Legal
Privacy Policy
1. Controller
Being Institute GmbH
Neugass 18
9442 Berneck, Switzerland
Email: info@being-institute.ch
For any data protection enquiries, please contact us at the address above.
2. Scope and legal basis
This privacy policy applies to the website www.being-institute.ch and all associated services. It informs you about what personal data we collect, for what purpose, and on what legal basis.
We process personal data in accordance with the Swiss Federal Act on Data Protection (DPA) and, where applicable, the EU General Data Protection Regulation (GDPR).
The legal bases for our data processing are:
- —Consent (Art. 6(1)(a) GDPR / Art. 31(1) DPA): for analytics cookies, marketing tracking, and newsletter signup
- —Performance of a contract (Art. 6(1)(b) GDPR): for processing bookings and payments
- —Legitimate interest (Art. 6(1)(f) GDPR): for technically necessary data processing, security, and website operation
3. Data collected
3.1 Automatically collected data
When you visit our website, the following technical data is automatically collected:
- —IP address (processed anonymously)
- —Browser type and version
- —Operating system
- —Date and time of access
- —Referrer URL (previously visited page)
- —Pages visited and time spent
This data is technically necessary and is not merged with other data sources. Legal basis: legitimate interest.
3.2 Contact form
When you use the contact form, we collect: name, email address, subject, and message. This data is used solely to process your enquiry and is forwarded to us via email (through Resend, see Section 5). Legal basis: legitimate interest / pre-contractual measures.
3.3 Newsletter
When signing up for our newsletter, we collect your email address. Registration uses a double opt-in process (MailerLite). You can unsubscribe at any time via the link in each email. Legal basis: consent.
3.4 Payment data
Payments are processed through Stripe. We do not store any credit card or bank details. Stripe processes your payment data as an independent controller. Legal basis: performance of a contract.
3.5 Appointment booking
For discovery calls, we use Calendly. When booking, your name, email address, and any additional information are transmitted to Calendly. Legal basis: pre-contractual measures.
4. Cookies
Cookies are small text files stored on your device. We distinguish between technically necessary and optional cookies.
4.1 Technically necessary cookies
These cookies are required for the operation of the website and cannot be disabled:
| Cookie | Purpose | Duration |
|---|---|---|
| cookie_consent | Stores your cookie preference | 1 year |
| preferred_lang | Stores your language preference (DE/EN) | 1 year |
4.2 Analytics and marketing cookies
These cookies are only set with your explicit consent (opt-in via the cookie banner):
| Cookie | Service | Purpose | Duration |
|---|---|---|---|
| _ga, _ga_* | Google Analytics | User distinction, usage analysis | 2 years |
| _gid | Google Analytics | User distinction | 24 hrs |
| _clck, _clsk | Microsoft Clarity | Session analysis, heatmaps | 1 year |
| _fbp | Meta Pixel | Browser identification for ad attribution | 90 days |
| _fbc | Meta Pixel | Click identification for Meta ads | 90 days |
4.3 Withdrawal of consent
You can withdraw your consent at any time by adjusting your cookie settings via the cookie banner. To do so, delete the cookie_consent cookie in your browser settings — the banner will reappear on your next visit. Upon rejection, existing analytics and marketing cookies are automatically deleted.
5. Third-party services and processors
We use the following third-party services that process personal data on our behalf or as independent controllers:
5.1 Hosting — Netlify
Provider: Netlify Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA
Purpose: Website hosting and delivery
Data: Technical access data (IP address, browser, timestamp)
Legal basis: Legitimate interest
Privacy policy: netlify.com/privacy
5.2 Database and backend — Supabase
Provider: Supabase Inc., 970 Toa Payoh North #07-04, Singapore 318992
Purpose: Database operations, server-side functions (Edge Functions), image storage
Data: Form contents, newsletter emails (for forwarding), CMS content
Legal basis: Legitimate interest / performance of a contract
Privacy policy: supabase.com/privacy
5.3 Web analytics — Google Analytics
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose: Analysis of user behaviour to improve the website
Data: Pseudonymised usage data, IP address (anonymised), page views, session duration
Measurement ID: G-2K0RC6YBLR
Legal basis: Consent (cookie banner)
Opt-out: Reject via cookie banner or Google Analytics Opt-out Browser Add-on
Privacy policy: policies.google.com/privacy
5.4 Behavioural analytics — Microsoft Clarity
Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA
Purpose: Heatmaps, session recordings, and UX analysis to improve usability
Data: Mouse movements, clicks, scroll behaviour, pseudonymised usage data
Project ID: vy43mpvhg1
Legal basis: Consent (cookie banner)
Privacy policy: privacy.microsoft.com
5.5 Ad tracking — Meta Pixel and Conversions API
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Purpose: Measuring ad effectiveness, building audiences (Custom Audiences, Lookalike Audiences), conversion tracking
Data (Pixel — client-side): Page views, click behaviour, browser ID (_fbp), click ID (_fbc)
Data (Conversions API — server-side): Hashed email address (SHA-256), IP address, user agent, event data (e.g. "Lead" on contact form or newsletter signup). The Conversions API sends data directly from our server to Meta, independent of the browser.
