Privacy Policy

This privacy policy explains how iLead Swiss Institute for Learning and Development GmbH ("iLead", "we", "us") collects, uses and protects personal data in connection with this website and our services. It is written to comply with the Swiss Federal Act on Data Protection (revFADP, in force since 1 September 2023) and, where applicable, the European Union General Data Protection Regulation (GDPR).

1. Data controller

iLead Swiss Institute for Learning and Development GmbH

Aarbergergasse 6, 3011 Bern, Switzerland

Privacy enquiries: ilead@ilead.swiss

A formal Data Protection Officer is not required under FADP for an organisation of our size; privacy enquiries are handled directly by management.

2. What we collect and why

Server logs

When you visit this website, our hosting providers automatically log your IP address, the URL accessed, your user agent and the timestamp. We use this only for technical security and abuse prevention. Logs are retained for a maximum of 14 days.

Form submissions

When you submit one of our forms (Contact, Enrollment, Brochure Request, Newsletter), we collect the data you enter — typically name, email, phone, company, course interest, and any free-text message — together with your privacy and contact-preference choices. We use this data exclusively to respond to your enquiry, process your enrollment, deliver the requested brochure, or send the requested newsletter.

Newsletter

Our newsletter is opt-in only. You may unsubscribe at any time using the link in every email or by writing to ilead@ilead.swiss.

Cookies

We use a minimal set of cookies (and equivalent local-storage entries) — see Section 8 below.

3. Legal bases

• Performance of a contract — for processing your enrollment or course-related communication (FADP Art. 31 para. 1; GDPR Art. 6.1.b).
• Legitimate interests — for technical logs and security (FADP Art. 31 para. 2 lit. f; GDPR Art. 6.1.f).
• Consent — for newsletter and any optional analytics or marketing cookies (FADP Art. 6 para. 6; GDPR Art. 6.1.a). Consent can be withdrawn at any time.

4. Recipients and data processors

We use a small set of carefully chosen third-party processors to operate this website and our communication:

• Vercel Inc. (USA) — frontend hosting
• Railway Corp. (USA) — CMS and database hosting
• Cloudflare Inc. (USA / EU) — DNS, CDN and R2 object storage for media
• Resend Inc. (USA, EU data residency available) — transactional email delivery

Each of these processors operates under a data processing agreement and provides appropriate safeguards.

5. International data transfers

Some of the processors listed above are based in the United States. Transfers from Switzerland and the EU/EEA to such countries are made on the basis of the EU Standard Contractual Clauses (SCCs), the Swiss-US Data Privacy Framework where applicable, and/or recognised adequacy decisions. We continually evaluate the level of protection in light of evolving guidance from the Swiss FDPIC and the European Data Protection Board.

6. Retention periods

• Server logs: up to 14 days
• Form submissions and enquiry-related correspondence: up to 36 months from the last interaction, or until you request deletion
• Course enrollment records: as required by Swiss commercial and tax law (typically 10 years)
• Newsletter subscriptions: until you unsubscribe
• Cookie consent record: 12 months from your most recent choice

7. Your rights

You have the right, free of charge, to:

• request information about the personal data we hold about you,
• have inaccurate data corrected,
• have your data deleted (subject to mandatory retention obligations),
• restrict or object to processing,
• receive your data in a portable format,
• withdraw any consent you have given, with effect for the future.

To exercise any of these rights, please contact us at ilead@ilead.swiss. You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC, edoeb.admin.ch) or the supervisory authority of your EU/EEA member state.

8. Cookies

A cookie is a small text file stored on your device when you visit a website. We use three categories:

• Strictly necessary — required to make the site work (e.g. remembering your cookie preference itself). Always active. No tracking.
• Analytics — anonymised aggregate traffic insights so we can improve the site. Off by default; only active with your consent.
• Marketing — for measuring the effectiveness of campaigns. Off by default; only active with your consent.

You can change your cookie preferences at any time via the "Cookie preferences" link in the footer.

9. Security

We protect your data with appropriate technical and organisational measures, including TLS encryption in transit, encrypted storage at rest, role-based access control to the CMS admin, and audit logging on database operations.

10. Changes to this policy

We may update this policy from time to time to reflect changes in the law or our practices. The date below indicates when the policy was last revised. Material changes will be communicated through this website or, where appropriate, by email.

Last updated

28 April 2026