Data protection declaration

Version 1.1, January 2026

Trip-it-Up.ch (hereinafter also referred to as «we», «us» or «our») collects and processes personal data about you and other persons («third parties»). We use the term «data» interchangeably with "personal data".

In this data protection declaration, we describe what we do with your data when you use http://www.trip-it-up.ch, We may collect personal data from you when you purchase our products and services, when you contact us in connection with a contract, when you communicate with us or deal with us in any other way. If necessary, we will inform you by means of a separate declaration of any processing activities not covered by this data protection declaration.

If you communicate data to us or share data with us concerning other persons, such as family members, work colleagues, etc., we assume that you are authorized to do so and that the data concerned is accurate. When you share data about other people with us, you confirm the above. Please ensure that these persons have been informed of this data protection declaration.

This data protection declaration is aligned with the EU General Data Protection Regulation («GDPR»), the Federal Data Protection Act («DPA») and the new Federal Data Protection Act («nLPD»). However, the concrete application of these laws depends on the individual case.

Pauline MUSY, administration@trip-it-up.ch, hereinafter «We», is the data controller of Trip-it-Up.ch under this data protection declaration, unless we indicate otherwise in a particular case, for example in additional data protection declarations, in a form or in a contract.

Furthermore, unless otherwise specified by us, this data protection declaration also applies when a company in the Trip-it-Up.ch group is the data controller, instead of Trip-it-Up.ch. This is particularly the case when your data is processed by a group company within the scope of its contracts or legal obligations, or when you share data with a group company. In such cases, the group company is the data controller.

Contact:
Trip-it-Up.ch
Boulevard de Pérolles 42
CH-1700 Fribourg
info@trip-it-up.ch

We process different categories of data about you. The main categories are as follows:

When you use our website or other online offers, we collect the IP address of the terminal used and other technical data in order to ensure the functionality and security of these offers (including usage logs). Retention generally 12 months. An individual code (e.g. cookie, see section 12) may be assigned.

Some offers and services can only be used with a user account or after registration. Retention generally 12 months from the end of use of the service or closure of the user account (as appropriate).

When you contact us (form, e-mail, telephone, chat, post, etc.), we collect the information exchanged, your contact details and communication metadata. E-mails in personal inboxes and written correspondence are generally kept for at least 10 years. Recordings of (video) conferences are generally kept for 24 months. Chats are generally kept for 2 years.

Data required for the performance of contractual and other business relationships or for marketing purposes, such as name, contact details, role/function information, bank details, date of birth, customer history, powers of attorney, signature authorizations, declarations of consent. Retention generally 10 years from last exchange or end of contract (marketing only: in principle up to 2 years after last contact).

Data collected in connection with the conclusion or performance of a contract (services provided/to be provided, pre-contractual information, comments/dissatisfaction, etc.). Retention generally 10 years from last contractual activity or end of contract.

Data relating to your behavior and preferences in order to get to know you better and tailor our offers. We anonymize or delete this data when it is no longer relevant to our purposes (depending on type: between 2-3 weeks and 24 months, with the possibility of longer periods if necessary for evidence/legal requirements/technical reasons). Online tracking is described in section 12.

Data collected depending on the situation (administrative/legal procedures, security, photos/videos, recordings, building access, participation in events/campaigns, etc.). Retention period depends on purpose.

Most of the data mentioned in this section is provided directly by you. You are not obliged to provide us with any data, except in certain cases (e.g. legal obligations). If you wish to conclude contracts with us or use our services, certain data (basic, contractual, registration data) is required.

We may also collect data from public sources (registers, media, internet including social networks) or receive data from other companies in our group, public authorities and other third parties (credit agencies, address brokers, associations, contractual partners, internet analysis services, etc.).

We process your data for the purposes set out below. You will find further information in sections 12 and 13 for online services.

• Communication with you (answers, exercising your rights, contact in case of questions).
• Conclusion, administration and performance of contractual relations.
• Marketing and relationship management (newsletters, contacts, campaigns, events, competitions, etc.).
• Market research, improvement of services and sales activities, product development.
• Security and access control.
• Compliance with legal requirements (laws, directives, recommendations by authorities, internal regulations).
• Risk management and corporate governance (organization and business development).
• Internal processes, administration, quality assurance, training.

You may object to marketing contacts at any time, or refuse/withdraw your consent where necessary.

Where we require your consent for certain activities (e.g. sensitive data, marketing, personalized movement profiles, advertising/behavioral analysis), we will inform you separately of the purposes involved. You can withdraw your consent at any time with effect for the future by notifying us in writing (post) or by e-mail (contact details in section 2). To withdraw your consent to online tracking, see section 12.

Where we do not seek consent, processing is based on the need to initiate/execute a contract with you (or the entity you represent) or on our (or a third party's) legitimate interest in processing, in particular for the purposes set out in section 4.

