Privacy Policy
Last updated: 22 May 2026
1. Data Controller
The controller responsible for the personal data processed via this website is:
FloConsulting
Florian Klett
Switzerland
Email: info@floconsulting.ch
2. Scope
This Privacy Policy applies to the websites floconsulting.ch and floconsulting.eu and their subdomains. It explains what personal data is processed when you visit the site, for what purpose, and on what legal basis.
The applicable frameworks are the revised Swiss Federal Act on Data Protection (revFADP, in force since 1 September 2023) and — where applicable — the EU General Data Protection Regulation (GDPR) for visitors from the EEA.
3. Data We Process
3.1 Server logs (strictly necessary)
When you visit this website, our hosting provider Cloudflare automatically processes technical data. This processing is essential for operating the site and protecting it from abuse.
- IP address (truncated / anonymised per Cloudflare configuration)
- date and time of access
- requested URL
- HTTP status code and bytes transferred
- referrer URL (if any)
- browser type, operating system, language
Purpose: serving the website, protection against attacks (bot detection, DDoS mitigation), error analysis.
Legal basis (GDPR): Art. 6(1)(f) — legitimate interest in secure operation.
Retention: per Cloudflare's standard log policy, typically up to 30 days.
3.2 Contact requests
If you contact us by email (info@floconsulting.ch) or via LinkedIn, we process the data you provide (name, email address, content of your message) to respond to your request.
Purpose: handling your enquiry, initiating possible business relationships.
Legal basis (GDPR): Art. 6(1)(b) (pre-contractual measures) or (f) (legitimate interest).
Retention: for as long as needed to handle your request and any follow-up. If a contract is concluded, statutory retention periods apply (e.g. 10 years under Swiss CO).
3.3 No analytics
This website uses no Google Analytics, no Matomo, no Facebook Pixel, no LinkedIn Insight Tag, and no comparable tracking tools. No profiling, no re-targeting, and no personalised advertising takes place.
4. Cookies
This website uses only strictly necessary cookies required for secure operation.
| Cookie | Provider | Purpose | Lifetime |
|---|---|---|---|
__cf_bm |
Cloudflare | Bot management — distinguishes humans from bots | 30 minutes |
cf_clearance (optional) |
Cloudflare | only set if a security challenge is triggered | up to 30 days |
floconsulting_cookie_ack |
FloConsulting | remembers that the cookie notice has been dismissed | 12 months (stored locally in your browser, never sent to a server) |
Because these are strictly necessary cookies, no consent under Art. 5(3) ePrivacy Directive is required. You can delete or block cookies in your browser at any time; blocking them may impair the functionality of the site.
5. Processors and Third-Party Recipients
5.1 Hosting: Cloudflare
The website is hosted on Cloudflare Workers Static Assets. Provider:
Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA
Cloudflare processes technical data on every page request (see section 3.1) and delivers content via its global network. Cloudflare is certified under both the Swiss-U.S. Data Privacy Framework (in force since 15 September 2024) and the EU-U.S. Data Privacy Framework (in force since 10 July 2023); the Swiss Federal Council and the European Commission have adopted adequacy decisions for these frameworks.
More information: cloudflare.com/privacypolicy
5.2 Email: amenic
Emails sent to info@floconsulting.ch are processed via the email provider amenic (Switzerland). The data remains in Switzerland.
5.3 External links
This website links to LinkedIn (linkedin.com/in/floklett). Once you follow that link, LinkedIn's privacy policy applies (LinkedIn Ireland Unlimited Company). We have no influence over LinkedIn's data processing.
6. International Data Transfers
As stated in section 5.1, technical data is transferred to Cloudflare in the United States. The transfer is covered by the Swiss-U.S. and EU-U.S. adequacy decisions. No further transfers to third countries take place.
