Privacy Policy

CICS GmbH — Grabenstrasse 15a, 6340 Baar, Switzerland

Last updated: April 2026

Data Controller

CICS GmbH is the controller of personal data processed through this website. For questions regarding data protection, contact our Data Protection Officer at dpo@cics.ch.

Jurisdiction

All data processing occurs under Swiss law. CICS GmbH is subject to the Swiss Federal Act on Data Protection (FADP / nDSG) and aligns with the EU General Data Protection Regulation (GDPR) where applicable to EU/EEA data subjects.

No personal data is transferred outside of Switzerland. No personal data is processed by US-headquartered providers or subject to the CLOUD Act, FISA Section 702, or equivalent foreign access provisions.

What We Collect

Contact Form Submissions

When you submit the contact form, we collect:

  • Name
  • Email address
  • Company name
  • Position, country, and sector (optional)
  • Subject and message content

This data is stored on infrastructure located in Switzerland. We use it to respond to your enquiry and, where relevant, to follow up on potential engagements. We do not add contact form submissions to marketing lists without your explicit consent.

Legal basis: Legitimate interest (responding to your enquiry) under Art. 31 FADP; Art. 6(1)(f) GDPR for EU/EEA data subjects.

Retention: Contact form submissions are retained for 24 months from the date of submission, then deleted. If a submission leads to a business relationship, the data is retained for the duration of the engagement plus 12 months.

Resource Downloads

When you download a whitepaper or other gated resource, we collect:

  • Name
  • Email address
  • Company name
  • Position, country, and sector (optional)

This data is processed to provide you with access to the requested resource and is stored in our subscriber management system (Listmonk), hosted on our own infrastructure in Switzerland.

Legal basis: Consent (you actively submit your data to access the resource) under Art. 31 FADP; Art. 6(1)(a) GDPR.

Retention: Subscriber data is retained until you request removal. You can unsubscribe or request deletion at any time by contacting dpo@cics.ch.

Website Analytics

We use Matomo for website analytics, self-hosted on our own infrastructure in Switzerland.

Matomo is configured in cookieless mode:

  • No cookies are set on your device
  • No persistent identifiers are stored
  • No consent banner is required
  • IP addresses are anonymised before storage
  • No data is shared with third parties

Analytics data is used solely to understand how visitors use this website and to improve our content. It is not used for profiling, advertising, or tracking across websites.

Legal basis: Legitimate interest (website improvement) under Art. 31 FADP; Art. 6(1)(f) GDPR.

Retention: Analytics data is retained for 26 months, then automatically deleted.

Server Logs

Our web server records standard access logs (IP address, timestamp, requested URL, HTTP status code, user agent). These logs are used for security monitoring and troubleshooting.

Retention: Server logs are retained for 90 days, then automatically deleted.

What We Do Not Collect

  • We do not use Google Analytics, Facebook Pixel, LinkedIn Insight Tag, or any third-party tracking service
  • We do not set cookies of any kind
  • We do not use fingerprinting or persistent device identification
  • We do not share personal data with third parties for marketing purposes
  • We do not sell personal data

Data Processing

All personal data is processed on infrastructure operated by CICS GmbH or on the data subject’s own infrastructure where on-premises deployment applies.

Data CategoryStorage LocationProcessor
Contact form submissionsSwitzerland (CICS infrastructure)CICS GmbH
Resource download recordsSwitzerland (CICS infrastructure)CICS GmbH
AnalyticsSwitzerland (CICS infrastructure)CICS GmbH
Server logsSwitzerland (CICS infrastructure)CICS GmbH

No sub-processors are used for personal data processing. No data leaves Switzerland.

Your Rights

Under the FADP and, where applicable, the GDPR, you have the right to:

  • Access your personal data and obtain a copy
  • Rectify inaccurate or incomplete data
  • Erase your data (“right to be forgotten”)
  • Restrict processing of your data
  • Object to processing based on legitimate interest
  • Data portability — receive your data in a structured, machine-readable format
  • Withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal

To exercise any of these rights, contact dpo@cics.ch. We will respond within 30 days.

Right to Erasure

Upon a verified request, we will:

  1. Delete your personal data from all systems within 30 days
  2. Confirm deletion in writing
  3. Ensure data is not recoverable from backups within 90 days

Children

This website is not intended for individuals under the age of 16. We do not knowingly collect personal data from children.

Security

We protect personal data with:

  • Encryption in transit (TLS 1.3, minimum TLS 1.2)
  • Encryption at rest (AES-256)
  • Access controls (role-based, principle of least privilege)
  • Audit logging of all data access
  • Regular security assessments

Changes to This Policy

We may update this policy to reflect changes in our practices or applicable law. Material changes will be indicated by updating the “Last updated” date at the top of this page. We do not notify visitors of policy changes via email unless they have explicitly opted in to such notifications.

Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

Federal Data Protection and Information Commissioner (FDPIC) Feldeggweg 1, 3003 Bern, Switzerland https://www.edoeb.admin.ch

For EU/EEA data subjects, you may also lodge a complaint with your local supervisory authority.

Contact

Data Protection Officer CICS GmbH Grabenstrasse 15a 6340 Baar, Switzerland dpo@cics.ch