Privacy policy
Here's what happens to your data
Privacy Policy
The Morph Company Switzerland GmbH
As of June 16, 2026
1. Data Controller
The entity responsible for processing personal data in connection with this website is: The Morph Company Switzerland GmbH, Spinnereiweg 15, 3004 Bern, Switzerland
2. Scope and Legal Basis
We process personal data in accordance with the revised Swiss Data Protection Act (DSG) and, where applicable (e.g., for visitors from the EU/EEA), the EU General Data Protection Regulation (GDPR). Personal data refers to any information relating to an identified or identifiable individual. To the extent that the GDPR applies, we base our processing, depending on the purpose, on the performance of a contract (Art. 6(1)(b)), legitimate interest (Art. 6(1)(f)), consent (Art. 6(1)(a)), or a legal obligation (Art. 6(1)(c)).
3. Data Processing When Visiting the Website (Server Log Files)
When you visit the website, the hosting provider automatically collects data and stores it in log files: IP address, date and time of access, page/file accessed, amount of data transferred, browser type and version, operating system, and referrer URL. This is done to ensure secure and stable operation, to analyze errors, and to prevent misuse. The legal basis is our legitimate interest in secure operation. The log files are deleted after [30–90] days.
4. Hosting
This website is hosted by Google Cloud Platform (Google Cloud EMEA Ltd.) / Cloudflare, Inc. [1] Company (web hosting contract partner): Elementor Ltd. The provider processes the above data on our behalf based on a data processing agreement (DPA). Server location: Belgium (server location) / Israel (company headquarters) [1]
5. Content Delivery Network (Cloudflare)
We use the Content Delivery Network (CDN) provided by the following provider on our website Cloudflare Inc. (101 Townsend St, San Francisco, CA 94107, USA). A CDN is a network of regional servers that stores copies of our website content. When you visit our website, your request is routed through Cloudflare’s servers. In this process, technical log data—such as your IP address, system configurations, and information about data traffic—is processed in order to deliver the website.
We use Cloudflare to make our website load faster (performance optimization), improve delivery stability, and protect our website from cyberattacks (e.g., DDoS attacks).
Data processing is carried out in accordance with our legitimate interest in accordance with Art. 6(1)(f) of the GDPR to ensure the secure, fast, and efficient operation of our online services.
Since Cloudflare is a U.S. company, it cannot be ruled out that data may be transferred to the United States. Cloudflare Inc. is, in accordance with the EU-U.S. Data Privacy Framework (DPF) certified. In addition, the European Commission’s Standard Contractual Clauses (SCCs) were incorporated into the contracts to ensure an adequate level of data protection.
We have entered into a Data Processing Addendum with Cloudflare. This agreement requires Cloudflare to process our users' data strictly in accordance with our instructions and exclusively within the framework of the GDPR.
Cloudflare typically deletes the collected log data within 4 hours, but no later than a few days. For more details, see the Cloudflare Privacy Policy.
5. Cookies and analysis tools
Our website uses cookies (small text files stored in your web browser). These help us analyze how the website is used.
In order to constantly optimize our website and increase security, we use the following third-party services:
- Google reCAPTCHA: We use reCAPTCHA to protect your inquiries via the contact form. This service is used to distinguish whether an entry is made by a human or abusively by automated programs (bots). Your IP address and any other data required by Google will be transmitted to Google.
- YouTube videos: We integrate videos from the YouTube platform (Google Ireland Ltd.). We use the extended data protection mode so that, according to the provider, information about visitors is only stored when they play the video. However, data may be transferred to Google servers in the USA.
- We set Google Analytics in. The information generated about your use of this website is usually transferred to a Google server in the USA and stored there. We use IP anonymization to protect your privacy.
- Google Search Console: We use this service to monitor and diagnose errors on our website in Google search results. No personal data of website visitors is collected directly, but aggregated analysis data is processed.
- Google Ads (Conversion Tracking & Remarketing): We place advertisements via Google Ads. We use conversion tracking to determine whether a user has performed a specific action on our website after clicking on an ad. We also use remarketing functions to retarget users who have already visited our website on other pages in the Google advertising network.
- Google Tag Manager: This tool allows us to manage website tags via an interface. The Tag Manager itself (which implements the tags) does not collect any personal data, but triggers other tags, which in turn may collect data.
- Brevo (e-mail marketing & communication): We use Brevo to send our newsletter and/or communicate with our customers. The data you enter (e.g. e-mail address) is stored on Brevo's servers. Brevo enables us to analyze the newsletter campaigns (e.g. opening rates). We have concluded a corresponding data processing agreement with Brevo.
Note on data transfer: Google's services may transfer data to servers in the USA. We would like to point out that we use IP anonymization settings where possible and rely on the standard contractual clauses of the EU Commission and the Swiss-U.S. Data Privacy Framework to ensure an adequate level of data protection.
6. Making Contact
If you contact us via the contact form, by email, or by phone, we will process the information you provide (e.g., name, email address, content of the inquiry) to handle your request and for any follow-up questions. The legal basis is the initiation or fulfillment of a contract or our legitimate interest in responding to your inquiry. The data will be deleted as soon as it is no longer needed and there are no retention obligations that prevent its deletion.
7. Disclosure to Third Parties and Data Processing on Behalf of Third Parties
We disclose personal data only to the extent necessary to provide our services, if you have given your consent, or if we are legally required to do so. Service providers (e.g., hosting, IT, accounting, and shipping services) process data as data processors based on relevant contracts and exclusively in accordance with our instructions.
8. Retention Period
We process personal data only for as long as is necessary for the respective purposes or as required by statutory retention periods (e.g., under commercial and tax law). After that, the data is deleted or anonymized.
9. Data Security
We take appropriate technical and organizational measures to protect personal data from unauthorized access, loss, or misuse. However, data transmission over the Internet cannot be completely secure.
10. Your Rights
Under applicable law, you have, in particular, the right to access, rectification, erasure, and restriction of processing, as well as the right to data portability. To the extent that processing is based on consent, you may withdraw your consent at any time with future effect. To the extent that the GDPR applies, you also have the right to object to certain processing activities. To exercise this right, simply send a notice to the contact address listed above. We may request appropriate proof of identity for verification purposes.
You have the right to file a complaint with a supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC); where the GDPR applies, it is the data protection supervisory authority with jurisdiction over you.
11. Changes
We may update this Privacy Policy at any time. The version currently published on the website is the authoritative one.