loader

Privacy Policy

Last updated: 30 June 2026

Gondli AG (“Gondli”, “we”, “us” or “our”) operates the Gondli platform, which connects customers with wellness and health service providers in Switzerland. We take the protection of your personal data seriously and process it in accordance with the Swiss Federal Act on Data Protection (FADP), the Ordinance to the FADP (DPO) and, where applicable, the EU General Data Protection Regulation (GDPR).

This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the rights you have. It applies to our website, mobile experiences and related services (together, the “Services”).

1. Data controller

The controller responsible for the processing of your data is:

Gondli AG
[Street and number]
[Postal code] [City]
Switzerland
UID: CHE-XXX.XXX.XXX

For any privacy-related questions or to exercise your rights, contact us at privacy@gondli.ch.

2. Personal data we collect

Depending on how you use the Services, we may process:

  • Account data: name, email address, phone number, password, language and role (customer or service provider).
  • Profile data: for service providers, business details, services offered, availability, certifications and verification documents.
  • Booking data: appointments, booking history, messages exchanged with providers or customers, and reviews.
  • Payment data: billing details and transaction records. Card payments are processed by our payment provider (Stripe); we do not store full card numbers.
  • Health-related information: where you book wellness or therapy services, limited information you choose to share may reveal health data, which is treated as sensitive personal data.
  • Calendar data: if you connect Google Calendar or Microsoft Outlook, we process the calendar events needed to synchronise your bookings and availability.
  • Technical data: IP address, device and browser information, and usage data collected through cookies and similar technologies.

3. Why we process your data

We process personal data to:

  • provide, operate and maintain the Services and your account;
  • facilitate bookings, payments, invoicing and communication between customers and providers;
  • synchronise bookings and availability with connected calendars;
  • verify the identity and credentials of service providers;
  • provide customer support and respond to your requests or claims;
  • improve and secure the Services, prevent fraud and abuse, and ensure platform safety;
  • comply with legal obligations under Swiss and, where applicable, foreign law;
  • send service messages and, with your consent where required, marketing communications.

5. How we share data

We share personal data only as necessary, with:

  • Other users: when you book a service, relevant booking and contact details are shared between the customer and the provider.
  • Service providers (processors): hosting, payment (Stripe), communication, analytics and infrastructure partners that process data on our behalf under data processing agreements.
  • Calendar providers: Google and Microsoft, where you choose to connect a calendar.
  • Authorities and third parties: where required by law, to enforce our terms, or to protect rights, safety and property.

We do not sell your personal data.

6. Data transfers abroad

We aim to store personal data in Switzerland or the EU/EEA. Some of our providers may process data in other countries. Where data is transferred to a country without an adequate level of data protection recognised by the Swiss Federal Council, we put appropriate safeguards in place, such as the Swiss-compatible EU Standard Contractual Clauses.

7. Data retention

We keep personal data only for as long as necessary for the purposes described in this policy, including to meet legal, accounting or reporting requirements. Booking and invoicing records are generally retained for ten (10) years in accordance with Swiss accounting law. When data is no longer needed, we delete or anonymise it.

8. Cookies and tracking

We use cookies and similar technologies to operate the website, remember your preferences and understand how the Services are used. You can manage your preferences at any time via the tracking preferences option in our website footer or through your browser settings. Non-essential cookies are only set with your consent.

9. Your rights

Subject to applicable law, you have the right to:

  • request access to the personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request deletion of your data;
  • object to or request restriction of certain processing;
  • request the release or transfer of data you provided to us (data portability);
  • withdraw consent at any time with effect for the future.

To exercise these rights, contact privacy@gondli.ch. You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC), and, where the GDPR applies, with your local supervisory authority.

10. Data security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss or misuse, including encryption in transit, access controls and encryption of stored third-party credentials. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Children's privacy

The Services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can remove it.

12. Changes to this policy

We may update this Privacy Policy from time to time. The current version is always available on this page, with the date of the last update shown above. Material changes will be communicated through the Services where appropriate.

13. Contact

Questions about this Privacy Policy or our data practices can be sent to privacy@gondli.ch or by post to Gondli AG, [Street and number], [Postal code] [City], Switzerland.

Privacy Policy | Gondli