Burmossy Design & Architecture

The data controller responsible for the processing of your personal data is:
Burmossy Design & Architecture GmbH

Riedweg 38
3705 Faulensee
Switzerland

Email: info@burmossy.com
Website: www.burmossy.com

We adhere to the following principles when processing personal data:

Lawfulness, Fairness, and Transparency:
We process personal data lawfully, fairly, and in a transparent manner.

Purpose Limitation:
We collect personal data for specified, explicit, and legitimate purposes and do not further process it in a manner that is incompatible with those purposes.

Data Minimisation:
We only collect personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

Accuracy:
We take all reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.

Storage Limitation:
We retain personal data for no longer than is necessary for the purposes for which it is processed.

Integrity and Confidentiality:
We implement appropriate technical and organizational measures to ensure the security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

We may collect and process various types of personal data depending on your interaction with us:

When you contact us (e.g., via email, phone, contact form):

Data collected: Name, surname, company/institution, address, email address, telephone number, and any other information you voluntarily provide in your communication.

Purpose of processing: To respond to your inquiries, provide information about our services, and establish or maintain a business relationship. This processing is based on your consent or our legitimate interest in communicating with potential and existing clients.


When you engage us for architectural services:

Data collected: Name, surname, address, contact details (email, phone), payment information, project-related data (e.g., property details, specific requirements, plans, financial information relevant to the project), and any other personal data necessary for the fulfillment of the contract.

Purpose of processing: To fulfill our contractual obligations, provide architectural design and consultation services, manage projects, issue invoices, and comply with legal requirements related to our services. This processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract, and/or for compliance with legal obligations.


When you visit our website (www.burmossy.com):

Data collected (automatically via server log files): Anonymized IP address, date and time of access, name and URL of the accessed file, website from which access was made (referrer URL), operating system of your computer, and browser used.

Purpose of processing: To ensure the functionality and security of our website, analyze website usage, and improve our online presence. This processing is based on our legitimate interest in maintaining a functional and secure website.

Cookies: Our website may use cookies to enhance user experience. Cookies are small text files stored on your device. You can configure your browser to reject cookies, but this may affect the functionality of our website. Specific details about the types of cookies used will be provided in a separate Cookie Policy if applicable.


Other potential data collection:

We may process personal data for marketing purposes (e.g., sending newsletters about our services) only if you have explicitly consented to receive such communications. You can withdraw your consent at any time.

In some cases, we may collect publicly available information or data provided by third parties (e.g., business partners) if relevant to our legitimate business interests and permissible by law.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations (e.g., statutory retention periods for business records, which can be up to 10 years), or protect our legitimate interests (e.g., for documentation, liability, warranty, or guarantee purposes). Once the data is no longer required, it will be securely deleted or anonymized.

We may disclose your personal data to third parties in the following circumstances:

Service Providers:
We may engage third-party service providers (e.g., IT service providers, hosting providers, accounting firms) who process personal data on our behalf and strictly according to our instructions. These providers are contractually obligated to maintain confidentiality and data security.

Business Partners:
In the context of specific projects, we may share necessary personal data with other involved parties (e.g., contractors, engineers, consultants) to facilitate project execution.

Legal Obligations:
We may disclose personal data if required by law, regulation, or a court order, or to protect our rights, property, or safety.

Consent:
With your explicit consent, we may disclose your personal data to other third parties.

We generally process personal data in Switzerland and the European Economic Area (EEA). However, in some cases, your personal data may be transferred to countries outside Switzerland or the EEA, particularly if our service providers are located there. In such cases, we ensure that appropriate safeguards are in place to protect your data, such as standard contractual clauses approved by the European Commission or the Federal Data Protection and Information Commissioner (FDPIC), or by relying on adequacy decisions by the European Commission or the FDPIC for certain countries. Upon request, we will provide you with information about these safeguards.

We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, but are not limited to, encryption, access controls, regular security audits, and staff training. While we strive to protect your personal data, we cannot guarantee absolute security, especially when data is transmitted over open networks like the internet.

Under Swiss and, where applicable, European data protection law, you have the following rights regarding your personal data:

Right of Access:
You have the right to request free information about whether we are processing personal data relating to you and, if so, what data we are processing, the purpose of processing, and how long it will be stored.

Right of Rectification:
You have the right to request the correction of inaccurate or incomplete personal data.

Right to Erasure (Right to be Forgotten):
You have the right to request the deletion of your personal data under certain circumstances, for example, if the data is no longer necessary for the purposes for which it was collected. Please note that legal retention periods may prevent immediate deletion in some cases.

Right to Restriction of Processing:
You have the right to request the restriction of processing of your personal data under certain conditions.

Right to Data Portability:
You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object:
You have the right to object to the processing of your personal data, particularly if the processing is based on our legitimate interests or for direct marketing purposes.

Right to Withdraw Consent:
Where processing is based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint:
You have the right to lodge a complaint with a competent data protection supervisory authority, in Switzerland, the Federal Data Protection and Information Commissioner (FDPIC) (www.edoeb.admin.ch).

To exercise any of these rights, please contact us using the contact details provided in Section 1. We may require proof of your identity to process your request. We will respond to your request within the statutory timeframe, generally within 30 days.

We reserve the right to update this Privacy Policy at any time to reflect changes in our data processing practices or legal requirements. The updated version will be published on our website with the revised "Last Updated" date. We encourage you to review this Privacy Policy periodically.

This Privacy Policy is governed by Swiss law, in particular the Federal Act on Data Protection (FADP). Any disputes arising from or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts at the registered seat of Burmossy Design & Architecture GmbH, unless otherwise required by mandatory law.