LOG IN

PRIVACY POLICY

Alterland SA | Via Frasca 3, 6900 Lugano, Switzerland

We recognise that providing services in a virtual environment entails particular challenges in the area of security and personal data protection. For this reason, we treat data protection as one of the key aspects of our operations.

The purpose of this Privacy Policy is to set out the principles governing the processing of your personal data in connection with the use of the Alterland website and platform, including virtual office space services.

In particular, we explain:

  • in which situations we process your data,
  • what data we collect,
  • for what purpose and on what legal basis,
  • how long we retain it,
  • what rights you have in connection with the processing of your personal data.

WHO IS THE CONTROLLER OF YOUR DATA

The controller of the personal data described in this Privacy Policy is ALTERLAND SA, Via Frasca 3, 6900 Lugano, Switzerland.

The controller always collects and processes your personal data in compliance with applicable law, in particular the Swiss New Federal Act on Data Protection (nFADP) and the EU General Data Protection Regulation (GDPR). We endeavour to ensure transparency of the processing of your personal data by informing you of the purpose and legal basis for processing at the point of collection.


DATA PROCESSING MODEL

We operate a digital-services model in which:

  • we are the controller of Platform users' data, including yours,
  • in certain areas we engage processors (e.g. hosting, AI),
  • some providers (e.g. META – VR, payment operators) act as independent data controllers.

Where the Platform is used within an organisation or team, please also bear in mind that the organisation using the Platform may be the controller of its users' data, and we may act as a processor on its behalf — to the extent arising from the collaboration model and concluded agreements.


SOURCES OF PERSONAL DATA

We receive personal data from the following sources:

  • directly from you,
  • from the administrator of your organisation,
  • automatically in connection with your use of the website or platform,
  • from tools supporting authentication, security and the operation of our services.

COOKIES AND SIMILAR TECHNOLOGIES

Some personal data may also be collected automatically via cookies and similar technologies used on the website and the Platform. The detailed rules on the use of cookies and similar technologies, including their purposes and settings management, are set out in a separate Cookie Policy available on the Alterland website.


SPECIFIC SITUATIONS IN WHICH WE PROCESS YOUR PERSONAL DATA


Account Registration

When you register (create) an account on our platform, we process your basic identification data in the form of your e-mail address and password. This data is used to create an account and provide access to the Alterland HUB functionality. You provide this data voluntarily; however, providing it is necessary to create an account.

The legal basis for processing is the performance of a contract (Art. 6(1)(b) GDPR).

You may also provide additional information in your panel, such as your name and a short bio.

Data is retained for the period of account use and, after its closure, for the period necessary to assert or defend claims.


Organisation Profile Administration and User Management

We enable the creation and management of an organisation profile (workspace) within which designated users (e.g. organisation administrators) may add, remove and manage other users' accounts.

In this context, the following data is processed:

  • e-mail address,
  • account identifier,
  • assignment to an organisation, team or project,
  • role and permissions within the Platform,
  • invitation history (sent, accepted, rejected),
  • data relating to account activity within the organisation.

This data is processed to create and maintain the organisational structure in the Platform, enable administrators to manage user access and permissions, and ensure the security of access to the organisation's resources.

The legal basis for processing is:

  • Art. 6(1)(b) GDPR — performance of a contract, to the extent necessary to provide Platform services to the organisation,
  • Art. 6(1)(f) GDPR — legitimate interest of the controller, in respect of ensuring security, access control and permissions management.

Where users are invited to an organisation by its administrator, data (in particular the e-mail address) may be provided by the organisation. In such a case, the organisation may act as an independent controller in respect of entering user data into the Platform and administering the organisation.

Data is retained for the period of active Platform use within the given organisation and, thereafter, for the period necessary to ensure accountability and to assert or defend claims. Access to users' data within an organisation is restricted to authorised persons (e.g. organisation administrators) within the scope of their assigned permissions.


Subscriptions and Payments

To use the Platform services it is necessary to purchase a subscription and provide data required to process payments, including in particular identification and billing data. Providing this data is necessary to make a payment.

