This privacy policy informs you about the processing of personal data in connection with our activities and operations, including our website under the domain name
For specific or additional activities and operations, we may publish further privacy policies or additional information on data protection.
We are subject to Swiss data protection law as well as any applicable foreign data protection laws, particularly those of the European Union (EU) under the General Data Protection Regulation (GDPR).
The European Commission recognized on July 26, 2000, that Swiss data protection law provides an adequate level of data protection. In a report dated January 15, 2024, the European Commission confirmed this adequacy decision.
Responsibility for the Processing of Personal Data:
Simon Jenny
Kuvvu GmbH
zappzy by Kuvvu
c/o Stieger Treuhand AG
Neuhofstrasse 5
8645 Jona
Switzerland
In certain cases, third parties may be responsible for the processing of personal data, or there may be shared responsibility with third parties.
We have the following Data Protection Officer or Data Protection Advisor as the point of contact for individuals and authorities regarding data protection inquiries:
Simon Jenny
Kuvvu GmbH
zappzy by Kuvvu
c/o Stieger Treuhand AG
Neuhofstrasse 5
8645 Jona
Switzerland
We have the following data protection representative in accordance with Article 27 of the GDPR:
Kuvvu GmbH
2nd, 3rd, 4th floor
Aspazijas bulvaris 20
Riga 1050
Latvia
The data protection representative serves as an additional point of contact for individuals and authorities in the European Union (EU) and the rest of the European Economic Area (EEA) for inquiries related to the GDPR.
Clearly Explained
In this section, we explain how you can contact zappzy. If you have questions about data protection, you can reach out to our responsible contact. For inquiries from the EU, we have established a representative in Latvia as an additional point of contact.
Data Subject: A natural person whose personal data we process.
Personal Data: Any information relating to an identified or identifiable natural person.
Particularly sensitive personal data: Data relating to union membership, political, religious, or philosophical views and activities, health, intimate sphere, or ethnic or racial origin, as well as genetic data, biometric data that uniquely identify a natural person, data on criminal and administrative sanctions or prosecutions, and data on social welfare measures.
Processing: Any handling of personal data, regardless of the methods and procedures used, such as querying, matching, adjusting, archiving, retaining, retrieving, disclosing, obtaining, recording, collecting, deleting, revealing, sorting, organizing, storing, modifying, distributing, linking, destroying, and using personal data.
European Economic Area (EEA): Member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.
We process personal data in accordance with Swiss data protection law, particularly the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (OFADP).
We process personal data, if and to the extent that the General Data Protection Regulation (GDPR) is applicable, in accordance with at least one of the following legal bases:
Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data for the performance of a contract with the data subject, as well as for the implementation of pre-contractual measures.
Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data to protect the legitimate interests of us or of third parties, unless the fundamental freedoms, rights, and interests of the data subject prevail. Legitimate interests are, in particular, our interest in being able to carry out our activities and operations permanently in a user-friendly, secure, and reliable manner, as well as to communicate about them, to ensure information security, to protect against misuse, to enforce our own legal claims, and to comply with Swiss law.
Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data to comply with a legal obligation to which we are subject under any applicable law of Member States in the European Economic Area (EEA).
Art. 6 para. 1 lit. e GDPR for the necessary processing of personal data for the performance of a task carried out in the public interest.
Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.
Art. 9 para. 2 et seq. GDPR for the necessary processing of special categories of personal data, in particular with the consent of the data subjects.
The European General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data and the processing of sensitive personal data as the processing of special categories of personal data (Art. 9 GDPR).
Clearly Explained
In this section, we explain important terms related to data protection, such as what personal data is and what it means to process it. We also inform you about the legal basis on which we process your data, particularly under Swiss data protection law and, if applicable, under the EU General Data Protection Regulation (GDPR).
We process personal data that is necessary to carry out our activities and operations in a permanent, user-friendly, secure, and reliable manner. Such personal data may, in particular, fall into categories such as browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, insofar as such processing is permitted by law.
