Privacy Policy

1. Introduction

Welcome to the DesignHut website (https://designhut.ch). DesignHut, a service division of Concorde SA Conseil en Entreprises, based in Switzerland, is committed to protecting the privacy and personal data of its visitors and clients.

This privacy policy explains what information we collect, how we use it, share it and protect it, including through the use of cookies and similar technologies. It also informs you of your rights regarding your personal data. We comply with the European Union's General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP), which came into effect on September 1, 2023.

2. Person Responsible for Processing

The party responsible for processing your personal data is:

Concorde SA Conseil en Entreprises
Rue de Blanche-Pierre 38
2800 Delémont, Switzerland
UID: CHE-114.463.536
Commercial Register of Canton Jura

Contact:
Email: ibrahim@concorde.pro
Telephone: +41 77 916 50 87

3. Personal Data We Collect

We collect different types of personal data about you:

a) Identification and Contact Details

When you fill in a form on our site, we collect the information you provide, such as your first name, surname, email address and telephone number.

b) Information About Your Project

Through our forms, we may collect additional information about your web design, branding, or digital marketing project so that we can better understand your needs and respond effectively. We understand the sensitivity of this information and offer you the possibility of requiring the signature of a confidentiality agreement (NDA) before or during our exchanges.

c) Technical and Browsing Data

When you browse our site, we automatically collect certain information via cookies, pixels and similar technologies, as well as via our server logs. This data may include:

• Your IP address (potentially anonymised or pseudonymised)
• The type of browser and device used
• The operating system
• The pages visited and duration of visit
• Actions carried out (clicks, scrolling)
• Sources of traffic (referring sites)

d) Security Data

To protect our site against form spam and malicious activities, we process minimal technical data (such as IP address) automatically. Server logs also collect technical data for security and diagnostic purposes.

e) Consent Data

We record your cookie consent preferences via our consent management tool.

4. Purposes of Data Processing

We use your personal data for the following purposes:

• Responding to your requests: Process and respond to your questions, requests for quotes or contact requests submitted via our forms.
• Providing our services: Executing contracts and providing web design, branding, and digital marketing services that you order from us.
• Improve our website and services: Analyse the use of our site to understand how visitors interact with our content, identify friction points and optimise the user experience and our offers.
• Marketing and Advertising: To measure the effectiveness of our advertising campaigns and potentially offer you targeted advertising (remarketing) on other sites, subject to your consent.
• Security: Ensuring the security of our website, preventing fraud, abuse and attacks.
• Technical operation: Ensuring the smooth technical operation of the website (essential cookies).
• Consent management: Save and respect your choices concerning cookies.
• Legal compliance: Meeting our Swiss legal and regulatory obligations, including data protection legislation.

5. Legal Basis for Processing

We process your personal data on the following legal grounds:

Your Consent

For the use of non-essential cookies (Functional, Analytical, Marketing) and the sending of any direct marketing communications. You may withdraw your consent at any time via the Cookie Settings link in the footer of our website.

Performance of a Contract or Pre-Contractual Measures

When you contact us via a form to request a service or a quote, or when we perform a contract with you.

Our Legitimate Interests

To ensure the security of our website, for the basic technical operation of the site (strictly necessary cookies), and to analyse in an aggregated and anonymised manner the use of the site for internal improvement purposes. These interests are balanced against your rights and do not override your fundamental rights.

Our Legal Obligations

If we are required to process your data to comply with Swiss law, including the FADP and GDPR.

6. Use of Cookies and Similar Technologies

a) What are cookies?

Cookies are small text files placed on your browser (computer, tablet, smartphone) when you visit our website. They are used to store information temporarily or persistently. We also use similar technologies such as pixels (small invisible images) or local browser storage for similar functionalities.

b) Why do we use cookies?