7. Your Rights
To the extent revFADP or GDPR apply, you have the following rights:
- Access to the data we process about you (Art. 25 revFADP / Art. 15 GDPR)
- Rectification of inaccurate data (Art. 32(1) revFADP / Art. 16 GDPR)
- Erasure of your data (Art. 32(2) revFADP / Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 28 revFADP / Art. 20 GDPR)
- Objection to processing (Art. 30(2) revFADP / Art. 21 GDPR)
- Withdrawal of any consent you have given, with effect for the future
To exercise your rights, an informal message to info@floconsulting.ch is sufficient. We respond within 30 days.
8. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority:
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern — edoeb.admin.ch
- EU: with your national data protection authority (list at edpb.europa.eu)
9. Data Security
This website is delivered exclusively over HTTPS (TLS). Cloudflare provides DDoS protection and bot-abuse mitigation. Email communication over public networks is not end-to-end encrypted by default; sensitive information should therefore not be transmitted unencrypted by email.
10. Changes to This Privacy Policy
We reserve the right to amend this Privacy Policy to reflect changes in legal or technical conditions. The current version is always available on this page. The version applicable to your visit is the one published at that time.
11. AI Transparency — how we work with Artificial Intelligence
FloConsulting uses AI tools (in particular Claude by Anthropic) in client work and in our own outputs. We handle this within a fixed, documented framework and disclose it more openly than today's law (May 2026) requires. The points below reflect our own standard — and they anticipate the transparency obligations of the EU AI Act that become applicable on 2 August 2026.
11.1 The CEO decides. AI advises.
Core principle of our internal operating system (AIflowfactors OS): AI supports thinking and writing, but the final substantive responsibility — the editorial responsibility in the sense of Article 50(4) second sentence of the EU AI Act — always rests with a human.
11.2 The 4-Phase Gate System (the "4 E's")
No AI-assisted output leaves our system without passing four explicitly documented phases:
- E1 Explore — What is the idea? Who benefits? What already exists?
- E2 Evaluate — Risks, costs, feasibility, and data protection are reviewed.
- E3 Execute — Once approved, implementation begins.
- E4 Evolve — Results are reviewed, iterated, or sunset. Only after E4 is an output considered released.
These four gates are not optional: "4 phases are gates, not suggestions. No shortcuts." This applies to internal work as well as to client deliverables.
11.3 Classification of our AI-assisted outputs
Every output that leaves our shop carries a classification. It shows at a glance how far the output has progressed through the 4-phase process:
| Class | Meaning | Usage |
|---|---|---|
| A1 | Unreviewed (pre-E4 gate) — direct AI output, no editorial responsibility taken. | Internal drafts and brainstorming only. Never sent to third parties. |
| A2 | Partially reviewed (E1–E3 passed, E4 pending). | Interim states, iterations, status snapshots. |
| A3 | Fully passed (E1–E4 complete). A human carries editorial responsibility. | Standard for all outputs to clients, investors, authorities, and publications. |
11.4 Legal basis
We follow Article 50 of Regulation (EU) 2024/1689 (Artificial Intelligence Act). This regulation entered into force on 1 August 2024; the specific transparency obligations under Article 50 become applicable on 2 August 2026. We apply them proactively from today. For AI-assisted text that we release through E4 with editorial responsibility (class A3), the carve-out in Article 50(4) second sentence applies — we still make the disclosure, as a best-practice standard.
11.5 Philosophical foundation
Our framework builds on the AI Fluency Framework developed by Anthropic together with Prof. Rick Dakan and Prof. Joseph Feller (CC BY-NC-SA 4.0). It defines four competencies: Delegation, Description, Discernment (critically assessing AI output) and Diligence (taking responsibility). Our 4 E's are the operational translation of that posture into a phase-gate process.
11.6 Sources and further reading
- Regulation (EU) 2024/1689 (AI Act) — full text: eur-lex.europa.eu
- Article 50 (transparency obligations) — EU AI Act Service Desk: ai-act-service-desk.ec.europa.eu
- Anthropic — AI Fluency Framework (whitepaper PDF): anthropic.com
- Anthropic — Usage Policies: anthropic.com/legal/aup