Effective from: February 10, 2026
This policy describes how the verwalt.ch platform ("Platform") processes personal data. Processing is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), the Swiss Federal Act on Data Protection (nDSG, rev. 2023), and other applicable legislation. For organizations in Czechia: GDPR + zák. č. 110/2019 Sb.. For organizations in Slovakia: GDPR + z. č. 18/2018 Z.z.. For organizations in Switzerland (CH): nDSG (SR 235.1) (Fedlex). For organizations in Germany (DE): GDPR + BDSG — supervisory authority: Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI). For organizations in Austria (AT): GDPR + DSG — supervisory authority: Datenschutzbehörde (DSB). Supervisory authority for CH: Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB).
TimeDeals Pavelka
Berglistrasse 28a, 8180 Bülach, Švýcarsko
UID: CHE-393.597.780
Einzelunternehmen
E-mail: privacy@verwalt.ch
The platform operator acts as a processor within the meaning of Art. 28 GDPR / Art. 9 DSG in relation to member data of organizations. The platform processes data on behalf of and under the instruction of individual organizations.
The controller of personal data of members is always the relevant organization (association, HOA, interest group) that uses the platform to manage its members, voting, and documents. The organization determines the purposes and means of processing.
For data processed for the purpose of operation and security of the platform itself (account registration, login sessions, security logs, abuse protection), the operator acts as an independent controller.
| Category | Specific data | Required? |
|---|---|---|
| Account data | Email address, password hash (Argon2) | Yes |
| Sessions and security | Token hash, IP address, user-agent, time of last access | Automatically |
| Member data | Organization membership, role (member/admin), membership status | Yes |
| Voting records | Cast vote (FOR/AGAINST/ABSTAIN), time, member identifier | When voting |
| Audit logs | Action (type), actor identifier, time, context (org, IP) | Automatically |
| Email delivery records | Recipient address, subject, delivery status, send time | Automatically |
| Communication (forum, messages) | Message text, author, time, thread/channel | When using |
| Documents | Uploaded files, name, date, category, author | When uploading |
| Abuse protection | Number of failed logins, rate-limit records | Automatically |
We do not process special categories of data (sensitive data) within the meaning of Art. 9 GDPR, unless such data is entered into the system by users themselves or organization administrators (e.g., in document text). The relevant organization is responsible for user-entered content.
| Purpose | Legal basis (GDPR) | Legal basis (DSG) |
|---|---|---|
| Platform operation, account and organization management | Art. 6(1)(b) – contract performance | Art. 31(1) – processing for contract performance |
| Access security, abuse protection (rate limiting, login throttle) | Art. 6(1)(f) – legitimate interest of operator | Art. 31(1) – overriding interest |
| Activity recording (who/what/when) for management transparency | Art. 6(1)(f) – legitimate interest of organization and operator | Art. 31(1) – overriding interest |
| Voting and results recording | Art. 6(1)(b) – contract performance + Art. 6(1)(f) – legitimate interest | Art. 31(1) – contract performance and overriding interest |
| Email delivery records (proof of notification) | Art. 6(1)(f) – legitimate interest (provability of delivery) | Art. 31(1) – overriding interest |
| Communication with users (support, question resolution) | Art. 6(1)(b) – contract performance / Art. 6(1)(f) – legitimate interest | Art. 31(1) |
The legitimate interest in audit logs and voting records lies in the need for organizations to prove proper decision-making processes and in the need for the operator to protect platform integrity. This interest overrides the right to erasure, as erasure would make retrospective control and legal defense of the organization impossible (Art. 17(3)(e) GDPR). For organizations based in Czechia: § 258 et seq. Civil Code for associations, § 1200 et seq. Civil Code for HOAs. For organizations based in Slovakia: z. č. 83/1990 Zb., z. č. 182/1993 Z.z..
