This Privacy Policy explains how FORLOG AG (hereinafter "We" or "Us") collects, uses, and discloses personal data when you visit our website www.forlog.ch.
We take the protection of your personal data seriously. This policy is based on the requirements of the Swiss Federal Act on Data Protection (nFADP) and, where applicable, the EU General Data Protection Regulation (GDPR).
1. Controller and Contact Information
The responsible party (Controller) for data processing described in this Privacy Policy is:
FORLOG AG
Gewerbestrasse 12, 8132 Egg bei Zürich, Switzerland
2. General Data Processing Principles
We process personal data only for the purposes stated in this policy, to the extent necessary, and in accordance with applicable legal provisions.
Legal Basis (Art. 31 nFADP): We process your data based on your explicit, informed consent (via the cookie banner) for non-essential tracking technologies like Google Analytics. You may revoke this consent at any time.
3. Data Processing for Website Analytics (Google Analytics 4)
We use Google Analytics 4 (GA4) to understand how our visitors interact with our website, enabling us to measure, analyze, and optimize the performance of our online offering.
3.1. Collected Data Categories
When you provide consent, GA4 processes the following information:
| Data Category | Specific Data Points | Purpose |
|---|---|---|
| Usage Data | Pages visited, time spent on pages, click paths, session duration. | Measuring website performance and user engagement. |
| Technical Data | Browser type, operating system, device type (desktop, mobile), screen resolution. | Optimizing the website for technical compatibility. |
| Coarse Geo-Location | Country, City (derived from IP address, which is immediately discarded). | Providing regional statistics. No precise location data is collected. |
3.2. Google Analytics 4 Privacy Settings
To maximize your privacy, we have implemented the following configurations:
- IP Anonymization: IP addresses are truncated and anonymized immediately upon collection within the EU before being stored, ensuring that the full IP address is never logged by Google.
- No Google Signals: We have disabled Google Signals, meaning data from users signed into Google accounts is not collected or linked for cross-device analysis or personalized advertising.
- No Granular Data: The collection of granular location and device data is disabled.
- Purpose: We use GA4 exclusively for measurement and analytics. The data is not used for advertising or personalization purposes.
3.3. Cookies and Tracking
GA4 uses cookies (small text files stored in your browser) and other identifiers (like Client IDs) to recognize your browser and device, enabling the tracking of your activity across different pages and sessions.
Storage Duration: The main GA4 cookies (e.g., _ga) typically have a lifespan of up to 13 months, but our configuration limits the data retention period for user-level data to a maximum of 14 months (Google's maximum setting).
4. Cross-Border Data Transfer (Switzerland to the US)
Personal data collected via Google Analytics is transferred to Google LLC, based in the United States. The United States is currently not deemed a country with an adequate level of data protection by the Swiss Federal Council.
4.1. Safeguards for Transfer
The transfer of data to the US is secured through appropriate safeguards:
- Swiss-U.S. Data Privacy Framework (DPF): Google LLC is certified under the DPF, which serves as a recognized mechanism for data transfer.
- Standard Contractual Clauses (SCCs): We have entered into a Data Processing Agreement with Google, incorporating the necessary Standard Contractual Clauses (and their Swiss adaptations) to ensure adequate data protection.
4.2. Inherent Risk Disclosure
Despite these contractual safeguards, we must inform you that US-based providers (like Google) are subject to US surveillance laws (e.g., the Cloud Act), which permit US authorities to access personal data under certain conditions, even if located outside the US.
5. Your Rights as a Data Subject (nFADP)
Under the Swiss nFADP, you have the following rights regarding your personal data. To exercise any of these rights, please contact us using the email address provided in Section 1.
| Your Right | Description |
|---|---|
| Right of Access | You have the right to request access to the personal data we process about you. |
| Right to Rectification | You have the right to request the correction of inaccurate or incomplete personal data. |
| Right to Deletion (Right to be Forgotten) | You have the right to request the erasure of your personal data, subject to certain exceptions (e.g., legal retention obligations). |
| Right to Data Portability | You have the right to receive your personal data in a standard, commonly used, and machine-readable format. |
| Right to Revoke Consent | You can revoke your consent to the processing of your data at any time, effective immediately for future processing. |
| Right to Object | You have the right to object to processing that is based on legitimate interest or for direct marketing purposes (though we do not use your data for direct marketing). |
5.1. How to Opt-Out of Google Analytics
You can prevent the storage of cookies by setting your browser software accordingly. Furthermore, you can opt-out of Google Analytics collection entirely by installing the Google Analytics Opt-out Browser Add-on.
6. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new policy on this page with a revised effective date.