Data Privacy Policy

How VNC collects, uses, and safeguards your personal data (English version).

1. Scope and Controller

VNC – Virtual Network Consult AG ("VNC", "we", "us") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (vnclagoon.com) or interact with our services. We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

The responsible data controller for all data processing described herein is:

VNC – Virtual Network Consult AG
Poststrasse 24
6302 Zug
Switzerland
Email: privacy@vnc.biz
Phone: +41 41 7275200

2. Technical Data Processing on Our Website (Server Log Files)

For technical and security reasons, our servers automatically collect details transmitted by your browser whenever you access the website. This information is stored in server log files and includes:

  • The type and version of your web browser
  • Your operating system
  • The Referrer URL (the website that linked or redirected you to our site)
  • Specific subpages visited on our website
  • Date and time of your inquiry and server access
  • Your Internet Protocol (IP) address

This anonymous standard technical data is stored separately from any other personal information you may provide and cannot be associated with any specific natural person. The processing is carried out to ensure stable website presentation, secure system administration, and technical troubleshooting (Legitimate Interests under Art. 6(1)(f) GDPR / Art. 31(1) FADP).

3. Cookies and Consent Management

Our website utilizes so-called "cookies" to recognize repeat visits, preference defaults, and aggregate usage details. Cookies are small text files downloaded by your Internet browser and stored locally on your device.

  • Strictly Necessary / Essential Cookies: These cookies are technically necessary for standard website features and do not track personal behavior details.
  • Performance & Marketing / Performance, Analytics, and Consent Cookies: Optional cookies loaded to map analytics behavior, optimize speed, and cache user-specific selections. These are only enabled if you explicitly grant permission through our cookie preference banner.

You can completely disable cookie storage or modify settings through your individual browser software settings. Please note that disabling essential cookies may limit the overall user interface functionality of some features.

4. Confirmed Active Integrations & Third-Party Services

To offer interactive media, modern communications, and accurate analytics, our website integrates specific third-party services. These are described below:

A. Google Analytics (with IP Anonymization)

We use Google Analytics, a web analysis service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google"). Google Analytics employs cookies of its own to aggregate website activity reports.

We utilize Google Analytics exclusively with an active IP anonymization feature. This ensures that your IP address is truncated and anonymous within Member States of the European Union or other signatory states of the European Economic Area (EEA) agreement before being transmitted to servers in the United States. Google uses this to evaluate website performance and assemble metrics on our behalf. Google states that it will never merge your IP address with other records or files. You can completely opt-out of Google Analytics data collection by utilizing the official browser add-on available at: https://tools.google.com/dlpage/gaoptout

B. Firebase Cloud Messaging (FCM)

For our collaborative application products and specific real-time interfaces, we utilize Google Firebase Cloud Messaging (FCM) to transmit instant push notifications. The notification structure forwards technical configuration data to Firebase on an anonymous basis. Google Firebase belongs to Google LLC (USA). Additional details are available under the Google Firebase Terms of Service and Privacy Policy.

C. Google reCAPTCHA

To secure our interactive website inquiry forms, contact fields, and vacancy applications, we utilize Google reCAPTCHA. This tool checks whether the inputs are generated by a human operator or an abusive automated program. reCAPTCHA processes details such as IP address, referrers, browser configurations, browser stay duration, and mouse interactions. This represents a legitimate enterprise utility to filter spam and secure company communication channels.

D. Embedded YouTube Videos

We embed YouTube video components on our pages, hosted by YouTube LLC (901 Cherry Ave., San Bruno, CA 94066, USA; a subsidiary of Google). We have enabled YouTube's "Enhanced Data Protection Mode". This ensures that YouTube does not collect, record, or track website visitor information unless you actively press play to view the video.

E. Social Media and Professional Network Widgets (Facebook, X, LinkedIn)

Our website includes static widgets or buttons representing professional and social media platforms (Facebook Inc., Palo Alto, USA; X Corp., San Francisco, USA; LinkedIn Corporation, Mountain View, USA). These elements act as simple external links in their default state. A connection to the respective external servers is only established if you actively click on the respective icon. If you click on these widgets while logged into your personal network profiles, the platforms may associate the website visit directly with your user account. To prevent this, please log out of your external social accounts before interacting with these links.

