DE
EN
Home
Projects
Services
About
News
Bla Bla Lab
JobsKontaktImprint & DisclaimerPrivacy Policy

Privacy Policy

Last updated: [15.06.2026

This Privacy Policy informs you about the processing of personal data in connection with our activities and operations, including our website at livelab.com. In particular, we explain for what purposes, how, and where we process personal data. We also inform you about the rights of persons whose data we process.

For specific or additional activities and operations, we may publish further privacy policies or other data protection information.

We are subject to Swiss law and, where applicable, foreign law, in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR).

By decision of 26 July 2000, the European Commission recognised that Swiss data protection law provides an adequate level of protection. By report of 15 January 2024, the European Commission confirmed this adequacy decision.

Table of Contents

  1. Contact Details
  2. Definitions and Legal Bases
  3. Nature, Scope and Purpose of Personal Data Processing
  4. Disclosure of Personal Data
  5. Communication
  6. Data Security
  7. Personal Data Abroad
  8. Rights of Data Subjects
  9. Use of the Website
  10. Location Detection via IP Address
  11. Social Media
  12. Third-Party Services
  13. Success and Reach Measurement
  14. Final Notes

1. Contact Details

The data controller for data protection purposes is:

Live Lab AG

Badenerstrasse 109

8004 Zurich

Switzerland

Email: info@livelab.com

In individual cases, third parties may be responsible for the processing of personal data, or joint responsibility with third parties may exist. We are happy to provide data subjects with information about the respective responsibility upon request.

2. Definitions and Legal Bases

2.1 Definitions

Data Subject: A natural person about whom we process personal data.

Personal Data: All information relating to an identified or identifiable natural person.

Sensitive Personal Data: Data concerning trade union, political, religious or philosophical views and activities, health data, data about intimate life or ethnic or racial origin, genetic data, biometric data uniquely identifying a natural person, data concerning criminal or administrative sanctions or proceedings, and data concerning social welfare measures.

Processing: Any operation carried out on personal data, regardless of the means and procedures used, such as querying, matching, adapting, archiving, retaining, reading, disclosing, procuring, recording, collecting, deleting, disclosing, organising, storing, modifying, disseminating, linking, destroying, and using personal data.

European Economic Area (EEA): Member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway.

2.2 Legal Bases

We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (FADP) and the Data Protection Ordinance (DPO).

Where and to the extent the General Data Protection Regulation (GDPR) applies, we process personal data on the basis of at least one of the following legal grounds:

  • Art. 6(1)(b) GDPR for the processing of personal data necessary for the performance of a contract with the data subject and for the implementation of pre-contractual measures.
  • Art. 6(1)(f) GDPR for the processing of personal data necessary to pursue our legitimate interests, unless such interests are overridden by the fundamental freedoms and rights and interests of the data subject. Such interests include in particular the permanent, secure and reliable conduct of our activities and operations, ensuring information security, protection against misuse, enforcement of our own legal claims and compliance with Swiss law.
  • Art. 6(1)(c) GDPR for the processing of personal data necessary for compliance with a legal obligation.
  • Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6(1)(d) GDPR for the processing of personal data necessary to protect the vital interests of the data subject or another natural person.

3. Nature, Scope and Purpose of Personal Data Processing

We process the personal data necessary to carry out our activities and operations on a permanent, secure and reliable basis. The personal data processed may include in particular the following categories: browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data and payment data.

We also process personal data that we receive from third parties, obtain from publicly available sources, or collect in the course of our activities and operations, to the extent such processing is permissible.

We process personal data, where necessary, with the consent of the data subjects. In many cases, we may process personal data without consent, for example to fulfil legal obligations or to pursue overriding interests.

We process personal data for the period necessary for the respective purpose. We anonymise or delete personal data in particular depending on statutory retention and limitation periods.

4. Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties may include, for example, specialised service providers whose services we use (see Section 12).

In the course of our activities and operations, we may in particular disclose personal data to authorities, advisors and lawyers, IT service providers, hosting and streaming providers, marketing and analytics providers, parent, sister and subsidiary companies, and payment service providers.

5. Communication

We process personal data in order to communicate with individuals as well as with authorities, organisations and companies. In doing so, we process in particular data that a data subject transmits to us when making contact, for example by email or contact form. We may store such data in an address book or with comparable tools.

Third parties who transmit data about other persons to us are obliged to ensure the data protection of those data subjects independently.

6. Data Security

We take appropriate technical and organisational measures to ensure a level of data security appropriate to the respective risk. Our measures in particular ensure the confidentiality, availability, traceability and integrity of the personal data processed, without however being able to guarantee absolute data security.

