Back to all policies

Privacy Policy – Resilio Ltd. (External)

Last Updated: March 6, 2026
Status: Compliant with Swiss nFADP & EU GDPR
Entity: Resilio Ltd, Lausanne, Switzerland EU Representative: Resilio France, Bordeaux, France

Introduction

Resilio Ltd. (“we,” “us,” or “our”), a Swiss limited company incorporated in Ecublens (Vaud), Switzerland, under number CHE-256.900.000, and spin-off from EPFL, provides digital environmental footprint assessment solutions. We are committed to protecting the privacy of our clients and website visitors. This policy outlines how we process personal data in compliance with the Swiss Federal Act on Data Protection (nFADP) and the General Data Protection Regulation (GDPR) where applicable.

Data Controller

The entity responsible for your personal data is:

Resilio Ltd. EPFL Innovation Park 1015 Lausanne, Switzerland

Email: privacy@resilio-solutions.com

CISO: Maximilien Valenzano, our DPO (Data Protection Officer)

External Data Processing (Clients & Users)

Types of Data Collected

  • Identity & Contact: First and last name optionally, company name, job position, workplace, business email, and business phone number.
  • Technical Data: We keep IP addresses, browser types and OS but never share or sell this data at any point. Only used for debugging and cybersecurity controls.
  • Assessment Data: Technical infrastructure data provided for environmental impact calculations (which may include professional contact info).
  • Sensitive Data: We do not collect any data that is considered to be sensitive, as defined in art. 5 let. c. LPD nor art. 9 and 10 GDPR.
  • How we collect data: The data is collected automatically with the use of cookies, usage reports and logs.
  • Prospection and marketing
  • Event management
  • Newsletter
  • Website interactions
  • Inbound contacts

Purpose of Processing

  • Service Delivery: To provide our SaaS platform and sustainability reports.
  • Communication: To handle inquiries and provide technical support.
  • Optimization: To improve our assessment algorithms and platform UX.

This data is never shared nor sold to third parties.

Tools and Applications Privacy Policies

This document serves as a general privacy policy for the entire company. For details on how we collect and process user data in our applications, please refer to their own privacy policies and Terms and Conditions available at Resilio Tech and Resilio DB.

Legal Basis for Processing

We process data based on the following legal pillars:

  • Contractual Necessity: To fulfill agreements with clients.
  • Legal Obligation: To comply with applicable tax and legal duties.
  • Legitimate Interests: To ensure the security of our infrastructure and improve our services.
  • Consent: Where explicitly provided (e.g., newsletter subscriptions).

Data Storage and Retention

  • Localization: We prioritize data storage on secure servers in Switzerland (Infomaniak) for External Data Processing. Our providers are individually certified to be compliant with GDPR and/or nFADP, and we ensure appropriate processing through subcontracting agreements.
  • Retention (Clients): Data is kept for the duration of the service agreement plus statutory retention periods (typically 10 years). We reserve the right to delete the client data at the end of the agreement. And the client can always request deletion (see next section).
  • Retention (Logs): Logs are automatically deleted after 1 year.

Your Rights

Under the nFADP and GDPR, you have the following rights regarding your data:

  • Right to Access: Request a copy of the data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion (provided there is no legal retention duty).
  • Right to Portability: Receive your data in a structured, machine-readable format.
  • Right to Objection

Please contact privacy@resilio-solutions.com to exercise the above rights.

Data Security

We implement "Privacy by Design" and "Privacy by Default" principles, including:

  • Encryption: SSL/TLS encryption for data in transit and at rest.
  • Access Control: Strict "need-to-know" access for employees.
  • Audits: Regular security reviews of our SaaS infrastructure, comprising of internal and external security audits.
  • Security Training: Our employees follow regular security trainings regarding general security topics, including but not limited to incident response plans.
  • Breach Reporting: We report breaches as soon as we identify what data has been leaked, right after an internal preliminary investigation of the incident.

Resilio's Information System Management System is ISO 27 001 certified, recognizing our effort in IT security. Resilio Ltd. provide services to its affiliate companies (R&K Assess Sarl [CH], and Resilio France SASU [FR]).

Updates

We may update this policy to reflect changes in our technology or Swiss/EU law. Significant changes will be communicated via our website.