Privacy Policy
1. Controller and Contact Details
QPQ IaaS AG (Allmeindstrasse 17, 8840 Einsiedeln, Switzerland; CHE-242.519.378) (“QPQ IaaS AG,” “we,” “us,” or “our”) is the data controller responsible for processing your personal data under this Privacy Policy.
If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact:
- Data Protection Contact: dpo@gajumining.com
- General enquiries: info@gajumining.com
- Address: Allmeindstrasse 17, 8840 Einsiedeln, Switzerland
2. Scope
This Privacy Policy applies to personal data we collect and process through our online platforms, which include www.gajumining.com, our branded social media pages (including LinkedIn, X, YouTube, Rumble, Facebook, Instagram, and Discord), and any other websites or applications we operate (collectively, the “Online Platform”).
This Privacy Policy is provided in compliance with the Swiss Federal Act on Data Protection (“FADP”) and, where applicable, the EU General Data Protection Regulation (“GDPR”). We may update this Privacy Policy from time to time. Please see Section 14 for details on how changes are communicated.
3. How We Collect Personal Data
We collect personal data in the following ways:
- Directly from you: when you create an account, submit forms, contact us, upload content, or otherwise interact with our Online Platform.
- Automatically: through cookies and similar tracking technologies when you visit our website (see Section 6).
- From third parties: where permitted by law, we may receive personal data from business partners, analytics providers, or publicly available sources.
4. Categories of Personal Data We Collect
Depending on how you interact with our Online Platform, we may collect the following categories of personal data:
- Identity data: name, username.
- Contact data: email address, postal address, phone number.
- Account data: login credentials (password stored in hashed form).
- Technical data: IP address, browser type and version, device identifiers, operating system, geolocation (derived from IP).
- Usage data: pages visited, click patterns, session duration, referring URLs.
- Content data: comments, uploaded files, and any personal data of third parties contained in content you submit (you are responsible for ensuring you have lawful authority to share such data).
- Transaction data: details of purchases or services you receive from us (if applicable).
5. Purposes and Legal Bases for Processing
5.1 Under the FADP (Swiss Law)
Under the FADP, processing of personal data is lawful provided it does not unlawfully breach the personality rights of the data subject (Art. 30–31 FADP). Processing is justified where:
- The data subject has given consent.
- There is an overriding private or public interest (including the performance of a contract, compliance with a legal obligation, or the legitimate interests of the controller).
- Processing is required by law.
5.2 Under the GDPR (EU/EEA Data Subjects)
Where the GDPR applies, we rely on the following legal bases under Art. 6(1) GDPR:
| Purpose | GDPR Legal Basis | FADP Justification |
|---|---|---|
| Providing and operating the Online Platform | Contract performance (Art. 6(1)(b)) | Overriding interest / contract |
| Managing accounts and support requests | Contract performance (Art. 6(1)(b)) | Overriding interest / contract |
| Analysing and improving our services | Legitimate interest (Art. 6(1)(f)) | Overriding interest |
| Personalised content and advertising | Consent (Art. 6(1)(a)) | Consent |
| Identifying new customer opportunities | Consent (Art. 6(1)(a)) | Consent |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) | Overriding interest |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) | Legal obligation |
Where we rely on legitimate interest, our interest is to operate, secure, and improve our Online Platform. We have assessed that this processing does not override your fundamental rights and freedoms, taking into account the nature of the data, the context, and the safeguards in place.
6. Cookies and Similar Technologies
We use cookies and similar technologies to operate our website, analyse usage, and enhance your experience. A cookie is a small text file placed on your device by your browser.
6.1 Cookie Categories
- Strictly necessary cookies: required for the website to function (e.g., session management, security). These do not require your consent.
- Performance cookies: collect anonymised data on how visitors use the website (e.g., pages visited, error messages). Placed only with your consent.
- Functional cookies: remember your preferences (e.g., language, region). Placed only with your consent.
- Targeting/advertising cookies: used to deliver relevant advertisements and track campaign effectiveness. Placed only with your consent.
6.2 Your Cookie Choices
When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or decline each category of non-essential cookies. You may change your preferences at any time via the cookie settings link in the website footer. You can also configure your browser to block or delete cookies, though this may affect website functionality.
7. How We Share Your Personal Data
We may share your personal data with the following recipients:
- Affiliates of QPQ IaaS AG, for the purposes described in this Privacy Policy.
- Trusted service providers (e.g., IT hosting, cloud infrastructure, analytics) who process data on our behalf under data processing agreements.
- Event sponsors, only where you have given explicit consent at the point of event registration.
- Partners, only at your specific request.
- Regulators and public authorities, where required by law or to protect our legal rights.
- Third parties in connection with a corporate transaction (merger, acquisition, reorganisation), subject to appropriate confidentiality obligations.
We do not sell, rent, or trade your personal data.
8. International Data Transfers
Your personal data may be transferred to and processed in countries outside Switzerland or the European Economic Area (EEA) that may not provide an equivalent level of data protection. These countries may include Singapore, the Philippines, India, Japan, Hong Kong, and the United States.
