vlot Privacy Policy for End Users

Version 1.0 of October 2021

1. Scope

This privacy policy for End Users (”Privacy Policy”) explains how vlot AG (”vlot” or “we”) processes and protects your personal data when you use any of our websites such as www.vlot.ch (the “Website”), when you interact with our demo versions such as the showcase under https://showcase.flow.vlot.ch (the “Demo Versions”), and when you visit and use our analysis application that is branded by us or one of our partners (each a “Partner”) but operated by us (the “Analysis Application”, together with the Website and the Demo Versions the “Webservices”).

2. Sharing with Partners

For all personal data collected in the Analysis Application, we may share your personal data with the Partner whose brand is displayed in the Analysis Application. The Partner may also use your personal data for the purposes, based on the legal bases, and subject to the rights and obligations as set out in this Privacy Policy.

Unless otherwise defined in this Privacy Policy or our End User GTC, the definitions used in this Privacy Policy have the same meaning as in the Swiss Federal Act on Data Protection and the EU General Data Protection Regulation, as applicable.

3. How We Collect Personal Data

We may collect personal data relating to you directly or indirectly:

  • Directly when you enter data in any of the Webservices or when you contact us.

  • Indirectly

    • through the Partner if the Partner is allowed to share your personal data with us for the purposes of the Analysis Application.

    • with cookies if you have consented to the use of cookies.

4. Personal Data we Collect

We may process the following data in the context of the Webservices:

  • Contact details such as name, address, e-mail and telephone

  • IP address and device information

  • Information you provide to us in the Analysis Application, in particular civil status & family details, employment data, real estate data, birthday/age, contact information, financial data and smoker status

  • Information which the Partner may share with us in the context of the Analysis Application, such as insurance policy or pension fund information

We collect and process your personal data for the following purposes and based on the following legal basis:

  • Contract: We use your personal data provided in the Demo Versions or the Analysis Application to perform the respective analysis and to provide you with related information and offers.

  • Consent: For all marketing purposes such as newsletters and the placement of non-technical cookies, we rely on your consent which you can withdraw at any time.

  • Legitimate interests: We may use your personal data for data analytics, website traffic analytics as well as the improvement of our Webservices based on our legitimate interests and our evaluation that such processing is fair and reasonable.

  • Compliance: We may also be required by law to process your personal data (e.g., disclosure of data to law enforcement agencies). Where possible, we inform you prior to such disclosure or processing.

6. Data Retention

We retain your personal data only for as long as is necessary for the purposes set out in Section 2 of this Privacy Policy, and to the extent necessary to comply with our legal obligations, resolve potential disputes and enforce our legal agreements and policies. We delete your personal data for which we no longer have any legal grounds for retention as reasonably possible in regular intervals.

7. Service Providers and Data Transfers

We may employ third party companies (”Service Providers”) to facilitate the operation of our Webservices, assist us in analysing how our Webservices are used, or perform Webservice-related services, such as payment, delivery or IT infrastructure services. These third parties have access to your personal data only and insofar as necessary to perform these tasks on our behalf and are required to safeguard it in accordance with our contractual obligations and applicable data protection legislation.

We and our Services Providers may process your personal data outside of Switzerland. In such case we ensure that appropriate safeguards are in place so that your personal data remains protected abroad. Such safeguards include the limitation of transfer to countries that have been deemed to provide an adequate level of protection according to lists of countries published by the Federal Data Protection and Information Commissioner and the European Commission, or applying standard contractual clauses approved by the Federal Data Protection and Information Commissioner and the European Commission.

8. Data Security

We take reasonable technical and organizational security measures that we deem appropriate in order to protect your stored data against manipulation, loss, or unauthorized third-party access. Our security measures are continually adapted to technological developments.

We take internal data privacy very seriously. Our employees and the Service Providers that we retain are required to maintain secrecy and to comply with applicable data protection legislation. In addition, they are granted access to personal data only insofar as this is necessary for them to carry out their respective tasks or mandate.

The security of your personal data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We recommend that you use antivirus software, a firewall, and other similar software to protect your system.

9. Data Protection Rights

You have the below data protection rights on the basis of the Swiss Federal Act on Data Protection and the EU General Data Protection Regulation. Please note that we may ask you to verify your identity before responding to such requests.

  • Right of access: You have a right to request a copy of your personal data, which we will provide to you in an electronic form.

  • Right to amendment: You have the right to ask us to correct our records if you believe they contain incorrect or incomplete information about you.

  • Right to withdraw consent: If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent. This includes cases where you wish to opt out from marketing communications. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal basis for processing. To stop receiving emails from us, please click on the ‘unsubscribe’ link in the email you received.

  • Right to erasure: You have the right to request that we delete your personal data when it is no longer necessary for the purposes for which it was collected, or when it was unlawfully processed.

  • Right to restriction of processing: You have the right to request the restriction of our processing of your personal data where you believe it to be inaccurate, our processing is unlawful, or where we no longer need to process it for the initial purpose, but where we are not able to delete it due to a legal obligation or because you do not want us to delete it.

  • Right to portability: You have the right to request that we transmit your personal data to another data controller in a common format such as Excel, where this is data which you have provided to us and where we are processing it on the legal basis of your consent or in order to perform our contractual obligations.

  • Right to object to processing: Where the legal basis for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have a compelling legal basis for the processing which overrides your interests, or if we need to continue to process the personal data for the exercise or defence of a legal claim.

  • Right to lodge a complaint with a supervisory authority: You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html).

Our Webservices may contain links to websites or apps that are not operated by us. If you click a third-party link, you will be directed to that third party’s site or app. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Our Webservices use cookies which you can either accept or refuse. If you choose to refuse our cookies, you may not be able to use some portions of our Webservices. You can find more detail in our Cookie Policy.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We therefore encourage you to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are published.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

  • Address: vlot AG, Eichstrasse 23, 8045 Zürich

  • E-mail: help@vlot.ch