Privacy Policy
Last updated:
Oct 7, 2025
Effective date: [01.September 2025]
Controller: Sunview Systems AG, Dorfstrasse 38, 6341 Baar, Switzerland
Contact: [info@elberly.com]
1) Scope
This policy explains how Elberly collects, uses, shares and protects personal data when you visit elberly.com and related pages (the “Site”) or use our services (e.g., AI Receptionists, AI Cold Callers, chatbots, email outreach, and web/software solutions). It covers online interactions; offline processing may be governed by our contracts (incl. Data Processing Agreements, “DPAs”).
2) Roles under data protection law
When we determine purposes and means (e.g., Site analytics, inbound lead forms), Elberly is the Controller (GDPR/nFADP).
When we process end-customer data on behalf of clients (e.g., call handling, chat support, outreach), Elberly acts as a Processor and processes data strictly per the client’s instructions under a DPA.
3) What we collect
Identifiers & contact data: name, email, phone, company, role, preferences submitted via forms or chat.
Service & transaction data: bookings, call/chat transcripts, voicemail, task outcomes, confirmations, support tickets, contract details, invoices.
Technical data: IP address, device/browser, language, referrer, cookie IDs, session/event logs.
Audio/voice data (if enabled): recordings, call metadata, AI call notes/transcripts.
Marketing & communications: consent settings, newsletter subscriptions, campaign interactions.
Inferences: service interest segments, propensity scores (where permitted).
We do not intentionally collect special categories of data and request that you do not provide them unless contractually required and legally justified.
4) Sources
Directly from you (forms, chat, calls, email).
From our clients (when we act as Processor).
From integrated platforms (e.g., calendar, CRM, helpdesk, telephony, payment processors) as configured by you/your organization.
Automatically via cookies, SDKs and analytics.
5) Purposes & legal bases
As Controller (GDPR Art. 6 / nFADP):
Provide and improve the Site, security and fraud prevention (legitimate interests).
Respond to enquiries, schedule demos, send service information (contract / pre-contract).
Marketing communications with your consent (consent) and unsubscribe anytime.
Compliance with legal obligations (legal obligation).
As Processor (per DPA):
Deliver contracted services (AI receptionist/caller, chatbots, automations, email outreach), integrate with your tools, generate logs and reports (contract).
Model quality, safety and debugging using pseudonymised/aggregated data where permitted by the DPA (legitimate interests / client instructions).
6) Cookies & similar technologies
We use necessary cookies for site operation and optional analytics/marketing cookies (e.g., Google Analytics/Ads, Meta, LinkedIn) subject to consent where required. Manage preferences via our cookie banner. See our Cookie Notice for vendors, purposes, and retention.
7) Sharing of data
We share data with:
Service providers/Processors: hosting, telephony/VoIP, email/SMS gateways, analytics, error monitoring, payment processors, CRM/helpdesk tools; bound by contracts and confidentiality.
Clients (when we are Processor): outputs (e.g., transcripts, bookings, lists, reports).
Professional advisors & authorities: where required by law.
Corporate transactions: in case of merger, acquisition or asset transfer (with safeguards).
We do not sell personal data. For California residents, we do not “sell” or “share” data for cross-context behavioral advertising as defined by CPRA; if that changes, we will update this policy and honor opt-out rights.
8) International transfers
Data may be processed in or transferred to countries outside Switzerland/EEA with appropriate safeguards (e.g., EU Standard Contractual Clauses, adequacy decisions, Swiss addenda). Details available on request.
9) Retention
We keep personal data only as long as necessary:
Site inquiry data: typically 6–12 months after last interaction.
Service data (Processor): as set in the DPA or client instructions (commonly service term + 6–12 months for logs/compliance).
Legal/finance records: as required by Swiss/EU law.
Data is securely deleted or anonymised after retention.
10) Security
We implement administrative, technical, and physical safeguards (access controls, encryption in transit/at rest where applicable, least-privilege, logging/monitoring, vulnerability management). No method is 100% secure; we operate incident response procedures.
11) Your rights
GDPR/Swiss nFADP: access, rectification, erasure, restriction, portability, objection; withdraw consent at any time.
CPRA (California): know/access, correction, deletion, limit use of sensitive data, and opt-out of “sale/share” (not currently applicable).
To exercise rights, contact [privacy@elberly.com]. We may verify identity and respond within statutory timeframes.
12) Children
Our Site/services are not directed to children under 16 (or lower local threshold). We do not knowingly collect data from children. If you believe a child provided data, contact us to delete it.
13) AI-specific disclosures
Calls & chats: may be recorded/transcribed to perform the service, quality assurance, and—if agreed in the DPA—improvement/safety.
Voice cloning/TTS/ASR: if enabled, we use vetted providers under strict contractual controls; we do not clone a person’s voice without explicit, documented consent.
Automated decision-making: our systems assist workflows (e.g., routing, scheduling). We do not make solely automated decisions with legal or similarly significant effects without appropriate safeguards and human review.
14) Marketing preferences
Unsubscribe via the link in emails or contact us. You can withdraw cookie consent anytime via the banner.
15) Changes
We may update this policy from time to time. The latest version is published with the effective date above.
Contact:
Sunview Systems AG, Dorfstrasse 38, 6341 Baar, Switzerland
Email: [info@elberly.com]