Privacy Policy

1. Introduction

FlowAlp SAGL (“FlowAlp”, “we”, “us”, “our”) is committed to protecting your privacy and processing your personal data responsibly.

This Privacy Policy describes how we collect, use, store, and safeguard personal data when you visit flowalp.com, use our event-related and organizational management services (“Services”), or are part of a contractual relationship with us as an event organizer, organization, director, member, participant, or staff member.

By using our Website or Services, you acknowledge and agree to the terms of this Privacy Policy.

2. Data Controller

FlowAlp SAGL, Casella postale 1046, Via A. e M. Pini 32, 6710 Biasca, Switzerland.

3. Applicable Law & Jurisdiction

This Privacy Policy and all data-processing activities carried out by FlowAlp are governed exclusively by Swiss law, in particular the Swiss Federal Act on Data Protection (nFADP).

FlowAlp is not an EU-based company; however, the EU General Data Protection Regulation (GDPR) may apply only to the extent required when we process the personal data of individuals located in the European Union in the context of offering services to them.

Regardless of location, Swiss law is always the primary and exclusive jurisdiction.

4. Personal Data We Collect

We collect and process personal data necessary to provide and maintain our Services. This includes, but is not limited to:

Identity and contact data: names, addresses, emails, phone numbers, organizational roles.

Contractual and operational data: account setup information, event information, organization details, communication history.

Payment and financial data: billing information, payment details, transaction history, invoicing data, and fraud-prevention data.

Event-specific data: information required by event organizers, including clothing sizes, staff attributes, identification details, or any other data necessary for event participation or staff management.

Technical information: IP addresses, device identifiers, logs, usage data, and cookies.

We reserve the right to request and store additional information at any time, even after the contractual relationship has started, if required to deliver the Services or meet legal obligations.

5. Purpose of Processing

We process personal data to provide, operate, and improve our Services; to maintain contractual relationships; to manage user accounts and event configurations; to process payments and prevent fraud through certified payment processors; to ensure the security and integrity of our systems (including the use of Cloudflare); and to comply with legal and regulatory obligations.

We do not process more data than necessary for these purposes.

6. Legal Basis for Processing

Under Swiss law, we process personal data primarily based on contractual necessity, legitimate interests (e.g., service operation, fraud prevention, security), and legal obligations.

Where GDPR applies (EU users only), processing is based on Art. 6(1)(b) – contractual necessity, Art. 6(1)(f) – legitimate interests, Art. 6(1)(c) – legal obligation, and Art. 6(1)(a) – consent (only when explicitly required).

7. Data Sharing & International Transfers

We may share your data with certified payment processors, technical and hosting partners, security providers (including Cloudflare), event organizers where necessary, and legal authorities when required by law.

Our primary data storage is in Switzerland and the EU. Some service providers may process data outside Switzerland and the EU (e.g., USA).

Where international data transfers occur, we ensure adequate protection through contractual or legal safeguards.

8. Data Retention

We retain data only for as long as required to fulfil contractual obligations, provide Services, comply with legal, tax, and accounting requirements, and protect our legitimate business interests.

Data that is no longer required will be securely deleted or anonymized.

9. Cookies & Tracking Technologies

Our Website uses cookies and technical mechanisms to ensure functionality, security, analytics, and service optimization.

Users may disable non-essential cookies through browser settings, though this may limit website functionality.

10. Rights of Data Subjects

You have the following rights under Swiss law — and, where applicable, under GDPR: the right to access your personal data; the right to request rectification; the right to request deletion (“right to be forgotten”); the right to restrict or object to certain processing; the right to data portability (GDPR only); and the right to withdraw consent (when processing is based on consent).

To exercise any of these rights, contact us at info@flowalp.com. We may retain certain information when legally required (e.g., payment records for tax purposes).

11. Data Security

We implement industry-standard administrative, technical, and organizational measures to protect personal data from unauthorized access, loss, misuse, or alteration. This includes encryption, secure servers, access controls, and continuous monitoring.

No method of transmission or storage is fully secure, but we take all reasonable steps to safeguard your data.

12. Changes to This Privacy Policy

We may update this Privacy Policy at any time. Changes will be published on this page with an updated effective date. Continued use of our Services constitutes acceptance of the revised policy.