1.  What is this privacy policy about? 


Serendipity GmbH (hereinafter also referred to as “we“, “us) collects and processes personal data concerning you or other persons (so-called “third parties). In particular, we collect and process personal data about children in our care, parents, associated persons, contracting parties, employees, visitors to the website and users of the Serendipity App. We use the term “data” here synonymously with “personal data”. 

Personal data refers to data that relates to specific or identifiable persons (i.e. it is possible to draw conclusions about their identity based on the data itself or with corresponding additional data). “Processing” means any handling of personal data, e.g. obtaining, storing, using, adapting, disclosing and deleting. 

In this privacy policy, we describe what we do with your data when you use our website https://serendipity.education/ (hereinafter “website), use the Serendipity App, use our services or products, or are otherwise in contact with us under a contract, communicate with us or otherwise deal with us. If necessary, we will inform you about additional processing activities not mentioned in this privacy policy. 

If you transmit or disclose data about other persons, in particular about family members, you confirm that you are authorized to do so and that this data is correct. Please also ensure that these other persons are informed about this privacy policy.

This privacy policy is designed to meet the requirements of the Swiss Federal Act on Data Protection (FADP). Whether and to what extent this law is applicable, however, depends on the individual case.



  1.   Who is responsible for processing your data?


Responsible for the data processing described in this privacy policy is 

Serendipity GmbH

Leedonal Moore

Dufourstrasse 5

8702 Zollikon

+41 43 883 94 32


If you have any questions about this privacy policy or other data protection concerns and/or wish to exercise your rights in accordance with Section 9, you can contact us at the above addresses. 




  1.   What data do we process?


We process different categories of data about you. The main categories are as follows: 

  • Childcare data

This is data that relates to childcare (e.g., playgroups, daycare centers, kindergartens and other social services) and arises in this context. It is usually data about the children in care, but may also include data about parents or other third parties (e.g., other caregivers). It includes personal data (name, age, place of residence, address, emergency contact), but also data worthy of special protection such as health data (e.g., allergies), preferences (e.g., food preferences), or development. 

We receive this data, among other things, through registrations for our services and by the Serendipity App.

  • Technical data: 

When you use our website or other electronic offerings, we collect the IP address of your end device and other technical data (e.g., MAC address of the smartphone or computer, operating system used, hostname of the accessing device, time of the server request) in order to ensure the functionality and security of these offerings. This data also includes logs in which the use of our systems is recorded. To ensure the functionality of these offers, we can also assign you or your end device an individual code (e.g., in the form of a cookie, see section 5). The technical data itself does not allow any conclusions to be drawn about your identity. However, they can be linked to other data categories (and thus possibly to your person) as part of the processing of contracts. 

  • Communication data: 

If you are in contact with us via the contact form, by e-mail, telephone, letter, personal meetings, or other means of communication, we collect the data exchanged between you and us, including your contact details and the marginal data of the communication. If we want or need to establish your identity, e.g., if you request information, we will collect data to identify you (e.g., a copy of an ID card).

  • Master data: 

We define master data as the basic data that we require in addition to the contract data (see below) for the processing of our contractual and other business relationships or for marketing and advertising purposes. 

This is general personal data such as names, contact details, photos, children history, powers of attorney, declarations of consent, bank details and information about your relationship with us (e.g., children in our care, parents, business partners) and information about third parties (e.g., contact persons, family details). 

We process your master data if you are a customer or other business contact or work for one (e.g., as a contact person of the business partner), or because we want to contact you for our own purposes or the purposes of a contractual partner (e.g., as part of marketing and advertising, with invitations to events, vouchers, newsletters, etc.). 

We receive the master data from you (e.g., as part of a registration for a service or the processing of a contractual or other business relationship) or from third parties, such as our contractual partners, and from publicly accessible sources, such as public registers or the internet (websites, social media, etc.). We may also process information about third parties as part of master data.

  • Contract data: 

Contact data arises in connection with the conclusion or processing of a contract, e.g., information about contracts and the services to be provided or already provided, as well as data from the run-up to a conclusion of a contract and the information required or used for processing of a contract and information of any reactions (e.g., complaints or information on satisfaction, etc.). We generally collect this data from you, from contractual partners, and from third parties involved in the execution of the contract, but also from third-party sources and from publicly accessible sources.

  • Behavioral and preference data: 

Depending on the relationship we have with you, we try to get to know you and better tailor our services and offers to you. To do this, we collect and use data about your behavior (e.g., whether and when you have opened an email or location data when you use our website) and your preferences. 

