Privacy Policy

Privacy Policy

The security of your personal data collected and processed during your access and use of Carity is an important concern to us. We take the protection of your personal data, your health data and the development data generated by you very seriously. Personal data is any information that can lead to your identification (hereinafter “Personal Data”). Health Data is personal data that reveals information about your health status (hereinafter "Personal Health Data"). Development data are all data that are generated or collected for analysis and research purposes during your access and use of Carity (hereinafter "Development Data").

This Privacy Policy establishes the rights and obligations of the Controller of your data, Carity AG, regarding data protection aspects, based on the applicable data protection laws, especially the new Swiss Federal Data Protection Act ("nFADP") and the General Data Protection Regulation of the European Union ("GDPR"). This Privacy Policy applies to all Personal Data, Personal Health Data and Development Data that we process.

By accessing and using Carity and submitting Personal (Health-)Data as well as Development Data to us, you consent to the collection and use of your Personal (Health-)Data as well as Development Data in accordance with this Privacy Policy. For sake of clarity, in case of interpretation conflict between the different displayed languages of the present Privacy Policy, then the German version shall prevail and supersede all other languages.

  1. Definitions

«Development Data» means all information and data generated, identified, or collected that is stored, processed, and analyzed for the purpose of research and development. Development Data are generally anonymous but may be linked to Personal Data or include Personal Health Data under specific circumstances and for certain purposes. Development Data enable the generation of knowledge, which in turn is used for the development of products or services, the latter products and services are commercially exploited. The above-mentioned findings are generated by consolidating or interpreting Development Data that are no longer linked to Personal Data at that point in time, nor do they contain Personal Health Data.

«Personal Data» is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the identity of that natural person.

«Personal Health Data» is personal data that relates to the physical or mental health of a natural person, including the provision of health care services, and from which information about that person's health status is obtained.

«Controller» means the natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of Personal Data. If the purposes and means of such processing are specified by federal or EU law, the Controller or the specific criteria for its designation may be provided for under federal or EU law. For the purposes of your access and use of Carity, Carity AG acts as a Controller of your data; provided, however, that the healthcare professional having access to the data you allow him or her to also have access to shall also be considered as a data controller with regards to such access and use granted as part of your rehabilitation.

«Processing» means any operation or set of operations which is performed upon Personal (Health-)Data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

«Profiling» means automated processing of Personal (Health-) Data to assess personal aspects about a natural person.

«Privacy by Design» means data is protected through technology design, e.g. through the use of privacy preserving synthetic data or other privacy enhancing technologies.

«Privacy by Default» means that only the strict necessary data are processed to serve a specific purpose, without gathering more data than necessary.

The Controller for your Personal (Health-)Data: Carity AG. If you have any problems, questions, or suggestions, please contact Carity AG.

Contact information:
Carity AG
Herbergstrasse 16
9524 Zuzwil, Switzerland
Phone: +41 71 561 00 78

  1. Privacy by Design and Default

Controller has put in place various privacy measures in place to protect your Personal (Health-) and Development Data.

Controller shall not have access to your Personal Data as you are coded by a participant-ID, hence does not in general collect direct personal identifiable data or information automatically and regularly.

A reconciliation between your Participant ID and your identity, hence Personal Data, is only possible by the related rehabilitation center which has enabled you to install Carity. Controller is not in possession and control of such reconciliation list.

For specific cases only, Controller can request access to your Personal Data, which are solely collected and processed upon your specific consent and to enable the proper performance of administrative and support tasks. The details of Personal Data collected in that specific case are described in Section 3 – Data Collection – of the present Privacy Policy.

Controller does not collect more data than necessary to support the purpose of its offered services and products and enable the proper performance of your subscription.

Further, Controller will hold Personal Data and Personal Health Data, including Carity Participant-ID, strictly segregated, so that no reconciliation of Personal and Personal Health Data can be made.

  1. Data collection

After downloading the Carity App on your device and onboarding with the App, you will in any case be asked to provide your informed consent to our Privacy Policy for collection and processing of data, including Personal Data, as mentioned in Section 2, and Personal Health Data, as well as for potential Profiling as part of the generation of adherence reports. Different categories of Data as defined in Section 1 – Definitions – are collected as applicable and described further in this section.

Collected Personal Data can be categorized in Direct Personal Identifiable Information (“dPII”) and Indirect Personal Identifiable Information (“iPII”). Direct Personal Identifiable Information or dPII is only collected under strict conditions which are:

  • dPII are not systematically collected and are only collected upon a dedicated user action and specific consent;

  • dPII only serves for administrative, support or non-medical research and development activities in relation to Carity (for example, invoicing, answering technical questions, etc.);

  • dPII are only received by Controller over specific and identified communication channels (for example over the feedback Email function enabled in the Carity App);

  • dPII are fully segregated from your Personal Health Data; and

  • Controller does not collect more dPII than necessary to fulfill its administrative and support obligations.

