Last Updated: November 2025
Your privacy is important to us. This Privacy Policy explains how richardcunha.ch (“we,” “us,” or “our”) collects, uses, and protects your personal data when you use our website. It is designed to provide clear information about what data we collect, why we collect it, how we store and protect it, with whom we share it, and your rights regarding your data. We adhere to Swiss data protection law and the EU General Data Protection Regulation (GDPR), ensuring compliance with both the Swiss Federal Act on Data Protection (FADP) and GDPR requirements usercentrics.comusercentrics.com. By using our website or providing personal information, you agree to the practices described in this Privacy Policy.
The data controller responsible for your personal data on this site is Richard Cunha, based in Switzerland. If you have any questions about this Privacy Policy or wish to exercise your data rights (explained below), please contact us at:
Email: welcome@richardcunha.ch (for privacy inquiries)
(Please note: The above contact details are provided for data protection inquiries. We will respond as soon as possible to address your concerns.)
We collect several types of personal data from you, depending on how you interact with our website:
Contact Form Submissions: If you fill out our contact form, we collect the information you provide, which typically includes your name, email address, and the content of your message. We may also collect your phone number or other contact details if you choose to provide them. Additionally, our web server may log your IP address and timestamp when the form is submitted (for security and spam prevention purposes). This information is used solely to communicate with you and respond to your inquiries.
Newsletter Sign-Ups: When you subscribe to our newsletter, we collect your email address (and possibly your name, if provided) to send you our email updates. We use a third-party email service (Octopusmail, provided by EmailOctopus) to manage our newsletter subscriptions. This means your email address and any other information you submit for the newsletter are stored in our account with that service on secure servers help.emailoctopus.com. We operate on a double opt-in basis for the newsletter where required (you may receive a confirmation email to verify your subscription), and you can unsubscribe at any time.
Analytics Data (Google Analytics): We use Google Analytics to gather data about how visitors use our site. Google Analytics uses first-party cookies and similar identifiers to collect information about your device and browsing actions support.google.com. The data collected may include:
Device/Browser Information: Details about your device, browser type, operating system, and screen resolution.
IP Address: Your IP address is collected to determine general location (e.g., city or country). Note: Google Analytics 4, which we use, does not store or log full IP addresses in its databases as a privacy measure support.google.com. We have also enabled IP anonymization where possible, so the last digits of your IP are masked before storage.
Usage Data: Information about how you interact with our site, such as pages visited, the time spent on pages, clicks on links, and navigation patterns. This data is collected via cookies and scripts for the purpose of understanding website traffic and usage. (See the Cookies section below for more details.)
Importantly, Google Analytics does not reveal any personally identifying information like your name or email to us support.google.com . We do not collect such personal identifiers through analytics—analytics data is aggregated and pseudonymized.
Interactions with Embedded Content and Links: Our website may include embedded third-party content or links (for example, videos, social media widgets, or external website links). If you interact with embedded content (such as playing a YouTube video or clicking a social media “share” button), those third parties may collect data about your interaction through their own cookies or trackers. For instance, clicking an embedded video might allow the video provider (like YouTube) to collect your IP address and see that you visited our site. Similarly, if you click a link on our site that leads to an external website, that site may receive some information such as the fact that you came from our site (via the referrer header). We do not collect additional personal data in these cases beyond what is described above; however, we may record the click event in our own analytics (to count how many users clicked a particular link). Please note that once you leave our site or interact with third-party content, the privacy policies of those third-party providers will apply. We encourage you to review the privacy policies of any external sites or services that you visit via links on our website.
We process and use personal data for the following purposes, in accordance with applicable law:
To Respond to Inquiries: Information from contact form submissions (name, email, message content, etc.) is used solely for responding to your specific inquiry or request. We will use your contact details to communicate with you and provide the information or assistance you have asked for. The legal basis for this processing is typically your consent (you voluntarily provide the data expecting a response) and/or our legitimate interest in effectively responding to inquiries. In some cases, it may also be considered processing necessary for steps you requested prior to entering into a contract (for example, if you contact us for a service we offer). We will not use the information you submit via the contact form for any marketing purposes unless you explicitly consent to that.
