Embreier Sàrl (“Embreier”, “we”, “us”, or “our”) respects your trust and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit embreier.com or any related websites, participate in our programmes, attend sessions, communicate with us, or otherwise interact with our services (collectively, the “Services”).

This Policy also explains your rights and choices regarding your personal data and how to contact us.

Our privacy practices comply with applicable data protection laws, including the Swiss Federal Act on Data Protection (FADP, revised 2023) and, where applicable, the EU General Data Protection Regulation (GDPR).

BY USING THE SERVICES, YOU AGREE TO THIS PRIVACY POLICY. IF YOU DO NOT AGREE, PLEASE DISCONTINUE USE OF THE SERVICES.

Who We Are

Embreier Sàrl
Avenue Edouard-Dapples 28
1006 Lausanne
Switzerland

Embreier Sàrl is the data controller for personal data collected through the Services.
For privacy enquiries, contact: privacy@embreier.com

WHAT OUR PRIVACY POLICY COVERS

This Policy applies when you:

• Access or use our website or digital platforms

• Register for or attend Embreier programmes or sessions

• Communicate with us via email, messaging, forms, or social media

• Purchase, book, or subscribe to any Embreier offering

Third-party services (for example Stripe, PayPal, Google, Meta, LinkedIn, or similar platforms) operate under their own privacy policies. We encourage you to review them.

Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

Identifiers
Name, postal address, email address, phone number, country or region.

Account and Profile Data
Login credentials, enrolments, preferences, participation history.

Child Participation Data (where applicable)
Child’s name, date of birth, allergies or medical alerts, authorised pickup persons, emergency contacts, internal developmental observations.

Commercial Data
Orders, invoices, payment status, transaction metadata (payment details are processed directly by payment providers).

Usage and Device Data
IP address, browser type, device identifiers, operating system, pages visited, time spent, referring URLs, cookies and similar technologies.

Communications
Messages, enquiries, survey responses, testimonials, feedback.

Marketing Data
Consent status, email engagement, event registrations.

Sensitive Data
We only process sensitive personal data where voluntarily provided and with explicit consent (for example wellbeing reflections or health-related alerts necessary for child safety).

We do not knowingly collect personal data from children under 18 through our website. Child data processed within programmes is collected from parents or legal guardians.

How We Collect Data

• Directly from you: forms, enrolments, purchases, surveys, support requests, or communications.

• Automatically: cookies, analytics, logs, and similar technologies.

• From third parties: payment processors, marketing platforms, analytics tools, or public sources.

HOW WE DISCLOSE OR SHARE YOUR PERSONAL INFORMATION

We may disclose personal information in the following circumstances:

Service Providers
We engage trusted third-party providers for website hosting, cloud storage, learning platforms, analytics, payment processing, communications, and operational support. These providers are contractually bound to process data only for authorised purposes and in accordance with applicable data protection laws.

Payment Processors
Payments are processed directly by third-party providers such as Stripe, PayPal, or equivalent services. We do not store full payment card numbers.

Business and Collaboration Partners
We may share limited personal data with partners for co-hosted events, employer pilots, or joint initiatives. Such sharing is limited to what is necessary and governed by contractual safeguards.

Legal and Regulatory Requirements
We may disclose personal data where required by law, court order, or regulatory obligation, or to protect the rights, safety, or integrity of Embreier, participants, or others.

Business Transfers
In the event of a merger, restructuring, or asset transfer, personal data may form part of the transferred assets, subject to continued protection under applicable law.

Aggregated or De-Identified Data
We may share anonymised or aggregated information that does not identify individuals.
We do not sell personal data.

How We Use Personal Information

We process personal data for the following purposes:

• Providing and administering programmes and services

• Managing registrations, enrolments, and participation

• Processing payments and issuing invoices

• Ensuring child safety (including allergy and emergency management)

• Communicating essential service updates

• Responding to enquiries and providing support

• Improving services and user experience

• Conducting research, surveys, and quality evaluation

• Ensuring security, fraud prevention, and system integrity

• Complying with legal, tax, and regulatory obligations

• Sending marketing communications where consent has been provided

We process personal data based on contractual necessity, legitimate interests, legal obligations, or consent, depending on the context.

LINKS TO OTHER SITES AND SOCIAL MEDIA SERVICES

We use cookies and similar technologies to:

• Enable website functionality

• Analyse traffic and usage patterns

• Improve user experience

• Deliver relevant communications

You may manage cookie preferences through our consent banner or browser settings. Disabling certain cookies may affect website functionality.

We honour legally required signals such as Global Privacy Control where applicable.

INTEREST-BASED ADVERTISING

We may use analytics or advertising technologies to display relevant content or information about our Services.

You may opt out of certain personalised advertising through browser settings, device controls, or industry opt-out platforms.

PROTECTING PERSONAL INFORMATION

Personal data is stored on secure systems operated by Embreier or trusted service providers. Access is restricted to authorised individuals subject to confidentiality obligations.

We implement appropriate technical and organisational measures, including encryption, access controls, monitoring, and regular security review.

While we apply strong safeguards, no system can guarantee absolute security.

DATA RETENTION

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, including contractual, legal, accounting, and regulatory requirements.

Accounting and tax data may be retained for up to ten years as required under Swiss law.

After the retention period, data is securely deleted or anonymised.

YOUR RIGHTS

Subject to applicable law, you may have the right to:

• Access your personal data

• Request correction of inaccurate data

• Request deletion of personal data

• Object to certain processing

• Request restriction of processing

• Request data portability

• Withdraw consent at any time where processing is based on consent

To exercise your rights, contact privacy@embreier.com.

You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC).

CROSS-BORDER DATA TRANSFERS

Personal data may be processed in Switzerland, the European Economic Area, the United Kingdom, the United States, or other jurisdictions where our service providers operate.

Where required, we implement recognised safeguards such as Standard Contractual Clauses or equivalent mechanisms under Swiss or EU law.

CHILDREN’S PRIVACY

Our website and online Services are intended for adults. We do not knowingly collect personal data directly from children through our website.

Where children participate in Embreier programmes, personal data is collected from parents or legal guardians for safety, administrative, and programme delivery purposes.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect legal, operational, or technical changes. Updates will be posted on this page with a revised effective date.

Continued use of the Services after updates constitutes acceptance of the revised Policy.

Contact Us

If you have any questions about our privacy or security practices, please send us an email at privacy@embreier.com.