Pixel ID: 812845841208697
Deduplication: The Pixel and Conversions API share a common event ID to prevent double counting.
Limited Data Use: We set the "Limited Data Use" (LDU) flag for users in the EU/Switzerland to restrict data processing by Meta.
Legal basis: Consent (cookie banner). Without consent, neither the Pixel is loaded nor Conversions API events sent.
Privacy policy: facebook.com/privacy/policy
5.6 Newsletter — MailerLite
Provider: UAB MailerLite, J. Basanavičiaus 15, LT-03108 Vilnius, Lithuania
Purpose: Sending newsletters, managing subscriber lists
Data: Email address, open and click rates
Legal basis: Consent (newsletter signup)
Privacy policy: mailerlite.com/legal/privacy-policy
5.7 Email delivery — Resend
Provider: Resend Inc., San Francisco, CA, USA
Purpose: Transactional email delivery (contact form forwarding)
Data: Name, email address, message content
Legal basis: Legitimate interest
Privacy policy: resend.com/legal/privacy-policy
5.8 Payment processing — Stripe
Provider: Stripe Payments Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland
Purpose: Secure processing of online payments (deposits for trainings)
Data: Payment data, name, email address (processed by Stripe as an independent controller)
Legal basis: Performance of a contract
Privacy policy: stripe.com/privacy
5.9 Appointment booking — Calendly
Provider: Calendly LLC, 3423 Piedmont Road NE, Atlanta, GA 30305, USA
Purpose: Online appointment booking for discovery calls
Data: Name, email address, selected time slot
Legal basis: Pre-contractual measures
Privacy policy: calendly.com/privacy
6. International data transfers
Some of the aforementioned service providers are based in the USA or other countries outside Switzerland and the EEA. Data transfers are based on the following safeguards:
- —EU-US Data Privacy Framework: For US providers certified under the DPF (Google, Microsoft, Meta, Stripe)
- —Standard Contractual Clauses (SCC): For providers not certified under the DPF
- —Adequacy decision: For providers in countries with an adequate level of data protection (EU/EEA)
7. Data security
We take appropriate technical and organisational measures to protect your data. All data is transmitted exclusively via encrypted connections (TLS/SSL). Access to personal data is restricted to authorised personnel. Server-side functions use securely stored API keys and secrets.
8. Retention periods
Personal data is only stored for as long as necessary for the respective purpose:
- —Contact enquiries: Until fully processed, then deleted within 6 months
- —Newsletter data: Until unsubscription
- —Payment data: In accordance with statutory retention obligations (10 years)
- —Analytics data: In accordance with the retention policies of the respective providers (see Section 5)
- —Server logs: Max. 30 days
9. Your rights
Under the DPA and GDPR, you have the following rights regarding your personal data:
- —Right of access: You may request information about the data we process about you.
- —Right to rectification: You may request the correction of inaccurate or incomplete data.
- —Right to erasure: You may request the deletion of your data, provided no statutory retention obligations apply.
- —Right to restriction: You may request the restriction of processing of your data.
- —Right to data portability: You may request that we provide your data in a structured, commonly used, and machine-readable format.
- —Right to object: You may object to the processing of your data at any time.
- —Right to withdraw consent: You may withdraw any consent given at any time with effect for the future.
To exercise your rights, please contact: info@being-institute.ch
10. Right to lodge a complaint
You have the right to lodge a complaint with the competent data protection authority:
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
3003 Bern, Switzerland
www.edoeb.admin.ch
If the GDPR applies, you may also contact the data protection authority in your EU/EEA country of residence.
11. Changes to this privacy policy
We reserve the right to amend this privacy policy at any time, particularly in the event of changes to legislation or our services. The current version is always available on our website. In the event of material changes, we will inform you in an appropriate manner.
As of: 19 March 2026