Privacy Policy
OnChained GmbH (hereafter referred to as “us”, “we”, or “our”) operates www.genaiacademy.io (hereafter referred to as “website”). In this privacy policy, we describe what we do with your data when you use our website, purchase our services or products, are otherwise in a contractual relationship with us, communicate with us, or have dealings with us in any other way. Where applicable, we will inform you about additional processing activities not mentioned in this privacy policy through timely written notification. Personal data will be kept strictly confidential and will not be sold or passed on to third parties.
This privacy policy is tailored to the requirements of the new Swiss Act on Federal Data Protection (nFADP) and the General Data Protection Regulation by the EU. Whether and to what extent these laws apply depends on the individual case.
1. Types of data we obtain, store, process
We process various types of data about you. The main types are as follows:
Technical Data: When you use our website or other electronic offerings (e.g., web applications), we collect the IP address of your device and other technical data to ensure the functionality and security of these offerings. This data also includes logs that record the use of our systems. We generally store technical data for 12 months. To ensure the functionality of these offerings, we may also assign an individual code to you or your device (e.g., in the form of a cookie, see section 9). The technical data itself generally does not allow conclusions to be drawn about your identity. However, as part of user accounts, registrations, access controls, or the processing of contracts, it may be linked with other categories of data (and thus possibly with your person).
Technical data includes, among other things, the IP address and information about the operating system of your device, the date, region, and time of use, as well as the type of browser with which you access our electronic offerings. This can help us deliver the correct formatting of the website. Based on the IP address, we know through which provider you access our offerings (and thus also the region), but we usually cannot deduce who you are from this. This changes if, for example, you create a user account, because then personal data can be linked with technical data (we see, for example, which browser you use to use an account on our website). Examples of technical data also include logs that occur in our systems (e.g., the log of user logins on our website).
Registration Data: Certain offerings and services (e.g., access to web applications) can only be used with a user account or registration, which can be made directly with us or through our external login service providers. In this case, you must provide us with certain data, and we collect data about the use of the offering or service. Registration data may be incurred during access controls to certain facilities; depending on the control system, biometric data as well. We generally store registration data for 12 months after the end of the use of the service or the dissolution of the user account.
Communication Data: When you contact us via any of the website forms, by email, phone, in writing, or through other means of communication, we collect the data exchanged between you and us, including your contact details and the peripheral data of the communication. We generally store this data for 12 months from the last exchange with you. This period may be longer if required for evidence reasons or to comply with legal or contractual requirements or if it is technically necessary. Emails in personal mailboxes and written correspondences are generally kept for at least 10 years.
Master Data: We refer to the basic data that we need in addition to the contract data (see below) for the processing of our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details, and information about your role and function, your bank details, your date of birth, customer history, powers of attorney, signature authorizations, and consent declarations. We process your master data if you are a customer or other business contact or act for one (e.g., as a contact person of the business partner), or because we want to address you for our own purposes or those of a contractual partner (e.g., as part of marketing, advertising, and for communication purposes). We receive master data from you (e.g., during a purchase or as part of a registration), from entities for which you work, or from third parties such as our contractual partners, associations, and address dealers, and from publicly accessible sources such as public registers or the internet (websites, social media). We generally store this data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer if required for evidence reasons or to comply with legal or contractual requirements or if it is technically necessary. For purely marketing and advertising contacts, the period is usually much shorter, often not more than 2 years since the last contact.
Contract Data: These are data that arise in connection with the conclusion of a contract or the processing of a contract, e.g., information about contracts and the services to be provided or provided, as well as data from the preliminary stages of a contract conclusion, the necessary or used information for processing, and information about reactions. We usually collect this data from you, from contractual partners, and from third parties involved in the contract's processing, but also from third-party sources (e.g., providers of creditworthiness data) and from publicly accessible sources. We generally store this data for 10 years from the last contract activity, but at least from the end of the contract. This period may be longer if required for evidence reasons or to comply with legal or contractual requirements or if it is technically necessary.
