EN English Flag
Privacy & Data Protection

Privacy Policy

Last updated: January 23, 2026

Personal Data Processing Policy

Art. 13 Reg. (EU) 2016/679 – Art. 19 Federal Act on Data Protection of 25/09/2020

In compliance with Art. 13 of Regulation (EU) 2016/679 ("GDPR") and Art. 19 of the Swiss Federal Act on Data Protection of 25/09/2020 ("FADP"), the following information is provided to users of the websites accessible at www.metodo-ongaro.com and store.metodo-ongaro.com ("Sites") and the Metodo Ongaro® mobile application ("App"), located in the European Union and the Swiss Confederation. This information refers exclusively to processing carried out through these Sites and App, and not through other websites that may be visited via links on the Sites or App, for which each visitor should review the privacy policies provided by the respective data controllers.

DATA CONTROLLER AND CONTACT DETAILS

Ongaro Horizon SAGL
registered office in Vernate, CH-6992, Via Cantonale 108, VAT CHE-478.999.539

email: [email protected]

1. CATEGORIES OF DATA PROCESSED, PURPOSES AND LEGAL BASIS FOR PROCESSING

Contact Requests

Data Processed

first name, last name, email address, personal data possibly included in the message.

Purpose

to respond to user requests submitted through the interaction methods available on the Sites and App, or to the email addresses listed therein (e.g. support requests; requests to receive free content).

Legal Basis

European Users: performance of a contract – Art. 6.1.(b) GDPR.
Swiss Users: conclusion or performance of a contract – Art. 31.2.(a) FADP.

Browsing and Device Data

Data Processed

browsing data and device data (personal data whose transmission is implicit in the use of Internet communication protocols, such as IP addresses or domain names of computers used by users, the time of the request, and other parameters related to the operating system and the user's computing environment).

Purpose

to enable the user to browse the Sites and use the App.

Legal Basis

European Users: performance of a contract – Art. 6.1.(b) GDPR.
Swiss Users: conclusion or performance of a contract – Art. 31.2.(a) FADP.

User Account Registration (Reserved Area)

Data Processed

first name, last name, email address, password.

Purpose

to enable the creation of a personal user account on the Sites and App ("Reserved Area").

Legal Basis

European Users: performance of a contract – Art. 6.1.(b) GDPR.
Swiss Users: conclusion or performance of a contract – Art. 31.2.(a) FADP.

Product Sales and Course Subscriptions

Data Processed

first name, last name, email address, phone number, physical address, credit card or other payment method data.

Purpose

to complete and fulfil the sale of products and/or subscription to courses through the Sites and App.

Legal Basis

European Users: performance of a contract – Art. 6.1.(b) GDPR.
Swiss Users: conclusion or performance of a contract – Art. 31.2.(a) FADP.

"Soul Camp" Program Questionnaire

Data Processed

first name, last name, email, any personal data included in questionnaire responses.

Purpose

to enable completion of the questionnaire for subscribers to the "Soul Camp" program through the Sites and App.

Legal Basis

European Users: performance of a contract – Art. 6.1.(b) GDPR.
Swiss Users: conclusion or performance of a contract – Art. 31.2.(a) FADP.

Course Enrolment Applications

Data Processed

first name, last name, email address, phone number, job title, personal data possibly included in the description of the applicant's motivation to participate in the offered services.

Purpose

to enable submission of applications to enrol in courses through the Sites and App.

Legal Basis

European Users: performance of a contract – Art. 6.1.(b) GDPR.
Swiss Users: conclusion or performance of a contract – Art. 31.2.(a) FADP.

Direct Marketing (Similar Products/Services)

Data Processed

first name, last name, email address.

Purpose

to carry out direct marketing activities by sending communications or material (e.g. via email, newsletter) regarding products/services similar to those the user has subscribed to or requested information about through the Sites and App.

Legal Basis

European Users: legitimate interest – Art. 6.1.(f) GDPR.
Swiss Users: overriding interest of the data controller – Art. 31.1 FADP.

Dispute Management

Data Processed

first name, last name, residential address, contact details, history of the user's activity on the Sites and App.

Purpose

to manage any disputes arising from purchases or bookings made through the Reserved Area.

Legal Basis

European Users: legitimate interest – Art. 6.1.(f) GDPR.
Swiss Users: overriding interest of the data controller – Art. 31.1 FADP.

