Skip to main content

Privacy Policy

1. INTRODUCTION

1.1 You have the right to have your data stored securely and handled with care by us. As a Swiss company, we are committed to strict data protection standards. Below we inform you about how we handle personal data that we process in connection with our website and our research activities (research facility for polymorphic AI architecture).

1.2 When we refer to the “user” in this privacy policy, we mean you.

1.3 When we refer in this privacy policy to “Cyber Applied Science and Tech Labs,” the “controller” (= owner of the data collection under the Swiss Data Protection Act, FADP/DSG), or “us,” we mean:

Cyber Applied Science and Tech Labs
(commercially operated by CASTL AG)
Oberdorf 970
9427 Wolfhalden
Switzerland

1.4 This privacy policy applies to the website and the contact and application forms offered through it (e.g., applying as a volunteer for AI training).

1.5 Please take the time to read our privacy policy before sending us any data. If you do not agree with this privacy policy, please do not transmit any data to us.

1.6 If you have any questions or suggestions regarding our privacy policy, please contact: data.protection@castl.rocks.

2. CONTROLLER, DATA PROTECTION OFFICER, AND REPRESENTATIVE

2.1 The controller responsible for processing personal data (EU GDPR, where applicable) and the controller under the Swiss FADP/DSG is Cyber Applied Science and Tech Labs (commercially operated by CASTL AG), Oberdorf 970, 9427 Wolfhalden, Switzerland, email: data.protection@castl.rocks.

3. WHAT DATA WE COLLECT

3.1 Principle: We do not collect personal data for profiling, social media, community, or account purposes, and we do not offer registration/user accounts.

3.2 Data you actively submit via a form (e.g., volunteer application for AI training)
If you complete a form on the website, the data you enter will be transmitted to us electronically by email and stored for further internal processing and for contacting you. Depending on the form, this may include in particular:

a. Name
b. Email address and/or telephone number
c. The content of your message/application and, if applicable, other information you provide voluntarily
d. Files/attachments you submit (e.g., CV), if the form provides for this

3.3 Technically unavoidable data when using the website
When you access our website, data may be processed for technical reasons that are necessary to establish the connection and ensure security (e.g., IP address, date/time, pages accessed, user agent/browser information). As a rule, we use this data only for technical provision, error analysis, and defense against attacks, and—where possible—store it only for a short period.

3.4 We do not process special categories of personal data (e.g., health data) unless you voluntarily provide them to us as part of an inquiry/application. Please only transmit such data if it is necessary.

4. COOKIES AND TRACKING

4.1 We do not use social media plugins and do not carry out social media tracking.

4.2 If cookies are used, they are used only insofar as they are technically necessary (e.g., for basic functions and security). We do not use marketing, profiling, or targeted advertising cookies.

5. RECIPIENTS OF THE DATA

5.1 We treat all data confidentially. Data is only shared to the extent necessary to process your inquiry/application, operate the website, ensure IT security, or comply with legal obligations.

5.2 Categories of recipients may include:
a. IT and hosting service providers (e.g., server/email infrastructure) acting as processors
b. Internal units within Cyber Applied Science and Tech Labs that process the inquiry/application
c. Authorities, courts, and legal advisors, insofar as we are legally obliged to do so or this is necessary to assert/defend claims

5.3 Depending on the service providers used, a transfer abroad may be possible. In such cases, we ensure—where required—appropriate safeguards (e.g., standard contractual clauses) if no adequacy decision exists.

6. PURPOSE OF PROCESSING AND LEGAL BASIS

6.1 Purposes of processing
We process data for the following purposes:

a. Handling your contact inquiry
b. Handling your application as a volunteer (e.g., for AI training) and communicating with you
c. Internal organization and documentation of the processing
d. Ensuring the security and stability of our website/IT systems (e.g., defense against attacks, abuse prevention)

6.2 Legal bases (depending on applicability)
a. Pre-contractual measures/communication: processing to carry out pre-contractual measures or to handle your inquiry (Art. 6(1)(b) GDPR, where applicable)
b. Legitimate interest: secure operation, IT security, abuse and fraud prevention (Art. 6(1)(f) GDPR, where applicable)
c. Consent: if and insofar as you voluntarily provide data that is not necessary for processing, or if consent is required in an individual case (Art. 6(1)(a) GDPR, where applicable)
d. Legal obligation: compliance with legal obligations (Art. 6(1)(c) GDPR, where applicable)

Under the Swiss FADP/DSG, processing is carried out within the statutory framework, in particular in accordance with the principles of lawfulness, proportionality, purpose limitation, and data security.

7. RETENTION PERIOD

7.1 Form data (contact/application)
We store the data you provide for as long as necessary to process your request and for internal documentation. We then delete or anonymize it unless statutory retention obligations prevent deletion or storage is required to assert/defend claims.

7.2 Technical log data
Technical log data—if stored—is generally retained only for as long as necessary for operational security, error analysis, and attack detection, and is then deleted or anonymized.

8. DATA SUBJECT RIGHTS

8.1 Users to whom the EU GDPR applies (where applicable)
In accordance with the GDPR, you have the right of access, rectification, erasure, restriction of processing, objection, and data portability. You can exercise these rights by emailing data.protection@castl.rocks.
You also have the right to lodge a complaint with a supervisory authority, in particular the authority in the EU Member State of your place of residence, place of work, or the place of the alleged infringement.

8.2 Users to whom Swiss data protection law applies
You have the rights under the Swiss FADP/DSG, in particular the right of access and—where the statutory requirements are met—other rights such as rectification, deletion, or restriction. You may also contact the Swiss Federal Data Protection and Information Commissioner (FDPIC/EDÖB). Please address inquiries to data.protection@castl.rocks.

9. CHANGES TO THE PRIVACY POLICY

9.1 We are entitled to amend this privacy policy from time to time, in particular in order to adapt it to changes in legal requirements or technical developments. The current version will be published on our website.