Last updated: April 22, 2026

    Privacy Policy

    This policy explains how EcomRules collects, uses and protects your personal data when you visit www.ecomrules.com or fill out one of our forms. It complies with the new Swiss Federal Act on Data Protection (nFADP) in force since September 1, 2023 and, for users resident in the European Union, with Regulation (EU) 2016/679 (GDPR).

    1. Data controller

    The controller of your data is Stefan Rakic, operating as a sole proprietorship under the trade name "Ecom Rules di Stefan Rakic", based at Via alla Morettina 24, 6600 Locarno, Switzerland (UID: CHE-326.134.419).

    You can reach the controller at any time via email at info@ecomrules.com.

    2. Data we collect

    We only collect data that you provide to us directly or that is automatically generated by browsing the site:

    • Contact form data: name, business description, marketing experience, goal, preferred contact channel (phone, WhatsApp or email), contact details.
    • Onboarding form (Brand Discovery) data: same as above plus brand info such as tone of voice, visual preferences and any uploaded logo file.
    • Browsing data: IP address, browser type, operating system, pages visited, referrer.
    • Technically necessary cookies (e.g. language preference).
    • Analytics and marketing cookies, only if you've given explicit consent through the cookie banner.

    3. Purposes of processing and legal bases

    We process your data for the following purposes, each based on a specific legal basis:

    • Replying to contact requests and providing information about our services. Basis: pre-contractual measures at your request.
    • Performing the contract if you become a customer. Basis: contract performance.
    • Sending marketing emails via Mailchimp (only if you subscribed and consented). Basis: explicit consent, revocable at any time.
    • Aggregated statistical analysis of site traffic via Google Analytics 4. Basis: explicit consent via cookie banner.
    • Targeted advertising via Google Ads and Facebook Pixel to measure conversions and show relevant ads. Basis: explicit consent via cookie banner.
    • Compliance with legal obligations (e.g. tax archiving). Basis: legal obligation.

    4. Recipients of the data

    Your data may be shared with the following parties, always limited to what is necessary for the purposes described:

    • n8n (workflow automation provider), hosted on Elestio, servers in the European Union. Receives form data for routing and storage.
    • Google LLC (USA): Google Sheets as lead archive, Google Analytics 4 for statistics, Google Ads for advertising campaigns.
    • Intuit Inc. / Mailchimp (USA): email marketing platform, if you've consented.
    • Meta Platforms Inc. (USA): Facebook Pixel for ad conversions, only with consent.
    • Competent authorities when required by law.

    We do not sell or rent your data to third parties for their marketing purposes.

    5. Data transfers outside Switzerland and the EU

    Google, Meta and Mailchimp are US-based companies. Transfers of your data to these companies take place on the basis of the EU-US Data Privacy Framework (DPF) and the new adequacy mechanism recognized by the European Commission and the Swiss Federal Data Protection and Information Commissioner (FDPIC / EDÖB).

    These companies are DPF self-certified, ensuring a level of data protection considered adequate.

    6. Retention periods

    We retain your data only for the time strictly necessary for the processing purposes:

    • Contact form data: maximum 2 years from last contact if no commercial relationship is established, otherwise for the duration of the relationship plus 10 years for tax obligations.
    • Mailchimp subscribers: until you unsubscribe from the newsletter.
    • Analytics data: 14 months (Google Analytics 4 default).
    • Browsing logs: maximum 12 months.

    7. Your rights

    At any time, you can exercise the following rights over your personal data:

    • Access: receive confirmation of processing and a copy of the data concerning you.
    • Rectification: correct inaccurate or incomplete data.
    • Erasure: obtain deletion of data concerning you.
    • Restriction: limit the processing of your data.
    • Portability: receive data in a structured format and transmit it to another controller (GDPR right).
    • Objection: object to processing on legitimate grounds.
    • Consent withdrawal: withdraw at any time consent given, without affecting the lawfulness of processing based on consent before withdrawal.

    To exercise your rights, write to info@ecomrules.com. We respond within 30 days.

    8. Right to lodge a complaint

    If you believe that the processing of your data violates applicable law, you can file a complaint with:

    • Switzerland: Federal Data Protection and Information Commissioner (FDPIC / EDÖB) — www.edoeb.admin.ch
    • Italy: Garante per la protezione dei dati personali — www.garanteprivacy.it
    • Other EU countries: the national data protection authority of your country of residence.

    9. Security measures

    We have adopted appropriate technical and organizational measures to protect your data from unauthorized access, loss, alteration or disclosure. These include: HTTPS/TLS encrypted connections, access limited to authorized personnel, hosting on servers compliant with industry security standards.

    10. Changes to this policy

    We may update this policy to reflect regulatory or operational changes. The last update date is shown at the top of this page. Please review it periodically.