Privacy Policy

Last updated: 1 May 2025

This Privacy Policy describes how Qala AG ("Qala", "we", "us") collects, uses, and discloses personal data when you visit getqala.org, request access to the Qala platform, or interact with us by email or phone. Qala AG is the data controller for personal data collected through this website.

1. Who We Are

Qala AG, registered office Technoparkstrasse 1, 8005 Zurich, Switzerland. Contact: [email protected] | +41 44 617 1980.

2. Personal Data We Collect

2.1 Website contact and early access requests

When you complete the early access request form, we collect: your name, work email address, company name, job role, and any information you provide in the message field. We use this data to respond to your inquiry and assess whether the Qala platform is a fit for your organization. Legal basis: legitimate interest (Article 6(1)(f) GDPR) to evaluate and respond to business inquiries, and where applicable, pre-contractual measures (Article 6(1)(b)).

2.2 Newsletter subscription

If you subscribe to our newsletter, we collect your email address to send you monthly compliance engineering updates. Legal basis: consent (Article 6(1)(a) GDPR). You can unsubscribe at any time using the link in any newsletter email.

2.3 Website usage data

We use privacy-preserving analytics (no cross-site tracking, no fingerprinting) to understand how visitors use the website. This may involve processing of IP addresses in anonymized form. Legal basis: legitimate interest (Article 6(1)(f)) to operate and improve the website. You can opt out via the cookie banner.

3. How We Use Personal Data

We use personal data only for the purpose for which it was collected. We do not sell personal data to third parties. We do not use personal data for automated decision-making or profiling.

4. Data Sharing and Sub-processors

We share personal data with a limited number of sub-processors who provide services necessary to operate the website and respond to inquiries. All sub-processors are contractually bound to process data only on our instructions and to implement appropriate security measures. A current list of sub-processors is available on our Compliance page.

5. International Transfers

Where personal data is transferred outside Switzerland or the EU/EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decision). Details of specific transfer mechanisms are documented on our Compliance page.

6. Retention

We retain contact and early access inquiry data for up to 24 months from the date of the inquiry. Newsletter subscriber data is retained until you unsubscribe. Anonymized website analytics data may be retained indefinitely.

7. Your Rights

Under GDPR and Swiss nDSG, you have rights of access, correction, erasure, restriction, portability, and objection. To exercise your rights, contact [email protected]. We will respond within 30 days. You have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland or your EU member state supervisory authority.

8. Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "last updated" date at the top of this page. Continued use of the website after changes are posted constitutes acceptance of the updated policy.