Privacy Policy

Last Updated: 20.10.2021/ V01.4

Welcome to uplyfe.io (the “Site”) or to the Uplyfe App (the “App”), owned and operated by
Uplyfe AG, a company formed under the laws of Switzerland with domicile in Zurich, Switzerland
(collectively “AG” or “we”). This Privacy Policy governs the use of the Site and the use of the App,
which is sold directly or indirectly via the website, including – unless otherwise stated – as well as
any services in connection with these products (the “Services”). We are responsible for data
processing under this data privacy notice in connection with the use of our app. If you have any
questions regarding this data privacy notice, you can contact us at:
The responsible body within the meaning of the data protection laws, in particular the EU
General Data Protection Regulation (GDPR), is

Uplyfe AG
8046 Zürich
E-Mail: hello@uplyfe.io
Website: www.upyfe.io

I. General information

With this Privacy Policy we would like to inform you about how we process personal data within
the scope of our business activities and inform you about your rights. We are aware of the
importance of processing personal data for you as a user and the protection of your privacy is of
the utmost importance to us.
Based on Article 13 of the Swiss Federal Constitution and the data protection regulations of the
Swiss Confederation (Data Protection Act, DSG), every person is entitled to protection of his or
her privacy and to protection against misuse of his or her personal data. We take the protection
of your personal data very seriously. We treat your personal data confidentially and in
accordance with the legal data protection regulations and this privacy policy.
As an internationally operating company, the EU General Data Protection Regulation (“GDPR”) is
important to us in addition to the Swiss data protection regulations. We have aligned this Privacy
Policy with the stricter standard of the GDPR.
In cooperation with our hosting providers, we make every effort to protect the databases as
much as possible against unauthorized access, loss, misuse or corruption.
We would like to point out that data transmission over the Internet (e.g. communication by e-
mail) can have vulnerabilities. A complete data protection against access by third parties is not
possible.

By using this website, you agree to the collection, processing and use of data in accordance with
the following description. In general, this website can be visited without registration. Data such as
pages called up or names of files called up, date and time are stored on the server for statistical
purposes without these data being directly related to your person. Personal data, in particular
name, address or e-mail address are collected as far as possible on a voluntary basis. The data
will not be passed on to third parties without your agreement.
This Privacy Policy does not apply to information collected offline or by third parties not affiliated
with Uplyfe that the Site may link to (“Third Party Sites”). Please read this Privacy Policy and the
Terms of Use (https://uplyfe.io/en/terms-of-use/) carefully before using the Site.
BY USING THE SERVICES, YOU AGREE TO THESE TERMS; IF YOU DO NOT AGREE, DO NOT USE THE
SERVICES.

II. Processing of personal data

Personal data is all information that relates to an identified or identifiable person. A data subject
is a person about whom personal data is processed. Processing includes any handling of
personal data, irrespective of the means and procedures used, in particular the storage,
disclosure, procurement, deletion, storage, modification, destruction and use of personal data.
We process personal data in accordance with Swiss data protection law. In addition, we process
personal data – insofar and to the extent that the EU GDPR is applicable – in accordance with the
following legal principles in connection with Art. 6 Para. 1 GDPR:
lit. a) Processing of personal data with the consent of the person concerned.
lit. b) Processing of personal data for the purpose of fulfilling a contract with the data subject
and for carrying out appropriate pre-contractual measures.
lit. c) Processing of personal data for the fulfilment of a legal obligation to which we are subject
under any applicable law of the EU or under any applicable law of a country in which the GDPR is
applicable in whole or in part.
lit. d) Processing of personal data to protect vital interests of the data subject or of another
natural person.
lit. f) Processing of personal data to safeguard the legitimate interests of us or of third parties,
except where such interests are overridden by fundamental freedoms and rights or by the
interests of the data subject. Legitimate interests are in particular our business interest in being
able to provide our website, information security, the enforcement of our own legal claims and
compliance with Swiss law.
We process personal data for as long as is necessary for the respective purpose or purposes. In
the case of longer-term storage obligations due to legal and other obligations to which we are
subject, we restrict processing accordingly.