Payment card data is not processed by Alterland — it is handled by a specialist payment operator (Stripe), which acts in this regard as an independent data controller or as a processor in accordance with its own service model and legal documentation.

We receive information about completed payments from the operator and process it to enable access to Platform functionality, carry out settlements and fulfil legal obligations.

The legal basis is:

  • Art. 6(1)(b) GDPR (contract) — for the provision of subscription services,
  • Art. 6(1)(c) GDPR (legal obligation) — for retaining accounting documents.

Data is retained for the duration of the subscription and for the period required by accounting and tax regulations.


Activity in the Virtual Environment (VR / 3D)

The Platform enables you to participate in virtual spaces such as offices, meeting rooms and conference halls. In this context, data relating to the following is processed:

  • your presence in the virtual space,
  • your activity (e.g. entering a room, participating in a meeting),
  • your interaction with other users,
  • voice communication.

Voice data is processed solely in real time and is not, as a rule, recorded or stored. The purpose of processing is to enable use of the Platform's functionality; the legal basis is the performance of a contract (Art. 6(1)(b) GDPR).

In addition, certain data (e.g. technical logs) may be processed for security purposes on the basis of the controller's legitimate interest (Art. 6(1)(f) GDPR). Providing data is voluntary but necessary to operate in the virtual environment.


AI "Smart Note" Feature

The Platform offers a function for automatically creating notes from your voice recordings. Within this functionality:

  • voice data is processed solely for the purpose of transcription,
  • processing is temporary and technical in nature,
  • recordings are not saved or archived after the process is complete,
  • only the generated text note is retained.

Data is not used to train AI models or for any other purpose. You decide what information you share when using this feature. The legal basis is the performance of a contract (Art. 6(1)(b) GDPR). Notes are retained until deleted by the user. Providing data is voluntary.


File Storage (Drive)

The Platform enables you to store files in your personal drive. Processing covers files such as:

  • documents,
  • photographs,
  • video materials,
  • other data entered by the user.

These files are stored solely for the purpose of storing, sharing and presenting them within the platform, including in the VR environment. The controller does not analyse these files, does not use them for profiling or marketing purposes. The legal basis is the performance of a contract (Art. 6(1)(b) GDPR). Data is retained until deleted by the user.


Avatar Creation

The Platform enables you to create a digital avatar based on a submitted photograph. In this process:

  • you may voluntarily provide your image,
  • the photograph is used solely to generate the avatar,
  • the source photograph is not retained after the process is complete,
  • only the output in the form of your avatar model is stored.

Data is not used for biometric identification or facial recognition. The legal basis is your consent (Art. 6(1)(a) GDPR), given by knowingly submitting your photograph.


Use of VR Devices

If you use the Platform with VR headsets, please note that META:

  • is the data controller in respect of data relating to the device, account and VR environment operation,
  • processes data relating to the device, account and activity within the VR system,
  • Alterland does not have access to the full scope of this data and does not decide on its processing. Use of VR devices is subject to META's privacy policies.

Contact Form

When using the contact form available at www.alterland.io, you will be asked to provide your name, e-mail address and the content of your enquiry. The data we collect will be used to respond to your question on the basis of our legitimate interest (Art. 6(1)(f) GDPR).

Please note that when using the contact form, you provide your data voluntarily; however, failure to provide certain data will result in our inability to provide the response you expect. The data you provide will be processed until any potential claims become time-barred.


Newsletter

We also offer the possibility of subscribing to our newsletter, for which you will be required to provide your e-mail address. This data is processed for the purpose of:

  • sending information about Platform services, features and updates,
  • conducting marketing communications,
  • analysing campaign effectiveness (to the extent permitted by law).

The legal basis is your consent (Art. 6(1)(a) GDPR). Providing data is voluntary but necessary to receive the newsletter. Data is processed until you withdraw your consent. You may unsubscribe from marketing communications at any time without affecting the lawfulness of prior processing.


