Privacy Policy

Effective Date: August 30, 2025
Last Updated: August 30, 2025

1. Data Controller

Salfati Group GmbH
Zählerweg 12
6300 Zug
Switzerland
Email: legal@salfati.group

Data Protection Representative: Elon Salfati, CEO

2. Scope and Application

This Privacy Policy applies to all data processing activities conducted by Salfati Group GmbH through our website, services, and AI solutions. We process personal data in strict compliance with the Swiss Federal Act on Data Protection (nDSG/FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

3. Data We Collect

3.1 Information You Provide Directly

Identity Data: Name, job title, company affiliation
Contact Data: Business email address, company address
Professional Data: Industry sector, company size, business requirements
Communication Data: Inquiries, project specifications, feedback

3.2 Automatically Collected Information

Technical Data: IP address (anonymized), browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
Usage Data: Information about how you use our website and services via Google Analytics, including:
- Pages visited and interaction patterns
- Access times and duration
- Traffic sources and navigation paths
- Geographic location (country/city level only)

3.3 Client Project Data

Project Data: Data provided for AI development and implementation
Output Data: AI-generated results and analyses

Important: Client data processed through our AI systems remains the exclusive property of the client. We do not use client data to train our AI models or for any purpose other than providing the contracted services.

4. Legal Basis for Processing

We process personal data based on the following legal grounds under Swiss law:

Contractual Necessity: To perform our AI consulting and development services
Consent: For analytics cookies and marketing communications
Legitimate Interests: To improve our services, ensure security, and protect our intellectual property rights
Legal Obligations: To comply with Swiss federal law and regulatory requirements

5. How We Use Your Data

5.1 Service Delivery

Provide AI consulting and development services
Manage client relationships and projects
Process service inquiries and proposals
Deliver technical support and maintenance

5.2 Business Operations

Analyze website usage to improve user experience
Ensure network and information security
Protect our intellectual property rights
Comply with legal and regulatory obligations

5.3 Communications

Respond to inquiries and requests
Send service-related notifications
Provide technical updates and security alerts
Share relevant industry insights (with consent)

6. Data Sharing and Transfers

6.1 Categories of Recipients

We may share your data with:

Service Providers: Google Analytics (USA) for website analytics
Professional Advisors: Legal counsel, auditors (bound by professional secrecy under Swiss law)
Authorities: When required by Swiss law, court order, or regulatory requirements
Business Transfers: In connection with any merger, acquisition, or asset sale

6.2 International Data Transfers

When transferring data outside Switzerland:

EU/EEA: Transfers are made based on adequacy decisions
USA: We rely on Standard Contractual Clauses for Google Analytics
Other Countries: Appropriate safeguards per Article 16-17 nDSG are implemented

7. Data Security

We implement appropriate technical and organizational measures (TOMs) pursuant to Article 8 nDSG, including:

End-to-end encryption for data transmission (TLS 1.3)
Access controls and multi-factor authentication
Regular security assessments and penetration testing
Incident response and data breach procedures
Employee confidentiality agreements and training
Secure development lifecycle for AI systems
Infrastructure hardening and monitoring

8. Data Retention

We retain personal data only as long as necessary:

Contact Data: 5 years after last business interaction
Project Data: Duration of project plus 10 years for legal compliance
Analytics Data: 14 months
Financial Records: 10 years per Swiss CO Art. 958f
Legal Claims: Until expiration of applicable limitation periods

9. Your Rights

Under the Swiss Federal Act on Data Protection, you have the right to:

Access: Request information about your personal data we process
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your data ("right to be forgotten")
Restriction: Limit processing of your data
Data Portability: Receive your data in a structured format
Objection: Object to processing based on legitimate interests
Consent Withdrawal: Withdraw consent at any time without affecting prior processing
Automated Decision-Making: Not be subject to purely automated decisions

To exercise these rights, contact: legal@salfati.group

10. Client Data and AI Training

10.1 Client Data Ownership

All data provided by clients for processing through our systems remains the exclusive property of the respective client.

10.2 AI Model Training

We explicitly do not use client data to train, improve, or develop our AI models. Our AI systems are trained exclusively on:

Licensed datasets
Public domain information
Synthetic data
Our proprietary research data

10.3 Data Isolation

Client data is processed in isolated environments with strict access controls and is permanently deleted according to contractual terms.

11. Cookies and Tracking Technologies

We use cookies as described in our Cookie Notice. You can manage your cookie preferences through your browser settings or our cookie consent tool.

12. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be notified via our website or email.

14. Contact and Complaints

For privacy-related inquiries or concerns:
Salfati Group GmbH
Attn: Data Protection
Zählerweg 12
6300 Zug, Switzerland
Email: legal@salfati.group

Supervisory Authority

You have the right to lodge a complaint with:

Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
CH-3003 Bern
Switzerland
Website: www.edoeb.admin.ch

Effective Date: August 30, 2025
Last Updated: August 30, 2025

1. Data Controller

Salfati Group GmbH
Zählerweg 12
6300 Zug
Switzerland
Email: legal@salfati.group

Data Protection Representative: Elon Salfati, CEO

2. Scope and Application

3. Data We Collect

3.1 Information You Provide Directly

Identity Data: Name, job title, company affiliation
Contact Data: Business email address, company address
Professional Data: Industry sector, company size, business requirements
Communication Data: Inquiries, project specifications, feedback

