Our Products

Privacy Policy

View the German version of this page

Privacy Policy of madSense GmbH based in Zurich
Version as of 01.01.2025



In this privacy policy, we, madSense GmbH (hereinafter [collectively referred to as] madSense, we, or us), explain how we collect and process personal data. This is not an exhaustive description; other privacy policies or general terms and conditions, participation conditions, and similar documents may regulate specific matters. Personal data refers to any information that relates to an identified or identifiable individual.

If you provide us with personal data of other persons (e.g., family members, colleagues), please ensure that these persons are aware of this privacy policy and that you are authorized to share their personal data with us and that this data is accurate.

This privacy policy is designed to comply with the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Data Protection Act ("DPA"), and the revised Swiss Data Protection Act ("revDPA"). Whether and to what extent these laws apply depends on the specific case.

1. Data Controller / Data Protection Officer / Representative

The entity responsible for the data processing described here is madSense GmbH at Kolbenacker 14 in CH-8052 Zurich, unless otherwise stated in a specific case. If you have data protection-related concerns, you can address them to the following contact address (please specify, if possible, which entity of the madSense group your request refers to):

madSense GmbH
Attention: Data Protection
Am Kolbenacker 25
CH-8052 Zurich
[email protected]

Our representative in the EEA under Article 27 GDPR is:

datatory GmbH
Vahrenwalderstr. 259A
D-30179 Hannover
[email protected]

2. Collection and Processing of Personal Data

We primarily process the personal data that we receive in the context of our business relationships with our customers and other business partners or that we collect from users when operating our websites, apps, and other applications.

Where permitted, we also obtain certain data from publicly accessible sources (e.g., debt registers, land registers, commercial registers, press, internet) or receive such data from other companies within the madSense group, authorities, or other third parties. In addition to the data you provide directly, the categories of personal data we receive about you from third parties include:

  • Data from public registers;
  • Data received in connection with administrative or judicial proceedings;
  • Information about your professional roles and activities (e.g., enabling transactions with your employer);
  • Credit reports (where we engage in business directly with you);
  • Data provided by individuals in your environment (family, advisors, legal representatives);
  • References, delivery addresses, authorizations, and compliance-related data (e.g., anti-money laundering checks, export restrictions);
  • Data from media and the internet related to your person (e.g., during recruitment or marketing activities);
  • Your addresses and, if applicable, interests and sociodemographic data for marketing purposes;
  • Usage data from our websites and applications (e.g., IP address, MAC address, device settings, cookies, timestamps, accessed pages and content, utilized features, referring websites, and location data).

We process this data to fulfill our contractual obligations, meet legal requirements, and pursue our legitimate interests, including improving our offerings and ensuring secure communication.

3. Purposes of Data Processing and Legal Basis

We primarily use the personal data we collect to fulfill contracts with our customers and business partners, including the provision of IT services, procurement of products and services, and compliance with legal obligations at home and abroad. If you act on behalf of a customer or business partner, your personal data may also be processed for these purposes.

Additionally, we process personal data as permitted and as we deem appropriate for the following purposes, which align with our legitimate interests (and sometimes those of third parties):

  • Providing and developing our offerings, services, websites, apps, and other platforms;
  • Communicating with third parties and handling their inquiries (e.g., job applications, media inquiries);
  • Analyzing and optimizing procedures for direct customer engagement and acquiring data from publicly accessible sources for customer acquisition;
  • Advertising and marketing (including hosting events), unless you have objected to the use of your data for such purposes;
  • Market research, media monitoring, and opinion polling;
  • Establishing and defending legal claims in disputes and legal proceedings;
  • Preventing and investigating crimes and other misconduct (e.g., through internal investigations and fraud prevention);
  • Ensuring the security and operation of our IT systems, websites, apps, and platforms;
  • Protecting our employees, other individuals, and property (e.g., via access controls, visitor logs, and network monitoring);
  • Facilitating corporate transactions such as mergers and acquisitions, including the transfer of personal data for governance and regulatory compliance purposes.

Where you have given your consent to specific data processing activities (e.g., subscribing to newsletters), we process your personal data based on this consent. Consent can be revoked at any time without affecting data processing already carried out.

4. Cookies / Tracking and Other Technologies Related to the Use of Our Website

If permanent cookies or other tracking technologies are used (adjust text as necessary):

We typically use "cookies" and similar technologies on our websites and apps to identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored by your web browser on your computer or mobile device when you visit our website or install our app. When you revisit this website or use our app, we can recognize you even if we do not know who you are. In addition to cookies that are only used during a session and are deleted after your website visit ("session cookies"), cookies may also be used to store user settings and other information over a certain period of time (e.g., two years) ("permanent cookies").

However, you can configure your browser to reject cookies, save them only for a session, or delete them early. Most browsers are preset to accept cookies. We use permanent cookies to save user settings (e.g., language, auto-login) and to better understand how you use our offerings and content. Some cookies are set by us, while others are set by contractual partners with whom we work. If you block cookies, certain functionalities (e.g., language selection, shopping cart, order processes, auto-login, etc.) may no longer work.

