Privacy Policy

1. Data controller

The data controller is:

Green Web Solutions SNC
5 Via Generoso
6900 Lugano
team@greenwebsolutions.ch
091 2260164

The Data Controller determines the purposes and means of processing personal data.

2. Scope

This data protection notice applies to all processing of personal data carried out in connection with the services offered by the Data Controller, and in particular includes, by way of example and without limitation:

  • the website, all its pages, subdomains and related features, as well as any related digital services or applications;
  • the contact forms on the website or on third-party platforms used by the Data Controller;
  • requests for advice, assistance and IT technical support, both online and in person;
  • the sale of products and services, whether carried out via online channels (e-commerce or digital systems) or through direct negotiations or face-to-face meetings;
  • communications between the user and the Data Controller, regardless of the channel used, including emails, telephone calls, instant messaging, ticketing platforms or other digital tools;
  • any interactions with third-party systems, tools or suppliers used to provide the services.

This also includes all ancillary and instrumental activities necessary for the performance of the requested services, the management of the contractual relationship and compliance with applicable legal or regulatory obligations.

3. Types of data processed

The Data Controller processes personal data in the course of various operational activities, including, in particular, the management of the website and digital services, IT consultancy and support, the sale of products and services both online and at physical outlets, participation in third-party marketplaces and platforms, as well as the provision of courses, training and professional activities, whether in person or remotely.

In the context of these activities, the Data Controller may act, depending on the circumstances, either as an independent data controller or, where applicable, as a data processor on behalf of third parties (for example, when carrying out technical work on the client’s systems or infrastructure).

3.1 Data provided directly by the user

The Data Controller may process personal data provided voluntarily by the user, including, but not limited to:

  • first name and surname
  • company name, role within the organisation and professional details (where applicable)
  • email address and telephone number
  • postal address, billing details and payment details
  • the content of enquiries submitted via forms, email or other channels (including requests for advice, support or IT tickets)
  • attachments, files or documents uploaded or sent by the user
  • information contained in quotations, orders, contracts or commercial communications
  • data relating to participation in courses, events or training activities organised by the Data Controller
  • data relating to transactions carried out via third-party platforms or marketplaces
  • any data relating to third parties provided by the user in connection with a request for services (for example, data contained in IT systems managed or analysed on behalf of the client)

3.2 Technical and navigation data

Whilst browsing the website and using the digital services, the following data may be collected automatically:

  • IP address and network identifiers
  • date, time and duration of access
  • information about the browser, device and operating system used
  • system logs, security logs and data relating to access and authentication
  • cookies, online identifiers and similar technologies
  • pages visited, navigation paths and interactions with the website or services

3.3 Data relating to the use of the services

In the context of the provision of IT services, consultancy and technical support, additional data may be processed, such as:

  • data contained in support tickets and helpdesk systems
  • History of support requests and communications with the customer
  • technical data relating to systems, infrastructure or software subject to maintenance work
  • operational logs and information required for the diagnosis and resolution of technical issues
  • data relating to the administration of courses, enrolments, attendance and training activities

3.4 Security and anti-abuse measures

The Data Controller may also process data necessary to ensure the security of systems and services, including:

  • records of logins and login attempts
  • suspicious or potentially fraudulent activity
  • information necessary to prevent abuse, cyber-attacks or misuse of the website or services
  • data required to protect IT infrastructure and customers’ systems during technical support activities

3.5 Data derived from communications and marketing (where applicable)

Where applicable and to the extent permitted by law, the following may also be processed:

  • the content of communications via email, telephone or digital tools (including support channels and messaging services)
  • data relating to interactions with marketing communications (e.g. opening emails, clicking on links)
  • preferences expressed in relation to informational or promotional communications

4. Purposes of the processing

Personal data is processed exclusively for specific purposes that are clear to the data subject and compatible with the context of the contractual or pre-contractual relationship, in accordance with the principles of the Federal Data Protection Act (nLPD / revDSG).

