1. What is this Privacy Notice about?
WorldReplica AG (also «we», «us») collects and processes personal data that concern you but also other individuals («third parties»). We use the word «data» here interchangeably with «personal data», i.e. data relating to identified or identifiable individuals. «Processing» means any operation that is performed on personal data, such as collection, storage, use, alteration, disclosure and erasure.
In this Privacy Notice, we describe what we do with your data when you access and use https://worldreplica.ai/ (the «website»). In addition to the information herein, we may inform you about the processing of your data separately.
If you disclose your data to us or share data with us about other individuals we assume that you are authorized to do so and that the relevant data is accurate. When you share data about others with us, you confirm that. Please make sure that these individuals have been informed about this Privacy Notice.
This Privacy Notice is aligned with the EU General Data Protection Regulation («GDPR») and the Swiss Data Protection («DPA»). However, the application of these laws depends on each individual case.
2. Who is the controller for processing your data?
WorldReplica AG, Am Schanzengraben 25, 8002 Zürich is the controller for the processing under this Privacy Notice, unless we tell you otherwise in an individual case.
You may contact us for data protection concerns and to exercise your rights under Section 10 as follows:
WorldReplica AG
Am Schanzengraben 25
CH-8002 Zürich
dataprotection@worldreplica.ai
3. What data do we process?
We process various categories of data about you. The main categories of data are the following:
- Technical data: When you use our website, we collect the IP address of your device as well as other technical data in order to ensure the functionality and security of the website. This data includes logs with records of the use of our systems. It may also include information about the operating system or browser you use, the date, region and time of use. We generally keep technical data for a maximum of 6months. In order to ensure the functionality of the website, we may also assign an individual code to you or your terminal device (for example as a cookie, see Section 11). Technical data as such does not permit us to draw conclusions about your identity. However, it may be linked with other categories of data (and potentially with your person) e.g. in relation to user accounts or registrations.
- Registration data: It may be possible that certain functions on our website (such as member areas on our website, newsletters, etc.) can only be used with a user account or registration. We may provide such login functions directly or through third-party login service providers. To use these functions, you must provide us with certain data (e.g. username, password, name or e-mail-address), and we collect data about the use of the service. We generally keep registration data for 12months from the date the user account is closed.
- Communication data: When you contact us via a contact form, by e-mail, telephone or other means of communication, we collect the data exchanged between you and us, including your contact details and the metadata of the communication. This may also include the means, place and time of the communication and the content of the communication. If we have to determine your identity, e.g. in relation to a request for information, we collect data to identify you (for example a copy of an ID document). We generally keep this data for 3 years from the last exchange with you. The retention period may be longer where required for evidentiary purposes, to comply with legal or contractual requirements or for technical reasons.
- Master data refers the basic data that we need for the performance of our business relationships or for marketing and promotional purposes, such as name and contact details, and information about, for example, your role and function and declarations of consent. We process such data if you are business contact or work for one or because we wish to address you for our own purposes or for the purposes of a business partner (for example as part of marketing and advertising, with invitations to events, with newsletters, etc.). We may receive master data from you, from parties you work for or from third parties such as contractual partners and associations, and from public sources such as public registers or the internet (websites, social media, etc.). Master data is not collected comprehensively for all contacts. The data collected in an individual case depends mostly on the purpose of the processing activity. We generally keep master data for 3years from the last exchange between us. This period may be longer if required for evidentiary purposes, to comply with legal or contractual requirements or for technical reasons.
- Behavioral data refers to information about actions such as your response to electronic communications (e.g. if you opened an e-mail, your interaction with our social media pages etc.). Preference data refers to data about your needs, e.g. which services may be of interest to you. Depending on our relationship with you, we try to get to know you better and to tailor our products, services and offers to you. For this purpose, we collect and process data about your behavior and preferences. We do so by evaluating information about your behavior when you use our website, and we may also supplement this information with third-party information, including from public sources. Based on this data, we can for example determine the likelihood that you are interested in certain services. The data processed for this purpose is already known to us (for example where and when you use our website), or we collect it by recording your behavior (for example how you navigate our website). We anonymize or delete this data when it is no longer relevant for the purposes pursued, normally after 36months. This period may be longer where necessary for evidentiary purposes, to comply with legal or contractual requirements, or for technical reasons. We describe how tracking works on our website in Section 11.
- Other data: We also collect data from you in other situations. For example, data that may relate to you (such as files, evidence, etc.) may be processed in relation to administrative or judicial proceedings. The retention period for this data depends on the processing purpose and is limited to what is necessary.
