Privacy Policy

Last updated: 1/5/2026

albedis (« Company », « We », « Us », « Our ») operates the CV Builder platform, a software solution that allows users to create professionally formatted resumes from their contributions. This privacy policy explains how we collect, use, store, and protect personal information when users (« you », « your ») access and use our services.

albedis ensures that the processing of personal data is carried out in accordance with the legal provisions of the Swiss Data Protection Act (LPD) and its implementing ordinance (OPD), as well as in compliance with the General Data Protection Regulation (GDPR) where applicable.

1. Information about the controller

albedis is the data controller for personal data collected through CV Builder.

Technical operation and data hosting are provided by Dionitech AG, which acts as a data processor under a data processing agreement.

You can contact us at the following address: • E-mail: dpo@interiman-group.ch • Address: Avenue des Baumettes 7, 1020 Renens, Switzerland

2. Data we collect

We collect and process the following categories of data:

Personal data you provide: Such as your name, email address, and information entered to create documents (e.g., resumes).

Generated and uploaded data: Data you enter and any generated resume content, which may include employment, education, and skills information.

Automatically collected data: Technical information such as IP address, browser type, device details, and usage logs to ensure security and proper service operation.

3. Purpose and legal basis of processing

We process your personal data to: • Provide and operate the CV Builder service • Generate requested resumes • Maintain technical stability and security

Important: We do not use your personal data or generated content to train AI models or machine learning algorithms. Your data is processed solely to deliver the requested documents.

Legal basis:

  • Your consent (Art. 6 and 31 LPD / Art. 6(1)(a) GDPR)
  • Contract performance necessity (Art. 6 LPD / Art. 6(1)(b) GDPR)
  • Our legitimate interest in ensuring operational security (Art. 6 and 31 LPD / Art. 6(1)(f) GDPR)

Providing your data is voluntary; however, certain information is necessary for the platform to function. We do not engage in automated decision-making that has legal or significant effects on you.

albedis guarantees that data is processed with strict confidentiality and takes all necessary technical and organizational measures to protect data against unauthorized processing. In particular, it ensures information security and guarantees that only authorized persons can access it. albedis also ensures that all personal data is processed lawfully and in compliance with the following principles:

  • Processing is carried out in good faith;
  • Processing is lawful, fair, and transparent;
  • Processing is proportionate to the intended purpose and limited to what is necessary;
  • Personal data is accurate and kept up to date. Medicalis ensures reasonable measures are taken to erase or correct inaccurate data;
  • You have the right to access personal data, including the right to correct inaccuracies.

4. Data hosting and security

Storage and hosting:

  • Primary storage: Microsoft Azure Cloud servers located in Switzerland
  • AI processing: Google Vertex AI for AI-powered content generation (located in the EU)

Security measures:

  • Encryption: Data is encrypted in transit and at rest
  • Access controls: Strong authentication and authorization mechanisms
  • Key management: Customer-managed encryption key options available
  • Logging and monitoring: Comprehensive security logging and regular audits protect your personal information from unauthorized access or disclosure

Compliance status: Microsoft Azure and Google Cloud hold extensive compliance certifications, including GDPR support and enterprise-level SLAs.

5. How we protect your data

Your personal data is treated confidentially. albedis has implemented technical and organizational security measures against loss or unlawful processing. We use multiple security techniques (secure servers, firewalls, antivirus, anti-spam, etc.) and physical protection for data storage locations. We continually strive to improve these security measures to ensure your data’s safety.

Please note that transmitting information over the internet is not completely secure. While we do what is reasonably possible to protect your personal data, we cannot guarantee the security of data disclosed online.

You accept the inherent security implications of using the internet, and we disclaim liability for security breaches unless we have violated applicable laws, and only within the limits set by applicable terms and conditions.

6. Third-party service providers and data processing

We work with trusted service providers who process data only under data processing agreements and strictly according to our instructions:

Google Vertex AI:

  • Purpose: AI-powered resume content generation
  • Training restriction: Inputs and outputs are not used to train or fine-tune AI models
  • Data deletion: All temporarily processed data is automatically deleted within 30 days

Microsoft Azure:

  • Purpose: Primary data storage and hosting
  • Data location: Switzerland region
  • Security: Enterprise-grade encryption, access controls, and compliance certifications

All service providers are contractually obligated to process personal data in compliance with applicable data protection laws and implement appropriate security measures.

7. Data transfers and international transfers

We may share data with trusted service providers—such as hosting, AI processing, and security partners—who act only under data processing agreements and strictly according to our instructions.

If CV Builder is offered through a partner or white-label setup, that organization acts as an independent data controller for its own users. In such cases, their privacy policy also applies.

8. Data storage and deletion

We retain your personal data for as long as necessary to fulfill the purposes described in this statement, unless a longer retention period is required or permitted by law. Specifically:

  • User account data: Stored up to one year after last active use or contractual relationship
  • External and generated data (e.g., uploaded resume content): Automatically deleted within one month after processing
  • Technical logs: Retained for a limited period for security and audit purposes

You can request data deletion at any time by emailing dpo@interiman-group.ch. We will delete or anonymize your information unless legally required to retain it longer.

9. Your rights

Under applicable data protection laws (GDPR, LPD), you have the right to:

  • Information: Request details about personal data we process (Art. 15 GDPR)
  • Correction: Request correction of inaccurate or incomplete data (Art. 16 GDPR)
  • Deletion: Request deletion of your personal data under certain conditions (Art. 17 GDPR). Note: All candidate data is automatically deleted after 30 days
  • Restriction: Request processing restrictions (Art. 18 GDPR)
  • Data portability: Receive your data in a structured, machine-readable format or request transfer to another controller (Art. 20 GDPR)
  • Objection: Object to processing based on legitimate interests (Art. 21 GDPR)
  • Withdraw consent: If processing is based on consent, you may withdraw it at any time without affecting prior lawful processing

To exercise your rights, ask questions about data processing, revoke consent, or request data portability, please email dpo@interiman-group.ch.

Right to lodge a complaint: If you believe your data is processed unlawfully, you may file a complaint with the Federal Data Protection and Information Commissioner or, if GDPR applies, with an EU supervisory authority.

10. Obligation to provide personal data

Providing your personal data is necessary to use our services. Without certain data, we cannot provide platform functionality. Failure to provide required data may prevent you from using our services.

11. Children’s data

Our service is not intended for anyone under 16 years old. We do not knowingly collect such data; if we become aware, we delete it immediately.

12. Updates to this statement

We may update this privacy policy periodically. The latest version is always available on our website and is effective from the date of publication.

Additionally, albedis’ privacy statement (a company of Interiman Group), accessible via https://www.interiman-group.ch/en/privacy-policy/ , also applies.

Last updated: January 5, 2026 For any questions or concerns regarding our data processing practices, please contact: Dionitech AG / E-mail: info@dionitech.com