Collected dPII may enclose surname, last name, Email address, Postal address, phone or mobile number, bank account information.

Indirect Personal Identifiable Information are collected under the same conditions as for dPII, however some may be first collected by the rehabilitation center and kept on site. The collection of iPII typically encloses: Carity participant ID (however, deidentifier is not directly under possession and control of Controller); IP address; connection to a clinical or care team; care plan details.

Collected Personal Health Data are such data which are only attributed to a coded Carity Participant ID and any reconciliation to Personal Data by Controller is not possible without a deidentifier kept at rehabilitation site. The collected Personal Health Data encloses:

  • Age, Biological Sex, Height, Weight;

  • Connection to a Clinic and Care Team;

  • Care Plan details (goals, milestones, activity plan, tasks structure);

  • Information collected from wearables based on Care Plan (e6MWD, eVO2max, HRV, Workout + HR, BP, Weight, ECG, AFib burden);

  • Program Adherence Reports in PDF format (contains Participant ID);

  • Information collected by the App from user input (Mind assessments, post-exercise assessments, BP, weight); and

  • Program progress intermediate analysis.

Finally, Controller collects Development Data as well as defined in Section 1 – Definitions, automatically or upon your consent. Such Development Data encloses feedback and support request; mobile App logs; mobile App usage data; device-related information; log information and other patient-reported experience and feedback. Such Development Data are anonymized and are not directly related to any Carity Participant ID.

With regard to the Personal (Health-)Data you actively provide, as well as the generated associated Development Data, we use technical and organizational means to ensure compliance with applicable data protection regulations (use of a certified infrastructure, processes ensuring compliance with data protection, Privacy by Design and Default).

  1. Recipients and location of processing

The processing of your Personal Data is carried out by the Controller and its service providers as defined in Annex I in data centers in Switzerland. Personal Health Data and Development shall only be processed in Switzerland, unless you expressly agree to the transfer of such data out of Switzerland.

You may further agree to the sharing of the output resulting from your use of Carity, notably the resulting automatically generated adherence reports, to healthcare professionals. Such sharing shall however only be based upon your consent.

However, please note that adherence reports are delivered over Email and, depending on your Email provider and receiver’s server settings, such Email may be transmitted and processed outside of Switzerland. Although, Controller is instructing health care professionals receiving such reports about legal requirements to receive, store and process these reports in Switzerland, you shall keep Controller harmless and not liable for any non-compliant use of your Personal (Health-)Data in form of adherence report which are transmitted, stored and processed outside of Switzerland. Further, If you decide to send your adherence reports to further third parties of your own or share it outside of the Carity App, Controller cannot guarantee your Personal (Health-)Data in form of adherence report will be stored and processed in Switzerland only and shall be kept harmless for any non-compliant use of your Personal (Health-)Data.

Your Personal Data will not be disclosed by the Controller, or its representatives/data processors as set out in Annex I for use by third parties in any form, unless otherwise specified or your consent has been obtained (notably with regards to the sharing with healthcare professionals) or the processor is required or authorized by law to do so. However, Controller may put you in relation with third-party providers, which may collect further data for their own purpose. You understand and agree that Controller has no control over such third-party which acts as a data controller on its own. We recommend you reading and understanding the applicable third-party providers’ privacy policy prior proceeding with the access and use of third-party providers’ services.

Carity is using Apple Health as data source, which is data which has been collected, stored and processed by Apple Inc. under Apple’s data privacy policy, which you have consented to, when using Apple products. This data is stored and processed with your consent and participation and does not fall under Carity’s present privacy policy, nor Carity shall be liable for any of your data controlled by Apple. Carity is not sending back any of collected, stored and processed data through the Carity App to Apple Health, except that the entire Carity App data repository may be stored as backup in iCloud, which in that case is not recognizable Carity data, hence not identifiable Personal (Health-)Data. Such backup into iCloud is not a standard setting and is only enabled upon your active consent. Apple may solely provide anonymized Development Data to Carity, such as crash statistics of the App.

  1. Purpose of processing

The Personal (Health-)Data that you provide to the Controller will only be used with regards to the Intended use, as defined in section 2 of the Terms of Use (which is available on or directly in the App), to respond to your queries and interact with you, as well as to ensure performance of our contract (notably with regards to invoicing).

Controller may further aggregate data in anonymized Development Data to perform data analytics for research and development purposes.

For specific research activities, Controller may ask for additional consent, that can be revoked at any time and would not constitute a consent revocation of the present privacy policy, nor require you to terminate your access and use to Carity.

