Privacy Policy
Last updated: 10 December 2025
1) Who we are
Biowerkli is a project of HTLab AG, Churerstrasse 54 8808 Pfäffikon SZ. Our mission is to  empower the global biotech and advanced therapy community with transparent, accessible AI and smart biomanufacturing tools, accelerating the development, manufacturing, and release of safe, life-changing therapies for patients everywhere.
Contact (privacy): team@biowerkli.com,

2) Scope
This Policy explains how we collect and process personal data when you use our website (Biowerkli.org) and when you submit an application form to participate in Biowerkli activities.
3) What data we collect
From the application form
  • Identity & contact: title, name, email, country.
  • Profile & interests: fields of interest/industry, “what best describes you”.
  • Project information: free-text description of your idea (we treat this as confidential within our team).
  • Referral source: how you heard about Biowerkli (social media, event, referral, press, other, rather not say).
  • Attachments (optional): e.g., slide deck, publications, executive summary.
  • Consents: contact/processing consent, and separate consent for marketing communications (if chosen).
If you choose not to provide required fields (e.g., name, email, project description), we may be unable to process your application or respond to your request.

From website usage
  • Device/usage data (via analytics cookies if you accept cookies): pages viewed, events, approximate location, device/browser.
  • Basic technical logs for security (IP address, timestamps).
We do not intend to collect special-category data. Please do not upload medical, biometric, genetic data, or personal data of third parties.
4) Purposes & legal bases
  • Application intake, evaluation and communication (incl. scheduling, feedback, next steps):
  • Art. 6(1)(b) GDPR (pre-contractual/contract) and/or Art. 6(1)(f) (legitimate interests) to run an application process. You may object to processing based on legitimate interests (see Your rights).
  • Operating the website and ensuring security: Art. 6(1)(f) (legitimate interests).
  • Analytics & performance measurement (GA4): Art. 6(1)(a) (consent) via cookie banner.
  • Email newsletters, updates, events: Art. 6(1)(a) (consent) — opt-in only; you can withdraw anytime.
  • Record-keeping and legal compliance: Art. 6(1)(c)/(f).
5) AI-assisted processing
We use AI-assisted tools to help summarize, categorize and pre-review application materials.
  • Outputs are reviewed by our team; no decisions are made solely by automated means that produce legal or similarly significant effects (Article 22 GDPR).
  • Providers act as data processors under our instructions. We do not allow training of publicly available models on applicant data.
  • Whenever possible, we minimize or pseudonymize prompts (e.g., removing direct identifiers).
6) Where data comes from
Primarily from you via our forms and emails. We may also receive limited information from referrers (if you were introduced) or public sources relevant to your application.
7) Recipients and categories of recipients
We do not sell personal data. We share it only with trusted service providers acting as processors under data-processing agreements and confidentiality:
  • Website hosting / content management platform (category): to operate our site.
  • Google Workspace (Docs/Sheets/Drive): to store and manage application submissions coming from our forms.
  • Email service provider (e.g., our corporate email) to communicate with applicants.
  • Web analytics provider (Google Analytics 4): only if you consent to analytics cookies.
  • AI service providers used for assisted review (as processors, with opt-out from training and restricted retention).
  • Professional advisors or authorities only if legally required.
We maintain an up-to-date list of our main processors upon request and may publish it at /service-providers.
8) International transfers
Some providers may process data outside the EEA/Switzerland (e.g., the United States). Where this occurs, we use appropriate safeguards, such as the EU-US / Swiss-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs), plus supplementary measures where necessary.
Based on our current assessment, an EU/UK representative is not required; we will update this section if our assessment changes.
9) Cookies and similar technologies
We use a cookie banner with options (Accept all / Manage).
  • Necessary cookies run by default for security and core functionality.
  • Analytics cookies (GA4) run only with your consent.
  • You can change your preferences at any time via the cookie settings link on our site. See our Cookie Policy for details.
10) Data retention
  • Application data (including attachments): kept up to 24 months from the last interaction, then deleted or anonymized, unless a longer period is required by law or you join a program (then we reset the period as needed to deliver services).
  • Marketing contacts: until you unsubscribe or withdraw consent.
  • Analytics data: retained per GA4 configuration and consent.
  • We apply minimization and review periods; you can request earlier deletion.
11) Security
We use administrative, technical and organizational measures: role-based access, least-privilege, MFA, encrypted transport, restricted sharing in Google Drive, regular reviews, and processor contracts with confidentiality and security requirements.
We take appropriate measures to protect personal data. If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent authority and, where required, affected individuals without undue delay, and provide relevant information and support.
12) Children
Our services are not directed to children under 16. We do not knowingly collect data from children. If you believe a minor has submitted data, contact us and we will delete it.
13) Your rights (EEA/UK/Switzerland)
You have the right to access, rectify, erase, restrict processing, object (including to processing based on legitimate interests and to direct marketing), and data portability, as well as the right to withdraw consent at any time (without affecting prior processing).
Requests: team@Biowerkli.org
You have the right to lodge a complaint with your local Data Protection Authority in the EEA/UK, or with the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland, if you consider that our processing infringes applicable data-protection law.



Made on
Tilda