Privacy Policy

This policy explains how Mandara Systems processes personal data in connection with this website. The revised Swiss Federal Act on Data Protection (nFADP) applies. For visitors from the EU/EEA, the General Data Protection Regulation (GDPR) applies in addition.

2Principle: data minimisation

This website is built to be deliberately data-minimal. It sets no cookies, embeds no tracking or analytics services, loads no external fonts and uses no social-media plugins. We only process data that is technically necessary to operate and secure the site, or that you actively send us.

3Hosting & infrastructure

The website is self-hosted on our own infrastructure in Switzerland. Content and any enquiry data therefore remain under our direct control and are not outsourced to an external hosting provider.

4Content delivery & security (Cloudflare)

To deliver the site and protect it against attacks (e.g. overload/DDoS attacks), we use the service of Cloudflare, Inc. (101 Townsend St, San Francisco, USA) as a processor. In doing so, technical connection data – in particular the IP address, the requested content and browser/device details – is processed by Cloudflare. Cloudflare may process this data outside Switzerland or the EU, including in the USA. The transfer is based on appropriate safeguards (Standard Contractual Clauses or the EU–US Data Privacy Framework). More information: cloudflare.com/privacypolicy.

5Server log files

When the website is accessed, data your browser transmits and that is technically required to display the page and ensure operation is recorded automatically:

• IP address (truncated, or held in full only as long as necessary)
• date and time of access
• the page/file requested
• HTTP status code and volume of data transferred
• browser and operating system used (user agent)
• where applicable, the previously visited page (referrer)

Purpose: operation, stability, troubleshooting and security of the website. Legal basis: legitimate interest in secure, uninterrupted operation (Art. 31 nFADP; for the GDPR: Art. 6(1)(f)). Retention: log data is kept only as long as necessary for these purposes – usually a few days, at most 14 days – and is then deleted or anonymised.

6Contact by email

If you contact us by email ([email protected]), we process the information you provide (e.g. name, email address, content of your message) to answer your enquiry and, where relevant, to prepare a business relationship. Our email service runs self-hosted on our own infrastructure in Switzerland (Mailcow). Legal basis: performance of pre-contractual measures or legitimate interest in responding to enquiries (GDPR Art. 6(1)(b) and (f)). Retention: until your request has been dealt with, and beyond that only where statutory retention obligations require it.

7No disclosure, no sale

We do not sell personal data and do not pass it on for advertising purposes. Disclosure occurs only where necessary to provide the service (see Cloudflare above) or where we are legally required to do so.

8Your rights

Within the scope of applicable law, you have the right to:

• access to the personal data processed about you;
• rectification of inaccurate data;
• erasure ("right to be forgotten") and restriction of processing;
• object to processing and withdraw consent given;
• data release and portability.

An email to [email protected] is sufficient to exercise these rights. You also have the right to lodge a complaint with a supervisory authority – in Switzerland the Federal Data Protection and Information Commissioner (FDPIC, edoeb.admin.ch); in the EU/EEA, your competent data protection authority.

9Changes

We may amend this privacy policy if the processing or its legal basis changes. The version published here applies in each case.

Last updated: 24 June 2026