Privacy Policy
How we handle and protect your personal information in compliance with GDPR and Swiss data protection laws
At Grifo Development, we are committed to protecting your privacy and personal data in accordance with the EU General Data Protection Regulation (GDPR) and Swiss Federal Act on Data Protection (FADP). This policy explains how we collect, use, store, and protect your personal information when you use our website and services.
Data Controller
Grifo Development, Luca Grifo, based in Switzerland, is the data controller responsible for your personal data. For data protection inquiries, please use the contact button below on this page.
Information We Collect
We collect the following types of personal data: Contact Information (name, email address, phone number, company name) when you contact us or use our services. Technical Data collected automatically through Google Firebase Analytics (IP address, browser type, device information, pages visited, time spent on site). Communication Data (messages, support requests, service inquiries). Service Data (information about services requested, project details, technical requirements). We only collect data that is necessary for providing our services and improving your experience.
Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR Article 6: Consent (Article 6(1)(a)) - for marketing communications and non-essential cookies. Contract Performance (Article 6(1)(b)) - to provide our IT services and fulfill contractual obligations. Legitimate Interest (Article 6(1)(f)) - for website analytics, security, and business development. Legal Obligation (Article 6(1)(c)) - for tax records and legal compliance. You have the right to withdraw consent at any time where processing is based on consent.
How We Use Your Information
We use your personal data for the following purposes: Service Delivery - to provide IT support, website development, and technical services. Communication - to respond to inquiries, provide customer support, and send service-related updates. Analytics - to understand website usage and improve our services using Google Firebase Analytics. Marketing - to send promotional materials (only with your consent). Legal Compliance - to meet our legal and regulatory obligations. Security - to protect our systems and prevent fraud. We do not sell, rent, or share your personal data with third parties for their marketing purposes.
Google Firebase and Third-Party Services
We use Google Firebase services for website analytics and functionality, which may involve data processing by Google LLC in the United States. Firebase services we use include: Google Analytics for website usage statistics, Firebase Hosting for website delivery, Firebase Functions for backend processing. Data transferred to Google is protected by Google's Privacy Shield certification and Standard Contractual Clauses. You can opt-out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on. For more information, see Google's Privacy Policy at https://policies.google.com/privacy
Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your browsing experience. Types of cookies we use: Essential Cookies - necessary for website functionality (no consent required). Analytics Cookies - Google Analytics to understand website usage (consent required). Preference Cookies - to remember your settings and preferences. You can manage cookie preferences through our cookie banner or your browser settings. Disabling certain cookies may affect website functionality. We do not use cookies for advertising or tracking across other websites.
Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy: Contact inquiries - 3 years from last contact. Service contracts - 10 years for tax and legal compliance. Analytics data - 26 months (Google Analytics default). Marketing data - until you unsubscribe or withdraw consent. Technical logs - 12 months for security purposes. After the retention period, data is securely deleted or anonymized. You can request earlier deletion of your data at any time.
International Data Transfers
Your data may be transferred to and processed in countries outside Switzerland and the EU, particularly the United States through Google Firebase services. We ensure adequate protection through: Google's Privacy Shield certification and Standard Contractual Clauses. Swiss-US Privacy Framework compliance. Adequacy decisions by the European Commission where applicable. Your data is always protected by appropriate safeguards regardless of location.
Your Data Protection Rights
Under GDPR and Swiss FADP, you have the following rights: Right of Access - request copies of your personal data. Right to Rectification - correct inaccurate or incomplete data. Right to Erasure - request deletion of your data ('right to be forgotten'). Right to Restrict Processing - limit how we use your data. Right to Data Portability - receive your data in a structured format. Right to Object - object to processing based on legitimate interests. Right to Withdraw Consent - for consent-based processing. Right to Lodge a Complaint - with supervisory authorities. To exercise these rights, please use the contact button below on this page. We will respond within 30 days.
Data Security
We implement comprehensive technical and organizational measures to protect your personal data: Technical Measures - encryption in transit and at rest, secure hosting infrastructure, regular security updates, access controls and authentication. Organizational Measures - staff training on data protection, data processing agreements with suppliers, regular security assessments, incident response procedures. Despite our security measures, no system is 100% secure. We will notify you and relevant authorities of any data breaches as required by law.
Children's Privacy
Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. We will take steps to remove such information and terminate any accounts created by children under 16.
Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by: Posting the updated policy on our website with a new 'Last Updated' date. Sending email notifications for significant changes (if you have provided your email). Obtaining fresh consent where required by law. We encourage you to review this policy periodically to stay informed about how we protect your data.
Contact Us
If you have any questions about this privacy policy or our data practices, please use the contact button below to get in touch with us. For complaints about data processing, you can also contact the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local supervisory authority.
Last updated: May 2025