Data minimization and secure processing applied to training records and learner data in line with applicable Swiss and EU privacy standards.

General information

WebLabSinn operates educational services focused on online literacy and safety. This privacy notice explains which categories of personal data we collect, how we use them, the legal bases for processing, retention practices and rights available to data subjects. Our approach is designed to reduce unnecessary data collection, to protect learner privacy, and to provide administrators and participants with clear, actionable controls over their information. The policy reflects practices relevant to institutions and individual learners engaging with our courses, workshops and assessments delivered via WebLabSinn.club.

15-02-2026 WebLabSinn, Bündtstrasse 7, 9464 Rüthi (Sankt Gallen), Switzerland. Business ID CHE-097.692.424. Bündtstrasse 7, 9464 Rüthi (Sankt Gallen), Switzerland [email protected]
01

Definitions

The terms used in this document are defined to make the policy clear. Definitions apply to the processing descriptions that follow and are used consistently throughout.

Personal data means any information relating to an identified or identifiable natural person, including name, email, institutional affiliation, assessment results and account identifiers used within WebLabSinn services. Processing refers to any operation or set of operations performed on personal data, such as collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, erasure or destruction. User refers to any individual who engages with WebLabSinn services, including learners, instructors, administrators and institutional contacts. Service means the suite of online literacy and safety training modules, assessments, instructor tools and reporting features delivered by WebLabSinn via WebLabSinn.club. Cookies are small text files stored on a device that allow WebLabSinn to recognize returning users, remember preferences, and collect usage information to improve the service.
02

What data we collect

We collect data required to deliver training, maintain accounts, assess learning outcomes and provide administrative reporting. Collection is limited to what is necessary for these purposes and maintained with access restrictions.

Data you provide directly

When registering, participating in courses, or communicating with support, users provide specific personal information needed to deliver and manage the educational experience.

  • Contact details: given name, family name, professional email address and organizational affiliation.
  • Account credentials and preferences: username, hashed password, language preferences and display settings.
  • Training records: course enrollments, module completion status, quiz and assignment results, and issued certificates.
  • Billing and invoicing details for institutional subscriptions where applicable: billing contact, organization billing address and VAT or business identifiers.
  • Communications: messages platform with instructors, support tickets and consent records for receiving updates and newsletters.
  • Optional profile information: job title, sector, and public profile fields used for peer collaboration within the platform.

Automatically collected data

To operate and secure the service, WebLabSinn collects technical and usage data automatically when users interact with the platform. This information helps maintain service integrity and improve educational quality.

  • Device and browser metadata: device type, operating system, browser version and language settings.
  • Usage and analytics: pages visited, time spent on modules, clicks, progress metrics and feature interaction logs.
  • Connection data: IP address, general geographic region and timestamps for login and activity events used for security monitoring.
  • Performance diagnostics and crash reports to identify and resolve technical issues promptly.
  • Cookies and similar identifiers used to support session management, load-balancing and user preferences.
  • Security logs capturing authentication attempts and administrative actions to protect accounts and institutional data.

Data received from third parties

In specific cases, WebLabSinn receives data from third-party systems integrated for administrative or authentication purposes. We limit such transfers and require appropriate contractual and technical safeguards.

  • Identity providers and single sign-on services used by institutions for user authentication.
  • Payment processors and invoicing platforms for handling subscription payments and billing records.
  • Analytics and infrastructure providers that support platform performance and usage measurement.
03

Purposes of processing

We process personal data for a small set of operational and service-improvement purposes directly related to delivering online literacy and safety education.

  • Account management and access control to enable course enrolment and personalized learning journeys.
  • Course delivery and assessment to provide learning materials, grade assignments and issue completion records.
  • Customer support and communication regarding account issues, course updates and scheduled maintenance.
  • Billing and subscription administration for institutional plans and invoicing.
  • Service improvement and research activities based on aggregated, anonymized usage data to refine training methodology.
  • Security, fraud prevention and abuse detection to protect users and the integrity of the learning environment.
  • Compliance with legal obligations and responses to lawful requests by competent authorities.
  • Communications about products and services where users have consented to receive such information or where communications are necessary for the service.

Legal bases for processing

Where applicable, we rely on one or more lawful bases for processing personal data. The specific basis depends on the processing purpose and context.

  • Contract performance: processing necessary to provide the educational service and fulfil contractual obligations to institutional customers and enrolled users.
  • Consent: where users explicitly opt in to optional communications or data uses, such as marketing or research participation.
  • Legal obligations: processing required to comply with statutory duties or lawful orders from public authorities.
  • Legitimate interests: processing for platform security, fraud prevention, service improvement and operational integrity, balanced against user rights and expectations.

Your data subject rights

If you are located in the European Economic Area, the following list summarizes rights afforded under applicable data protection laws and practical steps to exercise them.

  • Right of access: you may request confirmation of processing and access to your personal data held by WebLabSinn.
  • Right to rectification: you may request correction of inaccurate or incomplete personal data.
  • Right to erasure (right to be forgotten): subject to legal and contractual limits, you may request deletion of your personal data.
  • Right to restriction of processing: you may request that processing be limited while a dispute about accuracy or lawfulness is resolved.
  • Right to data portability: where applicable, you may request a machine-readable copy of personal data you provided to WebLabSinn.
  • Right to object: you may object to processing based on legitimate interests or direct marketing; WebLabSinn will assess the request against compelling grounds to continue processing.
04

Cookies and tracking technologies

Cookies and similar tracking technologies are used to provide essential service functionality, remember preferences, and analyse usage patterns. Users can manage cookie preferences via browser settings or our consent banner where applicable.

