Privacy Policy

nuwai – nuwai.ch
As of: March 2, 2026

1. Scope

This Privacy Policy explains how nuwai GmbH (“we”, “nuwai”) collects, processes, and protects personal data when you visit our website nuwai.ch, use our services, or otherwise contact us.

It applies to all offerings, services, and communication channels of nuwai GmbH, including subdomains, contact forms, newsletters, and any SaaS applications provided (e.g., wowai.ch).

2. Responsible Entity

nuwai
Färberstrasse 7
CH-8832 Wollerau
Switzerland

Email: [email protected]

If we engage external data protection officers or consultants in individual cases, we will announce this separately.

3. What Personal Data We Collect

3.1 Automatically Collected Data (Website Visit)

When you access our website, technical information transmitted by your browser is automatically collected:

  • IP address (possibly anonymized)
  • Date, time, and duration of access
  • Pages and files accessed
  • Referrer URL (previously visited page)
  • Browser type and version, operating system
  • Device information (screen resolution, device type)

This data is generally not attributable to a specific person and is required for the secure and stable operation of the website.

3.2 Data Provided by You

When you contact us or use our services, we may collect the following data:

  • First and last name
  • Email address, phone number
  • Company name, position, industry
  • Project descriptions, inquiries, messages
  • Contract and billing data
  • Other information you voluntarily provide

3.3 Data from SaaS Usage

If you use nuwai products (e.g., BrandGuard Suite, SkillsConverter), additional usage data may be generated (e.g., logins, function calls, uploaded content). Details are governed by the respective data processing agreement or product-specific terms of use.

4. Purposes of Data Processing

We process your personal data for the following purposes:

  • Responding to and processing your inquiries and orders
  • Providing and executing our services, including SaaS offerings
  • Operating, maintaining, and securing our website and IT infrastructure
  • Detecting and preventing abuse, fraud, and cyberattacks
  • Analyzing and improving our offerings (e.g., through aggregated evaluations)
  • Sending information about our services, provided you have consented or a customer relationship exists
  • Fulfilling legal obligations (e.g., accounting, retention periods, tax obligations)
  • Asserting, exercising, or defending legal claims

5. Legal Bases

5.1 Swiss Data Protection Act (DSG)

Data processing is based on the Federal Act on Data Protection (DSG, revised version effective September 1, 2023). We rely in particular on:

  • Consent (Art. 6 para. 6 DSG)
  • Contract fulfillment or pre-contractual measures (Art. 6 para. 5 DSG)
  • Legitimate interests, provided the interests of the data subject do not prevail (Art. 31 para. 1 DSG)
  • Legal obligations

5.2 EU General Data Protection Regulation (GDPR)

Where the GDPR is applicable (e.g., for offerings to persons in the EU/EEA or for behavioral monitoring), we additionally process personal data based on:

  • Art. 6 para. 1 lit. a GDPR (consent)
  • Art. 6 para. 1 lit. b GDPR (contract fulfillment)
  • Art. 6 para. 1 lit. f GDPR (legitimate interest)
  • Art. 6 para. 1 lit. c GDPR (legal obligation)

6. Disclosure to Third Parties and Processors

We generally do not disclose your personal data to third parties unless:

  • This is necessary for contract fulfillment (e.g., hosting providers, email service providers, payment processors).
  • We are legally obligated to do so (e.g., to authorities or courts).
  • You have expressly consented.
  • There is an overriding legitimate interest (e.g., for legal enforcement).

Processors who process personal data on our behalf are contractually obligated to comply with data protection requirements (data processing agreement pursuant to Art. 9 DSG or Art. 28 GDPR).

6.1 Categories of Recipients

In the course of our business activities, the following recipients may be involved:

  • Hosting and infrastructure providers (e.g., Hetzner, Vercel, Supabase)
  • Email and communication service providers
  • Analytics and tracking services (see Section 7)
  • Accounting and tax advisors
  • Authorities, where legally required

7. Cookies, Tracking, and Analytics

7.1 Technically Necessary Cookies

Our website uses technically necessary cookies that are essential for the operation of the site (e.g., session cookies, language settings). These cookies do not require consent.

7.2 Analytics Cookies and Third-Party Services

Where we use analytics tools (e.g., Google Analytics, Plausible Analytics, or comparable services), this is done only with your prior consent via a cookie consent banner. You can withdraw your consent at any time.

