Legal Notice
Responsible for Website Content
GRAF FORM GmbH
Technoparkstrasse 2
8406 Winterthur – ZH
Switzerland
Telefon: +41 79 426 00 40
E-Mail: hc.mroffarg@ofni
Copyright
The website is available at: https://grafform.ch.
All content published on this website is the intellectual property of GRAF FORM GmbH unless stated otherwise. Logos, images, company names, product names, and trademarks are protected by applicable copyright and trademark laws and remain the property of their respective owners.
Disclaimer
All texts and links published on this website are carefully reviewed and regularly updated. While GRAF FORM GmbH strives to provide accurate, complete, and up to date information, no guarantee or liability is assumed for the accuracy, completeness, or timeliness of the content provided.
GRAF FORM GmbH reserves the right to modify, supplement, or remove content from this website at any time without prior notice and is under no obligation to update existing information.
External links were checked for accuracy at the time they were added. However, GRAF FORM GmbH accepts no responsibility for the content, availability, or functionality of external websites accessed through hyperlinks. Responsibility for illegal, incorrect, or incomplete content, and in particular for any damages arising from the use of linked websites, lies solely with the respective provider of those websites.
This applies to all types of damages, including direct, indirect, financial, or consequential damages, as well as damages resulting from data loss, business interruption, or other causes of any kind.
Privacy Policy
Purpose
This Privacy Policy explains how GRAF FORM GmbH, based in Basel (hereinafter referred to as “GRAF FORM”), processes personal data in accordance with applicable Swiss and European data protection laws.
Scope and Validity
This Privacy Policy applies to personal data provided to GRAF FORM by clients and partners in the course of collaboration, as well as to data processed or generated by GRAF FORM as part of its services.
This policy forms part of the contractual relationship with GRAF FORM and may be updated from time to time to reflect legal, regulatory, or operational changes. The latest version is available at any time at https://grafform.ch.
Section 1 – Preamble
The processing of personal data, including but not limited to names, addresses, email addresses, telephone numbers, other contact details, photographs, video recordings, and audio recordings, is carried out in accordance with the General Data Protection Regulation (GDPR) and applicable Swiss data protection legislation.
This Privacy Policy explains the type, purpose, and scope of the personal data collected and processed by GRAF FORM. It also provides information about the rights of data subjects under the GDPR and the Swiss Federal Act on Data Protection (FADP).
In accordance with these regulations, GRAF FORM appoints a data protection officer (see Section 2), who serves as the primary contact for all data protection related matters.
GRAF FORM processes and stores personal data exclusively for the provision of services, business communication, and the maintenance of business relationships, in accordance with Article 4 of the Swiss FADP and Article 6 of the GDPR. Personal data is retained only for as long as necessary to fulfil the intended purpose, including statutory retention obligations, after which it is deleted or anonymized where appropriate.
GRAF FORM collects and stores contact information including names, telephone numbers, postal addresses, email addresses, and the professional role or function of individuals within organizations or projects. This information may be obtained from contracts, project documentation, business cards, meetings, emails, company websites, professional online profiles such as LinkedIn or Xing, and publicly accessible directories.
In certain cases, such as long standing business relationships, GRAF FORM may also store dates of birth or anniversaries for the purpose of personal greetings or similar communications.
This information is used for business correspondence, including emails, letters, invoices, appointment reminders, newsletters, and legally relevant communications such as updates to terms and conditions.
Personal data may be stored in ERP and accounting systems (such as Bexio), email systems, and document or email archives. Names and professional roles may also appear in meeting minutes, project documentation, and archived records.
Section 2 – Contact Information for the Data Controller, Data Protection Officer, and Supervisory Authorities
Data Controller within the meaning of the GDPR and other applicable data protection regulations:
GRAF FORM GmbH
Herr Nicolas Graf
Technoparkstrasse 2
8406 Winterthur
Switzerland
Telefon : +41 79 526 00 40
E-Mail: hc.mroffarg@farg.n
Contact Details of the Supervisory Authority
Beckenhofstrasse 23
8006 Zürich
Postal Address:
Postfach
8090 Zürich
Web: Contact Details of the Supervisory Authority
Phone: +41 43 259 39 99
Section 3 – No Disclosure of Personal Data
GRAF FORM does not share personal data with third parties unless this is necessary for the provision of services, the fulfilment of contractual obligations, or required by law.