Much of the data set out in this Section 3 is provided to us by you (when you use the website, when you communicate with us, etc.). You are not obliged or required to disclose data to us except in certain cases (legal obligations). When using our website, the processing of technical data cannot be avoided. However, in the case of behavioral and preference data, you generally have the option of objecting or not giving consent. Note that it may be that we will provide you with certain services (such as member areas on our website or newsletters) only if you provide us with the necessary (registration) data. Similarly, we can only submit a response to a request from you if we process communication data and – if you communicate with us online – possibly also technical data.
As far as it is not unlawful we also collect data from public sources or receive data from public authorities and from other third parties (such as associations, contractual partners, internet analytics services, etc.).
4. For what purposes do we process your data?
We process your data for the purposes explained below. You find further information on the purposes of processing in Sections 11 and 12.
We process your data to communicate with you, in particular to respond to inquiries and the exercise of your rights (Section 10). For this purpose, we use in particular communication data, master data, and registration data. We keep this data to document our communication with you, for training purposes, for quality assurance and for follow-up inquiries.
We process data for the conclusion, administration and performance of contractual relationships.
We conclude various contracts with our business and private customers, suppliers, subcontractors and other parties, such as partners in projects or parties in legal proceedings. In particular, we process master data and communication data and, depending on the circumstances, registration data. This includes, for example, the recipients of our products or services. In this case, we process data in order to perform the contract with these recipients, but also with the contractual partners who have invited them.
We process data for marketing purposes and relationship management, for example to send the users of our website personalized advertising for services from us and from third parties. This may happen in the form of newsletters and other regular contacts (electronically or by e-mail), through other channels for which we have contact information from you, but also as part of marketing campaigns. You can object to such contacts at any time (see at the end of this Section 4) or refuse or withdraw consent to be contacted for marketing purposes. With your consent, we can target our online advertising on the internet more specifically to you (see Section 11).
We further process your data for market research, to improve our services and operations, and for product development.
We may also process your data for security purposes (e.g. monitoring of our IT infrastructure, system and error check or backups).
We process personal data to comply with laws, directives and recommendations from authorities and internal regulations («Compliance»).
We also process data for the purposes of our risk management and as part of our corporate governance, including business organization and development.
We may process your data for further purposes, for example as part of our internal processes and administration or for quality assurance purposes and trainings.
5. On what legal basis do we process your data?
Where we ask for your consent forcertain processing activities, we will inform you separately about the relevant processing purposes. You may withdraw your consent at any time with effect for the future by providing us written notice (by mail) or, unless otherwise noted or agreed, by sending an e-mail to us; in this regard see our contact details in Section 2. For withdrawing consent for online tracking, see Section 11. Once we have received notification of withdrawal of consent, we will no longer process your information for the purpose(s) for which you withdrew your consent, unless we have another legal basis to do so. However, such withdrawal of consent does not affect the lawfulness of the processing based on the consent prior to withdrawal.
Where we do not ask for consent for processing, the processing of your personal data relies on the requirement of the processing for initiating or performing a contract with you (or the entity you represent) or on our or a third-party legitimate interest in the particular processing, in particular in pursuing the purposes and objectives set out in Section 4 and in implementing related measures. Our legitimate interests also include compliance with legal regulations, insofar as this is not already recognized as a legal basis by applicable data protection law. It also includes the marketing of our services, the interest in better understanding our markets and in managing and further developing our company, including its operations, safely and efficiently.
We may process your data on other legal basis, for example, in the event of a dispute, as required in relation to a potential litigation or for the enforcement or defense of legal claims. In some cases, other legal basis may apply, which we will communicate to you separately as necessary.
6. With whom do we share your data?
In relation to the website, our legal obligations or otherwise with respect to protecting our legitimate interests and the other purposes set out in Section 4, we may disclose your personal data to third parties, in particular to the following categories of recipients:
- Service providers: We work with service providers in Switzerland and abroad who process your data on our behalf or as joint controllers with us or who receive data about you from us as separate controllers (for example IT providers, advertising service providers or login service providers,). For the service providers used for the website, see Section 11. A key service provider for our website is Hostpoint AG (for their privacy notice see: https://www.hostpoint.ch/hostpoint/kontakt-agb.html#datenschutz). Furthermore, to be able to provide our website, we may procure services from third parties in various areas such as IT services, information transmission etc. In such case we disclose to these service providers the data they require for their services, which may also concern you. We enter into contracts with these providers that include provisions to protect data, where such protection does not apply by law. Service providers inform about their independent data processing activities in their own privacy notices.
