Privacy Policy

(in accordance with the Swiss Federal Act on Data Protection - nFADP and DPO)

1. Data Controller

The data controller responsible for processing personal data is:
A68 Group Sagl
Via S. Franscini 16
6900 Lugano
Switzerland
Email: info@a68group.com

2. Introduction

This Privacy Policy explains how A68 Group Sagl collects and processes personal data in the context of its business activities in yacht painting, maintenance and refit services, in compliance with the Swiss Federal Act on Data Protection (nFADP) and the Data Protection Ordinance (DPO) effective September 1, 2023.

3. Categories of Personal Data

We may process the following categories of personal data:

  • Client and contact data: name, company name, address, email, phone number
  • Project-related data: vessel details (e.g., yacht name, specifications), service history, technical documentation
  • Contractual and billing data: invoices, payment details, accounting records
  • Communication data: emails, correspondence, service requests
  • Website data (if applicable): IP address, cookies, usage data

We generally do not process sensitive personal data unless required and permitted by law.

4. Purpose of Processing

Personal data is processed for the following purposes:

  • Providing yacht painting, repair, and refit services
  • Preparing quotations and managing contracts
  • Project planning, execution, and technical documentation
  • Customer communication and support
  • Invoicing and financial administration
  • Compliance with legal obligations
  • Ensuring IT security and operational integrity
  • Marketing communications (only where permitted or with consent)

5. Legal Ground

Processing is based on:

  • Performance of a contract or pre-contractual measures
  • Compliance with legal obligations
  • Legitimate interests (e.g., business operations, security, client management)
  • Consent (where required, especially for marketing or optional services)

6. Data Processing Principles

We process personal data in accordance with the principles of:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation

7. Data Processing and Security

Personal data is processed using appropriate technical and organizational measures to ensure protection against:

  • Unauthorized access
  • Loss or destruction
  • Misuse or alteration

We apply Privacy by Design and by Default, particularly in handling client project data and technical documentation.

8. Data Sharing

Personal data may be shared with:

  • Employees and internal staff involved in project execution
  • External service providers (e.g., shipyards, subcontractors, logistics providers, IT providers)
  • Professional advisors (e.g., accountants, legal advisors)
  • Authorities, where required by law

All third parties are contractually bound to confidentiality and data protection obligations.

9. International Data Transfers

Given the international nature of the yachting industry, personal data may be transferred outside Switzerland.

Such transfers occur only:

  • To countries with adequate data protection levels, or
  • Under appropriate safeguards (e.g., standard contractual clauses)

10. Data Retention

We retain personal data only as long as necessary:

  • Contract and financial data: up to 10 years (legal requirement)
  • Project documentation: as required for operational or legal purposes
  • Communication data: as long as relevant to the business relationship

11. Rights of Data Subjects

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of data (where legally permissible)
  • Restrict processing
  • Object to processing
  • Receive your data in a portable format
  • Withdraw consent at any time

12. Data Breach Notification

In case of a data breach that may result in a high risk to individuals, we will:

  • Notify the competent Swiss supervisory authority
  • Inform affected individuals where required

13. Profiling and Automated Decisions

We do not carry out high-risk profiling or automated decision-making that produces legal effects on individuals.

14. Updates to this Policy

This Privacy Policy may be updated periodically. The latest version will always be available upon request or via our website.

15. Contact

For any privacy-related inquiries or to exercise your rights:
Email: info@a68group.com