Finally, Controller may use coded Personal (Health-)Data to perform Post-Market Surveillance Activities (“PMSA”) to comply with medical device regulatory requirements.

  1. Security

Controller uses technical and organizational security measures to protect your personal data from manipulation, loss, destruction, or access by unauthorized persons (use of a certified infrastructure). These security procedures are continuously adapted to new technological developments. Services and Products provided by the Controller are developed and tested under specific requirements checking cybersecurity and system penetration risks.

  1. Right of access, rectification, erasure, or restriction of processing, right to object to processing, right to data portability

For data directly accessible by Controller, you have the right to request from the Controller (1) access to and (2) rectification or (3) erasure of your Personal Data or, if the GDPR applies to you, further request (4) the restriction of the processing of your Personal Data as well as (5) object to the processing of your Personal Data. In addition, you have (6) a right to data portability. For sake of clarity, restriction of processing (point 4) and objection of processing (point 5) are not applicable under nFADP. To execute your rights described above, you can use the dedicated functionalities of the App. If you do not find the expected functionality, simply send an e-mail to the Controller of your Personal Data: or contact the responsible party at the address mentioned in Section 1 above.

For data accessible at one or more service providers of the Controller, Controller will provide all required information enabling you to place your request directly at the service provider. However, Controller is responsible to check that the respective service provider Data Protection Policies enable you to enforce your rights as specified in this section and – as applicable – to enforce your rights upon your request at the respective service provider.

  1. Right to revoke consent at any time

You have the right to withdraw your consent to the processing of your Personal (Health-)Data at any time for the future. For the avoidance of doubt, however, such revocation (1) shall not affect the lawfulness of the processing based on the consent prior to the revocation, (2) may lead to the termination of your subscription, in which case you shall be invited to delete the Carity App from your device; provided, however, that such termination shall not entitle you to get reimbursed for any prepaid fees. Again, send an email to the Controller of your Personal Data: or contact the responsible party at the address mentioned in Section 1 above.

  1. Retention

The Controller will retain Personal (Health-)Data and Development Data only for as long as your account in the Carity App is active and has not been erased from the App, unless otherwise provided by law.

If you decide to close your account, then Controller will delete all following data: Participant ID, all adherence reports. In that case Personal Health Data and Development Data are fully deleted, only if no specific research consent was given. In the case of an existing specific research consent, then Personal Health Data will not be deleted but is anonymized into Development Data.

If you are not using your account during at least 12 months, Controller is permitted to close your account and delete all related Personal (Health-)Data, and Development Data as described above.

Finally, according to Section 7, you are allowed to request at any time the deletion of your Personal (Health-)Data. For that, either use the dedicated App functionalities or send an Email to the person responsible for your Personal Data: or contact the responsible party at the address mentioned in Section 1 above. If you decide so, then you automatically revoke your consent to the present Policy and are required to terminate your access and use of Carity.

  1. Right to file a complaint with the supervisory authority

In Switzerland, you may lodge a complaint with the competent data protection authority (, if you do not agree with the processing of your Personal Data. If you are a resident of the EU, you also have the right to lodge a complaint with your national data protection authority or the European Data Protection Supervisor ( if you do not agree with the processing of your Personal Data.

  1. Changes to this Privacy Policy

We reserve the right to change this Privacy Policy at any time and to notify you via the App on the applicable changes. If you do not agree with the use of your Personal (Health-)Data set forth in this Privacy Policy, you should refrain from downloading, accessing and using Carity, which shall be considered as an acceptance of the latest version of our Privacy Policy.

Also, you may simply send an email to the Controller of your Personal (Health-)Data, or contact the responsible party at the address mentioned in Section 1 above to address your concerns or requirements.

Last update: June 14th, 2024

Annex I to the Data Protection Policy – List of external service providers

If necessary, Carity AG may engage external service providers to collect and process your data (such as call centers, technical service providers, hosting providers or IT companies). Depending on the type of service, your data may be accessible to these service providers for the purpose of providing the service. Carity AG controls that all service providers protect your data by exercising care in the selection of the service provider and by requiring Carity AG to check that the service provider complies with data protection laws. The links to the respective Data Privacy Statements are given in the table below.

1. Microsoft Corporation

  • Details to Data Processing:
    • Azure Cloud services for data storage including Personal (Health-)Data and Development Data;
    • Surveys services (Customer voice) for App feedback via web-form;
    • Appointment booking for coaching consultations.
  • Datacenter Location: Switzerland
  • Start Date: 2021-07
  • Data Protection

2. Friendly Analytics

  • Details to Data Processing:
    • Anonymized Carity app usage analytics. No personal data is stored and processed.
  • Datacenter Location: Switzerland
  • Start Date: 2023-11
  • Data Protection (DE)