Privacy Policy

What personal data we collect and why we collect it

PLEASE READ THIS STATEMENT CAREFULLY TO UNDERSTAND HOW CHARITY COLLECTS, USES AND STORES YOUR PERSONAL DATA.

1. Data Controller

The responsible entity for data processing is:
Controlates [Hatice Biyik, Am Rainbach 28, 6340 Baar, info@controlates.ch, +41795770859]

2. Data Collected and Purposes

We process the following personal data:

Customer data: name, address, phone number, e-mail, payment details
Booking data: course registrations, participation, contract details
Health data (voluntary, e.g. for Reformer Pilates or private sessions)
Employee data (instructors, where required for contract fulfilment)

Purposes of processing:

Conducting courses, private sessions, online trainings
Booking and subscription management
Payment processing
Customer communication
Marketing and advertising (Meta, Google Ads)
Compliance with legal obligations

3. Booking Platforms

We use Timify and Sportsnow for booking and scheduling. Necessary data for booking is transferred to these providers:

Timify: https://www.timify.com/en/legal/#privacy
Sportsnow: https://sportsnow.ch/privacy

4. Advertising (Meta & Google Ads)

We use services from Meta Platforms Ireland Ltd. (Facebook, Instagram) and Google Ireland Ltd. (Google Ads). Cookies and similar technologies are used to deliver ads, measure reach and analyse user interests.

Data such as IP address, device information, and interactions may be transmitted to Meta/Google and stored on servers in the USA.
More information and opt-out:

Meta: https://www.facebook.com/privacy/policy
Google: https://policies.google.com/privacy

5. Cookies & Tracking

We use cookies and similar technologies to:

ensure the functionality and security of our website
analyse usage and improve services
optimise advertising (Google Ads, Meta Ads)

Cookies can be disabled in the browser settings, which may limit functionality.

6. Retention and Deletion

Contract and payment data: 10 years (legal obligations under Swiss Code of Obligations)
Booking data: 2 years after course end
Health data: deleted immediately after course end or upon request
Employee data: retained according to labour law requirements

7. Rights of Data Subjects

You have the right to:

access your stored personal data
request correction or deletion
restrict processing
object to marketing uses
request data portability (where applicable)

Complaints can be submitted to the Swiss Federal Data Protection and Information Commissioner (FDPIC):
https://www.edoeb.admin.ch

8. Data Breaches

In case of a data breach that poses a high risk to data subjects, the FDPIC will be notified, and affected persons will be informed.

9. Data Security

We take technical and organisational measures (e.g. restricted access, encrypted transmission) to protect data against unauthorised access, loss, or misuse.

10. Changes

This privacy policy may be updated at any time. The current version published on our website applies.

Version 1.0 – effective as of September 2025.