Start a Project
Legal

Privacy Policy

Last updated: January 2026

Back to Home

01Data Controller

FORMA Architects AG, Bahnhofstrasse 42, 8001 Zürich, Switzerland («FORMA», «we», «us») is the data controller responsible for the processing of personal data collected through this website, in accordance with the Swiss Federal Act on Data Protection (nDSG, in force 1 September 2023) and, where applicable to persons in the EU, the EU General Data Protection Regulation (GDPR).

Questions regarding data protection may be directed to: privacy@forma-architects.ch

02Data We Collect

We collect personal data only to the extent necessary for the purposes described below. This includes:

  • Contact data — name, email address, phone number, and company or organisation name, provided when you submit an enquiry via our contact form.
  • Project and engagement data — project type, location, budget range, timeline, and any site or programme details voluntarily shared during an enquiry or commission. This may include site addresses, planning documentation, and project correspondence.
  • Technical data — IP address, browser type and version, operating system, referral URL, and pages visited, collected automatically when you browse this website.
  • Cookie data — session identifiers and analytics preferences (see Section 7).

03Legal Basis for Processing

We process your personal data on the following legal bases under Swiss and EU law:

  • Performance of a pre-contractual or contractual relationship — responding to your project enquiry and assessing or fulfilling a potential engagement (nDSG Art. 6(2)(b); GDPR Art. 6(1)(b)).
  • Legitimate interests — operating and improving our website, preventing fraud, and ensuring IT security, where our interests are not overridden by your rights (nDSG Art. 31; GDPR Art. 6(1)(f)).
  • Consent — sending project updates or marketing communications where you have given explicit consent. You may withdraw consent at any time without affecting the lawfulness of prior processing (nDSG Art. 6(6); GDPR Art. 6(1)(a)).
  • Legal obligation — retaining records as required by Swiss commercial, tax, and construction law (nDSG Art. 6(2)(a); GDPR Art. 6(1)(c)).

04How We Use Your Data

Your data is used exclusively for:

  • Responding to project enquiries and evaluating potential commissions.
  • Communicating project updates and correspondence during an active engagement.
  • Sending newsletters or studio updates where you have provided consent.
  • Administering our client relationships and fulfilling contractual obligations.
  • Analysing website usage in aggregate to improve user experience.
  • Complying with Swiss legal and regulatory obligations, including tax and audit requirements.

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

05Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable law:

  • Enquiry data (no engagement) — retained for 2 years from the date of last contact, then securely deleted.
  • Project and commission files — retained for a minimum of 20 years from project completion. This reflects the extended liability period applicable to construction works under Swiss law (Art. 371 OR), during which defects in a building may give rise to claims.
  • Accounting and business records — retained for 10 years in accordance with Swiss commercial law (Art. 958f OR).
  • Technical and analytics data — retained in anonymised or aggregated form for up to 26 months.
  • Marketing consent records — retained until consent is withdrawn, plus 3 years for compliance purposes.

06Third-Party Processors

We engage trusted service providers who may process personal data on our behalf. All processors are bound by data processing agreements and may only process data on our documented instructions:

  • Email delivery — our SMTP provider processes email content for the sole purpose of transmission.
  • Web hosting — our hosting provider stores website files and server logs on infrastructure located in the EU/EEA or Switzerland.
  • Analytics — where analytics are enabled, data is processed in anonymised form only; no individual user profiles are created.

We do not use social media tracking pixels, advertising networks, or cross-site tracking technologies on this website.

07Cookies

This website uses only technically necessary cookies required for the website to function correctly (e.g. session management). No third-party advertising or tracking cookies are set without your explicit consent.

You may manage cookie preferences through your browser settings at any time. Please note that disabling technically necessary cookies may affect website functionality.

08International Data Transfers

Your personal data is processed primarily within Switzerland and the EU/EEA, both of which provide an adequate level of data protection recognised by the other. Should data be transferred to a country outside these jurisdictions, we ensure appropriate safeguards are in place — such as EU Standard Contractual Clauses (SCCs) or the Swiss equivalent standard data protection clauses — in accordance with nDSG Art. 16 and GDPR Art. 46.

09Your Rights

Under Swiss and EU data protection law, you have the following rights with respect to your personal data:

  • Right of access — to receive a copy of the personal data we hold about you.
  • Right to rectification — to request correction of inaccurate or incomplete data.
  • Right to erasure — to request deletion of your data where there is no compelling reason for continued processing.
  • Right to restriction — to request that we limit processing of your data in certain circumstances.
  • Right to data portability — to receive your data in a structured, machine-readable format where processing is automated.
  • Right to object — to object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent — to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact privacy@forma-architects.ch. We will respond within 30 days. In cases of complexity or high volume, we may extend this period by a further 60 days, in which case we will notify you of the extension and the reasons within the initial 30-day period.

10Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority:

  • Switzerland — Federal Data Protection and Information Commissioner (FDPIC) www.edoeb.admin.ch · edoeb@edoeb.admin.ch
  • EU residents — the data protection authority of your country of residence. We would, however, welcome the opportunity to address your concerns directly before you contact a supervisory authority.

11Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The date at the top of this page indicates when the policy was last revised. We encourage you to review it periodically.

For the Terms governing use of this website, please see our Website Terms of Use.