Privacy Policy

Data Protection Statement · Cookie Policy · AI Data PracticesLast updated: March 2025 · Version 2.0This Privacy Policy explains how Elevation Leadership (operated by Márcia Ayacaba, in affiliation with ZAMA FLOW SA) collects, uses, stores, and protects your personal data when you visit our website, use our services, complete our assessments, or interact with our AI-supported tools.This Policy forms an integral part of our General Terms and Conditions. It complies with the Swiss Federal Act on Data Protection (FADP), the EU General Data Protection Regulation (GDPR) where applicable, and reflects the transparency and data minimisation principles of the EU AI Act (Regulation (EU) 2024/1689).

1. Who We Are — Controller

The controller responsible for your personal data is: Márcia Ayacaba
Operating as: Elevation Leadership
Affiliated entity: ZAMA FLOW SA, Chemin des Bluets 5, 1009 Pully, Switzerland
Website: elevation.coach
Contact email: marcia@zamaflow.comIf you have any questions about how your data is used, please contact us at the email above. We do not currently have a statutory data protection officer; if required in future, this Policy will be updated.

2. What Data We Collect

2.1 Identity and Contact Data

  • Name, title, email address, phone number;
  • Company or organisation name and role (for corporate clients);
  • Billing and invoicing details.

2.2 Coaching and Programme Data

In the course of your coaching or programme, we may process:

  • Information you share during sessions, intakes, or follow-ups (e.g., goals, challenges, professional context);
  • Completed exercises, reflections, assignments, and feedback forms;
  • Programme progress data (e.g., modules completed, attendance records).

We do not proactively collect medical diagnoses or clinical mental health data. If you choose to share sensitive health-related information, it is treated with strict confidentiality in accordance with coaching ethics and applicable law. Please note that our services do not constitute medical or therapeutic treatment.

2.3 Assessment and Diagnostic Data

When you complete the Stuckness Diagnostic or any other assessment tool:

  • Your responses are used to generate a personalised profile and recommendations;
  • Your email address is captured to deliver your results and, with your consent, to send relevant follow-up communications;
  • Aggregate, anonymised data may be used to improve the accuracy and relevance of the diagnostic tool;
  • Where an AI system is used to generate personalised outputs, this is disclosed in the tool itself.

2.4 AI Interaction Data

If you use any AI-powered feature (e.g., an AI coaching chatbot, AI-generated recommendation, or AI voice/avatar tool):

  • Your inputs to AI tools are processed to generate a relevant response or output;
  • Inputs may be transmitted to third-party AI infrastructure providers (e.g., Anthropic) under appropriate data processing agreements;
  • We do not use your personal coaching data to train third-party AI models without your explicit consent;
  • You should not enter sensitive personal data (e.g., detailed medical information, financial data, or personal details of third parties) into AI chat tools.

2.5 Technical and Usage Data

  • IP address, browser type, device information, operating system;
  • Pages visited, session duration, navigation patterns on our website;
  • Data from cookies and similar technologies (see Section 5).

2.6 Payment Data

Payments are processed via Stripe Payments Europe, Limited (Dublin, Ireland). We do not receive or store your full card number or CVV. We receive only: payment method, transaction outcome, last four digits (if applicable), and a tokenised reference for reconciliation. Stripe's own privacy policy applies to payment processing.

2.7 Corporate and Third-Party Data

For corporate programmes, we may receive data from your employer, co-facilitators, or partner organisations as relevant to delivering agreed services.


3. Why We Use Your Data — Purposes and Legal Bases

3.1 Delivering Services and Performing Our Contract

We use your data to plan and deliver coaching sessions, manage your programme access, process bookings and payments, and communicate with you about your programme.
Legal basis: Performance of a contract; legitimate interest; legal obligation (accounting and tax).

3.2 Diagnostic and Assessment Tools

We use your diagnostic responses to generate your personalised profile and recommendations, and (with consent) to follow up with relevant resources and coaching offers.
Legal basis: Performance of a contract (where assessment is part of a purchased programme); consent (where the diagnostic is used as a standalone lead generation tool).

3.3 AI-Supported Services

Where AI tools are used to generate personalised outputs, recommendations, or coaching support, we process your data to produce and deliver those outputs.
Legal basis: Performance of a contract; legitimate interest; and where required under the EU AI Act, transparency obligations are fulfilled at the point of use.

3.4 Marketing and Communications

We may send you information about our programmes, events, resources, and newsletters where you have opted in, or where permitted by applicable law for existing clients.
Legal basis: Consent (for email marketing); legitimate interest (for existing client communications). You may unsubscribe at any time.

3.5 Website and Platform Operations

We process technical data to ensure the secure and stable operation of our website and digital platforms.
Legal basis: Legitimate interest.