We use session cookies for authentication, persistent cookies for preferences, performance cookies for analytics, and functional cookies to support interactive features. Third-party cookies may be set by integrated services such as analytics and payment providers.

Categories include: strictly necessary cookies (service functionality), performance cookies (usage analytics), functional cookies (preferences) and targeted cookies (third-party integrations necessary for optional services).

You may disable non-essential cookies through your browser settings or the consent controls presented on first visit. Disabling certain cookies may limit platform features such as saved progress or single sign-on functionality.

Read our Cookie Policy for technical details and how to adjust settings.

Data sharing and processors

WebLabSinn engages third-party processors to operate infrastructure, payment handling, and analytics. All processors are selected based on security practices and subject to data processing agreements reflecting data protection obligations.

  • Hosting and cloud infrastructure providers for secure storage and delivery of platform content.
  • Payment and billing processors required for subscription management and invoicing.
  • Analytics services used to aggregate usage data and improve course effectiveness; data is anonymized where possible.
  • Learning management system integrations and identity providers used by institutional customers.
  • Professional advisors and auditors engaged to review compliance, security and business records under confidentiality terms.
  • Legal or regulatory authorities when disclosure is necessary to meet a lawful obligation or respond to legal process.

International data transfers

Some processing and hosting of personal data may occur outside Switzerland or the European Economic Area. When transfers take place, we rely on legal safeguards such as adequacy decisions, standard contractual clauses, or other permitted mechanisms to ensure an appropriate level of protection.

We put in place contractual protections and technical controls where required, including encryption, access controls and, where applicable, EU Standard Contractual Clauses or equivalent safeguards to maintain protection of personal data.

Data retention

We retain personal data only as long as necessary to fulfil the purposes described and to meet legal, regulatory or contractual obligations. Retention periods vary by data category and purpose.

Account data and basic user profiles are retained while the account is active and for a limited administrative period after account closure to address requests or legal obligations, typically up to 24 months unless a longer period is required by law.

Support communications and administrative messages are retained for a period required to resolve requests and for quality assurance; retention periods are periodically reviewed and minimized.

Security and access logs are retained for security monitoring and incident contribute for a defined operational period, generally ranging from 6 months to 36 months depending on the type of log and legal requirements.

When data is no longer necessary for the stated purposes and no legal obligation requires further retention, WebLabSinn deletes or anonymizes the personal data in a secure manner.

Security measures

Protecting data integrity and confidentiality is a core operational requirement. WebLabSinn applies a combination of organizational, technical and physical safeguards to reduce risks to personal data, including regular assessments and updates of controls.

  • Encryption in transit (TLS) for all communications and encryption at rest for stored sensitive records.
  • Access controls, role-based permissions and multi-factor authentication for administrative access.
  • Regular security testing, vulnerability management and incident response procedures with documented escalation paths.
05

Exercising your rights

To exercise any rights related to your personal data, please contact us using the details below. We will respond within applicable statutory timeframes and may require verification of identity to process requests.

  • Access your data: request a copy of personal data we hold about you and information on processing purposes.
  • Rectify inaccuracies: submit corrections to personal data that is incomplete or inaccurate.
  • Request erasure: where applicable, ask that personal data be deleted subject to legal and contractual limitations.
  • Restrict or object to processing: request limitation or object to processing based on legitimate interests or direct marketing.
  • Portability: request a structured, commonly used and machine-readable copy of personal data you provided to us.
  • Right to withdraw consent to processing where processing is based on consent; withdrawal will not affect lawfulness of processing conducted prior to withdrawal.
  • Right to restrict processing in certain circumstances, for example while a dispute about accuracy of personal data is being resolved.
  • Right to lodge a complaint with a competent data protection authority in Switzerland if you consider our handling of personal data breaches applicable law.

How to exercise your data subject rights

If you wish to exercise any of the rights listed above, please submit a verifiable request describing the right you wish to exercise and providing sufficient identification information. For requests relating to an account, include the email address used to register with WebLabSinn. We may request additional information to verify your identity before processing sensitive requests.

[email protected]

We will acknowledge receipt of your request promptly and aim to provide a substantive response within 30 days. If the request is complex or numerous, we will inform you if an extension is necessary and explain the reason for the delay.

Marketing communications and preferences

We may use your contact details to send information about courses, updates, and resources related to online literacy and safety when you have opted in. Communications are limited to topics relevant to the services you sign up for. Marketing messages include clear information on why you received them and how to adjust your preferences.

To stop marketing emails, follow the unsubscribe link included in every marketing email or contact [email protected]. We will process unsubscribe requests without undue delay; transactional and service-related communications may continue where necessary for account or course administration.

Children and age-appropriate processing

Our programs are designed for educators, parents, and adult learners. We do not knowingly collect personal data from children under the age of 16 without verifiable parental consent. If you believe we have unintentionally collected data about a child, contact our data protection contact and we will take steps to remove that data where appropriate.

Links to third-party services

WebLabSinn may include links to third-party tools and resources for training, assessment, and curriculum references. These links operate under the third party's privacy policy; we are not responsible for their practices. We select partners with compatible privacy standards and review integrations to minimize data exposure.

Changes to this privacy policy

We periodically review and may update our privacy practices to reflect operational, legal, or regulatory changes. Material changes will be posted on our site with an updated effective date. We encourage users to review this policy regularly to stay informed about how we handle personal data.