Privacy policy

Last update: October 22, 2025

The official and binding version of this privacy policy is the German version.

Person responsible

LaceUp GmbH
Birmensdorferstrasse 109, 8003 Zurich
E-mail: go@laceup.ch
Web: www.laceup.ch

Purpose of data processing

We develop and operate digital platforms and mobile apps for sporting events, challenges and outdoor activities.
We process the personal data of athletes (hereinafter "participants") for the following purposes:

  • Implementation and administration of sporting events (e.g. rankings, awards, badges, segment times)
  • Communication with participants and organizers (e.g. notifications, support, e-mail confirmations)
  • Analysis, evaluation and visualization of activities (e.g. distance, time, altitude, GPS tracks)
  • Improvement, further development and security of our platform and services
  • Fraud detection, fairness control and ensuring correct results
  • Compliance with legal obligations and enforcement of terms of use

Processing is carried out in accordance with the Swiss Data Protection Act (DPA) and - where applicable - the European General Data Protection Regulation (GDPR).

Categories of personal data

We process the following data in particular:

  • Identification data: Name, e-mail address, user name, gender, year of birth, date of birth, language
  • Event data: Affiliation to an event, ranking, club/team
  • Performance data: Distance, time, GPS track, altitude profile, speed, time of activity, cadence, heart rate
  • Device and usage data: IP address, device type, browser, app version, timestamp, log data
  • Communication data: Messages to support, feedback, error messages

As a rule, the data is provided by the participating person themselves or by the respective event organizer, who transmits the athlete data to LaceUp.

Legal basis under Swiss law

Processing is based on the following principles in accordance with the FADP:

  • Art. 31 para. 1 FADP: Consent of the data subject (e.g. when registering or uploading an activity)
  • Art. 31 para. 2 lit. a FADP: Processing in direct connection with the performance of a contract (participation in an event)
  • Art. 31 para. 2 lit. b FADP: Processing based on an overriding private or public interest - e.g. to ensure the functionality, data security or further development of the product

For statistical, analytical and product-related purposes, data is pseudonymized or anonymized where possible.

Data sovereignty and rights of use
  • Participants remain the owners of their personal data.
  • The respective organizer (customer) receives a time-limited right to use the data of the participants (e.g. access to ranking lists, participant lists, contact information for event communication).
  • LaceUp remains the technical operator and processor within the meaning of the FADP insofar as we process data on behalf of the organizer.
  • For certain functions (e.g. badges, annual ratings, statistics functions), LaceUp also acts as joint controller to ensure platform operation.
Disclosure to third parties

We only pass on data if this is necessary for the fulfillment of the above-mentioned purposes. Recipients may be in particular

  • Organizers and their authorized employees
  • Technical service providers (e.g. hosting, e-mail, card or tracking providers)
  • Analysis and development service providers to improve the app or user experience

All contracted service providers are contractually obliged to process personal data exclusively within the scope of the defined purposes and in compliance with the FADP.

Data processing abroad

Processing is generally carried out in Switzerland or the EEA.
If data is transferred to a country without an adequate level of data protection, this is done on the basis of standard contractual clauses or other suitable guarantees in accordance with Art. 16 et seq. FADP.

Storage and deletion

We only store personal data for as long as it is required for the respective purposes or for as long as there is a legal obligation to retain it.
Participants can request the deletion or anonymization of their data at any time, provided there are no legal or technical reasons to the contrary (e.g. for historical rankings or anonymized statistics).

Analysis and further development purposes

LaceUp uses aggregated or pseudonymized usage and performance data to:

  • develop new functions,
  • improve the accuracy of algorithms (e.g. GPS detection, fairness control),
  • create statistical evaluations of usage, segment times, route profiles or device types.

These evaluations are carried out without reference to directly identifiable persons, insofar as this is technically possible.
Such uses are covered by LaceUp's overriding interest in continuous product improvement (Art. 31 para. 2 lit. b FADP).

Security

We take appropriate technical and organizational measures to protect data from loss, misuse, unauthorized access or disclosure. These include encryption, access controls, authorization concepts, logging, backups and regular security checks and, in the event of a relevant data breach, we inform those affected and - if necessary - the responsible authorities in accordance with the legal requirements.

Rights of the data subjects

Participants have the following rights in particular under the DPA:

  • Information about processed data
  • Correction of incorrect data
  • Deletion or anonymization
  • Restriction of processing
  • Release or transfer (data portability)

Inquiries should be sent to go@laceup.ch. We reserve the right to request suitable proof of identification.

Changes to this privacy policy

LaceUp may amend this Privacy Policy at any time if data processing or the legal framework changes.
The current version is available at www.laceup.ch/datenschutz. Users will be actively notified of any significant changes.

Data processor

We work with carefully selected partners and service providers who process personal data on behalf of LaceUp.
These processors are contractually obliged to process the data exclusively in accordance with our instructions and in compliance with the Swiss Data Protection Act.

Currently used data processors:

  • Webflow, Inc. - Website hosting and content management
  • Hetzner Online GmbH - Server hosting and data infrastructure
  • Hostpoint AG - Sending and receiving e-mails, calendar
  • Google Ireland Limited / Google LLC - map services, ReCaptcha, sending and receiving emails, calendar
  • MailXpert GmbH - Sending e-mail notifications
  • Plausible Insights OÜ - privacy-friendly web analytics
  • Sendinblue GmbH (Brevo) - e-mail dispatch and marketing communication
  • Payrexx AG - Payment Provider

The list may change as we continue to develop our services. The current version of this statement contains the valid overview of all data processors.

Contact

You can send questions about data protection or the exercise of your rights to the following address richten:go@laceup.ch

Got an idea?

Let's talk

We look forward to your inquiry!
Let's go
LaceUp
Digitally connected. Outdoor adventures.
HomeContactProjectsBlogAbout usPrivacy Policy
LaceUp GmbH, Zurich, Switzerland