We use cookies for a number of reasons: to ensure the technical operation of the site, to secure the site, to remember your preferences (such as your consent choices), to understand how you interact with our site in order to improve it, to measure the effectiveness of our marketing actions and to offer you potentially more relevant advertising.

c) Types of cookies used

We classify the cookies we use (directly or via third-party tools) into several categories:

• Strictly Necessary Cookies: Essential for the technical operation and security of the site. They cannot be deactivated via our consent tool. They include session cookies, form security cookies and the cookie that remembers your consent preferences.
• Functional cookies: Allow us to remember your choices and preferences (e.g. language) to improve your experience. Their use is subject to your affirmative consent.
• Analytical cookies: Help us to understand how visitors use our site (pages visited, time spent, traffic sources, etc.). The data collected is generally aggregated or pseudonymised. Their use is subject to your affirmative consent.
• Marketing cookies: Used to track your browsing habits in order to understand your interests and offer you more relevant advertising (remarketing) or measure the effectiveness of our campaigns. Their use is subject to your explicit affirmative consent.

d) Third-party cookies

Some cookies are set by third-party services that we use, such as Google (for Analytics and Ads). We have no direct control over these third-party cookies once you have consented to their use. We invite you to consult their respective privacy policies for more information on their use of data:

• Google Privacy Policy
• Google Ads

e) Management of your Consent

Affirmative Consent Requirement: Under Swiss and EU law, we obtain your affirmative consent (not assumed or pre-ticked) before activating non-essential cookies. On your first visit, a banner will appear allowing you to:

• Accept all cookies
• Refuse non-strictly necessary cookies
• Personalise your choices by category (Functional, Analytics, Marketing)

No non-strictly necessary cookies are activated before you have given your explicit affirmative consent.

You can change your preferences or withdraw your consent at any time via the "Cookie Settings" link in the footer of our site. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to such withdrawal.

f) How long cookies are kept

The lifetime of cookies varies: some are session cookies (deleted when you close your browser), others are persistent and remain on your device for a set period of time (typically 2 years for marketing cookies, unless otherwise specified by the third-party service).

g) Browser settings

You can also configure your web browser to block some or all cookies, or to alert you when cookies are being sent. However, blocking strictly necessary cookies may affect the proper functioning of the site.

7. Use of Specific Tools

• Google Analytics: Audience analysis tool to understand how the site is used. Data includes interactions, pages viewed, and anonymised technical/geographical information (anonymised IP activated). Service provider: Google LLC (USA). Google Privacy Policy
• Google Ads: Advertising platform for tracking conversions and remarketing. Service provider: Google LLC (USA). Google Ads Privacy
• Contact Forms: To collect your contact and quotation requests.
• WordPress & Elementor: Platform and builder of our site. May use essential technical cookies.
• Web Hosting: Our site and your data are securely hosted in Switzerland.

8. Sharing of Personal Data

We do not sell your personal data. We may share certain data with third parties only where necessary and with appropriate safeguards:

• Web host: Our site and your data are securely hosted in Switzerland.
• Analysis and advertising tools: Google (Analytics, Ads), depending on the consent you have given.
• Technical service providers: Any sub-contractors or processing partners are bound by written contracts including confidentiality and security obligations that meet or exceed the requirements of Swiss FADP.
• Competent authorities: If Swiss law or EU law requires us to do so.

All third parties are only permitted to process personal data on our instructions and are contractually bound to maintain confidentiality and security.

9. International Data Transfers

The main hosting is in Switzerland. However, the use of tools such as Google Analytics and Google Ads may involve the transfer of data (generally pseudonymised or aggregated) to servers located outside Switzerland/EEA, mainly in the United States.

We ensure that these transfers are governed by recognised protection mechanisms, including:

• Standard Contractual Clauses (SCCs) as approved by the Swiss Federal Council and European Commission
• Additional technical and organizational measures to protect your data in transit

For data transfers to the USA, we rely on the mechanisms recognised under Swiss FADP Article 6(3).

10. Data Retention Period

We keep your personal data only for as long as is necessary:

• Form data and contact requests: Kept for as long as necessary to process and follow up your request. If no contractual relationship is established, deleted within a maximum of 3 years after our last contact. If a contractual relationship is established, retained for 10 years as required by Swiss accounting law (Accounting Records Act).
• Analytical data: Limited duration (e.g. 14 months for Google Analytics), often in aggregated or pseudonymised form.
• Cookie data: Variable durations (session cookies or persistent cookies up to 2 years, depending on type).
• Security logs: Retained for security and diagnostic purposes for a reasonable period (typically 90 days), unless longer retention is required by law.

