Book Free Audit

Privacy Policy

This privacy policy informs you about the personal data we process in connection with our activities and operations, including our gerberai.co website. In particular, we explain why, how, and where we process which personal data. We also inform you about the rights of individuals whose data we process.

Additional data protection declarations and other legal documents such as general terms and conditions (GTC), terms of use or terms of participation may apply to individual or additional activities and activities.

We are subject to Swiss data protection law and any applicable foreign data protection law, in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures an adequate level of data protection.

1. Contact addresses

Responsibility for the processing of personal data:

Gerber AI Automation Labs Matthias Vincent Gerber matthias@gerberai.co

In individual cases, there may be other controllers responsible for processing personal data or joint controllership with at least one other controller.

2. Terms and legal bases

2.1 Terms

  • Personal data is any information relating to an identified or identifiable natural person.

  • A data subject is a person whose personal data we process.

  • Processing encompasses any handling of personal data, regardless of the means and procedures used, such as querying, comparing, adapting, archiving, storing, retrieving, disclosing, obtaining, recording, collecting, deleting, disclosing, structuring, organizing, storing, altering, disseminating, linking, destroying and using personal data.

  • The European Economic Area (EEA) comprises the member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.

2.2 Legal basis

We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (Data Protection Act, DSG) and the Ordinance on Data Protection (Data Protection Ordinance, DSV).

We process personal data – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – in accordance with at least one of the following legal bases:

  • Article 6 paragraph 1 letter b GDPR: For the necessary processing of personal data for the performance of a contract with the data subject and for the implementation of pre-contractual measures.

  • Article 6 paragraph 1 letter f GDPR: Provides the legal basis for the processing of personal data necessary to protect our legitimate interests or those of third parties, unless the fundamental rights and freedoms and interests of the data subject override those interests. Legitimate interests include, in particular, our interest in being able to carry out and communicate about our activities and operations in a sustainable, user-friendly, secure and reliable manner, ensuring information security, protecting against misuse, enforcing our own legal claims and complying with Swiss law.

  • Article 6 paragraph 1 letter c GDPR: For the necessary processing of personal data to fulfill a legal obligation to which we are subject under the applicable law of Member States in the European Economic Area (EEA).

  • Article 6 paragraph 1 letter e GDPR: For the necessary processing of personal data for the performance of a task carried out in the public interest.

  • Article 6 paragraph 1 letter a GDPR: For the processing of personal data with the consent of the data subject.

  • Article 6 paragraph 1 letter d GDPR: For the necessary processing of personal data to protect the vital interests of the data subject or of another natural person.

3. Type, scope and purpose

We process personal data that is necessary to carry out our activities and operations in a sustainable, user-friendly, secure, and reliable manner. Such personal data may fall into the categories of inventory and contact data, browser and device data, content data, metadata and usage data, location data, sales data, and contract and payment data.

We process personal data for the duration necessary for the respective purpose(s) or as required by law. Personal data whose processing is no longer necessary is anonymized or deleted.

We may have personal data processed by third parties. We may process personal data jointly with third parties or transfer it to third parties. These third parties are, in particular, specialized providers whose services we utilize. We guarantee data protection even with such third parties.

We generally process personal data only with the consent of the data subjects. If and to the extent that processing is permitted for other legal reasons, we may refrain from obtaining consent. For example, we may process personal data without consent to fulfill a contract, to comply with legal obligations, or to protect overriding legitimate interests.

 

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, provided and to the extent that such processing is permitted for legal reasons.

 

4. Communication

We process personal data in order to communicate with third parties. In this context, we process in particular data that a data subject submits when contacting us, for example by postal mail or email. We may store such data in an address book or using similar tools.

Third parties who transmit data about other individuals are obligated to guarantee data protection for those individuals. This includes, among other things, ensuring the accuracy of the transmitted personal data.

5. Applications

We process personal data of applicants to the extent necessary for assessing their suitability for employment or for the subsequent execution of an employment contract. The required personal data is derived in particular from the information requested, for example, in a job advertisement. We may publish job advertisements with the help of suitable third parties, for example, in electronic and print media or on job portals and job platforms.

We also process personal data that applicants voluntarily provide or publish, in particular as part of cover letters, CVs and other application documents, as well as online profiles.

We process – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data about applicants, in particular in accordance with Article 9 paragraph 2 letter b GDPR.

6. Data security

We take appropriate technical and organizational measures to ensure a level of data security commensurate with the respective risk. In particular, our measures guarantee the confidentiality, availability, traceability, and integrity of the personal data processed, although we cannot guarantee absolute data security.

Access to our website and other online presence is secured using transport encryption (SSL/TLS, specifically Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a small padlock icon in the address bar.

Our digital communication – like all digital communication in principle – is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence on the processing of personal data by intelligence services, police forces, and other security authorities. We also cannot rule out the possibility that individual persons may be targeted for surveillance.

7. Personal data abroad

We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular to process it there or have it processed there.