Behavioral and Preference Data: Depending on our relationship with you, we try to get to know you and better tailor our products, services, and offerings to you. To do this, we collect and use data about your behavior and preferences. We do this by evaluating information about your behavior in our area, and we may also supplement this information with information from third parties – also from publicly accessible sources. Based on this, we can, for example, calculate the likelihood that you will use certain services or behave in a certain way. The data processed for this purpose is partly already known to us (e.g., if you use our services) or we obtain this data by recording your behavior (e.g., how you navigate on our website). We anonymize or delete this data when it is no longer meaningful for the purposes pursued, which is usually no later than after 24 months (for product and service preferences). This period may be longer if required for evidence reasons or to comply with legal or contractual requirements or if it is technically necessary. How tracking on our website works is described in section 9.
Other Data: We also collect data about you in other situations. In connection with administrative or judicial proceedings, for example, data may arise (such as files, evidence, etc.) that may also relate to you. For reasons of health protection, we may also collect data (e.g., as part of protection concepts). We may receive or produce photos, videos, and audio recordings in which you can be identifiable (e.g., at events). We can also collect data about who participates in events or actions or who uses our infrastructure and systems and when. The retention period of this data is determined by the purpose and is limited to what is necessary. This ranges from usually a few weeks for data for contact tracing over visitor data, which is generally stored for 3 months, to reports about events with pictures that can be stored for several years or longer.
Many of the data mentioned in this section 1 are provided by you (e.g., in the course of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, subject to individual cases, e.g., within the framework of mandatory protection concepts (legal obligations). If you want to conclude contracts with us or claim services, you must also provide us with data within the scope of your contractual obligation according to the relevant contract, especially master, contract, and registration data. When using our website, the processing of technical data is unavoidable. If you want access to certain systems, you must provide us with registration data. However, you generally have the option to object to or not give consent for behavioral and preference data.
Where it is not prohibited, we also obtain data from publicly accessible sources (e.g., debt enforcement registers, land registers, commercial registers, media, or the internet including social media) or receive data from authorities and from other third parties (such as contractual partners, internet analysis services, etc.).
2. Purpose of collecting and storing personal and non-personal data
We process your data for the purposes we explain below. For more information for the online area, please see section 9. These purposes or the underlying objectives represent legitimate interests of ours and possibly of third parties. You will find further information on the legal bases of our processing in section 3.
We process your data for purposes related to communication with you, especially to respond to inquiries and to assert your rights (section 8) and to contact you in case of queries. For this purpose, we use particularly communication data and basic data and, in connection with offers and services you have used, also registration data. We store this data to document our communication with you, for training purposes, for quality assurance, and for inquiries.
We process data for the initiation, management, and handling of contractual relationships.
We process data for marketing purposes and for customer relations, e.g., to send our customers and other contractual partners personalized advertising for products and services from us and third parties. This can be in the form of newsletters and other regular contacts (electronically, by post, by telephone), via other channels (e.g., social media), for which we have contact information from you, but also as part of individual marketing actions. You can reject such contacts at any time (see at the end of this section 2) or refuse or revoke consent to be contacted for advertising purposes. With your consent, we can target our online advertising on the internet more precisely to you (see section 9).
We further process your data for market research, to improve our services and our operations, and for product development.
We may also process your data for security purposes.
We process personal data to comply with laws, directives, and recommendations from authorities and internal regulations ("compliance").
We also process data for purposes of our risk management and as part of prudent corporate management, including business organization and company development.
We may process your data for further purposes, e.g., as part of our internal processes and administration. These additional purposes include, for example, training and education purposes, administrative purposes (such as the management of basic data, accounting, and data archiving, and the testing, management, and ongoing improvement of IT infrastructure), the protection of our rights (e.g., to assert claims in court, pre-litigation or out-of-court, and before authorities domestically and abroad, or to defend against claims, for example through evidence collection, legal investigations, and participation in judicial or administrative proceedings), and the evaluation and improvement of internal processes. We may use recordings of (video) conferences for training and quality assurance purposes. Also, the protection of further legitimate interests belongs to the additional purposes, which cannot be exhaustively listed.
