Privacy
Policy
Controller
| Detail | Information |
|---|---|
| Company | DITTRICH & PARTNERS GmbH |
| Address | Brodlaube 18, 4310 Rheinfelden, Switzerland |
| UID | CHE-192.735.800 |
| Commercial Register | CH-400.4.036.235-8 |
| legal@five-moves.org | |
| Data Protection Officer | Andreas Dittrich (Managing Director) |
| Website | fivemoves.org |
Scope
This Privacy Policy applies to the website fivemoves.org, the FIVE MOVES® Mobile App (available on the Apple App Store and Google Play Store) and all associated services of DITTRICH & PARTNERS GmbH.
Legal Basis
Processing is carried out in accordance with the European General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (DSG, revised September 2023) and the California Consumer Privacy Act (CCPA).
- Art. 6(1)(a) GDPR: Consent
- Art. 6(1)(b) GDPR: Performance of a contract
- Art. 6(1)(c) GDPR: Legal obligation
- Art. 6(1)(f) GDPR: Legitimate interests
Data Categories
- Contact data: Name, email, phone, address
- Account data: Username, password upon account creation
- Course data: Course progress, quiz results, certifications
- Payment data: Processed directly by Stripe, SumUp, TWINT or Apple/Google — we do not store credit card data
- AI interaction data: Voluntary interactions with AI-powered training features (see Section 6)
- Technical data: IP address (anonymised), browser, operating system, device type
- Usage data: Page views, app usage patterns, lesson progress, session duration
- Performance data: Crash reports, diagnostics and performance data
- Location data: Approximate location based on IP address
Services Used
| Service | Purpose | Location | Basis |
|---|---|---|---|
| CYON | Web hosting | Switzerland | Contract performance |
| Render.com | App infrastructure | Germany (EU) | Contract performance |
| Service | Purpose | Location | Measures |
|---|---|---|---|
| Google Analytics | Usage analysis (anonymised) | USA | IP anonymisation active |
| FIVE MOVES Platform | Online Academy | CH | Own service |
| Service | Purpose | Location |
|---|---|---|
| Google Workspace | Internal communication and administration | USA |
| Zoom | Live sessions, workshops and support | EU servers |
| Zeeg | Appointment booking and calendar | Germany |
| Service | Purpose | Location | Measures |
|---|---|---|---|
| Stripe | Online payments | USA | SCC |
| SumUp | On-site payments | Ireland | Contract performance |
| TWINT | Mobile payments (CH) | Switzerland | Contract performance |
| Apple App Store | In-app purchases | USA | Contract performance |
| Google Play Store | In-app purchases | USA | Contract performance |
| Service | Purpose | Location | Measures |
|---|---|---|---|
| Meta (Facebook/Instagram) | Advertising and tracking | USA | SCC, consent |
| Advertising and tracking | USA | SCC, consent | |
| CCM19 | Cookie consent management | Germany | Consent |
| Service | Purpose | Location | Measures |
|---|---|---|---|
| Claude API (Anthropic) | AI-powered training features in the app | USA | SCC, consent, encryption |
Artificial Intelligence (AI) in the App
- Opening Dialogue Enhancement: Support in identifying your desired feeling in accordance with the FIVE MOVES® methodology
- Simulation Feedback: Feedback on simulation exercises for guides
- Learning Journal Feedback: Review and constructive feedback on learning journals
- Interactions are processed in real time via encrypted connections
- Data transmitted to Anthropic is subject to Anthropic's Privacy Policy
- We do not permanently store AI interactions (max. 30 days)
- No personal data beyond what you voluntarily enter is shared with the AI
- You can disable all AI features at any time by simply not using them
- You can request deletion of your AI interaction history at legal@five-moves.org
International Data Transfers
Your data is primarily stored in Switzerland and the European Union (Germany). For transfers to countries outside Switzerland or the EU, we ensure adequate protection through:
- EU-US Data Privacy Framework (where applicable)
- Standard Contractual Clauses (SCC) of the European Commission
- Binding Corporate Rules (BCR) where applicable
- Additional technical measures including encryption and pseudonymisation
Data Security
- SSL/TLS encryption for all data transfers
- Secure server infrastructure with regular security updates
- Access controls and authentication mechanisms
- Regular security audits and vulnerability assessments
- Incident response procedures for data breaches
Retention Periods
| Data Category | Retention Period |
|---|---|
| Contract data | 10 years (statutory retention) |
| Account data | While account is active, plus 6 months after deletion request |
| Usage and analytics data | Up to 24 months |
| AI interaction data | 30 days (earlier deletion on request) |
| Marketing data | Until withdrawal of consent |
| Technical logs | 30 days |
| Analytics | 26 months |
| Support communications | 12 months after resolution |
Your Rights
Under GDPR Art. 15–21 and Swiss DSG you have the following rights:
- Access: Which data we hold about you
- Rectification: Correction of inaccurate data
- Erasure: Right to be forgotten
- Restriction: Restriction of processing
- Data Portability: Data in machine-readable format
- Objection: Against processing based on legitimate interests
- Withdrawal of Consent: At any time with future effect
Data Sharing
We do not sell data. Sharing only occurs with processors (see Section 5) for contract performance or when legally required.
Cookies and Tracking
For detailed information on our use of cookies, please see our separate Cookie Policy. Cookie consents are managed via CCM19.
Children's Privacy
The FIVE MOVES® website and app are not directed at children under 16. We do not knowingly collect personal data from children under 16. Should we become aware of such data, we will delete it promptly. Please notify us at legal@five-moves.org.
Right to Lodge a Complaint
- Switzerland: FDPIC (Federal Data Protection and Information Commissioner)
- EU: Competent national data protection authority
Changes to this Privacy Policy
We may update this Privacy Policy at any time. We will notify you of material changes by email or through the app. Continued use after changes constitutes acceptance of the updated policy.
Contact
4310 Rheinfelden, Switzerland