- Contractual partners including customers: This refers to customers and our other contractual partners as this data disclosure results from these contracts. If you work for one of these contractual partners, we may also disclose data about you to that partner in this regard. These recipients also include contractual partners with whom we cooperate or who carry out advertising for us and to whom we may therefore disclose data about you for analysis and marketing purposes. We require these partners to send you or display advertising based on your data only with your consent (for online advertising, see Section 11). Our online advertising partners are listed in Section 11.
- Authorities: We may disclose personal data to agencies, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to make such disclosures or if it appears necessary to protect our interests.
- Other persons: This means other cases where interactions with third parties follows from the purposes set out in Section 4.
All these categories of recipients may themselves rely on, or otherwise involve, third parties, so that your data may also be disclosed to them. We can restrict the processing by certain third parties (for example IT providers), but not by others (for example authorities).
In addition, we may enable certain third parties to collect personal data from you on our website
7. Is your personal data disclosed abroad?
As explained in section 6, we disclose data to other parties. These are not all located in Switzerland. Your data may therefore be processed both in Europe and in exceptional cases, in any country in the world.
If a recipient is located in a country without adequate statutory data protection, we require the recipient to undertake to comply with data protection requirements (for this purpose, we use the revised European Commission’s standard contractual clauses including the amendments required by the Federal Data Protection and Information Commissioner), unless the recipient is subject to a legally accepted set of rules to ensure data protection or we can rely on an exception (e.g. in case of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires disclosure, if you have consented or if data has been made available generally by you and you have not objected against the processing).
Please note that data exchanged via the internet is often routed through third countries. Your data may therefore be sent abroad even if the sender and recipient are in the same country.
8. How long do we process your data?
We process your data for as long as our processing purposes, the legal retention periods and our legitimate interests in documentation and keeping evidence require it or storage is a technical requirement. You will find further information on the respective storage and processing periods for the individual data categories in Section 3, and for cookies in Section 11. If there are no contrary legal or contractual obligations, we will delete or anonymize your data once the storage or processing period has expired as part of our usual processes.
9. How do we protect your data?
We take appropriate security measures in order to maintain the required security of your personal data and ensure its confidentiality, integrity and availability, and to protect it against unauthorized or unlawful processing, and to mitigate the risk of loss, accidental alteration, unauthorized disclosure or access. This may include, e.g., access restriction or maintaining backup copies.
10. What are your rights?
To help you control the processing of your personal data, you may have the following rights in relation to our data processing, depending on the applicable data protection law:
- the right to request information from us as to whether and what data we process from you;
- the right to have us correct data if it is inaccurate;
- the right to request the erasure of data;
- the right to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller;
- the right to withdraw consent, where our processing is based on your consent;
- the right to receive, upon request, further information that is helpful for the exercise of these rights.
If you wish to exercise the above-mentioned rights in relation to us, please contact us in writing, or, unless otherwise specified or agreed, by e-mail (for our contact details see Section 2). In order for us to be able to prevent misuse, we will need to identify you (for example by means of a copy of your ID card, unless identification is not possible otherwise).
Please note that conditions, exceptions or restrictions apply to these rights under applicable data protection law (for example to protect third parties or trade secrets). We will inform you accordingly where applicable.
If you do not agree with the way we handle your rights or with our data protection practices, please let us know. If you are located in the EEA, the United Kingdom or in Switzerland, you also have the right to lodge a complaint with the competent data protection supervisory authority in your country. You can find a list of authorities in the EEA here: https://edpb.europa.eu/about-edpb/board/members_en. You can reach the UK supervisory authority here: https://ico.org.uk/global/contact-us/. You can reach the Swiss supervisory authority here: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.
11. Do we use online tracking?
We use various techniques on our website that allow us and third parties engaged by us to recognize you during your use of our website, and possibly to track you across several visits. This Section informs you about this.
In essence, we wish to distinguish access to our website by you (through your system) from access by other users, so that we can ensure the functionality of the website and carry out analysis and personalization. We do not intend to determine your identity, even if that is possible where we or third parties engaged by us can identify you by combination with other data, such as registration data. However, even without registration data, the technologies we use are designed in such a way that you are recognized as an individual visitor each time you access the website, for example by our server (or third-party servers) that assign a specific identification number to you or your browser (so-called «cookie») or by other means (e.g. «fingerprinting»).