Data processing may take place through various operational and commercial channels, including the website, digital communications, IT consultancy and support services, the sale of products and services online and at physical outlets, participation in third-party marketplaces and platforms, as well as the provision of courses, training and professional activities, whether in person or remotely.

4.1 Contractual and pre-contractual purposes

The data is processed for the following purposes:

  • handling IT consultancy requests, technical site visits and quotations
  • assessment and drafting of commercial offers and contractual proposals
  • provision of technical support, IT assistance and maintenance services
  • management of online and direct sales of products and services, including sales at physical outlets
  • management of purchases and sales made via marketplaces and third-party platforms
  • organisation, management and administration of courses, events and training activities
  • implementation, management and administration of contractual relationships with customers and suppliers
  • managing day-to-day communication with the client in connection with the provision of services, including via digital and telephone channels

4.2 Administrative, accounting and legal purposes

Data may be processed for the following purposes:

  • accountancy, invoicing and administrative compliance
  • compliance with the legal, tax and regulatory obligations applicable in Switzerland
  • document retention in accordance with the law
  • handling of complaints, disputes, legal claims or court proceedings
  • protection of the Data Subject’s rights in and out of court

4.3 Operational, technical and security purposes

Data processing is also necessary for:

  • to ensure the proper operation, maintenance and updating of the IT systems and the website
  • to ensure the security of IT infrastructure, services and data
  • to prevent, detect and combat fraud, abuse, unauthorised access or malicious activity
  • management of technical logs, access logs and security monitoring systems
  • continuous improvement of services, reliability and the user experience
  • management of any security incidents and technical troubleshooting activities
  • management of the infrastructure used to deliver digital, physical and training services

4.4 Marketing and commercial communication purposes (subject to consent where required)

Subject to the data subject’s consent, the data may be used for:

  • sending commercial, promotional and informational communications
  • newsletters and updates relating to services, products or company news
  • personalised recommendations or targeted offers based on the user’s interactions

Consent to the processing of personal data for marketing purposes is optional and may be withdrawn at any time without affecting the lawfulness of any processing carried out prior to the withdrawal.

4.5 Other compatible purposes

To the extent permitted by law, data may also be processed for purposes compatible with those set out above, including internal organisational activities, managing relationships with suppliers, logistics, shipments, the management of third-party platforms and technical support for customers, whilst always complying with the principles of proportionality and data minimisation.

5. Legal basis for processing

The processing of personal data is based on one or more of the following legal grounds, in accordance with the principles of the Federal Data Protection Act (nLPD / revDSG):

  • Performance of a contract or pre-contractual measures: The processing is necessary to respond to user enquiries, provide IT advice and technical support, sell products or services, and to manage and fulfil existing or prospective contractual relationships.
  • Compliance with legal obligations: The processing is necessary to comply with legal and regulatory obligations applicable to the Data Controller, including tax, accounting, administrative and record-keeping obligations.
  • Overriding interests of the Data Controller or third parties: the processing may be based on a legitimate and overriding interest of the Data Controller, in particular for:
    • to ensure the security of IT systems, networks and data
    • to ensure the operational continuity of IT services and the proper delivery of services
    • to prevent, detect and combat fraud, abuse, unauthorised access or malicious activity
    • to improve, optimise and develop the services offered
    • to safeguard the Data Controller’s rights in the event of disputes or legal proceedings
  • Consent of the data subject: where required or expressly provided for by law, the processing is based on the user’s free, specific, informed and revocable consent, in particular for the purposes of direct marketing, newsletters and the use of cookies or tracking tools that are not strictly necessary.

In all cases, the Data Controller assesses the proportionality of processing based on an overriding legitimate interest, taking into account the interests, fundamental rights and reasonable expectations of the data subject, as well as the context of the relationship (particularly in the case of IT and technical support services).

6. Processing methods and security

Personal data is processed using electronic means and, where necessary, also by manual means, in accordance with the principles of lawfulness, proportionality and security laid down in the applicable Swiss legislation (nLPD / revDSG).

