Helium – AI automation agency logo

heyteo

🇬🇧
Helium – AI automation agency logo

heyteo

🇬🇧
Helium – AI automation agency logo

heyteo

Data Privacy Policy

Data Privacy Policy
Privacy Policy of heyteo AG

  1. What does this privacy policy contain?
    The protection of your personal data is a matter of great importance to us. In this privacy policy, we inform you which personal data we process, for what purpose we process it, how long we process personal data for, which rights you have in relation to your personal data and whom you can contact with concerns regarding your personal data. We have aligned this privacy policy with both Swiss data protection legislation and the European General Data Protection Regulation.

  2. Who is responsible and how can you contact us?
    The following company is responsible for the processing of your personal data under this privacy policy ("we" or "us"):
    heyteo AG
    Steigstrasse 18
    8463 Benken
    If you have any questions about the processing of your personal data, you are welcome to contact us at the following address:
    Chris Einsele, chris.einsele@heyteo.com, +41 52 533 63 63

  3. For whom is this privacy policy intended?
    "Personal data" means all information relating to an identified or identifiable natural person. This privacy policy applies to all persons ("you" or "your") whose personal data we process. In addition to this privacy policy, other documents and policies from us may also contain information on the processing of personal data (e.g. GTC, cookie policy, etc.).

  4. Which personal data do we process?
    4.1 In the context of providing services
    In connection with the offering and provision of our services, we collect and process in our systems in particular the following data:
    ● Names of our customers
    ● Contact information of our customers: address, email address, mobile number, website, correspondence, etc.
    ● Contact information of the contact persons of our customers: name, address, email address, mobile number, correspondence, etc.
    ● Contact information of third parties with whom we are initiating contracts or with whom we have concluded contracts: name, address, email address, landline number, mobile number, website, correspondence, etc.
    ● Billing information
    4.2 If you use our service
    In connection with the use of our service, we collect and process in our systems the following data:
    ● information entered by the user and responses provided by the system
    ● information about user behaviour in the chat (e.g. activating links, chat latency)
    ● technical data about our own systems (e.g. computing power used and latency times of the systems)
    ● technical data about the systems used by the user of the chat (e.g. IP address, devices used and connection data)


  5. For what purpose do we process your personal data?

    5.1 In the context of providing services
    We process personal data in connection with the initiation, conclusion and execution of contracts. The purpose generally covers everything that is appropriate and necessary to initiate, conclude, perform, terminate and, where necessary, enforce contracts. In particular, the following processing activities belong to contract administration:

  • Providing contractual services (e.g. conversational engagement, initiating up-/cross-selling, client-driven innovation);

  • Deciding whether a contract is entered into and under which terms;

  • Terminating contracts;

  • Invoicing services, as well as conducting dunning and accounting;

  • Enforcing legal claims arising from contracts;

  • Archiving contracts.
    We process personal data in connection with communication activities. The purpose generally covers everything that is appropriate and necessary to communicate with you. In particular, the following processing activities belong to communication:

  • Customer service and customer support;

  • Responding to enquiries;

  • Communication in connection with our services.
    We process personal data for marketing and information purposes. In particular, the following processing activities belong to information and marketing:

  • Newsletters and promotional emails;

  • Printed materials such as brochures, etc.;

  • Invitations to events.
    We process personal data to comply with our legal obligations and to enforce our rights. This means that we use personal data to enforce our claims in court and to comply with orders from authorities and courts. The purpose of safeguarding rights includes in particular:

  • Clarification, enforcement and defence of claims;

  • Receipt and processing of complaints;

  • Disclosure to authorities, if we are legally obliged to do so or have a factual reason.
    We process personal data for business operations and administration. The purpose of administration includes in particular:

  • Analysis and improvement of processes;

  • Administration such as accounting and IT;

  • Archiving of data.


    5.2 If you use our service
    We process personal data to continuously improve our offerings. Therefore, we process personal data for the purpose of product development and improvement of the offering. In particular, the following processing activities belong to product development and improvement of the offering:

  • Improving user-friendliness (e.g. query refinement, dialogue evaluation);

  • Improving acceptance (e.g. intent recognition optimisation);

  • Benchmarking;

  • Further development of our technology.
    We process personal data to protect our IT systems from misuse and to ensure security. The purpose of security and prevention includes in particular:

  • Defence against and investigation of malware and cyberattacks;

  • Control of access to the chatbots and IT systems;

  • Creating backups;

  • Testing and analysing our networks and IT systems.

  1. On what legal bases do we process personal data?
    Insofar as the GDPR applies to the personal data, we set out below the legal basis for the processing of such personal data.

    6.1 In the context of our service provision
    We collect and process personal data on the following legal bases:
    ● With regard to personal data that is stored in our systems and relates to our customers, we have a legitimate interest pursuant to Article 6 (1) b) GDPR. We may process this personal data because this is necessary for the performance of a contract or for the implementation of pre-contractual measures.
    ● With regard to personal data that is stored in our systems and does not relate to our customers, we have a legitimate interest pursuant to Article 6 (1) f) GDPR. This consists in offering, providing and invoicing services to our customers.

