GenAI Zürich (hereafter referred to as “us”, “we”, or “our”) operates www.genaizurich.com (hereafter referred to as “website”). In this privacy policy, we describe what we do with your data when you use our website, purchase our services or products, are otherwise in a contractual relationship with us, communicate with us, or have dealings with us in any other way. Where applicable, we will inform you about additional processing activities not mentioned in this privacy policy through timely written notification. Personal data will be kept strictly confidential and will not be sold or passed on to third parties.
This privacy policy is tailored to the requirements of the new Swiss Act on Federal Data Protection (nFADP) and the General Data Protection Regulation by the EU. Whether and to what extent these laws apply depends on the individual case.
We process various types of data about you. The main types are as follows:
Technical Data: When you use our website or other electronic offerings (e.g., web applications), we collect the IP address of your device and other technical data to ensure the functionality and security of these offerings. This data also includes logs that record the use of our systems. We generally store technical data for 12 months. To ensure the functionality of these offerings, we may also assign an individual code to you or your device (e.g., in the form of a cookie, see section 9). The technical data itself generally does not allow conclusions to be drawn about your identity. However, as part of user accounts, registrations, access controls, or the processing of contracts, it may be linked with other categories of data (and thus possibly with your person).
Technical data includes, among other things, the IP address and information about the operating system of your device, the date, region, and time of use, as well as the type of browser with which you access our electronic offerings. This can help us deliver the correct formatting of the website. Based on the IP address, we know through which provider you access our offerings (and thus also the region), but we usually cannot deduce who you are from this. This changes if, for example, you create a user account, because then personal data can be linked with technical data (we see, for example, which browser you use to use an account on our website). Examples of technical data also include logs that occur in our systems (e.g., the log of user logins on our website).
Registration Data: Certain offerings and services (e.g., access to web applications) can only be used with a user account or registration, which can be made directly with us or through our external login service providers. In this case, you must provide us with certain data, and we collect data about the use of the offering or service. Registration data may be incurred during access controls to certain facilities; depending on the control system, biometric data as well. We generally store registration data for 12 months after the end of the use of the service or the dissolution of the user account.
Communication Data: When you contact us via any of the website forms, by email, phone, in writing, or through other means of communication, we collect the data exchanged between you and us, including your contact details and the peripheral data of the communication. We generally store this data for 12 months from the last exchange with you. This period may be longer if required for evidence reasons or to comply with legal or contractual requirements or if it is technically necessary. Emails in personal mailboxes and written correspondences are generally kept for at least 10 years.
Master Data: We refer to the basic data that we need in addition to the contract data (see below) for the processing of our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details, and information about your role and function, your bank details, your date of birth, customer history, powers of attorney, signature authorizations, and consent declarations. We process your master data if you are a customer or other business contact or act for one (e.g., as a contact person of the business partner), or because we want to address you for our own purposes or those of a contractual partner (e.g., as part of marketing, advertising, and for communication purposes). We receive master data from you (e.g., during a purchase or as part of a registration), from entities for which you work, or from third parties such as our contractual partners, associations, and address dealers, and from publicly accessible sources such as public registers or the internet (websites, social media). We generally store this data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer if required for evidence reasons or to comply with legal or contractual requirements or if it is technically necessary. For purely marketing and advertising contacts, the period is usually much shorter, often not more than 2 years since the last contact.
Contract Data: These are data that arise in connection with the conclusion of a contract or the processing of a contract, e.g., information about contracts and the services to be provided or provided, as well as data from the preliminary stages of a contract conclusion, the necessary or used information for processing, and information about reactions. We usually collect this data from you, from contractual partners, and from third parties involved in the contract's processing, but also from third-party sources (e.g., providers of creditworthiness data) and from publicly accessible sources. We generally store this data for 10 years from the last contract activity, but at least from the end of the contract. This period may be longer if required for evidence reasons or to comply with legal or contractual requirements or if it is technically necessary.
Behavioral and Preference Data: Depending on our relationship with you, we try to get to know you and better tailor our products, services, and offerings to you. To do this, we collect and use data about your behavior and preferences. We do this by evaluating information about your behavior in our area, and we may also supplement this information with information from third parties – also from publicly accessible sources. Based on this, we can, for example, calculate the likelihood that you will use certain services or behave in a certain way. The data processed for this purpose is partly already known to us (e.g., if you use our services) or we obtain this data by recording your behavior (e.g., how you navigate on our website). We anonymize or delete this data when it is no longer meaningful for the purposes pursued, which is usually no later than after 24 months (for product and service preferences). This period may be longer if required for evidence reasons or to comply with legal or contractual requirements or if it is technically necessary. How tracking on our website works is described in section 9.
Other Data: We also collect data about you in other situations. In connection with administrative or judicial proceedings, for example, data may arise (such as files, evidence, etc.) that may also relate to you. For reasons of health protection, we may also collect data (e.g., as part of protection concepts). We may receive or produce photos, videos, and audio recordings in which you can be identifiable (e.g., at events). We can also collect data about who participates in events or actions or who uses our infrastructure and systems and when. The retention period of this data is determined by the purpose and is limited to what is necessary. This ranges from usually a few weeks for data for contact tracing over visitor data, which is generally stored for 3 months, to reports about events with pictures that can be stored for several years or longer.
Many of the data mentioned in this section 1 are provided by you (e.g., in the course of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, subject to individual cases, e.g., within the framework of mandatory protection concepts (legal obligations). If you want to conclude contracts with us or claim services, you must also provide us with data within the scope of your contractual obligation according to the relevant contract, especially master, contract, and registration data. When using our website, the processing of technical data is unavoidable. If you want access to certain systems, you must provide us with registration data. However, you generally have the option to object to or not give consent for behavioral and preference data.
Where it is not prohibited, we also obtain data from publicly accessible sources (e.g., debt enforcement registers, land registers, commercial registers, media, or the internet including social media) or receive data from authorities and from other third parties (such as contractual partners, internet analysis services, etc.).
We process your data for the purposes we explain below. For more information for the online area, please see section 9. These purposes or the underlying objectives represent legitimate interests of ours and possibly of third parties. You will find further information on the legal bases of our processing in section 3.
We process your data for purposes related to communication with you, especially to respond to inquiries and to assert your rights (section 8) and to contact you in case of queries. For this purpose, we use particularly communication data and basic data and, in connection with offers and services you have used, also registration data. We store this data to document our communication with you, for training purposes, for quality assurance, and for inquiries.
We process data for the initiation, management, and handling of contractual relationships.
We process data for marketing purposes and for customer relations, e.g., to send our customers and other contractual partners personalized advertising for products and services from us and third parties. This can be in the form of newsletters and other regular contacts (electronically, by post, by telephone), via other channels (e.g., social media), for which we have contact information from you, but also as part of individual marketing actions. You can reject such contacts at any time (see at the end of this section 2) or refuse or revoke consent to be contacted for advertising purposes. With your consent, we can target our online advertising on the internet more precisely to you (see section 9).