III. Use of our offers

Depending on the specific offer that you use via Uplyfe, certain elements of your personal data
required for the use of the offer and for the implementation of the contract (including payment
processing) will be gathered. In addition, we may process personal data (e.g. on your specific
usage patterns) in order to become more familiar with you and inform you of further offers in

the future, which we will be able to tailor more closely to your requirements based on the
information we have on you already. In certain circumstances, we may also use your personal
data for statistical purposes, albeit solely on an anonymous basis, so that your identity cannot be
deduced.
In the above-mentioned situation, for example, we will process the following personal data
provided by you during registration or during your use of the app:
– Personal data (e.g. name, age, gender, contact details, e-mail address, etc.);
– Data about the self-care program that you have chosen;
– Measurement data that you enter in connection with the offer selected or a
specific treatment (e.g. your current state of health, general treatment data,
information on whether or not you are pregnant, information on your
cardiovascular circulation, diabetes, blood pressure, blood sugar levels, etc.);
– Information on your dietary habits (e.g. nutrition plan, recipes selected, products
selected, special diets, etc.);
– Information on activities entered via Uplyfe and measurement data connected
with them (e.g. jogging activity, fitness training, etc.);
– Information on your behavior in other areas of life (e.g. sleeping habits, etc.);
– Information as to whether you use the services of our cooperation partners (e.g.
pharmacists, insurers);
– Additional information may be gathered depending on the offer;
– Communication: notices regarding technical issues or changes to the Products,
some of which you cannot opt out;
– Product satisfaction data: We collect data on your satisfaction with the Products.
Such data will be processed to analyze user satisfaction and to improve our
Products. Such data will only be stored for as long as it is necessary for the
purpose the data was obtained for.

As a matter of principle, we will process only the personal data which you provide us. You are
under no obligation to provide us with any given information, unfortunately we will often be
unable to offer you the full extent of our services unless you disclose certain personal data and
allow us to process that data.
If we need to process special categories of personal data that requires particular protection, we
will ask for your express consent before doing so.

IV. Compliance with legal requirements

We also process personal data in order to comply with legal provisions. These include regulatory
provisions in particular, as well as disclosing documents to a public authority if we have good
reason to do so or if we are compelled to do so by law.

V. Parties to whom your personal data may be disclosed

We may disclose your personal data to third parties if we wish to retain the services of the latter
(“order data processors”), for example with regard to IT services (e.g. data hosting services, cloud
services, the sending of e-mail newsletters, data analysis and data enhancement, etc.).
We will select our order data processors and conclude suitable contractual
agreements to ensure that your personal data is protected for the entire period
during which it is processed, including by third parties. Our order data
processors are under a duty not to process personal data other than on
instruction from and as instructed by us.
We may furthermore disclose your personal data to other third parties (including) for
their own purposes. This is done either on an anonymous basis, so that your
identity cannot be deduced, or solely with your express consent, for example if
you wish to share your personal data with specific recipients, if you are
complying with a request for treatment or if you are making use of an offer
from one of our cooperation partners (e.g. pharmacists). In these cases, the
recipient of your personal data is where applicable responsible in its own right
for processing that data, and as such sets out its own data protection
provisions to define how it processes your personal data.
We may additionally disclose your personal data to third parties (e.g. authorities in
Switzerland and abroad) where required to do so by law. We furthermore
reserve the right to process your personal data if so required to comply with a
judicial order or to enforce or defend against a legal claim, or if we deem it
necessary for any other legal grounds.

VI. Legal basis

To the extent that we need a legal basis on which to process your personal data, we will rely on
the following legal bases:
– Your authorization, where required for the specific processing in question;
– The performance of the contract with you;
– Our justified interests;
– The enforcement, exercise or defense against legal claims.

VII. What are your rights in terms of the processing of your
personal data?

You may object to your data being processed at any time and are generally free to revoke your
authorization to your data being processed. In particular, you are entitled to object to your data
being processed in connection with direct advertising (e.g. against e-mail marketing).