    6.2 If you use our chatbots
    We collect and process personal data on the following legal bases:
    ● With regard to technical personal data, we may process this personal data because we have a legitimate interest pursuant to Article 6 (1) f) GDPR. This consists in understanding and resolving technical problems, improving, supporting and maintaining the systems, as well as carrying out security-related analyses.
    ● With regard to personal data consisting of information entered by the user and responses provided by the system, we may process this personal data because we have a legitimate interest pursuant to Article 6 (1) f) GDPR. This consists in improving our services.

  2. To whom do we disclose personal data?
    If we use third-party services, we may disclose your personal data to such third parties. Such third parties then process your personal data on our behalf. As such a "processor", they are obliged to process the personal data in accordance with our instructions and to take appropriate measures to ensure data security. Through contractual arrangements, we ensure that data protection is guaranteed throughout the entire processing of your personal data. Personal data may be disclosed to third parties in connection with, among other things, the following services:

  • IT services;

  • Payment services;

  • Consulting services such as fiduciary and tax advisory services.
    We also disclose your personal data to Google Ireland Ltd as part of an assignment, which in turn shares the data with Google USA. Google reserves the right to use certain personal data also as controller. Such personal data is used primarily for security, analysis, maintenance, support and improvement of the systems used. Detailed information on the applicable data protection provisions, the personal data concerned and their purposes of use can be found here:
    Google Ireland Ltd: https://policies.google.com/privacy?hl=de https://cloud.google.com/privacy/gdpr?hl=de

  1. Do we disclose personal data abroad?
    Your personal data are usually stored and processed by us in Switzerland and the European Union. However, it may be that we also process your personal data outside this area or have it processed there. If the respective recipient country does not have an adequate statutory level of data protection, we ensure the protection of your personal data with appropriate measures. Google is certified under the Swiss/EU-US Data Privacy Framework and thus offers an adequate level of data protection in accordance with the GDPR and Art. 16 para. 1 DSG.

  2. Do we process particularly sensitive personal data?
    We do not intend to process particularly sensitive personal data. We only process particularly sensitive personal data if you transmit it to us unsolicited and voluntarily via our service. We do not create profiling with particularly sensitive personal data and do not use it for automated individual decisions.

  3. How long do we store your personal data?
    10.1 In the context of providing services
    We store personal data that we process in the context of our services for ten years from the end of the service for the respective customer, unless contractual or legal requirements provide for longer retention periods.
    Your personal data will be deleted or anonymised after expiry of the aforementioned periods.
    10.2 If you use our service
    Retention of technical data usually lasts a few days, but can take up to 2 years. Certain technical data are deleted again after the end of the session or use of the service.
    The information entered by the user of the service and responses provided by the system are usually deleted or anonymised after 48 months.

  4. Which rights do you have in connection with the processing of your personal data?
    If we process your personal data, you generally have the following rights:
    ● Objection: If we process your personal data on the basis of a legitimate interest, you have the right to object to the processing of your personal data.
    ● Right of access: You may request confirmation from us as to whether we process your personal data.
    ● Right to rectification: You have the right to have your inaccurate personal data corrected, as well as your incomplete personal data completed. We will make the correction without delay.
    ● Restriction of processing: You have the right to request restriction of the processing of your personal data under the following conditions:
    ◦ if you contest the accuracy of your personal data and we have not yet had the opportunity to verify this;
    ◦ if the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of your personal data;
    ◦ if you have objected to the processing and it is not yet clear whether our legitimate grounds outweigh your grounds.
    ● Erasure or anonymisation: You have the right to request that your personal data be erased without delay and we are obliged to erase or anonymise your personal data without delay if one of the following reasons applies:
    ◦ We no longer need your personal data for the purposes of processing;
    ◦ You object to the processing of your personal data and there are no legitimate grounds on our part for the further processing;
    ◦ the personal data were processed unlawfully.
    ● Data disclosure or transfer: You have the right, within the limits of the applicable data protection laws, to request disclosure of your personal data that you have provided to us in a commonly used electronic format.
    ● Withdrawal of consent: If you have given us consent to process your personal data, you can withdraw that consent at any time for the future. Any other legal bases that justify the processing of your personal data remain reserved.
    ● Right to information: If you have exercised the right to rectification, erasure or restriction of processing, we are obliged to inform all recipients to whom we have disclosed the personal data of this rectification or erasure of personal data or restriction of processing, unless this proves impossible or involves disproportionate effort.
    ● Right to lodge a complaint: Notwithstanding any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or place of the alleged infringement, if you believe that the processing of the personal data infringes the GDPR.
    The above-mentioned rights may be restricted or excluded in individual cases. This may be the case, among other things, if the statutory requirements are not met, compliance with legal obligations would conflict with them, or protectable interests need to be safeguarded.

  5. Changes to this privacy policy and language
    From time to time, we may adapt this privacy policy. The published version applies in each case. In the event of a discrepancy between the German and English versions of this privacy policy, the German-language version shall prevail.


    Version 1.1 of 4.4.2025