Data handling information for participants of NetzMaxKlug training services.

General information on personal data processing

This privacy notice explains how NetzMaxKlug collects, uses and stores personal data in connection with digital safety awareness courses delivered via NetzMaxKlug.info. The document describes the categories of data processed, the purposes of processing, legal bases, recipients, retention periods and the rights available to individuals. Information is provided in clear, factual language to support informed decisions by learners and organisational clients. NetzMaxKlug operates from Seebacherstrasse 83, 8052 Zurich, Switzerland and processes data in line with applicable Swiss data protection law and, when relevant, the EU General Data Protection Regulation (GDPR) for EU-based data subjects. The policy covers data collected directly from users, data generated through course interactions, and data received from third-party service providers that enable platform functionality. Measures are in place to mitigate risks to personal data, including technical and organisational safeguards, but no system can eliminate all risks; users are encouraged to review the details below and contact our data protection contact for clarifications.

15-02-2026
NetzMaxKlug GmbH, CHE-029.752.545
Seebacherstrasse 83, 8052 Zurich, Switzerland
[email protected]
01

Key definitions

The terms used in this policy are defined to provide clarity about the meaning of specific expressions. These definitions apply whenever the corresponding terms are used in the document.

Personal data means any information that relates to an identified or identifiable natural person, such as name, contact details, user identifiers, and any information linked to an individual’s account or platform activity. Processing refers to any operation or set of operations performed on personal data, whether automated or manual, including collection, recording, organisation, storage, consultation, use, disclosure, erasure and destruction. User denotes any natural person who registers for or accesses training content offered by NetzMaxKlug, including individual learners and representatives of subscribing organisations. Service refers to the delivery of digital safety awareness courses, associated assessments, reporting tools and platform features accessible through NetzMaxKlug.info. Cookies are small text files placed by the website on a user’s device to store information about the user’s session, preferences or device identifiers; similar technologies include local storage and pixel tags.
02

What data we collect

We collect data necessary to provide training services, to maintain platform operations, and to comply with contractual and legal obligations. Collection methods include direct submission by users, automatic technical collection during platform use, and data received from third-party service providers engaged to support the service.

Data you provide directly

When registering or using the platform, users may provide the following types of personal information necessary for account management and course delivery.

  • Identifiers: name, username, email address and phone number when provided voluntarily.
  • Account details: organisation name (if applicable), role or job title, and billing information for paid subscriptions.
  • Training records: course enrolments, progress data, assessment scores and completion status.
  • Support communications: messages platform with our support team or submitted via contact forms.
  • Profile data: preferences set in the user profile and consent choices for communications.
  • Optional feedback: survey responses and anonymised qualitative feedback submitted to improve course content.

Automatically collected data

The platform collects certain technical and usage information automatically to ensure correct operation, to measure service performance and to improve the user experience.

  • Device and browser information such as browser type, operating system, and device identifiers.
  • Log data including IP addresses, timestamps of access, pages viewed and actions taken within the platform.
  • Usage metrics such as session duration, module completion rates and interaction events.
  • Cookie and local storage data used to remember language preferences and session status.
  • Analytics data aggregated to understand trends and platform performance while minimising identification of individuals.
  • Security-related events such as failed login attempts and other signals used to detect and respond to potential misuse.

Data received from third parties

We may receive data from third-party services where integration or a contractual relationship exists, subject to the third party’s data handling practices and applicable agreements.

  • Identity and contact information provided by an employer or training administrator for bulk enrolment.
  • Payment processor information limited to billing and transaction identifiers needed to record purchases.
  • Authentication providers when users sign in via third-party identity services.
03

Purposes of processing

Personal data is processed for specific, legitimate purposes directly related to the operation of the training services and user support.

  • Provision and administration of accounts, course access and user profiles.
  • Delivery of course content, progress tracking, assessment grading and issuance of completion records.
  • Customer support, responding to inquiries and managing service requests.
  • Platform maintenance, security monitoring and prevention of abuse.
  • Billing, invoicing and business record keeping for paid subscriptions.
  • Aggregated analytics to monitor service performance and to improve content and user experience.
  • Compliance with legal obligations and handling of lawful requests from authorities.
  • Communication of administrative messages, policy updates and service-related information.

Legal bases for processing

Where the GDPR applies, processing is carried out on the legal bases appropriate to each purpose. For processing under Swiss law, we rely on analogous legal grounds such as contract necessity or legitimate interests.

  • Performance of a contract: processing required to provide the requested training services and fulfil subscription terms.
  • Legal obligation: processing necessary to comply with applicable statutory duties.
  • Legitimate interests: processing for platform security, fraud prevention and maintenance of service quality, balanced against user rights.
  • Consent: where specific processing (such as optional marketing communications) relies on user consent, users may withdraw consent at any time.

Information for data subjects under GDPR

If you are located in the EU or otherwise a data subject under the GDPR, the following information supplements the general policy and explains rights and methods to exercise them under the GDPR framework.

  • You may request access to personal data we hold about you and obtain a copy of that data in a structured format where applicable.
  • You may request rectification of inaccurate personal data and provide additional information to complete incomplete data.
  • Subject to legal limits, you may request erasure of personal data or restriction of processing in certain circumstances.
  • You have the right to data portability for personal data processed on the basis of consent or contract and carried out by automated means.
  • You may object to processing based on legitimate interests where you consider your rights and freedoms override those interests; NetzMaxKlug will assess such requests individually.
  • You may lodge a complaint with an EU supervisory authority or the Swiss Federal Data Protection and Information Commissioner as applicable.
04

Cookies and similar technologies

Cookies and related technologies are used to support core platform functions, to collect analytics and, with consent where required, to enable certain personalisation features.

