We're a small Swiss studio. We try to keep what we collect about you boring and minimal. This page explains, plainly, what we hold, why, and what you can ask us to do with it.
This policy is written to comply with the Swiss Federal Act on Data Protection (FADP, revised 2023) and, for visitors in the EU/EEA, the EU General Data Protection Regulation (GDPR).
1. Who is the controller
The data controller responsible for personal data on s68pilates.com is:
- Operator
- Leila Baccino, sole proprietor
- Address
- Street, 1200 Geneva, Switzerland
- leila@s68pilates.com
Full operator details are in our imprint.
2. What data we collect
From shop orders
- Name, email, phone, billing & shipping address
- Items purchased, sizes, total amount, currency
- Payment confirmation token (we do not store your full card number — see "Sharing" below)
From class & event bookings
- Name, email, the class or event, date
- Optional: dietary preferences (retreats only)
From the newsletter / waitlist
- Email address (and the source page that sent it)
Automatically (browsing)
- IP address (truncated where possible), browser, device type, time of visit
- Pages viewed, referring page
- Cookie identifiers (see section 9)
3. Why we collect it
- To fulfil your order or booking — process payment, ship the parcel, confirm a class
- To provide customer service — answer your emails, handle returns, resolve issues
- To send you what you signed up for — newsletter, waitlist alert, retreat updates
- To keep the website secure and working — error monitoring, fraud prevention
- To improve the site — aggregate, anonymous usage statistics
- To meet legal obligations — invoice retention, tax
4. Legal basis (for EU/EEA visitors)
- Performance of a contract (GDPR Art. 6(1)(b)) — orders, bookings, returns
- Consent (GDPR Art. 6(1)(a)) — newsletter, non-essential cookies, marketing emails
- Legitimate interests (GDPR Art. 6(1)(f)) — site security, fraud prevention, basic analytics — balanced against your privacy
- Legal obligation (GDPR Art. 6(1)(c)) — invoice retention, tax compliance
5. Who we share it with
We share data only with processors that help us run the business:
| Recipient | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | Ireland / USA |
| Resend | Transactional emails | USA |
| Swiss Post / DHL | Parcel delivery | Switzerland / EU |
| Hosting provider | Website hosting | EU |
| Momence | Class & event bookings | USA |
We do not sell, rent, or trade your personal data to third parties for marketing purposes. Ever.
6. International transfers
Some of our processors are based outside Switzerland or the EU/EEA (notably the USA). When we transfer your data there, we rely on appropriate safeguards: EU Standard Contractual Clauses, the EU-US Data Privacy Framework where the recipient is certified, or your explicit consent.
7. How long we keep it
- Orders & invoices: 10 years (Swiss accounting law, OR Art. 958f)
- Customer service emails: up to 3 years after last contact
- Newsletter: until you unsubscribe
- Class bookings: 2 years after the class
- Web analytics: 14 months in aggregate, longer in fully anonymous form
8. Your rights
Under the Swiss FADP and the EU GDPR you have the right to:
- Ask us what data we hold about you (right of access)
- Have it corrected if it's wrong (right of rectification)
- Have it erased where there's no overriding reason to keep it (right to erasure)
- Restrict or object to certain processing (right to restriction / objection)
- Receive your data in a portable format (right to portability)
- Withdraw consent at any time (without affecting prior lawful processing)
To exercise any of these rights, email leila@s68pilates.com — we'll respond within 30 days.
If you believe we've handled your data badly, you can complain to a supervisory authority — in Switzerland the FDPIC (Federal Data Protection and Information Commissioner); in the EU, the DPA in your country of residence.
9. Cookies & tracking
We use a small set of essential and analytics cookies. Full list, purpose, and durations are in our cookie policy. You can change your consent anytime via the small cookie button in the footer.
10. Changes to this policy
We may update this policy if we add a new processor or change how we use data. The "last updated" date at the top reflects the most recent change. For material changes, we'll notify newsletter subscribers.