Swiss-based data protection practices — ByteYShield

Privacy Notice

This Privacy Notice explains how ByteYShield collects, uses and protects personal data when you access ByteYShield services at ByteYShield.info. ByteYShield operates from Switzerland and observes applicable Swiss data protection requirements in addition to relevant EU rules where applicable. Our contact address and business registration are provided for transparency. The effective date of this policy is stated below.

17-02-2026 ByteYShield (Business ID CHE-690.877.308), Route du Grand-Saint-Bernard 18, 1945 Liddes, Switzerland Route du Grand-Saint-Bernard 18, 1945 Liddes, Switzerland [email protected]
01

Key definitions

This section clarifies terms used in this notice to help you understand how we treat personal data in the delivery of training services.

Personal data: any information relating to an identified or identifiable natural person, such as name, email address, job title, contact details and professional affiliation. Processing: any operation performed on personal data, including collection, storage, use, disclosure, archiving and deletion. User: an individual who accesses ByteYShield services, including trainees, administrators and trial users associated with organisations that subscribe to our platform. Service: the online training platform, course delivery, assessments, reporting dashboards and related support provided by ByteYShield at ByteYShield.info. Cookies: small text files stored on a device by a website to remember preferences, support analytics and enable essential functionality.
02

Data we collect

We collect data you provide directly, data collected automatically during use of the service, and data received from third-party service providers when necessary to deliver the service.

Information you provide

When you register, request information or use our services through your employer or as an individual, we may collect the following types of information:

  • Identity and contact details: name, professional email address, telephone number and employer name.
  • Account and authentication details: username, hashed passwords and role assignments within an organisation.
  • Profile and professional information: job title, department and skills relevant to training assignments.
  • Payment and billing information: invoicing details provided by organisational customers; payment processors may collect additional business data under their own policies.
  • Training inputs and outputs: quiz responses, assessment results, completion status and feedback sent to trainers or administrators.
  • Support communications: messages, support tickets and correspondence with ByteYShield support staff.

Information collected automatically

We collect technical and usage information to operate and improve the platform, secure accounts and measure service performance.

  • Device and browser information: device type, operating system, browser version and language settings.
  • Connection data: IP address, approximate location, and timestamps of activity for security and troubleshooting.
  • Usage and interaction logs: pages viewed, modules accessed, time spent on activities and feature usage metrics.
  • Analytical identifiers: anonymised identifiers used for product analytics and to understand aggregate behaviour.
  • Security telemetry: failed login attempts, authentication events and other security-related logs necessary for incident detection.
  • Cookie identifiers and similar tracking vouchers used to preserve session state and preferences.

Data received from third parties

In some cases we receive personal data from third parties to provide or improve the service. Typical sources include:

  • Identity providers and enterprise directories used by organisations to provision accounts (e.g., SAML, OIDC connections).
  • Payment and invoicing processors engaged by purchasing organisations for billing and compliance purposes.
  • Analytics and infrastructure providers that process anonymised or pseudonymised usage data on our behalf.
03

Purposes of processing

We process personal data for limited, defined purposes necessary to deliver the service and comply with legal obligations:

  • To provide and maintain the training platform and associated customer support.
  • To administer accounts, onboarding, offboarding and role-based access for organisational customers.
  • To deliver course materials, assessments and generate progress reports for users and administrators.
  • To process billing and contractual obligations for paid subscriptions and enterprise licences.
  • To detect, prevent and respond to security incidents and to protect our systems and users.
  • To perform aggregated analytics and product improvement activities using anonymised or pseudonymised data.
  • To send operational communications and service-related notifications to users and administrators.
  • To comply with legal obligations and to defend legal claims where required by law.

Legal basis for processing

Where applicable, our processing of personal data is based on one or more lawful grounds depending on the purpose of processing:

  • Performance of a contract: processing necessary to provide the service to an organisation or individual under the subscription agreement.
  • Legal obligation: processing required to comply with applicable laws, e.g., tax or recordkeeping obligations.
  • Consent: for optional marketing communications and any non-essential tracking where explicit consent is collected.
  • Legitimate interests: limited processing for fraud prevention, security, platform improvement and analytics where those interests are balanced against individual privacy rights.

Your data subject rights

If you are located in the EU or EEA, certain provisions of EU data protection law apply in addition to Swiss requirements. The following lists commonly exercised rights.

  • Right of access: you may request confirmation whether we process your personal data and request a copy of that data.
  • Right to rectification: you may request correction of inaccurate or incomplete personal data.
  • Right to erasure: in certain circumstances you may request deletion of your personal data where legal bases permit.
  • Right to restriction of processing: request suspension of processing under specific conditions.
  • Right to data portability: receive personal data you provided in a commonly used, machine-readable format.
  • Right to object: object to processing based on legitimate interests or direct marketing, where applicable.
04

Cookies and tracking

We use cookies and related technologies to operate the platform, remember preferences and perform analytics. Some cookies are essential for basic functionality; others support performance and feature improvements.

Types include essential session cookies, persistent preference cookies, analytics cookies and optional advertising or tracking cookies used only with consent.

Cookies are categorised as: Essential (required for service), Performance (analytics), Functional (preferences) and Marketing (behavioural targeting with consent).

