Privacy Policy
Last updated: 30 June 2026
Gondli AG (“Gondli”, “we”, “us” or “our”) operates the Gondli platform, which connects customers with wellness and health service providers in Switzerland. We take the protection of your personal data seriously and process it in accordance with the Swiss Federal Act on Data Protection (FADP), the Ordinance to the FADP (DPO) and, where applicable, the EU General Data Protection Regulation (GDPR).
This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the rights you have. It applies to our website, mobile experiences and related services (together, the “Services”).
1. Data controller
The controller responsible for the processing of your data is:
Gondli AG
[Street and number]
[Postal code] [City]
Switzerland
UID: CHE-XXX.XXX.XXX
For any privacy-related questions or to exercise your rights, contact us at privacy@gondli.ch.
2. Personal data we collect
Depending on how you use the Services, we may process:
- Account data: name, email address, phone number, password, language and role (customer or service provider).
- Profile data: for service providers, business details, services offered, availability, certifications and verification documents.
- Booking data: appointments, booking history, messages exchanged with providers or customers, and reviews.
- Payment data: billing details and transaction records. Card payments are processed by our payment provider (Stripe); we do not store full card numbers.
- Health-related information: where you book wellness or therapy services, limited information you choose to share may reveal health data, which is treated as sensitive personal data.
- Calendar data: if you connect Google Calendar or Microsoft Outlook, we process the calendar events needed to synchronise your bookings and availability.
- Technical data: IP address, device and browser information, and usage data collected through cookies and similar technologies.
3. Why we process your data
We process personal data to:
- provide, operate and maintain the Services and your account;
- facilitate bookings, payments, invoicing and communication between customers and providers;
- synchronise bookings and availability with connected calendars;
- verify the identity and credentials of service providers;
- provide customer support and respond to your requests or claims;
- improve and secure the Services, prevent fraud and abuse, and ensure platform safety;
- comply with legal obligations under Swiss and, where applicable, foreign law;
- send service messages and, with your consent where required, marketing communications.
4. Legal basis
Under the FADP, processing of personal data does not generally require a specific justification, provided the principles of lawfulness, good faith, proportionality, purpose limitation and data security are respected. Where we rely on your consent (for example for certain cookies, marketing, or the processing of sensitive data such as health information), you may withdraw it at any time with effect for the future.
Where the GDPR applies, we rely on the performance of a contract (Art. 6(1)(b)), our legitimate interests (Art. 6(1)(f)), compliance with a legal obligation (Art. 6(1)(c)) or your consent (Art. 6(1)(a), and Art. 9(2)(a) for sensitive data).
6. Data transfers abroad
We aim to store personal data in Switzerland or the EU/EEA. Some of our providers may process data in other countries. Where data is transferred to a country without an adequate level of data protection recognised by the Swiss Federal Council, we put appropriate safeguards in place, such as the Swiss-compatible EU Standard Contractual Clauses.
7. Data retention
We keep personal data only for as long as necessary for the purposes described in this policy, including to meet legal, accounting or reporting requirements. Booking and invoicing records are generally retained for ten (10) years in accordance with Swiss accounting law. When data is no longer needed, we delete or anonymise it.
9. Your rights
Subject to applicable law, you have the right to:
- request access to the personal data we hold about you;
- request correction of inaccurate or incomplete data;
- request deletion of your data;
- object to or request restriction of certain processing;
- request the release or transfer of data you provided to us (data portability);
- withdraw consent at any time with effect for the future.
To exercise these rights, contact privacy@gondli.ch. You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC), and, where the GDPR applies, with your local supervisory authority.
10. Data security
We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss or misuse, including encryption in transit, access controls and encryption of stored third-party credentials. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
11. Children's privacy
The Services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can remove it.
12. Changes to this policy
We may update this Privacy Policy from time to time. The current version is always available on this page, with the date of the last update shown above. Material changes will be communicated through the Services where appropriate.
13. Contact
Questions about this Privacy Policy or our data practices can be sent to privacy@gondli.ch or by post to Gondli AG, [Street and number], [Postal code] [City], Switzerland.