Privacy policy

Version 1.0 vom 01.01.2023

With this privacy policy, we, Kyoox AG (hereinafter Kyoox, we or us), explain to you which personal data we collect and process, for what purpose and to what extent.

This is not an exhaustive description; other data protection declarations or general terms and conditions, conditions of participation and similar documents may regulate specific matters.


At this point, there are usually introductory phrases such as "The protection of your data is our top priority." or "We take the protection of your data very seriously."

However, you will look in vain for such wording from us. That's because we prefer to let actions speak instead of empty words. For example, did you notice that you didn't get an annoying "accept cookies message" when you accessed this website?

This is because we do not use cookies, apart from the one that is mandatory for the correct (technical) functioning of this website. Also, for the analysis of website traffic, we have deliberately decided against the "mainstream tool" Google Analytics, because when using this very tool, all user data is transmitted to Google. As an alternative we use Plausible.


"Personal data" refers to information that allows conclusions to be drawn about a specific person. For the sake of simplicity, we will also refer to this as "data" or "information" in the following.


We collect and process your data only within the framework of the legal provisions and to the minimum extent necessary. We are guided equally by:

  • The EU's General Data Protection Regulation (DSGVO for short).
  • The revised Swiss Data Protection Act (revDSG for short)
  • Data Protection Act of Switzerland (DSG for short)

Scope of application

The declaration applies to all processing of personal data carried out by us. This includes all forms of data collection and processing for the purpose of providing our services and online offerings, such as our presence on social media and public website.

Gender note

For better readability, the masculine form is used for personal names and personal nouns on this website. Corresponding terms apply in principle to all genders for the purpose of equal treatment. The abbreviated form of language is for editorial reasons only and does not imply any judgement.

Responsible Contact

Responsible for compliance with the established data protection regulations is:

Kyoox AG
Im Schörli 5
8600 Dübendorf

Data protection officer

If you have any data protection concerns, you can send them to us at the following contact address:

Rafael Fuhrer
Kyoox AG
Im Schörli 5
8600 Dübendorf

This is also the address of our Data Protection Officer under Art. 37 GDPR and our representative in the EEA under Art. 27 GDPR.

Collection and processing of personal data

In particular, we collect personal data that is necessary for the operation of our services and to maintain business relationships with our customers and business partners. Primarily, we collect personal data in direct contact with you. To the extent permitted by law, we enrich this data with personal information about you from third parties. This may include information from:

  • Publicly accessible sources or registers (e.g. Internet, press, commercial register, debt collection register)
  • Information, correspondence and meetings with third parties (e.g. authorities)
  • Credit reports

These are a prerequisite for the execution and successful conclusion of contracts.


When you access our websites, information is automatically transmitted from your browser to our website provider.

This data includes:

  • The domain that is called up:
  • The URL that is called up: /privacy/
  • IP address:
  • The HTTP request type: GET
  • The HTTP status code: 200
  • Operating system: iOS 16
  • The website from which the access is made (referrer URL):
  • The device type: Phone Browser name and version: Mozilla/5.0 Gecko/X Firefox/X
  • The date and time of access: Day/Month/Year:Time.

The above data will be processed by us for the following purposes:

  • Ensuring a smooth connection to the website.
  • To evaluate system security and stability
  • For other administrative purposes

The legal basis for the data processing is Art. 6 para. 1 lit. f DSGVO.

Our legitimate interest follows from the purposes for data collection listed above. In no case will the collected data be used by us to draw conclusions about your person.

Contact Form

The information provided in the contact form is only used to process the request.

When using the contact form, in addition to the data listed above under the item "Website", the following information is transmitted to us:

  • Name of the person who wants to contact us
  • The e-mail address, as the contact address
  • The telephone number, as an alternative contact address
  • An individual message content

All of the data listed above is entered by you, the user. The input of a name, as well as an e-mail address is obligatory, so that we can contact you.

The use of the contact form is voluntary.

Our legitimate interest for processing is based on the need for two-way communication before a possible conclusion of a contract.

The legal basis for data processing for the purpose of contacting you is Art. 6 para. 1 lit. a DSGVO.

Plausible Analytics

We use the web analytics service "Plausible Analytics" to continuously optimize our offer, both technically and in terms of content.

By using Plausible, we pursue a particularly privacy-friendly approach to analyzing your visit. For this purpose, Plausible collects the following information, among others:

  • Date and Time when you accessed the page: Day/Month/Year:Time.
  • The domain that is called up:
  • The URL that is called up: /privacy/
  • IP address:
  • The HTTP request type: GET
  • The HTTP status code: 200
  • Operating system: iOS 16
  • The website from which the access is made (referrer URL):
  • The device type: Phone Browser name and version: Mozilla/5.0 Gecko/X Firefox/X
  • The date and time of access: Day/Month/Year:Time.

Plausible does not use or store any "cookies" on your end device. All personal data (such as your IP address) is completely anonymized. In this way, we can analyze your visit without storing personal data in a form that would be readable for us or third parties or directly traceable to you.

The legal basis for the processing is Art. 6 para. 1 lit. f DSGVO.


If you register for the newsletter, for example on our website, we will send regular news about our company and our offers. The registration for the newsletter is logged in order to be able to prove the registration process in accordance with legal requirements. For this purpose, the registration, confirmation time and associated IP address(es) are stored. The logging of the registration process is based on our legitimate interests as well as those of third parties according to Art. 6 (1) lit. f DSGVO for the purpose of proving a proper process. For the one-time verification of the authorship of the deposited e-mail, we send an automatic confirmation e-mail to verify the ownership of a specified e-mail address in the double opt-in process.

