Legal

Data Processing

When Baselink builds and operates systems for clients, we may process personal data on your behalf as a processor. This page summarises our data-processing commitments. It complements — and does not replace — a signed Data Processing Agreement (DPA).

Last updated: 24 June 2026 · Version 1.0.0

1. Data Processing Agreement (DPA)

Where Baselink processes personal data on your behalf, we enter into a Data Processing Agreement that meets the requirements of the nFADP and, where applicable, Art. 28 GDPR. A DPA is available on request — contact support@baselinksolutions.ch.

2. Customer privacy commitments

  • We process client personal data only on documented instructions and for the agreed purposes.
  • We apply data minimisation — we help you collect and retain only what you need.
  • Persons authorised to process the data are bound by confidentiality.
  • We assist you, as far as reasonably possible, with data-subject requests and security obligations.
  • On termination, we return or delete personal data according to the agreement.

3. Data security measures

We maintain appropriate technical and organisational measures, including:

  • Encryption in transit (HTTPS/TLS) and, where appropriate, at rest.
  • Hardened HTTP security headers and a content-security policy on web surfaces.
  • Role-based access controls and least-privilege access.
  • Separation of environments and controlled deployment processes.
  • Logging and monitoring proportionate to the service.
  • Backup and recovery practices appropriate to the system.

4. Subprocessor management

Where we engage subprocessors (for example, hosting or email infrastructure), we impose data-protection obligations equivalent to ours, and we remain responsible for their performance. A current list of subprocessors for a given engagement is provided on request, and we inform clients of material changes in line with the DPA.

5. Hosting providers

Systems are hosted on reputable infrastructure providers, primarily in Switzerland or the EU/EEA. The specific hosting location for an engagement is documented in the relevant agreement; transfers abroad are covered by appropriate safeguards (see the Privacy Policy).

6. Data access controls

Access to client data is restricted to authorised personnel who need it for the service, is governed by role-based permissions, and is granted on a least-privilege basis. Access is reviewed and revoked when no longer required.

7. Confidentiality

All Baselink personnel and contractors are bound by confidentiality obligations covering client data and systems, both during and after the engagement.

8. Customer rights & assistance

We support our clients in meeting their own obligations as controllers, including responding to data-subject requests (access, correction, deletion, objection) and to data-security incidents, within the scope and timelines defined in the DPA.

9. Contact

For data-processing questions, DPAs, or the subprocessor list, contact support@baselinksolutions.ch. See also our Privacy Policy and Impressum.

This document is provided for transparency and will be completed with Baselink's registered company details once registration is finalised. It should be reviewed by qualified counsel before being relied upon and does not constitute legal advice. Questions: support@baselinksolutions.ch.