Skip to main content
Legal

Privacy Policy

Last updated: 20 May 2026

1. Introduction

FairIT Solutions ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information about you when you use our website at fairitsolutions.ch, our consultation services, and any communications you have with us.

This policy is designed to meet the requirements of the EU General Data Protection Regulation (GDPR), the revised Swiss Federal Act on Data Protection (revFADP), and India's Digital Personal Data Protection Act, 2023 (DPDP Act).

2. Who we are

FairIT Solutions is headquartered in Switzerland (the data controller for the purposes of GDPR and the revised Swiss FADP) and operates a delivery hub in India that processes data on behalf of the Swiss entity. The same protection standards apply across both jurisdictions.

3. Data we collect

  • Contact information: name, email address, phone number, company name, job title
  • Communication data: messages you send us via contact forms, email, calls, or chat
  • Engagement data: budget bands, timelines, service interests, company size (provided during consultation requests)
  • Technical data: IP address, browser type, device, pages visited, referrer, session duration (via privacy-respecting analytics)
  • Marketing data: newsletter subscription status, click and open data on emails you receive from us

We do not knowingly collect data from individuals under 16.

4. How we use your data

  • To respond to enquiries and deliver our services
  • To prepare proposals, scopes, and engagement documents
  • To send transactional and service-related communications
  • To send marketing communications where you have opted in (or where permitted as a soft opt-in to existing clients)
  • To improve our website, services, and user experience
  • To detect, prevent, and respond to fraud or abuse
  • To comply with legal, tax, and accounting obligations

5. Legal basis for processing (GDPR Art. 6)

  • Consent: for marketing emails and non-essential cookies
  • Contract: to provide the services you have requested
  • Legitimate interests: service improvement, security, business development with B2B contacts where reasonably expected
  • Legal obligation: tax, accounting, regulatory compliance

Under the India DPDP Act, our lawful grounds are typically your consent and certain "legitimate uses" defined in the Act (such as responding to your enquiry or fulfilling a contract).

6. Data retention

We retain personal data only as long as necessary for the purposes set out in this policy or as required by applicable law.

  • Lead and enquiry data: 3 years from last meaningful interaction, after which it is anonymised or deleted. The 3-year period reflects the typical B2B sales cycle and post-engagement follow-up window in our industry.
  • Client engagement records: 10 years (statutory accounting and contractual requirement)
  • Newsletter subscribers: until unsubscribe request
  • Website analytics: 14 months

7. Cross-border data transfers (Switzerland ↔ India ↔ EU)

Because we operate across Switzerland and India and serve clients globally, personal data may be transferred between these jurisdictions and to sub-processors in the EU, UK, and US. We rely on the following mechanisms:

  • EU/EEA → Switzerland: covered by the European Commission's adequacy decision for Switzerland
  • EU/EEA → India: Standard Contractual Clauses (SCCs) plus supplementary technical and organisational measures
  • EU/EEA → US sub-processors: SCCs or EU-US Data Privacy Framework certification where applicable
  • India → outside India: made only in compliance with the DPDP Act and applicable notifications

8. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Erase your data ("right to be forgotten")
  • Restrict or object to processing
  • Port your data to another controller in a structured, machine-readable format
  • Withdraw consent at any time (without affecting the lawfulness of prior processing)
  • Lodge a complaint with a supervisory authority (Swiss FDPIC, your local EU DPA, or India's Data Protection Board)
  • Nominate another individual to exercise rights on your behalf in the event of incapacity (DPDP Act)

To exercise these rights, email privacy@fairitsolutions.ch. We will respond within 30 days (or 1 month under GDPR; sooner where reasonably possible).

9. Data Protection point of contact

FairIT Solutions has not formally appointed a Data Protection Officer (DPO) because our processing does not currently meet the mandatory DPO thresholds under GDPR Art. 37 (large-scale systematic monitoring or large-scale special-category processing). Privacy matters are nonetheless escalated through a single point of contact:

Privacy contact: privacy@fairitsolutions.ch

For DPDP Act matters, the same contact functions as the designated Data Protection Officer / Grievance Officer in India.

10. Data security

We implement appropriate technical and organisational measures including TLS encryption in transit, encryption at rest, role-based access control, least-privilege for sub-processors, regular security reviews, and a documented incident-response plan.

11. Breach notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the competent supervisory authority within 72 hours of becoming aware of the breach (GDPR Art. 33; revFADP).
  • Notify affected individuals without undue delay where the breach is likely to result in a high risk.
  • Notify the Data Protection Board of India in accordance with the DPDP Act and applicable rules.

12. Sub-processors and third-party services

We use trusted sub-processors to operate our services. Categories include cloud hosting and infrastructure, transactional email, customer support tooling, privacy-respecting analytics, and payment processing. All sub-processors are bound by written data-processing agreements equivalent in protection to this policy. A current list is available on request.

13. Cookies and analytics

We use a minimal set of cookies and similar technologies. Non-essential cookies (analytics, marketing) require your consent. See our Cookie Policy for details, including the specific analytics provider in use.

14. Automated decision-making

We do not engage in any automated decision-making — including profiling — that produces legal or similarly significant effects on you.

15. Changes to this policy

We may update this policy from time to time. Material changes will be highlighted on this page with a revised "last updated" date. Where required, we will obtain your consent again.

16. Contact

For privacy-related enquiries, please email privacy@fairitsolutions.ch or visit our Contact page.