Privacy Notice

Savify AG, Landhausstrasse 1, 9053 Teufen (AR), Schweiz. E-Mail: [email protected], Telefon: +41 71 490 00 00. Authorized representative: Jörg Weidenfeld. This information is provided in accordance with the transparency obligations of the GDPR and supplementarily under Swiss law.

These privacy notices apply to the website savify.io and its subpages. For terminal device access (e.g., cookies) in relation to users in Germany, the provisions of § 25 TDDDG apply. For the processing of personal data, the provisions of the GDPR apply (in particular Art. 6, 12–14, 15–22, 32, 44–49).

1.1 Data categories: IP address, date/time, accessed URL/file, referrer URL, user agent, status codes. 1.2 Purposes: Technical provision, stability, IT security, abuse prevention. 1.3 Legal basis: Legitimate interest (Art. 6(1)(f) GDPR: secure, stable operation of the website).

2.1 Principle: The storage of information in the terminal device or access to already stored information is only permitted if the user has consented on the basis of clear and comprehensive information; exceptions exist only for the transmission of a message or for technologies that are strictly necessary (§ 25(1), (2) TDDDG). 2.2 Subsequent processing of personal data is generally based on Art. 6(1)(a) GDPR (consent); for purely necessary operations, Art. 6(1)(b)/(f) GDPR may apply. 2.3 Consents must comply with GDPR requirements (voluntary, informed, specific, unambiguous; revocation at any time).

3.1 Purpose: Obtaining, managing, and documenting consents; storing consent decisions (consent cookie). 3.2 Legal bases: § 25(2) TDDDG (necessary terminal device information for the requested service), Art. 6(1)(c) GDPR (accountability/compliance) or Art. 6(1)(f) GDPR (legitimate interest in legally secure consent management).

4.1 Data categories: Usage data (e.g., page views, interactions, possibly truncated IP), device/browser information. 4.2 Purpose: Website optimization, reach measurement. 4.3 Legal bases: § 25(1) TDDDG (consent for terminal device access) and Art. 6(1)(a) GDPR (consent); revocation at any time in the consent tool.

5.1 Purpose: Interest-based advertising, campaign success measurement. 5.2 Legal bases: § 25(1) TDDDG and Art. 6(1)(a) GDPR (consent). Consent must be obtained before use; no pre-settings; declining equivalent to accepting.

6.1 Data categories: Contact data (e.g., name, email, phone), communication content, metadata. 6.2 Purpose: Processing inquiries; possibly pre-contractual communication. 6.3 Legal bases: Art. 6(1)(b) GDPR (pre-contractual/contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in efficient communication).

7.1 Procedure: Registration via double opt-in procedure; logging of consent. 7.2 Legal bases: Art. 6(1)(a) GDPR (consent); for any terminal device access (e.g., open/click tracking), additionally § 25(1) TDDDG (opt-in).

8.1 Purpose: Application management. 8.2 Legal bases: Generally Art. 6(1)(b) GDPR; special categories only in accordance with Art. 9(2) GDPR (specific legal bases/protective measures).

Hosting/CDN providers, consent management providers, analytics services, communication service providers, IT support, and comparable processors are used. Processing takes place exclusively on documented instructions and on the basis of appropriate contracts (Art. 28 GDPR); appropriate technical and organizational measures are agreed.

If transfers to third countries (e.g., USA) occur, the requirements of the GDPR are met (adequacy decision, standard contractual clauses, binding corporate rules, etc.). Where applicable, consent is obtained; we inform transparently about risks.

Personal data is only stored for as long as necessary for the purposes or as long as statutory retention obligations exist; afterwards, we delete or anonymize the data. Criteria for determining storage duration include purpose limitation, legal obligations, and limitation periods.

Without certain information (e.g., mandatory fields in the contact form), individual functions cannot be used; mandatory and optional information are marked.

If automated decision-making including profiling occurs, we inform separately about the logic, scope, and intended effects; the requirements of Art. 22 GDPR apply.

Data subjects have rights to access, rectification, erasure, restriction of processing, data portability, objection, and revocation of consents with effect for the future. There is also a right to lodge a complaint with a data protection supervisory authority.

You may object at any time to processing based on Art. 6(1)(e) or (f) GDPR for reasons relating to your particular situation; in the case of direct marketing, there is an unrestricted right to object at any time.

We take appropriate technical and organizational measures to secure processing in order to ensure a level of protection appropriate to the risk (Art. 32 GDPR), e.g., encryption, access restrictions, logging, hardening, and monitoring.

Our consent banner allows granular selection, informs about purposes, providers, storage durations, legal bases, and any third-country references; consents can be revoked at any time with effect for the future. "Accept" and "Decline" buttons are designed equivalently.

If an appointment is made pursuant to Art. 37 GDPR (and possibly national law), the name and contact details will be published here. For Savify AG as a Swiss controller with market presence in the EU, the appointment obligation is primarily based on Art. 37 GDPR and not on German threshold regulations; if appointed, this section will be updated.

We update this notice as needed; the current version is available on this page. We inform transparently about material changes.