Data Protection Notice
Introduction
As we attach great importance to the protection of your data and your privacy, we have drawn up this data protection notice to explain what we do when you visit our website www.boha-group.com.
This data protection notice only covers data processing related to our website. Specific data protection notices may apply to other services and offerings we provide.
In Switzerland, the protection of your data is based in particular on the Federal Act of 25th September 2020 on Data Protection (FADP), as well as on the Federal Ordinance of 31st of August on Data Protection (DPO). Our data protection notice, as well as our practices, is aligned with the legal provisions contained within the legislation mentioned.
Although we make every effort to simplify our data protection notice, the difficulty of understanding it stems from the language specific to the legal framework. This is why we have taken the initiative of grouping together the main definitions to make our data protection notice easier to understand, as these are taken from the FADP.
- Data subject: the natural person whose personal data is processed.
- Personal data: any information relating to an identified or identifiable natural person
- Sensitive personal data: data relating to religious, philosophical, political or trade-union views or activities; data relating to health, the private sphere or affiliation to a race or ethnicity; genetic data; biometric data uniquely identifies a natural person; data relating to administrative and criminal proceedings or sanctions; data relating to social assistance measures.
- Processing: any handling of personal data, irrespective of the means and procedures used, in particular the collection, storage, keeping, use, modification, disclosure, archiving, deletion or destruction of data.
- Controller: a private person who or federal body which, alone or jointly with others, determines the purpose and the means of processing personal data.
- Processor: the private person or federal body that processes personal data on behalf of the controller.
- Federal Data Protection and Information Commissioner (FDPIC): the authority responsible for monitoring the proper application of federal data protection provisions, in particular the FADP.
Finally, we use the term "data" interchangeably with "personal data".
Who we are and how to contact us
BOHA-Group Sàrl is the name of our company. If you have any questions about the processing of data relating to our website, you can contact us by post at the following address: BOHA-Group Sàrl, c/o Cofidex SA, Rue du Centre 142, 1025 St-Sulpice. You can also contact us by e-mail at legal@boha-group.com or our contact form.
What is our role in data protection?
When you browse our website, we may process some of your personal data. In accordance with the FADP, we are the controller.
Our role
As controller, we are responsible for determining the purposes for which we process your personal data, the manner in which it is processed, and the security measures. When we work with service providers in the course of our business, we ensure that they share our commitment to data protection and comply with the same standards we apply.
Your role
Data protection is everyone's business. We therefore encourage you to read our data protection notice.
We also encourage you, if you are one of our customers, to review the contractual documents that bind us, as these may contain additional details about how we process your data.
When and how do we collect your data?
As soon as you interact with our website for the first time, we collect data (e.g. to determine whether you consent to the use of cookies). You also provide us with your data when you contact us (e.g. via our contact form).
What categories of data do we process?
Depending on your browsing activity on our website, we may process the following categories of data about you:
Contact data
We process your contact data, such as your first name, last name, address, telephone number or email address.
Internet and connection data
For technical reasons and to improve our website, each time you use it, certain data is generated, including your IP address, information about your Internet service provider and your device's operating system, information about the referring URL, information about the browser used, the date and time of access, and the content viewed during your visit to the website.
What about sensitive data?
We do not collect or process any sensitive personal data.
What about data relating to minors?
Although access to our website is open to everyone, our services are intended exclusively for adults. We do not target minors and do not deliberately collect any personal data relating to them.
Why do we process your data?
We process your data for the purpose of communicating with you, in particular to respond to your requests and exercise your rights, as well as to inform you about our services and offerings. We also process your personal data in order to generate traffic statistics that are useful for improving our website. Finally, we process your personal data to comply with laws, directives and recommendations from authorities.
Do we take automated individual decisions?
We use various IT tools to manage our activities. These tools are designed to centralise and structure processes, improve efficiency and guarantee the quality of our services. It is important to note that we do not take any automated individual decisions with the help of these IT tools.
What are your rights?
Your rights vary according to the specific circumstances and may be subject to exceptions. In general, the FADP provides for the following.
- You have the right to access your data.
- You have the right to request that your data be provided or transmitted in a commonly used electronic format.
- You have the right to have inaccurate data corrected.
- You have the right to object to the processing of your data.
- You have the right to request the deletion or destruction of your data.
- You have the right to demand that an automated individual decision be reviewed by a natural person.