Access to our website is encrypted via transport encryption (SSL/TLS, HTTPS).

7. Personal Data Abroad

We generally process personal data in Switzerland and in the European Economic Area (EEA). However, as we use services from providers based in the United States of America (USA) (in particular Webflow, Google, Vimeo, Apple, Spotify, Amazon, YouTube, Finsweet and Cloudflare), personal data is regularly also transferred to the USA and possibly to other third countries.

Where an adequate level of data protection is not already guaranteed by an adequacy decision of the Swiss Federal Council or the European Commission (e.g. EU-U.S. Data Privacy Framework / Swiss-U.S. Data Privacy Framework for certified companies), we base the transfer on Standard Contractual Clauses (SCCs) or other appropriate safeguards. In exceptional cases, we may transfer personal data on other legal grounds, in particular with the explicit consent of the data subjects or in the context of contract performance.

We are happy to provide data subjects with information about any applicable safeguards or provide a copy thereof upon request.

8. Rights of Data Subjects

8.1 Data Protection Rights

We grant data subjects all rights under applicable law, in particular:

  • Access: the right to know whether and which personal data we process.
  • Rectification and Restriction of inaccurate or incomplete data.
  • Erasure and Objection ("right to be forgotten").
  • Data Portability.
  • Withdrawal of Consent with effect for the future.

We may defer, restrict or refuse the exercise of these rights to the extent permitted by law, for example by reference to statutory retention obligations or overriding interests.

We are obliged to identify data subjects making access requests using appropriate measures. Data subjects are required to cooperate.

8.2 Legal Recourse

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC), www.edoeb.admin.ch.

Data subjects from the EEA may contact their national supervisory authority.

9. Use of the Website

9.1 Hosting

Our website is hosted by:

Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. Webflow provides the technical infrastructure (hosting, CDN, forms, CMS) for the operation of our website. When you access our website, Webflow necessarily processes technical access data (in particular IP address, browser and device information, date/time, referrer). Webflow privacy notice: https://webflow.com/legal/privacy.

9.2 Cookies and Similar Technologies

We may use cookies and similar technologies (e.g. Local Storage) — both our own (first-party cookies) and those from third parties whose services we use (third-party cookies).

Cookies may be stored temporarily as "session cookies" or as permanent cookies. Cookies can be disabled, restricted or deleted in whole or in part at any time in the browser settings. Without cookies, our website may no longer be fully available.

9.3 Cookie Consent (Consent Management)

To obtain, manage and document consent to the setting of non-essential cookies and similar technologies (in particular for analytics, marketing and the loading of third-party content such as Vimeo, YouTube or Spotify), we use the consent management tool Finsweet Cookie Consent Pro.

On the first visit to our website, a banner is displayed through which users can grant, reject or selectively manage their consent to individual cookie categories (e.g. necessary, statistics, marketing). The selection made is stored locally in the browser (in cookies and/or Local Storage) so that we can take the consent into account on subsequent visits. Consent can be adjusted or withdrawn at any time via the "Cookie Settings" link available on the website, with effect for the future.

The tool runs client-side; to our knowledge, consent data is not transmitted to Finsweet as the provider. The legal basis for the use of the consent tool is our legal obligation to obtain consent (Art. 6(1)(c) GDPR) or our legitimate interest in providing the website in a legally compliant manner (Art. 6(1)(f) GDPR).

Provider: Finsweet (USA). Further information: https://www.finsweet.com/.

9.4 Server Logs

When you access our website, access data is technically necessarily transmitted to and logged by our hosting provider (Webflow). This includes in particular: date and time, IP address, HTTP status code, operating system, browser including language and version, accessed sub-page including data volume transferred, and referrer.

This information is necessary to provide our website on a permanent, secure and reliable basis and to ensure data security.

10. Location Detection via IP Address

When you access our website, we carry out an automatic geolocation based on the IP address of the user. On this basis, we determine the approximate country or region and adapt certain content of our website regionally (in particular the order in which office locations are displayed and the selection of regionally relevant content).

For this function, we use the publicly accessible geolocation endpoint of Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA (hereinafter "Cloudflare"). When our website is accessed, a request is sent from your browser to Cloudflare’s servers (https://www.cloudflare.com/cdn-cgi/trace). Your device’s IP address is thereby transmitted to Cloudflare in the USA. Cloudflare determines the country code (e.g. "CH", "DE", "AE") based on the IP address and returns this to our website. No further information such as region, city or time zone is queried via this endpoint.

