Privacy Policy

Last updated: 29/01/2026

This Privacy Policy explains how Evo FD SRL (“we”, “us”, “our”, the “Controller”) collects and processes personal data in connection with our website and restaurant consulting services. We process personal data in accordance with the Swiss Federal Act on Data Protection (revised FADP / “nFADP”) and its implementing ordinance. Where we target individuals in the EU/EEA or monitor their behavior, the EU General Data Protection Regulation (“GDPR”) may also apply (see Section 13).

1) CONTROLLER / CONTACT
Evo FD SRL
Avenue Alexandre Vinet 5, 1815 Clarens
Switzerland
Email: evofd.consulting@gmail.com

2) PERSONAL DATA WE PROCESS
Depending on how you interact with us, we may process:
a) Contact & identification data: name, surname, email address, phone number, company name, job title, country/city.
b) Inquiry and communications data: the content of messages sent via forms/email, scheduling information, and correspondence.
c) Client/project data (consulting): information necessary to deliver consulting services (e.g., concept briefs, operational information, menus, procedures, performance inputs, supplier references), and any files you share with us.
d) Administrative and payment data: billing details needed for invoicing, accounting, and payment processing (typically name/company, billing address, invoice details, payment references).
e) Website & device data: IP address, approximate location (derived from IP), date/time of access, pages viewed, referring URL, browser/device information, and security/technical logs.
f) Marketing & tracking data (if enabled): online identifiers (e.g., cookie IDs), events related to website interactions, campaign performance data.

Please do not send sensitive personal data (e.g., health data, religious beliefs) unless strictly necessary. If you share such information, we will handle it with heightened care and only for the purpose it was provided.

3) PURPOSES OF PROCESSING
We process personal data for the following purposes:
a) Responding to inquiries and managing contacts (quotes, appointments, requests).
b) Providing our restaurant consulting services (analysis, planning, implementation support, follow-ups).
c) Contract, administration, and accounting (contracts, invoicing, payments, recordkeeping).
d) Website operation, analytics, and improvement (understanding website usage, performance, and usability).
e) Website and IT security (preventing abuse, fraud, and attacks; troubleshooting).
f) Marketing measurement and audience insights (where enabled), including tracking website traffic and advertising performance.

4) LEGAL BASIS / JUSTIFICATION (SWISS nFADP) AND (IF APPLICABLE) GDPR BASES
Switzerland (nFADP):
Under Swiss law, we process personal data in line with the principles of lawfulness, good faith, proportionality, purpose limitation, transparency, and data security. Processing is typically justified because it is necessary to:
- handle pre-contractual steps and perform contracts with clients,
- comply with legal obligations (e.g., accounting),
- protect overriding legitimate interests (e.g., IT security, service improvement),
- or based on your consent (e.g., certain tracking technologies and marketing, where required or appropriate).

GDPR (only if applicable to you):
Where GDPR applies, we rely on one or more of the following legal bases under Art. 6 GDPR:
- performance of a contract or steps prior to entering into a contract,
- compliance with legal obligations,
- legitimate interests (e.g., security, improving services),
- consent (e.g., non-essential cookies/trackers, marketing where required).
You can withdraw consent at any time (see Section 11 and Section 13).

5) SOURCES OF DATA
We collect personal data:
- directly from you (forms, emails, calls, meetings),
- automatically through your use of our website (cookies/trackers and technical logs),
- from third parties only when necessary (e.g., business partners you introduce or tools used to deliver services).

6) SHARING DATA WITH SERVICE PROVIDERS (PROCESSORS) AND THIRD PARTIES
We may share personal data with trusted service providers who process data on our behalf, including:
- Website hosting and content delivery: Webflow.
- Web analytics: Google Analytics (Google).
- Advertising/traffic measurement (if enabled): Meta (e.g., Meta Pixel).
- Video calls and meetings: Zoom and/or Google Meet.
- Payments and invoicing settlement: BCV (Banque Cantonale Vaudoise) and related banking processes.
- IT/security providers and professional advisors (e.g., accountants/lawyers) where necessary.

