top of page

 

PRIVACY NOTICE

Last updated: February 2026

1. Controller and Representative Information

Data Controller:
Go Beyond Project GmbH
Alte Anglikerstrasse 25. 

5610 Wohlen AG
Switzerland
Email: elvira@gobeyond-project.com
Phone: +41 76 286 26 19
Website: www.gobeyond-project.com

As we mainly operate across Switzerland, Hungary, Germany, and other European markets, this Privacy Notice complies with both the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR).

2. Scope and Application

This Privacy Notice applies to:

  • Participants in our Native in Change, Master in Change certification courses and workshops

  • Members of our consultant network and facilitator base

  • Alumni of our programs

  • Visitors to our website and digital platforms

  • Attendees of our keynote speeches and webinars

  • Subscribers to our newsletters and marketing communications

3. What Personal Data We Collect

3.1 For Course Participants and Workshop Attendees:

  • Identity data: Name, professional title

  • Contact information: Email address, phone number, country/city of residence

  • Professional information: Organisation name, job role, industry sector

  • Registration data: Course enrollment details, workshop attendance records, payment history

  • Certification information: CODP (Certified Organisation Design Professional) credentials, assessment results, course completion status

  • Learning materials: Feedback forms, self-assessments (e.g., Work Evolutionist assessments), assignments, and course-related communications

  • Event participation: Attendance at workshops (e.g., Whole Scale Change workshops), webinars, and alumni events

3.2 For Consultant Network and Facilitator Base Members:

  • Professional credentials: CV/resume, qualifications, certifications, work history

  • Expertise information: Areas of specialization, facilitation experience, industry knowledge

  • Availability data: Languages spoken (Hungarian, German, English, etc.), geographic regions served, preferred collaboration models

  • Performance information: Client feedback, project outcomes, testimonials

  • Collaboration records: Co-facilitation arrangements, project assignments

3.3 For All Website Visitors:

  • Technical data: IP address, browser type and version, device type, operating system

  • Usage data: Pages visited, time spent on site, navigation paths, referral sources

  • Cookie data: See Section 12 (Cookies and Tracking Technologies) below

3.4 Sensitive Personal Data:

We generally do not collect sensitive personal data as defined under FADP (religious beliefs, health data, genetic/biometric data, political opinions, trade union membership, administrative/criminal proceedings data). If such data is voluntarily provided by you in course materials or feedback, we process it only with your explicit consent and solely for the purpose of delivering personalised program support.

4. How We Collect Your Data

We collect personal data through:

  • Direct interactions: Course registrations, newsletter sign-ups, contact forms, email communications

  • Website interactions: Cookies and similar tracking technologies

  • Third-party sources: Co-facilitation partners, professional networks (e.g., EODF), LinkedIn connections (with your consent)

  • Event participation: Sign-in sheets at conferences, webinars, workshops

5. Legal Basis for Processing (GDPR) and Justification (FADP)

5.1 Under GDPR (for EU/EEA residents):

  • Contract performance: To deliver courses, workshops, certifications, and consultant services you've registered for

  • Legitimate interests: To communicate with alumni, improve our programs, conduct research, and maintain professional networks—balanced against your privacy rights

  • Consent: For marketing communications, newsletter subscriptions, and testimonial usage (withdrawable at any time)

  • Legal obligations: To comply with tax, accounting, and Swiss corporate law requirements

5.2 Under FADP (for Swiss residents):

The FADP does not require a general legal basis for processing. However, we ensure all processing:

  • Respects your personality and fundamental rights

  • Is transparent and conducted in good faith

  • Is limited to the specified purposes

  • Requires your explicit consent when processing sensitive data or conducting high-risk profiling

 

6. How We Use Your Personal Data

We process your data to:

  • Deliver educational services: Administer courses, forward data to ODC to issue certificates (CODP credentials), provide course materials, facilitate learning experiences

  • Process payments: Handle course fees, early bird pricing (e.g., February 28 deadlines), invoicing

  • Communicate effectively: Send course updates, workshop schedules (e.g., April 14-15 Budapest workshops), program changes, and relevant announcements

  • Build professional communities: Maintain our alumni network (6+ years of participants), develop our facilitator base, connect consultants with opportunities

  • Marketing and outreach: Send newsletters to our subscriber base (430+ subscribers), promote programs through LinkedIn campaigns, announce webinars and events

  • Improve our offerings: Gather feedback, conduct alumni surveys, assess program effectiveness, develop new content

  • Publish content: Create case studies, testimonials, and success stories (with your explicit consent)

  • Legal compliance: Fulfil Swiss tax obligations, maintain corporate records, respond to regulatory inquiries

  • Network development: Facilitate introductions within our consultant network, support co-facilitation partnerships 

 

7. Data Sharing and Recipients

We do not sell or rent your personal data. We share your information only with:

7.1 Service Providers (Data Processors):

  • Email and marketing platforms: For newsletter distribution and marketing campaigns

  • Payment processors: For secure transaction handling

  • Website hosting providers: For platform maintenance

  • Learning management systems: For course delivery and materials access

  • Cloud storage providers: For secure data backup

All service providers are contractually bound to process data only on our instructions and to implement appropriate security measures.

7.2 Co-facilitators and Partners:

  • When you register for co-facilitated programs (e.g., workshops with Lung Anita or Jörg Fontaine), we share only the relevant registration details with co-facilitators

  • With your consent, we may share your credentials with professional organisations (e.g., ODC for CODP verification)

7.3 Professional Networks:

  • Alumni directories (opt-in only)

  • Consultant network listings (with your explicit permission)

7.4 Legal Authorities:

  • When required by Swiss or applicable foreign law

  • To protect our legal rights or prevent fraud

  • In response to valid legal requests from authorities

 

8. International Data Transfers

As Go Beyond Project GmbH operates across Switzerland, Hungary, Germany, and other markets, your data may be transferred internationally:

8.1 Within the EU/EEA:

Transfers within the EU/EEA benefit from GDPR protections.