To Send Newsletters and Updates: For users who have subscribed to our newsletter, we use your email address to send you periodic newsletters or announcements. We will only send these emails with your consent (you must have opted in). The content may include news about Richard Cunha’s activities (e.g., upcoming shows, blog posts, or other updates). You can unsubscribe at any time, and each email will include an unsubscribe link. We manage our email list through EmailOctopus, a third-party email service provider, which helps us deliver emails and manage subscriptions. EmailOctopus, operated by Three Hearts Digital Ltd in the UK, stores our subscriber list on secure servers in the European Union (Ireland) and complies with GDPR requirements help.emailoctopus.com. They also track limited engagement data (such as whether you open our emails or click on links within them) to help us understand email performance emailoctopus.com. We use that information only in aggregate form to improve our newsletter content and do not profile individual subscribers beyond their direct interactions with our newsletters.
For Website Analytics and Improvements: We use the information collected via Google Analytics to analyze how our site is used and to improve the user experience. This includes looking at metrics like which pages are most visited, how users navigate through the site, and what content is of most interest. These insights help us optimize our website’s layout, content, and performance. The processing of analytics data is based on our legitimate interest in understanding and improving our services. However, where required by law (such as in the EU), we will obtain your consent before deploying analytics cookies (e.g., via a cookie consent banner). Analytics data is used in aggregate form; we do not use it to identify you personally. We have configured Google Analytics to respect privacy: IP anonymization is enabled, and we honor “Do Not Track” signals or analytics opt-outs where feasible. You can also completely opt out of Google Analytics tracking on our site by using a browser plugin (Google provides an opt-out add-on support.google.com) or by rejecting analytics cookies via our cookie consent tool. Using our site without consenting to analytics will not limit your access to content, it will only result in less data being collected about your visit.
To Ensure Security and Prevent Abuse: We may process some data (like IP addresses or user-agent strings in server logs, and information you submit) for the purpose of maintaining the security of our website, preventing spam, fraud, or abuse. For example, if we detect suspicious multiple submissions or attempts to exploit our site, we might use log data to block certain IP addresses or investigate the issue. This processing is based on our legitimate interest in keeping our website and users secure. We do not use this data for marketing or any unrelated purposes.
Compliance with Legal Obligations: If we are subject to legal requirements to retain or disclose data (for example, for tax records, lawful requests by authorities, or to comply with data protection audits), we will use and retain personal data as necessary to fulfill those obligations. In such cases, the legal basis for processing is compliance with legal obligations.
We will not use your personal data for purposes that are incompatible with the above, and we do not engage in any automated decision-making or profiling that produces legal or similarly significant effects on you.
Cookies are small text files placed on your device when you visit a website. We use cookies and similar tracking technologies on richardcunha.ch for a few key reasons: for the site’s core functionality, for analytics, and for remembering your preferences. Below we explain the types of cookies in use and how you can manage them.
Essential Cookies: These cookies are necessary for the website to function correctly. For instance, if our site uses a content management system or has a login for administrators, session cookies might be used to maintain log-in states. Essential cookies might also be used to remember your cookie consent preferences (so that we don’t ask you every time). Because these cookies are necessary for basic functionality, they do not require consent. We currently do not use any non-essential cookies aside from analytics (described below), and our site does not use advertising cookies or trackers for targeted ads.
Analytics Cookies (Google Analytics): Our site uses Google Analytics, which sets first-party cookies (_ga, _gid, and others) to collect information about how visitors use our site support.google.com. These cookies gather data such as pages visited, time spent on the site, interactions with links, and other aggregate usage statistics. The information generated by these cookies (including a truncated IP address, as we use IP anonymization) is transmitted to and stored by Google on servers which may be outside of Switzerland (Google may process analytics data in the United States or other countries). Google Analytics cookies do not collect personally identifiable information like your name or email blobr.io; they generate anonymous identifiers to distinguish users. We use the analytics data solely for improving our website and understanding user interests.
Third-Party Cookies from Embedded Content: If we embed content from third-party platforms (such as a YouTube video or an Instagram feed), those platforms may set their own cookies on your device when you interact with them. For example, YouTube might set cookies to remember your preferences or track video views. Similarly, social media sites may set cookies if you are logged into them while viewing our site or if you click a “share” button. We do not control these cookies, and they are governed by the privacy/cookie policies of the respective third parties. We recommend reviewing the cookie policies of any third-party services that we link or embed (e.g., Google/YouTube, Facebook/Instagram) to understand their practices.
