Política de Privacidad (borrador en inglés)

This Privacy Policy explains how Agenticsis processes personal data of website visitors, prospects, clients, and end users of AI systems we build or operate on behalf of clients. It is written to satisfy the information duties of the Swiss Federal Act on Data Protection of 25 September 2020 (revised FADP, in force 1 September 2023) and the EU General Data Protection Regulation (Regulation (EU) 2016/679, GDPR), as well as the transparency obligations of the EU Artificial Intelligence Act (Regulation (EU) 2024/1689, AI Act).

1. Controller and contact

The controller responsible for the processing described below is:

Agenticsis
Sihlquai 131, 8005 Zürich, Switzerland
Email: info@agenticsis.ch
Telephone: +41 77 411 99 17

For any question about this Privacy Policy, to exercise your rights, or to report a concern, write to info@agenticsis.ch with the subject line “Privacy request”.

Agenticsis has not appointed a Data Protection Officer because we do not meet the criteria of GDPR Article 37 or the Swiss FADP equivalent. Our internal privacy function is held by the founder, reachable at the address above. Where required by GDPR Article 27, we will appoint an EU representative and publish their contact details here.

2. Scope of this Policy

This Policy applies to personal data we process about:

• Website visitors, including users who fill in our contact form, book a discovery call, or interact with cookies and similar technologies on agenticsis.ch.
• Prospects whom we contact for sales or marketing purposes, including individuals whose business contact details we obtain from third-party prospecting tools (see section 11).
• Clients and client personnel, including representatives of organisations that engage us under a written agreement.
• End users of AI systems that we build, deploy, or operate on behalf of clients, to the extent we act as a data controller for the processing in question. Where we act solely as a data processor, the client’s own privacy notice governs and the relationship between us is set out in our Data Processing Agreement.

This Policy does not cover:

• Personal data processed by third-party websites we link to.
• Personal data processed inside a client’s own systems where the client determines purposes and means.

3. Categories of personal data we collect

We collect the following categories of personal data, organised by source.

We do not knowingly collect special categories of personal data within the meaning of GDPR Article 9 or sensitive personal data within the meaning of FADP Article 5(c). If you submit such data to us voluntarily, we process it only as needed to respond and delete it as soon as the request is resolved.

4. Purposes and legal bases

We process personal data for the purposes and on the legal bases set out below.

Where we rely on legitimate interests under Art. 6(1)(f), we have carried out a balancing test. You may request a summary at info@agenticsis.ch.

5. AI processing transparency

We use third-party AI services and, on some engagements, AI systems we have configured ourselves. This section describes that processing.

Models and providers we use

Anthropic Claude, OpenAI, and Perplexity. We also use HTML/CSS to Image for image rendering. Each is listed on our Sub-processors page.

No training on your data

We configure our integrations so that personal data we send to Anthropic, OpenAI, and Perplexity is not used to train, fine-tune, or otherwise improve their underlying models. We rely on the zero-retention and no-training settings these providers make available under their enterprise terms. We will update this Policy promptly if a provider changes its terms in a way that affects this commitment.

Article 50 transparency

When you interact with a chatbot or AI agent operated by Agenticsis, we make clear that you are interacting with an AI system, except where this is obvious to a reasonably well-informed user. Where Agenticsis or a client operating an Agenticsis-built system publishes AI-generated text, image, audio, or video to inform the public on matters of public interest, we label that content as artificially generated or manipulated in accordance with AI Act Article 50.

Logging and accuracy

We retain prompts and outputs only as long as necessary to operate, debug, and secure the service. Default retention is 30 days. AI outputs may contain errors, omissions, or fabricated information. Outputs are not professional advice. You must independently verify any output before relying on it.

6. Recipients and sub-processors

We disclose personal data to:

• Sub-processors that host, transmit, or process data on our instructions. The current list is on our Sub-processors page, including purpose, location, and transfer safeguard for each.
• Independent controllers such as banks, tax authorities, courts, and our professional advisors, where disclosure is necessary for a lawful purpose.
• Successors in the event of a merger, acquisition, or sale of business assets, subject to the same protections.

Transactional emails (such as booking confirmations sent after you schedule a discovery call) are delivered through Gmail using OAuth2, so Google LLC acts as a sub-processor for those messages.

We do not sell personal data. We do not share personal data for cross-context behavioural advertising.

7. International transfers

We transfer personal data to recipients outside Switzerland and the EEA in connection with the services described in this Policy. Our transfer safeguards are:

• EU-US and Swiss-US Data Privacy Frameworks for transfers to certified US-based recipients on our Sub-processors page.
• Standard Contractual Clauses (Decision (EU) 2021/914) for recipients not covered by the DPF, in the appropriate module, with the FDPIC-recognised version applied to transfers from Switzerland.
• Adequacy decisions where the receiving country benefits from a Commission or Swiss Federal Council adequacy decision.

