Privacy Policy
Protection of your personal data
Introduction
Marion Achermann is committed to protecting your privacy. This privacy policy explains how personal data is collected, used and protected, in accordance with the revised Swiss Federal Act on Data Protection (FADP, in force since September 2023) and, for visitors residing in the European Union, the General Data Protection Regulation (GDPR).
Data controller
The data controller is Marion Achermann, private individual, residing at Rue du Peuchapatte 27, 2345 Les Breuleux, canton of Jura, Switzerland. No Data Protection Officer (DPO) has been appointed, as this requirement does not apply to activities of this size.
Data collected
Data provided via the contact form
When using the contact form, the following information is collected: name, email address, phone number (optional), free-text message and consent confirmation (mandatory checkbox).
Technical data
IP address and browser user-agent are automatically recorded in Cloudflare and Digital Ocean access logs, and by the Cloudflare Turnstile anti-spam system. This data is used for abuse prevention and service security.
Purposes and legal basis
Data is processed for the following purposes:
- Responding to contact and booking requests (consent, GDPR art. 6.1.a, and pre-contractual measures, GDPR art. 6.1.b).
- Spam and abuse prevention via Cloudflare Turnstile (legitimate interest, GDPR art. 6.1.f).
- Display of the interactive Google Maps map on the contact page (implicit consent through interaction with the map).
- Retention of server logs for technical security purposes (legitimate interest).
Processors and recipients
The following service providers are involved in data processing:
| Provider | Role | Location | Compliance mechanism |
|---|---|---|---|
| Digital Ocean LLC | Application hosting | USA | Standard Contractual Clauses (SCC) + EU-US Data Privacy Framework |
| Cloudflare Inc. | DNS, CDN, anti-spam protection (Turnstile) | USA / global | Standard Contractual Clauses (SCC) + EU-US Data Privacy Framework |
| Resend Inc. | Transactional emails (contact form) | USA | Standard Contractual Clauses (SCC) + EU-US Data Privacy Framework |
| Neon Inc. | PostgreSQL database | Frankfurt, EU | Processing within the EU, GDPR compliant |
| Cloudflare R2 | Media storage (photos) | USA / global | Standard Contractual Clauses (SCC) + EU-US Data Privacy Framework |
| Infomaniak Network SA | Mailbox [email protected] | Switzerland | Processing in Switzerland, FADP compliant |
| Google LLC (Google Maps) | Interactive map on the contact page | USA | Standard Contractual Clauses (SCC) + EU-US Data Privacy Framework |
International transfers
Several service providers are based in the United States. These transfers are governed by the Standard Contractual Clauses (SCC) of the European Commission and, where applicable, the EU-US Data Privacy Framework. Switzerland-to-EU transfers are covered by the mutual adequacy decision between Switzerland and the EU.
Data retention
- Messages received via the contact form: 24 months after the last exchange, then archived or deleted.
- Server logs (IP, user-agent): approximately 30 days at Digital Ocean and Cloudflare.
- Language cookie (NEXT_LOCALE): maximum 1 year (see cookie policy).
- Payload CMS administrator account: retained as long as the account is active.
Security
The website uses HTTPS across all pages, server-side data validation and sanitisation, a rate limiting system, Cloudflare Turnstile anti-spam protection, password encryption and encryption of the database at rest.
Your rights
In accordance with the revised FADP (art. 25) and the GDPR, you have the following rights:
- Right of access to your personal data (GDPR art. 15 / FADP art. 25).
- Right to rectification of inaccurate data (GDPR art. 16).
- Right to erasure (right to be forgotten, GDPR art. 17).
- Right to restriction of processing (GDPR art. 18).
- Right to data portability (GDPR art. 20).
- Right to object to processing (GDPR art. 21).
- Right to withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
To lodge a complaint with a supervisory authority:
- Federal Data Protection and Information Commissioner (FDPIC): edoeb.admin.ch (Switzerland). edoeb.admin.ch
- For EU residents: the competent national data protection authority of your country of residence.
Cookies
For more information on the cookies used by this website, please consult the cookie policy.
Contact
For any questions regarding this policy or to exercise your rights, please contact:
Email : [email protected]
Phone : +41 79 357 72 50
Postal address : Rue du Peuchapatte 27, 2345 Les Breuleux, canton du Jura, Suisse
Changes
This privacy policy may be updated to reflect legal, technical or operational changes. The date of the last update is shown at the bottom of this page.