You furthermore have the following rights:
– Right to be informed: You have the right to be informed of how we are processing
your personal data and of the rights you have in connection with the processing of
your personal data.
– Right to access: You have the right to access the personal data that we have on
record for you, free of charge and at any time, if we process that data. This means
that you have the right to check which personal data of youwe are processing.
– Right to correct: You have the right to rectify any incorrect or incomplete personal
data concerning you. In this case, we will inform the recipients of the data
concerned of any corrections that are made, unless this is impossible or would
involve disproportionate effort or expense.
– Right to delete: You have the right to have your personal data deleted on request,
provided that we are no longer required to store it by law.
– Right to restrict processing: Subject to certain conditions, you have the right to
request that the processing of your personal data be limited.
– Right to have data transferred: You have the right to obtain the personal data that
you have provided to us, in a legible format and free of charge, or to have us
transfer that data to another responsible party.
– Right to lodge a complaint: You have the right to lodge a complaint with the
competent data protection authority against the manner in which your personal
data is processed.
– Right to withdraw: As a matter of principle, you have the right to withdraw any
given consent at any time. Any data processing activities previously carried out
based on your original consent will not however thereby become unlawful.

VIII. For how long do we store your personal data?

We store and process your personal data for as long as is necessary for the purpose for which we
collected it. As a general rule, we store your personal data for the period for which you have
installed the App and your account on your terminal or for which your account with us is active. If
you delete your account in the App from your terminal, all information concerning you will be
permanently deleted or anonymized, unless we have a justified interest in storing your personal
data for a longer period (e.g. for evidentiary or security reasons, to guard against legal claims or
to comply with legal obligations).
IX. How do we protect your personal data?
We take appropriate security measures of a technical nature (e.g. encryption, access restriction,
data backup, etc.) and of an organisational nature (e.g. instructions to our employees, etc.) to
guarantee the security of your personal data, to protect it against unauthorised or unlawful
processing and to counteract the risk of loss, unintentional modification, undesired disclosure or
unauthorised access. As a general rule, however, security risks cannot be completely excluded; 
certain residual risks are unavoidable.

X. Modifications to this data privacy notice

This data privacy notice may be adapted over time, especially if we change our data processing
procedures or if new legal provisions come into effect. We will actively inform persons whose
contact details are registered with us in the event of any significant changes, where this is
possible without disproportionate effort or expenditure. As a general rule, however, the version
of the data privacy notice in force when the processing concerned began shall apply.

XI. Cookies

This website uses cookies. These are small text files which make it possible to store specific
information relating to the user on the user’s terminal device while he or she is using the
website. Cookies make it possible, in particular, to determine the frequency of use and the
number of users of the pages, to analyse the behaviour of page use, but also to make our offer
more customer-friendly. Cookies remain stored at the end of a browser session and can be
retrieved when the user revisits the site. If you do not wish to receive cookies, you should set
your Internet browser to reject cookies.

XII. SSL encryption

This website uses SSL encryption for reasons of security and to protect the transmission of
confidential content, such as the requests you send to us as the site operator. You can recognise
an encrypted connection by the fact that the address line of your browser changes from „http://“
to „https://“ and by the lock symbol in your browser line.
If SSL encryption is activated, the data you send to us cannot be read by third parties.

XIII. Newsletterdata

If you would like to receive the newsletter offered on this website, we need an e-mail address
from you as well as information that allows us to verify that you are the owner of the e-mail
address provided and that you agree to receive the newsletter. Further data will not be collected.
We use these data exclusively for sending the requested information and do not pass them on to
third parties.
You can revoke your consent to the storage of the data, the e-mail address and its use for
sending the newsletter at any time, for example by clicking on the „unsubscribe“ link in the
newsletter.

XIV. Google Firebase

This app uses Firebase. Firebase is a real-time database that can be used to integrate real-time
information into our own websites or apps. User data is transmitted to Firebase anonymously.
Firebase is a Google subsidiary based in San Francisco (CA), USA. You can find Firebase’s privacy
policy at https://www.firebase.com/terms/privacy-policy.html.

XV. Google AdWords

This website uses Google Conversion Tracking. If you have reached our website via an ad placed
by Google, Google Adwords will set a cookie on your computer. The conversion tracking cookie is
set when a user clicks on an ad served by Google. These cookies expire after 30 days and are not
personally identifiable. If the user visits certain pages on our site and the cookie hasn’t expired,
we and Google can tell that the user clicked the ad and was redirected to that page. Each Google
AdWords customer receives a different cookie. As a result, cookies cannot be tracked across the
websites of AdWords customers. The information collected through the conversion cookie is
used to compile conversion statistics for advertisers who have opted in to conversion tracking.
Customers are told the total number of users who clicked on their ad and were redirected to a
page with a conversion tracking tag. However, they do not receive any information that can be
used to personally identify users.
If you do not wish to participate in tracking, you can refuse to accept cookies by changing your
browser settings to disable automatic placement of cookies or to set your browser to block
cookies from the domain „googleleadservices.com“. Please note that you may not delete the opt-
out cookies unless you wish to record measurement data. If you have deleted all your cookies in
your browser, you have to set the respective opt-out cookie again.

