Privacy

Privacy Policy

Controller: Tactical Management Switzerland GmbH · altmanncert.com
Contact: contact@altmanncert.com
Last updated: May 2026

1. Controller

Controller within the meaning of the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP) is Tactical Management Switzerland GmbH. AltmannCert is a brand of Tactical Management Switzerland GmbH.

2. Purposes and legal bases

  • Contract initiation and performance — contact form, order intake, technical file, Stripe checkout, invoicing. Art. 6(1)(b) GDPR.
  • Statutory retention — commercial and product-law retention obligations, at least ten years from acceptance. Art. 6(1)(c) GDPR.
  • Legitimate interest — abuse prevention (honeypot, anti-bot), internal audit logs (AGB §9). Art. 6(1)(f) GDPR.
  • Sanctions screening — against EU, OFAC, HMT, SECO sanctions lists. Art. 6(1)(c) GDPR in conjunction with EU sanctions regulations and the Swiss Embargo Act.
  • Analytics (optional) — Vercel Analytics in cookieless, IP-anonymised mode, only after consent. Art. 6(1)(a) GDPR.

3. Recipients and processors

  • Skye Ventures FZC (United Arab Emirates) — technical platform operator and processor (Art. 28 GDPR). Data Processing Agreement in place.
  • Vercel Inc. (hosting, edge network) — EU data centres.
  • Supabase Inc. (database, object storage) — EU data residency.
  • Stripe Inc. (payment processing, invoicing).
  • Resend Inc. (transactional email).
  • Accredited partner labs (SAS, DAkkS) and Notified Bodies — where required by regulation for the coordination service.

4. Data residency and security

Data is stored in an encrypted EU data space using AES-256 at rest and TLS 1.3 in transit. Data residency: European Union. Access is logged and role-restricted.

5. Retention

Conformity files: at least ten (10) years from acceptance (AGB §24). Accounting data: ten years (Swiss CO Art. 958f). Contact enquiries without follow-up: deleted after 24 months.

6. Cookies and analytics

We use strictly necessary cookies (CSRF, checkout session). Optional analytics (Vercel Analytics) is only set after explicit consent. You may change your choice at any time by clearing local storage — the cookie dialog will re-appear.

7. Your rights

You have the right of access (Art. 15 GDPR / Art. 25 FADP), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20) and objection (Art. 21), and the right to lodge a complaint with a supervisory authority (Art. 77 GDPR / Art. 49 FADP). Swiss authority: FDPIC (EDÖB).

Requests: contact@altmanncert.com.

8. International transfers

Skye Ventures FZC is established in a third country (UAE). Transfers are based on EU Standard Contractual Clauses and the technical measures of Art. 32 GDPR. Stripe processes payment data within the EEA; transfers to the US are based on the EU-US Data Privacy Framework.

9. Cookies

We distinguish three categories:

  • Necessary — Required for the site to function. Always active and cannot be opted out (e.g. CSRF, checkout session, consent storage).
  • Analytics — PostHog, Vercel Analytics, Vercel Speed Insights and Google Analytics to measure usage. Loaded only after explicit consent.
  • Marketing — Used to deliver and measure marketing communications. Loaded only after explicit consent.

Your choice is stored locally in tm_consent_v1 (LocalStorage and a first-party cookie, Max-Age 12 months, Secure, SameSite=Lax). After expiry, the cookie dialog re-appears.

Global Privacy Control (GPC). If your browser sends a GPC signal and no choice has been recorded yet, we automatically reject analytics and marketing — no banner is shown. We treat this browser setting as a legally binding opt-out.

Details and how to change your choice: Cookie Policy.

Cross-reference: Terms §23 — Data protection.