Privacy Policy

Data Controller & Contact

The party responsible for the processing of personal data on this website (the "Controller" under Art. 4(7) GDPR / Art. 5(j) revFADP, and the "Business" under the CCPA/CPRA) is:

No EU representative under Art. 27 GDPR has been appointed, as the processing is occasional, of low risk, and limited to anonymous statistics and standard server logs.

Scope of this Policy

This policy applies to marucc.io and any subdomains operated by the Controller. It does not apply to third-party websites linked from this site, which maintain their own privacy practices.

This website is informational. It does not host user accounts, contact forms, e-commerce, or newsletter subscriptions. The only personal data processed are: (a) standard server log data and (b) aggregated analytics via Google Analytics with anonymised IP.

Categories of Data

3.1 Server Log Files

Each time you visit, our hosting provider automatically records technical information transmitted by your browser. This data is stored temporarily in log files and is necessary to operate the website securely and reliably.

• IP address (truncated / shortened where technically feasible)
• Date and time of the request
• Requested URL and HTTP status code
• Referrer URL (the page you came from)
• User agent — browser type, version, and operating system
• Approximate volume of data transferred

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating a stable, secure website) / Art. 31(2)(c) revFADP. Logs are retained for a maximum of 14 days and then automatically deleted, unless retained longer for the investigation of a specific security incident.

3.2 Google Analytics (anonymised)

We use Google Analytics, a web-analytics service operated by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland), to obtain aggregated, statistical insights about how visitors use the site.

IP-address anonymisation (anonymize_ip: true) is enabled. Your IP address is truncated by Google within the EU/EEA before being stored, so that no full IP address is ever processed. We do not enable Google Signals, advertising features, or cross-site/cross-device tracking.

Data processed includes: anonymised IP, approximate location (country/region), device and browser type, pages viewed, time on site, referrer, and a randomly generated client identifier (Google Analytics 4 cookie _ga and related _ga_* cookies).

Legal basis: Art. 6(1)(a) GDPR — your consent — where a consent banner applies; otherwise Art. 6(1)(f) GDPR (legitimate interest in audience measurement) for strictly aggregated, anonymised data. Under Swiss FADP, processing is based on overriding legitimate interest and transparency. Retention: standard Google Analytics retention is set to 14 months, after which event data is automatically deleted.

International transfers: Google may transfer aggregated data to the United States. Such transfers are covered by the EU–U.S. Data Privacy Framework (Google LLC is certified) and Standard Contractual Clauses (SCCs) where applicable, providing an adequate level of protection under Art. 45 / 46 GDPR and the Swiss FADP. You can opt out of Google Analytics at any time by installing the Google Analytics Opt-out Browser Add-on.

Cookies & Similar Technologies

A cookie is a small text file stored on your device. This website uses only the cookies required to deliver and measure the site:

• Strictly necessary — none beyond default browser functionality.
• Analytics — _ga, _ga_<ID> (Google Analytics 4), used to distinguish users and sessions. Lifetime up to 24 months.

You can manage or delete cookies in your browser settings at any time. Disabling analytics cookies will not affect access to the website.

Rights of Data Subjects

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights regarding your personal data:

• Right of access — to confirm whether we process data about you and obtain a copy (Art. 15 GDPR / Art. 25 revFADP).
• Right to rectification — to correct inaccurate or incomplete data (Art. 16 GDPR / Art. 32(1) revFADP).
• Right to erasure — to request deletion (Art. 17 GDPR / Art. 32(2)(c) revFADP).
• Right to restriction of processing (Art. 18 GDPR).
• Right to data portability — to receive data in a structured, machine-readable format (Art. 20 GDPR / Art. 28 revFADP).
• Right to object — to processing based on legitimate interest (Art. 21 GDPR).
• Right to withdraw consent at any time, without affecting prior lawful processing (Art. 7(3) GDPR).
• Right to lodge a complaint with a supervisory authority — in Switzerland, the FDPIC; in the EU, your local data-protection authority.

To exercise any of these rights, contact info@marucc.io. We will respond within the statutory deadline (one month under GDPR, extendable by two further months for complex requests).

Your California Privacy Rights

If you are a resident of California, the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, "CCPA") grants you specific rights regarding your personal information.

6.1 Categories of Personal Information

In the past twelve (12) months we have collected only the categories listed below, exclusively to operate and measure this informational website:

• Identifiers — truncated IP address, online cookie identifiers (_ga).
• Internet/network activity — pages viewed, referrer, browser/OS type, approximate region.

6.2 Sources, Purposes, Disclosure

Information is collected directly from your device when you visit the site. It is used solely for security, stability, and aggregated audience measurement. It is disclosed only to our service provider Google (acting as our processor) under contractual confidentiality obligations.

6.3 No Sale, No Sharing

We do not sell your personal information and we do not share it for cross-context behavioural advertising, as those terms are defined under the CCPA. We have not done so in the preceding twelve months.

6.4 Your CCPA Rights

• Right to know what personal information is collected, used, disclosed.
• Right to delete personal information we hold about you.
• Right to correct inaccurate personal information.
• Right to opt-out of sale or sharing (not applicable — we do neither).
• Right to limit use of sensitive personal information (not applicable — none collected).
• Right to non-discrimination for exercising any of these rights.

To submit a verifiable consumer request, email info@marucc.io with the subject line "CCPA Request". You may designate an authorised agent to act on your behalf with written permission. We will respond within 45 days.

Cross-Border Data Transfers

Personal data processed via Google Analytics may be transferred to servers located outside Switzerland and the EEA, including in the United States. Such transfers are protected by:

• The EU–U.S. Data Privacy Framework and its Swiss–U.S. extension, recognised as adequate by the European Commission and the Swiss Federal Council;
• Standard Contractual Clauses (Module 2) approved by the European Commission, where the recipient is not certified;
• Supplementary technical measures, including IP truncation and pseudonymisation prior to transfer.

Technical & Organisational Measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or alteration. These include TLS/HTTPS encryption for all traffic, restricted administrative access, regular software updates, and minimisation of stored data.

No method of internet transmission or electronic storage is 100% secure; we cannot guarantee absolute security but commit to industry-standard practices.

Children's Privacy

This website is not directed at children under the age of 16. We do not knowingly collect personal information from minors. If you believe a child has provided us with personal data, please contact info@marucc.io and we will promptly delete it.

Changes to this Policy

We may update this Privacy Policy to reflect changes in our practices or in applicable law. The current version is always available at this URL. Material changes will be indicated by an updated effective date below.