Cookie Consent: If you are in a jurisdiction that requires consent for non-essential cookies (such as the EU/EEA), we will present you with a cookie consent banner or popup when you first visit our site. This banner will allow you to accept or decline analytics cookies. Until you consent, our site will not set analytics cookies or will restrict them. (Essential cookies, as noted, may be set regardless as they are necessary for the site to function.) By clicking “Accept” on the cookie banner, you agree to our use of analytics cookies as described. You can choose “Decline” or close the banner to reject them; the site will still work normally, and Google Analytics will not track your visit.
How to Manage and Disable Cookies: You have the right to control how cookies are used on your device:
Browser Settings: Most web browsers allow you to refuse or delete cookies. You can adjust your browser settings to block cookies from our site or from third parties. You can also delete cookies that have already been set. Please note that if you disable all cookies, some features of our website (especially any interactive or login features) may not function properly. However, basic viewing of the site will generally be fine.
Google Analytics Opt-Out: Google provides an official Google Analytics Opt-out Browser Add-on support.google.com which, once installed in your browser, will prevent Google Analytics from collecting data on any site that you visit (including ours). This gives you a universal opt-out of Google Analytics tracking.
Do Not Track: Our site honors Do Not Track (DNT) signals. If your browser is configured with DNT enabled, and if applicable law interprets DNT as a valid opt-out request, we will treat it as an opt-out of analytics and not load Google Analytics for your visit.
For more detailed information on the cookies we use, you can contact us (see Contact Information above). By continuing to use our site with cookies enabled in your browser (and after acknowledging any consent banner, where applicable), you consent to our use of cookies as described in this Policy.
We treat your personal data with care and do not sell or rent your information to any third parties. We only share your data in limited situations, described below, and only with appropriate safeguards in place:
Google Analytics (Google LLC): As noted, we use Google Analytics to process analytics data about site usage. Google acts as a data processor on our behalf for this purposesupport.google.com, which means they are contractually bound to only process the data to provide analytics services to us. We have accepted Google’s Data Processing Addendum to ensure GDPR compliance. The analytics data may be processed on Google servers outside of Switzerland or the EU (for example, in the United States). Google LLC is certified under the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework, which means it is committed to protecting personal data transferred from the EU or Switzerland to the U.S. in line with EU/Swiss privacy standardspolicies.google.com. Google also uses Standard Contractual Clauses where appropriate to safeguard data transferspolicies.google.compolicies.google.com. In summary, any analytics data shared with Google is protected by industry-standard safeguards. We do not provide Google with any directly identifying personal information about you (and we’ve configured Google Analytics to limit data collection as described in the Analytics Data section). Google may however receive your truncated IP address and device information automatically when you interact with our site. For more details, you can review Google’s Privacy Policy and Google’s explanation of how it uses data from sites like ours (see Google’s Privacy & Terms site for more information).
EmailOctopus / Octopusmail (EmailOctopus Ltd): We use EmailOctopus (branded here as Octopusmail) as a third-party service provider to manage our email newsletter. When you sign up for the newsletter, your email address and any other provided details are stored on EmailOctopus’s systems. EmailOctopus is a company based in the United Kingdom (Three Hearts Digital Ltd.) and registered with the UK Information Commissioner’s Office (ICO). They comply with EU GDPR and Swiss data protection requirements. In fact, EmailOctopus stores customer mailing list data on Amazon Web Services (AWS) servers in Ireland (European Union) help.emailoctopus.com. This means your newsletter data is kept within the EEA under strong security measures. After the UK’s exit from the EU, the European Commission has determined that the UK offers an adequate level of data protection, allowing data to flow freely from Switzerland or the EU to the UK help.emailoctopus.com. EmailOctopus will process your data only as needed to send emails on our behalf, to manage subscriptions, and to track email analytics (such as open rates or link clicks in the emails emailoctopus.com). We have a data processing agreement with EmailOctopus to ensure your data is handled safely and lawfully. We do not share your newsletter information with any other parties, and EmailOctopus does not use your email for any purpose except to send our newsletters or as legally required.