We process personal data as necessary with the consent of the data subjects. In many cases, we may process personal data without consent, for example, to fulfill legal obligations or to protect overriding interests. We may also request consent from data subjects, even when consent is not required.
We process personal data for as long as necessary for the respective purpose. We anonymize or delete personal data, particularly in accordance with statutory retention and limitation periods.
Clearly Explained
In this section, we explain what personal data we collect, how we use it, and why we process it. We only collect the personal data necessary to offer our services in a sustainable, reliable, user-friendly, secure, and efficient manner. We process your data only as long as necessary for its purpose and may share it with trusted third parties while ensuring data protection. We process your data with your consent or if legally permitted, for example, to fulfill a contract.
We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. These third parties are primarily specialized providers whose services we use.
We may disclose personal data, for example, to banks and other financial service providers, authorities, educational and research institutions, consultants and attorneys, interest groups, IT service providers, cooperation partners, credit and credit reporting agencies, logistics and shipping companies, marketing and advertising agencies, media, organizations and associations, social institutions, telecommunications companies, and insurance providers.
Clearly Explained
We sometimes share personal data with third parties or have it processed by third parties, such as specialized service providers who support us. Such third parties may include banks, authorities, consultants, IT service providers, logistics companies, marketing agencies, media, and other organizations.
We process personal data to be able to communicate with third parties. In this context, we particularly process data provided by a data subject when contacting us, for example, by postal mail or email. We may store such data in an address book or similar tools.
Third parties who transmit data about other individuals are obligated to ensure data protection for those individuals. This includes, among other things, ensuring the accuracy of the transmitted personal data.
Clearly Explained
We process personal data to communicate with third parties. We may store this data. Third parties who transmit data about other individuals must ensure that the privacy rights of these individuals are respected.
We take suitable technical and organizational measures to ensure data security appropriate to the respective risk. Our measures specifically ensure the confidentiality, availability, traceability, and integrity of the personal data processed, although we cannot guarantee absolute data security.
Access to our website and other online presence is secured through transport encryption (SSL/TLS, particularly with Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers warn users before visiting websites without transport encryption.
Our digital communications, like all digital communications in principle, are subject to mass surveillance without cause or suspicion and other monitoring by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the corresponding processing of personal data by secret services, police agencies, and other security authorities. Nor can we rule out the possibility that an individual may be specifically monitored.
Clearly Explained
In this section, we explain how we protect your data, though we cannot guarantee absolute security. Our website uses encrypted connections (HTTPS), indicated by the padlock symbol in the browser. Please note that digital communication may be monitored by authorities, which is beyond our control.
We process personal data mostly in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular to process it or have it processed there.
We may export personal data to any country worldwide, provided that the laws of that country ensure adequate data protection according to a decision by the Swiss Federal Council and, if and to the extent that the General Data Protection Regulation (GDPR) is applicable, in accordance with the decision of the European Commission.
We may transfer personal data to countries whose laws do not ensure adequate data protection, provided that data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or with other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the specific requirements under data protection law are met, such as the express consent of the data subjects or a direct connection with the conclusion or performance of a contract. We will be happy to provide data subjects with information about any guarantees or a copy of any guarantees upon request.
Clearly Explained
In this section, we explain how we transfer your personal data abroad. While we mainly process your data in Switzerland and the EEA, we may also transfer it to other countries. In doing so, we ensure that an adequate level of data protection is maintained, either through local laws or special agreements. In specific cases, we will only transfer your data with your explicit consent or if required for a contract.
We grant data subjects all rights in accordance with applicable data protection laws. In particular, data subjects have the following rights:
Access: Data subjects can request information as to whether we process personal data about them and, if so, what personal data is involved. Data subjects will also receive the information necessary to exercise their data protection rights and to ensure transparency. This includes the specific personal data being processed, along with details such as the purpose of processing, retention period, any disclosure or transfer of data to other countries, and the origin of the personal data.
Correction and Restriction: Data subjects can request the correction of incorrect personal data, the completion of incomplete data, and the restriction of the processing of their data.
