Privacy Policy

Last updated: 3 July 2026

This privacy policy explains how personal data is collected and processed when you visit adriandamm.com or contact Adrian Damm Coaching. It is written in plain language: no unnecessary legal filler.

1. Controller

The controller responsible for data processing on this website is:

Adrian Damm
c/o Frey Services
Eggstrasse 14f
8134 Adliswil
Switzerland
info (at) adriandamm.com

2. Scope

This policy applies to adriandamm.com and all its subdomains. It covers data collected through the website, via email contact, and through the booking tool (Calendly) linked from the website. It does not cover third-party websites that may be linked from this site. Those are governed by their own privacy policies.

3. Legal Basis

This website is operated from Switzerland by a Swiss resident. The primary legal framework is the Swiss Federal Act on Data Protection (nDSG / FADP), which entered into force on 1 September 2023.

If you are visiting from the European Economic Area (EEA), the EU General Data Protection Regulation (GDPR) applies to you in parallel. The safeguards described in this policy (lawful basis, retention limits, data subject rights, and transfer mechanisms) are compatible with both frameworks.

Under the nDSG, processing follows the principles of Art. 6 nDSG: lawfulness, good faith, proportionality, and purpose limitation. Swiss law does not require a specific legal basis for private processing. Where the GDPR applies in parallel for visitors in the EEA, we rely on one or more of the following legal bases:

4. Data Categories & Purposes

Data Category Purpose Retention
Server log data
IP address, browser type, operating system, referring URL, pages visited, date and time of access
Ensuring website security, stability, and correct delivery. Collected automatically by AWS CloudFront (CDN) on every page request. 7 days, then automatically deleted. May be retained longer if required for security incident investigation.
Email contact data
Name, email address, message content
Responding to enquiries about coaching services. Deleted 12 months after the last exchange, unless the enquiry led to a coaching engagement (see below).
Calendly booking data
Name, email address, time zone, selected time slot, optional pre-call answers
Scheduling and confirming the free intro call or follow-up sessions via Calendly. Retained in Calendly per Calendly's own retention settings. Booking-related emails retained 12 months after the last session.
Coaching engagement data
Full name, contact details, professional background, career goals, session notes, invoices, payment records
Delivering the coaching service; invoicing; legal record-keeping. Session notes and correspondence: 36 months after coaching ends. Invoices and financial records: 10 years (Swiss accounting obligation under OR Art. 958f).

This website does not use analytics software, advertising trackers, or fingerprinting tools. No cookies are set by this website itself (see Section 7).

5. Service Providers (Processors)

The following third-party services process personal data on behalf of, or in connection with, this website. Each has been selected for its data protection commitments.

Provider Purpose Location Transfer Basis
Amazon Web Services, Inc.
AWS CloudFront (CDN) + S3 (file storage)
Website hosting and delivery. S3 bucket in eu-central-1 (Frankfurt); CloudFront edge locations are global, including USA. USA / Global Swiss-US Data Privacy Framework; AWS Data Processing Addendum (SCC)
Microsoft Ireland Operations Ltd.
Microsoft 365 Business Basic: Exchange Online
Email hosting for info (at) adriandamm.com, adrian (at) adriandamm.com, hello (at) adriandamm.com. Mailbox stored in Microsoft EU data centers under the EU Data Boundary commitment. EU (Ireland / Netherlands) Microsoft Data Processing Addendum (SCC); Microsoft Corp. is Swiss-US DPF-certified for any global infrastructure dependencies
Calendly LLC Appointment booking for the free intro call and coaching sessions. Calendly collects name, email, time zone, and any pre-call answers you provide. USA (Atlanta, GA) Swiss-US Data Privacy Framework; Calendly Data Processing Agreement (SCC)
Microsoft Ireland Operations Ltd.
Microsoft Teams (via Microsoft 365 tenant)
Video and audio calls for coaching sessions (where Teams is used). Not embedded in the website. The link is shared separately per session. Call data is stored in Microsoft EU data centers; meeting media may route via global Microsoft infrastructure during the call. EU primary / Global for media routing Microsoft Data Processing Addendum (SCC); Microsoft Corp. is Swiss-US DPF-certified for global infrastructure dependencies
RealtimeBoard, Inc. dba Miro
Collaborative whiteboards
Visual collaboration boards used in selected coaching sessions (e.g. structured reflection, persona work, future-role visualisation), only when the chosen module requires it. Not embedded on the website; board links are shared separately per session. Miro processes board content, participant names, and cursor activity during the session. USA (San Francisco, CA) / Global sub-processors Swiss-US Data Privacy Framework (Miro is DPF-certified); Miro Data Processing Addendum with Standard Contractual Clauses as fallback

6. International Data Transfers

Several service providers listed above are based in the United States. Switzerland recognises the Swiss-US Data Privacy Framework (Swiss-US DPF), which was approved by the Swiss Federal Council on 15 September 2024. Transfers to DPF-certified US companies are permitted under Art. 16 nDSG without additional safeguards, because the recipient country is deemed to offer an adequate level of data protection.

Where a provider is not DPF-certified, or as a supplementary measure, transfers rely on Standard Contractual Clauses (SCC) approved for use with the nDSG, which contractually oblige the recipient to protect your data to Swiss standards.

You can request information about the specific transfer mechanisms in place by contacting info (at) adriandamm.com.

7. Cookies & Tracking

This website currently sets no cookies of its own and uses no analytics or tracking software. There is no advertising pixel, heatmap tool, or session recording.

Fonts (the DM Sans typeface) are self-hosted from the same origin as the website. No third-party font provider is contacted, no IP address is transmitted to external servers when loading the page.

If cookies or analytics are added to this site in the future, this policy will be updated before they go live.

8. Your Rights

Under the nDSG (Art. 25 ff.) you have the following rights regarding your personal data:

To exercise any of these rights, contact: info (at) adriandamm.com. Requests will be handled within 30 days. No fee is charged for a first request.

9. Supervisory Authority

If you believe your data is being processed unlawfully, you have the right to file a complaint with the Swiss supervisory authority:

Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB)
Federal Data Protection and Information Commissioner
www.edoeb.admin.ch

If you are in the EEA, you may also contact the data protection authority in your country of residence.

10. Data Security

This website is served exclusively over HTTPS (TLS encryption). The underlying infrastructure (AWS S3 + CloudFront) applies encryption at rest and in transit as standard. Access to coaching data and email is protected by multi-factor authentication and strong password policies. The service providers used are contractually required to maintain appropriate technical and organisational security measures (Art. 8 nDSG).

No internet transmission is 100% secure. If you have security concerns about a specific communication, please contact me directly at info (at) adriandamm.com.

11. Changes to This Policy

This policy may be updated from time to time to reflect changes in services, legal requirements, or operational practices. The current version is always available at adriandamm.com/privacypolicy.html. The "Last updated" date at the top of this page indicates when it was last revised. Material changes will be communicated by email to active coaching clients.

This privacy policy is based on the Swiss Federal Act on Data Protection (Bundesgesetz über den Datenschutz, DSG / nDSG), SR 235.1, in force since 1 September 2023.