When using Google Analytics, data is transmitted to Google LLC (USA). We use IP anonymization so that the IP address is truncated within the EU/EEA. For more information: https://policies.google.com/privacy

7.3 Embedded Content

Our website may embed third-party content (e.g., YouTube videos, social media plugins, maps). When loading this content, the respective third-party provider may set cookies and collect your IP address. We recommend reviewing the privacy policies of the respective providers.

8. Data Transfer Abroad

Individual service providers may process data outside Switzerland or the EEA (particularly in the USA). In such cases, we ensure an adequate level of data protection through appropriate safeguards:

  • Adequacy decision by the Federal Council pursuant to Art. 16 DSG or by the EU Commission pursuant to Art. 45 GDPR
  • Standard Contractual Clauses (SCC) pursuant to Art. 46 para. 2 lit. c GDPR
  • Other appropriate safeguards (e.g., Binding Corporate Rules, certifications)

You may request a copy of the safeguards in place from us.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, misuse, or destruction. These include in particular:

  • Encryption of data transmission using TLS/SSL
  • Access restrictions and role-based permissions
  • Regular security updates and vulnerability analyses
  • Backup and disaster recovery measures
  • Confidentiality obligations for employees and contractors

Please note that despite all due care, no data transmission over the internet is completely secure. We therefore cannot guarantee absolute security.

10. Retention and Deletion

We store your personal data only as long as necessary for the respective processing purposes or as required by legal retention obligations. Specifically:

  • Contract data: For the duration of the business relationship and subsequently according to legal retention periods (in Switzerland generally 10 years pursuant to Art. 958f CO).
  • Inquiries and correspondence: Until the matter is fully resolved, then according to retention obligations.
  • Technical log data: Generally a maximum of 90 days, unless longer storage is required for security reasons.
  • Newsletter data: Until you withdraw your consent.

After the retention period expires, your data will be deleted or anonymized.

11. Your Rights

You have the following rights under applicable data protection legislation:

11.1 Under Swiss DSG

  • Right to access (Art. 25 DSG): You may request information about the personal data stored about you.
  • Right to rectification: You may request correction of inaccurate data.
  • Right to deletion: You may request deletion of your data, provided no legal retention obligations prevent this.
  • Right to data disclosure or transfer (Art. 28 DSG)
  • Right to object to data processing

11.2 Additionally Under GDPR (EU/EEA)

  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability in a structured, machine-readable format (Art. 20 GDPR)
  • Right to object to processing based on legitimate interests (Art. 21 GDPR)
  • Right to withdraw consent granted, without affecting the lawfulness of processing carried out before the withdrawal
  • Right to lodge a complaint with a competent supervisory authority

To exercise your rights, you may contact us at any time: [email protected]. We may require proof of identity before processing your request.

12. Minors

Our services are not directed at persons under 16 years of age. We do not knowingly collect personal data from children. Should we determine that data from a minor has been collected without parental consent, it will be deleted immediately.

13. Automated Decision-Making and Profiling

We generally do not employ automated decision-making or profiling within the meaning of Art. 22 GDPR that would have legal effects on you. Should we introduce AI-supported processing in the future that could significantly affect your rights, we will inform you separately.

14. Changes to This Privacy Policy

We may update this Privacy Policy at any time, particularly in the event of changes to our data processing, legal requirements, or technical circumstances. The current version applies from the date of publication on our website. We will communicate significant changes separately where possible.

15. Contact and Supervisory Authority

For questions, concerns, or to exercise your rights, please contact:

nuwai
Färberstrasse 7
CH-8832 Wollerau

Email: [email protected]

Competent data protection supervisory authority in Switzerland:
Federal Data Protection and Information Commissioner (FDPIC)

Feldeggweg 1, CH-3003 Bern
https://www.edoeb.admin.ch

For persons in the EU/EEA, the right to lodge a complaint with the respective competent data protection supervisory authority is also available.

nuwai – built to perform

nuwai develops software, automation, and integrated AI for companies that measure results in daily operations — not in slide decks. We work with real data, clear ownership, and controlled iterations — turning assumptions into verifiable reality.
Overview
Your Data
Privacy Police
Company
F.A.Q.
Legal Notice

© 2026. All rights reserved.