The Controller responsible for the processing of your personal data is:

DEFY IT GmbH
Gotthardstrasse 14, 6300 Zug, Switzerland
Email: privacy(at)d-fy.it

We currently collect the following types of personal data:

• Identifiers: Email address – when you voluntarily subscribe to our newsletter or product updates.
• Electronic Activity Data (for U.S. residents): Limited interaction data such as page views or ad clicks via platforms like Facebook or Google. This data is not stored by us directly or linked to individual users.

We do not collect sensitive personal data.

We do not use profiling or automated decision-making.

We process your personal data to:

• Send you product updates, campaign news, and brand information (with your consent).
• Understand and improve the performance of our advertising (especially in the U.S. via platforms like Google or Meta).
• Ensure website functionality and security.

Legal bases for processing:

• Consent (EU/CH: Art. 6(1)(a) GDPR / Art. 31(1) FADP; U.S.: express opt-in when subscribing).
• Legitimate interest (for measuring ad effectiveness and securing our platform).

You may withdraw consent at any time via the unsubscribe link or by contacting us at privacy@d-fy.it.

Currently, we use only strictly necessary cookies. We do not use analytics, remarketing, or behavioral advertising cookies directly.

However, third-party advertising platforms (such as Meta or Google) may track interactions when you see or click on our ads, particularly for users in the U.S.. This may legally qualify as “sharing” under the California Privacy Rights Act (CPRA), though we do not receive or store personal identifiers from these platforms.

We do not use cookies to “sell” or “share” your data in any commercial sense.

Your personal data is stored securely in Switzerland or the European Economic Area (EEA).

We retain your email address until:

• You unsubscribe from our communications;
• You request deletion;
• Or it is no longer necessary for the original purpose.

For U.S. residents, retention and deletion rights apply per state laws (e.g., California’s 12-month standard).

For U.S. Residents (e.g., California, Colorado, Virginia)

You may have the right to:

• Access the personal data we hold about you
• Request deletion of your data
• Correct inaccurate data
• Opt-out of the “sharing” of your data (not currently applicable)
• Exercise your rights without discrimination

For EU/Swiss Residents

You have the right to:

• Access your personal data
• Correct or rectify inaccuracies
• Request deletion (“right to be forgotten”)
• Withdraw consent at any time
• File a complaint with a supervisory authority (e.g., FDPIC in Switzerland or your local DPA in the EU)

To exercise any of the above rights, contact us at privacy@d-fy.it.

We currently do not transfer personal data outside of Switzerland or the EEA.

If future transfers are required, we will ensure appropriate safeguards (e.g., adequacy decisions or Standard Contractual Clauses) are in place.

We do not sell your personal data.

We do not share your data with third parties except in the following limited cases:

• Email delivery providers acting under our instructions and bound by data protection agreements
• Advertising platforms (e.g., Meta, Google) that may receive anonymized or interaction-level data as part of ad delivery, particularly in the U.S.

We do not receive personal data back from these platforms, and they do not identify individuals on our behalf.

We implement appropriate technical and organizational measures to safeguard your personal data from loss, misuse, or unauthorized access.

We may update this Privacy Policy to reflect changes in our practices or applicable laws. The latest version will always be available on our website.

If the changes are significant, we will notify you via email (if subscribed) or prominently on our site.

If you have questions or wish to exercise your rights, please contact us at:

DEFY IT GmbH
Gotthardstrasse 14, 6300 Zug, Switzerland
Email: privacy(at)d-fy.it