Data processing is carried out by implementing technical and organisational measures appropriate to the state of the art and the risk associated with the processing, including, in particular:

  • systems for controlling logical and physical access to data and systems
  • management of authorisations and access profiles tailored to operational requirements
  • the use of encryption techniques, where appropriate, to protect data in transit and/or at rest
  • Regular backups and data recovery procedures
  • perimeter protection systems such as firewalls, antivirus software and threat detection tools
  • monitoring of systems and recording of access and activity logs, where necessary for security and operational purposes
  • restricting access to data exclusively to authorised staff or third-party suppliers who are strictly necessary for the provision of services

The Data Controller selects suppliers and technology partners who guarantee adequate security and confidentiality measures in accordance with the applicable standards.

Despite the implementation of appropriate technical and organisational measures, no computer system or method of transmitting data via the Internet can be considered completely secure. Consequently, the Data Controller cannot guarantee the absolute security of the information transmitted or stored, to the extent permitted by law.

In the event of a personal data breach, the Data Controller undertakes to take the measures required by the applicable legislation, including incident management and, where required, notification to the relevant authorities.

7. Data retention

Personal data is retained for the period strictly necessary to fulfil the purposes for which it was collected, in accordance with the legal obligations and the principles of proportionality laid down in Swiss legislation (nLPD / revDSG).

As a rough guide:

  • contractual, tax and accounting data: up to 10 years, in accordance with the applicable Swiss legal requirements
  • data relating to consultancy, technical support and IT tickets: up to 24 months from the last interaction, unless there are technical or legal requirements for further retention
  • Non-contractual contact details: generally for up to 12–24 months from the last interaction, unless the relationship is renewed or a new request is made
  • data processed for marketing purposes: until the data subject withdraws their consent or until the commercial interest ceases

Once the retention periods have expired, the data is deleted, anonymised or rendered unidentifiable, subject to any further legal obligations.

Personal data may be disclosed, to the extent strictly necessary to achieve the purposes set out in this privacy notice, to third parties acting as service providers, independent data processors or independent data controllers, depending on the context.

In particular, the data may be disclosed to:

  • IT and infrastructure service providers, such as hosting providers, cloud providers, backup services, email providers, ticketing systems and customer management systems
  • payment service and transaction management providers (e.g. payment networks, payment processors, banking services and fintech companies)
  • logistics and delivery services, including couriers, postal services and parcel tracking platforms
  • marketplace platforms and third-party sales channels used for the buying and selling of products and services
  • tax advisers, accountants, solicitors and other professionals appointed by the Data Controller
  • technical partners and collaborators involved in the provision of IT services, consultancy, support and training
  • public bodies, judicial or administrative authorities, in the cases provided for by law or upon legitimate request

In the course of the Data Controller’s activities, data may also be processed using external systems and platforms necessary for the provision of services, including tools for communication, customer management, analysis and collaboration.

All third parties are carefully selected and are contractually obliged, where applicable, to ensure adequate levels of confidentiality, security and protection of personal data.

9. Transfer of data abroad

Personal data may also be processed or transferred outside Switzerland, including to countries within the European Union, the European Economic Area or third countries (in particular the United States or other countries where digital service providers used by the Data Controller are based).

Such transfers take place exclusively in accordance with the applicable Swiss legislation (nLPD / revDSG) and are permitted when:

  • the country of destination ensures an adequate level of data protection recognised by the competent authorities, or
  • appropriate safeguards are put in place, such as standard contractual clauses, additional technical measures or other legally valid instruments

In particular, the use of global providers of IT, cloud, email, communications, payment, analytics or marketplace services may involve the processing of data on servers located abroad.

The Data Controller takes reasonable measures to minimise the risks associated with such transfers and to ensure an adequate level of protection for personal data.

10. Rights of the data subject

The data subject may exercise the rights provided for under the applicable legislation at any time, including:

  • the right of access to one’s personal data
  • the right to have inaccurate or incomplete data rectified
  • the right to have data erased, within the limits laid down by law
  • the right to object to processing, where permitted
  • the right to withdraw consent, where such consent has been given
  • the right to request further information on data processing

Requests may be sent to the Data Controller’s email address: team@greenwebsolutions.ch.

