Privacy Policy

Last updated:
This policy covers data processing at rost-ai.ch and applies to website visitors and enquirers.

1. Controller

The data controller responsible for this website is:
Rost AI Solutions
Vincent Rost
Bool 16a, 8574 Oberhofen, Thurgau
Switzerland
Email: vincent@rost-ai.ch

2. What data we collect and why

2.1 Contact form submissions

When you submit the contact form, we collect:

  • First name, last name
  • Email address
  • Company name and size
  • Topic of interest and message
  • Whether you expressed interest in the AI Workflow Audit

Purpose: To respond to your enquiry and evaluate a potential business relationship.

Legal basis: Legitimate interest (Art. 31 nFADP / Art. 6(1)(f) GDPR); or pre-contractual steps at your request (Art. 6(1)(b) GDPR).

Retention: Contact data is retained for the duration of a business relationship plus a reasonable period thereafter (typically 3 years), or until you request deletion.

2.2 Calendly booking data

When you book a call via Calendly, your scheduling data (name, email, meeting time) is processed by Calendly, Inc. under their own Privacy Policy: calendly.com/privacy. We receive a copy of your booking details for appointment management.

2.3 Website analytics

We use HubSpot's native analytics to understand website traffic (page views, session duration, referral sources). HubSpot processes this data under their Data Processing Agreement. For data centre location and DPA details, see HubSpot's Privacy Policy.

2.4 Cookies

This website uses functional cookies required for HubSpot CMS operation (session management, analytics). HubSpot may also set a tracking cookie for CRM purposes. You can manage cookie preferences via the cookie banner displayed on first visit.

No third-party advertising cookies are used.

2.5 Server log files

HubSpot's infrastructure automatically logs standard web server data (IP address, browser type, referring URL, timestamp). This data is used for security and error debugging purposes only and is not linked to individual user profiles.

3. How we store and protect your data

Contact data is stored in HubSpot CRM, hosted in the EU (eu1) data centre. HubSpot maintains ISO 27001 certification and is GDPR compliant. We apply appropriate organisational and technical measures to protect personal data against unauthorised access, alteration, or loss.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. International data transfers

HubSpot is a US-based company. Data transfers to the US are covered by the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs) as applicable. Calendly similarly relies on SCCs for transfers outside the EEA/Switzerland.

5. Your rights

Under Swiss nFADP and, where applicable, GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data (right to be forgotten), where no overriding legal obligation requires retention
  • Restrict processing in certain circumstances
  • Object to processing based on legitimate interests
  • Data portability — receive your data in a structured, machine-readable format
  • Withdraw consent at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, please contact: vincent@rost-ai.ch. We will respond within 30 days.

You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch, or with a supervisory authority in your EU country of residence.

6. Third-party services used

  • HubSpot — CRM, forms, website analytics (Privacy Policy)
  • Calendly — Appointment scheduling (Privacy Policy)
  • Google Fonts — Typography; fonts may be loaded from Google servers, which logs your IP (Privacy Policy). We use `font-display: swap` and preconnect to minimise exposure.

7. Client project data

Data processing that occurs during consulting engagements (client documents, workflow data, etc.) is governed by the specific data processing agreements and project contracts entered into with each client — not this website privacy policy. Each project defines its own data architecture, processing scope, and retention terms.

8. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of this website after changes constitutes acceptance of the updated policy.

9. Contact for privacy matters

For any questions about this policy or your personal data:
vincent@rost-ai.ch