Common categories include strictly necessary cookies for authentication and session management, performance cookies for aggregated analytics, and functional cookies to store user preferences.

Strictly necessary: required for login and secure platform operation. Performance: collect anonymous usage statistics. Functional: remember language and display preferences. Marketing: not used by NetzMaxKlug in standard configurations without explicit consent.

Most browsers allow users to block or delete cookies via settings. Users may also manage consent choices presented by the platform. Disabling certain cookies may affect functionality or the user experience.

Detailed cookie information and consent settings are available in the cookie management section on NetzMaxKlug.info.

Data sharing and recipients

We share personal data only with parties necessary to provide the service or where required by law. Third parties engaged to process data do so under contractual arrangements that limit their use to specified purposes.

  • Hosting and infrastructure providers that store and serve course content and user data.
  • Analytics and reporting providers that process aggregated usage data to help improve the platform.
  • Payment processors for handling subscription payments and billing records.
  • Organisational clients who have enrolled employees and receive aggregated training records according to their subscription agreement.
  • Legal and regulatory authorities when disclosure is required by applicable law or court order.
  • Other service providers engaged to deliver specific features such as email delivery, customer support tools and security monitoring.

International transfers of personal data

Personal data may be transferred to and processed in countries outside Switzerland or the European Economic Area where service providers are located. Such transfers are conducted under appropriate safeguards in accordance with applicable law.

Where transfers occur to jurisdictions without an adequacy decision, NetzMaxKlug relies on standard contractual clauses, data processing agreements and technical measures to provide an adequate level of protection. Details can be requested from our data protection contact.

Data retention

Retention periods vary according to the type of data and the purpose of processing. We retain personal data only as long as necessary to fulfil the purposes described and to comply with legal obligations.

Account information and profile data are retained for the duration of the active subscription and for a defined period thereafter to support potential reactivation and for record keeping in line with accounting obligations.

Support messages and communications are retained for customer service purposes and for a period necessary to manage disputes or to comply with legal retention requirements.

System logs and security-related records are retained for a limited period needed for incident analysis, fraud detection and security monitoring, after which they are deleted or anonymised.

Upon account deletion requests, NetzMaxKlug removes personal data from active systems within the stated retention intervals; some information may be retained in backups or logs for a limited additional period as required by law or for legitimate administrative purposes, after which it is deleted or irreversibly anonymised.

Security measures

NetzMaxKlug implements a combination of organisational and technical measures to protect personal data against unauthorised access, accidental loss, and unlawful processing. Security practices are reviewed periodically and updated in response to evolving risks and technological change. Access to personal data is limited to authorised personnel with a defined need to perform their duties, and service providers are contractually required to apply appropriate safeguards.

  • Encryption in transit using TLS for data platform between users and the platform, and encryption at rest where appropriate.
  • Access control: role-based access to personal data for staff and instructors, with routine reviews to limit exposure.
  • Encryption and backups: personal data stored with industry-standard encryption in transit and at rest; regular backups and tested recovery procedures.
05

Your rights

Users have a set of data protection rights under applicable Swiss and EU-adjacent privacy practices relevant to education and digital safety. The following list explains the principal rights and how to exercise them with NetzMaxKlug.

  • Right to access: you may request confirmation of whether we process your personal data and obtain a copy of the personal data we hold about you.
  • Right to rectification: you may request correction of inaccurate or incomplete personal data we hold about you.
  • Right to restriction of processing: you may request temporary limitation of processing in certain circumstances, for example while accuracy is being verified.
  • Right to portability: where processing is based on consent or contract and uses automated means, you may request a structured, machine-readable copy of your personal data.
  • Right to withdraw consent: if processing of your data is based on consent, you may withdraw that consent at any time without affecting processing before withdrawal.
  • Right to object: in specific situations you may object to processing of your personal data for direct marketing or other legitimate interests, subject to legal conditions.
  • Right to erasure: you may request deletion of personal data where there is no lawful basis for continued processing, except where retention is required by law or for legitimate administrative reasons.
  • Right to lodge a complaint: if you believe your data protection rights have been breached, you may contact NetzMaxKlug and, if unresolved, file a complaint with the Swiss data protection authority.

How to submit a rights request

To exercise any data subject right, submit a written request to our data protection contact. Include your full name, contact details, a description of the request, and any documents needed to verify your identity. Requests related to enrolled students should indicate the relevant course or account reference.

[email protected]

We aim to acknowledge receipt of rights requests within 10 business days and to provide a substantive response within one month. Complex requests or those requiring additional verification may take longer; we will communicate any extension and reasons in writing.

Marketing communications

We may send informational updates about NetzMaxKlug courses, events, and resources that relate to digital safety awareness. Marketing messages are based on your consent or legitimate interest analysis where permitted. Communications include a clear description of their purpose and source.

You may opt out of marketing at any time using the unsubscribe link included in emails or by contacting our privacy team. Unsubscribing will not affect transactional messages related to course administration or safety alerts.

Children and minors

NetzMaxKlug designs courses for adult learners and professional audiences. Where content is accessed by minors, parental consent and appropriate verification are required before collecting personal data. We avoid collecting unnecessary data from children and apply additional protections when personal information of minors is processed.

Third-party links and services

Our website and course materials may include links or embedded content from third parties (e.g., learning platforms, payment processors, analytics services). These external services have their own privacy practices. NetzMaxKlug is not responsible for third-party data handling and encourages review of their privacy policies.

Changes to this privacy information

We periodically review and update our privacy information to reflect changes in services, legal requirements, or operational practices. Material updates will be posted on NetzMaxKlug.info with the effective date and, where appropriate, communicated to affected users by email.