Privacy Policy

Website: www.physiomentor.ch
Business Owner: Tomasz Bieś trading as physiomentor.ch 

Last Updated: 22 June 2025
Effective Date: 22 June 2025 

​

1. Introduction and Data Controller

This Privacy Policy explains how physiomentor.ch (Tomasz Bieś) ("we," "us," or "our") collects, uses, and protects your personal information when you visit our website www.physiomentor.ch or use our services.

​

Data Controller:

• Name: Tomasz Bieś

• Business: physiomentor.ch

• Address: Mühledorfstrasse 2A, 3018 Bern, Switzerland

• Email: tommy@physiomentor.ch 

​

This policy complies with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR) for EU residents.

​

2. Information We Collect

2.1 Personal Information You Provide

Account Registration and Service Requests:

• Full name and contact details (email, phone, address)

• Professional information (occupation, experience level)

• Health and fitness information (for personalised coaching, mentoring, training and consulting)

• Payment information (processed securely through third-party providers)

• Communication preferences

• Profile photos or videos (if provided for coaching, mentoring, training and consulting purposes).

Service Delivery Information:

• Session notes and progress tracking

• Goals and objectives

• Assessment results and measurements

• Medical history or conditions relevant to services (with your consent)

• Emergency contact information.

Communication Records:

• Email correspondence

• Chat messages and support tickets

• Phone call records (if recorded, with consent)

• Feedback and survey responses.

2.2 Information Automatically Collected

Website Usage Data:

• IP address and geolocation data

• Browser type and version

• Operating system and device information

• Pages visited and time spent on site

• Referral sources and exit pages

• Date and time of visits.

Technical Information:

• Cookies and similar tracking technologies

• Session data and user preferences

• Error logs and diagnostic information

• Performance and analytics data.

2.3 Information from Third Parties

Payment Processors:

• Transaction confirmations and payment status

• Billing information verification.

Professional References:

• Contact information and professional background (for partnership inquiries).

Social Media Integration:

• Public profile information (if you choose to connect social media accounts).

​

3. Legal Basis for Processing

Under Swiss data protection law, we process your personal information based on:

3.1 Contract Performance

• Delivering coaching, mentoring, and consultancy services

• Processing payments and managing billing

• Providing customer support

• Managing your account and service preferences.

3.2 Legitimate Interest

• Website security and fraud prevention

• Business analytics and service improvement

• Marketing our services to existing clients

• Responding to legal requests and compliance.

3.3 Consent

• Health and medical information processing

• Marketing communications via email or phone

• Recording of sessions (when applicable)

• Use of photos/videos for testimonials or marketing.

3.4 Legal Obligation

• Tax and accounting record keeping

• Compliance with health and safety regulations

• Response to legal requests from authorities.

​

4. How We Use Your Information

4.1 Service Delivery

• Personalised Coaching, Mentoring, Training and Consulting: Tailoring programs to your needs and goals

• Progress Tracking: Monitoring and documenting your development

• Session Management: Scheduling, reminders, and session delivery

• Resource Provision: Providing relevant materials and recommendations.

4.2 Business Operations

• Account Management: Managing your profile and service access

• Payment Processing: Handling transactions and billing

• Customer Support: Responding to inquiries and resolving issues

• Quality Assurance: Improving our services and user experience.

4.3 Communication

• Service Updates: Important information about your services

• Administrative Messages: Billing, scheduling, and account information

• Marketing Communications: Newsletters and promotional content (with consent)

• Surveys and Feedback: Gathering input to improve services.

4.4 Legal and Safety

• Compliance: Meeting legal and regulatory requirements

• Security: Protecting against fraud and unauthorised access

• Safety: Ensuring appropriate care and emergency response capabilities

• Record Keeping: Maintaining required business and professional records.

​

5. Information Sharing and Disclosure

5.1 We Do Not Sell Personal Information

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5.2 Service Providers

We may share information with trusted third-party service providers who assist us in:

• Payment Processing: Secure transaction handling

• Website Hosting: Technical infrastructure and security

• Email Services: Communication and newsletter delivery

• Scheduling Tools: Appointment and calendar management

• Analytics Services: Website performance and user behaviour analysis.

All service providers are contractually obligated to protect your information and use it only for specified purposes.

5.3 Professional Requirements

As a health and wellness professional, we may share information when:

• Medical Emergency: Contacting emergency services or your designated emergency contact

• Professional Consultation: Seeking advice from other qualified professionals (with anonymisation when possible)

• Referrals: Connecting you with other healthcare providers (with your consent).

5.4 Legal Requirements

We may disclose information when required by:

• Swiss or applicable law enforcement

• Court orders or legal proceedings

• Regulatory authorities

• Emergency situations involving safety or legal compliance

5.5 Business Transfers

In the event of a business sale, merger, or acquisition, your information may be transferred to the new entity, subject to the same privacy protections.

​

6. International Data Transfers

6.1 Data Location

Your personal information is primarily stored and processed in Switzerland. Some service providers may process data in other countries.

6.2 Transfer Safeguards

When transferring data internationally, we ensure adequate protection through:

• Adequacy Decisions: Countries with adequate data protection laws

• Standard Contractual Clauses: EU/Swiss approved contract terms

• Certification Programs: Providers with recognised privacy certifications

• Your Consent: Explicit agreement for specific transfers.

6.3 Third-Country Processing

We may use service providers in countries outside Switzerland/EU, including:

• United States: For payment processing and cloud services (with appropriate safeguards)

• Other Countries: Only with adequate protection or your explicit consent.

​

7. Data Retention

7.1 Retention Periods

Active Client Records:

• During the Service Period: For the duration of our professional relationship

• After Service Completion: Up to 7 years for professional liability and tax purposes

• Health Information: In accordance with professional healthcare record retention requirements.

