Privacy Policy

This privacy policy explains how I process and protect personal data on my website in accordance with Swiss Data Protection Law (DSG).

1. Introduction and Responsibility

Data Controller

I am responsible for data processing on this website:

Luca Knobel
Mühlerain 14
3210 Kerzers
Switzerland

Email: web-portfolio@lucaknobel.ch

Applicable Law

This privacy policy is governed by the Swiss Federal Act on Data Protection (DSG, SR 235.1). The EU recognizes that Swiss data protection law ensures an adequate level of data protection.

2. General Principles and Processing of Personal Data

Definition of Personal Data

Personal data is any information relating to an identified or identifiable natural person (e.g., name, email address, IP address).

Principles of Data Processing

I process personal data according to the following principles:

• Lawfulness: All data processing is based on a legal basis
• Proportionality: I only process the data necessary for the respective purpose
• Purpose limitation: Data is only used for the stated purposes
• Transparency: You are informed about all data processing activities
• Data security: Appropriate technical and organizational measures protect your data

3. Data Processing and Purpose

On my website, I process personal data for the following main purposes:

• Provision and operation of my website
• Processing contact requests via the contact form
• Ensuring IT security and proper operation
• Fulfilling legal obligations

4. Data Processing by Categories / Services

4.1 Web Hosting and Infrastructure (Infomaniak)

This website is hosted by Infomaniak Network SA, Rue Eugène-Marziano 25, 1227 Geneva, Switzerland.
Infomaniak provides the technical infrastructure for web and email hosting and acts as a data processor according to Art. 9 DSG and Art. 28 GDPR.

When accessing this website, Infomaniak automatically collects so-called server log data. This includes:

• IP address of the requesting device
• Date and time of access
• Address of the requested page or file
• Browser type and operating system
• Referrer URL (previously visited page)

This data is technically required for the secure operation of the server and is used by Infomaniak exclusively for security, error analysis, and maintenance purposes. Log data is stored exclusively in Swiss data centers and automatically deleted after 30 days at the latest. No evaluation for marketing or tracking purposes takes place.

There is a Data Processing Agreement (DPA) between me and Infomaniak that regulates data protection-compliant processing and confidentiality of personal data.

Further Information: Detailed information about data protection at Infomaniak can be found in their privacy policy.

4.2 Contact Form and Email Sending

Purpose: Processing contact requests to me
Processed Data:

• First name
• Last name
• Email address
• Company (optional)
• Phone number (optional)
• Message subject
• Message content

Processing:

• Messages are sent via Infomaniak mail servers to my email inbox
• No permanent storage of form data on the server
• Emails are only stored in my email inbox

Legal Basis: Consent by submitting the form

Retention: Emails in my inbox are deleted after 2 years, unless needed longer

4.3 Astro Framework and TypeScript

Purpose: Technical implementation of my website
Processed Data:

• Technical data for website display
• No additional data collection by the framework itself

4.4 Analytics and Website Monitoring

Google Analytics: This website does not use Google Analytics.

Other Tracking Tools: This website does not use tracking tools or third-party analytics services.

Social Media Plugins: This website does not embed social media plugins that transmit data to third parties.

Cookie Usage: This website does not use cookies for tracking or analysis. Only technically necessary session data is processed temporarily.

5. Data Retention Period

• Server Logs: 30 days, then automatic deletion
• Contact Requests: 2 years in my email inbox, then deletion

Retention may be longer if:

• there is a legal retention obligation
• I need the data to assert legal claims
• you have expressly consented to longer storage

6. Data Disclosure (Recipients and Foreign Countries)

My Hosting Provider

Infomaniak Network SA (Switzerland) as my hosting and email service provider

• Storage exclusively in Switzerland
• Subject to Swiss data protection law
• Strict security standards and data protection guidelines

No Disclosure to Third Parties

Your personal data is not shared with third parties for advertising or marketing purposes.
No data is transmitted to Google, Facebook, or other tracking services.

Exceptions

Disclosure only occurs:

• in case of legal obligations (e.g., official orders)
• to protect my legal interests
• with your express consent

7. Data Transfer Abroad

Generally, all data is stored and processed in Switzerland. Transfer abroad only occurs in the following cases:

• When using CDN services for better performance (with adequate data protection guarantees)
• If you expressly consent
• Based on EU Commission standard contractual clauses

Switzerland has an adequacy decision from the EU Commission.

8. Rights of Data Subjects

You have the following rights regarding your personal data:

Right of Access (Art. 25 DSG)

You can request information about the personal data I store at any time.

Right to Rectification (Art. 32 DSG)

You can request the correction of incorrect personal data.

Right to Erasure (Art. 32 DSG)

You can request the deletion of your personal data, provided there are no legal retention obligations.

Right to Restriction of Processing

You can request the restriction of data processing.

Right to Object

You can object to the processing of your personal data, insofar as it is based on legitimate interests.

Data Portability

You have the right to receive your data in a structured, common format.

Complaint to FDPIC

You can contact the Federal Data Protection and Information Commissioner (FDPIC) in case of data protection violations.

Contact for Data Protection Matters: web-portfolio@lucaknobel.ch

9. Data Security

Technical Measures

• SSL/TLS Encryption: All data transmissions are encrypted (HTTPS)
• Firewalls: Protection against unauthorized access
• Regular Updates: Security patches for all systems
• Access Controls: Strict restriction of data access

Organizational Measures

• Privacy by Design: Data protection is considered from the beginning
• Minimization: Only necessary data is processed
• Pseudonymization: Where possible, data is pseudonymized

Infomaniak Security Guarantees

My hosting provider Infomaniak ensures:

• ISO 27001-certified data centers in Switzerland
• Physical security and access controls
• Regular penetration tests
• 24/7 monitoring
• Backup systems with geographical separation

Infomaniak Privacy Policy: Additional details can be found in Infomaniak’s privacy policy.

10. Additional Relevant Information

Privacy-Friendly Design

This website was deliberately developed to be privacy-friendly:

• No cookies for tracking or analysis
• No external resources from third parties (CDNs, fonts, etc.)
• No tracking scripts or analytics tools
• Local hosting: All resources are provided by my server

No Profiling or Automated Decisions

My website does not perform profiling and does not make automated decisions that have legal effect.

Minor Protection

My website is not specifically directed at minors under 16 years of age. Should I learn that data from minors has been processed without parental consent, it will be deleted immediately.

Changes to the Privacy Policy

This privacy policy may be adjusted due to changes in my services or legal requirements. The current version is always available on my website.

Contact for Questions

If you have questions about data protection, you can contact me at any time at web-portfolio@lucaknobel.ch.

Last Updated: October 12, 2025