These providers are required to process personal data only under our instructions and to implement appropriate security measures.

We may also share data if required by law or by competent authorities, or to protect our rights.

7) INTERNATIONAL DATA TRANSFERS (OUTSIDE SWITZERLAND / EU/EEA)
Some of our providers (e.g., Webflow, Google, Meta, Zoom) may process personal data in countries outside Switzerland, including potentially the United States and other locations where they or their sub-processors operate.

When transferring personal data abroad, we implement appropriate safeguards as required by Swiss law and, where applicable, GDPR—such as contractual protections (e.g., Standard Contractual Clauses and Swiss addenda where appropriate) and additional technical/organizational measures when needed.

8) DATA RETENTION
We keep personal data only as long as necessary for the purposes described, unless a longer retention period is required by law.

Typical retention periods:
- Contact/inquiry data: up to 12 months after the last interaction.
- Website technical logs/security records: up to 90 days (unless needed longer for security investigations).
- Client project documents and deliverables: for the duration of the contract + 24 months.
- Invoices and accounting records: retained for the period required under applicable Swiss accounting and tax laws.
- Analytics/marketing data: retained according to the settings in Google Analytics / Meta and our internal needs, subject to consent choices and legal requirements.

After the retention period, data is deleted or anonymized where feasible.

9) DATA SECURITY
We apply appropriate technical and organizational measures to protect personal data, including access controls, least-privilege permissions, secure authentication, backups, and safeguards for systems and communications. No method of transmission or storage is 100% secure, but we strive to use industry-appropriate protections.

10) YOUR RIGHTS UNDER SWISS LAW (nFADP)
You may have the right to:
- request information about whether we process your personal data and receive a copy,
- request correction of inaccurate data,
- request deletion where applicable,
- object to certain processing where permitted,
- request data portability (delivery/transfer) in the cases provided by Swiss law and where technically feasible.

To exercise your rights, contact us at hello@example.com. We may require proof of identity to protect your data.

11) COOKIES, ANALYTICS, AND TRACKING (GOOGLE ANALYTICS + META)
We use cookies and similar technologies to operate and improve our website, and—if enabled—to measure marketing performance.

- Essential cookies: required for basic site functionality and security.
- Analytics cookies (Google Analytics): help us understand website usage (e.g., page views, interactions) to improve site performance and content.
- Marketing/measurement cookies (Meta): help measure traffic and advertising effectiveness and understand audience interactions.

Where required (especially for EU/EEA visitors), we display a cookie banner and ask for consent for non-essential cookies/trackers. You can also control cookies through your browser settings. Disabling cookies may limit some website features.

12) CHILDREN
Our services are not directed at children, and we do not knowingly collect personal data from children.

13) GDPR SECTION (EU/EEA USERS — ONLY IF APPLICABLE)
If you are located in the EU/EEA, and we (a) offer services to you in the EU/EEA, or (b) monitor behavior in the EU/EEA (e.g., via certain tracking technologies), then GDPR may apply in addition to Swiss law.

Under GDPR you have the rights to:
- access, rectification, deletion (“right to be forgotten”),
- restriction of processing,
- data portability,
- objection to processing based on legitimate interests,
- withdraw consent at any time (where processing is based on consent),
- lodge a complaint with your local supervisory authority.

GDPR legal bases (where applicable): contract necessity, legal obligations, legitimate interests, and consent (see Section 4).

EU Representative (Art. 27 GDPR):
If required due to our activities in the EU/EEA, we will appoint an EU representative and publish their contact details in this policy.

International transfers under GDPR:
When GDPR applies and data is transferred outside the EU/EEA, we use appropriate safeguards such as Standard Contractual Clauses and supplementary measures where needed.

14) CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. The latest version will be published on this page with the “Last updated” date.

‍