Privacy Policy

Last update: April 25, 2025

This Privacy Policy explains how Entropya AG ("we", "us", or "our") collects, uses, stores, and protects your personal data when you interact with our website, services, and communications, in accordance with the General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (FADP), and other applicable laws.

Who We AreWhat Personal Data We CollectWhy We Process Your Data (Purposes & Legal Bases)Cookies & Tracking TechnologiesSharing Your DataInternational TransfersHow We Protect Your DataYour Rights Under GDPRAutomated Decision-Making & ProfilingData RetentionUpdates to This PolicyContact

Who We Are

Entropya AG

Weingartenstrasse 9, 8803 Rüschlikon, Switzerland

Email: office@entropya.com

Website: https://www.entropya.com


Data Protection Officer:

Moritz Sauer, dpo@entropya.com


EU Representative:

For data subjects located in the European Union, Entropya’s services are provided by our wholly owned EU subsidiary:


Entropya Cybersec S.R.L.

2 Victor Hugo Street,

Sibiu, 557260, Romania

office@entropya.com


This entity is established in the EU and is responsible for processing activities in accordance with the GDPR. If you are located in the EU and have any data-related questions or requests, please contact this EU entity directly.

What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Contact details: Name, email address, phone number (via contact forms or newsletter sign-ups)
  • Technical data: IP address, device type, browser, screen resolution
  • Usage data: Pages visited, links clicked, session duration
  • Marketing data: Preferences, communication history, newsletter behavior
  • Cookies & tracking data: See our link to Cookie Policy for details.

We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided personal data, please contact us immediately.

Why We Process Your Data (Purposes & Legal Bases)


Purpose

Data Processed

Legal Basis (GDPR Art. 6)

Retention

Respond to contact requests

Name, email, message content

Legitimate interest or Consent

12 months

Analytics

IP, device info, behavior

Consent

6 months

Newsletter

Email address

Consent

Until unsubscribed

Website security

IP address, device info

Legitimate interest

Up to 12 months

Contractual communication

Name, contact details, client data

Contract

Duration of contract + 10 years

Cookies & Tracking Technologies

We use cookies and similar technologies to operate our website, analyze traffic, and deliver personalized content.

For full details, see our Cookie Policy, which outlines the types of cookies used, consent management, and how to control your preferences.

Sharing Your Data

We only share your personal data when necessary, with:

  • Service providers acting on our behalf (data processors)
  • Tools for analytics, communication, and marketing
  • Public authorities when legally obligated


Examples of processors include:

  • Google Analytics (analytics, USA)
  • Cookiebot (consent management, EU)
  • Odoo

Where data is transferred outside the EEA, we ensure adequate safeguards such as EU Standard Contractual Clauses (SCCs) or adequacy decisions are in place.

International Transfers

Some of our service providers are located outside the European Economic Area (EEA), such as in the USA. When personal data is transferred internationally, we:

  • Use Standard Contractual Clauses (SCCs) or IDTAs (UK)
  • Limit transfers to jurisdictions with adequate protection levels
  • Monitor compliance and enforce appropriate data safeguards

How We Protect Your Data

We implement technical and organizational measures to protect your personal data, including:

  • HTTPS encryption
  • Role-based access controls
  • Firewalls and monitoring tools
  • Secure backups and deletion processes

In the event of a data breach that may impact your rights or freedoms, we will inform you and notify the relevant authority, in line with legal obligations.

Your Rights Under GDPR

You have the following rights:

  • Access your personal data
  • Request rectification or deletion
  • Restrict or object to processing
  • Data portability (receive data in a structured, machine-readable format)
  • Withdraw consent at any time (without affecting prior processing)
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, contact us at: office@entropya.com

Automated Decision-Making & Profiling

Entropya AG does not engage in any automated decision-making or profiling that produces legal or similarly significant effects.

Data Retention

​We only retain personal data for as long as necessary to fulfill the purposes outlined in this policy or as required by law. See the table in section 3 for more specific durations.

Updates to This Policy

We may revise this Privacy Policy to reflect legal, technical, or operational changes. The updated version will be posted on this page with a new effective date.

Version Number: 2025_1

Contact

If you have any questions or concerns about how we process your data:

Entropya AG, Weingartenstrasse 9, 8803 Rüschlikon, Switzerland

office@entropya.com