Privacy Policy
1. Controller
The controller responsible for the processing of personal data on this website is:
Alphahub GmbH
Frohbergstrasse 14
8833 Samstagern
Switzerland
Website: www.alphahub.ch
E-Mail: info@alphahub.ch
For data protection enquiries, please contact info@alphahub.ch.
2. Scope and Applicable Law
This Privacy Policy applies to the website www.alphahub.ch and to communication with us by e-mail or telephone.
The processing of personal data is governed primarily by the Swiss Federal Act on Data Protection (FADP). Where persons in the EU or EEA are affected, we additionally observe the requirements of the EU General Data Protection Regulation (GDPR).
3. Data We Process
Definitions
Personal data means any information relating to an identified or identifiable natural person. Processing means any operation performed on personal data, including in particular collecting, storing, using, modifying, disclosing, archiving or deleting such data.
3.1 Technical Data When Visiting Our Website
When you access our website, technical connection data is collected automatically, including in particular:
- IP address of the requesting device
- Date and time of access
- Pages and files accessed
- Referrer URL (previously visited page)
- Browser type and version
- Operating system and device type
- Volume of data transferred and HTTP status code
These data are necessary for the technical provision of the website and are not used to identify individual persons.
3.2 Language Setting
In order to display the website in your preferred language, a technically necessary cookie may be set to store your language selection. This cookie contains no personal information and serves exclusively to ensure the functionality of the website.
3.3 Contact by E-Mail or Telephone
When you contact us by e-mail or telephone, we process the information you provide in order to handle your enquiry. This includes in particular your name, company, e-mail address, telephone number, the content of your enquiry and the time of contact.
Please note that the transmission of information by e-mail may involve security risks. For confidential communications, we recommend using appropriate secure channels.
3.4 Customer, Prospect and Business Data
In the context of pre-contractual and contractual relationships and in the course of our ongoing business activities, we process personal data of customers, prospects, suppliers, partners and their contact persons, including in particular:
- Master and contact data (name, company, role, address, e-mail, telephone)
- Communication data (e-mails, call notes, correspondence)
- Contractual and business data (offers, contracts, invoices, project documents)
- Information in connection with events, where we organise such events
Where, in the course of providing our IT services, we process personal data on behalf of customers – for example when accessing customer systems or delivering managed services – we act as a processor and exclusively on the instructions of the respective customer. Responsibility for such data lies with the customer.
4. Purposes of Processing
We process personal data for the following purposes:
- Provision, operation and maintenance of the website
- Responding to enquiries and communicating with customers, prospects, suppliers and partners
- Preparing offers and concluding, performing and managing contracts
- Providing IT, cloud, security, support, monitoring, backup and managed service solutions
- Operating, monitoring, maintaining and securing customer environments
- Invoicing, accounting and auditing
- Compliance with legal, regulatory and contractual obligations
- Asserting and defending legal claims
- Informing existing customers about our own similar services
- Organising events, where we conduct such events
- Processing job applications
5. Legal Bases
We process personal data in accordance with the Swiss FADP, in particular in accordance with the principles of lawfulness, proportionality, purpose limitation and transparency (Art. 6 FADP).
Where the GDPR applies, we base processing on the following legal grounds:
- Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR)
- Compliance with a legal obligation (Art. 6(1)(c) GDPR)
- Legitimate interests pursued by us (Art. 6(1)(f) GDPR)
- Consent of the data subject, where obtained (Art. 6(1)(a) GDPR)
Our legitimate interests lie in particular in the secure operation of our website and IT systems, in the provision of our services, in customer communication and in the assertion and defence of legal claims.
6. Website Hosting
Our website is hosted on Microsoft Azure (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland).
As part of the hosting service, Microsoft, acting as a processor, processes technical connection data (including in particular IP address, time of access, resources accessed, and browser and device information) to the extent necessary for the provision, stability and security of the platform.
We do not carry out our own analysis of server log files. Technical data are deleted in accordance with Microsoft's retention periods; longer retention occurs only for the purpose of investigating a security incident or complying with legal obligations.
Data processing agreements including standard contractual clauses are in place with Microsoft. Microsoft is also certified under the Swiss–U.S. Data Privacy Framework. Processing may take place in Switzerland, the EU/EEA or the United States.
7. Cookies and Tracking
We use only technically necessary cookies on our website. These serve the proper operation of the website, in particular the storage of your language preference.
We deliberately refrain from using any analytics, tracking or marketing tools. No user profiles are created, no data are transmitted to advertising networks and no behavioural analysis is conducted. A cookie consent banner is therefore not required.