If you wish to exercise any of the above rights, please contact us. In order to prevent misuse, we must first identify you (e.g. by means of a copy of your identity card, if no other means of identification is possible). Please note that conditions, exceptions and restrictions may apply to the exercise of these rights under the FADP (e.g. to protect third parties or trade secrets). We will inform you if this is the case.
If you believe that we are processing your data in contravention of data protection provisions, you also have the option of reporting us to the FDPIC. We encourage you to inform us first, so that we have the opportunity to address your concerns. If we are unable to do so, you can contact the FDPIC by following the instructions given on his website.
How do we keep your data safe?
We take appropriate security measures, such as encryption, to keep your personal data safe and make sure it stays private, secure, and available, and that you can trace it. Unfortunately, we can't guarantee that your data will always be completely safe. If you think your personal data has been compromised, please let us know right away.
Where is your data stored?
The personal data we collect and process is stored on our premises, as well as in the processing centers operated by our service providers.
How long do we keep your data?
We process your personal data for as long as the purpose of processing requires it, for as long as we have a legitimate interest in preserving it (e.g. to enforce our rights, for archiving purposes or to ensure IT security) and for as long as the data is subject to a legal retention obligation. For some data, the retention period is, for example, ten years. Once these periods have elapsed, we destroy your personal data.
Who do we share your data with?
The management of our website involves collaboration with specialized external service providers, particularly for its creation, maintenance and hosting. We collaborate with service providers recognized in their field of expertise to ensure the smooth running of our website, and more generally the quality of our services. Within the framework of these collaborations, it may be necessary to communicate your data to our service providers. Please be assured that these communications are strictly limited to what is necessary and are carried out in compliance with the legal framework.
Where personal data is transferred to a service provider located outside Switzerland or the European Economic Area (EEA) and not offering an adequate level of protection, we require that the service provider undertakes to comply with the applicable data protection legislation (for this purpose, we use the revised standard contractual clauses of the European Commission), unless the service provider is already subject to a legally accepted set of rules designed to guarantee data protection (Swiss-U.S. Data Privacy Framework) or we can invoke an exception.
Our service providers
| Service Provider | Goal | Place of treatment |
|---|---|---|
| Webflow | Webflow is an online website builder and hosting service that we use to host and manage our website. | USA |
| Cloudflare | Cloudflare is a provider of online security and analytics solutions that we use to ensure the availability and security of our website. | EEA/USA |
| Google Analytics | Google Analytics is an analytics service we use to monitor the use of our websites and compile reports on user activity. | EEA/USA |
| CookieScript | CookieScript provides the cookie consent banner and manages cookie preferences to ensure GDPR/CCPA compliance. | EEA |
Which cookies do we use?
Our website uses cookies. For each service, you can access the list of cookie types by clicking on our cookie banner.
How can I block cookies?
You can block cookies by activating a setting in your browser that allows you to refuse the installation of cookies. You can also use our cookie banner to manage your preferences. If you use your browser settings to disable, reject or block cookies, some parts of our website may not function properly. In some cases, our website may not be accessible at all. Please note that when third parties use cookies, we have no control over how these third parties use these cookies.
What about social networks?
We operate our own presences on social networks and other platforms (e.g. Facebook, Instagram, YouTube, LinkedIn et TikTok). When you communicate with us on these sites or comment on or post content there, we collect data that we use primarily to communicate with you. For more information on the processing of platform operators, please consult the relevant data protection notices. There you will also find information on the countries in which they process your data, your rights of access and erasure of data and other rights of data subjects, as well as how you can exercise these rights or obtain further information.
Company Contact and Communication Services
1. Company Contact Number
The telephone number +41 24 539 18 81 is the official contact for BOHA-Group Sàrl, intended solely for general corporate inquiries matters.
2. Communication Nature & Disclaimers
BOHA-Group Sàrl is not a telecommunications service provider. All communication features within the applications (calls, chat) operate exclusively via internet protocols (VoIP and data messaging) and are separate from traditional telephone services.
For app technical support, please use the in-app chat feature for a quicker response.
This company contact number and the application's communication features are NOT for emergency services (e.g., 112, 911). Users must use standard mobile/landline services for emergencies. BOHA-Group Sàrl disclaims all liability for the inability to reach emergency services.This number may also be used to verify our WhatsApp Business API account for official communication over the WhatsApp network.
Final provisions
We reserve the right to amend the terms of this data protection notice at our absolute discretion. Any amended version will be posted on our website.
Last update: 07/28/2025