A copy of the relevant transfer instrument is available on request at info@agenticsis.ch.

8. Retention

We retain personal data only as long as needed for the purposes set out in section 4, then delete or anonymise it. Default retention periods are:

9. Your rights

You have the following rights under GDPR Articles 15 to 22 and the corresponding provisions of the revised FADP:

• Right of access. Confirmation of whether we process personal data about you, a copy of that data, and supplementary information.
• Right to rectification. Have inaccurate or incomplete data corrected.
• Right to erasure. Have data deleted where GDPR Art. 17 applies.
• Right to restriction of processing in the cases of GDPR Art. 18.
• Right to data portability. Receive your data in a structured, machine-readable format.
• Right to object to processing based on legitimate interests, including direct marketing.
• Right not to be subject to a solely automated decision with legal or similarly significant effects (see section 10).
• Right to withdraw consent at any time.
• Right to lodge a complaint with a supervisory authority (see section 17).

Write to info@agenticsis.ch. We respond within one month of receipt, extendable by two further months for complex requests, with notice. We may ask for reasonable proof of identity. There is no fee unless the request is manifestly unfounded or excessive.

10. Automated decisions and profiling

We do not currently make decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects on you within the meaning of GDPR Art. 22 or FADP Art. 21.

We use AI tools to assist human decision-making (for example, to draft correspondence, to prioritise outreach, or to summarise documents). The final decision is taken by a human reviewer. If this changes, we will update this Policy, inform affected individuals, and provide the right to obtain human intervention.

11. Source of indirectly collected data

Where we have not obtained your personal data directly from you, the source is one of the following, as required by GDPR Art. 14:

• B2B prospecting tools such as Apollo and Hunter. These tools aggregate business contact details from public corporate sources, professional networks, and publicly available web pages.
• Public B2B sources such as company websites, business registers, conference attendee lists, and professional social networks.
• Referrals from existing clients or business contacts, where the referrer represents that they have a lawful basis to share your details.

The categories we obtain are limited to business contact information: name, professional title, employer, business email, business phone, and publicly stated areas of professional responsibility. To opt out, reply “unsubscribe” to any email or write to info@agenticsis.ch. We suppress your details within 14 days and keep a minimal suppression record.

12. Cookies and similar technologies

agenticsis.ch does not currently set any cookies. We do not use third-party analytics, advertising, or tracking. Your language preference is encoded in the URL path (for example, /en/, /de/, /es/) and is not stored on your device.

If we add cookies in the future, this section will be updated and, for any non-essential cookies, a consent banner will be added in line with EU ePrivacy and FDPIC guidance: EU visitors will be asked to opt in, and Swiss visitors will be given transparent information and an easy opt-out.

13. Direct marketing

Service-related messages (for example, confirmation of a booking) are sent without prior consent because they are necessary to perform the service you requested.

For marketing emails:

• For existing clients, we may rely on the ePrivacy soft opt-in for similar services. You can opt out in every message.
• For prospects, we rely on consent where required, or on legitimate interest for B2B outreach in line with section 11. You can opt out at any time.

14. Security

We apply technical and organisational measures appropriate to the risk, including:

• TLS encryption for all data in transit.
• Encryption at rest for data stored in our database and object storage.
• Role-based access control and least-privilege provisioning.
• Audit logging on production systems.
• Multi-factor authentication on administrator accounts.
• Annual review of sub-processor list and contracts.
• Internal procedure for handling personal data breaches, including notification under GDPR Art. 33 (72 hours) and Art. 34 (data subjects) and FADP Art. 24 to the FDPIC as soon as possible.

No system is fully immune from compromise. Where a breach affects you, we will inform you in line with our legal duties.

15. Children

Our services are directed at businesses and their personnel. We do not knowingly collect personal data of children under 16. If you believe a child has provided us with personal data, write to info@agenticsis.ch and we will delete it.

16. Changes

We may update this Policy from time to time. The version published on this page is always the current version, marked with an effective date. Material changes are communicated to active clients by email at least 30 days before they take effect, unless a shorter period is required by law.

17. Complaints

If you believe we have not handled your personal data lawfully, please first contact us at info@agenticsis.ch so we can investigate.

You also have the right to lodge a complaint with a supervisory authority:

• In Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, edoeb.admin.ch.
• In the European Union: Your local data protection authority. The European Data Protection Board publishes a list at edpb.europa.eu.

18. Governing law

This Privacy Policy is governed by Swiss law. The application of the GDPR to processing of personal data of individuals in the European Economic Area is not affected.

Change log