Erasure and Objection: Data subjects can request the deletion of personal data ('right to be forgotten') and object to the processing of their data with effect for the future.
Release and Transfer of Data: Data subjects can request the release of personal data or the transfer of their data to another controller.
We may suspend, restrict, or refuse the exercise of the rights of data subjects to the extent permitted by law. We may inform data subjects of any requirements they must meet in order to exercise their rights under data protection law. For example, we may refuse to provide information in whole or in part by referring to confidentiality obligations, overriding interests, or the protection of other persons. We may also, for example, refuse to delete personal data in whole or in part by referring to statutory retention obligations.
We may charge fees for the exercise of rights in exceptional cases. We inform data subjects in advance of any costs.
We are required to take appropriate measures to identify data subjects who request information or exercise other rights. Data subjects are required to cooperate.
Data subjects have the right to enforce their data protection claims through legal action or to file a report or complaint with a data protection supervisory authority.
The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
European data protection supervisory authorities are organized as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), data protection supervisory authorities are structured federally, particularly in Germany.
Clearly Explained
In this section, we inform you about your rights regarding your personal data. You have the right to request information about whether and which personal data we process about you, to request corrections, to ask for the deletion of your data, or to object to further processing. In certain cases, we may limit your rights, for example, due to legal requirements. If you have complaints, you can contact the relevant data protection authority, which in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
We may use cookies. Cookies, including our own (first-party cookies) as well as cookies from third parties whose services we use (third-party cookies), are data stored in the browser. Such stored data is not limited to traditional text-based cookies.
Cookies can be stored in the browser temporarily as 'session cookies' or for a specified period as 'permanent cookies.' 'Session cookies' are automatically deleted when the browser is closed. Permanent cookies have a defined storage duration. Cookies enable, in particular, the recognition of a browser upon subsequent visits to our website and can be used, for example, to measure the reach of our website. Permanent cookies can also be used for online marketing purposes.
Cookies can be completely or partially deactivated and deleted in the browser settings at any time. Without cookies, our website may no longer be fully available. We actively request explicit consent for the use of cookies, where necessary.
For cookies used for performance and reach measurement or for advertising, a general opt-out is available for many services through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
For each access to our website and other online presence, we may log at least the following information, provided it is transmitted to our digital infrastructure during such access: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed including data volume transferred, and the last website accessed in the same browser window (referrer).
We store such information, which may also constitute personal data, in server log files. This information is necessary to ensure the continuous, user-friendly, and reliable availability of our website and to maintain data security, particularly to protect personal data — including through third parties or with the assistance of third parties.
We may use tracking pixels in our online presence. Tracking pixels, also known as web beacons, are typically small, invisible images or JavaScript scripts that are automatically retrieved when accessing our online presence. Tracking pixels—also from third parties whose services we use—can capture at least the same information as log files.
Clearly Explained
In this section, we explain how we process your data when you use our website. We may use cookies to enhance the user experience on our website. You can disable or delete cookies in your browser settings, but doing so may limit the availability of certain website functions. We collect technical information such as the date, time, IP address, browser, and operating system to ensure the security and functionality of our website. Additionally, we may use tracking pixels (web beacons) to analyze and improve the usage of our website.
Notifications and communications may contain web links or tracking pixels that record whether an individual message was opened and which web links were clicked. Such web links and tracking pixels may also track the usage of notifications and communications on an individual basis. We need this statistical recording of usage for performance and reach measurement to send notifications and communications effectively and in a user-friendly, sustainable, secure, and reliable manner, based on the needs and reading habits of recipients.
In general, you must expressly consent to the use of your email address and other contact information, unless such use is permitted for other legal reasons. When applicable, we use the 'double opt-in' procedure, meaning you will receive an email with a link that you must click to confirm, to prevent misuse by unauthorized third parties. We may log such consents, including IP address, date, and time, for evidence and security purposes.
In general, you can object to receiving notifications and communications, such as newsletters, at any time. By making such an objection, you can also opt out of the statistical tracking of usage for performance and reach measurement. Essential notifications and communications related to our activities and operations are excluded from this objection.
