Privacy Policy
How we handle your personal data
Free State AG takes the protection of your personal data seriously. We treat your data confidentially and in accordance with the revised Swiss Federal Act on Data Protection (revFADP, in force since 1 September 2023) and — where applicable — the EU General Data Protection Regulation (GDPR). This privacy policy describes which data we collect, for what purpose we use it, with whom we share it, and what rights you have as a data subject.
Data Controller and Data Collection
The controller responsible for the processing of personal data on this website within the meaning of the revFADP and the GDPR is: Free State AG Stettemerstrasse 40 8207 Schaffhausen, Switzerland Email: info@freestate.ch Phone: +41 52 525 33 05 Legal representative: Ivan Miric, Member of the Board of Directors and Managing Director. We collect personal data in two ways: actively, when you provide it to us (e.g., via the contact form, the newsletter form, the solar calculator, maintenance requests, or when registering a customer account), and automatically through our IT systems when you visit the website (technical connection data such as browser, operating system and time of access).
Automatically Collected Server Logs
When you visit our website, our web servers temporarily store each access in a log file. The following data is automatically recorded and stored until automatic deletion after a maximum of 30 days: • IP address of the requesting device (truncated or anonymized) • Date and time of access • Name and URL of the retrieved file • Referring website (referrer URL) • Browser used and operating system • Name of your internet access provider The processing is carried out on the basis of our legitimate interest (Art. 31 para. 2 lit. d revFADP and Art. 6 para. 1 lit. f GDPR) in the stable operation of the website, IT security and protection against abuse. This data is not combined with other data sources and is not used to create user profiles.
Cookies and Consent Management
Our website uses cookies and comparable technologies (e.g., localStorage). Cookies are small text files placed on your device. They differ by purpose: • Strictly necessary cookies: required for the operation of the website (e.g., language preference, login session, the cookie consent itself). These cannot be deselected. • Analytics cookies: enable us to evaluate usage behavior anonymously and improve the website. • Marketing cookies: used to deliver personalized content and advertising. The first time you visit our website, a cookie banner appears in which you can decide per category whether you consent to their use. Analytics and marketing cookies are only set after your explicit consent (Art. 31 para. 1 revFADP / Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time for the future by reopening the cookie settings via the link at the bottom of the page. As long as you have not given consent, no analytics or marketing cookies are loaded, and our analytics services run in "Consent Mode v2 — denied" mode, i.e., without setting identifying cookies.
Web Analytics, Tag Management and Usage Measurement
Subject to your consent, we use the following services to understand how our website is used and to improve our offering. Without your consent, these services are not activated. 1) Google Tag Manager Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a management tool that allows us to embed measurement and analytics tags centrally. The Tag Manager itself does not create user profiles and does not set its own cookies. However, it loads other services (see below) that process data themselves. 2) Google Analytics 4 (GA4) Provider: Google Ireland Limited. GA4 produces anonymized statistics about the use of our website (e.g., page views, session duration, country of origin, device type, traffic source). The IP address is truncated before storage ("IP Anonymization") and individual users are not directly identified. We operate GA4 with Google Consent Mode v2 enabled and with advertising features ("Google Signals") disabled. The retention period for event data in GA4 is 14 months. 3) Hotjar Provider: Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta. Hotjar produces aggregated heatmaps and — on certain pages (in particular the solar calculator and the customer area) — pseudonymized session recordings to identify usability issues. Keystrokes in form fields are masked by default; sensitive content (customer data, contracts) is not recorded. Hotjar sets cookies with a maximum lifetime of 365 days. 4) Google Search Console Provider: Google Ireland Limited. Google Search Console is used exclusively for verifying domain ownership and analyzing anonymous SEO statistics (e.g., incoming search queries from Google). It does not set any cookies on this website and does not process any personal data of our visitors. Legal basis: consent (Art. 31 para. 1 revFADP / Art. 6 para. 1 lit. a GDPR). Data transfer to the USA: GA4, Google Tag Manager, Google Search Console and Hotjar partly process data in the USA. Google is certified under the EU-US Data Privacy Framework; Hotjar primarily processes data in the EU but may use sub-processors in third countries. Where data is transferred to a country without an adequate level of data protection, we rely on Standard Contractual Clauses pursuant to Art. 16 revFADP / Art. 46 GDPR.
