Privacy policy.
Information pursuant to the European Union General Data Protection Regulation (GDPR) and, where applicable, the Swiss Federal Act on Data Protection (FADP).
Last updated: 11 July 2026 | This privacy policy applies to the website https://www.akts.dev and its subpages.
This privacy policy explains the nature, scope and purpose of the processing of personal data — hereinafter referred to as “data” — in connection with our online offering, contact enquiries and associated services. The term “processing” is used in the sense of the GDPR.
1. Controller
AKTS Microsystems UG (haftungsbeschränkt)
Am Rosengarten 7
55131 Mainz
Germany
Phone:
+41 76 724 44 22
E-Mail:
info@akts.dev
The “controller” is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (Article 4(7) GDPR).
2. Data protection officer
We have currently appointed the following data protection officer:
Aljoscha Kretschmann
E-Mail:
ak@akts.dev
Address: Fuhrenweg 9, 3114 Wichtrach, Switzerland
3. Legal bases
Where the GDPR applies, we process data in particular on the following legal bases:
- Article 6(1)(a) GDPR — consent: for example, for optional cookies, statistics or marketing services where such services are activated.
- Article 6(1)(b) GDPR — performance of a contract and pre-contractual measures: for example, for enquiries, quotations, project execution and support.
- Article 6(1)(c) GDPR — legal obligation: for example, for commercial and tax-law retention and evidence obligations.
- Article 6(1)(f) GDPR — legitimate interests: for example, for IT security, prevention of misuse and fraud, fault analysis and secure, stable website operation.
Where the Swiss Federal Act on Data Protection (FADP) applies, processing is performed in accordance with its principles, in particular lawfulness, proportionality, purpose limitation, transparency and data security.
4. Data categories
Depending on use, type of contact and contractual relationship, the following categories of data may in particular be processed:
- Master data: Name, company, function and address.
- Contact data: Email address and telephone number.
- Content data: Message content, attachments and project documents.
- Usage and metadata: Access times, pages accessed, referrer and user agent.
- Log data: IP address and system events, such as error and security logs.
- Contract and billing data: Quotation and order data, service records and billing data.
5. Purposes of processing
- Provision and operation of the website.
- IT security, misuse detection and fault analysis.
- Processing of contact enquiries and communications.
- Initiation, execution and documentation of contracts and projects.
- Compliance with statutory obligations, particularly under commercial and tax law.
- Where activated in future: audience measurement, marketing or integration of external content on an appropriate legal basis.
6. Hosting, server log files and CDN
When our website is accessed, the hosting provider and/or web server automatically records data in server log files. This processing is technically necessary to deliver the website, analyse faults and ensure the security of server operation.
Typical log data
- IP address, shortened or anonymised where configured accordingly
- Date and time of access
- Requested URL and HTTP status code
- Referrer URL
- User agent including information about the browser and operating system
- Volume of data transferred
Legal basis
The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in secure and stable operation, attack detection and fault analysis. Where access serves the initiation or performance of a contract, Article 6(1)(b) GDPR may additionally apply.
Hosting provider
Hosting is provided by Hetzner Online GmbH, Germany. Where the hosting provider processes personal data on our behalf, processing is governed by a data processing agreement pursuant to Article 28 GDPR.
Under the current website concept, no external content delivery networks are used for tracking or marketing purposes. If a CDN or other external services are integrated in future, this privacy policy will be supplemented with information on recipients, processing locations, third-country transfers and appropriate safeguards.
7. Cookies and consent management
Cookies are small text files stored on an end device. We distinguish between technically necessary cookies or comparable storage technologies and optional services for statistics or marketing.
By default, the website currently uses no tracking cookies and no analytics. Theme and language preferences can be stored in local browser storage (localStorage) on the end device. These values are not transmitted to AKTS Microsystems solely by being stored locally and can be deleted at any time using browser functions.
| Category | Purpose | Legal basis | Retention period |
|---|---|---|---|
| Necessary | Operation, security and local theme and language preferences | Article 6(1)(f) GDPR, and where applicable point (b) | Session, technically defined duration or until deletion in the browser |
| Statistics | Audience measurement | Article 6(1)(a) GDPR, where activated | Currently not used; service-specific information will be provided upon activation |
| Marketing | Personalisation or retargeting | Article 6(1)(a) GDPR, where activated | Currently not used; service-specific information will be provided upon activation |
If optional cookies or comparable services are used in future, they can be rejected or consent can be withdrawn via a consent-management mechanism. Cookies and local storage values can also be deleted or blocked in browser settings. Blocking technically necessary functions may restrict website functionality.
