Privacy Policy

1. Introduction

This Privacy Policy explains how FREMA (Tom Salembier, Geneva, Switzerland) collects, uses, and protects your personal data when you use this website and services. We are committed to protecting your privacy in accordance with Swiss federal law (nLPD, revised Federal Data Protection Act, effective September 1, 2023) and, where applicable, the European Union General Data Protection Regulation (GDPR).

2. Data Controller and Site Operator

3. Data We Collect

We collect the following types of personal data:

• Contact Form Data: Name, email address, company name (optional), subject, message content, and budget range (optional) when you submit the contact form
• Server Log Data: IP address, browser type, and request timestamps collected automatically by the hosting infrastructure (Vercel) for security and operational purposes
• Essential Cookies: No application-layer cookies are set. Vercel may set short-lived infrastructure cookies on preview deployments for routing purposes; these are strictly necessary and do not require consent (see Section 11)

No analytics provider is currently active on this site. If one is added in the future, this policy will be updated and a cookie consent banner will be enabled before any data collection begins.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our consulting services (nLPD Art. 6, GDPR Art. 6(1)(b))
• Consent: Where you have given explicit consent for specific processing activities (nLPD Art. 6, GDPR Art. 6(1)(a))
• Legitimate Interests: To respond to inquiries, operate website infrastructure, and conduct business development (nLPD Art. 6, GDPR Art. 6(1)(f))
• Legal Obligations: Compliance with Swiss legal requirements including accounting and tax obligations (nLPD Art. 6, GDPR Art. 6(1)(c))

5. How We Use Your Data

We use your personal data for the following purposes:

• Responding to inquiries and providing requested information about our services
• Negotiating, executing, and managing consulting contracts
• Delivering AI/ML consulting, computer vision, and software development services
• Processing payments and maintaining accounting records
• Operating and securing the website infrastructure
• Complying with legal and regulatory obligations
• Protecting our rights and preventing fraud

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with:

• Sub-Processors: Named infrastructure providers listed in Section 7, each bound by a data processing agreement
• Legal Authorities: When required by Swiss law, court order, or to protect our legal rights
• Business Transfers: In the event of a merger or sale of assets, with prior notification to affected parties

7. Sub-Processors and Service Providers

We use the following third-party service providers to operate this website. Each is bound by a data processing agreement. Transfers to the United States are governed by Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, the EU-US Data Privacy Framework.

No analytics provider is currently active on this site. If one is added, it will be disclosed in this section and a cookie consent banner will be enabled before any non-essential cookies are set.

8. International Data Transfers

Data processed by the sub-processors listed in Section 7 (Vercel and Resend) may be transferred to and stored in the United States. These transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, the EU-US Data Privacy Framework. For the purposes of the Swiss nLPD, these safeguards satisfy the adequate protection requirements of nLPD Art. 16 and the FDPIC adequacy framework.

9. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by Swiss law. Specifically:

• Contract and Professional Data: 10 years from contract completion (Swiss Code of Obligations Art. 958f, accounting requirements)
• Contact Form and Communication Data: Up to 3 years after last contact
• Server Log Data: Governed by Vercel's infrastructure retention policy (typically 30 days for access logs)

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These include HTTPS encryption in transit, secure credential management via environment variables, access controls, and Vercel infrastructure-level security. No method of internet transmission is 100% secure and we cannot guarantee absolute security.

11. Cookies and Tracking Technologies

This website sets no application-layer cookies. The current cookie posture is as follows:

• Essential cookies: None are set by the application. Vercel may set short-lived infrastructure cookies on preview deployments (not in production) for routing purposes. These are strictly necessary and require no consent under nLPD or ePrivacy rules.
• Analytics and marketing cookies: None currently. Any future introduction will be disclosed in Section 7 and gated behind an explicit opt-in consent banner that blocks the cookie until the visitor actively consents.

You may clear browser cookies at any time through your browser settings without affecting this site's core functionality.

12. Your Rights

Under Swiss nLPD (Art. 25-27) and GDPR (Art. 15-22), you have the following rights regarding your personal data:

• Right of Access (nLPD Art. 25 / GDPR Art. 15): Request a copy of the personal data we hold about you
• Right to Rectification (nLPD Art. 25 / GDPR Art. 16): Correct inaccurate or incomplete data
• Right to Erasure (nLPD Art. 25 / GDPR Art. 17): Request deletion of your data, subject to mandatory legal retention periods
• Right to Restriction (GDPR Art. 18): Limit how we process your data in certain circumstances
• Right to Data Portability (nLPD Art. 25 / GDPR Art. 20): Receive your data in a structured, commonly used, machine-readable format
• Right to Object (GDPR Art. 21): Object to processing based on our legitimate interests
• Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
• Right to Lodge a Complaint: File a complaint with the FDPIC (Switzerland) or your local EU/EEA supervisory authority (see Section 13)

To exercise any of these rights, contact us at: contact@fremaconsulting.ch. We will respond within 30 days; in complex cases we may extend this to 90 days with notification.

13. Complaints and Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority.

If you are located in the EU/EEA, you may also lodge a complaint with the data protection authority of your country of residence, place of work, or the place of the alleged infringement.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top indicates when the policy was last revised. Material changes will be communicated through our website.

15. Contact

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact: