exercised professional care in creation and review.

We may update this Privacy Policy to reflect changes in our practices, technologies, legal requirements, or business operations. Material changes will be communicated through a prominent notice on our website.

For questions about this Privacy Policy or how we process your personal data:

Fognini Tech – Roberto Fognini info@fognini.tech Contact Us