PRIVACY POLICY
Teams Up – Your HR Completely Human
teamsup.ch
Effective date: 1 March 2026 | Last updated: 27 March 2026
Governed by Swiss law (FADP / nDSG)

────────────────────────────────────────────────────────────────

  1. CONTROLLER & CONTACT DETAILS

Data Controller:
Teams Up (Sophie Pommaz)
Switzerland
Website: https://teamsup.ch
E-mail: sophie.pommaz@teams-up.ch

Teams Up (“we”, “us”, “our”) is the controller responsible for the personal data processed through this website and in the course of providing HR consulting and organisational development services. All data protection inquiries should be directed to the contact address above.

The appointment of a formal Data Protection Officer (DPO) is currently voluntary under the Swiss FADP for organisations of our size. For all data protection matters, please contact us directly at the email address provided above.

────────────────────────────────────────────────────────────────

  1. SCOPE & LEGAL FRAMEWORK

This Privacy Policy applies to all personal data collected and processed by Teams Up through:

  • The website teamsup.ch and any subdomains
  • Our HR consulting, coaching, diagnostics, and organisational development services
  • Newsletter subscriptions, contact forms, and other digital interactions

We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP / nDSG), which entered into force on 1 September 2023, together with its implementing ordinances (the Data Protection Ordinance, DPO). Where our services extend to individuals in the European Economic Area, the EU General Data Protection Regulation (GDPR) may also apply, and we apply the higher standard in those cases.

The supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC): www.edoeb.admin.ch

────────────────────────────────────────────────────────────────

  1. PERSONAL DATA WE COLLECT

3.1 Data You Provide Directly

  • Contact inquiries: name, e-mail address, phone number (optional), message content, company name.
  • Newsletter subscription: name, e-mail address, subscription date and consent timestamp.
  • Client engagements: additional professional data relevant to HR consulting mandates (job title, organisational role, qualitative feedback in diagnostics).
  • Coaching & assessment sessions: notes, observations, and feedback relevant to the service delivered, collected only with the explicit agreement of the persons concerned.

3.2 Data Collected Automatically

  • Technical data: IP address (anonymised where possible), browser type and version, operating system, referring URL, pages visited, time and date of access, session duration.
  • Cookies and similar technologies: see Section 5 for full details.

3.3 Data from Third Parties

We may receive professional contact information through LinkedIn or other professional networks if you interact with our content there. We do not purchase personal data lists from third parties.

3.4 Sensitive Data

In the course of HR consulting mandates, we may process data that touches on professional performance, well-being, or interpersonal dynamics. We treat all such information with heightened care. We do not process special categories of sensitive data (health, biometric, religious, or political data) through this website, and only process such data in the context of a specific client mandate where a separate data processing agreement governs the engagement.

────────────────────────────────────────────────────────────────

  1. PURPOSES OF PROCESSING & LEGAL BASES

Responding to contact form inquiries
Data: Name, e-mail, message
Legal basis: Legitimate interest / Pre-contractual steps (Art. 31 FADP)

Delivering HR consulting services
Data: Client professional data
Legal basis: Performance of contract (Art. 31 FADP)

Sending the newsletter
Data: Name, e-mail
Legal basis: Consent (opt-in, Art. 6 FADP)

Website operation & security
Data: IP address, log data
Legal basis: Legitimate interest in IT security (Art. 31 FADP)

Website analytics (aggregated)
Data: Anonymised usage data
Legal basis: Legitimate interest / Consent where applicable

Compliance with legal obligations
Data: Any relevant data
Legal basis: Legal obligation (Art. 31 FADP)

Improving our services and research publications
Data: Anonymised / aggregated feedback
Legal basis: Legitimate interest (Art. 31 FADP)

We collect only the personal data that is necessary for the stated purposes (data minimisation) and configure our systems to protect privacy by default (Privacy by Default and Privacy by Design principles, Art. 7 FADP).

────────────────────────────────────────────────────────────────

  1. COOKIES & TRACKING TECHNOLOGIES

Our website is built on WordPress and uses cookies to ensure basic functionality and, where consent is given, to improve user experience.

5.1 Essential Cookies

These cookies are strictly necessary for the website to function and cannot be disabled. They do not store personally identifiable information. Examples include session cookies used by WordPress and security tokens for contact forms.

5.2 Analytics Cookies

We may use analytics tools to understand how visitors interact with our website. Where such tools use cookies or involve the transfer of data outside Switzerland, we will request your consent before activating them.

Where we use Google Analytics or similar US-based tools, data is transferred to the United States. Because the FDPIC has noted concerns about the adequacy of US data protection, we apply appropriate safeguards (see Section 7).

5.3 Your Cookie Choices

You may accept or decline non-essential cookies through our consent banner when you first visit the website. You can also manage or delete cookies at any time through your browser settings. Withdrawing consent does not affect the lawfulness of processing that took place before the withdrawal.

────────────────────────────────────────────────────────────────

  1. THIRD-PARTY SERVICES & DATA PROCESSORS

We engage the following categories of service providers who may process personal data on our behalf as data processors. We have concluded data processing agreements with each processor and verified that they maintain adequate data protection standards.

