Last updated: 12 May 2026
This Privacy Policy describes how Ayana Consulting Sàrl processes personal data collected through the website ayana.global (the “Website”), in compliance with EU Regulation 2016/679 (“GDPR“) and the Swiss Federal Act on Data Protection (“revFADP“, in force since 1 September 2023).
1. Data Controller
The Data Controller is:
Ayana Consulting Sàrl Registered office: Nyon, Switzerland Business ID: CH-550.1.240.715-3 Email: info@ayana.global Phone: +41 76 455 01 67
For any request regarding the processing of your personal data, please write to info@ayana.global.
2. Categories of data processed
Depending on how you interact with the Website, we collect the following categories of data:
a) Browsing data. Our systems and software procedures collect, during normal operation, certain data whose transmission is implicit in the Internet communication protocols (e.g. IP address, browser type, operating system, pages visited, date and time of the request).
b) Data provided through contact forms. When you complete the “Book a consultation” form or send us a request, we process the identification and contact data you provide (name, surname, email, phone, company, role, message content).
c) Application data (“Join Us”). If you send us your application, we process the personal, contact, professional and educational data contained in your CV and attachments.
d) Cookies and similar technologies. See section 7 below.
We do not knowingly collect special categories of personal data (under Art. 9 GDPR and Art. 5 lit. c revFADP). Please refrain from sharing such data in free-text messages.
3. Purposes and legal bases
| Purpose | Legal basis (GDPR) | revFADP reference |
|---|---|---|
| Responding to contact and consultation requests | Pre-contractual measures (Art. 6(1)(b)) | Art. 31(2)(a) |
| Managing job applications | Pre-contractual measures (Art. 6(1)(b)) and consent for further retention (Art. 6(1)(a)) | Art. 31(2)(a) |
| Operating the Website and providing requested services | Performance of contract / legitimate interest (Art. 6(1)(b) and 6(1)(f)) | Art. 31(2)(a) |
| Website security, fraud and abuse prevention | Legitimate interest (Art. 6(1)(f)) | Art. 31(2)(d) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) | Art. 31(1) |
| Non-essential cookies (statistics, marketing) | Consent (Art. 6(1)(a)) | Consent (Art. 6(6)) |
Providing the data requested in the forms is optional; however, if you do not provide it we will not be able to process your request.
4. Retention period
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, according to the following criteria:
- Contact / consultation requests: up to 24 months from the last interaction, unless a contractual relationship is established (in which case statutory contractual and tax retention periods apply).
- Job applications: up to 24 months from receipt, unless consent is withdrawn earlier.
- Browsing data: no longer than 12 months (except where retention is needed to investigate cybercrime).
- Cookies: for the duration specified in the cookie policy/banner.
- Accounting and tax records: for the period required by applicable Swiss and EU law (typically 10 years).
5. Recipients
Your data may be processed, for the purposes described above, by:
- Authorised personnel of Ayana Consulting Sàrl, duly instructed;
- Service providers acting as Data Processors under Art. 28 GDPR / Art. 9 revFADP, including:
- Website hosting and infrastructure providers;
- Email and productivity tool providers;
- Legal, tax and accounting advisors;
- IT service and Website maintenance providers.
- Public authorities, where required by law.
The up-to-date list of Data Processors is available upon request at info@ayana.global.
Your data will not be disclosed publicly, sold or transferred to third parties for marketing purposes.
6. International data transfers
Ayana Consulting Sàrl is based in Switzerland. As a result of the European Commission’s adequacy decision (Decision 2000/518/EC and subsequent acts) and the corresponding list of countries with adequate data protection adopted by the Swiss Federal Council, transfers between Switzerland and the European Economic Area benefit from mutual adequacy.
Where service providers are located in third countries not offering an adequate level of protection, transfers will be based on appropriate safeguards, such as:
- Standard Contractual Clauses approved by the European Commission and the Swiss FDPIC;
- Binding Corporate Rules (BCRs);
- Other safeguards under Art. 44–49 GDPR and Art. 16–17 revFADP.
A copy of the safeguards in place may be requested at info@ayana.global.
7. Cookies
The Website uses cookies and similar technologies to ensure its proper functioning, remember user preferences and, subject to consent, for statistical and marketing purposes.
The cookie categories used are:
- Functional (always active): required for the technical operation of the Website.
- Preferences: store user choices (e.g. language).
- Statistics: collect aggregated information about how the Website is used.
- Marketing: used to build user profiles and deliver relevant promotional communications.
You can manage your preferences at any time via the cookie banner on the Website or by changing your browser settings.
8. Your rights
As a data subject, you have the right, under Art. 15–22 GDPR and Art. 25–32 revFADP, to:
- Access your personal data and obtain information about its processing;
- Rectify inaccurate or incomplete data;
- Erase your data (“right to be forgotten”), in the cases provided by law;
- Restrict processing;
- Object to processing based on legitimate interest;
- Receive your data in a structured format (data portability);
- Withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal;
- Not be subject to decisions based solely on automated processing producing legal effects.
To exercise your rights, please write to info@ayana.global. We will respond without undue delay and in any case within 30 days of receipt.
9. Right to lodge a complaint
If you believe that your data is being processed in breach of applicable law, you have the right to lodge a complaint with:
- The Swiss Federal Data Protection and Information Commissioner (FDPIC) — Feldeggweg 1, CH-3003 Bern — www.edoeb.admin.ch;
- The Italian Data Protection Authority (Garante) — Piazza Venezia 11, 00187 Rome — www.garanteprivacy.it;
- Or the supervisory authority of the EU/EEA Member State where you habitually reside.
10. Data security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction or disclosure, in line with the state of the art and the requirements of Art. 32 GDPR and Art. 8 revFADP.
11. Changes to this Policy
We reserve the right to update this Privacy Policy to reflect regulatory, organisational or technical changes. Updated versions will be published on this page with the date of the last update. We encourage you to review it periodically.
Ayana Consulting Sàrl — Nyon, Switzerland Business ID: CH-550.1.240.715-3 info@ayana.global — +41 76 455 01 67