Privacy policy overview
This privacy policy explains how VelaYPath collects, uses, stores and shares personal data in connection with its personal growth and self-development services. It is intended to provide clear, factual information about data processing activities, legal bases for processing, user rights and contact details for privacy matters. The policy applies to visitors and participants who interact with VelaYPath.digital, attend programs in person at our address in Saanen, or request information by telephone or email.
Key definitions
Terms used in this policy are defined for clarity to help users understand how their data is described and handled. Definitions align with common data protection terminology used in Swiss and EU contexts and are applied consistently across our notices and internal records.
Data collection and sources
VelaYPath collects personal data from a few primary sources to provide services, administer accounts and improve offerings. Collected data is limited to what is necessary for stated purposes and is processed in accordance with applicable data protection laws.
Data you provide directly
Data provided directly by users typically includes information required for enrollment, communication and service delivery. This data is used to perform contractual and administrative tasks and to respond to inquiries.
- Contact details: name, email address, postal address, and telephone number.
- Registration and account details: user name, chosen password hash, organization or affiliation if provided.
- Transactional data: billing address, invoice details, payment confirmations, and receipts.
- Program participation data: course selections, attendance records, submitted assignments and feedback.
- Communications: messages sent to support, coaching notes contributed by participants for program purposes.
- Optional profile information: professional background, learning objectives and voluntary demographic details if supplied.
Automatically collected data
Some data is collected automatically when users access VelaYPath.digital or use online services. This information supports site operation, diagnostics and improvements while typically remaining non-identifying unless correlated with user-provided data.
- Technical data: IP address, browser type, operating system and device identifiers.
- Usage data: pages visited, time spent on pages, click patterns and navigation paths.
- Analytics data: aggregated interaction metrics from web analytics providers.
- Cookie and tracking data: identifiers set by cookies and similar technologies used on the site.
- Error and diagnostic logs: records of technical errors and performance issues.
- Authentication logs: timestamps and metadata associated with sign-ins for security and auditing.
Data from third parties
In limited circumstances, VelaYPath may receive data about users from trusted third parties to support legitimate service delivery. We assess third-party practices to ensure processing is appropriate and lawful.
- Payment processors: confirmation of transactions and minimal billing metadata required for accounting.
- Platform services: analytics providers that supply aggregated reports and usage metrics.
- Professional referrals: contact details or background information provided by referral partners when a user consents.
Purposes of processing
VelaYPath processes personal data for a set of specified, legitimate purposes. Processing is limited to what is necessary for each purpose and described below so that users can understand how their data is used.
- To provide and manage educational services, course access and coaching arrangements.
- To process payments, issue invoices and maintain business records required for accounting and regulatory compliance.
- To communicate administrative updates, course materials and responses to user inquiries.
- To improve services through aggregated analytics, usability testing and curriculum review.
- To maintain security, prevent fraud and contribute technical incidents affecting service delivery.
- To fulfill legal and regulatory obligations, such as tax reporting or law enforcement requests when legitimately required.
- To administer user accounts, including password resets, profile updates and enrollment status.
- To document consent and preferences regarding marketing communications and cookie settings.
Legal bases for processing
Processing is undertaken only where a lawful basis exists. For users in the EU or Switzerland, VelaYPath relies on specific legal bases as appropriate for each processing activity.
- Performance of a contract: processing necessary to provide courses, coaching and related services agreed with the user.
- Legal obligation: processing required to comply with accounting, tax or other statutory duties.
- Legitimate interests: limited processing for security, fraud prevention and service improvement where individual rights are respected.
- Consent: where users have expressly consented to optional activities such as marketing communications or non-essential cookies.
Data subject rights and GDPR context
Individuals located in the EU or Switzerland have data protection rights under applicable law. VelaYPath provides information about these rights and the mechanisms to exercise them in a straightforward manner.
- Right of access: request a copy of personal data held about you.
- Right to rectification: request correction of inaccurate or incomplete personal data.
- Right to erasure: request deletion of personal data where retention is no longer justified, subject to legal and contractual constraints.
- Right to restriction: request limitation of processing in certain circumstances.
- Right to data portability: request transfer of provided data in a commonly used, machine-readable format where applicable.
- Right to object: object to processing based on legitimate interests or direct marketing, subject to applicable exceptions.
Cookies and similar technologies
VelaYPath uses cookies to operate the website, remember user preferences and collect analytics. Users can control cookie preferences through browser settings or the cookie consent tool where provided on the site.
Types of cookies used include strictly necessary cookies for site operation, preference cookies for remembering settings, analytics cookies for aggregated usage statistics, and marketing cookies only where consent has been obtained.
Categories: necessary, preferences, analytics, marketing. Necessary cookies cannot be disabled without affecting site functionality.