11. Data Security and Data Protection Impact Assessment

Security Measures

We take the security of your data very seriously through technical and organisational measures:

• Secure hosting in Switzerland
• HTTPS encryption protocol for all data in transit
• Firewall and intrusion detection systems
• Regular security updates and patches
• Access management and principle of least privilege
• Staff data protection awareness and training
• Regular security audits and assessments

For your sensitive project information, we offer to sign a confidentiality agreement (NDA) before or during our exchanges.

Data Protection Impact Assessment (DPIA)

In accordance with Article 22 of the Swiss FADP, we conduct Data Protection Impact Assessments (DPIA) for processing activities that present a high risk to the fundamental rights and freedoms of data subjects. Our business operations (web design, branding, digital marketing services) are generally low-risk; however, we perform DPIAs when processing sensitive information or when clients request NDA-protected engagements.

12. Your Rights Regarding Your Personal Data

In accordance with the Swiss Federal Act on Data Protection (FADP) and the GDPR, you have the following rights:

• Right of access: You can request confirmation of whether we process your personal data and obtain a copy of the data we hold about you.
• Right to rectification: You can request correction of inaccurate or incomplete data.
• Right to erasure: You can request deletion of your data under certain conditions (e.g., when the data is no longer necessary or if you withdraw consent).
• Right to restriction of processing: You can request limitation of processing of your data in certain circumstances.
• Right to data portability: You can receive your data in a structured, commonly used, and machine-readable format.
• Right to object: You can object to processing of your data based on legitimate interests.
• Right to withdraw consent: You can withdraw your consent to data processing at any time without affecting the lawfulness of processing based on consent prior to withdrawal.

13. Data Breach Notification

We are committed to protecting your data. In the event of a confirmed data breach:

• For high-risk breaches: We will notify the Federal Data Protection and Information Commissioner (FDPIC) without undue delay and in any case within the required timeframe under Swiss FADP Article 24.
• For affected individuals: If a breach poses a high risk to your fundamental rights and freedoms, we will notify you of the breach without undue delay.
• Notification will include: The nature of the breach, likely consequences, and measures we are taking or propose to take to address it and mitigate harm.

14. How to Exercise Your Rights

To exercise any of your rights, please contact us:

Email: ibrahim@concorde.pro
Post: Rue de Blanche-Pierre 38, 2800 Delémont, Switzerland
Telephone: +41 77 916 50 87

We may ask for proof of identity to protect your data and prevent unauthorized access. You can manage or withdraw your consent to cookies at any time via the Cookie Settings link in the footer of our website.

We will respond to all requests within 30 days, unless we require additional information or the request is particularly complex.

15. Right of Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the supervisory authority:

Federal Data Protection and Information Commissioner (FDPIC - Préposé fédéral à la protection des données)
Website: https://www.edoeb.admin.ch
Email: Contact form available on their website

You have the right to lodge a complaint at any time, without prejudice to any other administrative or judicial remedy.

16. Processing Records (Register of Processing)

In accordance with Article 14 of the Swiss FADP, we maintain a register of all processing activities conducted by DesignHut. This register includes details of the categories of processing, purposes, recipients, and retention periods. The register is maintained for compliance purposes and is available upon legitimate request.

17. Changes to This Privacy Policy

We may modify this policy from time to time to reflect changes in our business, legal requirements, or other factors. The most recent version will always be available on this page with its effective date.

When material changes are made to this policy that affect how we process your data or your rights, we will:

• Post the updated policy on our website with a prominent notice
• Update the "Last Updated" date at the top of this policy
• Consider notifying you via email if the changes significantly affect your rights

We recommend that you review this policy periodically to stay informed about how we protect your information.

18. Contact Information

For any questions about this Privacy Policy, data protection matters, or to exercise your rights, please contact us:

Email: ibrahim@concorde.pro
Phone: +41 77 916 50 87
Address: Rue de Blanche-Pierre 38, 2800 Delémont, Switzerland
UID: CHE-114.463.536