Beemind GmbH, Version 13 February 2026
This Privacy Policy applies to the website sanboard.ch, the Sanboard Apps ("Sanboard Mobile" in the Apple App Store and "Sanboard" in the Google Play Store), and the use of the online software "Sanboard" provided by Beemind GmbH. It explains what data we collect and how and for what purposes it is used.
This Privacy Policy complies with:
Beemind GmbH
c/o Marc Wittwer
Brauerstrasse 37
8004 Zürich
Switzerland
Email: privacy@beemind.ch
HiOrg Server GmbH
Dr.-Schier-Str. 9
66386 St. Ingbert
support@hiorg-server.de
You may contact our EU representative or contact us directly at: privacy@beemind.ch
TO BE DEFINED
You may contact our UK representative or contact us directly at: privacy@beemind.ch
The Sanboard online software is a service provided by Beemind GmbH. Sanboard enables its users to manage organisations and plan, conduct, and follow up on emergency medical service deployments. To provide this service, we store the personal data and other information you provide on our systems.
When storing data, we comply with the latest data protection regulations applicable in Switzerland, the EU, and the UK (Swiss FADP, EU GDPR, UK GDPR).
This Privacy Policy applies to all services and websites of Beemind GmbH. We take all necessary technical and organisational measures to ensure that your data is protected against loss, unauthorised access, and manipulation.
Beemind GmbH reserves the right to amend this Privacy Policy at any time to reflect the latest data protection requirements, insights, and technological or organisational changes. After any amendment, users will be informed by email. The most current version is always available on the website sanboard.ch. If you continue to use a service after the publication of a new Privacy Policy, this indicates your consent to the changes.
We handle the data entrusted to us confidentially and responsibly and comply with the statutory data protection provisions applicable in Switzerland, the EU, and the UK.
Personal data is only collected by us to the extent that you provide it to us with your knowledge.
We do not sell, rent, or give away your personal data. Disclosure to third parties occurs without your consent only when we are legally authorised or obligated to do so, for example, in the presence of a corresponding court order.
We use state-of-the-art security technologies to protect your data from misuse.
Data Controller:
Beemind GmbH
c/o Marc Wittwer
Brauerstrasse 37
8004 Zürich, Switzerland
As a small business, we are not required to appoint a Data Protection Officer under Swiss, EU, or UK law. However, for all data protection inquiries, you may contact us at: privacy@beemind.ch
Our headquarters are in Switzerland, and our services are operated from there. Accordingly, unless otherwise stated in this Privacy Policy, the collection, processing, and use of your personal data occurs in Switzerland.
Regarding data transfers to Switzerland, the European Commission has issued an adequacy decision on data protection (GDPR Art. 45), which permits the transfer of personal data from an EU Member State to Switzerland. Similarly, Switzerland is recognised as having adequate data protection standards under UK GDPR.
We process your personal data based on the need to provide our services to you, comply with legal obligations, pursue legitimate business interests, or where you have given your consent. This applies to our operations under EU and UK data protection laws as well as Swiss law.
To create a new organisation in Sanboard, the following data is required from an authorised representative of the organisation:
Location data: Information about the user's exact location is collected if the user activates GPS location tracking in the "Sanboard" app. The app sends the user's exact location to our servers when the app is in the foreground and in the background. GPS tracking is optional and can be deactivated at any time. The exact location information of the various users in an organisation is displayed on the deployment map during an operation.
All other information is voluntary. Upon registration, the authorised representative of the organisation accepts this Privacy Policy and is registered as the contact person for the organisation.
When the authorised representative grants another member access to the organisation, the new member must also accept this Privacy Policy upon first login.
The processing of personal data serves exclusively the provision of services by Beemind GmbH, which are based on a contract, comply with legal obligations, or serve the fulfillment of legitimate interests and pre-contractual measures. If you do not provide the data required for this purpose, we can only provide this offering to a limited extent or not at all.
If Beemind GmbH is legally obliged or required by court order to do so, we will transmit your data to authorised authorities.
When an organisation transmits personal data of its members to our servers, we process this data on behalf of the organisation in accordance with Art. 28 EU GDPR, Art. 28 UK GDPR, and Art. 9 Swiss FADP. The relevant organisation is specifically responsible for ensuring that such transmission of third-party personal data complies with data protection law.
To legally secure data processing by our company, you will be prompted to conclude a Data Processing Agreement (DPA) with us when creating a new organisation. This is done simply and quickly electronically.
Controller-Processor Relationship:
All access to Sanboard services via the website or mobile app is automatically logged. Information such as browser type and version, operating system, names and associated duration of visited pages, date and time of access, search engines used, names of downloaded files, and your IP address are stored.