XVI. Google Remarketing

This website uses the remarketing function of Google Inc. to present interest-related
advertisements to website visitors within the Google advertising network. A so-called „cookie“ is
stored in the visitor’s browser, which makes it possible to recognize the visitor when he or she
calls up websites that belong to the Google advertising network. On these pages the visitor may
be presented with advertisements relating to content that the visitor has previously viewed on
websites that use Google’s remarketing function. According to its own statements, Google does
not collect any personal data during this process. If you still do not wish to use Google’s
remarketing function, you can deactivate it by making the appropriate settings at
http://www.google.com/settings/ads.Alternatively, you can disable the use of cookies for interest-
based advertising via the advertising network initiative by following the instructions at
http://www.networkadvertising.org/managing/opt_out.asp.

XVII. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc, 1600
Amphitheatre Parkway, Mountain View, CA 94043, USA. To deactivate Google Analytics, Google
provides a browser plug-in at https://tools.google.com/dlpage/gaoptout?hl=de. Google Analytics
uses cookies. These are small text files which make it possible to store specific information
relating to the user on the user’s terminal device. These enable Google to analyse the use of our
website offer. The information collected by the cookie about the use of our website (including
your IP address) is usually transferred to a Google server in the USA and stored there. We would
like to point out that on this website Google Analytics has been extended by the code
„gat._anonymizeIp();“ in order to ensure an anonymised recording of IP addresses (so-called IP-
Masking). If anonymisation is active, Google will shorten IP addresses within member states of
the European Union or in other states that are party to the Agreement on the European
Economic Area, which means that no conclusions can be drawn about your identity. Only in
exceptional cases will the full IP address be transferred to a Google server in the USA and
shortened there. Google observes the data protection regulations of the „Privacy Shield“
agreement and is registered with the „Privacy Shield“ program of the US Department of
Commerce and uses the collected information to evaluate the use of our websites, to write 
reports for us in this regard and to provide other relevant services to us. You can learn more at
https://www.google.com/intl/de/analytics/privacyoverview.html.

XVIII. Facebook

This WebSite uses features from Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA .
When you access our pages with Facebook plug-ins, a connection is established between your
browser and the Facebook servers. Data is already being transferred to Facebook in the process.
If you have a Facebook account, this data can be linked to it. If you do not want this data to be
linked to your Facebook account, please log out of Facebook before visiting our site. Interactions,
in particular the use of a comment function or clicking a „Like“ or „Share“ button are also passed
on to Facebook. You can find out more at https://de-de.facebook.com/about/privacy.

XIX. Instagram

Functions of the Instagram service are integrated on our pages. These functions are offered by
Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA integrated. If you are logged in to
your Instagram account, you can link the contents of our pages to your Instagram profile by
clicking the Instagram button. This allows Instagram to associate your visit to our sites with your
account. We would like to point out that we, as the provider of the pages, have no knowledge of
the content of the transmitted data or its use by Instagram. For more information, please refer to
Instagram’s privacy policy: http://instagram.com/about/legal/privacy/.

XX. LinkedIn

This WebSite uses functions of the LinkedIn network. Provider is the LinkedIn Corporation, 2029
Stierlin Court, Mountain View, CA 94043, USA. Each time you access one of our pages that
contains LinkedIn features, a connection to LinkedIn’s servers is established. LinkedIn will be
notified that you have visited our sites using your IP address. If you click on LinkedIn’s
„Recommend Button“ and are logged into your LinkedIn account, LinkedIn is able to track your
visit to our site to you and your account. We would like to point out that we, as the provider of
the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. For
more information, please refer to the LinkedIn privacy policy at:
https://www.linkedin.com/legal/privacy-policy.

