Privacy policy

Controller
Mitasu GmbH,  Mythenweg 26440 Brunnen, Switzerland (“Mitasu”, “we”, “us”) is the controller of the personal data processed through our Contact us form. Privacy contact:info@mitasu.ch (or write to the registered address above).

Scope
This notice applies only to personal data you submit via our website Contact us form. We do not collect personal data anywhere else on the Mitasu website. We do not use the contact form to run advertising, sell personal data, or build marketing profiles.

What we collect
When you contact us, we collect the information you choose to provide, typically: your name, email address, organisation, phone number (optional) and the contents of your message. Our systems may also record basic technical metadata required to operate securely (e.g., date/time of submission and server logs such as IP address).

Why we use your data (purpose)
We use contact form data to: respond to your enquiry; arrange a call or meeting; provide information you request; and maintain an appropriate record of business communications. We may also use limited technical data to protect the website and prevent misuse.

Legal basis / justification
Under Swiss data protection law, we process personal data in line with the principles of purpose limitation and proportionality, and where justified by our legitimate interest in responding to enquiries and managing business communications (including in direct connection with potential contractual discussions). Where GDPR may apply (e.g., if an EU/EEA resident contacts us about services), our primary legal bases are typically steps at your request prior to entering a contract and our legitimate interests in handling and documenting enquiries.

Recipients and processors
Your enquiry is accessed only by people who need it to respond (typically our team). We may use trusted service providers to run our website and communication, such as website hosting and business email. Where providers act on our behalf, we require appropriate contractual protections and limit access to what is necessary.

International transfers
Mitasu is based in Switzerland and may process enquiries there. If you contact us from the European Union/EEA, please note that Switzerland benefits from an EU adequacy decision, which allows personal data to flow from the EU/EEA to Switzerland without additional safeguards in principle. If we use service providers that process data outside Switzerland/EEA/UK, we implement appropriate safeguards (such as recognised contractual clauses and, where needed, supplementary technical measures).

Retention
We keep contact form enquiries for up to 12 months after the last correspondence to manage follow-ups and maintain an appropriate record of communications (configurable). We may retain information longer where necessary to establish, exercise or defend legal claims, or to meet a legal obligation.

Security
We apply appropriate technical and organisational measures designed to protect your data, such as encryption in transit, access controls, least-privilege permissions, and secure operational practices with service providers. No method of transmission or storage is completely secure, but we work to keep controls proportionate to risk.

Your rights
Under Swiss law, you can request information about whether we process your personal data and receive the key details of that processing; you can also request correction, deletion/destruction, restriction in certain circumstances, and object to processing where applicable. Swiss guidance indicates requests are generally handled within 30 days, subject to legal exceptions. If GDPR applies to your enquiry, you may also have rights including access, rectification, erasure, restriction, portability and objection, and the right to lodge a complaint with a supervisory authority.

How to exercise rights
Email info@mitasu.ch  with your request and sufficient detail to identify the enquiry. We may ask for reasonable proof of identity before responding.

Complaints
If you have concerns, we encourage you to contact us first. You may also lodge a complaint with the Swiss supervisory authority, the Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, CH‑3003 Berne.

Effective date
Effective from 5 April 2026.