Privacy policy.
This page describes which personal data Gates Solutions Sàrl collects via gates-solutions.com, for what purpose, where it is stored, for how long, and what your rights are. The text aims at transparency and readability, not legal dilution.
01 · Preamble
Preamble
This policy applies to the processing of personal data carried out by Gates Solutions Sàrl in the context of operating the site gates-solutions.com and the resulting interactions (contact form, CV submission, email exchanges, appointment booking).
It is drafted to comply with both the revised Swiss Federal Act on Data Protection (nFADP / nLPD, in force since 1 September 2023) and the European General Data Protection Regulation (GDPR, EU Regulation 2016/679), which applies to visitors residing in the European Union.
In case of an interpretation conflict between the two frameworks, the most protective provision for the data subject applies.
02 · Controller
Who collects your data
The data controller is:
Data controller
Gates Solutions Sàrl
Route du Risoud 9, 1348 Le Brassus
Vaud, Switzerland
UID CHE-210.509.281
Represented by Guillaume Alexandre, managing director.
Email for any question relating to personal data:
[email protected]
Gates Solutions Sàrl does not appoint a Data Protection Officer (DPO), as its size and the nature of its processing make it neither mandatory under art. 37 GDPR nor under the nFADP.
03 · Data
Which data and in which cases
Four distinct situations give rise to collection:
a) Contact form
When you fill in the contact form, the following data is transmitted:
- Full name
- Work email address
- Company name
- Phone number (optional field)
- Topic of the request (sourcing, training, RecOps, speaking, other)
- Free-form message content
This data transits via a Cloudflare Worker that performs invisible validation and anti-spam protection, and is then recorded in the Odoo CRM operated by Gates Solutions Sàrl.
b) CV submission via Jarvi
If you choose to drop a CV via the "Drop my CV" link, you are redirected to a Jarvi page owned by Gates Solutions, on which you transmit:
- Your CV in the format of your choice
- The contact details you enter (name, email, phone and, where applicable, additional professional information)
The submission happens directly on the Jarvi infrastructure, operated by Jarvi Tech SAS (10 rue du Réage, 35510 Cesson-Sévigné, France). Data is processed by this processor according to its own privacy policy, accessible from the submission page.
c) Appointment booking via Google Calendar
If you book a slot via the "Open Office Hours" link, you are redirected to Google Calendar Appointment Schedules. The data collected on that occasion (name, email, booked slot) is processed by Google Ireland Ltd according to Google's privacy policy. No Google cookie is set on gates-solutions.com, as the service is only used by external redirect.
d) Technical connection to the site
On each visit, your browser automatically communicates technical information (IP address, browser type, referrer page, etc.) to the Cloudflare hosting infrastructure. These server logs are managed by Cloudflare according to its own retention and security policy. Gates Solutions Sàrl has no direct access to this raw data outside of investigations linked to a security incident.
Important note
This site collects no banking information, no ID document numbers, no special categories of data (ethnic origin, religious or political opinions, health, sexual orientation, etc.). If a free-form message you send happens to contain this type of information, it will be treated with the same confidentiality as the rest, but we recommend that you avoid communicating it via this channel.
04 · Purposes
Why (purposes and legal bases)
Each processing relies on an explicit purpose and an identified legal basis, in accordance with art. 6 GDPR and art. 31 nFADP.
| Data | Purpose | Legal basis |
|---|---|---|
| Contact form | Handle your commercial or informational request | Pre-contractual measures (art. 6.1.b GDPR) / Overriding interest (art. 31 al. 2 nFADP) |
| CV submission (Jarvi) | Assess the relevance of a mission or introduction opportunity | Legitimate interest of Gates Solutions Sàrl to build a candidate pool (art. 6.1.f GDPR) / Overriding interest (art. 31 al. 2 nFADP) |
| Server logs (Cloudflare) | Site security, attack and fraud prevention | Legitimate interest in system security (art. 6.1.f GDPR) / Overriding interest (art. 31 al. 2 nFADP) |
| Cloudflare Web Analytics statistics | Understand aggregate site usage to improve editorial quality | Legitimate interest, no cookie or persistent identifier (art. 6.1.f GDPR) / Overriding interest (art. 31 al. 2 nFADP) |
| Accounting data linked to invoices | Issue, retain and declare invoices | Legal obligation (art. 6.1.c GDPR) / Swiss legal obligation (art. 958f Code of Obligations) |
05 · Retention
For how long
Each data category has its own retention period, aligned with its purpose:
- Contact form data (Odoo CRM): kept 3 years from the last active contact. Beyond that, it is archived or deleted depending on the situation.
- Contact details and CVs submitted via Jarvi: kept 2 years from submission, with deletion possible at any time on request to [email protected].
- Post-contact email exchanges: kept in the professional mailbox according to applicable statutory periods for commercial exchanges (typically up to 10 years for items linked to invoicing).
- Server logs: managed by Cloudflare according to its own retention policy.
- Accounting data (invoices, supporting documents): 10 years, in line with Swiss legal obligations (art. 958f of the Code of Obligations).
- Cloudflare Web Analytics data: aggregated at site level, retained 6 months on the free tier, with no cookie or persistent identifier and no possible attribution to an identifiable person.
