LEGAL
Privacy Policy
How SGDL Innovation S.A. collects, uses, and protects your personal data.
Last updated: March 29, 2026
1. Data Controller
The data controller responsible for the processing of your personal data is:
SGDL Innovation S.A.
Switzerland
Email: contact@sgdl.com
This Privacy Policy is governed by the Swiss Federal Act on Data Protection (nFADP / DSG), in force since September 1, 2023, and — to the extent applicable to individuals located in the European Economic Area — the EU General Data Protection Regulation (GDPR).
2. Data We Collect
2.1 Information you provide directly
- Contact form: full name, email address, company, job title, areas of interest, and your message.
- NDA signing: full name, professional email address, company or organization, job title. A digitally signed PDF is generated and stored.
2.2 Information collected automatically
- IP address: recorded with form submissions for security and fraud prevention purposes.
- Server logs: our web server (Nginx) records standard access logs including IP addresses, request URLs, HTTP referrer, user-agent strings, and timestamps. These logs are retained for security monitoring and are automatically rotated.
2.3 Third-party services
- Google Fonts: this website loads the Inter typeface from Google Fonts (fonts.googleapis.com). When you visit the site, your browser makes a request to Google's servers, which may process your IP address. See Google's Privacy Policy.
2.4 What we do NOT collect
This website does not use cookies, analytics trackers, advertising pixels, or any form of behavioral profiling. We do not use Google Analytics, Meta Pixel, or similar services. No data is sold to third parties.
3. Purposes and Legal Basis for Processing
| Purpose | Legal Basis (nFADP) | Legal Basis (GDPR) |
|---|---|---|
| Responding to contact inquiries | Legitimate interest | Art. 6(1)(f) — Legitimate interest |
| Processing NDA signatures and granting access | Performance of a contract | Art. 6(1)(b) — Contractual necessity |
| Security monitoring and fraud prevention | Legitimate interest | Art. 6(1)(f) — Legitimate interest |
| Sending transactional emails (NDA confirmation, approval) | Performance of a contract | Art. 6(1)(b) — Contractual necessity |
4. Data Retention
- Contact submissions: retained for up to 2 years after the last interaction, then deleted.
- NDA records and signed PDFs: retained for the duration of the NDA (5 years) plus any applicable statutory retention period.
- Server logs: automatically rotated and deleted after 90 days.
5. Data Sharing and International Transfers
Your personal data is not sold, rented, or shared with third parties for marketing purposes.
Data may be shared with:
- Infomaniak Network SA (Switzerland) — our hosting and email provider. Infomaniak operates exclusively from Swiss and European data centers and is subject to Swiss data protection law.
- Google LLC (United States) — via Google Fonts. This constitutes a potential transfer of IP address data to the United States. Google participates in the EU-US Data Privacy Framework.
No other international transfers of personal data take place. Our server infrastructure is located in Switzerland.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- TLS/HTTPS encryption for all data in transit
- Server hardening with firewall (UFW) and intrusion detection (Fail2ban)
- Restricted access to personal data on a need-to-know basis
- Rate limiting on API endpoints to prevent abuse
- NDA PDFs stored in access-restricted server directories
7. Your Rights
Under the Swiss nFADP and, where applicable, the EU GDPR, you have the following rights:
Under Swiss nFADP (Art. 25–29 DSG)
- Right of access (Art. 25): You may request confirmation as to whether personal data concerning you is being processed and, if so, access to that data.
- Right to data portability (Art. 28): You may request your data in a commonly used electronic format.
- Right to rectification: You may request correction of inaccurate personal data.
- Right to erasure: You may request deletion of your personal data, subject to legal retention obligations.
- Right to object: You may object to processing based on legitimate interests.
Additional rights under EU GDPR (where applicable)
- Right to restriction of processing (Art. 18)
- Right to lodge a complaint with a supervisory authority (Art. 77). For Swiss residents, this is the Federal Data Protection and Information Commissioner (FDPIC). For EU residents, this is your local data protection authority.
How to exercise your rights
To exercise any of these rights, please contact us at contact@sgdl.com. We will respond within 30 days of receiving your request. We may ask you to verify your identity before processing your request.
8. Supervisory Authority
The competent supervisory authority for data protection in Switzerland is:
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1, CH-3003 Bern
www.edoeb.admin.ch
9. Children's Privacy
This website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data through our website, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.
11. Contact
For any questions or requests regarding this Privacy Policy or your personal data, please contact:
SGDL Innovation S.A.
Email: contact@sgdl.com
Website: sgdl.com