3.6 Legal Compliance and Security

We process and retain data as required by Swiss and applicable foreign law (e.g., tax, accounting), and to protect our rights in the event of a legal claim.
Legal basis: Legal obligation; legitimate interest.


4. How Long We Keep Your Data

We retain your data for as long as necessary for the purpose for which it was collected, or as required by law:

  • Contract and programme data: minimum 10 years after the end of our relationship, in line with Swiss statutory retention periods;
  • Marketing data: retained until you unsubscribe or withdraw consent;
  • Technical and usage data (logs, cookies): typically up to 12 months;
  • AI interaction data: retained as specified in the applicable AI tool's data handling policy, with personal identifiers minimised where possible;
  • Coaching session notes: retained for the duration of the coaching relationship, then anonymised or deleted unless you request otherwise.



5. Cookies and Tracking Technologies

5.1 What We Use

Our website uses cookies and similar technologies. These may include:

  • Necessary cookies: essential for website functionality (e.g., booking flow, security). No consent required.
  • Functional cookies: remember your preferences (e.g., language). Used based on consent or legitimate interest.
  • Analytics cookies: help us understand how visitors use our site. Used based on consent.
  • Marketing/tracking technologies: used to display or measure relevant content. Used based on consent only.

5.2 Managing Your Preferences

You can manage cookie preferences via the cookie banner on our website, your browser settings, or by contacting us directly. Disabling certain cookies may affect the functionality of our website and booking tools.


6. Who We Share Your Data With

We may share your data with:

  • IT and hosting providers (e.g., Infomaniak for website hosting; Go High Level for CRM and marketing automation);
  • Payment processors (Stripe Payments Europe, Limited);
  • AI infrastructure providers (e.g., Anthropic, where AI-powered features are used) — under data processing agreements;
  • Video conferencing tools (e.g., Zoom, Google Meet) — under their applicable terms;
  • Co-facilitators or programme partners, where relevant to your programme delivery;
  • Professional advisors (legal, tax, accounting) bound by confidentiality;
  • Authorities or courts where required by law;
  • Your employer or contracting organisation, for corporate programmes only and as agreed.

We do not sell your personal data to third parties.


7. International Data Transfers

Some of our service providers are based outside Switzerland or the EU/EEA (e.g., AI infrastructure providers in the United States). Where personal data is transferred to countries without an equivalent level of data protection, we apply appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the EU Commission or Swiss FDPIC;
  • Adequacy decisions where available;
  • Data processing agreements with contractual minimum protections.

You may contact us for information about the specific safeguards in place for any international transfer.


8. Your Rights

Subject to applicable law, you have the following rights in relation to your personal data:

  • Right of access: to receive a copy of the personal data we hold about you;
  • Right to rectification: to have inaccurate or incomplete data corrected;
  • Right to deletion: to request deletion of your data where we have no legal obligation to retain it;
  • Right to restriction of processing: to ask us to pause processing under certain circumstances;
  • Right to data portability: to receive your data in a machine-readable format (where applicable under GDPR);
  • Right to object: to object to processing based on legitimate interests, including direct marketing;
  • Right to withdraw consent: you may withdraw consent at any time without affecting the lawfulness of prior processing;
  • Right to human review of AI decisions: where an AI tool has produced an output that materially affects your programme, you have the right to request human review.

To exercise any of these rights, please contact us at marcia@zamaflow.com. We aim to respond within 30 days.You also have the right to lodge a complaint with a supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC). If the GDPR applies, you may also contact the supervisory authority in your EU/EEA country of residence.


9. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • SSL/TLS encryption for data transmitted via our website;
  • Access controls and role-based permissions within our systems;
  • Use of secure, reputable third-party platforms with their own security certifications;
  • Regular review of data security practices;
  • Staff and contractor confidentiality obligations.

No technical measure is entirely foolproof. In the event of a data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority as required by applicable law.


10. Children's Data

Elevation Leadership's coaching services are intended for adults (18+). We do not knowingly collect personal data from children under the age of 16. If you believe a minor has submitted personal data to us, please contact us immediately and we will delete it.


11. Changes to This Policy

We may update this Privacy Policy at any time to reflect changes in our data practices or applicable law. The current version is always published on our website with a "Last updated" date. For significant changes, we will notify existing clients by email or via our platforms.


12. Contact

For any questions about this Privacy Policy or your personal data, please contact:Márcia Ayacaba — Elevation Leadership
Email: marcia@zamaflow.com
Website: elevation.coach
ZAMA FLOW SA, Chemin des Bluets 5, 1009 Pully, SwitzerlandElevation Leadership · elevation.coach · marcia@zamaflow.com
© 2025 Elevation Leadership. All rights reserved.

Search
This website may use cookies and external scripts. More information