EN English Flag
Individui
Membership Salute e longevità Video Corsi
Professionisti
Master in Neuro-Coaching and Longevity Science
Aziende
Advisory Speech Retreat Benessere Aziendale
Chi Siamo
La nostra Storia Il Metodo Ongaro Rassegna Stampa
Libri Blog Contatti Log in
Metodo Ongaro

Privacy Policy

 

Personal Data Processing Policy

Art. 13 Reg. (EU) 2016/679 – Art. 19 Federal Act on Data Protection of 25/09/2020

In compliance with Art. 13 of Regulation (EU) 2016/679 ("GDPR") and Art. 19 of the Swiss Federal Act on Data Protection of 25/09/2020 ("FADP"), the following information is provided to users of the websites accessible at www.metodo-ongaro.com and store.metodo-ongaro.com ("Sites") and the Metodo Ongaro® mobile application ("App"), located in the European Union and the Swiss Confederation. This information refers exclusively to processing carried out through these Sites and App, and not through other websites that may be visited via links on the Sites or App, for which each visitor should review the privacy policies provided by the respective data controllers.

DATA CONTROLLER AND CONTACT DETAILS: Ongaro Horizon SAGL, registered office in Vernate, CH-6992, Via Cantonale 108, VAT CHE-478.999.539 – email [email protected].

CATEGORIES OF DATA PROCESSED, PURPOSES AND LEGAL BASIS FOR PROCESSING

Data processed: first name, last name, email address, personal data possibly included in the message.

The purpose is to respond to user requests submitted through the interaction methods available on the Sites and App, or to the email addresses listed therein (e.g. support requests; requests to receive free content).

Legal basis for users located in the European Union ("European Users"): performance of a contract to which the data subject is a party / execution of pre-contractual measures taken at the request of the data subject – Art. 6.1.(b) GDPR.

Legal basis for users located in the Swiss Confederation ("Swiss Users"): conclusion or performance of a contract to which the data subject is a party – Art. 31.2.(a) FADP.

 

Data processed: browsing data and device data (personal data whose transmission is implicit in the use of Internet communication protocols, such as IP addresses or domain names of computers used by users, the time of the request, and other parameters related to the operating system and the user's computing environment).

The purpose is to enable the user to browse the Sites and use the App.

Legal basis for European Users: performance of a contract to which the data subject is a party / execution of pre-contractual measures taken at the request of the data subject – Art. 6.1.(b) GDPR.

Legal basis for Swiss Users: conclusion or performance of a contract to which the data subject is a party – Art. 31.2.(a) FADP.

     

Data processed: first name, last name, email address, password.

The purpose is to enable the creation of a personal user account on the Sites and App ("Reserved Area").

Legal basis for European Users: performance of a contract to which the data subject is a party / execution of pre-contractual measures taken at the request of the data subject – Art. 6.1.(b) GDPR.

Legal basis for Swiss Users: conclusion or performance of a contract to which the data subject is a party – Art. 31.2.(a) FADP.

     

Data processed: first name, last name, email address, phone number, physical address, credit card or other payment method data.

The purpose is to complete and fulfil the sale of products and/or subscription to courses through the Sites and App.

Legal basis for European Users: performance of a contract to which the data subject is a party / execution of pre-contractual measures taken at the request of the data subject – Art. 6.1.(b) GDPR.

Legal basis for Swiss Users: conclusion or performance of a contract to which the data subject is a party – Art. 31.2.(a) FADP.

     

Data processed: first name, last name, email, any personal data included in questionnaire responses.

The purpose is to enable completion of the questionnaire for subscribers to the "Soul Camp" program through the Sites and App.

Legal basis for European Users: performance of a contract to which the data subject is a party / execution of pre-contractual measures taken at the request of the data subject – Art. 6.1.(b) GDPR.

Legal basis for Swiss Users: conclusion or performance of a contract to which the data subject is a party – Art. 31.2.(a) FADP.

     

Data processed: first name, last name, email address, phone number, job title, personal data possibly included in the description of the applicant's motivation to participate in the offered services.

The purpose is to enable submission of applications to enrol in courses through the Sites and App.

Legal basis for European Users: performance of a contract to which the data subject is a party / execution of pre-contractual measures taken at the request of the data subject – Art. 6.1.(b) GDPR.

Legal basis for Swiss Users: conclusion or performance of a contract to which the data subject is a party – Art. 31.2.(a) FADP.

     

Data processed: first name, last name, email address.

The purpose is to carry out direct marketing activities by sending communications or material (e.g. via email, newsletter) regarding products/services similar to those the user has subscribed to or requested information about through the Sites and App.

Legal basis for European Users: legitimate interest of the data controller – Art. 6.1.(f) GDPR. The legitimate interest of the data controller is identified in promoting its business through direct marketing – see Recital 47 GDPR.

Legal basis for Swiss Users: overriding interest of the data controller – Art. 31.1 FADP.

     

Data processed: first name, last name, residential address, contact details, history of the user's activity on the Sites and App.

The purpose is to manage any disputes arising from purchases or bookings made through the Reserved Area.

Legal basis for European Users: legitimate interest of the data controller – Art. 6.1.(f) GDPR. The legitimate interest of the data controller is identified in promoting its business through direct marketing – see Recital 47 GDPR.

Legal basis for Swiss Users: overriding interest of the data controller – Art. 31.1 FADP.

