Data Controller
The controller responsible for the processing of personal data in connection with this website and Riveon's services is:
How Riveon AG collects, uses and protects personal data under Swiss and European law.
The controller responsible for the processing of personal data in connection with this website and Riveon's services is:
This Privacy Policy describes how Riveon AG processes personal data in connection with its website, its compute and infrastructure services, and its AI-based contact channels. It applies in addition to any contractual data processing agreements in force between Riveon AG and its customers.
Riveon processes personal data in accordance with the Swiss Federal Act on Data Protection (FADP / revDSG, in force since 1 September 2023) and, where applicable, the EU General Data Protection Regulation (GDPR). We process personal data only where we have a valid legal basis, limit processing to what is necessary, and apply data minimisation, purpose limitation and transparency as guiding principles.
Depending on how you interact with Riveon, we may process the following categories of personal data:
We process personal data for the following purposes and on the following legal bases:
Riveon operates conversational and voice-based AI systems as part of its customer-facing services. This section describes the specific processing involved, in line with Art. 50 of the EU AI Act and the transparency requirements of the FADP.
At the beginning of each interaction with our chat or hotline, users are informed that the system may be operated by an AI assistant. A human agent can be requested at any time.
Voice input is transcribed in real time; the transcript and any AI-generated responses are stored to operate the service. Call recordings are only retained where the user has explicitly consented.
Processing takes place within the EU/EEA and Switzerland. Selected sub-processors may rely on infrastructure located in third countries; transfers are safeguarded in accordance with Section 7 below.
Riveon does not use customer voice or chat content to train foundation models. Contracts with model providers prohibit such use without separate, explicit consent.
Decisions with legal or similarly significant effect on individuals are reviewed by a human before taking effect. The AI assistant does not enter into binding contracts on behalf of Riveon AG.
AI-generated voices are clearly identified as synthetic. Riveon does not clone or impersonate real individuals and does not produce deceptive audio, image or video content.
Personal data is only shared with third parties where this is necessary for the purposes described above, permitted by law, or expressly authorised by you. Typical recipients include group companies, carefully selected service providers (for example hosting, telephony, conversational AI and analytics providers), auditors, legal and tax advisors, and public authorities where required.
All processors act on Riveon's documented instructions and are bound by written data-processing agreements that comply with Art. 9 FADP and Art. 28 GDPR.
Where personal data is transferred to a country outside Switzerland or the EEA that does not offer an adequate level of data protection, Riveon relies on appropriate safeguards such as the European Commission's Standard Contractual Clauses (2021/914) in combination with the Swiss addendum issued by the Federal Data Protection and Information Commissioner (FDPIC), supplemented by technical and organisational measures where necessary.
Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, to comply with statutory retention obligations (in particular under Swiss commercial and tax law, typically ten years), or to preserve evidence within applicable limitation periods. Once the retention period expires, data is deleted or irreversibly anonymised.
Riveon applies appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration or disclosure. These measures include encryption in transit and at rest, strict access controls, logging and monitoring, regular security reviews, and staff confidentiality obligations. We continuously review and improve our security posture in line with the state of the art and the specific risks of our operations.
Subject to applicable law, you have the following rights in relation to your personal data:
To exercise any of these rights, please contact us using the address listed in Section 1. We may need to verify your identity before responding.
This website uses only cookies and similar technologies that are strictly necessary for the operation of the site, for basic security, and for remembering your cookie preferences. Riveon does not use advertising cookies and does not track users across third-party websites. Where any optional analytics or functional cookies are introduced in the future, they will only be set after you have given your prior consent via a cookie banner.
Riveon may update this Privacy Policy from time to time to reflect changes in our services, in applicable law or in our processing activities. The current version is always available on this page and is identified by the "Last updated" date at the top. Material changes will be communicated appropriately.