3. Basis on which we store / process your data
To the extent that we ask for your consent for certain processing activities (e.g., for marketing mailings, for creating personalized advertising control and behavioral analysis on the website), we will inform you separately about the respective purposes of the processing. You can revoke your consent at any time by email with effect for the future; our contact details can be found at the end of this privacy policy. For revoking your consent for online tracking, see section 9. Where you have a user account, a revocation or contact with us may also be carried out via the relevant website or other service. As soon as we receive notification of the revocation of your consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so. The revocation of your consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
Where we do not ask for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation or execution of a contract with you (or the entity you represent) or that we or third parties have a legitimate interest in doing so, particularly to pursue the purposes and associated objectives described above in section 2 and to be able to implement corresponding measures. Our legitimate interests also include compliance with legal regulations, to the extent that these are not already recognized as a legal basis by the applicable data protection law itself (e.g., under the GDPR, the law in the EEA and in Switzerland).
4. To whom we may disclose your data
In connection with our contracts, the website, our services, and products, our legal obligations, or otherwise to protect our legitimate interests and the further purposes listed in section 2, we also transmit your personal data to third parties, especially to the following categories of recipients:
Service Providers: We cooperate with service providers domestically and abroad who process data about you on our behalf or in joint responsibility with us, or who receive data about you from us in their own responsibility (e.g., IT providers, advertising service providers, login service providers, banks, insurance companies, debt collection agencies, credit reporting agencies, or address verifiers). For the service providers involved with the website, see section 9.
Contractual Partners including Customers: This primarily refers to customers (e.g., recipients of services) and other contractual partners of ours, because this data transmission results from these contracts. If you are active for such a contractual partner, we may also transmit data about you to them in this context.
Authorities: We may transfer personal data to offices, courts, and other authorities domestically and abroad if we are legally obligated or authorized to do so or if it seems necessary to protect our interests.
All these categories of recipients may in turn involve third parties, so your data may also become accessible to them. We can restrict the processing by certain third parties (e.g., IT providers), but not that of other third parties (e.g., authorities, banks, etc.).
5. Transfer of personal data may extend beyond domestic borders
As explained in section 4, we may also disclose data to other entities. These may not be located only in Switzerland. Therefore, your data may also be processed outside of Switzerland.
6. Duration of data storage / processing
We process your data for as long as our processing purposes, legal retention periods, and our legitimate interests in processing for documentation and evidence purposes require, or as long as storage is technically necessary. Further information on the respective storage and processing duration can be found with the individual data types in section 1 or with the cookie categories in section 9. If there are no legal or contractual obligations to the contrary, we delete or anonymize your data after the storage or processing period has expired as part of our usual procedures.
7. Protection of your data
We implement appropriate security measures to preserve the confidentiality, integrity, and availability of your personal data, to protect it against unauthorized or unlawful processing, and to counteract the risks of loss, accidental modification, unintended disclosure, or unauthorized access.
8. Your rights
You can at any time request information on what personal data we store of you. For this purpose, please email us at [email protected]. Please include proof of identity.
You can at any time request that your data be corrected or deleted. Furthermore, you have the right to demand that we restrict the processing of your data, provided that the legal conditions for doing so are met.
You are also entitled to withdraw at any time your declared consent to the future use or processing of your personal data. As a result, we are no longer allowed to continue the data processing based on this consent for the future. For this purpose, please email us at [email protected].
We delete the stored data as soon as it is not used for the specified purposes anymore.
You also have the right to object to the processing of your personal data at any time, provided that a right of objection is provided for by law. In the case of an effective revocation, your personal data will also be automatically deleted by us. If you would like to exercise your right of revocation or objection, it is sufficient to send an email to [email protected].