The returned country code is processed exclusively and briefly in the browser for evaluation on our side and is not permanently linked to further personal data. No identification of individual users by us occurs through this function. We store neither the IP address nor the country code on our own systems.

Cloudflare independently decides on the processing of data on its own servers. Cloudflare is certified under the EU-U.S. Data Privacy Framework and offers Standard Contractual Clauses (SCCs) as an additional protective mechanism. According to the provider’s information, the IP address is processed briefly in the context of this geolocation and is not used for profiling or advertising purposes. Cloudflare’s privacy policy is available at https://www.cloudflare.com/privacypolicy/.

Third country transfer: The transfer of the IP address to Cloudflare takes place in the USA and constitutes a transfer to a third country. Cloudflare is certified under the EU-U.S. Data Privacy Framework; to the extent the transfer cannot already be based on this adequacy mechanism, we additionally base it on Standard Contractual Clauses or – within the scope of statutory exceptions – on our legitimate interest in providing our website in a regionally adapted manner (Art. 6(1)(f) GDPR or Art. 17 FADP in conjunction with Art. 16 et seq. FADP).

Legal basis and consent: The legal basis for processing is our legitimate interest in the needs-based, regionally adapted provision of our website (Art. 6(1)(f) GDPR or Art. 31(1) FADP). If and to the extent that consent is required for this function under applicable law, we obtain it before activating the function via our consent banner (see Section 9.3). If consent is refused or withdrawn, our website will be displayed with the respective default order; no loss of functionality is associated with this.

11. Social Media

We are present on social media platforms and other online platforms in order to communicate with interested persons and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The general terms and conditions, terms of use and privacy policies of the individual operators of such platforms also apply.

12. Third-Party Services

We use services from specialised third parties to operate our website, integrate functions and deliver content. When integrating such services, for technically mandatory reasons, the IP addresses of users are at least temporarily transmitted to the providers.

12.1 Hosting and Infrastructure

12.2 Video Hosting and Streaming

We embed videos on our website that are delivered via the following services:

  • Vimeo (Vimeo.com, Inc., USA) – video platform for embedded videos. When embedded videos are accessed, connection data (in particular IP address, device and browser data, possibly cookies) is transmitted to Vimeo. Privacy: https://vimeo.com/privacy.
  • Bunny.net (BunnyWay d.o.o., Slovenia / EU) – content delivery network and video streaming for self-hosted video content. When videos are accessed, connection data (in particular IP address, device and browser data) is transmitted to Bunny.net and its edge servers. Privacy: https://bunny.net/privacy.

12.3 Podcast Platforms

We embed podcast players and/or links to the following platforms on our website. When a player or link is clicked or an embedded player is played, data (in particular IP address, device and browser data, possibly cookies and – for logged-in users – profile information) is transmitted to the respective provider:

For embedded players (in particular Spotify and YouTube), the provider may collect data when the relevant page is accessed, even if the media is not actively played. Where required by law, such embeds are only activated with the consent of users (e.g. via a click-to-load mechanism or the cookie banner).

12.4 Fonts

Where we use web fonts, these are – where possible – delivered from our own or Webflow infrastructure, so that no additional data transmission to third-party providers such as Google Fonts takes place.

13. Success and Reach Measurement

We measure the success and reach of our website in order to fix errors, strengthen popular content and improve our offering.

Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited (Ireland) and Google LLC (USA) – hereinafter “Google”. Google Analytics uses cookies and similar technologies as well as pseudonymised identifiers to analyse the use of our website.

In particular, the following data is collected via Google Analytics: truncated IP address (IP masking), device and browser data, approximate location (country/region), pages visited, time spent, referrer and interactions with the website. A full transfer of the IP address to Google in the USA only occurs in exceptional cases.

Processing is based on the consent of users (Art. 6(1)(a) GDPR), which we obtain via our cookie banner. Consent can be withdrawn at any time with effect for the future.

Further information:

Google Tag Manager

Where we use the Google Tag Manager, it serves exclusively to manage integrated tags and scripts. The Google Tag Manager itself does not create user profiles and does not set cookies. However, the privacy policies of the respective integrated services apply.

14. Final Notes

We may update this Privacy Policy at any time. We will inform you of updates in an appropriate manner, in particular by publishing the current version of the Privacy Policy on our website.

Live is the most powerful communication.

JobsContactImprint & DisclaimerPrivacy Policy
Sign up for our newsletter and stay connected:
You're on the list. The good stuff is heading your way!
Oops, something went wrong. Try again – we promise it’s worth it.