Privacy Policy

The "controller" of data processing described in this statement is Jason Corkill, Rapidata AG, Binzstrasse 23, 8045 Zürich, jason@rapidata.ai. You can notify us of any data-protection concerns at: Rapidata AG, Binzstrasse 23, 8045 Zürich, privacy@rapidata.ai.

Our representative in the EEA according to art. 27 GDPR (if required) is: Jason Corkill, Rapidata AG, Binzstrasse 23, 8045 Zürich, jason@rapidata.ai.

For our Customers and/or Partners

We primarily process personal data that we obtain from our clients and business partners as well as other individuals in the context of our business relationships with them.

Where permitted, we may obtain personal data from publicly accessible sources (debt registers, land registries, commercial registers, press, internet) or receive it from affiliated companies, authorities, or third parties such as Advertising Networks, DSPs, or Ad Exchanges. Categories we may receive include: information from public registers; data received in administrative or court proceedings; information in connection with your professional role; correspondence with third parties; credit-rating information; data given to us by individuals associated with you (family, consultants, legal representatives); information relating to anti-money-laundering and export restrictions; bank details; insurance information; data on previous purchases and payments; information found in media or on the internet; address, interests, and socio-demographic data; and data in connection with your use of our websites (IP address, MAC address, device and settings, cookies, date and time of visit, sites and content retrieved, applications used, referring website, localisation data).

For our Users

Users in our context are individuals interacting with our creatives served through digital advertising channels.

Our service uses the digital advertising market to distribute small tasks via "creatives" that collect information helping process data that is not related to users (e.g. we ask users where certain objects in an image are located, or whether a piece of text seems natural). This information is aggregated, analysed, and passed to our clients. It does not intentionally contain any personal information such as name, gender, email, or address.

In addition to task data, we collect anonymous identifiers in order to target tasks to users for quality reasons — giving the same or similar tasks to users who solve them well. For this purpose we may process data provided by our advertising partner/DSP macros such as User ID, IP address, user agent, and geo location. This data may constitute personal data.

For our Customers and/or Partners

We primarily use collected data to conclude and process contracts with our clients and business partners, particularly in connection with processing and/or annotating datasets, and to comply with domestic and foreign legal obligations. You may be affected by our data processing in your capacity as an employee of such a client or business partner.

Where appropriate and in line with applicable law, we may process personal data for the following purposes which are in our (or a third party's) legitimate interest:

1. providing and developing our products, services and websites, apps and other platforms;
2. communication with third parties and processing their requests (job applications, media inquiries);
3. review and optimisation of procedures for direct customer approach, including obtaining personal data from publicly accessible sources for customer acquisition;
4. advertisement and marketing (including events), provided you have not objected — you may object at any time and we will place you on a blacklist;
5. market and opinion research, media surveillance;
6. asserting legal claims and defense in legal disputes and official proceedings;
7. prevention and investigation of criminal offences and other misconduct;
8. ensuring our operation, including our IT, websites, apps and other appliances;
9. acquisition and sale of business divisions, companies or parts of companies and related corporate transactions, as well as compliance with legal and regulatory obligations and internal regulations of Rapidata.

Where you have given us consent for a specific purpose (e.g. newsletter registration or background check), we process your data within that consent. Consent can be withdrawn at any time, but this does not affect data processed prior to withdrawal.

For our Users

We primarily use collected data to conclude and process contracts with our clients and business partners, particularly in connection with processing and/or annotating datasets for our clients, and to comply with our legal obligations.

At the moment, we do not use cookies or other tracking techniques. The terms below may apply in future.

For our Clients, Partners, and Website Visitors

We typically use cookies and similar techniques on our websites which allow identification of your browser or device. Cookies are small text files saved by the browser. Besides session cookies (deleted after your visit), we may use permanent cookies to save configuration and other information for a period (e.g. two years).

You can configure your browser to reject cookies, only save them for one session, or delete them prematurely. Most browsers are preset to accept cookies. If you block cookies, certain functions (language settings, shopping basket, ordering processes) may no longer be available.

