Home/ Privacy Policy
GDPR · Personal data

Privacy
Policy

We process your personal data with the utmost care and in strict compliance with the General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nLPD).

Last updated: 27 May 2026. This policy applies to the website superhuman-wellness.com and to all services offered by Superhuman Wellness.

1. Data controller

The controller of your personal data is:

Superhuman Wellness (Sàrl being incorporated)
Intended registered office: Rue du Rhône 80, 1204 Geneva, Switzerland
Business identification number (UID): pending attribution
E-mail: contact@superhuman-wellness.ch
Phone: +41 78 312 34 27

2. Data collected

As part of our services, we collect the following categories of data:

2.1 Identification data

Surname, first name, date of birth, postal address, e-mail address, phone number. These data are collected when you contact us, sign up for our services, or create a client account.

2.2 Health data (special categories)

As part of our personalised wellness programmes, we process health and biometric data, including:

  • Biological data: salivary cortisol (samples at Day 0 / Day 42 / Day 84), heart rate variability (HRV via Oura or Whoop wearable)
  • Body composition data: segmental muscle mass, fat mass, cellular hydration
  • Validated questionnaire results: PSS-10 (perceived stress), Karasek (job strain)
  • Medical history and contraindications declared during the initial assessment
  • Data generated during photobiomodulation sessions and other protocol technologies

These data constitute sensitive data within the meaning of Art. 5 let. c nLPD and Art. 9 GDPR. Their collection is preceded by a separate and explicit written consent. These data are stored exclusively in Switzerland (Infomaniak Network SA, Geneva) and are in no case transferred outside Switzerland. Any communication, even anonymised, of these data to third parties for communication or research purposes requires a separate prior written agreement.

2.3 Browsing data

IP address, browser type, pages visited, length of visit, cookie data. This information is collected automatically for statistical purposes and to improve our website.

2.4 Financial data

Payment information (billing details). Credit card data are processed exclusively by our PCI-DSS certified payment provider and are never stored on our servers.

3. Purposes and legal bases of processing

We process your personal data for the following purposes:

Purpose Legal basis
Management of your client file and protocol follow-up Performance of contract (Art. 6(1)(b) GDPR)
Processing of health data for therapeutic purposes Express consent (Art. 9(2)(a) GDPR)
Sending commercial communications and newsletters Consent (Art. 6(1)(a) GDPR)
Invoicing and accounting obligations Legal obligation (Art. 6(1)(c) GDPR)
Improvement of our services and anonymised statistical analysis Legitimate interest (Art. 6(1)(f) GDPR)
Site security and fraud prevention Legitimate interest (Art. 6(1)(f) GDPR)

4. Retention period

We retain your personal data only for the time required to fulfil the purposes for which they were collected:

  • Active client files: for the entire duration of the contractual relationship, then 10 years from the end of the contract (Swiss civil limitation period).
  • Health data: minimum 10 years in accordance with Swiss health legislation (Art. 12 LiMedPr · Federal Act on Medical Devices).
  • Billing data: 10 years in accordance with the Swiss Code of Obligations.
  • Browsing data and cookies: 13 months maximum.
  • Unsuccessful applications: 6 months from the end of the recruitment process.
  • Marketing data (with consent): until consent is withdrawn or after 3 years of inactivity.

5. Data recipients

Your personal data are processed exclusively by authorised Superhuman Wellness staff. They may be transmitted to the following categories of recipients, strictly within the defined purposes:

  • Partner medical team: physicians, nutritionists and therapists involved in your protocol, bound by medical confidentiality.
  • Technical providers: web host (Infomaniak Network SA, Geneva), CRM solution, messaging platform · all signatories of a data-processing agreement compliant with the GDPR.
  • Payment provider: Stripe Inc. or equivalent provider, strictly within the limits of transaction processing.
  • Competent authorities: only upon judicial or legal requisition.

We never sell, rent or transfer your personal data to third parties for commercial purposes.

Some of our providers may be established outside the European Union or Switzerland. In such cases, we ensure that appropriate safeguards are in place (European Commission standard contractual clauses, adequacy decision, etc.) in accordance with Articles 44 to 49 of the GDPR.

6. Your rights

In accordance with the GDPR (EU Regulation 2016/679) and the nLPD (Swiss Federal Act on Data Protection, in force since 1 September 2023), you have the following rights over your personal data:

  • Right of access (Art. 15 GDPR): You can obtain a copy of all personal data we hold about you.
  • Right to rectification (Art. 16 GDPR): You can request the correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17 GDPR): You can request the deletion of your data, unless their retention is necessary to comply with a legal obligation.
  • Right to restriction of processing (Art. 18 GDPR): You can request the temporary suspension of the processing of your data.
  • Right to data portability (Art. 20 GDPR): You can receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21 GDPR): You can object to the processing of your data based on our legitimate interest, in particular for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right not to be subject to automated decision-making: You can request human intervention for any decision concerning you that is based exclusively on automated processing.

To exercise these rights, please send your written request to our Data Protection Officer (DPO) by e-mail to contact@superhuman-wellness.ch or by post to the address listed in section 1. We undertake to respond within one month of receiving your request.

If you believe your rights are not being respected, you may lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland, or with the Commission nationale de l'informatique et des libertés (CNIL) in France.

7. Cookies and trackers

Our site uses cookies and trackers to improve your browsing experience. On your first visit, a banner informs you of their presence and lets you accept or decline them.

We use the following categories of cookies:

  • Strictly necessary cookies: essential to the operation of the site and cannot be declined.
  • Analytics cookies: help us understand how visitors use our site (Google Analytics or anonymised equivalent).
  • Preference cookies: remember your choices (language, display settings).

You can manage and delete cookies through your browser settings at any time.

8. Data security

Superhuman Wellness implements appropriate technical and organisational measures to protect your personal data against any loss, destruction, alteration, unauthorised access or disclosure. These measures include: encryption of data in transit (TLS/SSL) and at rest, strict access controls with two-factor authentication, regular backups, periodic security audits and ongoing staff training. In the event of a data breach likely to result in a risk to your rights and freedoms, we undertake to notify the competent authorities within 72 hours and the data subjects as soon as possible.

9. Contact · Data Protection Officer (DPO)

Our Data Protection Officer is your dedicated point of contact for any question relating to the processing of your personal data:

Data Protection Officer
Superhuman Wellness
Rue du Rhône 80, 1204 Geneva, Switzerland
E-mail: contact@superhuman-wellness.ch
Phone: +41 78 312 34 27
Available Monday to Friday, 9 a.m.–5 p.m.

10. Changes to this policy

Superhuman Wellness reserves the right to amend this privacy policy at any time, in particular to comply with legislative and regulatory developments. Any substantial change will be brought to your attention by e-mail or via a visible notice on our site. We invite you to consult this page regularly. The date of the latest update is shown at the top of the document.