Privacy Policy

Effective date: March 10, 2026 · Last updated: March 10, 2026

1. Introduction

KikoSpace AG ("we," "us," or "our") operates the Projekt Datorhall website and the Datorhall Recovery Alliance (DRA) initiative. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website or engage with our services.

We comply with the Swiss Federal Act on Data Protection (FADP/nDSG), effective September 1, 2023, and the EU General Data Protection Regulation (GDPR), as we offer services to organizations within the European Union.

2. Data We Collect

2.1 Data You Provide Directly

When you book a call, submit an inquiry, or communicate with us, we may collect:

• Name and job title
• Company name and registration number
• Email address and phone number
• Business address
• Information about your data center operations (capacity, location, tax status)
• Financial and operational data shared during evaluation of potential claim participation

2.2 Data Collected Automatically

When you visit our website, we may automatically collect:

• IP address (anonymized where possible)
• Browser type and version
• Device type and operating system
• Pages visited, time spent, and referral source
• Cookies and similar tracking technologies (see Section 7)

2.3 Data From Third Parties

We may receive information about your organization from publicly available sources (company registries, industry databases, regulatory filings) to evaluate potential claim eligibility.

3. Purpose and Legal Basis

Purpose	Legal Basis (GDPR)	Legal Basis (FADP)
Responding to your inquiry or scheduling a call	Art. 6(1)(b) — Pre-contractual measures	Justified by your request
Evaluating your organization's eligibility for the litigation pool	Art. 6(1)(f) — Legitimate interest	Legitimate interest
Administering membership and claim proceedings	Art. 6(1)(b) — Contract performance	Contract performance
Sharing data with legal counsel, litigation funders, or EU authorities	Art. 6(1)(f) — Legitimate interest / Art. 6(1)(c) — Legal obligation	Legitimate interest / Legal obligation
Website analytics and improvement	Art. 6(1)(a) — Consent	Consent
Compliance with legal obligations	Art. 6(1)(c) — Legal obligation	Legal obligation

4. Data Recipients

We may share your personal data with the following categories of recipients, only to the extent necessary for the purposes described above:

• Legal counsel and advisors engaged in connection with the litigation proceedings
• Litigation funders and investors evaluating or participating in the claim (under separate NDA)
• EU institutions and regulatory authorities (European Commission, CJEU) as required by the proceedings
• Swedish government authorities (Skatteverket, courts) as required in the course of legal claims
• IT service providers hosting our website and communication tools (with data processing agreements in place)

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

5. International Data Transfers

Your data may be processed in Switzerland and, where necessary for legal proceedings, in Sweden and EU member states. Switzerland is recognized by the European Commission as providing an adequate level of data protection (Adequacy Decision 2000/518/EC, reaffirmed under GDPR).

If data is transferred to any country without an EU adequacy decision, we ensure appropriate safeguards through Standard Contractual Clauses (SCCs) or equivalent measures.

6. Data Retention

Data Category	Retention Period
Initial inquiry / contact data	2 years from last contact (if no membership)
Membership and claim-related data	Duration of proceedings + 10 years (Swiss statutory requirement)
Financial and operational evaluation data	Duration of evaluation + 3 years
Website analytics data	14 months
Contractual documents	10 years after termination (Swiss Code of Obligations, Art. 958f)

After the applicable retention period, your data is securely deleted or anonymized.

7. Cookies and Tracking

7.1 Strictly Necessary Cookies

We use essential cookies for website functionality (session management, security). These do not require consent and cannot be disabled.

7.2 Analytics Cookies

We may use analytics tools to understand how visitors use our website. Analytics cookies are only placed after you provide explicit consent. You can withdraw consent at any time through the cookie settings on our website.

7.3 No Marketing or Third-Party Tracking Cookies

We do not use marketing cookies, retargeting pixels, or third-party advertising trackers on this website.

8. Your Rights

8.1 Under the Swiss FADP

• Right of Access (Art. 25 FADP) — Request confirmation of whether we process your data and receive a copy within 30 days, free of charge
• Right to Rectification — Request correction of inaccurate or incomplete data
• Right to Erasure — Request deletion where no legal basis for retention exists
• Right to Data Portability (Art. 28 FADP) — Receive your data in a structured, machine-readable format
• Right to Object — Object to processing on grounds relating to your particular situation
• Right to Review of Automated Decisions (Art. 21 FADP) — Request human review of decisions made solely by automated means

8.2 Under the EU GDPR

If you are located in the EU/EEA, you additionally have:

• Right to Restrict Processing (Art. 18 GDPR) — Request restriction of processing in certain circumstances
• Right to Lodge a Complaint — You may file a complaint with your local Data Protection Authority or with the Swiss Federal Data Protection and Information Commissioner (FDPIC)

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encrypted communications (TLS/SSL), access controls, regular security assessments, and confidentiality obligations for all personnel handling personal data.

10. Data Breach Notification

In the event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you without undue delay. We will also notify the relevant supervisory authorities as required under the FADP and GDPR.

11. Children's Data

Our services are directed at businesses and professionals. We do not knowingly collect personal data from individuals under 16 years of age. If we become aware that we have collected such data, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by posting the updated policy on this page with a revised "Last updated" date. We encourage you to review this policy periodically.

13. Contact