Privacy Policy
Last updated: 18.02.2026
1. Data controller
The data controller of the personal data collected through https://virgilia.ch and the Virgil.ia platform is:
Virgilia SaglQuartiere Maghetti 206900 Lugano, SwitzerlandEmail: info@virgilia.ch
2. Applicable Legislation
Personal data is processed in compliance with the Swiss Federal Data Protection Act (nLPD/DSG), in force since 1 September 2023, and, where applicable for users residing in the European Union, with Regulation (EU) 2016/679 (GDPR). For the use of cookies and similar technologies, the provisions of section 45c of the Telecommunications Act (LTC/FMG) and the FDPIC guidelines of 22 January 2025 also apply.edoeb.admin+1
3. Data Collected
We collect the following categories of personal data:
- Registration and account data: first name, surname, email address, telephone number, organisation name, company role.
- Platform usage data: access logs, interactions with the AI Consultant, uploaded documents, Gap Analysis results.
- Contact details: information provided via the site's contact form.
- Technical data: IP address, browser type, operating system, pages visited, session duration.
- Invoicing data: necessary for the management of the subscribed service plans.
4. Purposes and Legal Bases of Processing
| Purpose | Legal basis (nLPD/GDPR) |
|---|---|
| Virgil.ia service delivery | Contract Execution |
| Account management and authentication | Contract Execution |
| Technical support and assistance | Contract performance / legitimate interest |
| Improvement of the platform and AI model | Overriding legitimate interest |
| Commercial communications (if consented to) | Consent |
| Tax and accounting obligations | Legal obligation |
| Computer security and fraud prevention | Overriding legitimate interest |
5. Data of the Client Organisation
The documents, business data and information uploaded by customer organisations on the Virgil.ia platform for NIS2 and ISO 27001 compliance purposes are processed exclusively for the provision of the contracted service. Virgilia Sagl acts as a data controller with respect to such data, the ownership of which remains with the client organisation. We do not use such data to train generic AI models nor do we pass them on to third parties, except as necessary for the technical execution of the service or as required by law.
6. Automated Processing and Artificial Intelligence
The platform uses automated processing systems, including artificial intelligence models, to analyse documents and provide compliance guidance. No decision with legal or significant effects is taken in a fully automated manner without human review. The client organisation retains control over operational decisions.
7. Communication and Transfer of Data
Personal data may be communicated to
- Technical and cloud providers (hosting, infrastructure, transactional email) selected from parties that guarantee adequate levels of protection.
- Professionals and consultants of Virgilia Sagl, bound by confidentiality obligations.
- Competent authorities, in the cases provided for by law.
In the case of data transfer to third countries that do not guarantee an adequate level of protection, we adopt the appropriate safeguards provided for by the nLPD and the GDPR (e.g. standard contractual clauses).
8. Data Retention
Personal data are kept for as long as necessary for the purposes for which they were collected:
- Account and contract data: for the duration of the relationship and until 10 years after termination, in fulfilment of Swiss tax and accounting obligations.
- Technical log data: maximum 12 months.
- Contact form data (without contract): 24 months from the request.
- Data subject to consent: until consent is revoked.
9. Rights of the Interested Parties
In accordance with the nLPD and the GDPR, every data subject has the right to:
- Access: obtain confirmation of the processing and a copy of their data.
- Corrigendum: request the correction of inaccurate or incomplete data.
- Cancellation: request the deletion of one's own data (“right to be forgotten”), within the limits provided for by law.
- Limitation: request restriction of processing in certain circumstances.
- Portability: receive their data in a structured, machine-readable format.
- Opposition: oppose processing based on legitimate interest.
- Withdrawal of consent: withdraw the consent given at any time, without prejudice to the lawfulness of the previous processing.
- Complaint: file a complaint with the’FDPIC (Federal Data Protection and Information Commissioner) or, for EU users, to the supervisory authority of their Member State.
To exercise your rights, please contact: info@virgilia.ch
10. Data Security
We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction or disclosure, in line with the ISO 27001 standards that our own platform promotes. In the event of a data breach (data breach) that poses a high risk to the rights of data subjects, we will notify you within the terms of the nLPD.
11. Amendments to the Policy
We reserve the right to update this Policy. Significant changes will be notified to registered users by email. The updated version will always be available on this page with an indication of the revision date.
12. Contact
Virgilia SaglQuartiere Maghetti 20 - 6900 Lugano, SwitzerlandEmail: info@virgilia.ch
