Privacy Policy

The controller responsible for the processing of your personal data is:

La mesa de Vanessa GmbH/Mesa Yoga

Via Serlas 27, Suite 41, CH 7500 St. Moritz

Email: hello@mesayoga.studio

Phone: +41 79 890 02 38

This Privacy Policy explains how we collect and process personal data when you visit our website, use our online store or booking system, participate in our classes (on‑site and online), subscribe to our newsletter or otherwise interact with Mesa Yoga.

• Website and technical data (e.g. IP address, device and browser type, operating system, referring URLs, pages viewed, access times, approximate location).

• Usage and preference data (e.g. information about how you use our website and Services, classes booked, features used, responses to surveys).

• Account and booking data (e.g. name, contact details, billing address, booked services, attendance history, membership details).

• Payment and transaction data (e.g. payment method, amounts, partial card details as displayed on receipts; full card data is processed only by our payment providers).

• Communication data (e.g. correspondence via email or contact form, notes relating to customer service).

• Marketing and consent data (e.g. newsletter subscriptions, consent to marketing and cookies, opt‑in/opt‑out preferences).

• We receive data directly from you (e.g. when you create an account, make a booking or purchase, contact us, or subscribe to our newsletter).

• We automatically collect certain technical and usage data when you use our website (via cookies and similar technologies).

We may receive limited data from third parties, such as payment providers (payment status), booking or marketing platforms, and social media providers where you interact with our pages or ads.

We process your personal data for the following purposes and on the following legal bases:

Purpose #1: To operate our website, ensure its security and fix errors.

Data: Technical and usage data (e.g. IP address, device information, pages visited).

Legal basis: Our legitimate interests in providing a secure, functional website.

Purpose #2: To process your bookings, memberships and purchases and provide our services.

Data: Contact, account, booking and transaction data.

Legal basis:  Performance of a contract and pre‑contractual measures; legal obligations (e.g. accounting, tax).

Purpose #3: To process payments and prevent fraud.

Data: Payment and transaction data.

Legal basis: Performance of a contract; our legitimate interests in secure payment processing and fraud prevention.

Purpose #4: To communicate with you and handle inquiries.

Data: Contact and communication data.

Legal basis: Performance of a contract or pre‑contractual measures; our legitimate interests in customer care.

Purpose #5: To send newsletters and marketing communications, if you have subscribed.

Data: Contact data, marketing and consent data.

Legal basis: Your consent (you can withdraw it at any time).

Purpose #6: To analyse and improve our services and marketing (e.g. via analytics tools).

Data: Technical, usage and marketing data.

Legal basis: Our legitimate interests in improving our services and marketing; where required, your consent (e.g. for cookies/tracking).

Purpose #7: To comply with legal obligations and enforce our rights.

Data: Any of the above, as necessary.

Legal basis: Legal obligations; our legitimate interests in asserting or defending legal claims.

We use cookies and similar technologies (e.g. pixels) on our website.

Essential cookies are necessary for the provision of the website and cannot be disabled. We use analytics and marketing cookies only with your consent, which you can give or withdraw at any time via our cookie banner or Cookie settings.

We work with selected service providers (such as hosting, booking, payment, analytics and marketing providers) who process personal data on our behalf or as independent controllers. Some of these providers may be located outside Switzerland and the EU/EEA or may process personal data there.

• Website hosting and platform services

• Payment and billing providers

• Booking and email/CRM systems

• Analytics and marketing tools

• Booking/transaction data kept for 10 years for accounting/tax.

• Newsletter data kept until unsubscribe.

• Technical logs kept for a shorter period (14-16 months).

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, misuse, loss and alteration. These measures include, for example, encryption, access controls, regular reviews of our security concepts and limiting access to personal data to those persons who need it to fulfil their tasks.

Under applicable data‑protection law, you have the right to obtain information about the personal data we process about you, to request the correction or deletion of your data, and to request the restriction of processing. You may also have the right to object to certain processing activities and to receive certain data in a structured, commonly used and machine‑readable format. Where we process data based on your consent, you can withdraw this consent at any time with effect for the future. You also have the right to lodge a complaint with the competent data‑protection authority (in Switzerland: the Federal Data Protection and Information Commissioner, FDPIC).

If you have any questions about this Privacy Policy or wish to exercise your data‑protection rights, you can contact us at: 

La mesa de Vanessa GmbH/Mesa Yoga

Via Serlas 27, Suite 41, CH 7500 St. Moritz

Email: hello@mesayoga.studio

Phone: +41 79 890 02 38
Subject: Privacy Policy | data‑protection rights