XXI. Pinterest

On this website we use social plugins from the social network Pinterest, which is operated by
Pinterest Inc. 808 Brannan Street San Francisco, CA 94103-490, USA („Pinterest“). When you call
up a page that contains such a plugin, your browser establishes a direct connection to Pinterest’s
servers. The plugin transmits protocol data to the Pinterest server in the USA. This log data may
include your IP address, the address of the websites you visit that also contain Pinterest
functions, the type and settings of your browser, the date and time of your request, your use of
Pinterest and cookies.
For more information on the purpose, scope and further processing and use of the data by
Pinterest, as well as your rights and options for protecting your privacy, please refer to Pinterest’s
Privacy Policy: https://about.pinterest.com/de/privacy-policy.

XXII. External payment service providers

This website uses external payment service providers, through whose platforms the users and
we can carry out payment transactions. For example via
● PostFinance (https://www.postfinance.ch/de/detail/rechtliches-barrierefreiheit.html)
● Visa (https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)
● Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)
● American Express (https://www.americanexpress.com/de/content/privacy-policy-
statement.html)
● Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)
● Bexio AG (https://www.bexio.com/de-CH/datenschutz)
● Payrexx AG (https://www.payrexx.ch/site/assets/files/2592/datenschutzerklaerung.pdf)
● Apple Pay (https://support.apple.com/de-ch/ht203027)
● Google Pay (https://payments.google.com/payments/apis-
secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de)
● Stripe (https://stripe.com/ch/privacy)
● Klarna (https://www.klarna.com/de/datenschutz/)
● Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/)
● Giropay (https://www.giropay.de/rechtliches/datenschutz-agb/) etc.

Within the framework of the performance of contracts, we appoint payment service
providers on the basis of the Swiss Data Protection Ordinance and, where necessary, Art. 6
para. 1 lit. b. EU- GDPR. Furthermore, we use external payment service providers on the basis
of our legitimate interests in accordance with the Swiss Data Protection Ordinance and,
where necessary, Art. 6 para. 1 lit. f. EU- GDPR in order to offer our users effective and secure
payment options.

The data processed by the payment service providers include inventory data, such as name
and address, bank data, such as account or credit card numbers, passwords, TANs and
checksums, as well as contract, sum and recipient related data. These details are required to
carry out the transactions. However, the data entered is only processed by the payment
service providers and stored by them. We as the operator do not receive any information
about (bank) account or credit card, but only information to confirm (accept) or reject the
payment. Under certain circumstances, the payment service providers may transfer the data
to credit agencies. The purpose of this transmission is to check identity and creditworthiness.
In this regard we refer to the general terms and conditions and data protection information
of the payment service providers.

The terms and conditions and data protection information of the respective payment service
providers, which can be accessed within the respective website or transaction applications,
apply to the payment transactions. We also refer to these for further information and the
assertion of rights of revocation, information and other rights of affected persons.

XXIII. YouTube

This website uses plugins from the YouTube site operated by Google. The operator of the
pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our
sites equipped with a YouTube plugin, a connection to the YouTube servers is established.
This tells the YouTube server which of our pages you have visited. If you are logged in to your
YouTube account, you allow YouTube to assign your surfing behavior directly to your
personal profile. You can prevent this by logging out of your YouTube account. For more

information on how user data is handled, please refer to the YouTube privacy policy at:
https://www.google.de/intl/de/policies/privacy.

XXIV. Vimeo

On this website plugins of the video portal Vimeo of Vimeo, LLC, 555 West 18th Street, New
York, New York 10011, USA are integrated. Each time you access a page that offers one or
more Vimeo video clips, a direct connection is established between your browser and a
Vimeo server in the USA. Information about your visit and your IP address is stored there.
Through interaction with the Vimeo plug-ins (e.g. clicking the start button), this information is
also transmitted to Vimeo and stored there. The Vimeo privacy policy with more detailed
information about the collection and use of your data by Vimeo can be found in the Vimeo
privacy policy.
If you have a Vimeo user account and do not want Vimeo to collect information about you
through this web site and link it to your membership information stored at Vimeo, you must
log out of Vimeo before visiting this web site.
In addition, Vimeo calls up the tracker Google Analytics via an iFrame in which the video is
viewed. This is Vimeo’s own tracking system to which we have no access. You can prevent
tracking by Google Analytics by using the deactivation tools that Google offers for some
Internet browsers. In addition, you can prevent the collection of data generated by Google
Analytics and related to your use of the website (including your IP address) to Google, as well
as the processing of this data by Google, by downloading and installing the browser plugin
available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Arrow-up