You may delete or block cookies in your browser at any time. If cookies are blocked entirely, certain functions of the website (e.g. language setting) may be restricted.
8. Direct Communication with Existing Customers
We may inform existing customers and business contacts about our own similar services, provided this is permitted by law and no objection has been raised. The legal basis is our legitimate interest in maintaining customer relationships (Art. 6(1)(f) GDPR / Art. 31(1) FADP).
You may object to the use of your data for this purpose at any time, without any disadvantage to you. Following an objection, we will no longer process your data for direct communication purposes.
9. LinkedIn
We operate a company profile on LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland). No LinkedIn plugins, pixels or other tracking technologies from LinkedIn are embedded on our website.
When you interact with our LinkedIn profile, the privacy policy of LinkedIn applies (www.linkedin.com/legal/privacy-policy). Data subject rights in connection with data processed on LinkedIn may be exercised directly with LinkedIn.
10. Disclosure of Personal Data to Third Parties
We disclose personal data only where this is necessary for the purposes described, contractually agreed, required by law or otherwise legally permitted. Recipients may include in particular:
- Hosting and IT infrastructure providers (in particular Microsoft Azure as website host)
- Accounting, fiduciary and audit service providers
- Lawyers, courts and authorities, where required by law
- Customers, suppliers and subcontractors, where necessary for the provision of services
- Acquirers or interested parties in connection with a possible corporate transaction
Processors are contractually obligated to process personal data solely in accordance with our instructions and within the scope of the agreed purpose, and to implement appropriate security measures.
11. International Data Transfers
We process personal data principally in Switzerland and the European Economic Area. In connection with website hosting on Microsoft Azure, processing may also take place in the United States (see section 6).
Transfers to countries without an adequate level of data protection take place only on the basis of appropriate safeguards, in particular standard contractual clauses or recognised certifications such as the Swiss–U.S. Data Privacy Framework.
12. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or destruction. These include in particular access controls, encryption of data in transit and at rest, network and system security measures, and confidentiality obligations for employees.
Despite appropriate safeguards, absolute security cannot be guaranteed. The transmission of data over the internet is inherently subject to residual risks.
13. Data Breaches and Security Incidents
Where a personal data breach is likely to result in a high risk to affected persons, we will notify the Federal Data Protection and Information Commissioner (FDPIC) and – where required – the affected persons (Art. 24 FADP).
If you become aware of a security incident involving Alphahub, we ask that you notify us at info@alphahub.ch with a brief description of the incident.
14. Retention Periods
We retain personal data only for as long as necessary for the respective purposes, or as long as legal, contractual or legitimate interests require longer retention:
- Technical website data: deletion in accordance with Microsoft Azure's retention periods
- Contact and communication data: for as long as necessary for processing and traceability
- Contractual, invoicing and accounting data: in accordance with statutory retention obligations, generally up to ten years
- Application data: deletion after conclusion of the recruitment process, unless longer retention is permitted
Upon expiry of the applicable retention period, personal data are deleted or anonymised.
15. Rights of Data Subjects
Under applicable data protection law, you have in particular the following rights:
- Right of access to personal data processed about you (Art. 25 FADP)
- Right to rectification of inaccurate or incomplete data (Art. 32 FADP)
- Right to erasure of your data (Art. 32 FADP)
- Right to restriction of processing
- Right to object to certain processing, in particular for direct communication purposes (Art. 30 FADP)
- Right to data portability in a commonly used electronic format (Art. 28 FADP)
- Right to withdraw consent with effect for the future, where processing is based on consent
To process your request, we may require proof of identity. Please send your request to: info@alphahub.ch
You also have the right to lodge a complaint with the competent data protection supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, www.edoeb.admin.ch.
16. Job Applications
Where you apply for a position with us, we process the application documents submitted solely for the purpose of evaluating your application and communicating with you during the recruitment process. Application data are deleted after conclusion of the process, unless statutory retention obligations apply or you have consented to longer retention.
17. Automated Individual Decision-Making
We do not carry out automated individual decision-making that produces legal effects for data subjects or similarly significantly affects them.
18. External Links
Our website may contain links to external websites. Responsibility for the content and data protection practices of linked external websites lies solely with their respective operators. We have no influence over their data processing activities.
19. Changes to This Privacy Policy
We may update this Privacy Policy at any time, in particular where our data processing activities, the technologies we use or the applicable legal requirements change. The current version published on our website shall apply at all times. In the event of material changes, we will inform you by appropriate means where possible.