Skip to main content

Commitment to Data Protection

We understand that data protection is of the utmost importance. As your conscientious service provider, we do everything in our might to keep your data safe.

Nine is dedicated and committed to ensuring data protection, as well as to continually assessing any measures taken.

What data protection measures has nine taken?

Here is a summary of our data protection roadmap and the steps we have taken on our journey:

  • Thorough examination of the areas of our products influenced by GDPR, customer relations and business partners
  • Assessment of the effects of the revised Federal Act on Data Protection (effective 1 September 2023, nFADP) on our services
  • Appointment of a data protection officer
  • Revision of the Nine GTCs
  • Development of a strategy to meet the requirements of the areas of our products affected by data protection
  • Implementing the necessary changes to our internal processes and procedures to achieve and maintain GDPR compliance

Nine has also worked with external lawyers to understand the new legislation and counter its effects. We will continue this collaboration to be able to respond to any new developments that may arise in the future.

What do nine customers have to consider?

There are two things you have to do depending on your situation and jurisdiction. Below you will find the only changes we can foresee that could affect you through the use of Nine's infrastructure services:

1. Make sure your policies are up to date and understandable

Ensure that your terms of use or privacy policy correctly communicate to your users how you use the services provided by nine (and other similar services) on your website or application. This requirement has always been part of Nine's Terms of Use, but data protection legislation (including the nFADP) can severely punish you if you have not clearly done so. We recommend that you make sure your policies are up to date and understandable to your readers.

2. Sign a DPA

If you are in the European Union or process or manage data from customers in the EU, you will probably want to sign a data processing agreement with your customers.

To also enable our Swiss clients to comply with data protection requirements, a corresponding agreement (DPA) forms an integral part of our General Terms and Conditions.

3. Terms and conditions

You can see a copy of our terms and conditions here:

If you have any questions about the content, simply send an e-mail to

I am new to GDPR and would like to know more details about what it is

The EU's General Data Protection Act (GDPR) is considered the most important European data protection law introduced in the European Union (EU) in the last 20 years and will replace the 1995 Data Protection Directive.

GDPR regulates the processing of personal data about persons in the European Union including their collection, storage, transmission or use. It is important that the term "personal data" is very broadly defined in the GDPR and includes all information relating to an identified or identifiable person (also called "data subject").

It gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. GDPR also increases the commitment to compliance by increasing enforcement and imposing higher fines if the provisions of GDPR are violated.

The DSGVO strengthens the privacy of EU citizens and obliges organisations to handle data.

If you are a company outside the EU, you should be aware of this. The provisions of the GDPR apply to any organisation that processes personal data of individuals in the European Union, including the tracking of their online activities, whether or not the organisation has a physical presence in the EU.

In summary, here are some of the most important changes that will come into force with GDPR:

  • Extended rights for individuals: GDPR provides for extended rights for individuals in the European Union, including the right to be forgotten and the right to request a copy of personal data stored in their context.
  • Compliance obligations: The GDPR requires companies to implement appropriate policies and security protocols that assess privacy impacts, keep detailed records of data activity and make written agreements with vendors.
  • Notification and security of data breaches: The GDPR stipulates that companies must report certain data protection violations to the data protection authorities and under certain circumstances to the persons concerned. The GDPR also places additional security requirements on organisations.
  • New requirements for profiling and monitoring: The GDPR provides for additional obligations for organisations involved in profiling or monitoring user behaviour of EU citizens.
  • Greater enforcement: According to the GDPR, the authorities can impose fines of up to 20 million euros or 4% of a company's worldwide annual turnover, depending on the severity of the violation and the damage caused. In addition, the GDPR provides a central enforcement body for organizations operating in several EU Member States by requiring companies to cooperate with a leading supervisory authority for cross-border data protection issues.