top of page

Data Protection

We take the protection of your personal data and compliance with applicable data protection laws very seriously. The following statement gives you an overview of how we ensure this protection and what type of data is collected for what purpose and how we process it.


In order for Cardea to be able to offer the services offered to all visitors to the Cardea website and/or customers, Cardea requires various user data. Depending on how you use the Cardea services and/or web services, this may also include personal data that comes from the user themselves or from third parties.

The processing of personal data, such as the name, address, email address or telephone number of a data subject, is always carried out in accordance with the country-specific data protection regulations applicable to Cardea AG. Cardea AG has implemented all necessary technical and organizational measures to ensure complete protection of personal data transmitted and processed via Cardea AG's website or other sources. However, internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. Therefore, every user of Cardea services is free to send us personal data via alternative means (e.g. by letter, telephone). By using the Cardea services and/or agreeing to the General Terms and Conditions, users/customers agree to the processing of the collected data in the manner described and for the stated purpose.

Legal basis

Cardea AG and the websites and/or internet-based services it provides are subject to Swiss data protection law (DSG) and any applicable foreign data protection law such as the European Union's General Data Protection Regulation (GDPR). The EU recognizes that Swiss data protection law ensures adequate data protection. Cardea AG can change this data protection declaration at any time by publishing it on the website.

Responsible body

The body responsible for data processing on and in connection with this website is Cardea AG, Winkelriedstr. 27, 8006 Zurich (hereinafter: “Cardea”). Further and detailed information about Cardea can be found at Contact.


Collection and processing of personal data

When you visit the websites, your IP address, the files accessed on the website, the amount of data transferred, the server response code to your browser's request, the type of browser you use, and the date and duration of the visit are stored.

For this purpose, Cardea uses tracking systems to obtain information about the search behavior of users in order to improve the offer. The data is statistically evaluated in a summarized form for the ongoing optimization of the websites. This tracking data does not allow any conclusions to be drawn about individual users (personal data). Cardea also uses anonymized user data for the purposes of market research and advice.

Cardea may ask users to provide voluntary personal information. Generally, such information is requested when the user registers for an online service, when the user wishes to submit information in connection with an online transaction, or when the user contacts Cardea about the website or services. Cardea is entitled to process the data about users received in relation to or in connection with the business relationships, regardless of whether they come from the user themselves or from third parties, in accordance with the legal basis/data protection laws. This applies in particular to:

  • When the user registers, they will be asked to provide personal information, such as name, email address and other contact details. This information is recorded. This is necessary in order to be able to recognize logged in users of the website. It may be that it is recorded which services the user prefers so that Cardea can tailor the offer and services personally to the user.

  • If the user takes part in a competition, customer event or other sales promotion, Cardea may ask for the user's name, address, telephone number and email address for organizational reasons.

  • If the user purchases something from the website, e.g. an advisor profile, Cardea requires the user's name, address, telephone number and email address to process the order. In addition, information about the method of payment is required for paid services. These are stored securely by Cardea.

  • If the User chooses to submit through the Website personal information that Cardea or its business partners require, for example to correspond with the User, Cardea will inform the User how such data will be used. If the user does not wish this data to be used as a basis for further contact with him and the user informs Cardea of this, Cardea will comply with the request.

  • If Cardea uses the personal information and data that Cardea receives from other sources to inform the user about services, for administration and customer service, for marketing activities, to analyze the user's preferred purchasing decisions and to ensure that of Services, content and advertising offered to Cardea can be tailored to the needs and interests of the user. For these purposes, Cardea may retain user information for a reasonable period of time, may be required to transmit such information to service providers and agents, or may need to disclose personal information to comply with law or regulation.

  • Cardea intends to continually improve the content and functionality of the website. For this reason, Cardea may monitor traffic patterns and usage of the website in order to improve the design and structure of the website and to offer interesting content.


