Co. Defined Request a private call
Legal

Privacy Policy

Co. Defined Sagl · Last updated: 18 July 2026

1. Introduction

This Privacy Policy explains how Co. Defined Sagl ("Co. Defined", "we", "us", or "our") collects, processes, stores, and protects the personal data ("Personal Data") of users of our website www.codefined.co ("Website") and clients who engage our services.

Co. Defined Sagl is a Swiss limited liability company, registered in Switzerland.

This Privacy Policy is issued in compliance with the Swiss Federal Act on Data Protection (nFADP/nDSG), which entered into force on 1 September 2023, and its implementing ordinance (DPO/DSV). To the extent that the General Data Protection Regulation (EU) 2016/679 ("GDPR") applies to the processing of your Personal Data (for example, where we offer services to individuals in the European Economic Area), we also comply with the applicable provisions of the GDPR.

If you do not agree to the terms of this Privacy Policy, you should discontinue use of the Website and our services.


2. Data Controller

The data controller responsible for the processing of your Personal Data is:

Co. Defined Sagl
Switzerland

Email: privacy@codefined.co


3. Data Protection Officer

Co. Defined has appointed a Data Protection Officer (DPO). For any enquiries relating to the processing of your Personal Data or the exercise of your rights, you may contact:

Email: dpo@codefined.co


4. Personal Data We Collect

4.1. Website Visitors

  • Navigation and browsing data: IP address, browser type and version, operating system, device type, language settings, time zone, referring URL, pages visited, and time spent on pages. This data is collected automatically through the operation of the Website.
  • Cookies and similar technologies: See Section 12 (Cookie Policy) below.
  • Contact form data: Name, email address, and the content of any enquiry submitted via the Website.
  • Assessment data: Your responses to structured assessments submitted via ScoreApp, and the email address used to send you your result.
  • Newsletter subscription data: Email address and name (if provided).

4.2. Clients (Service Engagements)

In addition to the data above, when you engage our services we collect:

  • Identity and contact data: Full name, email address, telephone number, and professional title.
  • Professional documents and history: The content of any professional documents or information you provide.
  • Call recordings and transcripts: Audio and video recordings of calls conducted via Google Meet, and the automated transcripts thereof.
  • Questionnaire responses: Your responses to questionnaires submitted via VideoAsk, including any video, audio, or text content.
  • Communications: Messages exchanged via WhatsApp, email, or other channels during the service engagement.
  • Deliverable content: The content of deliverables created for you, which is derived from the data listed above.

4.3. Payment Data

Payment transactions are processed by Stripe, Inc. Co. Defined does not collect, store, or have access to your full credit card number or payment account details. We receive only confirmation of payment, transaction identifiers, and billing information (name and email) from Stripe.


5. Purposes and Legal Bases for Processing

We process your Personal Data for the following purposes and on the following legal bases:

PurposeLegal Basis (nFADP)Legal Basis (GDPR)
Providing access to the WebsiteLegitimate interestLegitimate interest (Art. 6(1)(f))
Responding to enquiries and requestsPerformance of a contract / pre-contractual measuresArt. 6(1)(b)
Delivering assessments and sending resultsPerformance of a contract / pre-contractual measuresArt. 6(1)(b)
Delivering services and creating deliverablesPerformance of a contractArt. 6(1)(b)
Processing Personal Data via AI tools for deliverable creationConsentConsent (Art. 6(1)(a))
Processing payment transactionsPerformance of a contractArt. 6(1)(b)
Recording and transcribing callsConsentConsent (Art. 6(1)(a))
Sending marketing communications and newslettersConsentConsent (Art. 6(1)(a))
Statistical analysis and Website improvementLegitimate interestLegitimate interest (Art. 6(1)(f))
Compliance with legal obligationsLegal obligationArt. 6(1)(c)
Establishing, exercising, or defending legal claimsLegitimate interestLegitimate interest (Art. 6(1)(f))

6. Use of Artificial Intelligence

6.1. Co. Defined uses artificial intelligence ("AI") tools in the creation of client deliverables. Specifically, your Personal Data may be submitted to AI systems for processing.

6.2. The AI services used include those provided by Anthropic, PBC (a company based in the United States). Your data is transmitted to Anthropic's systems for processing and is subject to Anthropic's data handling practices and policies. Data submitted to Anthropic is processed under commercial terms that do not permit its use for training AI models.

6.3. All AI-generated outputs are reviewed, edited, and approved by Co. Defined before being delivered to you. AI is used as an assistive tool; final deliverables reflect human professional judgement.

6.4. By engaging our services and providing your consent, you acknowledge and agree to the processing of your Personal Data by AI tools as described in this section.


7. Recipients and Data Sharing

Your Personal Data may be shared with the following categories of recipients:

  • AI service providers: Anthropic, PBC (United States) for processing data in connection with deliverable creation.
  • Cloud and collaboration services: Google LLC (United States / global) for Google Drive, Google Meet, and Gmail.
  • Questionnaire platform: VideoAsk (Typeform SL, European Union) for collecting questionnaire responses.
  • Assessment platform: ScoreApp (United Kingdom) for delivering structured assessments and results.
  • Payment processor: Stripe, Inc. (United States) for processing payments.
  • Messaging platform: WhatsApp (Meta Platforms, Inc., United States) for asynchronous communications during service delivery.
  • Legal and regulatory authorities: Where required by applicable law or regulation.
  • Professional advisors: Legal, accounting, and other professional advisors, subject to professional confidentiality obligations.

