Privacy Policy.

Privacy Policy

1. Controller
The controller responsible for data processing is:
YumiGo GmbH
Address: Heerstrasse 11, 8853 Lachen
Email: hi@yumigo.ch

If you have any questions about data protection, you can contact us at any time.

2. What Data We Process
We process only the personal data necessary for the organization and execution of our tours:

  • Customers: name, contact details (email, phone, WhatsApp), payment information, bookings, dietary preferences/allergies, correspondence.

  • Partner restaurants: name, business address, contact person, contact details (email, phone), bank details, contract and billing information.

3. Purposes of Processing
The data is used for the following purposes:

  • processing and handling bookings,

  • sharing relevant information with partner restaurants (e.g., allergies),

  • invoicing and payment processing,
    fulfilling legal obligations (e.g., retention requirements),

  • communication related to bookings,
    improving our services (analysis in anonymized form),

  • marketing, especially newsletters.

4. Legal Bases
The processing of data is based on:

  • performance of a contract (Art. 6 para. 1 lit. b GDPR, Art. 31 revDSG),

  • consent (Art. 6 para. 1 lit. a GDPR, Art. 31 revDSG),

  • legal obligations (Art. 6 para. 1 lit. c GDPR),

  • legitimate interests (Art. 6 para. 1 lit. f GDPR), provided these do not infringe the rights of data subjects.

5. Data Sharing
To partner restaurants: only the data necessary for service delivery is shared (name, number of guests, booked time, dietary preferences/allergies).
To service providers: e.g., IT/hosting providers, payment service providers, insofar as they are necessary for operation and processing.
No sharing with third parties for advertising purposes without explicit consent.
Data is transferred abroad only if an adequate level of data protection exists there (in particular according to a decision by the EU Commission or the Swiss Federal Council) and if necessary.

6. Retention Period
Contract and booking data: for the duration of the business relationship and in accordance with statutory retention periods (in Switzerland generally 10 years).
Allergy and dietary information: only for the duration of the specific booking, then deleted.
Marketing data: until consent is withdrawn.

7. Data Security
We take technical and organizational measures to ensure data security and protect it from unauthorized access, loss, manipulation, or unlawful disclosure.

8. Rights of Data Subjects
Customers and partners have the right at any time to:
access their stored data,
correct inaccurate data,
deletion, insofar as no legal obligations prevent this,
restriction of processing,
data portability,
withdraw consent with effect for the future,
lodge a complaint with the competent supervisory authority (in Switzerland: FDPIC; in the EU: the national data protection authority).

9. Changes
We reserve the right to amend this privacy policy at any time. The version published on our website at the respective time shall apply.