In our newsletters and other marketing emails, we may, where permitted, include visible and invisible image elements to determine whether and when you opened the email by retrieving these images from our servers. This allows us to measure and better understand how you use our offerings and tailor them to you. You can block this in your email program; most are preset to do so.

By using our websites, apps, and consenting to receive newsletters and other marketing emails, you agree to the use of these technologies. If you do not agree, you must configure your browser or email program accordingly.

5. Data Sharing and International Transfers

In the context of our business activities and for the purposes outlined in Section 3, we disclose personal data to third parties where permitted and as deemed necessary. This includes cases where the third parties process the data for us or use it for their own purposes. These recipients include:

  • Our service providers (within the madSense group and externally, e.g., banks, insurers), including processors (e.g., IT providers);
  • Dealers, suppliers, subcontractors, and other business partners;
  • Customers;
  • Domestic and foreign authorities, offices, or courts;
  • Media;
  • The public, including visitors to websites and social media platforms;
  • Competitors, industry organizations, associations, and other committees;
  • Buyers or interested parties in acquiring business units, companies, or other parts of the madSense group;
  • Other parties involved in potential or actual legal proceedings;
  • Other companies within the madSense group;

Some of these recipients are located domestically, but they may also be located anywhere in the world. Specifically, you should expect your data to be transferred to all countries where the madSense group is represented through group companies, branches, or other offices, as well as to other countries in Europe and the United States, where our service providers (e.g., Microsoft, SAP, Amazon, Salesforce.com) are located.

If a recipient is located in a country without adequate legal data protection, we contractually require the recipient to comply with applicable data protection laws (using the revised standard contractual clauses of the European Commission, available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj), unless the recipient is already subject to a legally recognized data protection framework or we can rely on an exception. Exceptions may apply, particularly in the case of legal proceedings abroad, overriding public interests, or if a contract requires such disclosure, you have given consent, or the data has been made publicly accessible by you without objection to its processing.

6. Duration of Retention of Personal Data

We process and store your personal data as long as it is necessary to fulfill our contractual and legal obligations or for other purposes pursued by the processing, i.e., for the duration of the entire business relationship (from initiation and processing to the termination of a contract) as well as beyond that in accordance with legal retention and documentation obligations. It is possible that personal data will be retained for the period during which claims can be made against our company, and to the extent that we are otherwise legally required to do so or have legitimate business interests (e.g., for evidence and documentation purposes).

Once your personal data is no longer required for the aforementioned purposes, it will generally be deleted or anonymized to the extent possible. For operational data (e.g., system logs), shorter retention periods of twelve months or less usually apply.

7. Data Security

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse. For details on these measures, please refer to our ToMs.

8. Obligation to Provide Personal Data

Within the scope of our business relationship, you must provide the personal data necessary for initiating and conducting a business relationship and fulfilling the associated contractual obligations (you are generally not legally required to provide us with data). Without this data, we will generally not be able to enter into or execute a contract with you (or the entity or person you represent). Additionally, the website cannot be used if certain information required to ensure data traffic (e.g., IP address) is not disclosed.

9. Profiling [and Automated Decision-Making]

We process your personal data partially in an automated manner to evaluate certain personal aspects (profiling). Profiling is primarily used to provide you with targeted information and advice about products. We use evaluation tools that enable tailored communication and advertising, including market and opinion research.

For the establishment and execution of the business relationship and otherwise, we generally do not use fully automated decision-making (as regulated in Article 22 GDPR). If we use such procedures in individual cases, we will inform you separately, provided this is legally required and explain the related rights to you.

10. Rights of the Data Subject

Within the framework of the applicable data protection law and to the extent provided therein (e.g., in the case of GDPR), you have the right to access, correct, delete, restrict data processing, and object to our data processing, particularly processing for direct marketing purposes, profiling for direct marketing purposes, and other legitimate interests in processing. You also have the right to request certain personal data be transferred to another entity (so-called data portability).

Please note, however, that we reserve the right to enforce the legally prescribed limitations, such as when we are obliged to retain or process certain data, have an overriding interest (to the extent permitted), or require the data for the assertion of claims. If any costs arise for you, we will inform you in advance. We have already informed you in Section 3 about the possibility of withdrawing your consent.

Please also note that exercising these rights may conflict with contractual agreements, which could lead to consequences such as early termination of the contract or cost implications. In such cases, we will inform you in advance unless this has already been contractually agreed.

The exercise of such rights usually requires you to clearly verify your identity (e.g., by providing a copy of an identification document if your identity is otherwise unclear or cannot be verified). To exercise your rights, you can contact us at the address provided in Section 1.

Furthermore, every data subject has the right to enforce their claims through the courts or file a complaint with the relevant data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch).

11. Changes

We may amend this privacy policy at any time without prior notice. The version published on our website at the time applies. If the privacy policy is part of an agreement with you, we will notify you of any updates via email or other appropriate means in the event of changes.



Authors: David Rosenthal, Katrina Frame. All rights reserved.

Editorial Team: David Rosenthal ([email protected]), David Vasella ([email protected]).

This is not legal advice. No guarantee is provided for the content. Use at your own risk.

License: Creative Commons "Attribution 4.0 International" (Attribution: "Based on DSAT.ch").