  • Cardea undertakes to treat data that has not been released confidentially and in particular not to make it accessible to third parties.

  • Every user is obliged to treat emails and other contact details of users that they receive in connection with the use of Cardea and its websites confidentially and not to make them accessible to third parties without the consent of their author.

Your rights to information and change/deletion

You are entitled to receive information about the data that you have provided to Cardea or that Cardea has stored about you. And of course, you can have us correct incorrect data at any time or request that stored data be deleted. If the user's personal information changes, the user's opinion about any marketing benefits changes, or if questions arise about the use of the data, Cardea will be responsible for reachable.

Security of user data – How is the data protected?

Cardea offers a secure server for placing orders or accessing account information. Cardea takes appropriate measures to ensure that the data transmitted is kept secure, accurate and up-to-date and that it is only kept for as long as necessary for the purposes of use.

The personal data is protected against unauthorized processing by appropriate technical and organizational measures (Art. 7 DSG). The user is responsible for keeping his user data confidential and for all activities carried out through his access. He is obliged to treat the user names and passwords assigned to him confidentially and to only make them accessible to authorized persons within the company.

The personal settings that a user enters are saved. This ensures that every user finds their personal settings every time they log in. Cookies are usually used for this. The user has the option of preventing the installation of cookies through the appropriate browser settings. However, refusing cookies can have a negative impact on the unrestricted use of the website.

Declaration of consent and information about other people:

  • By submitting personal information, the user consents to the processing of personal data, including critical personal data, for the purposes mentioned above. The user also agrees to the transfer of the data to countries or jurisdictions that do not offer the same level of data protection as the country in which the user is located (e.g. Germany), if this is necessary for the purposes mentioned above. If Cardea carries out such a data transfer, Cardea or the receiving party may enter into a contract to ensure the protection of the data.

  • If the User submits information to Cardea about another person, the User thereby confirms that he has been authorized by that person to act on his or her behalf, that that person consents to the processing of personal data, including critical personal data, and that the User informed the person about the identity and the purposes listed above for which the personal data will be used. When Cardea contacts that person for the first time, they may be told from where Cardea received the data.


In order for Cardea to offer the user a personalized service, the user may be asked to set up one or more passwords. This gives the user access to certain services or areas of the website or the website(s) of other providers whose products or services are available via a link from the website. If necessary, Cardea may forward the information about the submitted password to these authorized providers. The user is responsible for checking and using his or her passwords.

No liability

Cardea assumes no liability whatsoever as to the correctness, accuracy, timeliness, reliability and completeness of the information on the website. Liability claims against Cardea as the operator of the website due to material or immaterial damage caused by access, use or non-use of the information, technical malfunctions or similar are excluded. All offers are non-binding and can be completely changed or discontinued at any time. This also applies to products or services from providers to whom contact requests from users were forwarded after their consent.

Cardea also offers links to external third-party websites. Cardea assumes no responsibility for the content or privacy policies of third-party websites or third-party advertisers, nor for the manner in which they use data from their users. In particular, unless expressly stated, Cardea is not an agent for these websites or advertisers and has no authority to represent them.

Other provisions/place of jurisdiction

Swiss law applies exclusively to the contractual relationships between Cardea and the respective user. The place of jurisdiction is the city of Zurich. However, Cardea is authorized to assert its rights also at the user's domicile or before any other competent authority. The current version published on the Internet applies between the user and Cardea.Conditions.


Hosting Provider & Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • IP address

  • Browser type and browser version

  • operating system used

  • Referrer URL

  • Host name of the accessing computer

  • Time of server request

This data cannot be directly assigned to specific persons. This data will not be merged with other data sources. We reserve the right to subsequently check this data if we become aware of concrete indications of illegal use.

This data and all data on this website are stored by our hosting provider Hoststar – Multimedia Networks AG, Kirchgasse 30, CH-3312 Fraubrunnen (

Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheater, Parkway Mountain View, CA 94043, USA (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable the use of the website to be analyzed. The information generated by cookies about the use of the website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on the website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by the browser as part of Google Analytics is not merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google under the following link Download and install available browser plugin.