We send notifications and communications with the help of specialized service providers.
We use in particular:
KuvvuFly: Email delivery platform; Provider: Kuvvu GmbH (Switzerland); Data Protection Information: Privacy Policy.
Clearly Explained
In this section, we explain how we send notifications via email. These messages may contain tracking pixels to measure whether they were opened and which links were clicked to enhance our communications. You must consent to the use of your email address, typically through a 'double opt-in' process, and you can withdraw this consent at any time. We use specialized service providers to send these messages.
We are present on social media platforms and other online platforms to communicate with interested individuals and provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).
The terms and conditions (GTCs), terms of use, privacy policies, and other provisions of each platform operator also apply. These provisions inform, in particular, about the rights of data subjects directly regarding the respective platform, including the right to access information.
Clearly Explained
In this section, we explain that we are present on social media platforms to communicate with you and provide information about our activities. The terms and privacy policies of these platforms apply, informing you of your rights.
We use the services of specialized third parties to perform our activities and operations in a sustainable, user-friendly, secure, and reliable manner. Such services allow us to embed functions and content on our website, among other things. In the case of such embedding, the services record users' IP addresses, at least temporarily, for technically necessary reasons.
For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. This may include performance or usage data required to provide the respective service.
We use in particular:
Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland), partially for users in the European Economic Area (EEA) and in Switzerland; General Data Protection Information: 'Principles for Privacy and Security', 'Information on How Google Uses Personal Data', Privacy Policy, 'Google is committed to complying with applicable data protection laws.', 'Privacy Guide for Google Products', 'How We Use Data from Sites or Apps That Use Our Services', 'Types of Cookies and Similar Technologies Used by Google', 'Ads You Can Influence' ('Personalized Advertising').
Microsoft Services: Providers: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), Switzerland, and the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; General Data Protection Information: 'Privacy at Microsoft', 'Data Protection and Privacy', Privacy Policy, 'Data and Privacy Settings'.
We use services from specialized third parties to obtain the necessary digital infrastructure for our activities and operations. These include hosting and storage services from selected providers.
We use in particular:
DigitalOcean: Digital infrastructure; Provider: DigitalOcean LLC (USA); Exclusively for the www.trustlytics.ch website and not for the analytics service (product); Data Protection Information: Privacy Policy, 'Trust Platform'.
Hetzner: Hosting and Other Infrastructure; Providers: Hetzner Online GmbH / Hetzner Cloud GmbH (both in Germany); Data Protection Information: Privacy Policy, 'Data Protection FAQ'.
We use specialized service providers to process our customers' payments securely and reliably. The general terms and conditions (GTC) or privacy policies of each service provider also apply to payment processing.
We use in particular:
Paddle: Payments Processing; Providers: Paddle.com Market Limited (United Kingdom) / Paddle Payments Limited (Ireland) for users in the European Economic Area (EEA) and in Switzerland / Paddle.com Inc (USA) for users in the rest of the world; Data Protection Information: Privacy Policy, 'GDPR Readiness', 'Trust Center'.
We use the option to display targeted advertising through third parties, such as social media platforms and search engines, to promote our activities and operations.
We aim to use such advertising to reach people who are already interested in our activities and operations or who might be interested in them (remarketing and targeting). For this purpose, we may transmit relevant, potentially personal, information to third parties that enable such advertising. We can also determine whether our advertising is successful, specifically if it leads to visits to our website (conversion tracking).
Third parties with whom we advertise and where you are registered as a user may be able to associate your use of our website with your profile on their platform.
We use in particular:
Google Ads: Search Engine Advertising; Provider: Google; Google Ads-Specific Information: Advertising based, among other things, on search queries, with various domain names—particularly doubleclick.net, googleadservices.com, and googlesyndication.com—used for Google Ads , Privacy Policy for Advertising, 'Manage Displayed Ads Directly Through Ad Settings'.
