Privacy Policy & GDPR Compliance

1. Data Controller and Contact Information

1.1 Data Controller

The data controller responsible for the processing of your personal data is:

CAVORA PARTNERS GmbH
Pestalozziweg 7
8952 Schlieren
Switzerland
Company Registration Number: CHE-XXX.XXX.XXX

1.2 Contact Information

General Inquiries:
Email: info@cavora-partners.ch
Phone: +41 76 515 89 52
Website: https://cavora-partners.ch

Data Protection Officer (DPO):
Email: dpo@cavora-partners.ch
For all privacy-related inquiries, data subject requests, or complaints, please contact our DPO.

1.3 EU Representative (GDPR Article 27)

If you are located in the European Union, our designated EU representative for GDPR purposes is:

[EU Representative Name]
[Address]
[City, Country]
Email: [eu-representative@example.com]

2. Personal Data We Collect

2.1 Categories of Personal Data

We collect and process the following categories of personal data when you use our Apps:

Data Category	Examples	Purpose
Identity Data	Name, username, email address, phone number	Account creation, authentication, communication
Device Data	Device ID, model, operating system, app version, IP address	Technical support, security, analytics
Usage Data	App features used, session duration, interaction patterns, crash reports	Service improvement, analytics, debugging
Location Data	GPS coordinates, Wi-Fi access points, IP-based location (if permitted)	Location-based features, analytics
Communication Data	Support tickets, feedback, survey responses	Customer support, service improvement
Transaction Data	Purchase history, payment method (processed by third parties)	Billing, subscription management
Marketing Data	Marketing preferences, consent records	Marketing communications (with consent)

2.2 Data Collection Methods

We collect personal data through the following methods:

Direct Provision: When you create an account, fill out forms, contact support, or voluntarily provide information within the App.
Automated Collection: Through cookies, analytics tools, software development kits (SDKs), and similar technologies that automatically collect device and usage data.
Third-Party Sources: From app stores (e.g., Apple App Store, Google Play Store), payment processors, analytics providers, and other service providers.

2.3 Special Categories of Personal Data

We do not intentionally collect special categories of personal data (also known as "sensitive personal data") such as racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or data concerning sexual orientation. If you choose to provide such data voluntarily, you consent to its processing for the purposes disclosed in this Privacy Policy.

3. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

3.1 Contractual Necessity (GDPR Article 6(1)(b))

Processing is necessary for the performance of our contract with you (i.e., the End User License Agreement) or to take steps at your request before entering into a contract. This includes providing the App's core functionality, managing your account, and delivering services you have requested.

3.2 Legitimate Interests (GDPR Article 6(1)(f))

Processing is necessary for our legitimate interests or those of a third party, provided such interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include:

Improving and optimizing the App's performance, features, and user experience
Ensuring the security and integrity of the App and preventing fraud
Conducting analytics and research to understand user behavior and preferences
Detecting, preventing, and responding to security incidents or technical issues
Enforcing our terms of service and protecting our legal rights
Providing customer support and responding to inquiries

3.3 Consent (GDPR Article 6(1)(a))

Where required by law, we process your personal data based on your explicit consent. This includes:

Marketing communications (you may withdraw consent at any time)
Location data collection (you may disable location services in your device settings)
Optional features that require additional data processing

You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

3.4 Legal Obligation (GDPR Article 6(1)(c))

Processing is necessary to comply with legal obligations to which we are subject, such as tax laws, accounting requirements, regulatory compliance, or responding to lawful requests from public authorities.

3.5 Vital Interests (GDPR Article 6(1)(d))

In rare circumstances, processing may be necessary to protect the vital interests of you or another person (e.g., in emergency situations involving life-threatening risks).