     

Data processed: first name, last name, email address, phone number.

The purpose is to carry out marketing activities by sending newsletters to the user's email address, including potentially profiled marketing.

Legal basis for European Users: consent provided by the user – Art. 6.1.(a) GDPR.

Legal basis for Swiss Users: consent provided by the user – Art. 31.1 FADP.

     

Data processed: first name, last name, residential address, tax data.

The purpose is the accounting management of payments for products or course enrolments completed through the Sites and App.

Legal basis for European Users: legal obligation to which the data controller is subject – Art. 6.1.(c) GDPR.

Legal basis for Swiss Users: legal obligation to which the data controller is subject – Art. 31.1 FADP.

     

Through the Reserved Area, sensitive data (i.e. data concerning health, religious beliefs, trade union membership, sexual preferences, and others listed in Art. 9 GDPR and Art. 5.1.(c) FADP) voluntarily disclosed by the user for the purpose of carrying out interactive coaching activities during streaming events are processed. Such processing is subject to the explicit consent expressed by the data subject in order to access the subscription content of the Reserved Area.

***

MANDATORY NATURE OF DATA PROVISION: providing data for marketing purposes is optional, so withholding or revoking consent will not affect the ability to browse the Sites and/or use the App or place orders and/or enrolments and/or submit applications. Providing other data is necessary for browsing and/or sending messages and/or completing orders and/or enrolments and/or submitting applications through the Sites and/or App. Failure to provide such data may make it impossible to browse the Sites and/or use the App and/or to process such messages and/or orders and/or enrolments and/or applications.

DATA PROCESSING METHODS: personal data is processed using both paper-based and digital tools in compliance with applicable data protection regulations, and in particular with the appropriate technical and organisational measures referred to in Art. 32.1 GDPR and Art. 8 FADP, and with all precautionary measures that ensure its integrity, confidentiality, and availability.

POSSIBLE RECIPIENTS OF PERSONAL DATA: data may be disclosed to (i) third parties operating, including on behalf of the Controller, for the fulfilment of services related to the purposes described in this policy, including in particular site management and maintenance, promotional activities, sharing of information about the Controller's products and/or services, etc.; (ii) other companies affiliated with the Controller; (iii) the Controller's consultants; (iv) public authorities and bodies where disclosure is mandatory.

Personal data is also processed outside the European Economic Area (EEA) and outside the Swiss Confederation. The Controller undertakes to select reputable providers and to verify their commitment to complying with the provisions of the GDPR and FADP regarding transfers of personal data outside the EEA and the Swiss Confederation.

RETENTION PERIOD: data is retained for a maximum of 10 (ten) years from the date of the last interaction with the user, taking into account the limitation period for any claims arising from the relationship between the Controller and the user, as provided by law. Browsing data will be retained for the technical time necessary to carry out the functions for which it was collected. Sensitive data will be retained for one year from the end of the contractual relationship between the Controller and the user, subject to the right to withdraw consent at any time.

PROFILING: first name, last name, email address, phone number, and other personal data of the user may be used to create a user profile and send targeted marketing that may be of greater interest to the user. Such profiling does not produce legal effects on the user.

DATA SUBJECT RIGHTS: at any time, each European User may exercise against the Controller the rights provided by Arts. 15 to 22 GDPR, namely the right to request, by writing an email to [email protected]:

  1. access to personal data, i.e. to know the personal data held by the Controller, the purposes for which they are processed, their origin, and the other information provided under Art. 15 GDPR;
  2. rectification of personal data in case of inaccuracy;
  3. erasure of personal data (the so-called 'right to be forgotten');
  4. restriction of personal data processing, i.e. the right to obtain suspension of processing for the period necessary to verify a request for correction, or in the other cases provided by Art. 18 GDPR;
  5. data portability, i.e. to receive in a structured, commonly used and machine-readable format the personal data – including requesting their direct transfer to another controller (with respect to data processed by automated means);
  6. the right to ask the controller to refrain from processing data pursuant to Art. 6(1)(e) or (f) GDPR (right to object);
  7. the right to lodge a complaint pursuant to Arts. 77 et seq. GDPR with a supervisory authority, which for Italy is the Italian Data Protection Authority (Garante per la protezione dei dati personali). Complaint procedures are described at this link: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.

 

At any time, each Swiss User may exercise against the Controller the rights provided by Arts. 25, 28 and 32 FADP, namely the right to request, by writing an email to [email protected]:

  1. access to personal data, i.e. to know the personal data held by the Controller, the purpose for which they are processed, their origin, and the other information provided under Art. 25 FADP;
  2. delivery of personal data concerning them that they have communicated to the Controller, or their transmission to another data controller, in accordance with Art. 28 FADP;
  3. rectification of personal data in case of inaccuracy, their deletion or destruction, in accordance with Art. 32 FADP;
  4. the right to file a complaint pursuant to Art. 49 FADP with the supervisory authority, where there is sufficient indication that data processing may violate data protection provisions. The supervisory authority for the Swiss Confederation is the Federal Data Protection and Information Commissioner (FDPIC).

 

CHANGES TO THIS POLICY: this privacy policy may be updated over time, including in connection with the possible entry into force of new sector regulations, the update or provision of new services, or technological innovations. Changes to the policy take effect upon their publication on the Sites, provided that the Controller may not use previously collected data for purposes beyond those described here without informing the user.

 

Last updated: January 23, 2026