We do this by evaluating information about your behavior in our area, and we may also supplement this information with information from third parties, including from publicly accessible sources. Based on this, we can, for example, calculate the probability that you will use certain services or behave in a certain way. 

Some of the data processed for this purpose is already known to us (e.g., when you use our services), or we obtain this data by recording your behavior (e.g., how you navigate our website). We describe how tracking works on our website in section 5.

  • Data from comments on our website: 

When visitors leave comments on the website, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available under: https://automattic.com/privacy/

After approval of your comment, your profile picture is visible to the public in the context of your comment.



  1.   For what purpose and on what legal basis do we process your data?


We primarily process your data in connection with our services, communication with you and the conclusion, administration and processing of contractual relationships with our customers and other business partners, as well as with the operation of our website and the Serendipity App. 

We then process your data for marketing purposes and to maintain relationships, e.g., to send our customers and other contractual partners personalized advertising about our products and services. This may take the form of newsletters and other regular contacts (electronically, by post, by telephone), via other channels for which we have contact information from you, but also as part of individual marketing campaigns (e.g., events etc.). You can refuse such contacts at any time (see at the end of this section 4) or refuse or revoke your consent to be contacted for advertising purposes. 

We may also process your data for other purposes insofar as this is permitted by law and we have a legitimate interest in the corresponding data processing (e.g., market and opinion research, offering and further developing our services, ensuring our operations [in particular IT and our website] and asserting legal claims).

We may use certain of your personal characteristics for the purposes set out in this section 4 based on your data (see section 3) automatically (“profiling”) if we want to determine preference data, but also to determine abuse and security risks, carry out statistical evaluations or for operational planning purposes. 

For the same purposes, we can also create profiles, i.e., we can combine behavioral and preference data, but also master and contract data and technical data assigned to you in order to better understand you as a person with your different interests and other characteristics.

In both cases, we pay attention to the proportionality and reliability of the results and take measures to prevent misuse of these profiles or profiling. If these can have legal consequences or significant disadvantages for you, we always provide for a manual review.

If you have given us your consent to process your data for specific purposes (e.g., registration to receive newsletters or consent to other regular contacts; consent to automated data processing, where applicable), we will process your data within the scope of and based on this consent, unless we have another legal basis and require one. Consent that has been given can be withdrawn at any time, but this has no effect on data processing that has already taken place (see also section 9).



  1.   How do we use cookies and other technologies in connection with the use of our website?


On our website, we use cookies and similar technologies with which your browser or device can be identified. Cookies are individual codes (e.g., a serial number) that our server or a server of our service provider or advertising contract partner transmits to your system when you connect to our website and that your system (browser, mobile) receives and stores until the programmed expiry date. Each time you access our website again, your system transmits these codes to our server or the server of the third party. This allows you to be recognized, even if your identity is unknown.

We use cookies so that we can distinguish access by you (via your system) from access by other users, so that we can ensure the functionality of the website and make the user experience more efficient. 

You can deactivate cookies completely or partially at any time in your browser settings. If cookies are deactivated, you may no longer be able to use all the functions of our website. 

In accordance with the law, we may store cookies on your device if they are absolutely necessary for the operation of our website. We require your permission to store all other types of cookies if you access our website from outside Switzerland. 

You can program your browser to block or deceive certain cookies or alternative technologies or to delete existing cookies. You can also add software to your browser that blocks tracking by certain third parties. Further information on this can be found on the help pages of your browser (usually under the heading “Data protection”) or on the websites of the third parties listed below. 

Visitors who access our website from outside Switzerland can change or revoke their consent to cookies at any time on our website or in the browser settings.

A distinction is made between the following cookies (technologies with comparable functions such as fingerprinting are also included here):

  • Necessary cookies

Some cookies are necessary for the functioning of the website as such or for certain functions. For example, they ensure that you can switch between pages without losing any information entered in a form. They also ensure that you remain logged in. These cookies are only temporary (“session cookies”). If you block them, the website may not work. Other cookies are necessary so that the server can save decisions or entries made by you beyond a session (i.e., a visit to the website) if you use this function (e.g., selected language, consent given, the function for automatic log-in, etc.).

If you leave a comment on our website, you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.


  • Statistics cookies: 

Statistics cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously.

We sometimes use Google Analytics or similar services on our websites. This is a service provided by third parties, which may be located in any country in the world (in the case of Google Analytics, it is Google Ireland [based in Ireland], Google Ireland relies on Google LLC [based in the USA] as processor [both “Google”], www.google.com), with which we can measure and evaluate the use of the website (not on a personal basis). 

