Privacy Policy

Personal data deserves clarity, not ambiguity

Transparency on the processing of personal data, the purposes of processing, users’ rights, and the measures adopted by Innovando GmbH to protect information.

Privacy policy and personal data processing

Last updated: 26 May 2026

This Privacy policy describes how Innovando GmbH collects, uses, stores and protects personal data processed through its website and through digital interactions connected to the company’s services.

The document has been drafted with particular attention to Swiss data protection legislation, including the Federal Act on Data Protection (FADP) and the related ordinance (DPO). Where applicable, it also takes into account any requirements arising from relationships with users, clients or data subjects located in the European Economic Area.

1. Controller

The controller is:

Innovando GmbH
Loretto 4
9108 Gonten
Appenzell Innerrhoden
Switzerland

  • Phone: +41 (0)71 794 15 00
  • Email: privacy@innovando.swiss
  • Website: https://innovando.swiss

For questions relating to the processing of personal data, data protection or the exercise of data subject rights, please write to:

privacy@innovando.swiss

2. Scope of application

This Privacy policy applies to the Innovando GmbH website and to the pages connected to the company’s digital ecosystem, insofar as they are managed directly by Innovando GmbH or fall under its responsibility.

The Privacy policy concerns, in particular:

  • the processing of data collected while browsing the website;
  • data transmitted through contact forms, information requests or assessment forms;
  • technical information generated by the use of the website;
  • data processed for statistical, technical, organisational or security purposes;
  • voluntary communications sent by the user to Innovando GmbH.

This notice does not apply to third-party websites, platforms or services accessible through external links. Such parties remain independently responsible for their own processing activities.

3. Types of personal data processed

Innovando GmbH may process different categories of personal data, depending on how the user interacts with the website or with the connected services.

The categories of data may include:

  • identification data, such as first name, last name, company or professional role;
  • contact data, such as email address, telephone number or company address;
  • data voluntarily entered in contact forms, information requests, assessment requests or similar communications;
  • technical data, such as IP address, browser type, operating system, device used, browser language, date and time of visit;
  • browsing data, such as pages visited, general interactions with the website, access source and approximate session duration;
  • data relating to consent, such as cookie preferences, date of choice and accepted or rejected categories.

Innovando GmbH does not intentionally request sensitive personal data through the website, unless the user spontaneously enters it in free-text fields. Users are advised not to send information that is unnecessary in relation to the request submitted.

4. Data sources

Personal data may be collected:

  • directly from the user, when they complete a form, send an email, request information or interact with Innovando GmbH;
  • automatically, while browsing the website, through server logs, technical cookies, statistical tools or similar technologies;
  • through technical tools necessary for security, maintenance and the proper functioning of the website;
  • through third-party services used for technical, statistical or organisational purposes.

Automatic data collection takes place within the limits necessary for the functioning of the website, infrastructure security and, where applicable, on the basis of the user’s consent.

5. Purposes of processing

Innovando GmbH processes personal data for specific, proportionate and recognisable purposes.

In particular, data may be processed to:

  • enable the proper technical functioning of the website;
  • ensure security, stability, maintenance and protection of the digital infrastructure;
  • respond to contact, information, consulting or assessment requests;
  • manage communications with users, clients, partners and potential clients;
  • analyse website use in statistical form;
  • improve content, structure, accessibility, performance and browsing quality;
  • manage consent to cookies and similar technologies;
  • comply with legal, accounting, tax or contractual obligations;
  • protect the rights, legitimate interests and security of Innovando GmbH.

Data is not used for purposes incompatible with those for which it was collected.

6. Legal bases for processing

The processing of personal data takes place on the basis of the conditions provided for by the applicable data protection legislation.

Depending on the case, processing may be based on:

  • the execution of a user request or pre-contractual measures;
  • the performance of a contract or professional relationship;
  • the user’s consent, for example for statistical cookies or non-essential technologies;
  • compliance with legal obligations;
  • the legitimate interest of Innovando GmbH in security, website management, corporate communication, abuse prevention and improvement of its services.