We may export personal data to all states and territories on Earth and elsewhere in the universe, provided that the law there guarantees an adequate level of data protection in accordance with the decision of the Swiss Federal Council and – insofar as the General Data Protection Regulation (GDPR) is applicable – an adequate level of data protection in accordance with the decision of the European Commission.

We may transfer personal data to countries whose laws do not guarantee an adequate level of data protection, provided that data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or with other suitable safeguards. In exceptional cases, we may export personal data to countries without adequate or suitable data protection if the specific data protection requirements are met, for example, the explicit consent of the data subjects or a direct connection to the conclusion or performance of a contract. Upon request, we will gladly provide data subjects with information about any safeguards or provide a copy of any such safeguards.

8. Rights of data subjects

8.1 Data protection rights

We grant data subjects all rights under applicable data protection law. In particular, data subjects have the following rights:

  • Information: Data subjects can request information about whether we process personal data concerning them, and if so, what personal data is involved. Data subjects also receive the information necessary to assert their data protection rights and to ensure transparency. This includes the processed personal data itself, but also information on the purpose of the processing, the storage period, any disclosure or export of data to other countries, and the origin of the personal data.

  • Correction and restriction: Data subjects can have inaccurate personal data corrected, incomplete data completed, and the processing of their data restricted.

  • Deletion and objection: Data subjects can have their personal data deleted (“right to be forgotten”) and object to the processing of their data with effect for the future.

  • Data disclosure and data transfer: Data subjects may request the disclosure of their personal data or the transfer of their data to another controller.

We may, within the legally permissible framework, postpone, restrict, or refuse the exercise of data subjects’ rights. We may inform data subjects of any prerequisites that may need to be met to exercise their data protection rights. For example, we may refuse to provide information, in whole or in part, citing trade secrets or the protection of other persons. We may also refuse to delete personal data, in whole or in part, citing statutory retention obligations.

In exceptional cases, we may charge fees for exercising your rights. We will inform affected individuals in advance about any such costs.

We are obligated to identify data subjects who request information or assert other rights, using appropriate measures. Data subjects are obligated to cooperate.

8.2 Legal protection

Data subjects have the right to enforce their data protection rights through legal action or to file a complaint with a competent data protection supervisory authority.

The data protection supervisory authority for complaints from data subjects against private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities for complaints from data subjects – insofar as the General Data Protection Regulation (GDPR) is applicable – are organized as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), the data protection supervisory authorities are structured federally, particularly in Germany.

9. Use of the website

9.1 Cookies

We may use cookies. Cookies – both our own (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data is not limited to traditional text-based cookies.

Cookies can be stored temporarily in the browser as “session cookies” or for a specific period as so-called persistent cookies. Session cookies are automatically deleted when the browser is closed. Persistent cookies have a specific storage duration. Cookies make it possible, in particular, to recognize a browser on the next visit to our website and thus, for example, to measure the reach of our website. Persistent cookies can also be used for online marketing purposes.

Cookies can be completely or partially disabled and deleted at any time in your browser settings. Without cookies, our website may not be fully functional. We actively request – at least where and to the extent necessary – your explicit consent to the use of cookies.

For cookies used for performance and reach measurement or for advertising, a general objection (“opt-out”) is possible for numerous services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

9.2 Logging

For each access to our website and our other online presence, we may log at least the following information, provided that this information is transmitted to our digital infrastructure during such access: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual subpage of our website accessed including the amount of data transferred, and the last website accessed in the same browser window (referrer).

We log such information, which may also constitute personal data, in log files. This information is necessary to ensure that our online presence remains consistently user-friendly and reliable. Furthermore, this information is necessary to guarantee data security – including through or with the assistance of third parties.

 

9.3 Counting pixels

We can integrate tracking pixels into our website. Tracking pixels are also known as web beacons. These pixels—including those from third parties whose services we use—are typically small, invisible images or scripts written in JavaScript that are automatically retrieved when our website is accessed. Tracking pixels can collect at least the same information as log files.

 

10. Social Media

We maintain a presence on social media and other online platforms to communicate with interested individuals and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).

 

The general terms and conditions (GTC), terms of use, privacy policies, and other provisions of the individual operators of such platforms also apply. These provisions provide information, in particular, about the rights of data subjects directly vis-à-vis the respective platform, including, for example, the right to information.

 

For our social media presence on Facebook, including the so-called Page Insights, we are jointly responsible with Meta Platforms Ireland Limited (Ireland) – insofar as and to the extent that the General Data Protection Regulation (GDPR) applies. Meta Platforms Ireland Limited is part of the Meta group of companies (which also have a presence in the USA). Page Insights provide information about how visitors interact with our Facebook page. We use Page Insights to ensure that our social media presence on Facebook is effective and user-friendly.

 

Further information about the type, scope, and purpose of data processing, information about the rights of data subjects, and the contact details of Facebook and Facebook’s data protection officer can be found in Facebook’s privacy policy. We have concluded the so-called “Data Controller Amendment” with Facebook, thereby agreeing in particular that Facebook is responsible for ensuring the rights of data subjects. For the so-called Page Insights, the relevant information can be found on the page “Information about Page Insights,” including “Information about Page Insights Data.”

