Privacy Policy

Data Controller

Introduction

This privacy policy explains how MilesGuard GmbH (hereinafter "MilesGuard", "we") collects, processes and protects personal data. The Swiss Federal Act on Data Protection (nDSG) applies primarily. Insofar as we process personal data of persons in the EU/EEA, the EU General Data Protection Regulation (GDPR) applies additionally. In the event of conflict, the stricter law prevails.

Data We Collect

Personal Data

When you use our contact form, we collect the following personal data:

• Your name
• Your email address
• The content of your message

This data is processed via Cloudflare Workers and forwarded to our email inbox at Microsoft 365. No permanent storage occurs on the Worker. Justification: pre-contractual measures (Art. 31(2)(a) nDSG; Art. 6(1)(b) GDPR).

Usage Data

We use Cloudflare Web Analytics to collect anonymised data about how visitors interact with our website. This includes pages visited, time spent and general geographic information. Cloudflare Web Analytics does not set cookies and does not collect personal data. Justification: legitimate interest (Art. 31(1) nDSG; Art. 6(1)(f) GDPR).

Hosting

This website is hosted on Cloudflare Pages. With every page view, Cloudflare Inc. (USA) processes technically necessary data (IP address, timestamp, page accessed). Justification: legitimate interest (Art. 31(1) nDSG; Art. 6(1)(f) GDPR). Third-country transfer: Swiss-US Data Privacy Framework (Cloudflare is DPF-certified); Standard Contractual Clauses (SCC) apply additionally.

Domain Security Check

Our domain security check tool examines publicly accessible DNS records and HTTP headers of the entered domain. The check is performed server-side. For the DNSSEC check, a query is sent to Google Public DNS (dns.google). Entered domains are not stored and not transmitted to any other third parties.

Email Processing

Incoming contact enquiries are processed and stored in our email inbox at Microsoft 365 (Microsoft Ireland Operations Ltd., Ireland). Microsoft processes data within the EEA; Standard Contractual Clauses (SCC) apply additionally. Justification: contract performance (Art. 31(2)(a) nDSG; Art. 6(1)(b) GDPR).

How We Use Your Data

Communication

Data collected via the contact form is used exclusively to respond to your enquiry and to get in touch with you.

Analytics

Usage data collected through Cloudflare Web Analytics is used to improve the performance and usability of our website. No personal data is collected and no cookies are set.

Data Sharing

We do not sell, trade or transfer your personal data to third parties, except where necessary for the provision of our services or to comply with legal obligations. Exceptions include:

• Service providers who assist us in providing our website and services (e.g. hosting providers)
• Authorities, where we are legally obligated to do so
• Cloudflare Web Analytics for anonymised analysis of website traffic (no cookies, no personal data)
• Cloudflare Turnstile for spam protection on the contact form and domain check (technically necessary, justification: legitimate interest)

Retention Period

Contact form data is deleted after completion of the enquiry or after 12 months, provided no contractual relationship arises. In the event of a contract, statutory retention periods apply (10 years per Swiss Code of Obligations). Cloudflare Analytics data is collected anonymously by Cloudflare and not stored in a personally identifiable manner.

Data Security

We take appropriate technical and organisational measures to protect your personal data in accordance with Art. 8 nDSG.

Your Rights

You have the right to:

• Request information about the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your personal data
• Object to the processing of your data
• Request portability of your data

To exercise any of these rights, please contact us at info@milesguard.ch.

You also have the right to file a complaint with the Federal Data Protection and Information Commissioner (FDPIC). For persons in the EU, the complaint route via the competent data protection supervisory authority is additionally available.

No automated decision-making or profiling takes place.

Due to our company size, no data protection officer has been appointed (Art. 10 nDSG; Art. 37 GDPR).

Spam Protection (Cloudflare Turnstile)

We use Cloudflare Turnstile to protect our contact form and domain security check tool from automated abuse. The Turnstile script is only loaded when you actively perform an action (submit the form or start a domain check). Data such as IP address and interaction patterns may be transmitted to Cloudflare Inc. (USA). Cloudflare processes this data partly as a processor, partly as an independent controller for improving Turnstile detection. Cloudflare Turnstile may set a technically necessary cookie. Justification: legitimate interest (Art. 31(1) nDSG; Art. 6(1)(f) GDPR). Third-country transfer: Swiss-US Data Privacy Framework (Cloudflare is DPF-certified); Standard Contractual Clauses (SCC) apply additionally.

Cookies

Our website does not set tracking cookies. Cloudflare Web Analytics works without cookies. Cloudflare Turnstile may set a technically necessary cookie when you use the contact form or domain check. This cookie serves exclusively for spam detection and does not contain personal data.

Changes to This Privacy Policy

We may update this privacy policy from time to time. We recommend that you review this page regularly for updates. For questions, please contact the data controller named above.