Last Updated: May 5, 2025

1. Introduction

Witfulness – Farah Andalibi (“we,” “us,” or “our”) is committed to protecting the privacy and confidentiality of personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you engage with our human capital consulting services.

This policy is in accordance with the Swiss Federal Act on Data Protection (FADP) which took effect on September 1, 2023. The FADP applies to the processing of personal data of natural persons within Switzerland, regardless of our organization’s location.

2. Data Controller Information

Witfulness
Cours des Bastions 13, 1205 Geneva
1205 Geneva
Email: info@witfulness.ch
Phone: +41764161900

Data Protection Officer (DPO): Farah Andalibi

Contact email: [info@witfulness.ch]

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Client Information

• First name, Last name
• Contact information (email address, phone number)
• Employer details (Company, job title, country)
• Message (Subject and Message)

3.2 Sensitive Personal Data

Under the FADP, sensitive personal data includes information related to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, data concerning a person’s sex life or sexual orientation, social security measures, and administrative and criminal proceedings.

We only collect sensitive personal data when:

• It is strictly necessary for our services
• We have obtained your explicit consent
• It is required by law

4. How We Collect Personal Data

We collect personal data through:

• Direct interactions (when you provide information to us)
• Client engagements and contracts
• Forms on our website
• Business networking and events
• Third parties (with your prior knowledge and consent)

5. Purpose and Legal Basis for Processing

We process your personal data for the following purposes:

5.1 Provision of Services

• Delivering human capital consulting services
• Managing client relationships
• Fulfilling contractual obligations
• Conducting assessments and evaluations
• Showcasing your company best practices upon your approval

5.2 Business Operations

• Managing and developing our business
• Development
• Communications
• Accounting and record keeping

5.3 Legal and Regulatory Compliance

• Complying with legal obligations
• Responding to legal requests
• Establishing, exercising or defending legal claims

While Swiss law does not require a defined legal basis in the same way as GDPR, we provide transparency about why we process your data. Where we process sensitive personal data or conduct high-risk profiling, we will obtain your explicit consent.

6. Data Sharing and Transfers

6.1 Third-Party Service Providers

We may share your personal data with trusted third-party service providers who assist us in delivering our services, including:

• IT and cloud service providers
• Professional advisors (accountants, lawyers, etc.)
• Communications and Marketing service providers
• Assessment and psychometric testing providers

All third-party providers are required to take appropriate security measures to protect your personal data.

6.2 International Transfers

When transferring personal data outside Switzerland to countries without an adequacy decision from the Swiss Federal Council, we implement appropriate safeguards, such as Standard Contractual Clauses (SCC) with Swiss-specific adaptations or Binding Corporate Rules (BCR) for intragroup transfers.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Different retention periods apply to different types of personal data, considering:

• The amount, nature, and sensitivity of the personal data
• The potential risk of harm from unauthorized use or disclosure
• The purposes for which we process the data
• Whether we can achieve those purposes through other means
• Legal, regulatory, or business requirements

8. Your Rights

Under the FADP, you have the following rights:

• Right to information: You have the right to be informed about the collection and processing of your personal data.
• Right of access: You have the right to request access to your personal data that we hold.
• Right to rectification: You have the right to request correction of inaccurate personal data.
• Right to deletion: You have the right to request deletion of your personal data in certain circumstances.
• Right to restriction of processing: You have the right to request the restriction of processing of your personal data.
• Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to object: You have the right to object to the processing of your personal data in certain circumstances.
• Right not to be subject to automated decision-making: You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

To exercise these rights, please contact us using the details provided in Section 2.

9. Data Security

We have implemented appropriate technical and organizational measures designed to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. We follow the principles of “Privacy by Design” and “Privacy by Default” in developing our systems and services.

These measures include:

• Encryption of personal data where appropriate
• Ensuring the ongoing confidentiality, integrity, availability, and resilience of our systems and services
• Regular testing and evaluation of the effectiveness of our security measures
• Staff training on data protection and security
• Access controls and authentication procedures

10. Data Breach Notification

In the event of a data protection breach that poses an increased risk to your personality or fundamental rights, we will notify the Swiss Federal Data Protection and Information Commissioner (FDPIC) as soon as possible. Where necessary, we will also inform affected individuals.

11. Cookies and Similar Technologies

Our website uses cookies and similar technologies to enhance user experience, analyse website traffic, and personalize content. You can control and manage cookies through your browser settings.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, by email.

13. Contact and Complaints

If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact our Data Protection Officer using the contact details described in Section 2.

You also have the right to file a complaint with the Federal Data Protection and Information Commissioner (FDPIC) if you believe that the processing of your personal data violates data protection regulations.

Federal Data Protection and Information Commissioner
Feldeggweg 1
3003 Bern, Switzerland
Website: https://www.edoeb.admin.ch/

14. Register of Processing Activities

In accordance with the revised FADP, we maintain a record of processing activities (ROPA) that contains information about our data processing activities, including the purposes of processing, the categories of data processed, and the storage period.

15. Special Provisions for Employee Data

When we process personal data of our employees, we comply with specific requirements under Swiss employment law in addition to data protection regulations. Employees receive separate information about the processing of their personal data.

By using our services, you acknowledge that you have read and understood this Privacy Policy.