AI Business School AG
We collect and process personal data carefully and only to the extent permitted by law. In the following we explain which policies we comply with and for what purpose we collect and process personal data via this website and other websites and applications operated by us or affiliated companies.
When you register and use our services, we collect certain personal data so that we can provide our services targeted to you. Within the scope of communication and data collection, the following data is stored by us or by third party companies that provide the corresponding services:
- Registration data (e.g. name, surname),
- User entered data (e.g. ideas, comments, form entries),
- Analytics and traffic logs
- User triggered actions logs (e.g. login time, logout time, visited pages)
The purpose of this data capture is:
- to identify and authenticate users,
- to plan and execute communication and mobilization measures,
- to provide the business services and functions,
- to facilitate ideation, innovation, cross-company collaboration and knowledge transfer
- to achieve effective idea selection support for your company
- to give the user the opportunity to comment on content and in interest groups to facilitate more effective cross-company community building,
- to gather feedback to enable us to continually improve and extend our platform, services and your user experience
- to be able to provide and improve our services in a contractual and targeted manner,
- to provide your company with insights, reporting and analytics to continuous track progress and outcomes,
- to use data in anonymized form for research purposes, for example, to develop new products and services,
- to minimize the risk of fraud,
- to comply with applicable legislation and case law and to be able to respond to requests from administrative or other state authorities,
- to protect us, your company and third parties.
In the context of the European General Data Protection Regulation (GDPR) regulations apply which may also be applicable to companies and service providers domiciled in Switzerland. As far as these provisions are applicable to us, we comply with these provisions. The most important of these rights are listed below. Further details can be found in the legal basis, which can be accessed via the following link: http://eur-lex.europa.eu/eli/reg/2016/679/oj
The central aspects of these legal guidelines are listed below:
Right to information
Where personal data are collected, the data subjects are to be provided with a range of information regarding the collection of data, in particular what data are collected and for what purpose.
Right of access by the data subject
According to the GDPR, the person affected by the data processing is entitled to demand a confirmation that personal data are processed by him or that this is not the case. Where data is processed, the GDPR establishes various rights (e.g. the right to obtain a copy of the data).
Right to rectification
The data subject shall have the right to request the controller of the data to rectify any inaccurate personal data concerning him/her without delay. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
Right to erasure (“right to be forgotten”)
The data subject has the right to request that personal data relating to him/her be deleted immediately and the personal data must be deleted immediately if one of the reasons listed in the GDPR applies, for example that the data are no longer necessary for the purpose for which they were collected.
Right to restriction of processing
In certain cases, the data subject has the right to require the GDPR to restrict the processing of data. If such a restriction is requested, the data may only be retained, but may no longer be processed.
Right of notification
According to the GDPR, all recipients to whom personal data have been disclosed must be informed of any correction or deletion of personal data or any restriction on processing, unless this proves impossible or involves disproportionate effort.
Right to data transferability
The data subject has the right to receive the data that he has provided in a structured, common and machine-readable format and has the right to transfer this data to another data controller, for example to change the service provider. However, this right can only be exercised if the data processing is based on the consent of the data subject or on a contract.
Right to object
The data subject shall also have the right to object at any time, for reasons arising from his or her particular situation, to certain processing of personal data relating to him or her, including profiling based on these provisions. Subsequently, the data may no longer be processed, unless the data processor can prove compelling reasons for the processing which are worthy of protection and which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him/her for the purposes of such advertising, including profiling in so far as it is related to such direct marketing.
Right to waive an automated decision in individual cases
In addition, the data subject has the right not to be subject to a decision based exclusively on automated processing, including profiling, which has legal effect against him or her or significantly affects him or her in a similar manner.
Right to be informed of data protection violations
Should the provisions on the protection of personal data be violated, the person affected by the violation will be informed, provided that this entails a high risk for personal rights and freedoms.
Special protection for children
Furthermore, the GDPR also provides special protection for children. For example, in the case of services offered directly to a child, consent to the processing of the child’s data must be given or authorised by the holder of parental responsibility, whereby the age limit in question may be defined differently in the various countries within the scope of application of the GDPR.
Technical measures for data security
We protect personal data through appropriate technical and organisational security measures and store them on secure servers. The website is protected against manipulation by the usual state-of-the-art measures and against access, modification or distribution by unauthorised persons. This includes taking data protection aspects into account as early as the planning phase of our services (“privacy by design”), and our new products or services are offered with data protection-friendly default settings (“privacy by default”).
Transfer of data to third parties
We are entitled to pass on your personal data to service providers for the purposes of the contract, including abroad. These are, for example, cloud service providers, other companies in the group, other providers of services relevant to the provision of corporate services, including, for example, IT service providers, management consultants and lawyers, and public authorities. These third parties are also obliged to comply with the legal provisions on data protection. A complete list of the data processors involved can be requested from us.