4. How We Use Your Personal Data

We use your personal data for the following purposes:

4.1 Service Provision and Management

Providing, operating, and maintaining the App and its features
Creating and managing your user account
Authenticating your identity and preventing unauthorized access
Processing transactions and managing subscriptions
Delivering personalized content and recommendations

4.2 Communication and Support

Responding to your inquiries, support requests, and feedback
Sending transactional communications (e.g., account notifications, security alerts, updates)
Providing customer support and troubleshooting technical issues
Conducting user surveys and collecting feedback

4.3 Analytics and Improvement

Analyzing usage patterns, trends, and user behavior to improve the App
Conducting research and development to enhance features and functionality
Monitoring App performance, stability, and error rates
Identifying and fixing bugs, crashes, and technical issues

4.4 Security and Fraud Prevention

Detecting, preventing, and responding to security incidents, fraud, and abuse
Enforcing our terms of service and policies
Protecting the rights, property, and safety of CAVORA PARTNERS, our users, and the public
Investigating and addressing violations of our terms or applicable laws

4.5 Marketing and Advertising (with Consent)

Sending promotional materials, newsletters, and marketing communications (only with your consent)
Displaying personalized advertisements within the App (if applicable)
Conducting marketing campaigns and measuring their effectiveness

Opt-Out: You may opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or contacting us at info@cavora-partners.ch.

4.6 Legal and Compliance

Complying with legal obligations, regulatory requirements, and lawful requests from authorities
Establishing, exercising, or defending legal claims
Responding to court orders, subpoenas, or legal processes

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We may share your personal data with trusted third-party service providers who assist us in operating the App, conducting our business, or providing services to you. These service providers are contractually obligated to process your data only on our behalf, in accordance with our instructions, and in compliance with applicable data protection laws. Categories of service providers include:

Cloud Hosting Providers: AWS, Google Cloud Platform, Microsoft Azure (for data storage and infrastructure)
Analytics Providers: Google Analytics, Firebase Analytics, Mixpanel (for usage analytics and crash reporting)
Payment Processors: Stripe, PayPal, Apple Pay, Google Pay (for processing payments and subscriptions)
Customer Support Tools: Zendesk, Intercom, Freshdesk (for managing support tickets and communications)
Marketing Platforms: Mailchimp, SendGrid, HubSpot (for email marketing and campaign management, with consent)
Security Services: Cloudflare, Akamai (for DDoS protection, content delivery, and security monitoring)

5.2 App Store Providers

If you download the App from a third-party app store (e.g., Apple App Store, Google Play Store), certain data may be shared with the app store provider in accordance with their terms and privacy policies. We do not control the data practices of app store providers.

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, bankruptcy, or other business transaction, your personal data may be transferred to the acquiring or successor entity. We will notify you of any such change in ownership or control of your personal data via email or prominent notice within the App.

5.4 Legal Requirements and Protection of Rights

We may disclose your personal data if required to do so by law or in response to valid legal requests, including to:

Comply with legal obligations, court orders, subpoenas, or regulatory requirements
Enforce our terms of service, policies, or contracts
Protect the rights, property, or safety of CAVORA PARTNERS, our users, or the public
Investigate, prevent, or take action regarding illegal activities, fraud, or security threats

5.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that does not identify you personally with third parties for research, analytics, marketing, or other purposes. Such data is not considered personal data under applicable data protection laws.

5.6 No Sale of Personal Data

We do not sell, rent, or trade your personal data to third parties for monetary consideration. However, sharing data with third-party analytics or advertising partners (with your consent) may be considered a "sale" under certain U.S. state privacy laws (e.g., California Consumer Privacy Act). You have the right to opt out of such data sharing as described in Section 10 (Your Data Protection Rights).

6. International Data Transfers

6.1 Cross-Border Transfers

Your personal data may be transferred to, processed, and stored in countries outside your country of residence, including Switzerland, the European Union, the United States, and other jurisdictions where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

6.2 Safeguards for EU/EEA Data Transfers

For transfers of personal data from the European Economic Area (EEA) to countries not recognized by the European Commission as providing an adequate level of data protection, we implement appropriate safeguards, including:

Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses (also known as Model Clauses) approved under GDPR Article 46(2)(c) to ensure adequate protection of your data.
Adequacy Decisions: We transfer data to countries recognized by the European Commission as providing adequate data protection (e.g., Switzerland, UK, Canada).
Binding Corporate Rules (BCRs): Where applicable, we rely on BCRs approved by relevant data protection authorities.
Supplementary Measures: We implement additional technical, organizational, and contractual measures to ensure the security and confidentiality of transferred data.

6.3 Swiss Data Transfers

For transfers of personal data from Switzerland, we comply with the Swiss Federal Act on Data Protection (FADP) and use appropriate safeguards recognized by the Swiss Federal Data Protection and Information Commissioner (FDPIC).