The Data Controller reserves the right to verify the applicant’s identity before processing the request, in order to safeguard data security.

11. Cookies and tracking technologies

This website uses cookies and similar technologies to ensure that the web pages function correctly and to improve the user’s browsing experience.

Cookies are small text files stored on the user’s device and can be used for various purposes.

11.1 Types of cookies used

The website may use the following categories of cookies:

  • Technical (essential) cookies: essential for the website to function and to enable you to browse the site and use the services you have requested. These cookies do not require the user’s consent.
  • Analytical cookies: used to collect aggregated and anonymous statistical information on the use of the website, with a view to improving its performance and content. Where possible, such data is anonymised or pseudonymised.
  • Marketing and profiling cookies: used to analyse user behaviour and, where authorised, to display personalised content or adverts based on preferences. These cookies are used only with the user’s explicit consent.

11.2 Consent management

When accessing the website for the first time, users can set their preferences via the cookie management banner, by accepting, rejecting or customising the use of the various categories.

Consent may be amended or withdrawn at any time via your browser settings or the tools provided on the website.

11.3 Third-party cookies

The website may use third-party services (such as analytics tools, hosting services, video embedding or marketing tools) which may set cookies on the user’s device. These third parties are responsible for processing the data collected via their cookies, in accordance with their respective privacy policies.

11.4 Disabling cookies

Users can disable or delete cookies at any time via their browser settings. However, disabling technical cookies may affect the website’s proper functioning.

12. Safety and liability

The Data Controller implements reasonable technical and organisational measures, commensurate with the risk, to protect personal data from loss, misuse, unauthorised access or unauthorised disclosure.

The user acknowledges that:

  • Data transmission via the Internet cannot be guaranteed to be completely secure
  • The user is responsible for the use of their devices, networks or systems

13. Limitation of liability

To the extent permitted by applicable law, the Data Controller shall not be held liable for any direct or indirect damages arising from:

  • misuse of the website or services by the user
  • use that does not comply with the instructions, the terms of the contract or good IT practice
  • temporary interruptions, suspensions, unavailability or malfunctions of the website, IT systems or services
  • delays, errors or omissions in the transmission of data via the Internet or electronic communications networks
  • unauthorised access, data loss or security breaches despite the implementation of appropriate technical and organisational measures

The Data Controller undertakes to maintain the website and services in a secure and operational state in accordance with reasonable and proportionate standards, but does not guarantee that there will be no errors, interruptions or vulnerabilities whatsoever.

Any content, information or services provided via the website are made available “as is”, without any express or implied warranties, to the fullest extent permitted by law.

To the extent permitted by applicable law, the Data Controller shall not be held liable for events of force majeure, including but not limited to infrastructure failures, cyber-attacks, network outages, natural disasters or decisions by public authorities.

In any event, the Data Controller’s liability, if any, is limited to the maximum extent permitted by applicable law and, where provided for in specific contractual relationships, by the contractual terms agreed with the user or customer.

14. Changes to this policy

The Data Controller reserves the right to amend this policy at any time in order to bring it into line with regulatory, technical or operational changes.

Any changes will be published on this page, along with the date of the update.

15. Safeguard clause

Should one or more provisions of this policy be, or become, void, invalid or unenforceable, this shall not affect the validity of the remaining provisions.

Any invalid provisions shall be replaced by a valid provision that comes as close as possible to the economic and legal purpose of the original provision, in accordance with the applicable legislation.

16. Governing law and jurisdiction

This privacy policy is governed by Swiss law, in particular the Federal Data Protection Act (nLPD / revDSG) and other applicable provisions of Swiss law.

Unless otherwise required by law, any dispute arising out of or in connection with this policy shall be subject to the jurisdiction of the competent courts of the place where the Data Controller is based.

The Data Controller reserves the right, however, to bring proceedings at the user’s place of residence or before any other competent court provided for by law.

Date of last update: June 2026

en_GB