Website hosting (WordPress)
Purpose: Hosting, storage of website data
Location: EEA / Switzerland

E-mail service provider
Purpose: Sending newsletters & transactional e-mails
Location: EEA / Switzerland

Analytics provider
Purpose: Aggregated website usage statistics
Location: EEA or USA (with safeguards)

LinkedIn
Purpose: Professional networking & content
Location: USA (with safeguards)

Cloud storage / document tools
Purpose: Internal document management
Location: EEA / Switzerland

We do not sell personal data to third parties. We do not share personal data with advertisers. We may disclose data where required by Swiss law, court order, or to protect the rights and safety of persons concerned.

────────────────────────────────────────────────────────────────

  1. INTERNATIONAL DATA TRANSFERS

Switzerland is recognised by the EU as a country with an adequate level of data protection. Personal data may therefore be transferred between Switzerland and EEA countries without additional formalities.

Where personal data is transferred to countries outside Switzerland that are not on the FDPIC’s list of countries with adequate protection (including, in certain circumstances, the United States), we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission and recognised by the FDPIC
  • Swiss-specific contractual safeguards where required by the FADP
  • Pseudonymisation or anonymisation of data before transfer where feasible

You may request information about the specific safeguards applicable to any given transfer by contacting us at admin@teamsup.ch.

────────────────────────────────────────────────────────────────

  1. RETENTION PERIODS

We retain personal data only for as long as is necessary for the purposes described in this policy, or as required by applicable law.

Contact form inquiries (no engagement): 12 months
Reason: Response and follow-up; deleted if no contract results

Client engagement data: 10 years after end of engagement
Reason: Swiss statutory limitation periods (CO Art. 127)

Newsletter subscribers: Until unsubscription + 30 days
Reason: Proof of consent; deletion after opt-out

Website server logs: 30 days
Reason: IT security and error resolution

Analytics data (aggregated): 26 months
Reason: Trend analysis; anonymised after initial collection

Accounting & invoicing records: 10 years
Reason: Swiss Code of Obligations (Art. 958f CO)

After the applicable retention period, data is securely deleted or irreversibly anonymised.

────────────────────────────────────────────────────────────────

  1. YOUR RIGHTS AS A DATA SUBJECT

Under the Swiss FADP (and the GDPR where applicable), you have the following rights regarding your personal data:

Right of Access (Art. 25 FADP)
You may request confirmation of whether we process your personal data and obtain a copy of it.

Right to Rectification (Art. 32 FADP)
You may request that inaccurate or incomplete personal data be corrected.

Right to Erasure (Art. 32 FADP)
You may request the deletion of your personal data, subject to legal retention obligations.

Right to Restriction
You may request that we restrict the processing of your data in certain circumstances.

Right to Data Portability (Art. 28 FADP)
You may request your data in a structured, machine-readable format for transfer to another controller.

Right to Object
You may object to processing based on legitimate interest. We will assess whether our interests override yours.

Right to Withdraw Consent
Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

Right to Lodge a Complaint
You may lodge a complaint with the FDPIC at www.edoeb.admin.ch.

To exercise any of these rights, please send a written request to admin@teamsup.ch. We will respond within 30 days. We may ask you to verify your identity before fulfilling your request. Exercising your rights is free of charge unless requests are manifestly unfounded or excessive.

────────────────────────────────────────────────────────────────

  1. DATA SECURITY

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or disclosure. These measures include:

  • TLS/HTTPS encryption for all data transmitted via this website
  • Access controls and authentication on internal systems
  • Regular software updates and security patches
  • Limiting access to personal data to personnel who require it for their role
  • Contractual data processing agreements with all processors

In the event of a data security breach that poses a high risk to the rights and freedoms of natural persons, we will notify the relevant data subjects and, where required under the FADP, the FDPIC, as soon as reasonably practicable.

────────────────────────────────────────────────────────────────

  1. CHILDREN

Our website and services are directed at professionals and organisations. We do not knowingly collect personal data from persons under the age of 16. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it without delay.

────────────────────────────────────────────────────────────────

  1. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable law, or our services. The date at the top of this document indicates when the policy was last revised.

Where changes are material, we will inform you by posting a notice on our website or, where we have your e-mail address and the change affects you directly, by sending you an e-mail notification. Continued use of our website after the effective date of changes constitutes acceptance of the updated policy.

────────────────────────────────────────────────────────────────

  1. CONTACT & COMPLAINTS

For all data protection inquiries:

Teams Up (Sophie Pommaz)
Switzerland
E-mail: admin@teamsup.ch
Website: https://teamsup.ch

If you are not satisfied with our response to a data protection request, you have the right to lodge a complaint with the Swiss supervisory authority:

Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1, 3003 Bern, Switzerland
Website: www.edoeb.admin.ch

────────────────────────────────────────────────────────────────

This Privacy Policy is governed by the Swiss Federal Act on Data Protection (FADP / nDSG), in force since 1 September 2023, and its implementing ordinances. It was prepared for informational purposes and should be reviewed by a qualified Swiss legal professional to confirm its adequacy for your specific circumstances.

© 2026 Teams Up – Your HR Completely Human. All rights reserved.