Polityka prywatności

DPP Automate ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website or use our Digital Product Passport services.

We operate in compliance with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP/DSG).

The data controller responsible for your personal data is:

Nico Jaroszewski (DPP Automate)
Schlosstalstrasse 202
8408 Winterthur
Switzerland
Email: info@dppautomate.com

For any questions regarding data protection or to exercise your rights, please contact us at info@dppautomate.com.

We collect the following types of personal data:

3.1 Contact Form Submissions

• Name
• Email address
• Company name (optional)
• Message content
• Submission timestamp

3.2 Quote Request Forms

• Name
• Email address
• Company name
• Service interest
• Location (optional)
• Project details
• Submission timestamp

3.3 Newsletter Subscriptions

• Email address
• Language preference
• Subscription timestamp

3.4 Technical Data (Anonymized)

• Browser type and version
• Operating system
• Referrer URL
• Pages visited
• Time spent on pages
• Device type

3.5 Cookies

• Language preference cookie ("locale")
• Cookie consent preference ("cookie-consent")
• Session cookies for website functionality

We do NOT collect sensitive personal data, credit card information, or precise geolocation data.

We process your personal data based on the following legal grounds:

4.1 Consent (GDPR Art. 6(1)(a))

• Newsletter subscriptions
• Cookie consent for analytics

4.2 Contract Performance (GDPR Art. 6(1)(b))

• Processing quote requests and service inquiries
• Providing requested information about our services

4.3 Legitimate Interest (GDPR Art. 6(1)(f))

• Website analytics to improve user experience
• Security and fraud prevention
• Communication regarding your inquiries

You have the right to object to processing based on legitimate interest at any time.

We use your personal data for the following purposes:

• Responding to Inquiries: To answer your questions and provide information about our services
• Quote Processing: To prepare and send quotes for DPP compliance services
• Service Delivery: To provide Digital Product Passport implementation services
• Newsletter: To send industry updates and regulatory news (with your consent)
• Website Improvement: To analyze usage patterns and improve user experience
• Legal Compliance: To comply with legal obligations and regulatory requirements
• Security: To protect against fraud and unauthorized access

We do NOT use your data for automated decision-making or profiling.

We share your data only with trusted service providers who assist in operating our website and services:

6.1 Convex (Database Hosting)

• Purpose: Secure storage of contact forms and quote requests
• Location: United States (EU-US Data Privacy Framework compliant)
• Website: convex.dev

6.2 Vercel (Website Hosting)

• Purpose: Website hosting and content delivery
• Location: Global CDN with data centers in EU and Switzerland
• Website: vercel.com

6.3 Analytics Services (If Enabled)

• Anonymized analytics data only
• IP addresses are anonymized
• No personal identifiers are shared

We do NOT sell, rent, or trade your personal data to third parties for marketing purposes.

All third-party processors are contractually bound to GDPR compliance and data protection standards.

We retain your personal data for the following periods:

• Contact Form Submissions: 3 years from submission date
• Quote Requests: 3 years from last communication
• Newsletter Subscriptions: Until you unsubscribe
• Website Analytics: 26 months (anonymized)
• Legal Documents: As required by Swiss/EU law

After the retention period expires, we securely delete or anonymize your data.

You can request earlier deletion at any time by contacting info@dppautomate.com.

You have the following rights regarding your personal data:

8.1 Right of Access (Art. 15)
Request a copy of all personal data we hold about you.

8.2 Right to Rectification (Art. 16)
Correct inaccurate or incomplete personal data.

8.3 Right to Erasure (Art. 17) - "Right to be Forgotten"
Request deletion of your personal data (subject to legal obligations).

8.4 Right to Restriction (Art. 18)
Request limitation of processing in certain circumstances.

8.5 Right to Data Portability (Art. 20)
Receive your data in a structured, machine-readable format.

8.6 Right to Object (Art. 21)
Object to processing based on legitimate interest or for direct marketing.

8.7 Right to Withdraw Consent (Art. 7(3))
Withdraw consent at any time without affecting prior processing.

To Exercise Your Rights:
Email us at info@dppautomate.com with your request. We will respond within 30 days.

We use cookies to enhance your browsing experience. For detailed information about cookies, please see our Cookie Policy.

Essential Cookies (Always Active):

• Language preference ("locale")
• Cookie consent status ("cookie-consent")
• Session management

Analytics Cookies (Optional):

• Anonymized usage statistics
• Page performance metrics

You can manage cookie preferences through our cookie consent banner or your browser settings.

Withdrawal of cookie consent does not affect essential cookies required for website functionality.

We implement industry-standard security measures to protect your data:

• Encryption: All data transmissions use TLS/SSL encryption
• Access Controls: Restricted access to personal data on a need-to-know basis
• Secure Hosting: Data stored with SOC 2 compliant service providers
• Regular Audits: Security assessments and vulnerability testing
• Data Minimization: We collect only necessary information
• Pseudonymization: Where possible, we use pseudonymized data

While we take all reasonable precautions, no internet transmission is 100% secure. We cannot guarantee absolute security.

Your data may be transferred to and processed in countries outside Switzerland and the European Economic Area (EEA), specifically:

• United States: Our database provider (Convex) is located in the US and participates in the EU-US Data Privacy Framework.

All international transfers are protected by:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequate safeguards as required by GDPR Art. 46
• Compliance with Swiss data protection law

For more information about data transfer mechanisms, contact info@dppautomate.com.

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children.

If you believe we have inadvertently collected data from a child, please contact us immediately at info@dppautomate.com, and we will delete it promptly.

We may update this Privacy Policy to reflect changes in our practices or legal requirements.

• Material Changes: We will notify you via email or website notice
• Last Updated Date: Always displayed at the top of this policy
• Version History: Available upon request

Continued use of our website after changes constitutes acceptance of the updated policy.

Data Protection Contact:
Nico Jaroszewski
DPP Automate
Schlosstalstrasse 202
8408 Winterthur, Switzerland
Email: info@dppautomate.com

Right to Lodge a Complaint:
If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

• Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
  Website: edoeb.admin.ch

• EU/EEA: Your local supervisory authority
  Find your authority: edpb.europa.eu

We encourage you to contact us first, and we will do our best to resolve any concerns.

15.1 Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects.

15.2 Data Breach Notification
In case of a data breach affecting your rights, we will notify you and relevant authorities within 72 hours as required by GDPR Art. 33-34.

15.3 Privacy by Design
We implement privacy-by-design principles in all our systems and processes.

15.4 Data Protection Officer
As a small business, we are not required to appoint a Data Protection Officer (DPO). The data controller (Nico Jaroszewski) handles all data protection matters.

15.5 Language
This Privacy Policy is available in English, German, French, Italian, and Spanish. In case of discrepancies, the English version prevails.