Website and Marketing Data:

• Account Information: Until account deletion or 3 years after last activity

• Marketing Preferences: Until you withdraw consent or 5 years of inactivity

• Website Analytics: Aggregated data retained indefinitely; personal data deleted after 2 years.

Legal and Compliance Records:

• Tax Records: 10 years as required by Swiss law

• Professional Liability: 10 years or as required by professional insurance

• Legal Disputes: Until resolution, plus applicable limitation periods.

7.2 Deletion Criteria

We delete or anonymise personal information when:

• The purpose for processing no longer exists

• You withdraw consent, and no other legal basis applies

• Legal retention periods expire

• You request deletion (subject to legal obligations).

​

8. Your Privacy Rights

8.1 Access Rights

You have the right to:

• Access: Receive a copy of the personal information we hold about you

• Correction: Request correction of inaccurate or incomplete information

• Overview: Understand what information we process and why.

8.2 Control Rights

You can:

• Withdraw Consent: Opt out of consent-based processing at any time

• Object to Processing: Object to processing based on legitimate interest

• Restrict Processing: Limit how we use your information in certain circumstances.

8.3 Data Portability

You have the right to:

• Receive your personal information in a structured, machine-readable format

• Transfer your information to another service provider (where technically feasible).

8.4 Deletion Rights

You can request the deletion of your personal information when:

• It's no longer necessary for the original purpose

• You withdraw consent, and no other legal basis exists

• Information was unlawfully processed

• Legal requirements mandate deletion.

8.5 Limitations

Some rights may be limited by:

• Professional record-keeping obligations

• Legal retention requirements

• Legitimate interests in fraud prevention

• Active legal proceedings.

​

9. Exercising Your Rights

9.1 How to Make Requests

To exercise your privacy rights, contact us at:

• Email: tommy@physiomentor.ch 

• Subject Line: "Privacy Rights Request"

• Include: Your full name, contact information, and specific request

9.2 Identity Verification

We may request additional information to verify your identity before processing requests.

9.3 Response Timeline

We will respond to your requests:

• Acknowledgement: Within 3 business days

• Full Response: Within 30 days (may be extended to 60 days for complex requests)

• Free of Charge: Unless requests are excessive or unfounded.

9.4 Appeals Process

If you're unsatisfied with our response, you can:

• Contact us again with additional information

• File a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC)

• Seek legal remedies through Swiss courts.

​

10. Data Security

10.1 Technical Safeguards

• Encryption: Data encrypted in transit and at rest

• Access Controls: Limited access based on need-to-know principles

• Secure Hosting: Professional-grade hosting with security monitoring

• Regular Updates: Software and security patches are applied promptly.

10.2 Organisational Measures

• Staff Training: Regular privacy and security training

• Access Management: Strict controls on who can access personal information

• Incident Response: Procedures for Handling Potential Data Breaches

• Vendor Management: Security requirements for all service providers.

10.3 Physical Security

• Secure Storage: Physical documents are stored in locked, secure locations

• Device Security: Computers and devices protected with encryption and access controls

• Disposal: Secure destruction of physical and electronic records.

10.4 Breach Notification

In case of a data breach, we will:

• Assess Impact: Evaluate the risk to your rights and freedoms

• Notify Authorities: Report to the Swiss FDPIC within 72 hours if required

• Inform You: Notify affected individuals if there's a high risk to rights and freedoms

• Remediate: Take immediate steps to address the breach and prevent recurrence.

​

11. Cookies and Tracking Technologies

11.1 Types of Cookies We Use

Essential Cookies:

• Session management and authentication

• Security and fraud prevention

• Basic website functionality.

Analytics Cookies:

• Website usage statistics

• Performance monitoring

• User behaviour analysis (anonymised).

Marketing Cookies (with consent):

• Personalised content delivery

• Advertisement effectiveness tracking

• Social media integration.

11.2 Cookie Management

You can control cookies through:

• Browser Settings: Block or delete cookies

• Cookie Preferences: Manage preferences on our website

• Opt-Out Tools: Use industry opt-out mechanisms.

11.3 Third-Party Tracking

We may use third-party services that track across websites:

• Google Analytics: Website performance analysis

• Social Media Pixels: Integration with social platforms

• Payment Processors: Transaction security and fraud prevention.

​

12. Children's Privacy

12.1 Age Restrictions

Our services are intended for adults (18+). We do not knowingly collect personal information from children under 16 without parental consent.

12.2 Parental Consent

If we provide services to minors (16-18), we require:

• Explicit parental or guardian consent

• Ongoing parental involvement in service decisions

• Additional protections for sensitive information.

12.3 Discovery of Children's Data

If we discover we have collected information from children without appropriate consent, we will delete it promptly.

​

13. Changes to This Policy

13.1 Policy Updates

We may update this Privacy Policy to reflect:

• Changes in our business practices

• New legal requirements

• Technology updates

• Feedback from users or regulators.

13.2 Notification of Changes

We will notify you of significant changes through:

• Email: Direct notification to registered users

• Website Notice: Prominent announcement on our website

• Updated Date: Clear indication of when changes take effect.

13.3 Continued Use

Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

​

14. Contact Information

14.1 Privacy Questions

For questions about this Privacy Policy or our data practices:

• Email: tommy@physiomentor.ch 

• Address: Mühledorfstrasse 2A, 3018 Bern, Switzerland

14.2 Data Protection Officer

For complex privacy matters or formal complaints:

• Contact: Same as above

14.3 Regulatory Authority

Swiss Federal Data Protection and Information Commissioner (FDPIC):

• Website: https://www.edoeb.admin.ch

• Email: info@edoeb.admin.ch

• Phone: +41 58 462 43 95​