Where such transfers occur, we implement appropriate safeguards to protect your data, including:
- Transfers to countries recognised as providing adequate protection by the Swiss Federal Council or the European Commission (adequacy decisions).
- Standard Contractual Clauses (SCCs) approved by the European Commission and/or the Swiss FDPIC.
- Binding Corporate Rules (BCRs) where applicable.
You may request a copy of the applicable safeguards by contacting us at the address in Section 1.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data from accidental, unlawful, or unauthorised destruction, loss, alteration, access, disclosure, or use. These measures include encryption (in transit and at rest), access controls, secure transmission protocols, and regular data backups.
While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.
10. Data Breach Notification
10.1 Swiss Law (FADP)
In the event of a personal data breach likely to result in a high risk to your personality or fundamental rights, we will notify the Swiss Federal Data Protection and Information Commissioner (FDPIC) as quickly as possible (Art. 24 FADP). Where required for your protection, or at the request of the FDPIC, we will also inform you directly.
10.2 EU Law (GDPR)
Where the GDPR applies, we will notify the relevant supervisory authority without undue delay (and within 72 hours where feasible) of any breach likely to result in a risk to your rights and freedoms (Art. 33 GDPR). Where the breach is likely to result in a high risk, we will also notify you directly without undue delay (Art. 34 GDPR).
Breach notifications will include the nature of the breach, contact details of our data protection contact, the likely consequences, and the measures taken or proposed to address the breach.
11. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law. Our general retention periods are:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account data | Duration of account + 1 year | Contract / statutory obligations |
| Transaction data | 10 years after transaction | Swiss commercial law (Art. 958f CO) |
| Server logs / technical data | 90 days | Security / legitimate interest |
| Marketing consent records | Until consent is withdrawn | Consent / accountability |
| Cookie data | Per cookie — see cookie policy | Consent / necessity |
After the applicable retention period expires, we securely delete or anonymise your personal data. Where immediate deletion is not technically feasible, we implement measures to prevent further processing.
12. Automated Decision-Making and Profiling
We do not currently use automated decision-making or profiling that produces legal effects or similarly significantly affects you.
Under Art. 21 FADP, you have the right to request that an automated individual decision be reviewed by a natural person. Under Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects, subject to certain exceptions.
13. Your Rights
13.1 Under the FADP (Swiss Law)
You have the following rights under the FADP:
- Right of access: to obtain confirmation of whether we process your personal data and to receive a copy (Art. 25 FADP).
- Right to rectification: to have inaccurate personal data corrected (Art. 32 FADP).
- Right to deletion: to request deletion of your personal data, subject to legal retention obligations.
- Right to data portability: to receive your personal data in a commonly used electronic format or have it transferred to another controller (Art. 28 FADP).
- Right to human review: to request that an automated decision be reviewed by a natural person (Art. 21 FADP).
13.2 Under the GDPR (EU/EEA Data Subjects)
If you are located in the EU/EEA, you additionally have the following rights:
- Right of access (Art. 15 GDPR).
- Right to rectification (Art. 16 GDPR).
- Right to erasure (Art. 17 GDPR).
- Right to restriction of processing (Art. 18 GDPR).
- Right to data portability (Art. 20 GDPR).
- Right to object to processing based on legitimate interest or direct marketing (Art. 21 GDPR).
- Right to withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal (Art. 7(3) GDPR).
- Right not to be subject to solely automated decision-making (Art. 22 GDPR).
13.3 How to Exercise Your Rights
To exercise any of these rights, please contact us at dpo@gajumining.com. We may request proof of identity before processing your request. We will respond within the timeframes required by applicable law (generally 30 days under the FADP; one month under the GDPR, extendable by two further months for complex requests).
13.4 Right to Lodge a Complaint
You have the right to lodge a complaint with the competent supervisory authority:
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern (www.edoeb.admin.ch).
- EU/EEA: the supervisory authority in your country of residence.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. When we make material changes, we will post a prominent notice on our Online Platform. Where changes affect processing for which consent is the legal basis, we will seek your renewed consent before applying the changes.
We encourage you to review this Privacy Policy periodically. The “Last Updated” date at the top indicates the most recent revision.
15. Marketing Communications
Where you have given consent or where we are otherwise permitted by law, we may send you marketing communications about our products and services. You have the right to opt out of marketing communications at any time by:
- Clicking the “unsubscribe” link in any marketing email.
- Contacting us at dpo@gajumining.com.
Opting out of marketing communications does not affect other communications we may send you in connection with your account or transactions.
16. Children’s Privacy
Our Online Platform is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without appropriate parental consent, we will take steps to delete that data promptly. If you believe a child under 16 has provided us with personal data, please contact us at dpo@gajumining.com.
17. Contact Information
For questions or concerns about this Privacy Policy, our data processing practices, or your rights, please contact:
Data Protection Contact
QPQ IaaS AG
Allmeindstrasse 17, 8840 Einsiedeln, Switzerland
Email: dpo@gajumining.com