Privacy Policy
Shootify Labs AG, a company registered under the laws of Switzerland, with registered address at Via Pedemonte 20, 6962 Viganello (Lugano), Switzerland ("Company"), collects personal data in accordance with applicable laws and regulations, in particular the Swiss Federal Act on Data Protection ("FADP") and the General Data Protection Regulation (EU/2016/679) ("GDPR"), collectively referred to as "Privacy Regulations".
Definitions
In accordance with the Privacy Regulations, the terms below have the following meanings:
- "Personal Data": Any information relating to an identified or identifiable natural person.
- "Processing": Any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure, or destruction.
- "Navigation Data": Information automatically acquired by the computer systems and software procedures used to operate this website during normal operation. This includes data whose transmission is implicit in the use of Internet communication protocols, such as IP addresses, URI/URL addresses, time of the request, request method, size of the response file, status of the server's response (successful, error, etc.), and other parameters related to the user's operating system and computing environment.
Data Controller
The data controller is Shootify Labs AG.
Types of Personal Data Collected, Purpose, Legal Basis, and Data Retention
We collect and manage personal data for the purposes and within the timeframes indicated below:
1. Technical Data
- Data Collected: IP address, browser characteristics (type, language, installed plug-ins, etc.), operating system information, device information.
- Method of Collection: Automatically during website and platform visits.
- Purpose: To allow users to visit and navigate our website and platform; to detect system requirements; to ensure the proper functioning of our services.
- Legal Basis: Legitimate interest in ensuring the security and functionality of our website and services.
- Data Retention Period: For the duration of the website or platform visit.
2. Identity Information
- Data Collected: Name, email address, company name, contact details.
- Method of Collection: Provided voluntarily by the user when registering for the platform or using contact forms.
- Purpose: To create and manage user accounts; to provide our services; for accounting and billing purposes.
- Legal Basis: Performance of a contract to which the data subject is a party.
- Data Retention Period: Until the user requests account deletion or as required by law for accounting purposes.
Special Categories of Personal Data
Our platform is not intended to collect or process special categories of personal data (e.g., data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning a person's sex life or sexual orientation). We request that users do not provide such information. If provided, it will be processed only with the user's explicit consent and in accordance with applicable laws.
Data Protection Officer
Due to our company size (fewer than 20 employees), we are not required to appoint a Data Protection Officer under Swiss FADP ยง 38. Privacy inquiries should be directed to: info@sartiq.com
Your Rights Under GDPR
As a data subject, you have the following rights under the GDPR. To exercise any of these rights, please contact us at info@sartiq.com. We will respond to your request within 30 days.
Right of Access (Article 15 GDPR)
You have the right to obtain confirmation as to whether or not we are processing your personal data and, where that is the case, to request access to the personal data. This includes the right to receive a copy of your personal data in a commonly used electronic format.
How to exercise: Send an email to info@sartiq.com with the subject "Data Access Request"
Response time: Within 30 days of receipt
Right to Rectification (Article 16 GDPR)
You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay. You also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
How to exercise: Send an email to info@sartiq.com specifying the data you wish to correct
Response time: Within 30 days of receipt
Right to Erasure / "Right to be Forgotten" (Article 17 GDPR)
You have the right to obtain the erasure of your personal data under certain circumstances, including when the personal data is no longer necessary for the purposes for which it was collected or when you withdraw your consent.
Exceptions: We may be required to retain certain data to comply with legal obligations, such as:
- Transaction and billing records (10 years under Swiss tax law)
- Data necessary for the establishment, exercise, or defense of legal claims
- Data required for compliance with regulatory obligations
How to exercise: Send an email to info@sartiq.com with the subject "Data Deletion Request"
Response time: Within 30 days of receipt
Right to Restriction of Processing (Article 18 GDPR)
You have the right to obtain restriction of processing of your personal data under certain circumstances, such as when you contest the accuracy of the data or when you have objected to processing and we are verifying whether our legitimate grounds override yours.
How to exercise: Send an email to info@sartiq.com specifying the reason for restriction
Response time: Within 30 days of receipt
Right to Data Portability (Article 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format (JSON or CSV) and have the right to transmit that data to another controller without hindrance, where technically feasible.
How to exercise: Send an email to info@sartiq.com with the subject "Data Portability Request" and specify your preferred format (JSON or CSV)
Response time: Within 30 days of receipt
Right to Object (Article 21 GDPR)
You have the right to object, on grounds relating to your particular situation, to processing of your personal data that is based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms.
How to exercise: Send an email to info@sartiq.com specifying the grounds for your objection
Response time: Within 30 days of receipt
Automated Decision-Making (Article 22 GDPR)
We do not make automated decisions with legal effects or similarly significant effects concerning you based solely on automated processing of your personal data.
International Data Transfers
All our infrastructure is located in the European Union. We do NOT transfer personal data outside the EU/EEA.
Our cloud infrastructure is provided by:
- Amazon Web Services (AWS) - EU regions only (Frankfurt)
- Google Cloud Platform (GCP) - EU regions only
Since all data processing occurs within the EU, no Standard Contractual Clauses or other international transfer mechanisms are required.
Recipients of Personal Data
We share personal data only with the following categories of recipients, all of whom are bound by Data Processing Agreements in accordance with Article 28 GDPR:
- Amazon Web Services (AWS) - Cloud hosting and infrastructure (EU regions only)
- Google Cloud Platform (GCP) - Cloud services and infrastructure (EU regions only)
We do NOT share personal data with any third parties for marketing purposes.
Data Retention Periods
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law:
- Account data: Until deletion is requested by the user or after 2 years of account inactivity
- Transaction and billing records: 10 years (as required by Swiss tax law)
- Support communications: 3 years from the date of the last communication
- Technical logs: 30 days from collection
After the retention period expires, personal data will be securely deleted or anonymized in accordance with our Data Protection and Disposal Policy.
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we are committed to:
- Notify the competent supervisory authority within 72 hours of becoming aware of the breach (in accordance with Article 33 GDPR)
- Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms (in accordance with Article 34 GDPR)
If you believe you have identified a security vulnerability or data breach, please report it immediately to: info@sartiq.com
Right to Lodge a Complaint
If you believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority:
For Switzerland:
Federal Data Protection and Information Commissioner (FDPIC)
Website: https://www.edoeb.admin.ch
For EU Residents:
You have the right to complain to your national data protection authority.
A list of EU data protection authorities can be found at: https://edpb.europa.eu/about-edpb/board/members_en
Cookies and Tracking Technologies
This website does NOT use cookies or tracking technologies. We collect only essential technical data necessary for website functionality (such as IP addresses for security purposes and basic device information for compatibility).
No consent banner is required as we do not process non-essential personal data or use cookies.
Contact Information
If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us:
Shootify Labs AG
Via Pedemonte 20
6962 Viganello (Lugano)
Switzerland
Email: info@sartiq.com
Effective Date
This Privacy Policy is effective as of 13 February 2026.