Stratum IT GmbH
Kramgasse 5
6004 Lucerne
Switzerland
This Privacy Policy informs you about the type, scope, and purposes of processing personal data (hereinafter “data”) within our online offering and the websites, functions, and content associated with it. It applies in particular to visitors from Switzerland (FADP) as well as the EU/EEA (GDPR).
“Personal data” means any information relating to an identified or identifiable natural person. “Processing” means any operation performed on personal data (e.g., collection, storage, analysis), with or without automated means.
• Switzerland: Processing is carried out under the Swiss Federal Act on Data Protection (FADP) and the Ordinance to the FADP (OFADP).
• EU/EEA: Processing is based on Art. 6 GDPR, in particular
• Art. 6(1)(a) GDPR (consent), e.g., for analytics/marketing cookies,
• Art. 6(1)(f) GDPR (legitimate interests), e.g., for secure, stable website operation (server logs, strictly necessary cookies).
Where we ask for your consent (e.g., via a consent management tool), the respective services are only used after you give consent. You can withdraw consent at any time with effect for the future (see “Cookies & Consent Management”).
We host our website with [name of hosting provider, country]. When you access the site, the server automatically processes log data (IP address, date/time, requested URL, referrer URL, user agent, HTTP status code).
Purpose: Ensure secure and stable operation and error analysis.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR and/or FADP).
Retention: Log data is regularly deleted after a short period unless longer storage is required for evidence.
We use cookies and similar technologies. Technically necessary cookies are required for website operation. For analytics/marketing cookies, we obtain your consent.
You can change your decision at any time via our consent management tool [name of CMP]: [Link “Cookie settings” / “Withdraw consent”].
We engage carefully selected service providers as processors (e.g., hosting, web analytics). We have concluded data processing agreements with them that provide appropriate technical and organizational measures to protect your data. Categories of recipients: IT service providers, analytics providers, hosting providers.
Where service providers process data in countries outside Switzerland/EU/EEA (e.g., the USA), we ensure an adequate level of data protection (e.g., adequacy decisions, standard contractual clauses plus additional safeguards). Details are provided in the service sections below and in the providers’ privacy notices.
Provider: Google Ireland Limited (Google Building Gordon House, Barrow Street, Dublin 4, Ireland).
Purpose: Reach measurement, analysis of user behavior, optimization of our online offering.
Categories of data: Usage data (e.g., pages viewed, click paths, time on page), device/browser data, approximate location data; possibly pseudonymous user IDs.
IP anonymization: We use IP anonymization/masking.
Legal basis: Consent (Art. 6(1)(a) GDPR).
Retention: We have limited the retention of user-level data to the minimum necessary (e.g., 14 months); aggregated reports may be retained longer.
Transfers: Processing may also occur in third countries (see Sec. 8).
Opt-out/Withdrawal: You can withdraw your consent at any time via our cookie settings. Additionally, you may
– use the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout
– adjust your Google Ads Settings: https://adssettings.google.com
More information: Google Privacy Policy: https://policies.google.com/privacy , Data processing on partner sites: https://policies.google.com/technologies/partner-sites
Provider: Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta.
Purpose: Improve user experience by evaluating heatmaps, click/scroll behavior, (anonymized) session replays, and feedback surveys.
Categories of data: Usage and device information (screen size, device type, browser information, preferred language), interactions (clicks, scrolls), and any feedback responses. Hotjar uses pseudonymization; full IP addresses are not stored.
Safeguards: We configured Hotjar so that personal content (e.g., text entries in form fields) is not recorded.
Legal basis: Consent (Art. 6(1)(a) GDPR).
Retention: Data is retained only as long as necessary for the stated analysis purposes; we have limited retention to the minimum required.
Transfers: Processing may also occur outside Switzerland/EU/EEA; appropriate safeguards apply (see Sec. 8).
Opt-out/Withdrawal: You can withdraw your consent at any time via our cookie settings. Additionally, you can disable Hotjar for your browser: https://www.hotjar.com/legal/compliance/opt-out/
More information: Hotjar Privacy Policy: https://www.hotjar.com/legal/policies/privacy/ , GDPR information: https://www.hotjar.com/legal/compliance/gdpr-commitment/
When you contact us (e.g., via email or contact form), we process the information you provide in order to handle your request.
Legal basis: Pre-contractual/contract performance (Art. 6(1)(b) GDPR) or legitimate interests (Art. 6(1)(f) GDPR); in Switzerland under the FADP.
We implement technical and organizational measures to protect your data against loss, destruction, unauthorized access, alteration, or disclosure. Transmission generally takes place using encryption (TLS/SSL).
Providing personal data is generally not mandatory to use the website; for certain functions it may be required. Automated decision-making within the meaning of Art. 22 GDPR does not take place.
Depending on applicable law, you have in particular the following rights:
• Right of access to the data we hold about you,
• Right to rectification of inaccurate or completion of incomplete data,
• Right to erasure (“right to be forgotten”),
• Right to restriction of processing,
• Right to data portability,
• Right to object to processing based on legitimate interests,
• Right to withdraw consent at any time with effect for the future,
• Right to lodge a complaint with a supervisory authority (Switzerland: Federal Data Protection and Information Commissioner – FDPIC; EU/EEA: the competent data protection authority of your place of residence).
You can exercise your rights at any time using the contact details given above.
We update this Privacy Policy when our data processing activities or the legal framework changes. Please check back regularly for updates.
Last updated: 15 September 2025