Last updated: April 2026
This privacy policy explains how we process personal data in connection with our activities as an IT services provider as well as our website at the domain astina.ch. We provide information on the nature and purpose of the processing, on the recipients of the data and on the rights of the data subjects.
We are subject to Swiss law, in particular the revised Swiss Federal Act on Data Protection (revFADP) and the corresponding Ordinance on Data Protection (DPO). Where the General Data Protection Regulation of the European Union (GDPR) applies in individual cases, we comply with its provisions as well.
The controller responsible for the processing of personal data within the meaning of data protection law is:
Astina AG
Hardturmstrasse 105
8005 Zurich
Switzerland
Phone: +41 44 271 16 10
E-mail: contact@astina.ch
For data protection matters and to exercise data subject rights, you may contact us at the address above.
To the extent that the GDPR exceptionally applies to individual processing activities, we take the view that none of the conditions of Art. 3 para. 2 GDPR are met that would require the appointment of a representative in the European Economic Area pursuant to Art. 27 GDPR. Requests from the European Economic Area can be addressed directly to us.
Personal data means any information relating to an identified or identifiable natural person.
Sensitive personal data includes in particular data on religious, philosophical, political or trade-union views or activities, data on health, on the intimate sphere or on belonging to an ethnicity or race, genetic data, biometric data uniquely identifying a natural person, data on administrative or criminal proceedings or sanctions, and data on social assistance measures.
Processing means any handling of personal data, in particular the collection, storage, retention, use, modification, disclosure, archiving, deletion or destruction of personal data.
When you access our website, technical data which your browser transmits automatically is captured on our hoster's servers. This includes in particular:
This data is used to provide a stable and secure website, in particular to detect and prevent attacks and to analyse errors. The data is not combined with other data sources. Server logs are deleted or anonymised after no more than 90 days.
Our website does not currently use any web analytics, tracking or marketing tools. We do not measure reach or user behaviour.
If you contact us by e-mail (e.g. at contact@astina.ch or directly to a personal address of one of our staff members) or by telephone, we process the information you provide (name, contact details, content of your enquiry and any further information you submit). We use this data to handle your enquiry and for the subsequent correspondence.
E-mail correspondence is retained as part of the ordinary business correspondence. It is deleted as soon as it is no longer required for the original purpose, provided that no statutory retention obligations apply – in particular the ten-year retention obligation for business-relevant records under the Swiss Code of Obligations and the VAT Act.
If you apply for a position with us (typically by e-mail to jobs@astina.ch), we process the personal data contained in your application for the purpose of assessing your suitability for the advertised or another open position and conducting the application procedure. This includes master data, CV, certificates, references and any further information you choose to provide.
Application documents are retained for up to six months after completion of the application procedure and are then deleted or destroyed. We retain documents for a longer period only with your express consent, for example for inclusion in a talent pool.
In the course of our business activities, we process personal data of contact persons of our customers, suppliers and business partners, in particular master data, function, contact details, correspondence and contract data. We receive this data either directly from the data subjects or from their employers and process it for the initiation and performance of contracts, the ordinary conduct of business and the maintenance of existing relationships.
We process personal data for the following purposes:
Where the GDPR applies, we base the processing of personal data on the following legal grounds: performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR), compliance with a legal obligation (Art. 6(1)(c) GDPR), legitimate interests (Art. 6(1)(f) GDPR – in particular the secure and reliable operation of the website, direct communication with business partners and the assertion of legal claims) and your consent (Art. 6(1)(a) GDPR), where consent is obtained.
Under Swiss law, we base the processing on the revFADP, in particular Art. 6 (principles) and Art. 31 (justifications).
We disclose personal data to third parties, have it processed by third parties or process it jointly with third parties only where this is necessary for the purposes set out above, where there is a statutory obligation to do so or where you have consented. Recipients are in particular specialised IT and cloud service providers whose services we use to perform our activities, as well as fiduciaries, lawyers, the audit body and authorities within the framework of legal obligations.
Where we have personal data processed by external service providers, we conclude data processing agreements with them and ensure contractually that the requirements of data protection law are observed.
In particular, we use the following services to the extent that personal data of external persons is processed:
Where these services process personal data of contact persons of our business partners or of applicants, this is done on the basis of corresponding data processing agreements. In addition, we use further professional services (fiduciary, audit body, lawyers, banking and payment service providers) for which we rely on the applicable professional confidentiality and statutory provisions.
We process personal data primarily in Switzerland and in the European Economic Area (EEA). Where personal data is transferred to countries outside Switzerland and the EEA – in particular where the service providers listed in section 5.1 rely on infrastructure in the United States – such transfers take place only if an adequate level of data protection is ensured. Depending on the constellation, we rely on an adequacy decision of the Swiss Federal Council or the European Commission, on standard contractual clauses supplemented by appropriate safeguards, or on your express consent.
On request, we will provide information about the applicable safeguards and supply a copy.
Our website does not currently use any tracking or marketing cookies. Strictly necessary session cookies may be used that are required for the proper operation of the website and are deleted when you close your browser. These cookies do not contain any personally identifiable data and are not analysed for analytical purposes.
If we introduce cookies or similar technologies in the future that are not strictly necessary, we will obtain your consent where required and update this privacy policy accordingly.
Our website contains links to external offerings, in particular to Google Maps showing our location and to the certifications "Swiss Made Software" and "Swiss Digital Services". When you click on such a link, you leave our website. We have no influence over the content or the data processing of the linked providers; their respective privacy policies apply.
We also maintain profiles on the following platforms in order to provide information about our activities and to engage with interested persons:
When you interact with our profiles, the respective platforms process your personal data under their own responsibility and in accordance with their privacy policies. We have no influence over the nature, scope and purpose of such processing. Where we are jointly responsible with a platform for processing, for example for page insights, we comply with the corresponding contractual and statutory requirements.
We do not take individual decisions based solely on automated processing within the meaning of Art. 21 revFADP or Art. 22 GDPR that produce legal effects concerning data subjects or significantly affect them in similar ways.
In the course of our activities we may use artificial intelligence tools, for example to support the drafting of texts, the development of code or the analysis of business data. Personal data is processed in this context only to the extent necessary and in accordance with this privacy policy. Decisions affecting data subjects are always reviewed by a member of our staff.
We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or alteration. These measures include in particular access restrictions with individual user accounts and two-factor authentication, encrypted transmission via TLS/HTTPS, security updates for the systems we use and a documented authorisation concept.
Despite all due care, we cannot guarantee absolute data security. Like any digital communication, our communications and the public internet as such are subject to the risk of unauthorised access or manipulation, for example by state security authorities in Switzerland, abroad or in the United States. We have no direct influence over such processing by third parties.
We process personal data for as long as is necessary for the respective purposes or as required by statutory retention obligations. In particular, the ten-year retention obligation for business records and supporting documents under Art. 958f of the Swiss Code of Obligations and the Swiss VAT Act applies. After that, data is deleted or anonymised, unless overriding legitimate interests or statutory provisions prevent deletion.
Within the framework of applicable data protection law, you have in particular the following rights:
To exercise these rights, please contact us using the contact details set out in section 1. We may require suitable proof of identity. Within the limits permitted by law, we may defer, restrict or refuse the exercise of these rights, in particular by reference to statutory retention obligations, confidentiality obligations or overriding interests.
You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern.
We may amend this privacy policy at any time, in particular where the underlying processing changes or new legal requirements apply. The version published on astina.ch from time to time is authoritative.