Platform Monitoring and Security

In connection with the use of the Platform, we process data necessary to ensure its security and proper functioning. The following data may be processed in particular:

  • IP address,
  • user and session identifiers,
  • login data (e.g. dates and times of logins, login attempts),
  • system events and technical logs,
  • information about the user's device and environment to the extent necessary to ensure security.

This data is processed to ensure system and data security, detect and prevent abuse, incidents and unauthorised access, ensure Platform continuity, and carry out technical analyses relating to service operation. The legal basis is Art. 6(1)(f) GDPR — the controller's legitimate interest in ensuring the security and integrity of IT systems. Data is retained for the period necessary to achieve the above objectives and subsequently for the period required to assert or defend claims.


Operational Communication and User Support

In connection with the use of the Platform, we may process your personal data for the purpose of conducting communications relating to account management and service provision. The following data may be processed in particular:

  • e-mail address,
  • user identification data,
  • content of communication (e.g. support tickets, enquiries, responses),
  • service usage data, to the extent necessary to provide support.

This data is processed to provide ongoing user support, deliver technical assistance, handle tickets and complaints, and convey information about Platform operation (e.g. service changes, maintenance windows, security matters). The legal basis is:

  • Art. 6(1)(b) GDPR — to the extent necessary to perform the contract,
  • Art. 6(1)(f) GDPR — our legitimate interest in ensuring proper user service and service quality.

Data is retained for the period necessary to handle the ticket or communication and subsequently for the period necessary to assert or defend claims.


Analytics and Platform Development

To improve Platform functionality and the quality of services provided, we may process data relating to the manner in which the Platform is used. The following data may be processed in particular:

  • data on user activity within the Platform,
  • information about the use of particular features,
  • technical and statistical data relating to system operation.

This data is processed to analyse how the Platform is used, develop and optimise its functionality, improve service performance and stability, and produce internal statistics and analyses. Data used for analytics purposes is, as a rule, processed in aggregated or anonymised form where possible. The legal basis is Art. 6(1)(f) GDPR — the controller's legitimate interest in service development and optimisation. Data is retained for the period necessary to achieve the above objectives, taking into account data minimisation principles.


FOR WHAT PURPOSE AND IN WHAT CIRCUMSTANCES WE SHARE YOUR DATA

As a rule, we do not share your personal data with third parties for their own purposes, unless this is required by a legal basis, your consent, or the nature of the service. We share your personal data with third parties that perform specific services on our behalf. Such service providers include in particular:

  • hosting and cloud infrastructure providers,
  • authentication and security tool providers,
  • voice communication service providers,
  • AI and natural language processing tool providers,
  • avatar generation technology providers,
  • analytics, monitoring and logging system providers,
  • newsletter and marketing automation tool providers,
  • IT support providers, advisors and law firms,
  • public authorities, courts, etc. — where required by applicable law.

We can assure you, however, that these service providers have been appropriately selected and, by means of appropriate agreements, obliged to use the data entrusted to them solely in accordance with our instructions and for strictly defined purposes — unless they act as independent data controllers pursuant to their own processing rules.

In connection with the selection of the aforementioned entities, your personal data may be transferred outside the EEA (European Economic Area), including to Switzerland and the United States. We can assure you, however, that in such cases we have taken all necessary steps to ensure adequate protection of the personal data transferred, including by:

  • transferring data to countries in respect of which the European Commission has determined an adequate level of data protection, including Switzerland,
  • transferring data on the basis of standard contractual clauses approved by the European Commission,
  • applying other legal mechanisms permitted by applicable law — where applicable.

YOUR RIGHTS IN CONNECTION WITH OUR PROCESSING OF YOUR DATA

We make every effort to fulfil the rights afforded to you under the GDPR, namely:

  • the right to withdraw consent,
  • the right of access to personal data,
  • the right to rectification of data,
  • the right to erasure of data,
  • the right to restriction of processing,
  • the right to data portability,
  • the right to object,
  • the right not to be subject to decisions based solely on automated processing.

