Privacy Policy

agnesaepli.com Date: February 2026

1. Controller responsible for data processing Agnes Aepli Tschudistrasse 53 9000 St. Gallen Switzerland

Email: info@agnesaepli.com (hereinafter referred to as “we” or “the Controller”)

2. Scope This Privacy Policy applies to the processing of personal data in connection with the use of our website https://agnesaepli.com, the purchase of digital products (e-books, downloads), the booking and delivery of mentoring, coaching and consulting services, as well as any general communication with us.

3. Personal data processed and purposes We process the following categories of personal data for the following purposes:

  • Master data (first name, last name, email address, possibly telephone number, billing address) → Contract performance (purchase of digital products, appointment booking for mentoring), invoicing, communication
  • Payment data (e.g. IBAN for bank transfer; in the case of Stripe: payment information is processed directly by the payment service provider – we do not store card details) → Payment processing
  • Contract and service data (booked appointments, contents of mentoring sessions, notes on your concerns/goals – only with your consent / to the extent necessary for service delivery) → Provision of the coaching/mentoring service
  • Particularly sensitive personal data (e.g. information on health status, emotional stress, trauma – if you voluntarily disclose this during coaching) → Only with your explicit consent and exclusively for the provision of the agreed service
  • Technical data (IP address, browser type, operating system, access times, pages visited) → Ensuring functionality and security of the website, error analysis
  • Marketing data (if you subscribe to the newsletter/updates: email address, date of consent) → Sending information about new products/offers (only with consent)

4. Legal basis for processing

  • Performance of a contract or pre-contractual measures (Art. 31 para. 1 lit. b nFADP)
  • Legitimate interests (Art. 31 para. 1 lit. f nFADP) – e.g. website security, fraud prevention
  • Consent (Art. 31 para. 1 lit. a nFADP) – in particular for particularly sensitive data, newsletter, tracking tools
  • Legal obligations (e.g. accounting / retention obligations)

5. Recipients / disclosure of personal data We only disclose personal data where necessary:

  • Payment service providers (e.g. Stripe) – only the data required for payment processing
  • Video conferencing tool (e.g. Zoom) – name, email for meeting invitation (data partially stored in the USA – see section 7)
  • Hosting provider (e.g. Infomaniak, Hostpoint – Switzerland)
  • IT service providers (support, backup – only to the extent necessary and contractually bound)
  • Authorities – in case of legal obligation or to protect legitimate interests

No disclosure to third parties for advertising purposes without your consent.

6. Storage period We retain personal data only for as long as necessary to fulfil the purpose or as required by statutory retention obligations (e.g. 10 years for accounting documents pursuant to Swiss Code of Obligations). After termination of the contract / upon deletion request, we delete the data unless a retention obligation exists.

7. Transfer of data abroad Some service providers (e.g. Zoom, Stripe, possibly Google services) have servers in the USA or other third countries without an adequate level of data protection. We base such transfers on:

  • Standard contractual clauses (SCC) of the provider
  • Your explicit consent (especially for sensitive data)
  • Other appropriate safeguards pursuant to Art. 16 nFADP

8. Your rights You have the following rights (to the extent the legal requirements are met):

  • Right to information about your data (Art. 25 nFADP)
  • Right to rectification of inaccurate data
  • Right to erasure (right to be forgotten)
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing (based on legitimate interests)
  • Right to withdraw consent (with effect for the future)

Please contact us by email.

You may lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at any time: https://www.edoeb.admin.ch

9. Cookies and similar technologies Our website uses [cookies / local storage / similar technologies – please adapt: essential / analytics / marketing]. Details can be found in our [cookie notice / consent banner – if applicable]. You can configure your browser to block cookies (this may limit functionality).

10. Data security We implement appropriate technical and organisational measures (e.g. SSL encryption, access restrictions, regular updates) to protect your data from unauthorised access, loss or misuse.

11. Changes to this Privacy Policy We reserve the right to amend this policy as necessary (e.g. due to new tools). The current version is always available on the website. We will notify you of material changes by email if appropriate.