Legal
Privacy Policy
We are committed to protecting your privacy. This policy explains exactly what data we collect, why we collect it, who we share it with, and what rights you hold - in full compliance with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (DSG).
Effective date: 01 September 2024 · Last reviewed: March 2026
01
Data controller
The data controller responsible for your personal data is:
- Dominique Ceara
- Switzerland
- Email: hi@dominiqueceara.com
- Website: www.dominiqueceara.com
As a Switzerland-based business serving customers in Switzerland and the European Union, we are subject to both the Swiss Federal Act on Data Protection (DSG / nDSG) and, where applicable, the EU General Data Protection Regulation (GDPR).
02
Data we collect
We collect personal data only where necessary and only to the extent required for the purposes described in this policy. The categories of data we may collect include:
Data you provide directly
- Name and email address - when you purchase a product, book a session, or sign up for our newsletter
- Payment information - processed securely via our payment provider; we do not store card details
- Communications - messages sent via our contact form, email, or WhatsApp
- Health information - where voluntarily shared during coaching sessions, treated with strict confidentiality
- Participation agreement - timestamp and acknowledgement recorded when you accept the course waiver
Data collected automatically
- Browser type, operating system, and device information
- IP address and approximate location
- Pages visited, time on site, and referral source
- Cookie and pixel data (see section 8)
03
Legal basis for processing
Under GDPR Article 6 and the Swiss DSG, we are required to identify a legal basis for each type of data processing we carry out. The table below sets out our processing activities and the legal ground for each.
| Purpose | Legal basis |
|---|---|
| Processing your purchase and delivering course access or coaching sessions | Performance of a contract (GDPR Art. 6(1)(b) / DSG) |
| Sending transactional emails (order confirmation, access credentials, session reminders) | Performance of a contract (GDPR Art. 6(1)(b) / DSG) |
| Sending marketing emails and newsletters | Consent (GDPR Art. 6(1)(a) / DSG) - you may withdraw at any time |
| Responding to enquiries and customer support | Legitimate interest (GDPR Art. 6(1)(f) / DSG) - communicating with prospective and existing clients |
| Website analytics and performance monitoring | Legitimate interest (GDPR Art. 6(1)(f) / DSG) - improving our website and services |
| Targeted advertising via Facebook / Meta Pixel | Consent (GDPR Art. 6(1)(a) / DSG) - managed via our cookie consent tool |
| Recording participation agreement acknowledgements | Legal obligation and legitimate interest (GDPR Art. 6(1)(c) & (f) / DSG) - maintaining records of consent for liability purposes |
| Complying with legal obligations (tax records, fraud prevention) | Legal obligation (GDPR Art. 6(1)(c) / DSG) |
04
Third-party processors
We work with a limited number of trusted third-party service providers to operate our business. Each processor is bound by a data processing agreement and handles your data only on our instructions. The processors we currently use include:
| Processor | Purpose & data shared |
|---|---|
| Payment processor (e.g. Stripe) | Secure payment processing. Name, email, and payment card details. Stripe's privacy policy applies to card data - we do not store it. |
| Course platform / LMS | Delivering course content and tracking progress. Name, email, and course activity data. |
| Email marketing platform (e.g. Mailchimp / ActiveCampaign) | Sending newsletters and course-related communications. Name and email address. |
| Meta (Facebook Pixel) | Advertising and retargeting. Behavioural and device data collected via cookie, subject to your consent preferences. |
| Website analytics (e.g. Google Analytics) | Understanding website traffic and user behaviour. Anonymised usage data. |
| Calendly | Booking discovery and coaching calls. Name, email, and scheduling information. |
From time to time we may engage additional third-party processors to support the operation and growth of our business - for example, new tools for scheduling, customer support, course delivery, or marketing. Any such processor will be subject to a data processing agreement and will only receive the minimum data necessary to perform their function. We will update this list when a new processor is added that materially affects how your data is handled.
We do not sell, rent, or trade your personal data to any third party. Data is shared with processors only to the extent necessary to deliver our services. You may contact us at any time to request an up-to-date list of the processors we currently work with.
05
Retention periods
We retain your personal data only for as long as necessary for the purpose for which it was collected, or as required by applicable law. Our standard retention periods are as follows:
- Purchase and transaction records - 10 years, in accordance with Swiss accounting obligations
- Coaching session notes and related communications - 3 years following the end of the coaching relationship
- Course participation and waiver acknowledgements - 5 years from the date of purchase
- Marketing consent records - until consent is withdrawn, plus 3 years
- General enquiry correspondence - 2 years from the date of last contact
- Website analytics data - anonymised after 26 months
When data is no longer required, it is securely deleted or anonymised.
06
International data transfers
Some of our third-party processors are based outside Switzerland and the European Economic Area (EEA), including in the United States. Where personal data is transferred to a country that does not offer an equivalent level of data protection, we ensure appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs) as approved by the European Commission
- The Swiss-US Data Privacy Framework where applicable
- Adequacy decisions by the Swiss Federal Data Protection and Information Commissioner (FDPIC)
You may request details of the specific safeguards applied to any transfer by contacting us at hi@dominiqueceara.com.
07
Your rights
Under the GDPR and Swiss DSG, you hold the following rights in relation to your personal data. To exercise any of these rights, please contact us at hi@dominiqueceara.com. We will respond within 30 days.
Access
Request a copy of all personal data we hold about you.
Correction
Request that inaccurate or incomplete data be corrected.
Deletion
Request deletion of your data, subject to legal retention obligations.
Portability
Receive your data in a structured, machine-readable format.
Objection
Object to processing based on legitimate interest, including direct marketing.
Restriction
Request that we limit how we use your data in certain circumstances.
Withdraw consent
Withdraw any consent given at any time, without affecting prior processing.
Complaint
Lodge a complaint with your national supervisory authority or the Swiss FDPIC.
09
Children's data
Our services are intended for individuals aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us immediately at hi@dominiqueceara.com and we will delete it promptly.
10
Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Where changes are material, we will notify you by email or by posting a prominent notice on our website. The effective date at the top of this page will always reflect the most recent version. We encourage you to review this policy periodically.
11
Contact & complaints
For any questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact us:
- Email: hi@dominiqueceara.com
- Website: www.dominiqueceara.com/contact
If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority:
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC) - www.edoeb.admin.ch
- European Union: The data protection authority in your country of residence