Service Providers and Partners: Besides Google Analytics and EmailOctopus, we may employ other trusted service providers to help us operate the website or provide our services (for example, a website hosting provider or a CAPTCHA anti-spam service). These providers might process data like server logs or user input under strict confidentiality and only for our described purposes. We ensure that any service providers we use are subject to data protection obligations (either via contract terms or as part of their standard compliance) equivalent to our own. We do not share your personal data with third parties for their own marketing or purposes unrelated to the functioning of this website.
Legal Requirements and Protection: We may disclose personal data to third parties if we have a good-faith belief that such disclosure is necessary to: (a) comply with a legal obligation, court order, or request from law enforcement or regulatory authorities; (b) protect and defend our rights or property; (c) prevent or investigate possible wrongdoing in connection with the site; or (d) protect the personal safety of users of the site or the public. Any such disclosure will be done in accordance with applicable laws, and we would only provide the minimum information necessary in such circumstances.
Business Transfers: (This is a hypothetical scenario for completeness.) If in the future our website or business is merged with or acquired by another company, your personal data might be transferred to the new owner so that the service can continue. If that happens, we will ensure the new owner is bound by the same privacy obligations or we will seek your consent as required by law. We will notify you of any change in data control and give you an opportunity to exercise your rights in that event.
In all cases of data sharing, we strive to anonymize or pseudonymize data when feasible. For example, we may share aggregated statistics about website usage publicly (e.g., “X thousand people visited this month”), but these will not contain any data that can identify individuals.
We take appropriate measures to ensure that your personal data is stored securely and protected against unauthorized access, disclosure, alteration, or destruction. Below is how we handle storage and security for different types of data:
Contact Form Data: When you submit a contact form, the information is sent to us via email and/or stored on our website’s secure servers (if our form plugin stores submissions). Our email systems and web servers are protected by encryption and industry-standard security practices. Emails are transmitted over TLS (encryption in transit) and our servers are firewall-protected. Only authorized personnel (in practice, Richard Cunha and any essential site administrators) have access to the inbox or database where these messages might reside. We treat the confidentiality of your messages seriously. Unless required for ongoing correspondence, we periodically delete contact form submissions stored on the web server. Emails in our inbox may be retained longer for reference, but we will not keep personal correspondence indefinitely if not needed. You have the right to request deletion of your past communications with us (subject to our needing to retain certain correspondence for legal reasons, if any).
Newsletter Subscriber Data: Email addresses and any provided names for newsletter subscribers are stored in our account on EmailOctopus’s platform. As noted, those servers are located in Ireland (EU) with high security standardshelp.emailoctopus.com. EmailOctopus and AWS employ physical and electronic security measures to protect the data. Within our EmailOctopus account, access is password-protected and restricted to the site owner/administrator. We have enabled two-factor authentication where available to secure access. We will keep your email subscription data for as long as you remain subscribed. If you unsubscribe or ask to be removed, we will promptly delete or anonymize your information in the mailing list (though the service may retain anonymized logs of email sends or a record that your email was unsubscribed to prevent resending, as permitted by law). Backup copies of the subscriber list may be kept for a short period as part of routine backup cycles, but these too are secured.
Analytics Data: Data collected through Google Analytics is stored on Google’s servers. Google provides us with access to aggregated reports via their online dashboard. We do not store raw analytics logs on our own systems, other than possibly anonymized identifiers in cookies on users’ browsers (as explained in the Cookies section). Google has robust security measures in place for its data centers and we rely on their protections for the analytics data. Google has committed to keeping data secure and applying the protections outlined in their privacy policy regardless of where it is processed policies.google.com. Also, Google Analytics 4 by default retains granular data for a limited time (we have set user-level and event-level retention to the minimum necessary, typically 14 months or as configured). Aggregate analytics reports may be kept longer, but they do not contain personal identifiers. We do not export or combine Google Analytics data with any personal data we may hold (like contact or subscriber information).
Security Measures: We employ a variety of security measures to protect your data:
Encryption: Our website is secured with HTTPS, meaning any data transmitted between your browser and our site (such as form submissions) is encrypted in transit using SSL/TLS.
Access Control: Personal data is accessible only to those who need it. For example, only authorized individuals have access to the email account that receives contact form messages or to the EmailOctopus dashboard with subscriber information. Access is protected by strong passwords and, where possible, two-factor authentication.
