Get a Quote

DATA PROTECTION DECLARATION

WOn Data

Table of Contents

  1. Responsible Body
  2. General Information
  3. Categories of Processed Personal Data

 

3.1 Website Usage

3.2 Contract and Contact Data

3.3 Access and Security Data

3.4 Technical Operational Data

   4. Purposes of Data Processing

   5. Role as Controller and Processor

5.1 Controller

5.2 Processor

  6. Video Surveillance

7. Log Files and Security Logs

  8. Data Disclosure

  9. Data Transfer Abroad

  10. Retention Period

  11. Data Security

  12. Rights of Data Subjects

  13. Changes

 

1. Responsible Body

The body responsible for data processing within the meaning of the Swiss Data Protection Act (FADP) is:

Rocky Capital AG Hardturmstrasse 161 8005 Zurich Switzerland Email: info@won-data.ch

WOn Data is a brand of Rocky Capital AG.

 

2. General Information

The protection of your personal data is an important concern for us. We process personal data exclusively within the framework of applicable legal provisions (in particular the revised FADP and—where applicable—the GDPR). This data protection declaration provides information about the type, scope, and purpose of the processing of personal data in connection with:
+2

  • Use of our website
  • Initiation and execution of contracts
  • Operation of our data center
  • Access control and physical security
  • Video surveillance
  • Support and services

 

3. Categories of Processed Personal Data

We process the following categories of personal data in particular:

3.1 Website Usage: IP address, date and time of access, browser type and version, operating system, and referrer URL.
+4

3.2 Contract and Contact Data: Name, company name, function, address, email address, and phone number.
+4

3.3 Access and Security Data: Access logs (timestamp, badge ID, access zone), proof of identity during initial registration, video recordings in security areas, and visitor data.
+3

3.4 Technical Operational Data: System and access logs, support tickets, and remote-hands documentation.
+2

 

4. Purposes of Data Processing

We process personal data exclusively for the following purposes:

  • Contract processing and service delivery
  • Ensuring physical and logical security
  • Access control
  • Operation and protection of our infrastructure
  • Abuse and fraud prevention
  • Fulfillment of legal obligations
  • Communication with customers and interested parties

 

5. Role as Controller and Processor

5.1 Controller

We are the controller for personal data processed in connection with:

  • Website operation
  • Contractual relationships
  • Access control
  • Security monitoring

 

5.2 Processor

Within the scope of colocation and infrastructure services, we generally act as a processor for our customers. We:

  • Have no access to customer data content
  • Process data exclusively according to contractual instructions
  • Provide physical infrastructure

A separate Data Processing Agreement (DPA) regulates this relationship.

 

6. Video Surveillance

To maintain the security of our infrastructure, we operate video surveillance in security-relevant areas. Video surveillance serves exclusively for:
+1

  • Protection of IT infrastructure
  • Protection against unauthorized access
  • Securing evidence in the event of security-relevant incidents

The retention period is limited to the necessary minimum.

 

7. Log Files and Security Protocols

Technical logs are created for IT security reasons. These serve for:
+1

  • Attack detection
  • Troubleshooting
  • System stability
  • Traceability of security-relevant events

Merging with other personal data only occurs in the event of a specific security incident.

 

8. Data Disclosure

Personal data is only passed on:

  • To carefully selected service providers (e.g., IT providers)
  • If required by law
  • If necessary for contract fulfillment

No disclosure for marketing purposes takes place.

 

9. Data Transfer Abroad

A transfer abroad only takes place:

  • If an adequate level of data protection exists or
  • Appropriate guarantees (e.g., standard contractual clauses) are in place.

 

10. Retention Period

Personal data is only stored for as long as:

  • It is required for the purpose
  • Statutory retention obligations exist
  • Contractual obligations require it

Security and access data are subject to defined deletion concepts.

 

11. Data Security

We take appropriate technical and organizational measures (TOMs), including:

  • Multi-level access control
  • Network segmentation
  • Redundant infrastructure
  • Encryption technologies
  • Role and authorization concepts
  • Logging of security-relevant events

 

12. Rights of Data Subjects

Data subjects have the right, within the framework of legal provisions, to:

  • Information (Access)
  • Rectification
  • Erasure
  • Restriction of processing
  • Data portability
  • Objection to certain processing operations

Inquiries should be directed to info@won-data.ch.

13. Changes

We reserve the right to adapt this data protection declaration at any time. The version published on the website at the time is applicable.

As of: February 2026