Privacy policy

1. Who we are

The data controller responsible for processing your personal data is:

Laminar Praxis S.A. Rue de Genève 100 1004 Lausanne Switzerland

UID: CHE-291.105.214 General contact: contact@laminarpraxis.ch Privacy contact: privacy@laminarpraxis.ch

For questions about how we handle your data, write to the privacy address above. The three partners of Laminar Praxis read and respond to these messages directly.

2. Legal framework

We process personal data in accordance with:

• The Swiss Federal Act on Data Protection (FADP), as revised and in force from 1 September 2023
• The EU General Data Protection Regulation (GDPR) where it applies — in particular when we process the personal data of residents of the European Economic Area
• Sector-specific regulations where relevant to our work (Swiss Code of Obligations Articles 716 and 964a–964c, the FADP Ordinance, and equivalent EU implementing acts)

Where Swiss and EU rules differ, we apply the stricter standard.

3. What data we collect and why

We collect only what we need to do our work and to respond to people who contact us. We do not collect data speculatively, and we do not buy data from third parties.

3.1 When you contact us through the website

What we collect: Your name, organisation, email address, telephone number (if you provide one), and the content of your message.

Why we collect it: To read your message and respond to you. If a conversation develops into a possible engagement, to maintain a record of how the relationship started.

Legal basis: Performance of a pre-contractual measure at your request (GDPR Article 6(1)(b); FADP Article 31(2)(a)). For continued communication after first contact, our legitimate interest in maintaining business correspondence (GDPR Article 6(1)(f); FADP Article 31(2)(b)).

How long we keep it: Up to 24 months from last meaningful contact. If our exchange leads to an engagement, the data is retained for the duration of the engagement plus the statutory retention period (10 years under Swiss commercial law for business correspondence).

3.2 When you send us an email directly

What we collect: Whatever you choose to send — typically your email address, name, and message content.

Why we collect it: Same as 3.1.

Legal basis: Same as 3.1.

How long we keep it: Same as 3.1.

3.3 When you visit our website

What we collect: Standard server logs (IP address, browser type, pages visited, referrer, timestamp) and aggregated, anonymised analytics data (see Section 5).

Why we collect it: To operate the website securely, diagnose technical problems, and understand which content is useful to readers.

Legal basis: Our legitimate interest in operating a functional, secure website (GDPR Article 6(1)(f); FADP Article 31(2)(b)).

How long we keep it: Server logs for 90 days. Analytics data is anonymised at collection and retained for 13 months in aggregated form only.

3.4 When you subscribe to our publications

This section will apply once we begin publishing Laminar Insights with newsletter distribution. We will update this policy and notify subscribers before any data collection begins. At that point we will collect email addresses with explicit consent, store them on infrastructure we control, and use them only to send the publications you have subscribed to.

4. Where your data is stored

All personal data we collect through this website is stored on infrastructure operated by Infomaniak Network SA, a Swiss company headquartered in Geneva, with data centres located exclusively in Switzerland. Infomaniak is subject to Swiss FADP and operates under Swiss jurisdiction.

Data does not leave Switzerland in the normal course of our operations.

If we ever need to transfer personal data outside Switzerland — for instance, to introduce you to a partner located in Belgium or Luxembourg with your explicit request and consent — we will do so only with appropriate safeguards (Standard Contractual Clauses, your explicit consent, or transfer to a country with an adequacy decision under FADP and GDPR).

5. Cookies and analytics

We use Matomo Analytics, self-hosted on our Infomaniak infrastructure, to understand which pages on our website are read and how visitors arrive.

Matomo is configured with the following privacy-protective settings:

• IP addresses are anonymised at collection (the last octet is removed)
• No data is shared with third parties
• No cross-site tracking occurs
• No advertising profiles are built
• The data never leaves our Swiss infrastructure

Under both the Swiss FADP and EU GDPR, this configuration of Matomo does not require prior consent because no personal data is processed in a way that triggers consent requirements. We have therefore chosen not to display a cookie banner. This is a deliberate choice consistent with our sovereignty principles: we do not believe in adding friction to your visit for tracking we do not perform.