Updates and Patches: We keep our website software, content management system, and plugins up to date to protect against security vulnerabilities. Our hosting provider also maintains up-to-date security on the server level.
Monitoring: We monitor the site for potential security breaches or attacks. Our hosting environment likely includes firewalls and may have brute-force attack prevention. In the event of any indications of a data breach, we will act swiftly to investigate and mitigate it.
Data Minimization: We only collect the personal data that we actually need. By limiting the scope of data collected, we reduce the risk to your privacy. For example, our forms ask only for basic contact information rather than extensive personal details.
Retention of Data: We retain personal data only for as long as necessary to fulfill the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements.
Contact form communications are kept until we have responded to your inquiry and any follow-up period, then deleted or archived securely if needed for reference. If your inquiry leads to a business relationship, we may retain correspondence as part of our client records. Otherwise, routine inquiries more than 1-2 years old are usually deleted.
Newsletter subscription data is kept until you unsubscribe or we discontinue the newsletter service. If you unsubscribe, we may keep your email on a suppression list (a list of addresses not to send mail to) to ensure we honor your unsubscribe request in the future, as allowed by law.
Analytics data in Google Analytics is retained as per the settings we’ve defined (currently [14] months for user-level data in GA4, unless we change this). Aggregate data (which has no personal identifiers) may be stored indefinitely for trend analysis.
If there are legal obligations to retain certain data (for example, proof of consent or transaction records, or communications related to contracts), we will retain that data as long as required by applicable laws (e.g., Swiss commercial law may require retention for 10 years for certain records). Once the retention period expires or the data is no longer needed, we will delete it or anonymize it safely.
Data Breach Procedures: Despite our best efforts, no method of transmission or storage is 100% secure. In the unlikely event of a data breach that affects your personal data, we will follow applicable laws in notifying users and authorities. Under GDPR, if a breach is likely to result in a high risk to your rights and freedoms, we will inform the relevant supervisory authority within 72 hours and also notify affected individuals without undue delay usercentrics.com. Under Swiss law (FADP), we would similarly inform the Swiss Federal Data Protection and Information Commissioner (FDPIC) and affected users as required. We maintain a breach response plan to handle such situations responsibly.
Our goal is to ensure your data is safe with us. However, if you have reason to believe that your interaction with our site or your data is no longer secure (for example, if you suspect a vulnerability), please immediately contact us using the information provided in the Contact section.
Because we use services that may be based in other countries, your personal data might be transferred or accessed internationally: for example, Google Analytics data may be processed on Google servers in the United States or other countries outside Switzerland/EU, and our email service provider is based in the UK with servers in the EU. We want to reassure you that any transfers of personal data across borders are done in compliance with applicable data protection laws.
Switzerland & European Union to United States (Google Analytics): The personal data that Google Analytics collects (like truncated IP and cookies) may be sent to Google’s servers in the United States. The GDPR and Swiss law impose restrictions on such transfers unless certain safeguards are in place, due to the difference in privacy laws. In our case, transfers to Google in the U.S. are covered by the following safeguards: (1) Google LLC is certified under the EU-U.S. and Swiss-U.S. Data Privacy Framework as of 2025 policies.google.com, which means Google is committed to protecting European and Swiss personal data to standards deemed adequate by those jurisdictions; and (2) Google also employs Standard Contractual Clauses (SCCs) for data transfers policies.google.compolicies.google.com, which are legal contracts approved by the European Commission (and recognized by Switzerland) to ensure protection of personal data exported internationally. These measures ensure that your analytics data, even when processed in the U.S., receives a level of protection essentially equivalent to that in Switzerland/EU. If you would like more information on these safeguards, you can contact us or consult Google’s Data Transfer documentation.
Switzerland/EU to United Kingdom (EmailOctopus): Although the UK is no longer part of the EU, it has been recognized by Switzerland and the EU as providing an adequate level of data protection help.emailoctopus.com. This means personal data can flow from Switzerland or EU countries to the UK without additional authorizations. Our newsletter subscriber data is stored in the EU (Ireland) and also falls under UK jurisdiction since the service provider is UK-based. Both Switzerland and the EU have adequacy decisions in place for the UK, so your data enjoys continuity of protection policies.google.compolicies.google.com. In addition, if in the future data is transferred from the EU to the UK and an adequacy status changes, EmailOctopus has indicated they would use Standard Contractual Clauses or other mechanisms to remain compliant. As of now, your data is safely handled under European data protection standards.