Permanent cookies set by the service provider are also used for this purpose. We have configured the service so that the IP addresses of visitors to Google in Europe are truncated before being forwarded to the USA and therefore cannot be traced. We have switched off the settings “Data transfer” and “Signals”. 

Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google can use this data for its own purposes to draw conclusions about the identity of visitors, create personal profiles and link this data to the Google accounts of these persons. 

If you have registered with the service provider yourself, the service provider also knows you. The processing of your personal data by the service provider is then the responsibility of the service provider in accordance with its data protection provisions. The service provider only informs us how our respective website is used (no information about you personally).

We then use cookies and other tracking technologies in our marketing communications (e.g., marketing emails), which enable us to assess whether marketing emails have been opened, answered or forwarded and links followed, etc. 

We also use plugins for Facebook and Instagram on our website. When you interact with these platforms, the relevant information is forwarded and your visit is recognized by Facebook and Instagram.


  • Marketing cookies

We have an interest in targeting advertising to specific groups, i.e., only showing it to the people we want to address. For this purpose, we may – if you consent – also use cookies with which the content accessed or contracts concluded can be recorded. This enables us to display advertising that we can assume will be of interest to you, both on our website and on other websites that display our advertising. If you consent to the use of these cookies, you will be shown appropriate advertising. If you do not consent to these cookies, you will not see less advertising, but simply any other advertising. 


  1.   To whom do we disclose your data?


As part of our business activities and the processing of data in accordance with this privacy policy, we may – to the extent permitted and required by law – disclose data to trusted third parties (hereinafter referred to as “third-party recipients) who process your data for us. In particular, these may be service partners of ours (e.g. IT service providers, third parties involved in the implementation or organization of events, providers of support services). 

The third-party recipients may be located in Switzerland or abroad. If the country in question does not offer adequate statutory data protection, we ensure an adequate level of protection as provided for by law through the use of appropriate contracts, in particular on the basis of the European Commission’s standard contractual clauses (e.g. when using the Serendipity App), or binding corporate rules, or we rely on an exemption clause. 

An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have given your consent or if the data in question has been made generally accessible by you and you have not objected to its processing. 

If you use programs/apps from third parties in the context of our cooperation (e.g., WhatsApp and Procare App), we explicitly refer to the data protection policies of these third parties. We cannot control whether, when using such programs, your data may also be processed in countries that do not offer an adequate standard of data protection under Swiss data protection law. 

The same also applies to certain programs that we use to provide our services (e.g., Google Workspace, Pandadoc, WordPress, SmallInvoice, OneDrive). However, we ensure that we only pass on personal data where necessary and use all reasonable means at our disposal to ensure the protection of this personal data.

Among other things, tools from companies based in the USA are integrated on our website. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of Swiss data protection law. US companies are obliged to disclose personal data to security authorities without you as the data subject being able to take legal action against this. 

It can therefore not be ruled out that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.



  1.   How long do we process your data?


We process your data for as long as required by our processing purposes, the statutory retention periods and our legitimate interests in processing for documentation and evidence purposes or if storage is technically necessary (e.g. statutory retention period of 10 years for certain documents, such as contracts, application forms and invoices). If there are no legal or contractual obligations to the contrary, we will delete or anonymize your data after the storage or processing period has expired as part of our normal processes.



  1.   How do we protect your data?


We take appropriate technical and organizational security measures to protect the confidentiality, integrity and availability of your data, to protect it against unauthorized or unlawful processing and to counteract the risks of loss, unintentional alteration, unwanted disclosure or unauthorized access. 



  1.   What are your rights?


You have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to our data processing as well as to the disclosure of certain data for the purpose of transfer to another body (so-called data portability) within the scope of the data protection law applicable to you and insofar as provided therein. 

You also have the right to withdraw your consent if our processing is based on your consent (see section 4 in particular). 

However, when exercising your rights, please note that we reserve the right to assert the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (insofar as we are entitled to invoke this) or require it for the assertion of claims. If you incur costs, we will inform you in advance. 

Please note that the exercise of these rights may conflict with contractual agreements and this may have consequences such as premature termination of the contract or costs. We will inform you in advance if this is not already contractually regulated.

The exercise of such rights generally requires that you clearly prove your identity (e.g., by means of a copy of your identity card, where your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address given in section 2.

Every data subject also has the right to enforce its claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).



  1.   Can this privacy policy be changed?


This data privacy policy is not part of any contract with you. We may amend this data privacy policy at any time. The version published on this website is the current version. 

Last update: [January 12, 2024]