5. Enterprise Recruitment and Contact Forms

Our website features registration inputs, newsletter subscription structures, demo scheduling fields, and career recruitment forms. Collected information in these contexts may contain details such as name, email address, corporate entity, address, qualifications, and attached application sheets.

  • Purpose of Collection / General Contact & Demo Requests: Processed strictly to address individual business inquiries and organize professional demonstrations (Performance of Contract / Pre-contractual measures).
  • Application Data / Employment Vacancies: Candidate files are processed electronically for the administrative duration of the recruitment phase. Rejected dossiers are completely deleted after a statutory timeline of two (2) months following formal notification, unless the candidate actively consents to a longer retention period within our talent pool framework.

6. Dedicated Protection for VNClagoon Product Modules

Within the framework of licensing, customer registration, and user setups for our sovereign application units (including VNCproject, VNCtask, VNCtalk, VNCmail, and others), the following principles apply:

  • Account Data: Basic setup requires identity coordinates, consisting of first name, last name, enterprise affiliation, and an active business email address. These details are processed solely to administer active product access, enforce licenses, and maintain support communication.
  • Data Sovereignty / SaaS vs. On-Premise / Self-Hosted: For self-hosted and on-premise license models, all database assets, user interaction logs, and files remain strictly inside our customers' sovereign local infrastructure. In hosted cloud scenarios (SaaS), VNC functions purely as a Data Processor under a structured Data Processing Agreement (DPA). The corporate customer remains the sole Data Controller of customer database operations.
  • Support Logs / Ticket and Project Logs: The collection of error logs, trace scripts, and support tickets within VNClagoon products is strictly kept for resolving operations, project coordination, and fixing product errors. Shared support attachments are never shared with unauthorized third parties.

7. International Data Transfers and Safeguards

VNC is headquartered in Zug, Switzerland. While we prioritize sovereign local hosting options, certain third-party integrations (such as Google and US cloud subsidiaries) may process data in the United States or other global jurisdictions. Whenever data is transferred to a region that lacks an adequate level of statutory protection, we enforce robust legal safeguards. These include concluding EU Standard Contractual Clauses (SCCs) modified for Swiss compatibility, implementing structural data minimization (e.g., IP anonymization), and ensuring technical transport encryption.

8. Data Retention Periods

We keep your personal information only as long as necessary to fulfill the specific purposes of collection, or to satisfy legal and accounting obligations. For example:

  • Website log files are cleared after a structural troubleshooting cycle (typically 14 to 30 days).
  • Corporate contact replies and pre-contractual inquiries are archived upon closure, subject to statutory corporate retention periods of up to 10 years (under the Swiss Code of Obligations).
  • Newsletter subscription settings remain active until consent is revoked via an unsubscribe link.

9. Your Statutory Rights

As a data subject, you hold comprehensive rights under the Swiss nFADP and EU GDPR:

  • Right to Access (Art. 25 FADP / Art. 15 GDPR): The right to request a formal summary of all personal files stored by us.
  • Right to Rectification (Art. 32 FADP / Art. 16 GDPR): The right to enforce immediate adjustment of outdated or incorrect files.
  • Right to Erasure (Art. 32 FADP / Art. 17 GDPR): The right to request erasure of your data, provided no Swiss archive laws block the request.
  • Right to Restriction and Objection (Art. 18/21 GDPR): The right to claim limited processing or halt further automated data processes.
  • Right to Data Portability (Art. 28 FADP / Art. 20 GDPR): The right to receive your personal data in a structured porting format.

To submit an active rights request, please email our security officer directly at privacy@vnc.biz.

10. Supervisory Authority and Right to File Complaints

You have the right to file a formal complaint with the competent national regulatory entity if you believe our data handling deviates from legal requirements:

Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
CH - 3003 Berne
Switzerland
Website: https://www.edoeb.admin.ch

For European residents, complaints can also be filed with your respective national European Union Supervisory Authority.