Privacy Policy
This Privacy Policy describes how FW Delta LLC collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (FADP), and applicable national data protection laws.
We take your privacy seriously and are committed to protecting your personal information. This policy provides transparent information about our data processing activities as required by Art. 13 and Art. 14 GDPR.
01. Data Controller and Data Protection Officer
The controller responsible for the processing of your personal data within the meaning of Art. 4(7) GDPR and Art. 5(i) FADP is:
Legal Entity
FW Delta LLC
30 N Gould St Ste 60388
Sheridan, WY 82801
United States
Filing ID: 2026-001873879
Data Protection Officer
Fabian Weiss
Data Protection Officer
Our Data Protection Officer is available to answer any questions regarding the processing of your personal data.
EU Representative
As we process data of EU residents but are not established in the EU, we have appointed an EU representative in accordance with Art. 27 GDPR. Contact details are available upon request.
02. Scope of Application
This Privacy Policy applies to the processing of personal data:
- When you visit our website (fwdelta.com and all subdomains)
- When you use our contact forms or send us emails
- When you request quotes or engage our services
- When you interact with our content on social media platforms
This policy does not apply to third-party websites linked from our site. We recommend reviewing the privacy policies of any external websites you visit.
03. Legal Basis for Processing
We process personal data only on the basis of the following legal grounds under Art. 6 GDPR:
Art. 6(1)(a) GDPR - Consent
You have given us explicit consent to process your personal data for specific purposes. You can withdraw consent at any time.
Art. 6(1)(b) GDPR - Contract Performance
Processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.
Art. 6(1)(c) GDPR - Legal Obligation
Processing is necessary for compliance with legal obligations to which we are subject.
Art. 6(1)(f) GDPR - Legitimate Interest
Processing is necessary for our legitimate interests, provided your interests or fundamental rights do not override these interests.
04. Categories of Personal Data
We process the following categories of personal data:
Identity Data
- Full name
- Email address
- Company name
- Job title
- Postal address
- Phone number
Communication Data
- Email correspondence
- Contact form messages
- Chat transcripts
- Support tickets
- Meeting notes
Technical Data
- IP address (anonymized)
- Browser type and version
- Operating system
- Device type
- Screen resolution
- Language preferences
Usage Data
- Pages visited
- Time spent on pages
- Click behavior
- Referrer URL
- Search queries
- Session duration
Transaction Data
- Project details
- Payment information
- Invoice data
- Contract documents
Marketing Data
- Email open rates
- Link clicks
- Campaign engagement
- Communication preferences
05. Processing Purposes
We process your personal data for website operation, service delivery, analytics, marketing (with consent), and legal compliance. Each purpose has specific retention periods and legal bases.
06. Hosting Infrastructure
EU-Exclusive Infrastructure
All our servers and databases are located exclusively within the European Union (Germany, Finland). We do not use US-based cloud providers for storing personal data.
Hosting Provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany
We have a Data Processing Agreement (DPA) with Hetzner in accordance with Art. 28 GDPR. Hetzner operates ISO/IEC 27001:2022 certified infrastructure.
07. Server-Side Tracking Architecture
Privacy-First Data Proxying
Unlike conventional client-side tracking, your browser does not communicate directly with third-party services. All tracking data is first sent to our EU-based server, where it undergoes strict filtering and anonymization before any data is forwarded.
Protection Measures:
IP Anonymization
IP addresses are truncated before any processing, making re-identification impossible.
PII Scrubbing
All personal identifiers are hashed using SHA-256 before forwarding.
User-Agent Generalization
Detailed device data is reduced to general categories to prevent fingerprinting.
First-Party Cookies
All tracking cookies are set under our domain, preventing cross-site tracking.
08. Third-Party Services
With your explicit consent, we use the following services:
Google Analytics 4 (Server-Side)
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose: Website traffic analysis, conversion tracking, and performance optimization.
Safeguards:
- IP anonymization enabled
- Google Signals disabled
- Standard Contractual Clauses in place
Meta Conversions API
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Purpose: Facebook and Instagram advertising campaign measurement and optimization.
Safeguards:
- Only SHA-256 hashed data transmitted
- No direct browser-to-Meta communication
Right to Withdraw Consent
You can withdraw your consent at any time via cookie settings. This does not affect the lawfulness of processing before withdrawal.
09. Data Recipients
We share data with IT service providers, analytics services, payment processors, professional advisors, and public authorities (when legally required). All recipients are bound by strict contractual obligations.
10. Data Retention Periods
We retain personal data only as long as necessary:
Server Access Logs
7 daysAutomatic deletion for security monitoring
Website Analytics Data
14 monthsGoogle Analytics minimum retention setting
Contact Form Inquiries
3 yearsAfter last contact, unless contract exists
Email Correspondence
3 yearsAfter last contact, unless contract exists
Contract Documents
10 yearsLegal retention obligation
Invoices & Accounting
10 yearsLegal retention requirement
Cookie Consent Records
12 monthsStandard consent validity period
Marketing Consent
Until withdrawnActive consent required
Encrypted Backups
30 daysRolling backup retention
Project Files
5 yearsAfter completion, for warranty purposes
11. Security Measures
We implement comprehensive security measures in accordance with Art. 32 GDPR:
Transport Layer Security
TLS 1.3 encryption for all data in transit. HTTP Strict Transport Security (HSTS) enforced.
Data Encryption at Rest
AES-256 encryption for all databases and file storage. Full disk encryption on all servers.
Access Control
Role-based access control (RBAC) with least privilege. Mandatory 2FA for all admin access.
Network Security
Dedicated firewall with strict rules. Intrusion Detection System and DDoS protection.
Backup & Recovery
Daily encrypted backups with geographic redundancy. Regular restoration testing.
Security Monitoring
24/7 automated monitoring and alerting. Real-time threat detection and response.
12. Automated Decision-Making
No Automated Decisions
We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you, as defined in Art. 22 GDPR.
13. Your Data Subject Rights
Under GDPR and Swiss FADP, you have the following rights:
Right of Access (Art. 15 GDPR)
You have the right to obtain information about your personal data stored by us.
Right to Rectification (Art. 16 GDPR)
You may request correction of inaccurate data or completion of incomplete data.
Right to Erasure (Art. 17 GDPR)
You may request deletion of your personal data, subject to legal retention obligations.
Right to Data Portability (Art. 20 GDPR)
You have the right to receive your data in a structured, machine-readable format (JSON).
Exercise Your Rights
To exercise any of these rights, please contact us at:
fw@fwdelta.comWe will respond within 30 days. Exercising your rights is free of charge.
14. International Data Transfers
Our primary infrastructure is in the EU. When using Google Analytics and Meta CAPI, data may be transferred to the USA with appropriate safeguards (Standard Contractual Clauses, EU-US Data Privacy Framework).
Important Notice
Despite safeguards, there remains a residual risk of access by US authorities when transferring to the USA. You can disable these services at any time via cookie settings.
15. Minors' Data
Our services are directed at business clients. We do not knowingly collect data from individuals under 16 without parental consent. If you believe we have collected data from a minor, please contact us immediately.
16. Changes to This Privacy Policy
We may update this policy to reflect changes in legal requirements or technical developments. Material changes will be communicated via email or prominent website notice.
Current Version
Version 2.1
February 12, 2026
17. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority:
18. Contact Information
For questions about this policy or your data, contact our Data Protection Officer:
Questions About Your Data?
Our Data Protection Officer is available to assist you at any time.
Contact Data Protection OfficerWe aim to respond to all inquiries within 48 hours