We have concluded a corresponding contract for data processing with the provider.


The newsletter is sent using “Vtiger”, a CRM software with offices in San Francisco, California (22028 Lindy Lane, Cupertino, CA 95014) and Bangalore, India (No. 18, 20th Main Block, Rajaji Nagar, Bangalore - 2) .

The email addresses of our newsletter recipients, as well as their other data described in this information, are stored on Vtiger's servers in India and the USA. Vtiger uses this information to send and evaluate the newsletters on our behalf. Furthermore, according to its own information, Vtiger can use this data to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletter or for economic purposes to determine which countries the recipients come from. However, Vtiger does not use the data of our newsletter recipients to write to them ourselves or to pass them on to third parties.

We trust in the reliability and IT and data security of Vtiger. Vtiger is covered under the US-EU Data Protection Agreement “Privacy Shield“certifies and thus undertakes to comply with EU data protection regulations. Furthermore, with Vtiger we have a “Data Processing Agreement" completed. This is a contract in which Vtiger undertakes to protect our users' data, to process it on our behalf in accordance with its data protection regulations and, in particular, not to pass it on to third parties. You can read Vtiger's privacy policy.view here.

Google Fonts

Google Fonts are used on this website. To our knowledge, no personal data is stored by Google. For technical reasons, your IP address must be transmitted to Google so that the fonts can be transferred to your browser. You can find more information from Google about Google Fonts view.



Plugins from the social network Facebook (Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA) are integrated into our pages. You can recognize the Facebook plugins by the Facebook logo on our site. You can find an overview of the Facebook plugins here:

When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited our site with your IP address. This allows Facebook to assign your visit to our pages to your user account. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information can be found in Facebook's privacy policy at:


If you do not want Facebook to be able to assign your visit to our pages to your Facebook user account, please log out of your Facebook user account.


Functions of the Twitter service are integrated on our sites. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. This data is also transmitted to Twitter. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Twitter. Further information can be found in Twitter's privacy policy at:

You can change your privacy settings on Twitter in your account settings under: change.


Our pages use functions from Google+. The provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA.

Collection and sharing of information: You can use the Google+ button to publish information worldwide. Using the Google+ button, you and other users receive personalized content from Google and our partners. Google stores both the information that you gave +1 to a piece of content and information about the page you viewed when you clicked +1. Your +1 can be displayed as information along with your profile name and your photo in Google services, such as in search results or in your Google profile, or elsewhere on websites and advertisements on the Internet.

Google records information about your +1 activities to improve Google services for you and others. In order to use the Google+ button, you need a globally visible, public Google profile, which must contain at least the name chosen for the profile. This name is used across all Google services. In some cases, this name may also replace another name you used when sharing content through your Google Account. The identity of your Google profile may be displayed to users who know your email address or have other identifying information about you.

Use of the information collected: In addition to the purposes explained above, the information you provide will be used in accordance with the applicable Google data protection regulations. Google may publish aggregated statistics about users' +1 activities or pass them on to users and partners, such as publishers, advertisers or affiliated websites.

Note: On April 2, 2019, Google+ will be discontinued for private users. From this date, Google will begin deleting content from Google+ consumer accounts. Google+ photos and videos in the album archive and on the Google+ pages will also be deleted.


For marketing and optimization purposes, products and services from WiredMinds AG ( used. Data is collected, processed and stored from which usage profiles are created under a pseudonym. Where possible and useful the usage profiles are completely anonymous. Cookies can be used for this. Cookies are small text files that are stored in the visitor's Internet browser and are used to recognize the Internet browser. The data collected, which may also include personal data, is transmitted to WiredMinds or collected directly by WiredMinds. WiredMinds may use information left by visits to the websites to create anonymized usage profiles. The data obtained will not be used to personally identify the visitor to this website without the separate consent of the person concerned and will not be combined with personal data about the bearer of the pseudonym. If IP addresses are collected, they are anonymized immediately after collection by deleting the last block of numbers. The collection, processing and storage of data can be objected to at any time with effect for the future.