 

11. Third-party services

We use services from specialized third parties to ensure that our activities and operations are sustainable, user-friendly, secure, and reliable. These services allow us, among other things, to embed functions and content into our website. For technically essential reasons, these services collect users’ IP addresses, at least temporarily, during such embedding.

 

For necessary security-related, statistical, and technical purposes, third parties whose services we use may process aggregated, anonymized, or pseudonymized data related to our activities and operations. This includes, for example, performance or usage data, in order to provide the respective service.

 

We use in particular:

  • Google services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General information on data protection: “Privacy and security principles”, Privacy Policy, “Google is committed to complying with applicable data protection laws”, “Google product privacy guide”, “How we use data from websites or apps where our services are used” (information from Google), “Types of cookies and similar technologies Google uses”, “Advertising you can control” (“Personalized advertising”).

11.1 Scheduling

We use services from specialized third parties to enable online appointment scheduling, for example, for meetings. In addition to this privacy policy, any directly visible terms and conditions of the services used, such as terms of use or privacy policies, also apply.

We use in particular:

  • Calendly: Appointment automation platform; Provider: Calendly LLC (USA); Data protection information: Privacy policy, «Security».

11.2 Digital audio and video content

We use services from specialized third parties to enable the direct playback of digital audio and video content such as music or podcasts.

11.3 Advertising

We use the option to display targeted advertising for our activities and operations on third-party platforms such as social media platforms and search engines.

With this type of advertising, we aim to reach individuals who are already interested in our activities or might become interested in them (remarketing and targeting). For this purpose, we may transfer relevant information – which may include personal data – to third parties who facilitate such advertising. We can also determine whether our advertising is successful, specifically whether it leads to visits to our website (conversion tracking).

 

Third parties with whom we advertise and with whom you are registered as a user may associate your use of our website with your profile there.

We use in particular:

  • Facebook advertising (Facebook Ads): Social media advertising; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Data protection information: Remarketing and targeting, in particular with the Facebook pixel, as well as Custom Audiences including Lookalike Audiences, Privacy Policy, “Ad Preferences” (user registration required).

  • Google Ads: Search engine advertising; Provider: Google; Google Ads-specific information: Advertising based, among other things, on search queries, using various domain names – in particular doubleclick.net, googleadservices.com and googlesyndication.com – for Google Ads, “Advertising” (Google), “Manage displayed ads directly from Ads”.

  • Instagram Ads: Social media advertising; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Data protection information: Remarketing and targeting, in particular with Facebook Pixel, as well as Custom Audiences including Lookalike Audiences, Privacy Policy (Instagram), Privacy Policy (Facebook), “Ad Preferences” (Instagram) (user login required), “Ad Preferences” (Facebook) (user login required).

  • LinkedIn Ads: Social media advertising; Providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); Data protection information: Remarketing and targeting, in particular with the LinkedIn Insight Tag, “Data protection”, Privacy policy, Cookie policy, Objection to personalized advertising.

12. Website extensions

We use extensions for our website to enable additional features. We may use selected services from suitable providers or run such extensions on our own server infrastructure.

We use in particular:

  • Turnstile: Spam protection (distinguishing between desired content from humans and unwanted content from bots and spam); Cloudflare Inc. (USA); Privacy information: “Turnstile, a user- and privacy-friendly alternative to CAPTCHA”, “Privacy”, Privacy Policy.

13. Success and reach measurement

We are trying to determine how our online services are used. This allows us, for example, to measure the success and reach of our activities and the impact of third-party links to our website. We can also test and compare how different parts or versions of our online services are used (A/B testing). Based on the results of these success and reach measurements, we can, in particular, fix errors, strengthen popular content, or make improvements to our online services.

 

For performance and reach measurement, the IP addresses of individual users are stored in most cases. In this case, IP addresses are generally shortened (“IP masking”) to adhere to the principle of data minimization through appropriate pseudonymization.

 

Cookies may be used and user profiles created for performance and reach measurement. Any user profiles created may include, for example, the individual pages visited or content viewed on our website, information about screen or browser window size, and the user’s location (at least approximate). As a general rule, any user profiles are created exclusively using pseudonyms and are not used to identify individual users. Individual third-party services with which users are registered may, at best, associate the use of our online services with the user’s account or profile on the respective service.

 

We use in particular:

  • Google Analytics: Performance and reach measurement; Provider: Google; Google Analytics-specific information: Measurement also across different browsers and devices (cross-device tracking) and with pseudonymized IP addresses, which are only exceptionally transferred in full to Google in the USA, «Privacy Policy», «Browser Add-on to deactivate Google Analytics».

  • Google Tag Manager: Integration and management of other services for measuring success and reach, as well as other services from Google and third parties; Provider: Google; Google Tag Manager-specific information: “Data collected with Google Tag Manager”; further information on data protection can be found with the individual integrated and managed services.

14. Final Provisions

 

We created this privacy policy using the privacy policy generator from Datenschutzpartner.

We may amend or supplement this privacy policy at any time. We will inform you of any such amendments or supplements in an appropriate manner, in particular by publishing the current version of the privacy policy on our website.