Legal
Privacy Policy
This Privacy Policy explains how GULL DIAGNOSTICS processes personal data in connection with the website quietweight.com (the “Website”), the QuietWeight self-assessment, the QWI Assessment, the Reset Plan and related services (together, the “Services”). We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP/DSG) and, where applicable, the EU General Data Protection Regulation (GDPR).
1. Controller
The controller responsible for the processing of your personal data is:
GULL DIAGNOSTICS (sole proprietorship / Einzelunternehmen)
Sperdiklerstrasse 6, 8466 Trüllikon, Switzerland
Registered seat: Trüllikon (Canton of Zürich) · UID: CHE-198.656.704
Email: [email protected]
2. What data we process
Depending on how you use the Services, we process the following categories of personal data:
| Category | Examples |
|---|---|
| Self-assessment data | Your ratings of nine areas of life (1–10), the resulting QuietWeight score and life-wheel, and the personal summary generated for you. |
| Contact data | Email address, and any name or message you provide so we can send your result and respond to you. |
| Consent data | The fact, time and scope of the consent you give (e.g. to receive your result by email). |
| Order & payment data | For paid Services (e.g. QWI Assessment, Reset Plan): the details needed to provide the service and process payment. Payment-card data is handled by our payment provider, not stored by us. |
| Technical & usage data | IP address (stored only in a shortened/pseudonymised form), browser and device information, date and time, and pages accessed. Collected automatically for security and operation. |
You are not legally obliged to provide personal data, but some data is necessary to deliver the Services (for example, an email address to send your result). The information you provide in the self-assessment may reveal aspects of your personal situation — please share only what you are comfortable sharing.
3. Purposes & legal bases
We process personal data for the following purposes and, under the GDPR, on the following legal bases:
- Providing the self-assessment and sending your result — on the basis of your consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time with effect for the future.
- Providing paid Services and managing the contract — to perform a contract with you (Art. 6(1)(b) GDPR).
- Communicating with you (answering enquiries, service messages) — consent or contract performance, as applicable.
- Security, abuse prevention and ensuring the Website works — our legitimate interests (Art. 6(1)(f) GDPR) in operating a safe and reliable service.
- Marketing (e.g. occasional updates) — only with your consent, which you can withdraw at any time via the unsubscribe link or by emailing us.
- Complying with legal obligations — e.g. accounting/retention duties (Art. 6(1)(c) GDPR).
4. AI-generated summary
To create your personal summary, the answers from your self-assessment are processed by an artificial-intelligence service (the Claude API provided by Anthropic). This processing happens to generate text for you and is carried out on our behalf. We do not use your data to train third-party AI models, and the summary is for your information and self-reflection only — it is not therapy, diagnosis or medical advice. This processing is based on your consent.
5. Recipients & processors
We do not sell your personal data. We share it only with service providers who process it on our behalf (processors) or where required by law. These include:
- Hosting — our servers are hosted by an infrastructure provider located in the EU (Germany).
- Content delivery & security — Cloudflare, which routes and protects Website traffic and processes technical data such as IP addresses.
- AI summary — Anthropic (Claude API), to generate your personal summary (see section 4).
- Email delivery — our email/SMTP service provider, to send your result and service emails.
- Payment processing — for paid Services, a payment service provider that handles your payment data.
- Internal notifications — we may receive an operational notification (e.g. via a secure messaging service) when a new submission is made, so we can run the Service.
We may also disclose personal data to authorities or advisers where necessary to comply with the law, enforce our terms, or protect our rights, and to a successor in the context of a business transfer.
6. International transfers
Some of our processors may process data outside Switzerland and the EU/EEA (for example, the AI provider). Where we transfer personal data to a country without an adequate level of protection, we put appropriate safeguards in place — such as the European Commission’s Standard Contractual Clauses together with the Swiss addendum — or rely on another lawful transfer mechanism. You can ask us for more information using the contact details below.
7. Retention
We keep personal data only as long as necessary for the purposes described above: self-assessment and contact data for as long as needed to provide the Service and, where you consented, until you withdraw your consent or object; order and payment records for the period required by applicable accounting and tax law; and technical/security logs for a short period. When data is no longer needed, we delete or anonymise it.
8. Security
We use appropriate technical and organisational measures to protect personal data, including encrypted transmission (HTTPS), access controls, and pseudonymisation of IP addresses. No method of transmission or storage is completely secure, but we work to protect your data and to address any incident appropriately.
9. Your rights
Subject to applicable law, you have the right to:
- request access to the personal data we hold about you;
- request correction of inaccurate data;
- request deletion of your data;
- request restriction of, or object to, certain processing;
- receive your data in a portable format (data portability);
- withdraw consent at any time, with effect for the future; and
- opt out of marketing communications at any time.
To exercise any of these rights, contact us at [email protected]. You also have the right to lodge a complaint with a supervisory authority — in Switzerland, the Federal Data Protection and Information Commissioner (FDPIC, edoeb.admin.ch); in the EU/EEA, your local data protection authority.
10. Cookies & tracking
We use cookies and similar technologies that are strictly necessary to operate the Website securely (including security/anti-abuse cookies set by Cloudflare) and, where applicable, to remember your preferences. These are required for the Website to function. We do not use the Website to serve third-party advertising. If we introduce analytics or other non-essential cookies in the future, we will ask for your consent first where the law requires it. You can also control cookies through your browser settings; blocking strictly necessary cookies may affect how the Website works.
11. Children
The Services are intended for individuals aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
12. Changes to this Policy
We may update this Privacy Policy from time to time. The current version is always available on the Website with its “last updated” date. For material changes, we will take appropriate steps to inform you where required.
13. Contact
For any privacy question or to exercise your rights, please contact:
GULL DIAGNOSTICS
Sperdiklerstrasse 6, 8466 Trüllikon, Switzerland · UID: CHE-198.656.704
Email: [email protected]