If you object to the further and future recording of your visitor session for web analysis, click on the following link (this function is cookie-based and therefore browser-dependent): exclude from website tracking


Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time one of our pages that contains LinkedIn functions is accessed, a connection is established to LinkedIn servers. LinkedIn is informed that you have visited our website with your IP address. If you click on LinkedIn's “Recommend button” and are logged into your LinkedIn account, LinkedIn will be able to assign your visit to our website to you and your user account. We would like to point out that, as providers of the pages, we have no knowledge of the content of the data transmitted or how it is used by LinkedIn.

Further information can be found in LinkedIn's data protection declaration at:


Our website uses functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Every time you access one of our pages that contains XING functions, a connection is established to XING servers. To our knowledge, personal data is not stored. In particular, no IP addresses are stored or usage behavior is evaluated.

Further information about data protection and the XING share button can be found in the XING data protection declaration at:


Cookies & Web beacons

Cardea may use cookies, web beacons, etc. to be able to provide you with our services more individually. Cookies are small files that are stored in the browser of your PC during your visit to the Cardea website. Our cookies do not contain any personal information, so your privacy and personality remain protected. Most browsers accept cookies automatically. If you would like to view our website without cookies, you can prevent cookies from being stored on your PC by selecting “Do not accept cookies” in your browser settings. If you do not accept cookies, this may lead to functional restrictions on our offerings

  • Cardea may use information about the user that Cardea obtains via cookies. These are files that are transferred to Cardea from the user's computer or other access device and which Cardea may access when the user views an email from Cardea or when the user visits the website in the future. Cardea makes this possible through so-called web beacons (sometimes referred to as clear GIFs or web bugs) in emails. Cardea uses cookies and web beacons to identify users and to personalize the website and services and to monitor the success of Cardea's marketing campaigns. These facilities store small pieces of information about website visitors. This means that these visitors can be identified and greeted the next time they visit the website. It also means that when the user opens an email from Cardea, Cardea can see which pages of the website the user views during their visit.

  • If the user wants to delete the cookies already on their computer, they are asked to follow the instructions of their file management software to find the file or directory in which cookies are stored. If the user wants to prevent cookies from being stored on the computer in the future, the browser provider's instructions can be read by clicking on "Help" in the browser menu. For more information about deleting or controlling cookies, visit The user should note that deleting cookies or blocking future cookies may prevent access to certain areas or functions of the website.

  • Web beacons do not store any other information on the user's computer, but they tell Cardea via cookies on the user's computer when the user has opened an email from Cardea. If the user objects to the use of web beacons, it is recommended to follow the instructions for deleting existing cookies and blocking future cookies. Cardea still knows how many emails have been opened by Cardea and automatically receives the user's IP address (a unique identifier of the user's computer or other access device), but the user is not personally identified. With or without web beacons, the IP address can be recorded when you visit the website.

Newsletter data/info services

If you would like to receive the newsletter or other information offered on the website on a one-off or regular basis, we need an email address from you as well as information that allows us to verify that you are the owner of the email address provided and with You agree to receive the newsletter/information service. We use this data exclusively to send the requested information.

You can revoke your consent to the storage of data, the e-mail address and their use to send the newsletter at any time, for example via the “unsubscribe” link in the newsletter.

Registration for our newsletter takes place in a so-called double opt-in process. This means that after registering you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can log in with someone else's email address.

Registrations for the newsletter are logged in order to be able to provide evidence of the registration process in accordance with legal requirements. This includes storing the registration and confirmation times as well as the IP address. The changes to your data stored at MailChimp are also logged.

As of: July 2023

bottom of page