Privacy Policy

1.1 The responsible entity within the meaning of the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP) is: iRewind AG, Richtistrasse 2, 8304 Wallisellen, Switzerland. Email: hi@accessify.live; Website: https://accessify.live

1.2 If the Provider has not designated a representative in the EU pursuant to Art. 27 GDPR, this will be announced on the website if necessary.

2.1 This Privacy Policy explains the nature, scope, and purpose of the processing of personal data in connection with the use of the accessify.live platform ("Platform") and the associated website.

2.2 The Privacy Policy applies to all persons who use the Platform, in particular event organizers ("Customers") and their audiences ("End Users").

2.3 It is based on the Swiss FADP and, where applicable, on the GDPR of the European Union.

3.1 Customer Data (Organizers):

• Name, organization, email address, phone number;
• Billing and payment data (when purchasing a 24-hour pass);
• Communication data (correspondence with support & marketing).

3.2 End User Data:

• Technical access data (IP address, browser type, device information, operating system, time of access);
• Usage data (features accessed, language selection, session duration).

Audio data transmitted during live streaming; automatically generated transcriptions and translations (AI-based); if activated: sign language video streams and audio description.

3.4 We generally do not collect special categories of personal data within the meaning of Art. 9 GDPR. If this is different in individual cases (e.g., health data for accessibility features), processing is carried out exclusively on the basis of explicit consent or insofar as it is necessary for the fulfillment of the contractual purpose.

The following overview describes the purposes, data categories, and legal bases of data processing:

5.1 The Provider only discloses personal data insofar as this is necessary for the performance of the contract, due to a legitimate interest, a legal obligation, or with the consent of the data subject.

5.2 The following categories of recipients may receive personal data:

• Hosting and cloud infrastructure providers (platform operation);
• AI and language service providers (transcription, translation);
• Payment service providers (payment processing);
• Analytics service providers (anonymized usage analysis);
• Authorities (when required by law).

5.3 Where processors are used, they are contractually obligated under Art. 28 GDPR or Art. 9 FADP to process personal data only in accordance with the Provider's instructions and in compliance with appropriate security measures.

6.1 Data processing generally takes place in Switzerland and/or the European Economic Area (EEA).

6.2 Where personal data is transferred to countries that do not provide an adequate level of data protection, the Provider ensures through appropriate safeguards that the rights of data subjects are maintained. These may include:

• Standard Contractual Clauses of the EU Commission (SCC);
• Adequacy decisions of the EU Commission or the Swiss Federal Council;
• Binding Corporate Rules.

6.3 Data subjects may request information from the Provider about the specific safeguards for data transfers to third countries.

7.1 Personal data is only retained for as long as necessary for the respective processing purpose or as required by statutory retention periods.

7.2 The following indicative retention periods apply:

7.3 After the retention period expires, personal data is deleted or anonymized, unless overriding statutory retention obligations exist.

Data subjects have the following rights under applicable data protection laws (GDPR and FADP):

• (a) Right of access: You may request information about whether and which personal data is processed about you (Art. 15 GDPR; Art. 25 FADP).
• (b) Right to rectification: You may request the correction of inaccurate or incomplete personal data (Art. 16 GDPR; Art. 32(1) FADP).
• (c) Right to erasure: You may request the deletion of your personal data under legal conditions (Art. 17 GDPR).
• (d) Right to restriction: You may request the restriction of processing (Art. 18 GDPR).
• (e) Right to data portability: You may request to receive your data in a structured, commonly used, and machine-readable format (Art. 20 GDPR; Art. 28 FADP).
• (f) Right to object: You may object to processing based on a legitimate interest at any time (Art. 21 GDPR).
• (g) Withdrawal of consent: Where processing is based on your consent, you may withdraw it at any time with effect for the future (Art. 7(3) GDPR).

Please direct requests to: hi@accessify.live. The Provider responds to requests within the statutory deadlines. Data subjects also have the right to lodge a complaint with the competent supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC); in the EEA, the respective competent data protection authority.

9.1 The Platform and website may use cookies and similar technologies. A distinction is made between:

• Technically necessary cookies, which are essential for platform operation (no consent required);
• Analytics and statistics cookies, which are only set after explicit consent of the user.

9.2 Consent for non-essential cookies is obtained via a cookie banner and can be revoked at any time via the cookie settings on the website.

9.3 Details about cookies used can be found in the cookie policy on the website.

10.1 The Provider takes appropriate technical and organizational measures (TOMs) to protect personal data from unauthorized access, loss, misuse, or destruction. These include:

• Encryption of data transmission (TLS/SSL);
• Access restrictions and role-based permissions;
• Regular security reviews and updates;
• Confidentiality obligations for employees and contractors.

10.2 The Provider continuously adapts its security measures to the state of the art. However, complete protection against all risks cannot be guaranteed.

11.1 The Platform uses AI models for real-time transcription (speech-to-text) and translation of audio content. Audio data is processed in real time and immediately converted into text.

11.2 Processing is carried out exclusively for the purpose of providing the agreed accessibility features. Audio data is not used for training AI models by the Provider unless the Customer has expressly consented.

11.3 Where AI service providers are used, the provisions on processors (Section 5.3) and international data transfers (Section 6) apply accordingly.

12.1 The Customer (organizer) is generally an independent controller for the processing of personal data of their end users. The Provider acts as a processor in this regard.

12.2 Where processing on behalf occurs, the parties shall conclude a data processing agreement (DPA) pursuant to Art. 28 GDPR or Art. 9 FADP as needed.

12.3 The Customer is responsible for informing their end users about data processing in the context of the event in an appropriate manner.

The Platform is not specifically directed at minors. Where minors participate as end users at an event, it is the organizer's responsibility to ensure the required consent of the legal guardians, where legally required (Art. 8 GDPR).

The Provider reserves the right to amend this Privacy Policy at any time, in particular in the event of changes to applicable data protection legislation, adjustments to Platform functionality, or the introduction of new services. The current version is available on the website. In the event of material changes, the Provider will inform Customers in an appropriate manner.

15.1 This Privacy Policy is governed by Swiss law. The rights of data subjects under the GDPR remain unaffected insofar as the GDPR is applicable.

15.2 The exclusive place of jurisdiction is Zurich, Switzerland, to the extent permitted by law.

For questions about data protection or to exercise your rights, please contact: iRewind AG, Richtistrasse 2, 8304 Wallisellen, Switzerland; Email: hi@accessify.live