| Category | Retention period | Reason |
|---|---|---|
| Account data (email, password hash) | For the duration of account existence; upon account deletion, immediately and irreversibly anonymized (no retention period, no restoration) | Contract performance |
| Login sessions (session) | Max. 30 days (automatic expiration) | Security |
| Member data | For the duration of membership in the organization | Contract performance |
| Voting records | For the duration of organization existence; pseudonymized after account deletion | Art. 17(3)(e) GDPR – defense of legal claims |
| Audit logs | 5 years from record creation | Legitimate interest – retrospective control |
| Email delivery records | 3 years from sending | Proof of notification delivery |
| Forum and messages | For the duration of organization existence | Contract performance |
| Documents | For the duration of organization existence | Contract performance |
| Rate-limit records | Automatic expiration (window 1–60 minutes) | Temporary protection |
| Login attempts | 30 days from attempt (automatic expiration) | Brute-force protection |
IP addresses in the audit log are anonymized after 1 year. User agent is removed after 1 year. Accounting records (payments, invoices) are retained 10 years: for organizations in Czechia according to § 31 zák. č. 563/1991 Sb., for organizations in Slovakia according to the Accounting Act z. č. 431/2002 Z.z..
Audit logs and voting records serve to prove proper decision-making processes in the organization. These records cannot be deleted upon request as long as there is a legitimate interest of the organization in their retention (Art. 17(3)(e) GDPR — erasure does not apply if processing is necessary for the establishment, exercise, or defense of legal claims).
Upon deletion of the user account, identification data (email address, password hash, name) are immediately and irreversibly anonymized within one atomic transaction. The email address is replaced with a system placeholder text, the password hash is overwritten with a random value, and the name is removed. After deletion, there is no retention period and no possibility of account restoration.
Voting records and relevant audit logs are pseudonymized upon account deletion — the user identifier is replaced with an anonymous placeholder text, but the factual record itself (vote, action, date) remains preserved.
Email delivery records (EmailLog) serve as proof that the organization sent a notification to its members (e.g., voting invitation, results). These records are retained even after user account deletion, with the link to the user broken (userId is set to null).
We share data only to the necessary extent with the following recipient categories:
We do not sell data, do not provide it to advertising networks, and do not share it with third parties beyond the above.
The operator is based in Switzerland. The European Commission has recognized Switzerland as a country ensuring an adequate level of data protection (adequacy decision). Data transfer between the EU and Switzerland does not require additional safeguards.
For the email delivery service (Postmark/USA), the EU-U.S. Data Privacy Framework applies. In case of changes to this framework, appropriate measures will be taken (standard contractual clauses or another mechanism under Art. 46 GDPR).
The platform uses exclusively necessary (technical) cookies for managing the login session. These cookies:
We do not use analytical, marketing, or any other third-party cookies. Consent for cookies is therefore not required (exception under Art. 5(3) of Directive 2002/58/EC).
As a data subject, you have the following rights:
Send requests to privacy@verwalt.ch. For identity verification, we may request confirmation from the email address associated with your account. We will respond to the request without undue delay, at the latest within 30 days.
You can also submit an account deletion request directly in the profile settings on the platform (if this feature is available) or by email.
You can withdraw your consent at any time in the profile settings (Profile → Privacy → Withdraw consent). After withdrawal, your account will be suspended. To restore access, consent must be granted again.
If you believe that the processing of your data is not in accordance with legislation, you can lodge a complaint with the competent supervisory authority:
The platform implements appropriate technical and organizational measures to protect data:
Details about security measures can be found on the page Security.
We may update this policy in response to changes in legislation, platform features, or operational procedures. The current version is always available on this page. We will inform about substantial changes via the platform or by email.
For any questions regarding data protection, contact the designated data protection contact (DPO contact):
privacy@verwalt.ch (data protection / DPO contact)
info@verwalt.ch (general inquiries)
TimeDeals Pavelka
Berglistrasse 28a, 8180 Bülach, Švýcarsko
Last updated: February 10, 2026