Where necessary, personal data may be shared with carefully selected service providers such as banks, accountants, software providers, or IT service partners. Any transfer of personal data is carried out in accordance with applicable Swiss and European data protection laws.
The scope of any data transfer is limited to the minimum extent necessary for the respective purpose.
Section 4 – Rights of Access, Rectification, Restriction, and Deletion of Personal Data
In accordance with applicable data protection laws, data subjects have the right to obtain information about their personal data and, where applicable, the right to rectification, restriction of processing, deletion (“right to be forgotten”), data portability, and the right to object to the processing of personal data.
Data subjects also have the right to withdraw consent at any time and to lodge a complaint with the competent supervisory authority.
If personal data changes, we ask data subjects to inform us accordingly so that we can fulfil our obligation to maintain accurate and up to date information in accordance with Article 5 of the Swiss FADP and Article 5 of the GDPR.
Where deletion is prevented by statutory, contractual, tax related, or other legal retention obligations, the processing of personal data may instead be restricted in accordance with applicable legal requirements.
Section 5 – Retention Period for Personal Data
Personal data is retained for the period required by applicable statutory retention obligations. Once the applicable retention period has expired, personal data is deleted unless it is still required for the fulfilment of contractual obligations or the establishment of a contractual relationship.
Section 6 – Data Security
Personal data is protected through appropriate technical and organizational security measures. These measures are intended in particular to protect personal data against unauthorized access, unlawful processing, loss, alteration, or disclosure.
While GRAF FORM makes every reasonable effort to maintain a high level of security, it cannot be guaranteed that information transmitted via the Internet will be completely protected against access by unauthorized third parties.
GRAF FORM therefore accepts no liability for the disclosure of information resulting from transmission errors not caused by GRAF FORM or from unauthorized access by third parties, including but not limited to cyberattacks, unauthorized access to email accounts or communication systems, or interception of communications.
Section 7 – Data Breach Notification
If a personal data breach occurs, GRAF FORM will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons. In justified cases, notification may be submitted after the 72 hour period.
Where the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, GRAF FORM will inform the affected data subjects without undue delay.
Section 8 – Profiling
GRAF FORM does not use automated decision making or profiling.
Section 9 – Online and Cloud Based Data Processing
Data stored within our online services and cloud environments, including websites, online platforms, SharePoint environments, and related services, may contain personal data and is processed in accordance with applicable Swiss and European data protection laws, including the GDPR.
GRAF FORM treats all such data confidentially and implements appropriate technical and organizational measures to ensure compliance with applicable legal and regulatory requirements.
Cookies
If you leave a comment on our website, you may consent to the storage of your name, email address, and website in cookies. This is a convenience feature designed to avoid re entering this information when submitting future comments. These cookies are stored for one year.
If you have an account and log in to this website, a temporary cookie will be set to determine whether your browser accepts cookies. This cookie contains no personal data and is deleted when you close your browser.
When you log in, cookies are used to store login information and display preferences. Login cookies expire after two days, while display preference cookies remain stored for one year. If you select “Remember Me”, your login remains active for two weeks. Logging out removes the login cookies.
If you edit or publish content, an additional cookie may be stored in your browser. This cookie contains no personal data and only references the ID of the edited content. It expires after one day.
Embedded Content from Third Party Websites
Content published on this website may include embedded content from third party websites, such as videos, images, or articles. Embedded content behaves in the same way as if the visitor had accessed the external website directly.
These external websites may collect personal data, use cookies, integrate additional third party tracking services, and monitor interactions with embedded content, including interactions by users logged into those external services.
Section 10 – Responsibilities of Clients and Partners
Clients and partners of GRAF FORM are responsible for ensuring their own compliance with applicable data protection laws and regulations. This may include, but is not limited to:
- Compliance with applicable national data protection laws and the GDPR
- Fulfilment of disclosure and information obligations in contracts and online services
- Implementation of appropriate governance for internal online and offline processes
- Ensuring compliance among suppliers and subcontractors
- Updating terms and conditions in accordance with applicable data protection requirements
This list is provided for illustrative purposes only and is not exhaustive.
Version and Updates
This Privacy Policy may be updated from time to time to reflect legal, regulatory, technical, or operational changes. The latest version is 2025.01. This Privacy Policy is valid as of 01 January 2025.