8.2 To Switzerland:

The European Commission recognizes Switzerland as providing adequate data protection (adequacy decision).

8.3 To Other Countries:

For transfers to countries without an adequacy decision, we ensure protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission and recognized by the Swiss FDPIC

  • Your explicit consent where required

  • Appropriate safeguards as mandated by both FADP and GDPR

 

9. Data Retention

We retain your personal data only as long as necessary:

Data Category Retention Period

Active course participants: Duration of program + 2 years for certification records

Alumni network members: Until you request removal or withdraw consent

Consultant network members: Until you request removal or withdraw consent

Financial/accounting records: 10 years (Swiss legal requirement)

Marketing contacts/newsletter subscribers: Until you unsubscribe or withdraw consent

Website analytics data: Maximum 26 months

After the retention period, data is securely deleted or anonymised.

 

10. Your Rights

You have the following rights regarding your personal data:

10.1 Under Both FADP and GDPR:

  • Right of access: Request a copy of your personal data and information about how it's processed

  • Right to rectification: Correct inaccurate or incomplete data

  • Right to erasure: Request deletion of your data in certain circumstances (e.g., when no longer necessary, consent withdrawn)

  • Right to restriction: Limit processing in certain situations

  • Right to data portability: Receive your data in a structured, machine-readable format (for data provided with consent or for contract performance)

  • Right to object: Object to processing based on legitimate interests, including for direct marketing

10.2 Additional GDPR Rights (EU/EEA residents):

  • Right not to be subject to automated decision-making: We do not use solely automated decision-making or profiling that produces legal or similarly significant effects

10.3 Withdrawal of Consent:

Where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

10.4 How to Exercise Your Rights:

Contact us at [your contact email]. We will respond within:

  • 1 month for GDPR requests (extendable by 2 months for complex requests)

  • 30 days for FADP requests (reasonable timeframe)

 

11. Security Measures

We implement appropriate technical and organisational measures to protect your data:

  • Encryption: SSL/TLS encryption for data transmission; encrypted storage for sensitive data

  • Access controls: Role-based access; password protection; two-factor authentication where available

  • Regular security assessments: Vulnerability testing; security audits

  • Staff training: Data protection training for all team members

  • Vendor management: Confidentiality agreements and data processing agreements with all service providers

  • Privacy by design and default: Security considerations integrated from the planning stage

 

12. Cookies and Tracking Technologies

Our website uses cookies and similar technologies:

12.1 Types of Cookies We Use:

  • Strictly necessary cookies: Essential for website functionality (no consent required)

  • Analytics cookies: To understand how visitors use our site (Google Analytics with IP anonymization)

  • Marketing cookies: To deliver relevant advertisements and measure campaign effectiveness (requires consent)

12.2 Your Cookie Choices:

You can manage cookie preferences through:

  • Our cookie banner (first visit)

  • Browser settings

  • Opt-out tools provided by third-party services

For detailed information, see our separate Cookie Policy.

 

13. Data Breach Notification

13.1 Under FADP:

If a data breach occurs that is likely to result in a high risk to your personality or fundamental rights, we will:

  • Notify the Swiss Federal Data Protection and Information Commissioner (FDPIC) as soon as possible

  • Inform affected individuals if necessary for their protection or if requested by the FDPIC

  • Provide information about the nature of the breach, its consequences, and remedial measures

13.2 Under GDPR:

For breaches affecting EU/EEA residents:

  • We notify the relevant supervisory authority within 72 hours of becoming aware of the breach (where feasible)

  • We inform affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms

 

14. Data Protection Impact Assessments (DPIA)

We conduct DPIAs for processing activities that may result in high risks to your rights and freedoms, particularly when introducing new technologies or processing methods.

 

15. Record of Processing Activities

As required under FADP Article 12, we maintain a record of our processing activities, which is available to the FDPIC upon request.

16. No Obligation for Data Protection Officer

Under FADP, appointment of a Data Protection Officer is optional for private organisations. Go Beyond Project GmbH has not appointed a formal DPO, but data protection inquiries should be directed to elvira@gobeyond-project.com.

17. Children's Privacy

Our services are designed for professionals and adults. We do not knowingly collect data from individuals under 16 years of age. If we become aware of such a collection, we will delete the data promptly.

18. Changes to This Privacy Notice

We may update this Privacy Notice periodically to reflect:

  • Changes in our practices

  • Legal or regulatory requirements

  • New services or features

We will notify you of significant changes through:

  • Email notification to registered users

  • Prominent notice on our website

  • Updated "Last updated" date at the top of this notice

We encourage you to review this notice regularly.

 

19. Contact Us and Exercise Your Rights

For questions, concerns, or to exercise your data protection rights:

Go Beyond Project GmbH

Email: elvira@gobeyond-project.com
Phone: +41 76 286 26 19
Address: Alte Anglikerstrasse 25. , 5610 Wohlen AG, Switzerland

 

20. Supervisory Authorities

If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with:

 

20.1 For Swiss Residents:

Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
CH-3003 Bern, Switzerland
Website: www.edoeb.admin.ch
Email: info@edoeb.admin.ch

 

20.2 For EU/EEA Residents:

You may lodge a complaint with the supervisory authority in your country of residence, place of work, or where an alleged infringement occurred. Find your authority at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

 

20.3 For Hungarian Clients:

National Authority for Data Protection and Freedom of Information (NAIH)
Website: www.naih.hu

Note: This Privacy Notice has been drafted to comply with both Swiss FADP (effective September 1, 2023) and EU GDPR requirements. 

 

bottom of page