Logo

Privacy Policy

1. Data Controller and Contact Information

The controller responsible for the data processing described in this privacy policy is:

cadwork Informatik ci AG
Aeschenvorstadt 21
4055 Basel
Switzerland
Phone: +41 61 278 90 10
Email: [email protected]

Data Protection Officer:
Email: [email protected]


2. Scope of Application and Legal Basis

This privacy policy applies to the processing of personal data in connection with the use of our license management system at weblogin.cadwork.ch and related services. We process personal data in accordance with the European General Data Protection Regulation (GDPR), the Swiss Federal Data Protection Act (FDPA), the German Federal Data Protection Act (BDSG), French data protection laws, and other applicable data protection regulations.

Personal data means any information relating to an identified or identifiable natural person. Processing includes any operation performed on personal data, such as collection, recording, storage, use, disclosure, erasure, or destruction.


3. Categories of Personal Data Processed

We process the following categories of personal data:

  • Account Data: Dongle ID, encrypted passwords, recovery email addresses, two-factor authentication data
  • License Information: License keys, customer numbers, customer names, license labels, associated email addresses, license activation/deactivation records
  • Device Data: Device identifiers, computer names, IP addresses, device blocking status, hardware fingerprints
  • Technical Data: Log files, access timestamps, browser information, operating system details, usage statistics
  • Communication Data: Email correspondence, support requests, system notifications
  • Security Data: Firewall logs, failed authentication attempts, security incident records, personal access tokens
  • Administrative Data: Admin credentials, API keys, user management actions

4. Purposes and Legal Basis for Processing

We process your personal data for the following purposes with the corresponding legal basis:

  • License Management (Art. 6(1)(b) GDPR - Contract Performance): Account creation, license activation/deactivation, password management, device authorization
  • Security and Fraud Prevention (Art. 6(1)(f) GDPR - Legitimate Interest): System monitoring, security logging, device blocking, unauthorized access prevention
  • Communication (Art. 6(1)(b) GDPR - Contract Performance): Account notifications, password reset emails, system alerts
  • Technical Operations (Art. 6(1)(f) GDPR - Legitimate Interest): System maintenance, performance optimization, error diagnosis
  • Legal Compliance (Art. 6(1)(c) GDPR - Legal Obligation): Data retention for audit purposes, regulatory compliance
  • Analytics and Improvements (Art. 6(1)(f) GDPR - Legitimate Interest): Usage statistics, system performance analysis

5. Data Sharing and International Transfers

We may share your personal data with:

  • Service Providers: Cloud hosting providers, email service providers, security service providers (subject to appropriate data processing agreements)
  • Legal Authorities: When required by law or to protect our legal rights
  • Google Services: Google Fonts for website display (subject to Google's privacy policy)

International data transfers are protected by appropriate safeguards such as Standard Contractual Clauses or adequacy decisions. Data may be transferred to countries including the United States and other jurisdictions where our service providers operate.


6. Data Retention

We retain personal data for different periods depending on the purpose:

  • Account Data: Until account deletion or 7 years after last activity
  • License Information: 10 years for contractual and tax purposes
  • Log Files: 12 months for security monitoring, 3 months for technical logs
  • Communication Data: 3 years for support purposes
  • Security Incident Data: 5 years for security analysis

Data is deleted or anonymized when no longer needed for the stated purposes, unless longer retention is required by law.


7. Your Data Protection Rights

Under applicable data protection laws, you have the following rights:

  • Right of Access (Art. 15 GDPR): Request information about the processing of your personal data
  • Right to Rectification (Art. 16 GDPR): Correction of inaccurate or incomplete data
  • Right to Erasure (Art. 17 GDPR): Deletion of your personal data under certain conditions
  • Right to Restriction (Art. 18 GDPR): Limitation of processing under certain circumstances
  • Right to Data Portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format
  • Right to Object (Art. 21 GDPR): Object to processing based on legitimate interest
  • Right to Withdraw Consent: Where processing is based on consent

To exercise your rights, contact us at [email protected]. We will respond within one month of receiving your request.


8. Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

  • Technical Measures: TLS encryption, password hashing, access logging, firewall protection, regular security updates
  • Organizational Measures: Staff training, access controls, incident response procedures, regular security assessments
  • Data Protection by Design: Privacy considerations integrated into system development and operations

Despite these measures, no internet transmission is completely secure. You transmit data at your own risk.


9. Cookies and Tracking

Our website uses essential cookies for functionality and security. We also use Google Fonts, which may involve data transfer to Google. For detailed cookie information, please see our Cookie Policy.


10. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.


11. Data Breach Notification

In case of a personal data breach likely to result in high risk to your rights, we will notify you within 72 hours of becoming aware of the breach, as required by applicable law.


12. Supervisory Authorities

You have the right to lodge a complaint with the relevant supervisory authority:

  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC) - edoeb.admin.ch
  • Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit - bfdi.bund.de
  • France: Commission Nationale de l'Informatique et des Libertés (CNIL) - cnil.fr
  • EU: Your local data protection authority

13. Changes to This Privacy Policy

We may update this privacy policy to reflect changes in our practices or applicable laws. We will notify users of material changes through our website or by email. Continued use of our services after changes constitutes acceptance of the updated policy.


14. Contact Information

For questions about this privacy policy or our data practices, contact us at:

cadwork Informatik ci AG
Data Protection Office
Aeschenvorstadt 21
4055 Basel
Switzerland
Email: [email protected]
Phone: +41 61 278 90 10


Last updated: October 8, 2025