Other International Access: Any other third-party providers we use (such as cloud hosting or support services) will be carefully vetted. If they are outside Switzerland/EU, we will ensure they either fall under an adequacy decision or have appropriate safeguards (like SCCs or Binding Corporate Rules) in place. For example, if our site is hosted on a server in a country not deemed adequate, we will have a contract that includes EU Commission-approved clauses to protect personal data.
By using our website or subscribing to our newsletter, you understand that your personal data may be transferred to and stored in countries other than your own. However, we will always take steps to protect your information in line with this Privacy Policy and applicable privacy laws. If you have questions about international data transfers or require more specifics about the safeguards in place, please contact us.
You have rights regarding your personal data, and we are committed to honoring them. These rights allow you to have transparency and control over how your data is used. The following is a summary of your data subject rights:
Right to Information & Access: You have the right to be informed about the collection and use of your personal data (which is the purpose of this Privacy Policy)usercentrics.com. You also have the right to access the personal data we hold about you. This means you can ask us to confirm whether we are processing your personal information and request a copy of that information. We will provide you with the relevant data in a commonly used electronic form, unless you request otherwise. (For Swiss residents, this corresponds to the right of access under the FADP, and for EU residents, Article 15 of the GDPR.)
Right to Rectification: If any of your personal data that we have is incorrect or incomplete, you have the right to have it corrected or updated without undue delay. For example, if you change your email address or notice a typo in the information we hold, you can ask us to fix it. We encourage you to keep your information up-to-date and will honor legitimate requests for correction (GDPR Article 16; also reflected in Swiss law).
Right to Deletion (Right to be Forgotten): You have the right to request that we delete your personal data, under certain conditions. We will erase data upon request if: it’s no longer needed for the purposes we collected it, you withdraw consent (and no other legal ground for processing applies), you object to processing (and we have no overriding legitimate grounds), or if we processed your data unlawfully. For instance, if you want us to delete correspondence you sent, or remove your email from our systems entirely, you can ask us. We will comply unless we are required to keep the data for legal reasons. Note that this right is not absolute – for example, we might retain some minimal information to honor an unsubscribe request or if needed for legal claims. But if we must refuse a deletion request, we will explain why. (This aligns with GDPR Article 17 and the FADP’s provisions on deletion of data no longer needed cookieyes.com.)
Right to Data Portability: For data you have provided to us and which we process by automated means on the basis of consent or contract, you have the right to obtain a copy in a structured, commonly used, machine-readable format, and you have the right to transmit that data to another controller (or have us transfer it for you, where technically feasible). In practical terms, this right mainly applies to data like your profile or account data (for example, if we had a user account system) or data you actively provided. In our context, this might be less applicable since we process limited data, but if you wish to have your newsletter subscription data or correspondence ported to another service, we will do our best to accommodate (GDPR Article 20; the new Swiss FADP also introduces a right to data portability dlapiperdataprotection.com).
Right to Withdraw Consent: If we are processing any of your data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing that happened before your withdrawal. For example, you can unsubscribe from the newsletter (withdrawing consent to receive marketing emails), or if in the future we ask for consent to use cookies or certain features, you can change your mind and opt out. Withdrawing consent is as easy as giving it – for the newsletter, simply click “unsubscribe” in any email or contact us to remove you, and for analytics cookies, you can adjust your cookie settings or use the opt-out methods described above. Once consent is withdrawn, we will stop the relevant processing.
Right to Object to Processing: (GDPR-specific) You have the right to object to certain types of processing of your personal data when it is based on our legitimate interests, and to any processing for direct marketing purposes. For instance, if we were processing your data for a purpose you don’t agree with, you can object and we must review if our interest in processing it is overridden by your rights and interests. In practice, we handle very little data under “legitimate interests” (mostly analytics and security logs). If you object to our use of Google Analytics tracking your visits, you can exercise this right by declining cookies or using the opt-outs mentioned; we treat that as an objection and will not process your data via analytics. If we were ever to send direct marketing (aside from the newsletter you explicitly signed up for), you can object or opt-out, and we would stop. Under Swiss law, there is not a direct explicit right to object spelled out; however, the FADP does state that a data subject’s explicit objection means their data should not be processed against their will privacylegal.ch. Thus, even for Swiss users, if you inform us of your objection to any particular data processing, we will honor it to the extent required by law.
