§ 01 · PRIVACY
How we handle personal data.
This notice describes which personal data AlpineReach processes, for which purpose, and on which legal basis. It applies to the processing of data of candidates, clients, and website visitors.
As of: May 2026
§ 02 · CONTROLLER
Who is responsible.
Soodring 33, 8134 Adliswil ZH, Switzerland
Email: info@alpinerea.ch
Phone: +41 43 883 33 56
Contact for data protection matters: Viktor Vedder.
AlpineReach has not appointed a data protection officer. Such an appointment is not required under Swiss law for SMEs of our size, and the GDPR does not require one in our case.
§ 03 · APPLICABLE LAW
Swiss FADP and EU GDPR.
AlpineReach is primarily subject to the revised Swiss Federal Act on Data Protection (revFADP). Because we actively approach candidates in Germany and Austria and run mandates for clients in the EU/EEA, the EU General Data Protection Regulation (GDPR) also applies to the extent its territorial scope under Art. 3 GDPR is met.
This notice meets the requirements of both frameworks.
AlpineReach operates predominantly in Switzerland. Processing of data of persons in the EU/EEA takes place in the context of individual mandates and not regularly recurring in the sense of Art. 27(2)(a) GDPR. If this assessment changes, an EU representative will be appointed and listed here.
§ 04 · WHAT DATA WE PROCESS
Three categories of data subjects.
Candidate data
Name, contact details, professional history, qualifications, certifications, technical specialisation, compensation expectations, availability, CV, notes from screening conversations, references with explicit consent.
Client data
Name and contact details of the points of contact, position, mandate details, contractual documents, correspondence.
Visitor data
IP address, browser type, date and time of the visit, pages viewed, approximate location (country and region). This data is processed to deliver the website and to measure aggregated reach. No cookies are set, no personally identifiable profiles are built, and no data is stored to construct individual usage histories.
§ 05 · PURPOSE AND LEGAL BASIS
Why we process data.
Placement
Initiating and carrying out the placement of candidates with clients. Legal basis: contractual preparation and performance (Art. 6(1)(b) GDPR), legitimate interest in the conduct of business (Art. 6(1)(f) GDPR and Art. 31 revFADP).
Direct approach of candidates
Active market research and direct approach of potential candidates in publicly accessible professional networks, primarily LinkedIn. Legal basis: legitimate interest in market outreach as part of placement activities.
Client correspondence and mandate management
Legal basis: contractual performance and pre-contractual steps.
Compliance with legal obligations
Retention of business records under the Swiss Code of Obligations (Art. 957 CO), bookkeeping obligations, statutory reporting duties.
§ 06 · WHERE DATA IS PROCESSED
Processors and storage locations.
Email and office applications
Microsoft 365, operated by Microsoft Corporation. Data of tenants registered in Switzerland is stored within the EU Data Boundary, in data centres in the EU and EFTA (Switzerland, Ireland, Germany, and others). In narrowly defined cases, for example global security analysis and support, data may be transferred to Microsoft locations outside the EU. Microsoft is certified under the Swiss-US Data Privacy Framework and provides EU Standard Contractual Clauses for third-country transfers.
CRM and calendar
For managing candidate and mandate data, scheduling, and automated meeting notes from Microsoft Teams, we use Atlas, operated by Atlas Technologies. Atlas is the central storage location for personal data of candidates and clients and includes AI-supported features for processing, search, and reporting. A data processing agreement is in place. Atlas’s privacy practices are described at recruitwithatlas.com/privacy-policy .
Professional networks
For direct approach and market research, we use LinkedIn, operated by LinkedIn Ireland Unlimited Company. Profile data of potential candidates is viewed via LinkedIn’s standard and Recruiter features and stored in our CRM. LinkedIn’s privacy practices are available at linkedin.com/legal/privacy-policy .
AI-assisted research
For market research, industry analysis, and the drafting of general text we use AI tools from leading providers. Personal data of candidates and clients is not processed in these tools. Personal-data work happens exclusively in our CRM and in Microsoft 365.
Website hosting
Vercel Inc., USA. Content delivery via the global edge network, primarily from European locations for European visitors. Contractual basis: EU Standard Contractual Clauses.
Web analytics
Plausible Analytics, operated by Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia. Plausible processes only aggregated access data and does not set cookies. Individual visitors cannot technically be identified. All data is processed on servers within the European Union. Provider's privacy policy: plausible.io/data-policy.
Domain registration
GoDaddy.com LLC, USA. Domain data and technical configuration. Contractual basis: EU Standard Contractual Clauses.
Payroll and contracting
For contracting mandates we work with Numeriq AG, Switzerland. Numeriq handles payroll and contract administration for engaged freelancers. Candidate data is only transferred to Numeriq after the candidate has been expressly informed, and only to the extent required for contract administration.
§ 07 · DISCLOSURE TO THIRD PARTIES
Who receives data from us.
Candidate data is shared with clients only after the candidate has expressly consented, and is limited to what is necessary to assess suitability.
Data is shared with authorities only where legally required.
Data is not shared for advertising purposes. Data is not sold.
§ 08 · RETENTION
How long we keep data.
Candidate data is kept for as long as the person is actively in the placement process or has expressly agreed to ongoing contact about future mandates. On request, data is deleted at any time. Without active consent or mandate context, deletion takes place at the latest three years after the last contact.
Client data and contractual documents are retained for ten years under Art. 958f CO.
Website log files are deleted after 14 days.
§ 09 · YOUR RIGHTS
Access, correction, deletion.
You have the right:
- to access the data we hold about you
- to have inaccurate data corrected
- to have your data deleted, unless statutory retention obligations preclude this
- to restrict processing
- to object to processing based on legitimate interest
- to data portability, where technically feasible
- to withdraw consents previously given, with effect for the future
Please direct access and deletion requests to info@alpinerea.ch . We respond within 30 days.
You also have the right to lodge a complaint with the competent supervisory authority. In Switzerland this is the Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern. In the EU it is the data protection authority of your country of residence.
§ 10 · ANALYTICS AND TRACKING
Aggregated reach measurement, no advertising tracking.
To improve the website, we use Plausible Analytics. Plausible is a data-minimising analytics tool based in the European Union. It sets no cookies, processes no personal data and does not track individual visitors across pages or devices.
Only aggregated data is collected: pages visited, referrers, approximate location, browser and device type. Individual visitors cannot technically be identified. All data is processed on servers within the European Union.
A separate consent is not required under the Swiss FADP or EU GDPR.
We do not use tracking tools from Google, Meta or similar advertising networks. No advertising cookies are set, no profiles are built, and no data is transmitted to advertising networks.
Provider: Plausible Insights OÜ, Estonia. More at plausible.io/data-policy.
§ 11 · SECURITY
Technical and organisational measures.
We take technical and organisational measures to protect personal data against loss, misuse, and unauthorised access. These include transport encryption (TLS), access restrictions, multi-factor authentication for administrative access, and regular review of our service providers.
§ 12 · CHANGES
Updates to this notice.
This notice may be amended when the legal landscape or our practices change. The current version is always available at alpinereach-solutions.com/en/privacy.
As of: May 2026