Statistical evaluation of the data records is carried out exclusively in anonymised form. Further evaluations serve the technical optimisation of Sanboard software. This data is not combined with other data sources. However, Beemind GmbH reserves the right to review log data retrospectively if there is reasonable suspicion of unlawful use.
If you contact us via one of our contact forms or a support request by email, we store your name, email address, telephone number, and the reason for your inquiry in our system. This data is required to assist you with your request.
Retention period: We retain support correspondence for as long as necessary to resolve your inquiry and for a reasonable period thereafter for quality assurance purposes, typically up to 3 years.
If you are registered as a contact person for an organisation in Sanboard, we reserve the right to contact you to inform you of all changes necessary for the contractual relationship (e.g., changes to terms of service, server maintenance, subscription information). During the Sanboard trial phase, we will send you information by email about your trial access.
For sending such notifications, we use an email service provider (see Section 2.7).
For sending all emails, we use the email service of Amazon Web Services with servers located in Frankfurt, Germany (within the EU).
Your data is stored on servers as per the list of current service providers (see Section 2.9). Data that you send to Beemind GmbH for processing is encrypted during transmission to servers in external data centers. For encryption, Sanboard uses the standard SSL protocol (Secure Socket Layer). All access and access attempts are logged.
When Beemind GmbH forwards personal data to service providers as part of data processing, these service providers are bound by the applicable legal provisions. We have concluded data processing agreements with external data centers to ensure that your personal data is processed in accordance with EU GDPR, UK GDPR, and Swiss FADP as well as all other regulations.
We also use your personal data to fulfill our obligations under any contracts concluded between you and us.
To provide the functionality of Sanboard and fulfill our contractual obligations, Beemind GmbH works with selected subprocessors. You can find the most current and complete list of our subcontractors at any time at sanboard.ch/subcontractors.
International data transfers: Some of our subprocessors operate outside Switzerland, the EU, and the UK. Where applicable, we rely on legally recognised transfer mechanisms such as EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA), or FDPIC-approved mechanisms. For other transfers, we implement appropriate technical and organisational measures to ensure an adequate level of data protection. You have the right to request information about the safeguards applied to any particular data transfer by contacting privacy@beemind.ch.
Subprocessors are used in the following areas:
As a person affected by data processing, you have numerous rights under EU GDPR, UK GDPR, and Swiss FADP. Specifically, these include:
You have the right to obtain information about the data stored relating to you or your organisation. This includes:
You can request that we correct inaccurate data.
Where the statutory requirements are met, you can request deletion of your data, particularly when:
Where statutory requirements are met, you can request that we restrict the processing of your data, for example:
If you have provided us with data on the basis of a contract or consent, and where statutory requirements are met, you can request that:
You have the right to object at any time to data processing by us on grounds relating to your particular situation, insofar as the processing is based on legitimate interests. If you exercise your right to object, we will cease processing your data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.
Special right to object to direct marketing: If we process your data for direct marketing purposes, you have the right to object at any time. If you object, we will cease processing your data for such purposes.
If you have given us consent to process your data, you can withdraw this consent at any time without giving reasons, with effect for the future. The lawfulness of processing your data up to the point of withdrawal remains unaffected.
You can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data violates applicable law. You can contact the data protection authority responsible for your place of residence, workplace, or the place of the alleged infringement, or the data protection authority responsible for us.
Relevant supervisory authorities:
Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1, 3003 Bern, Switzerland
Website: www.edoeb.admin.ch
EU: The data protection authority in your EU Member State
Website: edpb.europa.eu
UK: Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, UK
Website: www.ico.org.uk
For questions about data protection and to exercise your data subject rights in connection with data collection and storage, you can reach us at the following email address: privacy@beemind.ch
Response time: We will respond to your request without undue delay and in any event within one month of receipt. In complex cases, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for it.
Important note regarding processor relationship:
Where data processing within the Sanboard software is carried out by an organisation, Beemind GmbH acts only as a data processor for the respective organisation. The organisation alone is responsible for recording personal data in Sanboard (see Section 2.3 "Data Processing on Behalf of Organisations"). If you, as a member of the organisation, wish to exercise your data subject rights regarding data held by the organisation, please contact the organisation or its authorised representatives directly.
In the event of termination of the contract, please note that Beemind GmbH may need to retain data that serves, for example, accounting purposes beyond the contract period, as there is a statutory retention obligation for such data.
Data export: You can download your data from various Sanboard modules yourself in CSV format. We can provide you with an export of your data in a different file format upon request. Please consider, especially in the case of your termination, that you may be processing data that must be retained in a tamper-proof manner for regulatory or legal compliance purposes.
Retention periods after termination:
We are constantly striving to achieve the highest possible level of security for your data through the continuous development of our technical and organisational protective measures, in order to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties. Currently, the following protective measures exist in particular.