To manage cookies, use browser controls to delete or block cookie storage, or adjust the consent settings presented on VelaYPath.digital. Changes may affect site behavior or access to certain features.
Cookie policy
Sharing and disclosures
VelaYPath shares personal data only with parties necessary to provide services or where required by law. Third-party recipients are selected to ensure appropriate safeguards and confidentiality.
- Service providers: payment processors, hosting and email communication platforms used to operate the service.
- Professional advisors: auditors, legal advisors or accountants where required for compliance or legitimate business needs.
- Analytics providers: external services that assist with aggregated reporting and site performance measurement.
- Regulatory and legal authorities: disclosures made when required by law or valid legal process.
- Consent-based sharing: third parties when users have explicitly consented to such sharing.
- Emergency disclosures: limited sharing in urgent circumstances to protect a person’s safety or rights, as permitted by law.
International data transfers
Data may be transferred to service providers located outside Switzerland or the European Economic Area. When transfers occur, VelaYPath applies appropriate safeguards such as standard contractual clauses, reliance on adequacy decisions where available, or other legally recognized measures to protect personal data.
Safeguards include contractual data protection terms, encryption in transit and at rest, and assessment of third-party practices. Specific transfer mechanisms are documented on request for transparency.
Data retention
VelaYPath retains personal data only for as long as necessary to fulfill the purposes described in this policy and to satisfy legal or accounting obligations. Retention periods vary by data category and purpose.
Account and profile data are retained for the duration of the relationship and for a reasonable period after account closure to address potential inquiries, legal disputes or compliance needs.
Communications and support correspondence are retained for operational and training purposes for a defined period consistent with business needs and legal requirements.
Technical logs and diagnostic records are retained for a limited period to support security monitoring and service stability, then anonymized or deleted according to internal rules.
When data is no longer required, VelaYPath takes steps to delete or anonymize records in line with retention schedules, unless retention is required for legal, tax or internal archival purposes.
Security of personal data
VelaYPath implements organizational and technical measures to protect personal data against unauthorized access, alteration, disclosure or destruction. Measures are proportionate to the sensitivity of the data and the risks involved and are reviewed periodically to address evolving threats.
- Access controls: role-based access to systems holding personal data and administrative logging.
- Encryption: use of TLS for data in transit and encryption at rest where appropriate.
- Operational practices: regular backups, patch management, staff training on data handling and incident response procedures.
User rights and how to exercise them
Users may exercise rights related to their personal data by contacting VelaYPath using the details below. Requests will be handled in accordance with applicable law and may require verification of identity.
- Access: obtain a copy of personal data processed by VelaYPath.
- Rectification: request correction of inaccurate or incomplete data.
- Erasure: request deletion where there is no overriding legal or contractual reason to retain the data.
- Restriction and objection: request limits on processing or object to processing based on legitimate interests or direct marketing.
- Data portability: request transfer of certain personal data to another provider in a machine-readable format.
- Right to withdraw consent for processing activities where consent is the legal basis; withdrawal does not affect processing carried out prior to withdrawal.
- Right to lodge a complaint with a competent supervisory authority in Switzerland if you consider that the processing of your personal data infringes applicable data protection laws.
- Right to restrict or object to certain processing activities, including profiling for direct marketing purposes, subject to applicable legal conditions.
Exercising your data subject rights
You may contact VelaYPath to request access, correction, erasure, restriction, portability, objection or withdrawal of consent regarding your personal data. Please provide sufficient information to identify yourself and specify the scope of your request. We will verify your identity before fulfilling any request to protect your information.
VelaYPath aims to respond to routine rights requests within 30 days of receipt. Complex requests or requests requiring additional verification may take longer; we will communicate any extension and the reasons for it.
Marketing communications
VelaYPath may use your contact details to provide information about courses, workshops and newsletters that match your preferences. Marketing communications are based on consent or legitimate interest as permitted by law. Communications will include clear options to manage preferences and to stop receiving marketing materials.
You can unsubscribe from marketing emails using the link provided in each message or by contacting [email protected]. Unsubscribing will stop marketing communications but does not affect transactional messages related to your account or bookings.
Children and data
VelaYPath services are intended for adults. We do not knowingly collect personal data from children under the age of 16. If we become aware that personal data of a minor has been collected without proper consent, we will take steps to delete that information promptly.
Links to third-party sites
Our website or communications may contain links to third-party websites and services. VelaYPath is not responsible for the privacy practices or content of those third parties. We recommend reviewing the privacy notices of any linked sites before providing personal information.
Changes to this privacy notice
VelaYPath may update this privacy notice to reflect changes in practices, legal requirements, or service offerings. Material changes will be published on the website and will show the effective date. Continued use of our services after publication constitutes acceptance of the updated notice.