Privacy Policy

1. Introduction and Controller

This Privacy Policy explains how SYLVA AG (“SYLVA”, “we”, “us”) processes personal data in connection with its website, platform, and related services.

Controller:
SYLVA AG
Mühlerain 39
8672 Meilen, Switzerland
privacy@sylva.ac

SYLVA acts as:

Data Controller for visitors to its website and communications with prospective clients.
Data Processor for data processed on behalf of its institutional and enterprise clients using the SYLVA platform.

SYLVA is subject to the Swiss Federal Act on Data Protection (nFADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

2. Scope of Application

This policy applies to all personal data processed through:

The website sylva.ac and related pages
The assessment and analytics platforms (cloud.sylva.ac) and enterprise versions operated for clients
Communication, support, and contractual relationships with clients, educators, or learners

It does not apply to employment or investor relations, or to third-party sites linked from ours.

3. Categories of Data Processed

a) Data collected automatically
Includes IP address, browser type, operating system, device identifiers, date and time of visit, pages accessed, referring page, cookies, and similar technologies necessary for site operation.
b) Data provided by you
When learners or participants complete assessments or exercises, SYLVA may process performance or behavioural data on behalf of its clients. These data are treated as confidential and processed strictly within the agreed contractual framework.
c) Special categories of data
Includes contact details (name, email, institution, message content) submitted via forms or email, account or login data for platform users, and assessment, feedback, or learning data entered into the SYLVA platform.

4. Purpose and Legal Basis

Personal data are processed for the following purposes:

Operating and securing our website and platform – Legitimate interest (Art. 6(1)(f) GDPR / Art. 31 nFADP)
Responding to contact or demo requests – Contract or pre-contractual steps
Providing assessment and feedback tools – Contract or client instructions
Ensuring data security and system integrity – Legal obligation and legitimate interest
Improving and maintaining services – Legitimate interest
Compliance with statutory obligations – Legal obligation

5. Data Processing Roles

For the website and communications, SYLVA is the controller determining the means and purposes of processing.

For the platform and enterprise environments, SYLVA acts as a processor on behalf of its clients, following their written instructions and data protection agreements.

6. Data Hosting and International Transfers

All personal and client data are hosted in Switzerland by SYLVA or secure subcontractors meeting Swiss and EU data protection standards.

Enterprise clients may request dedicated hosting locations (for example within the EU). Such arrangements are subject to written contractual terms ensuring equivalent protection.

SYLVA does not transfer or share data with third parties outside Switzerland or the EU unless required by law or specifically requested by a client.

7. Cookies and Tracking Technologies

The SYLVA website currently uses only essential cookies required for security and core functionality.

No tracking or analytics cookies are active at this time.

If analytical or third-party cookies (for example Google Analytics, Vimeo) are introduced in the future, users will be notified through an updated Cookie Policy and given the option to manage their consent through a banner compliant with applicable law.

8. Data Retention

Contact data are retained up to 24 months after the last interaction, unless legal retention applies.

Platform data (personal identifiers such as names, emails, IDs) are deleted upon termination of client contracts or within the agreed retention period.

Assessment data may be retained in anonymized or pseudonymized form indefinitely for technical or statistical purposes, without any possibility of re-identification.

9. Data Security

SYLVA applies appropriate technical and organizational measures to protect data, including encrypted data transmission (HTTPS/TLS), access control and authentication, regular backups and security monitoring, and role-based access for staff and administrators.

No online system is completely secure; however, SYLVA continuously reviews its infrastructure to maintain the highest level of protection.

10. Data Sharing

SYLVA may engage carefully selected service providers (for example hosting, email, or infrastructure partners) to support its operations. These partners act as processors under written agreements and are bound by confidentiality and data protection obligations.

SYLVA does not sell, rent, or disclose personal data to third parties for commercial purposes.

11. Your Rights

Depending on your jurisdiction, you may exercise the following rights regarding your personal data:

Access – obtain a copy of your personal data processed by SYLVA.
Rectification – request correction of inaccurate or incomplete data.
Erasure – request deletion of personal data where legally possible.
Restriction – request limited processing under certain conditions.
Data portability – request transfer of data to another controller where technically feasible.
Withdrawal of consent – withdraw consent at any time (where processing is based on consent).
Complaint – lodge a complaint with the competent authority (for example the Federal Data Protection and Information Commissioner in Switzerland).

Requests may be submitted to privacy@sylva.ac. SYLVA will respond in accordance with applicable law.

12. Updates to this Policy

SYLVA may update this Privacy Policy to reflect legal or operational changes. The latest version is always available on our website and becomes effective upon publication.

SYLVA AG
Mühlerain 39, 8672 Meilen, Switzerland
privacy@sylva.ac
https://sylva.ac