PRIVACY POLICY

www.janinehugo.com
Last updated: 28th March 2026

This Cookie Policy explains what cookies are, how this Website (www.janinehugo.com) uses them, what choices you have, and how to manage your preferences. It should be read alongside the Privacy Policy and Terms and Conditions, both accessible in the footer of this Website.

1. Identity and Contact Details of the Data Controller

The data controller responsible for the processing of your personal data in connection with this Website is: 

 

Janine Hugo 

Individual, operating in a personal professional capacity 

Canton Vaud, Switzerland 

Website: www.janinehugo.com 

Contact: via the contact form at www.janinehugo.com 

 

As the controller, I determine the purposes and means of processing personal data collected through this Website. Where processing is carried out by third-party platforms acting as separate or joint controllers — including Coachvox Ltd. in respect of Janine AI — this is identified and explained in the relevant sections below. 

As I am already based in Switzerland, no Swiss representative is required under Article 14 of the revised FADP. Where this Website is accessed by users in the European Union, I process their data in compliance with the GDPR as a controller established in a country that the European Commission has recognised as providing adequate data protection. 

 

2. Scope of This Privacy Policy

This Privacy Policy applies to personal data processed when you: 

  • Visit or browse this Website (www.janinehugo.com); 
  • Submit an enquiry or message via the contact form; 
  • Provide your email address to receive free resources, downloads, or newsletter communications; 
  • Interact with analytics, tracking, or marketing tools operating on this Website; 
  • Click through to linked third-party platforms including Coachvox (for Janine AI) or Amazon (for the book). 

 

This Policy does not govern: 

  • Personal data collected by Coachvox Ltd. when you create an account on or interact with the Janine AI platform. Coachvox processes that data as a controller in its own right, and you are directed to Coachvox’s Privacy Policy at coachvox.ai/privacy/ for full details; 
  • Personal data collected by Amazon in connection with any book purchase. Amazon’s Privacy Notice applies to all transactions on the Amazon platform; 
  • Personal data collected by any other third-party website linked from this Website. 

 

3. Personal Data Collected Through This Website

 collect personal data in the following ways: 

 

3.1 Data You Provide Directly 

When you use the contact form or sign up to receive email communications or free resources, I may collect: 

  • Your full name; 
  • Your email address; 
  • Your professional background or enquiry details, to the extent that you choose to provide this information; 
  • Any other information you voluntarily include in your message or submission. 

You are not obliged to provide this information, but without it I will be unable to respond to your enquiry or deliver the requested resource. 

 

3.2 Data Collected Automatically 

When you visit this Website, certain technical and behavioural data is automatically collected through analytics and tracking tools. This may include: 

  • IP address; 
  • Browser type, version, and language; 
  • Device type and operating system; 
  • Pages visited, time spent on pages, and navigation paths; 
  • Referral source (how you arrived at this Website); 
  • Session recordings and heatmap data (Microsoft Clarity); 
  • Cookie identifiers and consent preferences. 

This data is collected through Google Analytics, Meta Pixel, and Microsoft Clarity. Full details of these tools and your control options are set out in the Cookie Policy and in Section 8 below. 

 

3.3 Data I Do Not Intentionally Collect 

I do not intentionally collect special categories of personal data through this Website, as defined under Article 5 of the Swiss FADP and Article 9 of the GDPR. Special category data includes information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, biometric data, genetic data, data concerning sex life or sexual orientation, and data relating to administrative or criminal proceedings. 

If you voluntarily disclose sensitive information in the content of a message or enquiry, I will handle it with appropriate care and will not use it for any purpose other than responding to your specific communication. 

4. Purposes and Legal Bases for Processing

I process personal data only where there is a lawful basis for doing so. The following table sets out the purposes for which I process your data and the legal basis that applies under both the Swiss FADP and the GDPR: 

 

Responding to enquiries and contact form submissions 

  • Purpose: To receive, review, and respond to messages or service enquiries submitted by you. 
  • Legal basis (GDPR): Article 6(1)(b) — processing necessary to take steps at the request of the data subject prior to entering a contract; Article 6(1)(f) — legitimate interests. 
  • Legal basis (FADP): Legitimate interest in managing business communications. 

 

Email communications, newsletters, and free resource delivery 

  • Purpose: To send you materials you have requested, newsletters, and relevant professional updates. 
  • Legal basis (GDPR): Article 6(1)(a) — consent, freely given and specific, provided at the point of sign-up. 
  • Legal basis (FADP): Consent, which you may withdraw at any time. 

 

Website analytics and performance measurement 

  • Purpose: To understand how visitors use this Website, identify areas for improvement, and ensure the Website performs effectively. 
  • Legal basis (GDPR): Article 6(1)(f) — legitimate interests, balanced against your privacy rights and subject to your cookie consent choices. 
  • Legal basis (FADP): Legitimate interest, conditional on cookie consent. 

 

Marketing and retargeting (Meta Pixel) 

  • Purpose: To measure the effectiveness of any marketing activity and to allow relevant content or advertising to reach users who have expressed interest in my services. 
  • Legal basis (GDPR): Article 6(1)(a) — consent, provided through the cookie consent banner. 
  • Legal basis (FADP): Explicit consent, as required for marketing cookies under Swiss law. 

