GDPR Compliance

Last Updated: December 6, 2025

1. Our Commitment to Data Protection

Kashif Najeeb (operating as Infomatrix) is fully committed to compliance with the General Data Protection Regulation (EU-GDPR) and the Swiss Federal Act on Data Protection (nFADP). We have integrated data privacy principles into our technical infrastructure, business processes, and culture to ensure the safety and sovereignty of your data.

This statement outlines the technical and organizational measures (TOMs) we have implemented to ensure compliance.

2. Data Sovereignty & Hosting (United Kingdom)

We have made strategic choices regarding where your data lives to ensure legal safety.

Hosting Location: Our primary infrastructure and databases are hosted in the United Kingdom by IONOS.de.
Legal Adequacy: The UK is recognized by both the European Commission and the Swiss Federal Data Protection and Information Commissioner (FDPIC) as having an "adequate" level of data protection (Adequacy Decision).
No Unlawful Transfers: Data stored on our UK servers is not transferred to jurisdictions with weak privacy laws without strict legal safeguards (such as Standard Contractual Clauses).

3. Security Measures (Technical & Organizational)

We utilize state-of-the-art security protocols to protect data against unauthorized access, loss, or manipulation.

3.1. Encryption

Data in Transit: All traffic between your browser and our servers is encrypted using TLS 1.2/1.3 (HTTPS) with strong cipher suites.
Data at Rest: Sensitive data stored in our databases is encrypted to prevent unauthorized readability in the event of a physical breach.

3.2. Access Control

Principle of Least Privilege: Internal access to personal data is restricted to employees who strictly need it to perform their job duties.
Hosting Provider: Compliant (IONOS SE, Data Center UK).
Analytics & Tools: We configure all external tools (e.g., analytics) to operate in "Privacy Mode" (e.g., IP Anonymization enabled) to minimize data collection.

4. Data Minimization & Retention

We adhere to the principle of storage limitation:

We do not retain personal data longer than necessary for the purpose it was collected.
Log files (containing IP addresses) on our UK servers are automatically rotated and deleted after a fixed period (typically 14-30 days), unless required for security investigations.

5. Incident Response & Breach Notification

In the unlikely event of a data breach, Infomatrix has a dedicated incident response plan:

Detection & Containment: Immediate isolation of affected systems.
Assessment: Determining the risk to rights and freedoms of individuals.
Notification: We will notify the relevant supervisory authority and affected individuals within 72 hours if a significant risk is identified, as required by Article 33 GDPR.

6. Compliance Contact

We have appointed a dedicated contact for privacy-related inquiries. If you have questions about our compliance roadmap or wish to audit our processing activities, please contact:

Data Protection Inquiry Email: [email protected] Address: Georg Rennerstrasse 61, 9500 Wil SG, Switzerland

1. Our Commitment to Data Protection
2. Data Sovereignty & Hosting (United Kingdom)
3. Security Measures (Technical & Organizational)
3.1. Encryption
3.2. Access Control
4. Data Minimization & Retention
5. Incident Response & Breach Notification
6. Compliance Contact

1. Our Commitment to Data Protection

This statement outlines the technical and organizational measures (TOMs) we have implemented to ensure compliance.

2. Data Sovereignty & Hosting (United Kingdom)

We have made strategic choices regarding where your data lives to ensure legal safety.

Hosting Location: Our primary infrastructure and databases are hosted in the United Kingdom by IONOS.de.

Legal Adequacy: The UK is recognized by both the European Commission and the Swiss Federal Data Protection and Information Commissioner (FDPIC) as having an "adequate" level of data protection (Adequacy Decision).

No Unlawful Transfers: Data stored on our UK servers is not transferred to jurisdictions with weak privacy laws without strict legal safeguards (such as Standard Contractual Clauses).

3. Security Measures (Technical & Organizational)

We utilize state-of-the-art security protocols to protect data against unauthorized access, loss, or manipulation.

3.1. Encryption

Data in Transit: All traffic between your browser and our servers is encrypted using TLS 1.2/1.3 (HTTPS) with strong cipher suites.

Data at Rest: Sensitive data stored in our databases is encrypted to prevent unauthorized readability in the event of a physical breach.

3.2. Access Control

Principle of Least Privilege: Internal access to personal data is restricted to employees who strictly need it to perform their job duties.

Hosting Provider: Compliant (IONOS SE, Data Center UK).

Analytics & Tools: We configure all external tools (e.g., analytics) to operate in "Privacy Mode" (e.g., IP Anonymization enabled) to minimize data collection.

4. Data Minimization & Retention

We adhere to the principle of storage limitation:

We do not retain personal data longer than necessary for the purpose it was collected.

Log files (containing IP addresses) on our UK servers are automatically rotated and deleted after a fixed period (typically 14-30 days), unless required for security investigations.

5. Incident Response & Breach Notification

In the unlikely event of a data breach, Infomatrix has a dedicated incident response plan:

Detection & Containment: Immediate isolation of affected systems.

Assessment: Determining the risk to rights and freedoms of individuals.

Notification: We will notify the relevant supervisory authority and affected individuals within 72 hours if a significant risk is identified, as required by Article 33 GDPR.

GDPR Compliance

1. Our Commitment to Data Protection

2. Data Sovereignty & Hosting (United Kingdom)

3. Security Measures (Technical & Organizational)

3.1. Encryption

3.2. Access Control

4. Data Minimization & Retention

5. Incident Response & Breach Notification

6. Compliance Contact

Table of Contents

GDPR Compliance

1. Our Commitment to Data Protection

2. Data Sovereignty & Hosting (United Kingdom)

3. Security Measures (Technical & Organizational)

3.1. Encryption

3.2. Access Control

4. Data Minimization & Retention

5. Incident Response & Breach Notification

6. Compliance Contact

Table of Contents