6.4 Your Rights Regarding International Transfers

You have the right to obtain information about the safeguards we have implemented for international data transfers and to request copies of relevant documentation (e.g., Standard Contractual Clauses). Please contact our Data Protection Officer at dpo@cavora-partners.ch for more information.

7. Data Retention

7.1 Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods depend on the type of data and the purpose of processing:

Data Category	Retention Period	Rationale
Account Data	Duration of account + 90 days after deletion	Service provision, legal obligations
Usage Data	12 months	Analytics, service improvement
Support Communications	3 years	Customer support, legal claims
Transaction Data	7 years	Tax, accounting, legal obligations
Marketing Consent	Until withdrawn + 3 years	Compliance, proof of consent
Crash Reports	90 days	Debugging, technical support

7.2 Deletion and Anonymization

After the applicable retention period expires, we will delete or anonymize your personal data in accordance with our data retention policy and applicable laws. Anonymized data that no longer identifies you may be retained indefinitely for research, analytics, and statistical purposes.

7.3 Legal Holds

In certain circumstances, we may be required to retain your personal data for longer periods due to legal holds, pending litigation, regulatory investigations, or other legal obligations, even after you request deletion.

8. Data Security

8.1 Security Measures

We implement industry-standard technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, destruction, or loss. Our security measures include:

Encryption: Data in transit is encrypted using TLS 1.3 or higher. Data at rest is encrypted using AES-256 or equivalent encryption standards.
Access Controls: Role-based access controls (RBAC), multi-factor authentication (MFA), and least-privilege principles to restrict access to personal data.
Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS), DDoS protection, and regular security monitoring.
Secure Development: Secure coding practices, code reviews, vulnerability assessments, and penetration testing.
Incident Response: Documented incident response procedures, breach notification protocols, and regular security audits.
Employee Training: Regular security awareness training for employees and contractors with access to personal data.
Third-Party Security: Contractual obligations requiring service providers to implement appropriate security measures and undergo periodic security assessments.

8.2 Limitations of Security

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you acknowledge that you provide your personal data at your own risk. You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account.

8.3 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant supervisory authorities in accordance with applicable data protection laws (e.g., within 72 hours under GDPR Article 33). We will provide information about the nature of the breach, the likely consequences, and the measures taken to address the breach and mitigate harm.

9. Cookies and Tracking Technologies

9.1 Types of Technologies Used

We use cookies, software development kits (SDKs), pixels, web beacons, and similar tracking technologies to collect usage data, enhance your experience, and provide analytics. These technologies may be provided by us or by third-party service providers.

9.2 Categories of Cookies

Essential Cookies: Necessary for the App to function properly (e.g., authentication, security, session management). These cookies cannot be disabled.
Performance Cookies: Collect information about how you use the App (e.g., pages visited, errors encountered) to help us improve performance and user experience.
Functional Cookies: Remember your preferences and settings to provide enhanced, personalized features.
Analytics Cookies: Provided by third-party analytics services (e.g., Google Analytics, Firebase) to measure and analyze usage patterns.
Advertising Cookies: Used to deliver personalized advertisements and measure the effectiveness of advertising campaigns (if applicable, with your consent).

9.3 Third-Party Analytics and Advertising

We use third-party analytics and advertising services that may collect data about your use of the App and other websites or apps over time. These services may use cookies, device identifiers, and other tracking technologies. Examples include:

Google Analytics: Privacy Policy | Opt-Out
Firebase Analytics: Privacy Policy
Facebook Pixel: Privacy Policy (if applicable)

9.4 Your Choices Regarding Cookies

You can control cookies through your device settings or browser settings. You may also opt out of certain analytics and advertising tracking by using the opt-out links provided above or by enabling "Limit Ad Tracking" (iOS) or "Opt out of Ads Personalization" (Android) in your device settings. Please note that disabling cookies may limit your ability to use certain features of the App.

9.5 Do Not Track (DNT)

Some browsers and devices offer "Do Not Track" (DNT) signals. We do not currently respond to DNT signals, as there is no universally accepted standard for how to interpret and respond to such signals. However, you can control tracking through the methods described above.