Newsletter Marketing (including Profiled Marketing)

Data Processed

first name, last name, email address, phone number.

Purpose

to carry out marketing activities by sending newsletters to the user's email address, including potentially profiled marketing.

Legal Basis

European Users: consent – Art. 6.1.(a) GDPR.
Swiss Users: consent – Art. 31.1 FADP.

Accounting Management of Payments

Data Processed

first name, last name, residential address, tax data.

Purpose

the accounting management of payments for products or course enrolments completed through the Sites and App.

Legal Basis

European Users: legal obligation – Art. 6.1.(c) GDPR.
Swiss Users: legal obligation – Art. 31.1 FADP.

2. Sensitive Data Processing through the Reserved Area

Through the Reserved Area, sensitive data (i.e. data concerning health, religious beliefs, trade union membership, sexual preferences, and others listed in Art. 9 GDPR and Art. 5.1.(c) FADP) voluntarily disclosed by the user for the purpose of carrying out interactive coaching activities during streaming events are processed. Such processing is subject to the explicit consent expressed by the data subject in order to access the subscription content of the Reserved Area.

3. MANDATORY NATURE OF DATA PROVISION

Providing data for marketing purposes is optional, so withholding or revoking consent will not affect the ability to browse the Sites and/or use the App or place orders and/or enrolments and/or submit applications. Providing other data is necessary for browsing and/or sending messages and/or completing orders and/or enrolments and/or submitting applications through the Sites and/or App. Failure to provide such data may make it impossible to browse the Sites and/or use the App and/or to process such messages and/or orders and/or enrolments and/or applications.

4. DATA PROCESSING METHODS

Personal data is processed using both paper-based and digital tools in compliance with applicable data protection regulations, and in particular with the appropriate technical and organisational measures referred to in Art. 32.1 GDPR and Art. 8 FADP, and with all precautionary measures that ensure its integrity, confidentiality, and availability.

5. POSSIBLE RECIPIENTS OF PERSONAL DATA

Data may be disclosed to (i) third parties operating, including on behalf of the Controller, for the fulfilment of services related to the purposes described in this policy, including in particular site management and maintenance, promotional activities, sharing of information about the Controller's products and/or services, etc.; (ii) other companies affiliated with the Controller; (iii) the Controller's consultants; (iv) public authorities and bodies where disclosure is mandatory.

Personal data is also processed outside the European Economic Area (EEA) and outside the Swiss Confederation. The Controller undertakes to select reputable providers and to verify their commitment to complying with the provisions of the GDPR and FADP regarding transfers of personal data outside the EEA and the Swiss Confederation.

6. RETENTION PERIOD

Data is retained for a maximum of 10 (ten) years from the date of the last interaction with the user, taking into account the limitation period for any claims arising from the relationship between the Controller and the user, as provided by law. Browsing data will be retained for the technical time necessary to carry out the functions for which it was collected. Sensitive data will be retained for one year from the end of the contractual relationship between the Controller and the user, subject to the right to withdraw consent at any time.

7. PROFILING

First name, last name, email address, phone number, and other personal data of the user may be used to create a user profile and send targeted marketing that may be of greater interest to the user. Such profiling does not produce legal effects on the user.

8. DATA SUBJECT RIGHTS

European Users: at any time, each European User may exercise against the Controller the rights provided by Arts. 15 to 22 GDPR, namely the right to request, by writing an email to [email protected]:

  1. access to personal data;
  2. rectification of personal data;
  3. erasure of personal data (the so-called 'right to be forgotten');
  4. restriction of personal data processing;
  5. data portability;
  6. the right to object to processing;
  7. the right to lodge a complaint with a supervisory authority.

Swiss Users: at any time, each Swiss User may exercise against the Controller the rights provided by Arts. 25, 28 and 32 FADP, namely the right to request, by writing an email to [email protected]:

  1. access to personal data;
  2. delivery or transmission of personal data to another controller;
  3. rectification, deletion or destruction of personal data;
  4. the right to file a complaint with the Federal Data Protection and Information Commissioner (FDPIC).
Request Your Data Rights Contact Support

9. CHANGES TO THIS POLICY

This privacy policy may be updated over time, including in connection with the possible entry into force of new sector regulations, the update or provision of new services, or technological innovations. Changes to the policy take effect upon their publication on the Sites, provided that the Controller may not use previously collected data for purposes beyond those described here without informing the user.