GRENFIN is committed to protecting the privacy of its users. This privacy policy explains how we collect, use, and protect your personal information in accordance with the General Data Protection Regulation (GDPR) and Swiss data protection law (FADP).

Last updated: December 2024

We collect the following data during your registration and use of the platform:

• Identification information: Name, surname, email address
• Academic information: Student number, program, graduation year
• Professional information: Position, company, department (depending on role)
• Connection data: IP address, browser type, access timestamps
• Generated content: Assignment submissions, messages, uploaded documents

Your data is used exclusively for:

• Providing and improving educational platform services
• Managing your account and personalizing your experience
• Facilitating communication between students, professors, and companies
• Ensuring security and preventing abuse
• Complying with our legal obligations

We implement robust security measures:

• TLS/SSL encryption for all communications
• Passwords hashed with secure algorithms (bcrypt)
• Two-factor authentication available
• Role-based access control (RBAC)
• Hosting on certified infrastructure (Neon PostgreSQL)
• Regular security audits

Your personal data is retained for the duration of your active account, plus a period of 2 years after deletion for legal and backup reasons. Academic data may be retained longer for institutional archiving purposes.

In accordance with GDPR and FADP, you have the following rights:

• Right of access: Obtain a copy of your personal data
• Right of rectification: Correct inaccurate data
• Right to erasure: Request deletion of your data
• Right to portability: Receive your data in a structured format
• Right to object: Object to the processing of your data
• Right to restriction: Restrict the processing of your data

6. Cookies and Similar Technologies

We use cookies strictly necessary for the operation of the platform (authentication, session preferences). No tracking or advertising cookies are used.

7. Data Sharing

Your data is never sold to third parties. It may only be shared with:

• Professors for course management (academic data)
• Partner companies (only if you apply for their offers)
• Competent authorities (if required by law)

For any questions regarding this policy or to exercise your rights, contact our Data Protection Officer: