Privacy Policy

Privacy Policy

  1. What is this privacy policy about?
  2. Who is responsible for processing your data?
  3. How do we process data in connection with our services?
  4. How do we process data in connection with advertising?
  5. How do we disclose data?
  6. How do we process data in connection with our websites?
  7. Are there other types of processing?
  8. How long do we process personal data?
  9. How do we protect your data?
  10. Are there any additional points to consider?
  11. What are your rights?

1. What is this privacy policy about?

“Personal data” refers to any information that can be associated with a specific person, and “processing” refers to any handling of such data, e.g., collection, use, or disclosure. This privacy policy explains how we process such data, primarily within the scope of our business activities and in relation to our websites https://startbox.swiss/, and https://zh.startbox.swiss/ (“websites”), insofar as processing is not obvious and the applicable data protection law requires such information.

This policy is for informational purposes only and does not form part of a contract with you, even if a contract refers to this privacy policy.
For further information, please contact us (see section 2).

2. Who is responsible for processing your data?

The controller responsible under this privacy policy – i.e., the party primarily responsible under data protection law (also “we”) – is:

Ahead Zürich Cooperative
Sihlquai 125
8005 Zurich
Email: info@startzentrum.ch

3. How do we process data in connection with our services?

When you use our services, we process data to prepare and fulfill contracts. Our services are intended for individuals residing in Switzerland.

Examples include:

  • If you enter into a contract with us (e.g., book a consulting appointment, provide a service/product as an external provider), we process data from the pre-contract phase and contract details (e.g., signing date, content). During and after the contract term, we also process service usage data, payment info, customer service contacts, disputes, etc.
  • We may collect data from public sources (e.g., commercial registers, the internet) to assess contractual suitability.
  • If you register for a consultation, workshop, or event, we process your contact and payment data, as well as other information disclosed during participation (e.g., communications, business plans).
  • We also use this data for statistical analysis and to improve our services and may use it for marketing (see section 4).

If you provide data concerning other individuals (e.g., co-founders, proxies), we assume you are authorized to do so and ask that you inform them about this privacy policy.

4. How do we process data in connection with advertising?

We also process personal data to promote our own and third-party services:

  • Newsletters: We send electronic communications and newsletters that may include promotional content. Consent is obtained unless you are an existing customer. We track your name, email, prior use of services, email opens, and link clicks using tracking pixels. You can disable tracking by configuring your email client not to load external images automatically.
  • Events: If you attend events, we process registration data to manage the event and follow-up. We may also take photos or videos and share them online, in which case you’ll be notified separately.
  • Market research: We analyze newsletter reactions, survey responses, social media interactions, and media reports to improve and develop our services.

5. How do we disclose data?

We may share personal data with various recipients, including:

  • Related persons (e.g., proxies, partners), and employees/contact persons of client companies.
  • Public authorities (especially the City and Canton of Zurich) and courts, for legal obligations or proceedings.
  • Third parties in the context of asset transactions.
  • Service providers (e.g., IT providers, hosting, data analytics, registration systems, banks, postal services) may process data as required.

Some recipients are located outside Switzerland, including in the EU/EEA and globally. Not all countries have equivalent data protection. In such cases, we use safeguards such as the EU Standard Contractual Clauses (available here). In specific cases, we may transfer data without such contracts if legally permitted (e.g., with consent or for legal proceedings).

6. How do we process data in connection with our websites?

6.1 What data is collected when using our websites?

Each website visit automatically generates technical data (log files), including IP address, internet provider, operating system, referrer URL, browser details, date/time, and accessed content.

We use cookies to distinguish visitors. Some cookies (“session cookies”) are deleted after you close your browser, while others (“persistent cookies”) remain stored. We may also use similar technologies like pixel tags or fingerprints for recognition or analysis.

We use this data for system security, optimization, statistical analysis, and functional support. Some technologies come from third parties. You can configure your browser to block or delete cookies. See your browser’s help section for more.

6.2 How do third-party service providers process data for our websites?

We use Friendly Analytics (by Friendly GmbH, Switzerland) for website analysis. It relies on fingerprinting and anonymizes IP addresses at collection.

We embed plugins from Google LLC and Google Ireland Ltd. (e.g., YouTube, Google Maps), which may track users across websites and devices. If you have a Google account, they may link this data to you. Google privacy.

6.3 How do we process data via social media?

We operate social media profiles (e.g., Facebook). If you interact with us there (comments, messages), we process that data for communication, marketing, and statistics. The platforms also process your data independently. Where we share responsibility, we have agreements with the platform operators.

7. Are there other types of processing?

Yes, we also process data for common and necessary internal operations, including:

  • Communication: When you contact us (e.g., by phone or social media), we process content, time, location, and identity verification details.
  • Legal compliance: Data may be disclosed to authorities for compliance with legal obligations.
  • Job applications: We process application data and potentially additional public data (e.g., from LinkedIn).
  • Prevention: We process data to prevent crimes or misconduct (e.g., fraud prevention).
  • Legal procedures: We process and share data in legal or administrative proceedings.
  • IT security: For IT monitoring, backup, analysis, and archiving.
  • Market/competition: We may collect public data about market environments or key stakeholders.
  • Transactions: We process data when buying/selling claims, assets, business units, or companies.
  • Other purposes: E.g., internal training, accounting, legal enforcement, statistics, or process improvements.

8. How long do we process personal data?

We retain personal data as long as necessary for the purpose, for legitimate interests (e.g., legal claims, IT security), and for as long as required by law (e.g., 10 years for certain records). After that, we delete or anonymize it.

9. How do we protect your data?

We apply suitable technical and organizational measures to ensure data security according to the risk involved. However, we cannot guarantee absolute security—some residual risk always remains.

10. Are there any additional points to consider?

Depending on the applicable law (e.g., the EU GDPR), data processing may require a specific legal basis:

  • Art. 6(1)(b) GDPR: Processing necessary to perform a contract or pre-contractual steps.
  • Art. 6(1)(f) GDPR and Art. 9(2)(f): For legitimate interests, such as legal compliance, IT security, and optimization.
  • Art. 6(1)(c) GDPR: To meet legal obligations under EEA member law.
  • Art. 6(1)(a) GDPR and Art. 9(2)(a): Based on consent.

You’re generally not obligated to provide data unless necessary for a specific contract or legal requirement.

11. What are your rights?

Under applicable law, you have the following rights regarding your personal data:

  • Access: Find out whether we process your data, and if so, which.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure & Objection: Request deletion of data and object to processing.
  • Data Portability: Receive your data in a structured, machine-readable format (if processing is based on consent or contract).
  • Withdrawal: Withdraw your consent at any time (only for future processing).

To exercise these rights, please contact us (see section 1). We may need to verify your identity.
You also have the right to lodge a complaint with the relevant supervisory authority, such as the Swiss Federal Data Protection and Information Commissioner (FDPIC).