Where processing is based on consent, the user may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

7. Contact forms, requests and assessments

When the user uses a contact form, an information request, an assessment form or a similar tool, Innovando GmbH processes the data entered in order to understand the request, respond appropriately and, where necessary, initiate a professional relationship.

The data collected may include first name, last name, email address, telephone number, company, role, website, content of the request and other information voluntarily provided by the user.

The information transmitted through assessment forms may be organisational, strategic, technical or business-related in nature. Innovando GmbH processes such information confidentially and uses it exclusively to evaluate the request, prepare a response, formulate a proposal or carry out activities connected to the requested service.

The information received is not made public, distributed to third parties for independent commercial purposes or used for purposes incompatible with the initial request.

8. Cookies and similar technologies

The website may use cookies and similar technologies for technical, statistical and consent management purposes.

Necessary cookies are used for the technical functioning of the website and do not require prior consent. Statistical cookies or other tools that are not strictly necessary are used only when the user gives the relevant consent, where required.

For more information on cookie categories, preference management and withdrawal of consent, please consult the Cookie policy:

9. Google Analytics

Innovando GmbH may use Google Analytics to obtain statistical information on website use.

Google Analytics makes it possible to understand, in aggregate form or otherwise for technical analysis purposes, how users reach the website, which pages they visit, which content they consult and which aspects of the digital experience can be improved.

Depending on the technical configuration, Google Analytics may process data such as IP address, technical identifiers, data relating to the device, browser, approximate geographical area, pages visited and interactions with the website.

Google Analytics is loaded according to the preferences expressed by the user through the consent management system. Where required, Analytics is activated only after consent has been given for the statistical category.

10. Google Tag Manager

Innovando GmbH may use Google Tag Manager to manage tags and scripts on the website in an orderly and centralised way.

Google Tag Manager is a technical tag management tool. In itself, it is not intended for autonomous user profiling, but it may be used to activate other tools, such as Google Analytics.

For this reason, any tools managed through Google Tag Manager are assigned to the correct category: necessary, statistics, marketing or external content. Tools subject to consent must not be activated before the user has made a choice.

11. Google Search Console

Innovando GmbH uses Google Search Console to monitor the website’s technical presence in Google search results.

Google Search Console makes it possible to check indexing, technical errors, organic performance, page status and the quality of the website’s presence in the search engine.

Google Search Console is not used to directly track user behaviour on the website through browsing cookies. It is therefore mentioned for transparency, but it does not normally fall within the tools subject to consent through the banner.

12. Leadinfo and B2B company identification

Innovando GmbH may use Leadinfo to recognise, where technically possible, the companies that visit the website. The tool is used in a B2B context to understand which organisations show interest in the content, services or activities of Innovando GmbH.

Leadinfo may process technical data relating to the visit, including IP address, pages consulted, date and time of access, source of the visit and information connected to the identification of the visiting organisation. The processing may make it possible to associate a visit with a company, entity or professional network, without the main objective being to identify the individual natural person browsing the website.

Innovando GmbH uses this information for B2B commercial analysis, evaluation of interest in its services, improvement of communication and development of relevant professional relationships.

Where required by applicable legislation or by the technical configuration of the tool, Leadinfo is activated only after the user has given consent to the relevant banner category. The user may modify or withdraw consent at any time through the “Manage consent” panel.

Depending on the specific processing activity, Leadinfo may act as a processor for its clients and, for certain activities, as an independent controller. Innovando GmbH assesses the use of the tool within the scope of its B2B purposes and of the contractual and technical safeguards made available by the provider.

13. Hosting, security and technical logs

The website is hosted by technical providers that make available infrastructure, servers, security systems, backups, maintenance and services connected to the functioning of the website.

During browsing, technical logs may be generated containing information such as IP address, date and time of the request, requested URL, user agent, server response code and other data necessary for security and technical diagnosis.

This data is processed to ensure website stability, prevent abuse, identify malfunctions, protect the infrastructure and comply with any technical or legal obligations.

14. Email communications

When the user sends an email communication to Innovando GmbH, the data contained in the message is processed in order to manage the request, respond to the communication and, where necessary, retain a record of the professional or administrative relationship.