Where we receive sensitive personal data (e.g. health), other legal bases may apply (e.g. litigation, enforcement/defense of legal claims). In such cases, we will inform you separately.

We may automatically evaluate personal aspects about you («profiling») on the basis of your data (section 3) for the purposes set out in section 4, in particular to establish preferences, detect abuse/security risks, carry out statistical analyses and plan commercial activities. We ensure the proportionality and reliability of the results and take measures against misuse.

If automated individual decisions may have legal consequences for you or affect you in a significant way, we ensure in principle that the decision is controlled by a human being. If this is the case, we will inform you and take the measures required by applicable law.

In connection with our contracts, the website, our products and services, our legal obligations, the protection of our legitimate interests, and the other purposes set out in section 4, we may disclose your personal data to third parties, including:

• Group companies (same purposes as us; may include health data).
• Service providers (in Switzerland and abroad: IT, transport, advertising, security, banking, insurance, debt collection, credit agencies, etc.). Main IT service providers: Microsoft and Infomaniak.
• Contractual partners (including customers/service recipients; exchanges related to contracts, vouchers, invitations; may include health data as appropriate).
• Authorities (agencies, courts, etc., in Switzerland and abroad, if required/entitled or to protect our interests).
• Other people (e.g. media, associations, publications, etc. as per objectives in section 4).

If you do not wish certain data to be disclosed, please inform us (section 2) so that we can examine whether and to what extent we can meet your request.

We also allow certain third parties to collect your personal data on our website and at events (e.g. tool providers). Where we have no control over such collection, these third parties are independent data processors.

As explained in section 7, we communicate data to other parties. Not all of these parties are located in Switzerland. Your data may therefore be processed in Europe and, in exceptional cases, in any country in the world.

If a recipient is located in a country without adequate legal protection, we require safeguards (e.g. revised standard contractual clauses of the European Commission), unless an exception applies (legal proceedings, overriding public interest, contractual necessity, consent, data made public by you, etc.).

Please note that data exchanged via the Internet often transits through third countries.

We process your data for as long as our processing purposes, legal retention periods and our legitimate interests in documenting and preserving evidence so require, or retention is a technical requirement. You will find information on retention periods in section 3, and for cookies in section 12. On expiry, we will delete or anonymize your data in accordance with our usual processes.

We take appropriate security measures to ensure the necessary security of your personal data, to guarantee its confidentiality, integrity and availability, to protect it from unauthorized/illegal processing, and to minimize the risk of loss, accidental alteration, unauthorized disclosure or access.

Applicable data protection laws give you the right to object to the processing of your data in certain circumstances, including processing for direct marketing purposes, profiling for direct marketing purposes and other legitimate interests in processing.

In particular, you have the following rights (depending on the applicable legislation):

• Ask whether we process data about you and which data.
• Request correction of inaccurate data.
• Request data deletion.
• Request delivery of data in a current electronic format or transfer to another manager.
• Withdraw your consent (when processing is based on consent).
• Receive other information useful for exercising your rights.
• Express your point of view in the case of automated individual decisions (section 6) and request a review by a human being.

To exercise your rights, please contact us (section 2). In order to prevent abuse, we may need to identify you (e.g. copy of ID if necessary).

If you are located in the EEA, the UK or Switzerland, you can also lodge a complaint with the relevant supervisory authority.

We use various techniques on our website to recognize you when you use it and, if necessary, to track you over several visits. These include

• Necessary cookies (site operation, session, options; expiration up to 24 months depending on the case).
• Performance cookies (analysis/optimization; with consent; expiration up to 24 months).
• Marketing cookies (targeted advertising; with consent; expiration from a few days to 12 months).

You can configure your browser to block/delete cookies, and use tracking blocking tools. Depending on the purpose, we may ask for your consent before use.

Google Analytics Google Ireland Ltd (Ireland) provides the service, with Google LLC (USA) as subcontractor. Google collects information via performance cookies (duration, pages viewed, region, etc.) and creates reports. IP addresses are truncated in Europe before transmission. With your consent, this may involve transfer to the USA and other countries.

We may operate online pages and presences on social networks. We receive data from you and the platforms when you interact with us (messages, comments, visits, etc.). The platforms may also analyze your use and combine this data with other information, and process it for their own purposes (marketing/market research/platform management) as independent managers.

We process this data in particular for communication, marketing (including advertising on these platforms) and market research purposes (see section 4). We currently use in particular:

• Facebook tripitup.ch (Meta Platforms Ireland Ltd. for Europe).
• LinkedIn trip-it-up page.
• Instagram trip_it_up.ch (Meta Platforms Ireland Ltd. for Europe).

This data protection declaration does not form part of a contract with you. We may amend it at any time. The version published on our website is the current version.

Last update : 15.01.2026