Privacy policy
English translation for convenience. The French contractual documents (including the DPA annexed to the Terms) prevail.
This privacy notice describes how personal data is processed in connection with the Arca Maestro website and SaaS service, in line with the Swiss nFADP and, where applicable, the EU GDPR.
Roles
For account and billing data relating to the Client, ARCA acts as controller where it determines the purposes and means of processing.
For personal data that the Client enters into the application (students, families, contacts), the Client is the controller and ARCA Entreprise Sàrl acts as processor, as set out in the DPA annexed to the Terms.
Data processed
Identification and contact data (names, addresses, phone numbers), account and subscription data, and technical logs required to operate the service.
Banking data linked to EBICS configuration remains under the Client Administrator’s control. ARCA has no access to EBICS bank data, balances, transactions or credentials.
Purposes
Providing the software service (hosting, backup, display), managing subscriptions and payments via Stripe, customer support, and meeting legal obligations.
Sub-processors
Hosting providers (e.g. AWS, Hetzner) for application databases — Germany.
Stripe for secure payment and subscription processing — EEA / United States.
Retention
After subscription termination, Client data is kept inactive for one (1) year, then permanently deleted, unless the Client requests immediate deletion in writing or Swiss law requires longer retention.
During the contract, the Client may export contacts and directories free of charge in CSV format from the admin interface.
Rights
Depending on applicable law, data subjects may request access, rectification or erasure. For data entered by a Client, requests should primarily be addressed to that Client as controller. ARCA assists Clients where reasonably possible.