Privacy Policy
Effective date: 2025-08-27
This Privacy Policy describes how Kenaz GmbH ("Kenaz", "we", "our") processes personal data when you visit our websites, use downloadable resources and demos, or interact with us. We follow the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nFADP).
1) Data controller & contact
Controller: Kenaz GmbH, Rathausstrasse 14 – Postfach 1557, CH‑6341 Baar, Switzerland.
Privacy contact: [email protected]
2) What personal data we collect
- Contact & booking data: name, email, company; meeting details (e.g., via Calendly or our forms).
- Communications: messages you send us (email, forms) and our replies.
- Web & device data (minimal): server logs (IP truncated where possible), timestamps, referrers; Google Search Console verification. Google Analytics is disabled by default.
- Demo usage: for interactive demos (e.g., Hugging Face Space) we may process text you submit; full content is not retained by default; we keep minimal audit logs for reliability/abuse prevention.
- Commercial data: basic CRM fields for leads/opportunities if you ask us to contact you about services.
3) Why we use your data & legal bases
- Provide the website and resources — legitimate interests / contract.
- Respond to enquiries, schedule meetings — contract / legitimate interests.
- Send updates/marketing — consent (only if you opt in; you can withdraw anytime).
- Security, fraud/abuse prevention, and service reliability — legitimate interests.
- Compliance with legal obligations — legal obligation.
4) Cookies & analytics
We do not set marketing cookies and operate without non‑essential cookies by default. Any analytics that would use cookies (e.g., GA4) is disabled unless you explicitly opt in.
CMP hook: if we later enable consent‑based analytics, a consent banner will appear and you can manage choices at any time. Until then, we rely on minimal, cookie‑free server logs and Search Console to understand aggregate usage.
5) Service providers (processors) & recipients
We use trusted providers to operate our Services. Depending on the features you use, this may include:
| Provider | Purpose | Location | Lawful basis | Retention |
|---|---|---|---|---|
| Calendly | Meeting scheduling | Primarily EU/US | Contract / legitimate interests | Booking metadata up to 24 months |
| Google Workspace (Gmail) | Business email | EU/CH data centers where available | Contract / legitimate interests | Business records as required by law |
| Google Search Console | Site indexing & diagnostics | EU/CH | Legitimate interests | Aggregate metrics up to 16 months |
| Hugging Face Spaces | Interactive demos | EU/US (per HF infra) | Legitimate interests | No content retained by default; minimal audit logs |
| CRM/Lead tools (e.g., HubSpot, Snov.io, Apollo, Crunchbase) | Lead discovery & outreach | EU/US (per vendor) | Consent (marketing) / legitimate interests | Up to 24 months after last contact |
- Scheduling & email: Calendly (meeting booking), Google Workspace/Gmail.
- Analytics & site ops: Google Search Console/Analytics, Cloud hosting/CDN.
- Demos & code hosting: Hugging Face Spaces (interactive demo), GitHub.
- CRM/Lead tools (optional): a CRM and lead‑gen platforms if you engage sales discussions.
All processors are bound by contracts and process data only under our instructions.
6) International transfers
We aim to host in Switzerland/EU by default. Where a processor stores or accesses data outside Switzerland/EU/EEA, we use appropriate safeguards such as EU Standard Contractual Clauses (SCCs) with Swiss addenda and additional technical/organizational measures.
7) Retention
- Website analytics logs: typically up to 12 months (aggregated thereafter).
- Leads & enquiries: up to 24 months after last contact unless you ask us to delete earlier.
- Contracts & invoicing data: kept as required by law (usually 6–10 years).
- Demo artifacts: minimal audit logs for reliability/security; content not retained by default.
8) Your rights
Subject to applicable law, you can request access, rectification, erasure, restriction, or portability of your personal data, and object to processing based on legitimate interests. Where processing relies on consent, you may withdraw it at any time. You also have the right to lodge a complaint with your local data protection authority or the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland.
9) Security
We use appropriate technical and organizational measures, including encryption in transit, access controls (RBAC), logging, and least‑privilege, to protect personal data. No method of transmission is 100% secure; we continually improve our safeguards.
10) Children
Our Services are not directed to children under the age of 16, and we do not knowingly collect personal data from them.
11) Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version here with a new effective date. Material changes will be highlighted for transparency.
12) Contact
Questions about this policy or your data? Contact us at [email protected] or write to Kenaz GmbH — Rathausstrasse 14 – Postfach 1557, CH‑6341 Baar, Switzerland.
See also our Terms of Service.