Email communications may be retained for the time necessary to manage the request, document the relationship and comply with legal or contractual obligations.

Users are advised not to send unnecessary personal data, sensitive data or confidential information by email where it is not relevant to the request.

15. Newsletter and informational communications

If Innovando GmbH activates newsletters or informational communications, the user’s data will be processed exclusively to send requested content or communications consistent with the consent expressed or with the existing relationship.

The user may unsubscribe or object to receiving informational communications according to the methods indicated in each message or by writing to privacy@innovando.swiss.

If no newsletter is currently active on the website, this section serves as preventive information and will be updated if the service is introduced.

16. Data recipients

Personal data may be processed by persons authorised by Innovando GmbH or by external providers that support the company in technical, administrative, communication or organisational management.

Possible recipients include:

  • hosting and technical infrastructure providers;
  • providers of maintenance, security, backup and IT support services;
  • providers of email services or communication tools;
  • providers of statistical or technical analysis tools;
  • consultants, collaborators or partners involved in managing a request or professional relationship;
  • authorities or public bodies, where required by law.

External providers process data within the limits necessary to carry out the activities entrusted to them and, where required, on the basis of appropriate agreements or instructions.

17. International transfers

Some providers or tools used by Innovando GmbH may involve the processing of personal data outside Switzerland.

Where data is transferred to countries that do not ensure an adequate level of protection under applicable legislation, Innovando GmbH adopts, where necessary, appropriate safeguards, such as standard contractual clauses, technical and organisational measures or other instruments recognised by the legislation.

The use of services belonging to international groups, such as Google, may involve processing by companies located or operating outside Switzerland. Such processing is assessed and managed in relation to the purpose of the tool used and the user’s consent preferences, where applicable.

18. Retention period

Innovando GmbH retains personal data only for the time necessary for the purposes for which it was collected, unless legal, tax, accounting or contractual obligations require longer retention periods.

In general:

  • data transmitted through contact forms is retained for the time necessary to manage the request and any subsequent relationship;
  • data relating to contractual or professional relationships may be retained for the period required by legal, tax or documentary obligations;
  • technical logs are retained for periods proportionate to security, diagnosis and maintenance needs;
  • data relating to consent is retained to document the preferences expressed by the user and allow their management;
  • statistical data is retained according to the settings of the tools used and within the limits of the declared purposes.

When data is no longer necessary, it is deleted, anonymised or archived in a manner consistent with legal and organisational requirements.

19. Data security

Innovando GmbH adopts appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, disclosure or destruction.

The measures may include, depending on the context:

  • encrypted connections;
  • access controls;
  • backups;
  • technical updates;
  • protection against unauthorised access;
  • limitation of access to authorised persons only;
  • internal management and security procedures.

No digital system can, however, guarantee absolute security. Innovando GmbH is committed to maintaining a level of protection proportionate to the nature of the data processed, the purposes of processing and the reasonably foreseeable risks.

20. Data subject rights

Within the limits provided for by applicable legislation, the data subject may exercise various rights in relation to their personal data.

  • These rights may include:
  • obtaining information on the processing of their data;
  • requesting access to the personal data processed;
  • requesting the rectification of inaccurate or incomplete data;
  • requesting the deletion of data, where the conditions are met;
  • requesting restriction of processing;
  • objecting to certain processing activities;
  • withdrawing consent given;
  • requesting data portability, where applicable;
  • submitting a report or complaint to the competent authority.

Requests may be sent to:

privacy@innovando.swiss

Innovando GmbH may request additional information to verify the identity of the applicant and protect data against unauthorised access.

21. Competent authority

In Switzerland, the competent federal authority for data protection is the Federal Data Protection and Information Commissioner (FDPIC).

The data subject may contact the FDPIC according to the methods and within the limits provided for by the applicable legislation.

22. Minors

The website and services of Innovando GmbH are mainly intended for professionals, companies, entities, organisations and adult interlocutors.

Innovando GmbH does not intend to knowingly collect personal data from minors through the website. If a minor transmits personal data without adequate authorisation, the controller may delete such data as soon as it becomes aware of the circumstance, unless obligations or legitimate grounds for retention apply.