We use these technologies on our website and may allow certain third parties to do so as well. However, depending on the purpose of these technologies, we may ask for consent before they are used. You can also set your browser to block or deceive certain types of cookies or alternative technologies, or to delete existing cookies or you can add software to your browser that blocks certain third-party tracking. You can find more information on the help pages of your browser (usually with the keyword «Privacy») or on the websites of the third parties set out below.
We currently use the following category of «cookies»:
- Necessary cookies: Some cookies are necessary for the functioning of the website or for certain features, e.g. to ensure that you can move between pages without losing information that was entered in a form that you stay logged in. These cookies exist temporarily only («session cookies») and the website may not work properly if you block them. Other cookies are necessary for the server to store options or information (which you have entered) beyond a visit to the website if you use this function (for example consents, automatic login functionality, etc.). These cookies expire at the end of a session, i.e. when the user leaves the website.
We may also integrate additional third-party offers on our website, in particular from social media providers. These offers are deactivated by default. As soon as you activate them (for example by clicking a button), these providers can determine that you are using our website. If you have an account with that social media provider, it can assign this information to you and thereby track your use of online offers. These social media providers process this data as separate controllers.
We currently use offers from the following service providers (where they may use data from you or cookies set on your computer):
- WordPress: Our website uses the content management system Word-Press.com from Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. Aut O’Mattic A8C Ireland Ltd, Grand Canal Dock, 25 Herbert Pl, Dublin D02 AY86, Ireland, is responsible for the operation of the system for users from Europe. WordPress makes it easier for us to design and display the website, for which we also collect and process data from you (especially technical data such as operating system, browser, screen resolution, but also IP address). Certain data may also be transmitted to the USA. Further information on data protection in connection with WordPress can be found at https://automattic.com/en/privacy/. Furthermore, we use the WordPress plugin Contact Form 7. Further information on data protection in connection with this plugin can be found at https://contactform7.com/privacy-policy/.
12. What data do we process on our social network pages?
We may operate pages and other online presences («fan pages», «channels», «profiles», etc.) on social networks and other platforms operated by third parties and collect the data about you described in Section 3 and below. We receive this data from you and from the platforms when you interact with us through our online presence (for example when you communicate with us, comment on our content or visit our online presence). At the same time, the platforms analyze your use of our online presences and combine this data with other data they have about you (for example about your behavior and preferences). They also process this data for their own purposes, in particular for marketing and market research purposes (for example to personalize advertising) and to manage their platforms (for example what content they show you) and, to that end, they act as separate controllers.
We receive data about you when you communicate with us through online presences or view our content on the corresponding platforms, visit our online presences or are active on them (for example publish content, submit comments). These platforms also collect technical data, registration data, communication data, behavioral data and preference data from you or about you, among other things (see Section 3 about these terms). These platforms usually perform statistical analysis of the way you interact with us, how you use our online presences and our content or other parts of the platform (what you view, comment on, «like», forward, etc.) and combine this data with other information about you (for example information about your age and your gender and other demographic information). In that way, they create profiles about you and statistics on the use of our online presences. They use this data and profiles to display to you our or other advertisements and other personalized content on the platform and to manage the behavior of the platform, but also for market and user research and to provide us and other parties with information about you and the use of our online presence. We can control the analysis that these platforms generate regarding the use of our online presence to some extent.
We process this data for the purposes set out in Section 4, in particular for communication, for marketing purposes and for market research and on the applicable legal basis pursuant to Section 5. We may disseminate content published by you (for example comments on an announcement). We or the operators of the platforms may also delete or restrict content from or about you in accordance with their terms of use (for example inappropriate comments).
For further information on the processing of the platform operators, please refer to the privacy information of the relevant platforms. There you can also find out about the countries where they process your data, your rights of access and erasure of data and other data subjects rights and how you can exercise them or obtain further information. We currently use the following platforms:
- LinkedIn: On LinkedIn we operate the company page https://www.linkedin.com/company/worldreplica-ai/. LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland («LinkedIn») is the controller for the operation of the LinkedIn platform for users from the EU, the EEA and Switzerland. You can find LinkedIn’s privacy notice at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy . Some of your data may also be transferred to the United States of America. We are jointly responsible with LinkedIn for the data collected and processed in connection with visits to our company page (so-called Page Insights). As part of Page Insights, we receive statistics on visitors to our company page. This allows us to better understand how our company page is used and how we can improve it. We have defined our responsibility regading data protection in accordance with the information at https://legal.linkedin.com/pages-joint-controller-addendum.
13. Can we update this Privacy Notice?
This Privacy Notice is not part of a contract with you. We can change this Privacy Notice at any time. The version published on this website is the current version.
Last updated: 6. December 2024