LinkedIn Ads: Social Media Advertising; Providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); Data Protection Information: Remarketing and Targeting, particularly with the LinkedIn Insight Tag, 'Data Protection', Privacy Policy, Cookie Policy, Opt-Out of Personalized Advertising.
Meta Ads: Social Media Advertising (Facebook and Instagram); Providers: Meta Platforms Ireland Limited (Ireland) other Meta companies (including in the USA); Data Protection Information: Targeting, including retargeting, particularly with the Meta Pixel and Custom Audiences including Lookalike Audiences, Privacy Policy, 'Ad Preferences' (User Login Required).
Microsoft Advertising: Search Engine Advertising (Bing, DuckDuckGo, Yahoo!, and other search engines); Provider: Microsoft; Microsoft Advertising-Specific Information: 'Legal, Privacy, and Personalization', 'Ad Settings' (Opt-Out of Personalized Advertising).
Pinterest Ads: Social Media Advertising; Providers: Pinterest Inc. (USA) / Pinterest Europe Ltd. (Ireland) for users in the European Economic Area (EEA); Data Protection Information: Remarketing and targeting, particularly with the Pinterest Tag, 'Privacy, Safety, and Legal', Privacy Policy, 'Personalization and Data', 'Personalized Ads on Pinterest', 'Data Sharing on Pinterest', Cookie Policy.
TikTok Ads: Social Media Advertising; Providers: TikTok Information Technologies UK Limited (United Kingdom) and TikTok Technology Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom, and Switzerland / TikTok Inc. (USA) for users in the USA / TikTok Pte. Ltd. (Singapore) for users in the rest of the world; Data Protection Information: Remarketing and targeting, particularly with the TikTok Pixel, Privacy Policy, 'Privacy Policy for Younger Users', Cookie Policy, 'TikTok for Business- Privacy and Cookie Policy'.
X Ads: Social Media Advertising; Providers: Twitter International Unlimited Company (Ireland) for users in the European Economic Area (EEA) and the United Kingdom / X Corp. (USA) for users in the rest of the world; Data Protection Information: Privacy Policy, 'Additional Information on Data Processing', 'Personalization Based on Inferred Identity', 'Privacy Controls for Personalized Ads'.
Clearly Explained
In this section, we explain that we use third-party services to make our website and services reliable, user-friendly, secure, and efficient. These services may provide features and content and may need to collect at least your IP address for technical reasons. For security and statistical purposes, these providers may process data in an anonymized or pseudonymized form. We use specialized providers for digital infrastructure, communication, payments, and advertising.
We strive to measure the performance and reach of our activities and operations. In this context, we may also assess the impact of third-party references or analyze how different parts or versions of our online offerings are used (A/B testing method). Based on the results of performance and reach measurement, we can resolve issues, enhance popular content, or implement improvements.
In most cases, IP addresses of individual users are collected for performance and reach measurement. IP addresses are typically shortened ('IP masking') in order to follow the principle of data minimization through pseudonymization.
Performance and reach measurement may involve the use of cookies and the creation of user profiles. Any user profiles created may include, for example, individual pages visited or content viewed on our website, information about the size of the screen or browser window, and the approximate location. In general, any user profiles are created exclusively in a pseudonymized form and are not used to identify individual users. Certain third-party services, where users are registered, may potentially link the use of our online offerings to the user account or profile on the respective service.
We use in particular:
Trustlytics: Performance and Reach Measurement; Provider: Kuvvu GmbH, Trustlytics by Kuvvu (Switzerland); Data Protection Information: Maximum data protection without the processing of personal data and without cookies, Privacy Policy.
Clearly Explained
In this section, we explain how we analyze website usage to improve it. We store shortened IP addresses and create pseudonymized user profiles. This data helps us measure reach and strengthen popular content without identifying individual users. We use specialized service providers for this analysis.
We may update and amend this privacy policy at any time. We will inform you of such updates in an appropriate manner, particularly by publishing the latest version of the privacy policy on our website.
Rapperswil-Jona, November 2024
Clearly Explained
In this section, we explain how and when we update our privacy policy.