23. Links to third-party websites

The website may contain links to third-party websites, platforms or services.

Innovando GmbH is not responsible for the content, privacy settings or methods of personal data processing adopted by such parties. Users are invited to consult the privacy notices of the external websites they visit.

24. Updates to the Privacy policy

Innovando GmbH may update this Privacy policy in the event of regulatory, technical, organisational or operational changes, or in the event of the introduction of new services, tools or processing methods.

The update date indicated at the beginning of the document makes it possible to verify when the Privacy policy was last modified.

25. Contacts

For any question relating to this Privacy policy or to the processing of personal data, please contact:

Innovando GmbH
Loretto 4
9108 Gonten
Appenzell Innerrhoden
Switzerland

  • Phone: +41 (0)71 794 15 00
  • Email: privacy@innovando.swiss
  • Website: https://innovando.swiss

For specific information on the use of cookies and consent management, please also consult the Cookie policy

Right to be forgotten

Right to be forgotten and assisted data deletion

Every person has the right to request the deletion of their personal data when it is no longer necessary, when consent is withdrawn, or when there is no valid legal basis for processing. Deletion, however, must be assessed carefully: some data may need to be retained in order to comply with legal, tax or contractual obligations, or to protect documented rights.

The right to be forgotten is not a magic formula, nor a bureaucratic shortcut. It is a tool for protecting the person, created to prevent personal data from remaining in information systems without reason, without proportion, and without a still legitimate purpose. When a person requests the deletion of their data, they are not simply asking to be “removed from a database”. They are asking for a verification of whether that data still has a legal, technical, or organisational reason to be retained.

This is why we speak of assisted deletion. We do not promise automatic and indiscriminate deletion from every medium, because that would be a fragile promise, often impossible to keep and, in some cases, even contrary to the law. Data may be deleted when it is no longer necessary in relation to the purpose for which it was collected, when consent is withdrawn and there is no other legal basis, when the processing is no longer justified, or when the data subject exercises a right recognised by the applicable legislation.

At the same time, some data may need to be retained. This may include invoices, work orders, contracts, communications necessary for the management of a professional relationship, and records required for accounting, tax, administrative obligations or for the protection of a right. In these cases, the request is still taken into consideration, but deletion may be partial, deferred or replaced by restriction of processing, data minimisation, or retention limited solely to mandatory purposes.

Our procedure exists precisely to avoid two opposite errors: retaining personal data for longer than necessary, or deleting information that must remain available due to a legal obligation or legitimate documentary reasons. Each request is therefore assessed specifically, taking into account the type of data, the original purpose of the processing, the legal basis, the applicable retention periods, and the possible presence of contractual, tax or administrative relationships that are still relevant.

Anyone wishing to exercise the right to deletion may submit a request through the form on this page. The data provided in the form will be used exclusively to correctly identify the request, verify its legitimacy, manage the procedure, and provide a response. In some cases, it may be necessary to request further information in order to avoid unauthorised deletions or requests submitted by persons who are not entitled to act.

Once the request has been received, we will carry out an internal verification of the systems under our direct control. Where deletion is possible, the data will be deleted or anonymised. Where full deletion is not possible, we will explain in understandable terms which data must be retained, for what reason and for how long. At the end of the procedure, the data subject will receive written confirmation of the outcome of the request.

Assisted deletion does not erase history where the law requires a record to be kept. It deletes what is no longer needed, restricts what must remain, and documents what has been done. It is a concrete form of respect: towards the person, towards the law, and towards the responsibility of those who process data.

Privacy request and assisted erasure

Innovando GmbH

Legal and operational headquarters:
  • Loretto, 4
  • 9108 Gonten
  • Appenzell Innerrhoden
  • Switzerland

TAX DETAILS

  • Commercial register: Appenzell Innerrhoden
  • Registration date: 02/03/2013
  • Registration nr.: 1138488
  •  VAT number: CHE-396.086,464
  • Share capital: CHF 20,000
  • DUNS Number: 48-692-9891

QUICK CONTACTS

OFFICE HOURS

Local dateSwitzerlandChecking...