Sanboard data is primarily stored in Swiss data centers and predominantly processed on Swiss servers. We use the highly secure server and database infrastructure of Amazon Web Services (AWS) with locations in Zürich, Switzerland. In addition, backups are stored with hosttech GmbH, Seestrasse 15A, 8805 Richterswil, Switzerland. The data centers of both AWS and hosttech are certified according to ISO 27001.
Encryption:
Certain data is processed outside Switzerland to fulfill individual functional areas:
Upon registration of each user in your organisation, a personal username and password are created. Additionally, Beemind GmbH uses a combination of firewalls, encryption techniques, and authentication measures to make use as secure as possible for you and to prevent unauthorised access.
All data transfers are carried out with secure encryption technology (TLS/SSL) to prevent reading and manipulation by unauthorised persons.
Please note that the security of using Sanboard also depends on how well you choose and protect your password. Therefore, never share your password with anyone and choose a secure password, ideally consisting of upper and lower case letters as well as numbers and special characters. It should not contain any (perceptible) pattern and should not be a word in a common language (e.g., English, German, Italian, or French).
Data entered into the Sanboard software is transmitted to servers located in a data center in Switzerland with a subcontractor and stored there. These subcontractors act only on our instructions and have been contractually obligated in accordance with Art. 28 EU GDPR, Art. 28 UK GDPR, and Art. 9 Swiss FADP to comply with data protection provisions and all necessary technical and organisational measures to protect your data from unauthorised access, inspection, or manipulation.
To ensure the protection of our customers' data, all Sanboard employees are regularly informed about current data protection requirements and internal security policies. In addition, our employees are obligated to maintain confidentiality and comply with all relevant data protection regulations. This obligation continues beyond the end of the employment relationship.
We want to continuously improve our services, keep them up to date with the latest technology, and offer you a safe, smooth, efficient, and personal user experience. For this purpose, analysis, advertising, and integration functions are used on our website and in our services.
To make your visit to our website and the Sanboard software user-friendly and to enable certain functions, cookies (small text files) are used on various pages. These serve to control the internet connection during your stay and analyze the use of the website or our services. We inform you about the use of cookies when you first access our website and the Sanboard software.
Please note that cookies contain technical information and certain functions of the Sanboard website and services may not be available or may only be available to a limited extent if you have deactivated the use of cookies.
The Sanboard website and our services use web analysis tools from the analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google"), to optimise and make content attractive for visitors and users. The legal basis for the use of the following Google tools is Art. 6(1)(f) EU GDPR and UK GDPR. The information collected is usually transferred to a Google server in the USA and stored there. Any data transfers to the USA are subject to EU Standard Contractual Clauses concluded with Google's parent company Google LLC in order to comply with European data protection law.
Since Google provides services on our behalf, such as analyses of website activities, we have concluded a data processing agreement with Google. By using the Sanboard website, you agree that Google processes personal data using the following web analysis tools. However, these are used exclusively for the optimal design and accessibility of Sanboard content and not for the personal identification of visitors or users. Data is automatically deleted after a retention period of 14 months in accordance with our agreement with Google. You can deactivate the use of cookies for analysis purposes at the following link: https://www.google.com/settings/ads/.
The Sanboard website and our services use the web analysis service Google Analytics. This service stores small text files, so-called cookies (see Section 5.2 Cookies).
You have the option to prevent the use of Google Analytics by rejecting the storage of cookies.
The activation of Google Analytics and other marketing tags is systematically controlled via Google Tag Manager so that the website and Sanboard software do not lose performance when using multiple tags (code units, tracking tools, etc.). The Tag Manager triggers events related to marketing analysis or optimises them without using cookies itself or processing personal data.
This website uses the online advertising program "Google Ads" and, as part of Google Ads, conversion tracking from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use Google Ads to draw attention to our attractive offers on external websites using advertising materials (so-called Google Adwords). We can determine how successful individual advertising measures are in relation to the data from advertising campaigns. We pursue the aim of showing you advertising that is of interest to you, making our website more interesting for you, and achieving fair calculation of advertising costs.
The Sanboard website and our services use so-called web fonts provided by Google for uniform representation of fonts. When you access a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. For this purpose, the browser you use must connect to Google's servers. This gives Google knowledge that our website was accessed via your IP address. The use of Google Web Fonts is in the interest of uniform and appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6(1)(f) EU GDPR and UK GDPR. If your browser does not support web fonts, a standard font from your computer will be used.
The Sanboard website uses plugins from the YouTube site operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (hereinafter "YouTube"). When you access YouTube plugins, a connection to YouTube servers is established. Access informs the server which web pages you have visited. If you are logged into your YouTube account, you enable YouTube to directly assign your surfing behavior to your personal profile.
You can prevent this by logging out of your YouTube account.
Copyright © 2026 Beemind GmbH