In case of violations of the data protection regulations, you have the possibility to file a complaint with a supervisory authority.
9. Cookies and external applications integrated in our website
On our website, we employ various techniques that enable us and third parties we have engaged to recognize you during your website use and, possibly, to track you across multiple website visits. This section is to inform you about this.
The essence of these practices is that we can distinguish your website access (through your system) from the access of other users. This distinction allows us to ensure the functionality of the website and to perform evaluations and personalizations. We aim not to deduce your identity, even though it is possible to the extent that we or third parties involved can identify you by combining this information with registration data. However, even in the absence of registration data, the deployed techniques are designed so that you are recognized as an individual visitor with each page view, for instance, by our server (or the servers of third parties) assigning a specific identification number to you or your browser (known as a "cookie").
Cookies are unique codes (e.g., a serial number) transmitted from our server or the server of our service providers or advertising partners to your system when connecting to our website, which your system (browser, mobile) receives and stores until a programmed expiration date. With each subsequent access, your system transmits these codes back to our server or the server of the third party. This allows you to be recognized, even if your identity remains unknown.
Additionally, other technologies may be used to identify you with more or less certainty (i.e., to distinguish you from other users), such as "fingerprinting." Fingerprinting combines your IP address, the browser you use, screen resolution, language selection, and other details that your system communicates to any server, creating a more or less unique fingerprint. This method can eliminate the need for cookies.
Whenever you access a server (e.g., when using a website or an app, or because an image is embedded in an email, whether visible or invisible), your visits can thus be "tracked". If we integrate offerings from an advertising partner or an analytics tool provider on our website, they can track you in the same way, even if you cannot be identified in individual cases.
We utilize such techniques on our website and allow certain third parties to do the same. Depending on the purpose of these techniques, we seek your consent before their deployment. You can configure your browser to block certain cookies or alternative techniques, deceive them, or delete existing cookies. Your browser can also be extended with software that blocks tracking by certain third parties. More details can be found on your browser's help pages (usually under "Privacy") or on the websites of the third parties we list below.
Cookies are distinguished (techniques with functionalities similar to fingerprinting are included here) as follows:
Necessary Cookies: Some cookies are essential for the website to function or for certain features. For example, they ensure that you can navigate between pages without losing information entered in a form. They also ensure that you remain logged in. These cookies only exist temporarily ("Session Cookies"). Blocking them may cause the website to malfunction. Other cookies are necessary for the server to store decisions or inputs beyond a session if you claim this function (e.g., chosen language, given consent, the function for automatic login, etc.). These cookies have an expiration date of up to 24 months.
Performance Cookies: To optimize our website and related offers to better meet user needs, we use cookies to record and analyze the use of our website, possibly beyond the session. This is done through the use of third-party analytics services listed below. Performance cookies also have an expiration date of up to 24 months. Details can be found on the third-party websites.
Marketing Cookies: We and our advertising partners are interested in targeted advertising, i.e., showing ads primarily to those we wish to reach. Our advertising partners are listed below. For this purpose, we and our advertising partners – if you consent – also use cookies that can capture the contents accessed or contracts concluded. This allows us and our advertising partners to display advertising that we believe interests you, on our website, and on other websites that display ads from us or our advertising partners. Depending on the situation, these cookies have an expiration period of a few days up to 12 months. If you consent to the use of these cookies, you will be shown corresponding advertising. If you do not consent to these cookies, you will see no less advertising but simply different ads.
In addition to marketing cookies, we use other techniques to control online advertising on other websites, thereby reducing scatter loss. For example, we may transmit the email addresses of our users, customers, and other individuals to whom we want to show advertising, to operators of advertising platforms (e.g., social media). If these individuals are registered there with the same email address (which the advertising platforms determine by matching), the operators display the advertising we have placed targeted to these individuals. Operators do not receive personal email addresses of unknown individuals. However, for known email addresses, they learn that these individuals are connected with us and what content they have accessed.