The newsletter can be cancelled at any time. The following options are available for cancellation:

  • Link in newsletter
  • Contact form on website

After unsubscribing from the newsletter, all personal data will be completely deleted.


If you contact us directly by e-mail, we will automatically receive the following information:

  • E-mail address
  • Subject of the e-mail
  • Content of the e-mail
  • Date and time
  • Content of the e-mail, as well as attached attachments

The information provided in the e-mail is only used to process the request. Technically, e-mails in transit could be read by unauthorized third parties or classified as spam by the spam filter.

Note: To protect the mail content from the eyes of unauthorized third parties, we offer you the possibility to send us PGP encrypted e-mails. You can find the keys incl. fingerprint of each Kyoox team member on our website and on the Open PGP Keyserver.

The legal basis for data processing for the purpose of contacting us is Art. 6 para. 1 lit. a DSGVO.

Legal bases and purposes of data processing

Your data will be processed only for specific purposes and in cases permitted by law. The processing of your personal data may be triggered by the following reasons

  • Your consent
  • Pre-contractual services or actual execution of the contract
  • Compliance with legal requirements
  • Legitimate interest on our part outweighs your interest and fundamental rights
  • Other applicable legal grounds

Storage and retention of personal data

Personal data is only stored for the duration of its purpose. Some data are subject to special legal regulations on the retention period, these must therefore be stored beyond their actual purpose. The applicable law prescribes certain retention periods in the registration law, accounting and tax law.


Cookies are used on our website. These are readable files that are stored on your device by the browser used. This gives you full control over their persistence and lifetime, some cookies used remain for the duration of website use (session cookies) and are then automatically deleted. Others remain on your device until you delete them manually. This allows us to identify you when you visit the website again and to personalize the website for you. Deactivating cookies may result in a limited range of functions on the website.


This data cannot be associated with a specific person, but can be used for the purpose of analysis and verification of proper use of the website.

Data sharing / service provider and data transfer

In the course of our service, we also use the services of third parties. It is therefore possible that these service providers also process personal data for us. However, they must contractually adhere to the same data protection guidelines as you find with us. It can also happen that authorities demand the release of data. The prerequisites for data disclosure are as follows:

  • Your explicit consent (according to Art. 6 para. 1 lit. a DSGVO) is given.
  • If there is a legal obligation (according to Art. 6 para. 1 lit. c DSGVO)
  • To be able to enforce claims in the contractual relationship (according to Art. 6 para. 1 lit. f DSGVO)
  • Required for pre-contractual measures or contract fulfillment (according to Art. 6 para. 1 lit. b)
  • In the case of a legitimate interest on our part, where there is no reason to believe that you have an overriding interest worth protecting in not disclosing your data.
  • Another legal directive exists.

Links to third party websites

Links embedded in our website may refer to third-party websites. By clicking on these links, you will be redirected to their website. These contents are not subject to our responsibility, jurisdiction and privacy policy. Therefore, we can not vouch for it.

Disclosure of data / obligation to provide personal data

Data Security

Security is one of our cornerstones and part of our corporate philosophy. Both organizational and technical tools are used to protect your personal data against any form of manipulation, theft, destruction or unauthorized access by third parties. We keep up with the ongoing technological progress and continuously adapt our security measures to the new circumstances.


For our website we use the SSL procedure throughout. This guarantees encrypted transmission between your browser and our website server.

Privacy rights / Your rights

It is possible for you to request information about the personal data we have stored about you (Art. 15 GDPR). Furthermore, you can correct incorrect information about you (Art. 16 GDPR) or have us delete data that is not subject to other requirements (Art. 17 GDPR). You can partially restrict the processing of your data (Art. 18 DSGVO). The data we have from you is available to you on request in a readable file format (Art. 20 DSGVO).

You have the right to revoke your declaration of consent under data protection law at any time (Art. 7 (3) DSGVO). This has the consequence that we may no longer continue the data processing based on this consent in the future.


In order for us to be able to fulfill your rights, you must be able to prove your identity (copy of ID, legal statements). For the expenses may be communicated in advance costs. You have the right to:


Contact us through the contact options provided under the item "Data Protection Officer" and we will respond to your needs as soon as possible, within a reasonable time.

Complaints Office

Complaint to a supervisory authority (Art. 77 DSGVO) The competent complaint body in this case is the Data Protection Officer of the Canton of Zurich:

Frau Dr. iur. Dominika Blonski
Telefon: +41 43 259 99
8090 Zurich

You can enforce your rights in court by contacting the competent supervisory authority in Switzerland, the Federal Data Protection and Information Commissioner.

Right of objection

If your data is processed on the basis of legitimate interests pursuant to Art. 6(1)(f) DSGVO, you have the right to object to the processing of your data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against a form of direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation.

If you wish to exercise your right of revocation or objection, please contact our data protection officer.

Adress processing

All contact information provided on this website is explicitly for information purposes only for contacting us. In particular, they may not be used for sending advertising, spam or similar. Any promotional use of this data is therefore hereby prohibited.

Should this information nevertheless be used for the aforementioned purposes, we reserve the right to take legal action.


This statement may be modified at any time without prior notice. The most current published version is valid.

The current data protection information can be accessed and printed out by you at any time on the website under the link.