Right to Withdraw Consent

You have the right to withdraw any consent you have given us for the processing of your personal data. Withdrawal of consent takes effect from the moment of withdrawal and does not affect processing carried out by us lawfully prior to withdrawal. Withdrawal of consent should not entail any consequences; however, it may prevent further use of services provided on the basis of the consent given.


Right of Access to Data

You have the right to obtain from us confirmation as to whether we process your personal data, and if so, you have the right to:

  • obtain information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of that data, the planned retention period or the criteria for determining it, the rights available to you under the GDPR and the right to lodge a complaint with a supervisory authority, the source of the data, automated decision-making including profiling, and the safeguards applied in connection with the transfer of data outside the European Union;
  • obtain access to your personal data — meaning, for example, obtaining a copy of all your personal data processed by us.

Right to Rectification

You have the right to have your personal data rectified and completed. We will also endeavour to correct any inaccuracies or errors in the personal data we process and to supplement it if it proves to be incomplete.


Right to Erasure ("Right to be Forgotten")

You have the right to request that we erase all or some of your personal data, and we are obliged to do so where one of the following circumstances applies:

  • your personal data is no longer necessary for the purposes for which it was collected or processed,
  • you have withdrawn your prior consent, to the extent that personal data was processed on the basis of that consent,
  • you have objected to the use of your personal data for direct marketing purposes,
  • your personal data is being processed unlawfully.

Right to Restriction of Processing

You have the right to request restriction of the processing of your personal data. If you submit such a request, we will not be able to perform any operations on your personal data other than storing it. You may request restriction of processing in the following cases:

  • when you contest the accuracy of your personal data — in which case we will restrict processing for the period necessary to verify its accuracy;
  • when the processing of your data is unlawful and, instead of erasure, you request restriction of processing;
  • when your personal data is no longer necessary for the purposes for which we collected or used it, but is needed by you for the establishment, exercise or defence of legal claims;
  • when you have objected to the use of your data on the basis of our legitimate interest — in which case restriction applies for the period necessary to consider whether, given your particular situation, the protection of your interests, rights and freedoms overrides the interests we pursue by processing your personal data.

Right to Data Portability

You have the right to receive from us your personal data that you have provided to us and that we process in IT systems, and to transmit it to another data controller of your choice. You also have the right to request that the personal data be transmitted directly by us to such other controller, where technically feasible. We will send your personal data in a file in one of the commonly used, machine-readable formats, such as csv or xml, which should enable the data to be transmitted to another data controller.


Right to Object to the Use of Data

You have the right to object at any time to the use of your personal data for purposes relating to direct marketing of our products and services. An objection does not result in erasure of data but solely in the cessation of our use of it for marketing purposes. You may also object at any time — on grounds relating to your particular situation — to the processing of personal data carried out on the basis of our legitimate interest. An objection in this regard should include a statement of reasons.


Right Not to Be Subject to Automated Decision-Making

You also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, we wish to inform you that, in respect of your personal data, we do not make decisions based solely on automated processing, including profiling.


TIMEFRAME FOR FULFILLING YOUR REQUEST

If you submit one of the above requests to us, we will inform you of its fulfilment or refusal no later than one month from the date of receipt. If, due to the complex nature of your request or the number of requests, we are unable to fulfil your request within one month, we will do so within the following two months, notifying you in advance of the intended extension.


CHANGES TO THIS PRIVACY POLICY

This Privacy Policy is subject to periodic review and its content may be amended, in particular in response to changes in the law, new guidelines from data protection supervisory authorities, or the emergence of sector codes of good practice.


CONTACT

If you have additional questions, concerns or doubts regarding the manner in which we process your personal data, you may at any time send an e-mail to gdpr@alterland.io. All enquiries received will be addressed without undue delay.

Please remember that you may always lodge a complaint with the competent supervisory authority. Depending on the circumstances, this may be the relevant data protection authority in the country of your habitual residence, place of work or place of the alleged infringement, and in the case of Switzerland — the Federal Data Protection and Information Commissioner (FDPIC).

The context menu is not allowed on this page.