Right to Restriction of Processing: You have the right to request that we restrict processing of your personal data in certain circumstances – for example, while a complaint about data accuracy or objection to processing is being evaluated, or if you want us to preserve data for you but not process it further. When processing is restricted, we can store the data but not use it until the issue is resolved (except for certain allowed purposes like legal claims). If you believe one of these conditions applies to your case, let us know, and we will assess and comply if appropriate (GDPR Article 18). Under the FADP, a similar outcome can be achieved by exercising your rights to correct or by objecting, as Swiss law expects controllers not to process data against a person’s will when there’s no justification.
Right not to be subject to Automated Decisions: We do not engage in automated decision-making or profiling that would produce legal effects or similarly significant effects on you. This right (GDPR Article 22) is mentioned for completeness. If that ever changes, we will inform you and ensure you have the right to human intervention and to contest decisions.
Right to Lodge a Complaint: If you believe we have infringed your privacy rights or violated data protection laws, you have the right to lodge a complaint with a supervisory authority.
For Swiss residents: You can contact the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland. Website: https://www.edoeb.admin.ch.
For EU residents: You have the right to complain to the data protection authority in the EU member state of your residence, place of work, or where the alleged infringement occurred. For example, if you are in the EU, you might reach out to your country’s Data Protection Authority (DPA). A list of national DPAs can be found on the European Data Protection Board’s website.
We kindly ask that you consider raising any concerns with us first, so we can try to resolve them directly. We take privacy seriously and will do our best to address any issue. However, you are free to go directly to the authorities if you wish.
To exercise any of your rights, please contact us via the contact information provided in the Data Controller and Contact Information section. We may need to verify your identity before fulfilling certain requests (to ensure we don’t disclose your data to someone else). We will respond to your request as soon as possible, and at least within the timeframe required by law (generally within 30 days for GDPR, with possibility of extension if necessary). There is no fee for making a request, except in cases of manifestly unfounded or excessive/repetitive requests where a reasonable fee may be charged as allowed by law.
Note for European Union users: Because our website is based in Switzerland but also serves EU users, we want to emphasize that we provide the same level of data protection and rights to EU users as required by GDPR. Switzerland is considered to have an adequate level of data protection essentially equivalent to the EU’s dlapiperdataprotection.com. We are committed to upholding those standards. If any differences exist between Swiss law and GDPR, we will act in compliance with the stricter standard or as required in the context of your data. For example, even though Swiss law may not explicitly enumerate a right to object, as mentioned, we will respect an EU user’s GDPR right to object fully, and similarly honor it for Swiss users as a matter of good practice.
Our website is not directed to children under the age of 16, and we do not knowingly collect personal data from children. If you are under 16 (or a higher minimum age in your jurisdiction for us to lawfully collect your data), please do not submit any personal information through our contact form or sign up for our newsletter. If we learn that we have inadvertently collected personal data from a child without appropriate consent, we will take steps to delete that information promptly. Parents or guardians who believe that we might have received information from a child may contact us and request deletion. (The age threshold for consent in Switzerland is 16 for information society services, aligning with GDPR in most cases, unless local laws set a different age in an EU country, which we will respect as applicable.)
We may update or revise this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will post the updated policy on this page and update the “Last Updated” date at the top. If the changes are significant, we may also provide a more prominent notice (such as a notification on our homepage or an email to newsletter subscribers informing them of the update). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
If we plan to use your personal data for a new purpose not originally outlined in this policy, we will notify you (and if necessary, seek your consent) before starting that processing. Your continued use of our website after any changes to this Privacy Policy signifies your acceptance of the updated terms, to the extent permitted by law.
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please do not hesitate to contact us:
By Email: welcome@richardcunha.ch
We will be happy to assist you and provide any additional information you may need. Your privacy and trust are paramount to us, and we value the opportunity to clarify our practices or address any issues.
Thank you for reading our Privacy Policy. We appreciate your trust in us and are committed to keeping your personal information secure.