8. Contact
When you contact us, for example by email, telephone or using the contact form function provided on the website, the information transmitted is processed to handle the enquiry and possible follow-up questions.
Data processed
- Name, company and contact details
- Message content and any attachments
- Metadata and log data such as time and technical email headers
Under the intended technical design, the contact form used on the website prepares an email in the user's local email application. The form data entered is not stored by the website in a server-side form database.
Legal basis
The legal basis is Article 6(1)(b) GDPR where the communication relates to pre-contractual measures or a contractual relationship. In other cases, processing is based on Article 6(1)(f) GDPR and our legitimate interest in handling and responding to business communications.
Retention period
Data is generally retained until processing of the matter has been completed. Further retention may be required due to statutory retention obligations or legitimate interests, particularly documentation, evidentiary purposes and the establishment or defence of claims.
9. Customer and project communication
In connection with quotations, contracts and project execution, we process data of contacts in a B2B context and, where applicable, data of other persons to the extent required to provide the services.
Purposes
- Quotations, order confirmations, project planning and project execution
- Support and incident and change communications
- Billing, accounting and evidentiary documentation
Legal basis
Processing is based on Article 6(1)(b), Article 6(1)(c) and Article 6(1)(f) GDPR. Legitimate interests include IT security, project documentation and the establishment, exercise or defence of legal claims.
Processing on behalf of customers
Where we act as a processor for customers, for example in connection with managed services, hosting or support access, processing is performed exclusively on documented customer instructions and on the basis of a data processing agreement pursuant to Article 28 GDPR.
10. Applications
If you apply to us, we process the data you submit in order to conduct the application procedure.
Legal basis
Processing is based on the statutory provisions applicable to the initiation of an employment relationship and, where applicable, on consent, for example for inclusion in a talent pool.
Retention period
Application data is generally retained until the application procedure has been completed. Further retention occurs only where legally permitted or required or where corresponding consent has been given. As a guideline, retention for up to six months after completion of the application procedure may be required.
11. Recipients, processors and third-country transfers
We disclose data only where required for contractual performance, where a legal obligation exists, where consent has been given or where a legitimate interest exists and is not overridden by the interests of the data subject.
Typical categories of recipients
- IT service providers and hosting providers
- Communication services, such as email providers
- Payment service providers and banks, where applicable
- Tax advisers and auditors in connection with statutory or contractual duties
- Public authorities and courts where legally required or for the enforcement of legal rights
Processing pursuant to Article 28 GDPR
Where required, we conclude a data processing agreement with service providers that process personal data on our behalf.
Third-country transfers
Where data is transferred to countries outside the European Union or the European Economic Area, this occurs only where a valid legal basis and appropriate safeguards are in place. These may include an adequacy decision, standard contractual clauses and additional technical and organisational measures.
12. Retention and deletion
We delete personal data once the purpose of processing no longer applies and no statutory retention obligations or overriding legitimate interests prevent deletion. Longer retention may in particular be required for the establishment, exercise or defence of legal claims.
Guideline periods
- Server log files: generally 7 to 30 days, depending on security requirements and technical configuration.
- Contact enquiries: until processing is completed and, where applicable, for a further 12 months for evidence and follow-up.
- Contract, commercial and billing documents: in accordance with the applicable statutory periods; different retention periods may apply depending on the document type.
13. Data subject rights
Where the GDPR applies, data subjects have in particular the following rights:
- Access pursuant to Article 15 GDPR
- Rectification pursuant to Article 16 GDPR
- Erasure pursuant to Article 17 GDPR
- Restriction of processing pursuant to Article 18 GDPR
- Data portability pursuant to Article 20 GDPR
- Objection to processing based on legitimate interests pursuant to Article 21 GDPR
- Withdrawal of consent at any time with effect for the future pursuant to Article 7(3) GDPR
- Complaint to a competent supervisory authority pursuant to Article 77 GDPR
Right to object pursuant to Article 21 GDPR
Where we process data on the basis of Article 6(1)(f) GDPR, you may object to the processing at any time on grounds relating to your particular situation.
The Swiss FADP also provides rights of access and, depending on the circumstances, rights to disclosure or transfer, as well as further rights. Competencies and procedures may differ from those under the GDPR.
To exercise your rights, you may contact info@akts.dev or the data protection officer named above.
14. Data security
We implement appropriate technical and organisational measures pursuant to Article 32 GDPR to protect personal data against accidental or intentional manipulation, loss, destruction or unauthorised access.
These include in particular:
- Access and permission controls
- Transport encryption using TLS
- Logging of security-relevant events
- Backup and recovery concepts
- Permission concepts based on the need-to-know principle
- Regular technical review and adjustment of safeguards to the risk and system context