The only cookies we set are technical session cookies required for the website to function (for example, to remember your language preference). These cookies do not track you across sites, do not contain personal data, and are deleted when you close your browser.

6. Who has access to your data

Personal data submitted through this website is read only by authorised personnel of Laminar Praxis. We do not use chatbots, automated screening, third-party CRM systems, or marketing automation platforms.

Our infrastructure provider (Infomaniak) has technical access to data on its servers for the purpose of operating the hosting service. Infomaniak is bound by Swiss FADP and by a data processing agreement with us. Infomaniak does not access the content of our data in the normal course of operations.

Subprocessors

We use the following subprocessors:

Subprocessor	Purpose	Jurisdiction
Infomaniak Network SA	Website hosting, email, analytics infrastructure	Switzerland

If we add subprocessors, we will update this list and the version date of this policy. We will not add subprocessors located outside the EU or Switzerland without explicit notice and, where required, your consent.

7. What we do not do

For clarity, here is a list of things we explicitly do not do with your data:

• We do not sell personal data to anyone, ever.
• We do not share data with advertising networks.
• We do not use CRM, marketing automation or analytics tools based in the United States, China, Russia or, more generally, in jurisdictions that do not offer the basic safeguards we consider essential for a sound relationship with you.
• We do not track you across websites.
• We do not build behavioural profiles.
• We do not use chatbots or automated screening of your messages.
• We do not enrich your data from third-party sources.
• We do not transfer data to jurisdictions without adequate protection.

This is part of how we understand our sovereignty commitment.

8. Your rights

Under both the Swiss FADP and the EU GDPR, you have the following rights regarding your personal data:

• Right of access – to obtain confirmation of whether we process your data and, if so, a copy of that data
• Right to rectification – to correct inaccurate or incomplete data
• Right to erasure – to request deletion of your data where the legal basis for processing no longer applies
• Right to restriction of processing – to limit how we use your data in specific circumstances
• Right to data portability – to receive your data in a structured, machine-readable format and to transmit it to another controller
• Right to object – to processing based on legitimate interest, including for direct marketing purposes
• Right to withdraw consent – where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, write to privacy@laminarpraxis.ch. We will respond within 30 days. If your request is complex or we receive a high volume of requests, we may extend this period by an additional 60 days and will inform you of the extension within the initial 30-day window.

We may ask you to verify your identity before responding to a request, to protect your data from unauthorised access.

Right to lodge a complaint

If you believe we have not handled your data correctly, you have the right to lodge a complaint with a supervisory authority:

• In Switzerland: Federal Data Protection and Information Commissioner (FDPIC) – www.edoeb.admin.ch
• In the European Union: the data protection authority of your country of residence
  • in France: Commission Nationale de l’Informatique et des Libertés (CNIL) – www.cnil.fr
  • In Belgium: Autorité de protection des données – www.autoriteprotectiondonnees.be
  • In Luxembourg: Commission nationale pour la protection des données – cnpd.public.lu

We would prefer that you raise concerns with us first so we can address them directly, but you are entitled to go straight to a supervisory authority if you choose.

9. Security

We protect your data through a combination of technical and organisational measures:

• All data in transit is encrypted using TLS 1.3
• All data at rest is stored on Infomaniak infrastructure with encrypted backups
• Administrative access to the website is restricted to the three partners and uses strong authentication
• Server access is logged and monitored
• We apply security updates promptly when they are released
• We periodically review our security posture and adjust as needed

No security regime is absolute. If we ever experience a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the FDPIC (and, where applicable, the relevant EU supervisory authority) within 72 hours of becoming aware of it, and we will notify affected individuals without undue delay where required.

10. Children

Our website and services are not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have inadvertently collected data from a minor, please write to us at the privacy address above and we will delete it.