Privacy Policy.

Effective Date: August 30, 2025 Last Updated: August 30, 2025

1. Data Controller

Salfati Group GmbH Zählerweg 12, 6300 Zug, Switzerland Email: legal@salfati.group

Data Protection Representative: Elon Salfati, CEO

2. Scope and Application

This Privacy Policy applies to all data processing activities conducted by Salfati Group GmbH through our website, services, and AI solutions. We process personal data in strict compliance with the Swiss Federal Act on Data Protection (nDSG/FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

3. Data We Collect

3.1 Information You Provide Directly

• Identity Data: Name, job title, company affiliation
• Contact Data: Business email address, company address
• Professional Data: Industry sector, company size, business requirements
• Communication Data: Inquiries, project specifications, feedback

3.2 Automatically Collected Information

• Technical Data: IP address (anonymized), browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
• Usage Data: Information about how you use our website and services, including pages visited and interaction patterns, access times and duration, traffic sources and navigation paths, and geographic location at the country and city level

3.3 Client Project Data

• Project Data: Data provided for AI development and implementation
• Output Data: AI-generated results and analyses

Client data processed through our AI systems remains the exclusive property of the client. We do not use client data to train our AI models or for any purpose other than providing the contracted services.

4. Legal Basis for Processing

We process personal data based on the following legal grounds under Swiss law: contractual necessity, consent (for analytics cookies and marketing communications), legitimate interests, and legal obligations.

5. How We Use Your Data

We use your data to deliver AI consulting and development services, manage client relationships and projects, process inquiries and proposals, provide technical support, analyze website usage, ensure security, protect our intellectual property rights, comply with legal obligations, and communicate updates with consent.

6. Data Sharing and Transfers

6.1 Categories of Recipients

We may share your data with service providers (analytics and infrastructure vendors operating in the EU and USA), professional advisors (legal counsel, auditors bound by professional secrecy under Swiss law), authorities when required by Swiss law, and parties involved in any merger, acquisition, or asset sale.

6.2 International Data Transfers

EU/EEA transfers rely on adequacy decisions. USA transfers rely on Standard Contractual Clauses for any analytics vendor based outside the EEA. Other countries are covered by appropriate safeguards per Article 16-17 nDSG.

7. Data Security

We implement technical and organizational measures pursuant to Article 8 nDSG, including TLS 1.3 encryption, access controls and multi-factor authentication, regular security assessments and penetration testing, incident response procedures, employee confidentiality agreements and training, secure development lifecycle for AI systems, and infrastructure hardening and monitoring.

8. Data Retention

• Contact Data: 5 years after last business interaction
• Project Data: Duration of project plus 10 years
• Analytics Data: 14 months
• Financial Records: 10 years per Swiss CO Art. 958f
• Legal Claims: Until expiration of applicable limitation periods

9. Your Rights

Under the Swiss Federal Act on Data Protection, you have the right to access, rectification, erasure, restriction, data portability, objection, consent withdrawal, and to not be subject to purely automated decisions. To exercise these rights, contact legal@salfati.group.

10. Client Data and AI Training

All data provided by clients for processing through our systems remains the exclusive property of the respective client. We explicitly do not use client data to train, improve, or develop our AI models. Our AI systems are trained exclusively on licensed datasets, public domain information, synthetic data, and our proprietary research data. Client data is processed in isolated environments with strict access controls and is permanently deleted according to contractual terms.

11. Cookies and Tracking Technologies

We use cookies as described in our Cookie Notice. You can manage your cookie preferences through your browser settings or our cookie consent tool.

12. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be notified via our website or email.

14. Contact and Complaints

For privacy-related inquiries: Salfati Group GmbH, Attn: Data Protection, Zählerweg 12, 6300 Zug, Switzerland. Email: legal@salfati.group.

You have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, CH-3003 Bern, Switzerland. Website: www.edoeb.admin.ch.