06 · Processors
With whom this data is shared
Your data is neither sold, rented, nor transferred to third parties for commercial purposes. It is only shared with a limited number of technical processors necessary to operate the site and the business, framed by a processing agreement compliant with art. 28 GDPR and art. 9 nFADP.
| Processor | Role | Location | Policy |
|---|---|---|---|
| Cloudflare, Inc. | Hosting, DNS, invisible anti-spam validation (Turnstile) | United States, EU data-residency options | Read ↗ |
| Odoo SA | CRM, contact and lead management | Belgium, EU infrastructure | Read ↗ |
| Cloudflare Web Analytics | Cookieless audience analytics (already covered by Cloudflare, Inc. above as the host — listed separately here for transparency on the analytics purpose) | Cloudflare global edge network | Read ↗ |
| Infomaniak Network SA | Email transit (MX mail server) | Switzerland | Read ↗ |
| Google Ireland Ltd | Workspace email and Google Calendar Appointment Schedules | Ireland and United States | Read ↗ |
| Jarvi Tech SAS | ATS for CV submissions (only if you use it) | France (Cesson-Sévigné) | Read ↗ |
This list is kept up to date. Any substantial addition of a new processor will be flagged on this page, and the "Last updated" date at the top of the page will be revised accordingly.
07 · Transfers
Transfers outside the EU and Switzerland
Two of the processors above involve transfers or storage outside the EU and Switzerland: Cloudflare (United States) and Google (United States, via an Irish contracting entity for Workspace).
The legal safeguards associated with these transfers are:
- Cloudflare, Inc. is certified under the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework, which constitutes a transfer framework recognised by the European Commission (adequacy decision of 10 July 2023) and by the Swiss Federal Data Protection Commissioner.
- Google Ireland Ltd is the European contracting entity for Google Workspace. Additional transfers to US servers are carried out under Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by the equivalent-protection commitments required by the Schrems II decision.
If you reside in the European Union or in Switzerland, you can ask us at any time for a copy of the safeguards applicable to a specific transfer by writing to [email protected].
08 · Your rights
Your rights
In accordance with the nFADP and the GDPR, you have the following rights at any time:
- Right of access: obtain confirmation of the processing and a copy of your data.
- Right to rectification: have inaccurate or incomplete data corrected.
- Right to erasure: request deletion of your data, subject to statutory retention obligations (notably accounting).
- Right to portability: receive your data in a structured, usable format.
- Right to object: object to processing based on legitimate interest.
- Right to withdraw consent, at any time, when the processing relies on that basis.
- Right to determine the fate of your data after death (only for visitors residing in France, in accordance with the French Data Protection Act).
To exercise these rights, send an email to [email protected] specifying the right invoked and, where necessary, the data concerned.
You will receive a reply within a maximum of 30 days. No identity verification is required as a rule. In case of serious doubt about the requester's identity (a request sent from a different email address from the one initially used, for example), an additional verification may be requested.
09 · Security
Security
The following technical and organisational measures are in place:
- All site traffic is encrypted in HTTPS, via TLS certificates automatically renewed by Cloudflare.
- Forms are protected by invisible anti-spam protection, with no persistent cookie.
- Contact form data is server-side validated before transmission to the Odoo CRM.
- Access to internal tools (Odoo CRM, professional mailbox, Cloudflare infrastructure) is restricted to Guillaume Alexandre, protected by a strong password and two-factor authentication.
- No backup of your data is performed on unencrypted media.
No system being infallible, in case of a personal data breach likely to entail a risk to your rights and freedoms, you will be notified within the timeframes set by the GDPR (notification to the competent authority within 72 hours, communication to the data subjects without undue delay) and by the nFADP.
10 · Minors
Minors
The site gates-solutions.com is intended for a professional adult audience (recruitment teams, executives, conference organisers, trainers). The services offered are not aimed at people under 16.
No targeted collection of data concerning minors is carried out. If you believe a minor under 16 has submitted their data through this site, contact [email protected] immediately for deletion.
11 · Complaints
Complaints to the authorities
If you consider that your rights are not being respected, and after seeking an amicable solution by email with Gates Solutions Sàrl, you may lodge a complaint with the competent authority:
Swiss authority
Federal Data Protection and Information Commissioner (FDPIC / PFPDT)
Feldeggweg 1, 3003 Berne, Switzerland
www.edoeb.admin.ch
European authority (depending on your residence)
You can contact the supervisory authority of the Member State of your habitual residence or place of work.
For example, in France: Commission nationale de l'informatique et des libertés (CNIL), 3 place de Fontenoy, 75007 Paris, www.cnil.fr.
12 · Modifications
Modifications to this policy
This policy may be modified to reflect technical, legal or organisational changes. The "Last updated" date at the top of the page is the authoritative reference.
In case of substantial modification (addition of a major new processor, change of purpose, extension of a retention period), a visible notice will be displayed on the site for at least 30 days.
13 · Contact
Contact to exercise your rights
For any request relating to your personal data or the exercise of your rights:
Main channel
Email: [email protected]
Phone: +41 79 962 41 92
Mail: Gates Solutions Sàrl, Route du Risoud 9, 1348 Le Brassus, Vaud, Switzerland