We may use Google Analytics or similar services to measure use of our website on an anonymised basis. Permanent cookies are set by the service provider. We have configured the service so that IP addresses of visitors are truncated by Google in Europe before being forwarded to the United States and cannot be traced back. We have turned off the "Data sharing" and "Signals" options.

Plugins

We use plug-ins from social networks such as Facebook, Twitter, YouTube, Pinterest, or Instagram on our websites. These are disabled by default; activating them allows the network to record that you are on our website and use this for their own purposes, under their own privacy regulations.

In line with the purposes set out above, we may transfer data to third parties (together, "Recipients") where permitted and appropriate, for processing on our behalf or for their own purposes.

For our Clients and Partners

1. our service providers (e.g. cloud storage), including processors (e.g. IT providers);
2. dealers, suppliers, subcontractors, and other business partners;
3. clients;
4. domestic and foreign authorities or courts;
5. competitors, industry organisations, associations, and other bodies;
6. acquirers or parties interested in the acquisition of business divisions or companies;
7. other parties in possible or pending legal proceedings.

For our Users

1. our service providers, including processors;
2. dealers, suppliers, subcontractors, and other business partners;
3. clients;
4. acquirers or parties interested in the acquisition of business divisions or companies.

Recipients may be in Switzerland or any country worldwide — particularly countries in which Rapidata is represented by affiliates or branches, and other countries in Europe and the USA where our service providers are located (e.g. Microsoft, Amazon, Google).

If a recipient is in a country without adequate statutory data protection, we require the recipient to undertake to comply with data protection (using the revised European Commission's standard contractual clauses), unless the recipient is subject to a legally accepted set of rules to ensure data protection, or an exception applies.

We process and retain personal data as long as required for the performance of our contractual obligations and compliance with legal obligations, i.e. for the duration of the entire business relationship and beyond, in line with retention and documentation obligations.

Personal data may be retained for the period during which claims can be asserted, or if legitimate business interests require further retention (e.g. for evidence and documentation). When no longer required, data will be deleted or anonymised. In general, shorter retention periods of no more than twelve months apply for operational data (e.g. system logs).

We have taken appropriate technical and organisational security measures to protect personal data from unauthorised access and misuse — internal policies, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, and pseudonymisation.

For our Customers and/or Partners

In the context of our business relationship you must provide any personal data necessary for the conclusion and performance of the business relationship and the performance of our contractual obligations. As a rule there is no statutory requirement to provide us with data. Without this information we will usually not be able to enter into or carry out a contract. In addition, the website cannot be used unless certain information (e.g. IP address) is disclosed to enable data traffic.

For Users

We may partially process personal data automatically with the aim of evaluating certain personal aspects (profiling). Profiling allows us to serve you with more suitable tasks. For this purpose we may use evaluation tools that enable us to communicate with you and advertise as required.

In accordance with applicable law (e.g. the GDPR), you have the right to access, rectification, and erasure of your personal data, to restriction of processing, to object to data processing (in particular for direct marketing or profiling carried out for direct marketing), and to data portability.

We reserve the right to enforce statutory restrictions — for example if we are obliged to retain or process certain data, have an overriding interest, or need the data for asserting claims. If exercising certain rights would incur costs on you, we will notify you in advance. Exercising rights may also conflict with contractual obligations; we will inform you in advance if so.

Exercising these rights requires that you are able to prove your identity (e.g. by a copy of identification documents where your identity is not evident otherwise). To assert these rights, please contact us at the addresses in Section 01.

Every data subject has the right to enforce their rights in court or to lodge a complaint with the competent data protection authority. The competent authority in Switzerland is the Federal Data Protection and Information Commissioner (edoeb.admin.ch).

We may amend this Data Protection Statement at any time without prior notice. The current version published on our website shall apply. If the Statement is part of an agreement with you, we will notify you by email or other appropriate means in case of an amendment.