We do not sell your Personal Data to third parties.

Anonymized patterns: Anonymized patterns and case insights drawn from client engagements are only ever discussed or published with the client's explicit agreement.


8. International Data Transfers

Your Personal Data may be transferred to and processed in countries outside of Switzerland and the European Economic Area, including the United States. Where Personal Data is transferred to a country that does not provide an adequate level of data protection, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission and/or recognised under Swiss law;
  • The data recipient's participation in recognised certification frameworks;
  • Any other lawful transfer mechanism under applicable data protection law.

You may request a copy of the applicable safeguards by contacting us at privacy@codefined.co.


9. Data Retention

We retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

Data CategoryRetention Period
Client service data (transcripts, questionnaire responses, deliverables)Duration of the service engagement plus 12 months, or earlier upon your request
Google Drive shared folder accessRemoved at Co. Defined's discretion after conclusion of service
Assessment responses and results12 months from submission, unless a service engagement follows
Financial and billing records10 years (as required by Swiss commercial law, Art. 958f CO)
Marketing and newsletter dataUntil you withdraw your consent
Website navigation and browsing data12 months
Contact form enquiries12 months from the date of enquiry, unless a service engagement follows

After the applicable retention period, Personal Data is securely deleted or anonymised.


10. Your Rights

Under the nFADP (and, where applicable, the GDPR), you have the following rights in relation to your Personal Data:

  • Right of access: You may request confirmation of whether we process your Personal Data and, if so, request access to such data.
  • Right to rectification: You may request the correction of inaccurate or incomplete Personal Data.
  • Right to erasure: You may request the deletion of your Personal Data where the processing is no longer necessary or where you withdraw your consent, subject to any legal retention obligations.
  • Right to restriction of processing: You may request the restriction of processing where the accuracy of the data is contested, or where the processing is unlawful.
  • Right to data portability: You may request to receive your Personal Data in a structured, commonly used, and machine-readable format.
  • Right to object: You may object to the processing of your Personal Data where the processing is based on legitimate interests, including for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw such consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us at:

Email: privacy@codefined.co

We will respond to your request within 30 days.


11. Right to Lodge a Complaint

If you believe that the processing of your Personal Data infringes applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority:

In Switzerland:
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
3003 Bern
Switzerland
Website: www.edoeb.admin.ch

In the EU/EEA:
You may lodge a complaint with the supervisory authority in the EU/EEA Member State of your habitual residence, place of work, or place of the alleged infringement.


12. Cookie Policy

12.1. The Website uses cookies and similar technologies. Cookies are small text files placed on your device when you visit the Website.

12.2. Types of cookies used:

  • Strictly necessary cookies: Required for the operation of the Website. These cannot be disabled.
  • Analytics cookies: Used to collect information about how visitors use the Website. This data is aggregated and anonymised.
  • Third-party cookies: Certain third-party services integrated into the Website may place their own cookies on your device.

12.3. Managing cookies: You may control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the Website.

12.4. For further details on the specific cookies used, please contact us at privacy@codefined.co.


13. Data Security

We implement appropriate technical and organisational measures to protect your Personal Data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit, access controls, and regular review of our security practices.

However, no method of transmission over the internet or method of electronic storage is entirely secure. While we strive to protect your Personal Data, we cannot guarantee its absolute security.


14. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your personality or fundamental rights, we will:

  • Notify the Federal Data Protection and Information Commissioner (FDPIC) as soon as possible, and in any event within 72 hours of becoming aware of the breach;
  • Notify affected data subjects without undue delay where required by applicable law;
  • Document the nature of the breach, the likely consequences, and the measures taken to address it.

15. Third-Party Links

The Website may contain links to third-party websites, platforms, and services. These third-party services operate independently from Co. Defined and have their own privacy policies. We are not responsible for the privacy practices or content of any third-party service.


16. Children's Data

Our services are not directed at individuals under the age of 18. We do not knowingly collect Personal Data from children. If you believe we have inadvertently collected data from a minor, please contact us at privacy@codefined.co and we will promptly delete such data.


17. Applicable Law and Jurisdiction

This Privacy Policy and all matters relating to the processing of your Personal Data shall be governed by Swiss law, in particular the Swiss Federal Act on Data Protection (nFADP/nDSG).

Any dispute arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Lugano, Canton of Ticino, Switzerland.


18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The most current version will be posted on the Website with the "Last updated" date. Your continued use of the Website or our services after any changes constitutes your acceptance of the revised Privacy Policy.


19. Contact

For any questions regarding this Privacy Policy or the processing of your Personal Data, please contact:

Co. Defined Sagl
Switzerland

Email: privacy@codefined.co
DPO: dpo@codefined.co

Co. Defined

Private strategic advisory. By referral and inquiry.

Terms Privacy Email Contact
© Co. Defined 2026 Private by design