You can manage cookie preferences via your browser settings and via the cookie consent tool on our site. Disabling non-essential cookies may affect some functionality.

Cookie Policy

Data sharing and recipients

We share personal data only with authorised recipients when necessary to deliver the service or to comply with legal obligations.

  • Subprocessors and service providers hosting the platform, including cloud infrastructure providers and managed hosting partners.
  • Analytics and monitoring vendors that process anonymised or pseudonymised usage data under contract.
  • Payment processors and invoicing partners engaged by organisational customers for billing purposes.
  • Identity and access management providers used by customer organisations to provision and authenticate users.
  • Legal and regulatory authorities when disclosure is necessary to comply with a legal obligation or to protect rights.
  • Corporate affiliates and professional advisers where sharing is necessary for business operations and subject to contractual safeguards.

International data transfers

Personal data may be transferred to processors outside Switzerland or the EU/EEA for hosting, analytics or payment processing. Such transfers are subject to appropriate safeguards.

Safeguards include adequacy decisions, standard contractual clauses, encryption, and strict contractual obligations requiring comparable levels of protection and limited further transfer.

Data retention

We retain personal data only as long as necessary for the purposes described, to fulfil contractual obligations, to meet legal retention requirements or to resolve disputes.

Account records and billing information are retained for the duration of the customer relationship plus a limited archive period required for accounting and regulatory purposes (typically up to 7 years where required by law).

Support tickets and correspondence are retained for operational purposes while an issue is active and subsequently archived for a reasonable period to support future service improvement.

Security and access logs are retained for a limited period necessary for incident contribute and fraud prevention, subject to applicable law and internal retention policies.

Upon account deletion requests we remove personal data from active systems and retain only data required for legal compliance or legitimate business needs, applying appropriate safeguards.

Security measures

ByteYShield applies industry-standard technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration or loss. Security controls are regularly reviewed and updated according to evolving risks.

  • Encryption of data in transit (TLS) and encryption at rest for sensitive stored data where appropriate.
  • Access controls and role-based permissions, multi-factor authentication for administrative accounts, and least-privilege principles.
  • Regular vulnerability assessments, security monitoring, logging and incident response procedures maintained by our security team.
05

How to exercise your rights

You may exercise the rights described in this policy by contacting us. We will verify identity as required and respond within applicable legal timeframes.

  • To request access, correction, restriction or deletion of personal data, contact our data protection representative using the details below.
  • To withdraw consent for processing activities based solely on consent, follow the instructions provided at the time of consent or contact us directly.
  • If you consider our processing unlawful you may lodge a complaint with the competent supervisory authority, such as the Swiss Federal Data Protection and Information Commissioner or the relevant EU authority where applicable.
  • Right to restriction of processing — You may request that we limit how we process your personal data in specific circumstances prescribed by applicable law.
  • Right to data portability — Where processing is based on consent or performance of a contract, you may request a copy of your personal data in a structured, commonly used and machine-readable format.
  • Right to object — You may object to processing based on our legitimate interests or to direct marketing processing; we will assess and respond with an explanation of the legal basis and next steps.
  • Right to withdraw consent — When processing is based on consent, you may withdraw that consent at any time without affecting processing carried out prior to withdrawal.
  • Right to lodge a complaint — If you consider that our processing of personal data infringes applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority in Switzerland.

Exercising your privacy rights

To exercise any of the rights listed above, please submit a written request to our Data Protection contact. Provide sufficient details to allow us to identify you and locate the relevant data, such as your full name, the email used on your ByteYShield account, and a clear description of the request. We may request additional information to verify your identity before processing the request to protect your privacy and security. Requests should be sent to [email protected] or by post to Route du Grand-Saint-Bernard 18, 1945 Liddes, Switzerland (Business ID CHE-690.877.308).

[email protected]

We aim to acknowledge requests within seven calendar days and to provide a substantive response within 30 calendar days. Complex requests or requests requiring verification may take up to 60 calendar days; if so, we will inform you of the expected timeframe and reasons for any delay.

Marketing communications and choices

ByteYShield communicates about product updates, course offerings, and operational safety resources to users who opt in. Marketing messages include clear instructions to modify preferences or opt out. We limit third-party marketing sharing and use user preferences to respect communication choices. Processing for marketing is based on consent or our legitimate interest where permitted by law.

To stop receiving marketing emails, use the unsubscribe link contained in any marketing message or update your preferences in your account settings. You may also email [email protected] with a request to unsubscribe; please allow up to five business days for processing.

Children and minors

ByteYShield services are designed for professionals and adult learners. We do not intentionally collect personal data from children under 16. If we become aware that we have unintentionally collected personal data from a child under the applicable age threshold, we will take steps to delete that information in accordance with applicable law. Parents or guardians who believe their child’s data has been collected may contact us at [email protected].

Third-party links and integrations

Our platform may contain links to third-party websites or integrate third-party services (e.g., payment processors, analytics, learning tools). These third-party services maintain their own privacy practices. ByteYShield is not responsible for third-party processing; review their privacy notices before providing personal data through those services.

Changes to this privacy policy

We periodically review and may update our privacy policy to reflect regulatory, operational, or technical changes. Material changes will be communicated via the ByteYShield platform or by email where appropriate. The effective date of the current privacy policy is 09-04-2026; subsequent updates will indicate a revised effective date.