Privacy Policy

Effective Date: February 1. 2026

Swiss Cybersecurity Management Center GmbH (SCMC)

Last updated: 19 April 2026

The Swiss Cybersecurity Management Center GmbH (SCMC) (“we”, “our”, or “us”) is committed to protecting your privacy and ensuring transparency regarding the collection, use, and protection of personal data. This Privacy Policy explains how we process personal data when you interact with our website, services, platforms, and communications.

This Privacy Policy is issued in accordance with the Swiss Federal Act on Data Protection (revFADP / revDSG) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Scope & Applicability

This Privacy Policy applies to:

  • Visitors to our website
  • Users registering for accounts
  • Customers and business contacts
  • Individuals communicating with SCMC

It does not replace or override contractual data protection provisions (e.g. Data Processing Agreements) agreed separately with customers.

2. Roles Under Data Protection Law

  • SCMC acts as a data controller for personal data related to website usage, marketing, account management, and administrative purposes.
  • SCMC acts as a data processor when processing personal data on behalf of customers as part of service delivery, subject to a separate Data Processing Agreement (DPA).

3. Information We Collect

a. Personal Data

We may collect the following personal data:

  • Full name
  • Email address
  • Phone number
  • Company or organization name
  • Job title

b. Technical & Usage Data

When you access our website or platform, we may collect technical data such as:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Referring URL and visited pages
  • Session duration and interaction data

This data is used to maintain security, improve functionality, and analyze usage trends.

4. Legal Bases for Processing

Personal data is processed on the following legal bases, where applicable:

  • Consent (e.g. newsletters, marketing communications)
  • Performance of a contract or pre-contractual measures
  • Legitimate interests, including system security, fraud prevention, and service improvement
  • Compliance with legal obligations under Swiss or international law

5. Purposes of Processing

Purpose Legal Basis
Providing, operating, and improving our services Performance of a contract
Responding to inquiries and communications Legitimate interests / Performance of a contract
Managing user accounts and customer relationships Performance of a contract
Sending service-related updates Performance of a contract
Sending marketing communications Consent
Monitoring system security and detecting threats Legitimate interests
Processing payments via secure payment providers Performance of a contract
Meeting legal, regulatory, and compliance obligations Legal obligation

6. Disclosure of Personal Data

We do not sell or rent personal data.

Personal data may be disclosed to trusted third parties acting as processors or service providers, under strict contractual and security safeguards, including:

  • IT infrastructure and hosting providers
  • Security monitoring and analytics providers
  • Payment service providers
  • Authorities where legally required

All recipients are carefully selected and required to comply with applicable data protection laws.

7. Payment Processing

a. Stripe

Payments are processed via Stripe, a payment service provider headquartered in Ireland/USA (Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland).

During payment processing, personal data such as name, billing details, and payment information may be transmitted to Stripe. Stripe complies with applicable data protection and security standards, including PCI DSS.

For transfers to Stripe's US infrastructure, SCMC relies on Standard Contractual Clauses (EU Commission Decision 2021/914) and the Swiss-U.S. Data Privacy Framework, supplemented by Stripe's data processing addendum (available at stripe.com/legal/dpa).

More information:
👉 Stripe Privacy Policy

8. Hosting, Storage & Security (Switzerland)

a. Data Hosting

All personal data and user-submitted content is stored exclusively in Switzerland on infrastructure provided by Amazon Web Services (AWS) located in Swiss data centers.

Data is therefore subject to the requirements of the Swiss revFADP and, where applicable, the GDPR.

b. Technical & Organizational Measures

We implement industry-standard security measures, including:

  • Encryption of data at rest and in transit (e.g. TLS)
  • Access controls based on the need-to-know principle
  • Authentication and authorization mechanisms
  • Regular backups and monitoring
  • Security reviews and audits

AWS complies with recognized international standards such as ISO 27001, SOC 1/2/3, and PCI DSS. Certifications are available via the 👉 AWS Artifact Portal .

9. International Data Transfers

Where personal data is transferred outside Switzerland or the European Economic Area (EEA), we ensure appropriate safeguards, including:

  • Adequacy decisions issued by Swiss or EU authorities
  • Standard Contractual Clauses (SCCs)
  • Supplementary technical and organizational measures where required

10. Data Retention

Personal data is retained only as long as necessary for the stated purposes or as required by law.

Indicative retention periods include:

  • Contract and billing records: 10 years (CO Art. 958f; VAT Act Art. 70)
  • Marketing and newsletter data: until consent is withdrawn
  • Technical logs and security data: typically up to 6 months

11. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Withdraw consent at any time
  • Request deletion of personal data
  • Object to or restrict processing
  • Request data portability
  • Lodge a complaint with a supervisory authority
    (Switzerland: Federal Data Protection and Information Commissioner – FDPIC)

Requests are handled within 30 days, unless extended as permitted by law.

To exercise your rights, contact:
📧 support@scmc.ch

12. Cookies & Tracking Technologies

We use cookies and similar technologies for:

  • Essential functionality
  • Security and fraud prevention
  • Analytics and performance measurement

Where required by law, cookies requiring consent are only used after you have provided consent via our cookie banner. You can manage cookie settings through your browser or cookie preferences.

Third-Party Services Used

Google Tag Manager (GTM)
We use Google Tag Manager provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). GTM is activated only after your explicit consent and serves to centrally manage analytics tags. GTM itself does not collect personal data; however, it may trigger other services listed below.
Privacy Policy: policies.google.com/privacy

Google reCAPTCHA v3
To protect our contact and registration forms against spam and abuse, we use reCAPTCHA v3 by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). reCAPTCHA analyzes user behavior (e.g. mouse movements, click patterns) and transmits this data to Google servers. Its use is based on our legitimate interest in the security and integrity of our services (Art. 6(1)(f) GDPR / revFADP Art. 31(1)). A legitimate interest assessment (LIA) has been conducted and is available upon request. For transfers to Google servers in the USA, Standard Contractual Clauses apply (EU Commission Decision 2021/914).
Privacy Policy: policies.google.com/privacy

13. Children’s Data

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from minors.

14. Data Security Disclaimer

While we apply appropriate technical and organizational measures to protect personal data, no system can guarantee absolute security. Users are encouraged to apply appropriate safeguards when using online services.

15. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time. The latest version will always be published on this page with the updated revision date.

16. Contact Information

Swiss Cybersecurity Management Center (SCMC)
Tiefenhöfe 10
8001 Zürich
Switzerland
📧 Email: info@scmc.ch
🌐 Website: https://www.scmc.ch

Data Controller:
Swiss Cybersecurity Management Center (SCMC), Tiefenhöfe 10, 8001 Zürich, Switzerland

Supervisory Authority (Switzerland):
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1, 3003 Bern, Switzerland
🌐 www.edoeb.admin.ch

This Privacy Policy is available at all times at https://www.scmc.ch/privacy.

Further legal information:
Legal Notice · Data Processing Agreement (DPA) · Terms & Conditions