Links to Social Networks
In the footer of our website you will find links to our profiles on Facebook, Instagram and LinkedIn. These are explicitly simple hyperlinks, not embedded plugins or tracking pixels. Merely visiting our website does not transfer any data to these social networks. Only when you actively click one of these links will you be redirected to the respective platform, and from that point on the privacy provisions of the respective provider apply exclusively. We have no influence over what data is collected or processed there. • Facebook (Meta Platforms Ireland Ltd.): https://www.facebook.com/privacy/policy • Instagram (Meta Platforms Ireland Ltd.): https://privacycenter.instagram.com/policy • LinkedIn (LinkedIn Ireland Unlimited Company): https://www.linkedin.com/legal/privacy-policy
Google Maps
On certain pages (in particular the contact page and the solar calculator for address entry and roof area selection) we embed interactive maps from Google Maps. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In order for the maps to be displayed correctly, your browser transmits technical connection data (in particular your IP address) to Google when you use these features. Processing in the USA cannot be ruled out. This processing is necessary to provide the function you actively requested (e.g., address entry in the solar calculator) and is based on our legitimate interest in a user-friendly online application as well as — where an explicit configuration step is required — on your consent. For more information on the handling of user data by Google, please see: https://policies.google.com/privacy
Newsletter
If you would like to subscribe to our newsletter, we require a valid email address from you as well as information that allows us to verify that you are actually the owner of the email address provided (double opt-in procedure). The data required for sending is processed exclusively on the basis of your consent (Art. 31 para. 1 revFADP / Art. 6 para. 1 lit. a GDPR). You can withdraw the subscription and the underlying consent at any time for the future, for example via the unsubscribe link in any newsletter or by emailing info@freestate.ch. The legality of the processing carried out up to the withdrawal remains unaffected.
Solar Calculator, Contact Requests and Electronic Contract Signing
Our solar calculator guides you step by step through a needs-based design of a photovoltaic system and — if desired — through to the conclusion of a Solar Free contract. In doing so, we process the following categories of personal data: • Address and location data for evaluating the roof area (via map services) • Consumption and building data (e.g., electricity consumption, roof inclination, planned devices such as a heat pump or wallbox) • Contact data (name, address, telephone number, email address) • In addition, when concluding a contract: date of birth, AHV data or comparable identification features, where required for contract verification The processing of this data is carried out for the initiation and performance of a contract (Art. 31 para. 2 lit. a revFADP / Art. 6 para. 1 lit. b GDPR) or — if you submit a request without concluding a contract — on the basis of your consent. For the legally binding electronic signing of contracts we use Swisscom Trust Services AG (Konradstrasse 12, 8005 Zurich, Switzerland) as a trust service provider. Swisscom Trust Services is licensed as a qualified trust service provider under the Swiss Federal Act on Electronic Signatures (ZertES) and enables the creation of qualified electronic signatures with statutorily recognized evidentiary value. As part of the signing process, identification data and biometric features (e.g., Mobile ID confirmation) are transmitted to Swisscom Trust Services. For more information, please see https://trustservices.swisscom.com. We also process maintenance requests, support tickets and data from the customer area ("Dashboard") for the purposes of contract performance and to comply with statutory retention obligations.
Your Rights as a Data Subject
Under the revFADP and the GDPR you have the following rights: • Right of access: you can request information about the data stored about you free of charge at any time, including its origin, recipients, purpose and retention period. • Right to rectification: you can request the correction of inaccurate data or the completion of incomplete data. • Right to erasure: you can request the deletion of your data, unless statutory retention obligations or other legitimate interests prevent it. • Right to restriction of processing: under certain conditions. • Right to data portability (GDPR): you can receive the data you have provided in a structured, commonly used, machine-readable format. • Right to withdraw consent: any consent you have given can be withdrawn at any time for the future. • Right to object: you can object to the processing of your data on grounds relating to your particular situation. To exercise your rights, please contact us at info@freestate.ch. To safeguard the security of your data, we may need to verify your identity before processing the request. Right to lodge a complaint: you have the right at any time to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC, https://www.edoeb.admin.ch) or — if you are resident in the EU — with your competent national data protection authority.
Retention and Deletion
We store personal data only for as long as is necessary for the respective purposes or required by statutory retention obligations. The following retention periods apply: • Server log files: maximum 30 days • Cookie consent records: up to 12 months from last confirmation • Google Analytics 4 event data: 14 months • Hotjar recordings: maximum 365 days • Newsletter subscription data: until consent is withdrawn • Contact and inquiry data: up to 24 months after the inquiry has been concluded • Contract and accounting data: 10 years pursuant to Art. 958f Swiss Code of Obligations • Customer account data ("Dashboard"): until deletion of the account by you or 24 months after last login After the respective period has expired, the data is deleted or anonymized.
Contact for Data Protection Matters
If you have any questions regarding data protection, the exercise of your rights or other concerns, please contact: Free State AG Attn: Data Protection Stettemerstrasse 40 8207 Schaffhausen Switzerland Email: info@freestate.ch Phone: +41 52 525 33 05 Free State AG is not required to appoint an external data protection officer pursuant to Art. 10 revFADP or Art. 37 GDPR. For data protection matters, please use the address above.
Last updated: April 2026