3.2 Automatically Collected Information

Technical Data: IP address (anonymized), browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
Usage Data: Information about how you use our website and services via Google Analytics, including:
- Pages visited and interaction patterns
- Access times and duration
- Traffic sources and navigation paths
- Geographic location (country/city level only)

3.3 Client Project Data

Project Data: Data provided for AI development and implementation
Output Data: AI-generated results and analyses

4. Legal Basis for Processing

We process personal data based on the following legal grounds under Swiss law:

Contractual Necessity: To perform our AI consulting and development services
Consent: For analytics cookies and marketing communications
Legitimate Interests: To improve our services, ensure security, and protect our intellectual property rights
Legal Obligations: To comply with Swiss federal law and regulatory requirements

5. How We Use Your Data

5.1 Service Delivery

Provide AI consulting and development services
Manage client relationships and projects
Process service inquiries and proposals
Deliver technical support and maintenance

5.2 Business Operations

Analyze website usage to improve user experience
Ensure network and information security
Protect our intellectual property rights
Comply with legal and regulatory obligations

5.3 Communications

Respond to inquiries and requests
Send service-related notifications
Provide technical updates and security alerts
Share relevant industry insights (with consent)

6. Data Sharing and Transfers

6.1 Categories of Recipients

We may share your data with:

Service Providers: Google Analytics (USA) for website analytics
Professional Advisors: Legal counsel, auditors (bound by professional secrecy under Swiss law)
Authorities: When required by Swiss law, court order, or regulatory requirements
Business Transfers: In connection with any merger, acquisition, or asset sale

6.2 International Data Transfers

When transferring data outside Switzerland:

EU/EEA: Transfers are made based on adequacy decisions
USA: We rely on Standard Contractual Clauses for Google Analytics
Other Countries: Appropriate safeguards per Article 16-17 nDSG are implemented

7. Data Security

We implement appropriate technical and organizational measures (TOMs) pursuant to Article 8 nDSG, including:

End-to-end encryption for data transmission (TLS 1.3)
Access controls and multi-factor authentication
Regular security assessments and penetration testing
Incident response and data breach procedures
Employee confidentiality agreements and training
Secure development lifecycle for AI systems
Infrastructure hardening and monitoring

8. Data Retention

We retain personal data only as long as necessary:

Contact Data: 5 years after last business interaction
Project Data: Duration of project plus 10 years for legal compliance
Analytics Data: 14 months
Financial Records: 10 years per Swiss CO Art. 958f
Legal Claims: Until expiration of applicable limitation periods

9. Your Rights

Under the Swiss Federal Act on Data Protection, you have the right to:

Access: Request information about your personal data we process
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your data ("right to be forgotten")
Restriction: Limit processing of your data
Data Portability: Receive your data in a structured format
Objection: Object to processing based on legitimate interests
Consent Withdrawal: Withdraw consent at any time without affecting prior processing
Automated Decision-Making: Not be subject to purely automated decisions

To exercise these rights, contact: legal@salfati.group

10. Client Data and AI Training

10.1 Client Data Ownership

All data provided by clients for processing through our systems remains the exclusive property of the respective client.

10.2 AI Model Training

We explicitly do not use client data to train, improve, or develop our AI models. Our AI systems are trained exclusively on:

Licensed datasets
Public domain information
Synthetic data
Our proprietary research data

10.3 Data Isolation

Client data is processed in isolated environments with strict access controls and is permanently deleted according to contractual terms.

11. Cookies and Tracking Technologies

We use cookies as described in our Cookie Notice. You can manage your cookie preferences through your browser settings or our cookie consent tool.

12. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be notified via our website or email.

14. Contact and Complaints

For privacy-related inquiries or concerns:
Salfati Group GmbH
Attn: Data Protection
Zählerweg 12
6300 Zug, Switzerland
Email: legal@salfati.group

Supervisory Authority

You have the right to lodge a complaint with:

Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
CH-3003 Bern
Switzerland
Website: www.edoeb.admin.ch

Browse Content

More Resources

Recent posts

Stay Updated

1. Data Controller

2. Scope and Application

3. Data We Collect

3.1 Information You Provide Directly

3.2 Automatically Collected Information

3.3 Client Project Data

4. Legal Basis for Processing

5. How We Use Your Data

5.1 Service Delivery

5.2 Business Operations

5.3 Communications

6. Data Sharing and Transfers

6.1 Categories of Recipients

6.2 International Data Transfers

7. Data Security

8. Data Retention

9. Your Rights

10. Client Data and AI Training

10.1 Client Data Ownership

10.2 AI Model Training

10.3 Data Isolation

11. Cookies and Tracking Technologies

12. Children's Privacy

13. Changes to This Policy

14. Contact and Complaints

Supervisory Authority

Privacy Policy

1. Data Controller

2. Scope and Application

3. Data We Collect

3.1 Information You Provide Directly

3.2 Automatically Collected Information

3.3 Client Project Data

4. Legal Basis for Processing

5. How We Use Your Data

5.1 Service Delivery

5.2 Business Operations

5.3 Communications

6. Data Sharing and Transfers

6.1 Categories of Recipients

6.2 International Data Transfers

7. Data Security

8. Data Retention

9. Your Rights

10. Client Data and AI Training

10.1 Client Data Ownership

10.2 AI Model Training

10.3 Data Isolation

11. Cookies and Tracking Technologies

12. Children's Privacy

13. Changes to This Policy

14. Contact and Complaints

Supervisory Authority