We may also integrate additional third-party offers on our website, especially from social media providers. These offers are standardly deactivated. Once you activate them (e.g., by clicking a switch), the respective providers can determine that you are on our website. If you have an account with the social media provider, they can assign this information to you and thus track your use of online offers. These social media providers process this data under their responsibility.
Currently, we use offers from the following service providers and advertising partners (insofar as they use data from you or cookies set by you for advertising control):
Teachable: The operation of our website and the servers are hosted by Teachable. Please find Techable’s privacy policy here: https://teachable.com/privacy-policy
Google Analytics: Google tracks visitor behavior on our website (duration, frequency of pages accessed, geographic origin of access, etc.) and creates reports for us. Although we assume the information we share with Google does not constitute personal data for Google, it's possible that Google could derive personal identities from this data, create personal profiles, and link this data with the Google accounts of these persons.
Google Ads: Google Ads sets a cookie for conversion tracking when a user arrives at our website via a Google ad. These cookies expire after 30 days and are not for personal identification but for statistical purposes. The setting of cookies by Google Ads can be blocked in browser settings. We also use Google Ads' remarketing function to show interest-based advertising to former website visitors. This function can be deactivated at http://www.google.com/settings/ads.
Google Tag Manager: Google Tag Manager makes it possible to manage website tags across an area. Google Tag Manager implements tags only. This means that no cookies are used and no personal data is collected. Google Tag Manager launches other tags that may collect data, but Google Tag Manager has no access to such data. If it is disabled at the domain or cookie level, all tracking tags also remain disabled provided that they have been implemented using Google Tag Manager.
HubSpot: We may use the Customer Relationship Management system ‘HubSpot’ for the storage and efficient management of our customer and lead contacts. Please find HubSpot's privacy policy here: https://legal.hubspot.com/privacy-policy
LinkedIn: We may use LinkedIn for user-specific advertising based on data indicated on LinkedIn (interests, education, region) and behavior. LinkedIn occasionally transmits personal data to third-party advertisers or ad networks. Details can be viewed in LinkedIn's privacy policy.
Mailchimp: We may use Mailchimp to send newsletters. Interactions with newsletters can be traced back to the individual. For sending newsletters and other mailings via Mailchimp, profiles can be created based on user- and person-specific characteristics, and the dispatch can be personalized accordingly.
Hotjar: We may use Hotjar to better understand our users' needs and optimize the offer and experience on this website. Hotjar collects data on our users' behavior and their devices, including IP addresses (only captured and stored in anonymized form during website use), screen size, device type, browser information, location (country only), and preferred language for displaying our website. Hotjar may store this information in a pseudonymized user profile on our behalf.
Social network plugins: Our website links to GenAI Academy’s social media channels by providing buttons on certain pages. These buttons lead to the social media platforms LinkedIn and X (formerly Twitter). If you click on any of these buttons while being logged in to the corresponding social media platform, it allows that platform to associate the visit to our pages with your user account.
Third-party links: Occasionally, we may include or offer links to third-party products or services on the website. These third-party providers have separate and independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked services. Nonetheless, we seek to protect the integrity of our website and welcome any feedback about these services.
10. Latest version and amendment of this data privacy policy
This privacy policy is not part of a contract with you. We may amend this privacy policy at any time. The version published on this website is always the current version.
Last update: February 12, 2024
11. Contact details of the controller
We are pleased to help all concerned in connection with the handling of personal data and exercising their respective rights. For assistance, please contact [email protected].
12. Applicable law
This declaration concerning data protection is governed by the relevant provisions of Swiss law and shall be interpreted in accordance therewith. Any disputes arising in association with the use of this website shall be exclusively settled in the relevant courts of law in Switzerland.
This privacy policy applies to data processing by:
OnChained GmbH
c/o Impact Hub Zürich AG
Sihlquai 131
8005 Zürich
Switzerland