10. Your Data Protection Rights

10.1 Rights Under GDPR (EU/EEA Residents)

If you are located in the European Economic Area (EEA), you have the following rights under the GDPR:

Right of Access (Article 15): You have the right to obtain confirmation as to whether we process your personal data and, if so, to access such data and receive information about the processing.
Right to Rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data.
Right to Erasure / "Right to be Forgotten" (Article 17): You have the right to request deletion of your personal data under certain circumstances (e.g., data no longer necessary, consent withdrawn, unlawful processing).
Right to Restriction of Processing (Article 18): You have the right to request restriction of processing under certain circumstances (e.g., accuracy contested, processing unlawful but you oppose erasure).
Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit such data to another controller.
Right to Object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
Right Not to be Subject to Automated Decision-Making (Article 22): You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects, unless certain exceptions apply.
Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of alleged infringement.

10.2 Rights Under Swiss FADP (Swiss Residents)

If you are located in Switzerland, you have similar rights under the Swiss Federal Act on Data Protection (FADP), including the right to access, rectify, delete, restrict processing, object to processing, and data portability. You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC).

10.3 Rights Under California Privacy Laws (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected, the sources from which it was collected, the purposes for collection, and the categories of third parties with whom we share it.
Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
Right to Correct: You have the right to request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising.
Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information to purposes necessary to perform services or provide goods reasonably expected by an average consumer.
Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights.

To exercise these rights, please contact us at privacy@cavora-partners.ch or use the "Do Not Sell or Share My Personal Information" link in the App (if applicable).

10.4 How to Exercise Your Rights

To exercise any of the above rights, please submit a request by:

Email: dpo@cavora-partners.ch
In-App: Navigate to Settings > Privacy > Data Rights Request
Mail: CAVORA PARTNERS GmbH, Attn: Data Protection Officer, Pestalozziweg 7, 8952 Schlieren, Switzerland

We will respond to your request within the timeframes required by applicable law (e.g., 30 days under GDPR, 45 days under CCPA). We may request additional information to verify your identity before processing your request.

10.5 Verification Process

To protect your privacy and security, we will verify your identity before fulfilling data subject requests. Verification may require you to provide information such as your email address, account details, or government-issued identification. If we cannot verify your identity, we may deny your request.

10.6 Authorized Agents

You may designate an authorized agent to submit data subject requests on your behalf. The authorized agent must provide proof of authorization (e.g., signed permission, power of attorney). We may also require you to verify your identity directly with us.

11. Children's Privacy

11.1 Age Restrictions

The App is not intended for use by children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children under 16 without verifiable parental consent. If you are under 16, you must not use the App or provide any personal data to us.

11.2 Parental Consent

If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will take steps to delete such data as soon as possible. If you are a parent or guardian and believe that your child has provided personal data to us without your consent, please contact us immediately at privacy@cavora-partners.ch.

11.3 Compliance with COPPA (U.S. Users)

If you are located in the United States, we comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13 without verifiable parental consent.

12. Changes to This Privacy Policy

12.1 Updates and Amendments

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. The "Effective Date" at the top of this Privacy Policy indicates when it was last revised. We encourage you to review this Privacy Policy periodically.

12.2 Notification of Material Changes

If we make material changes to this Privacy Policy that significantly affect your rights or the way we process your personal data, we will notify you by:

Posting a prominent notice within the App
Sending an email notification to the email address associated with your account
Requesting your consent if required by applicable law

12.3 Continued Use After Changes

Your continued use of the App after any changes to this Privacy Policy constitutes your acceptance of the revised Privacy Policy. If you do not agree to the changes, you must stop using the App and may request deletion of your account and personal data.

13. Contact Us and Complaints

13.1 General Inquiries

If you have any questions, concerns, or complaints about this Privacy Policy or our data processing practices, please contact us at:

CAVORA PARTNERS GmbH
Pestalozziweg 7
8952 Schlieren
Switzerland

Email: privacy@cavora-partners.ch
Phone: +41 76 515 89 52
Data Protection Officer: dpo@cavora-partners.ch

13.2 Supervisory Authorities

If you are located in the European Economic Area (EEA) or Switzerland and believe that we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority:

EU Residents: Contact your national data protection authority. A list of EU data protection authorities is available at https://edpb.europa.eu/about-edpb/board/members_en.
Swiss Residents: Swiss Federal Data Protection and Information Commissioner (FDPIC) – https://www.edoeb.admin.ch

13.3 California Residents

California residents may also contact the California Attorney General's Office regarding privacy complaints: https://oag.ca.gov/contact

🔒 Your Privacy Matters