 

Service improvement and quality assurance 

  • Purpose: To improve the quality of this Website and the services described on it, including reviewing how users engage with linked platforms. 
  • Legal basis (GDPR): Article 6(1)(f) — legitimate interests. 
  • Legal basis (FADP): Legitimate interest. 

 

Compliance with legal obligations 

  • Purpose: To comply with applicable Swiss and EU data protection law, retain records as required, and respond to lawful requests from competent authorities. 
  • Legal basis (GDPR): Article 6(1)(c) — compliance with a legal obligation. 
  • Legal basis (FADP): Legal obligation. 

5. Cookies and Tracking Technologies

This Website uses cookies and similar tracking technologies. Cookies are small text files placed on your device that allow the Website to recognise your browser, remember your preferences, and collect data about your visit. 

 

The following categories of cookies are in use on this Website: 

  • Strictly necessary cookies: Required for the Website to function. These are active by default and do not require your consent. 
  • Analytics cookies (Google Analytics, Microsoft Clarity): Collect anonymised or pseudonymised data about how you use the Website. These are only activated upon your explicit consent. 
  • Marketing cookies (Meta Pixel): Support advertising and retargeting activities. These are only activated upon your explicit consent. 

 

In accordance with the Swiss FADP and the GDPR, I apply a prior opt-in consent standard for all non-essential cookies. When you first visit this Website, a consent banner will be displayed. You may accept all cookies, reject non-essential cookies, or manage your preferences by category. 

You may withdraw or update your consent at any time via the Cookie Settings link in the footer of this Website, or by adjusting your browser settings. Please note that disabling certain cookies may affect how the Website functions. 

For full details on all cookies in use, their providers, duration, and how to manage them, please review the Cookie Policy in the footer of this Website. 

6. Third-Party Data Processors and Controllers

I work with a number of trusted third-party service providers to operate this Website and deliver services. Some of these providers process personal data on my behalf as data processors; others act as independent or joint controllers in their own right. Each is identified below: 

 

6.1 Analytics and Tracking 

  • Google LLC (Google Analytics): Processes website usage data including IP address, pages visited, and session data. Data may be transferred to the United States. Google acts as a data processor. Safeguard: EU Standard Contractual Clauses (SCCs). For Google’s Privacy Policy, visit policies.google.com/privacy. 
  • Microsoft Corporation (Microsoft Clarity): Processes session recording and heatmap data. Data may be transferred to the United States. Microsoft acts as a data processor. Safeguard: SCCs. For Microsoft’s Privacy Statement, visit privacy.microsoft.com. 
  • Meta Platforms Ireland Ltd. (Meta Pixel): Processes data about Website visitors for advertising and retargeting purposes. Meta may act as a joint controller for certain processing activities. Safeguard: SCCs. For Meta’s Privacy Policy, visit facebook.com/privacy/policy. 

 

6.2 Email and Automation 

  • [EMAIL PLATFORM]: Manages email subscriber lists, free resource delivery, and newsletter communications. Processes your name and email address on my behalf as a data processor. Transfer safeguards will be disclosed upon confirmation of the platform. 
  • Zapier Inc.: Provides workflow automation connecting email sign-up forms to subscriber management tools. Processes limited personal data (name, email) in transit. Acts as a data processor. Data may be transferred to the United States. Safeguard: SCCs. For Zapier’s Privacy Policy, visit zapier.com/privacy. 

 

6.3 Coachvox Ltd. — Janine AI 

Coachvox Ltd. operates the platform on which Janine AI is built and hosted. The following data controller and processor roles apply in respect of Janine AI: 

  • Coachvox Ltd. acts as data controller for creator account data (my account and subscription with Coachvox); 
  • Coachvox Ltd. acts as data processor for end-user account data (your name, email, and account details if you create a Janine AI account); 
  • Coachvox Ltd. and I act as joint controllers in respect of chat content — the conversations you have with Janine AI; 
  • Coachvox Ltd. acts as independent controller for its own security logs and platform analytics. 

User data within the Janine AI platform is hosted on Amazon Web Services (AWS) infrastructure, with data stored in the United States and the European Economic Area. International transfers are covered by Standard Contractual Clauses. For full details, please review Coachvox’s Privacy Policy at coachvox.ai/privacy/. 

As joint controller for chat content, my role is limited to reviewing completed conversation transcripts for quality improvement and service enhancement purposes. I do not monitor conversations in real time. 

 

6.4 Amazon 

Amazon acts as an entirely independent controller in respect of any book purchase made through its platform. I have no access to your Amazon account data, payment information, or purchase history. Amazon’s own Privacy Notice governs all data collected in connection with your use of the Amazon platform. 

7. International Data Transfers

Some of the third-party service providers I use are based outside Switzerland and the European Economic Area (EEA), including in the United States. Transfers of your personal data to countries outside Switzerland or the EEA take place only where appropriate safeguards are in place. 

 

The safeguards I rely upon include: 

  • EU Standard Contractual Clauses (SCCs), as approved by the European Commission, which impose contractual obligations on the receiving party to protect your data to a standard equivalent to that required within the EEA; 
  • Where Switzerland is concerned, I rely on transfer mechanisms recognised or accepted under the FADP and, where relevant, on the adequacy status of the recipient country as determined by the Swiss Federal Council. 

 

I note that the Federal Data Protection and Information Commissioner (FDPIC) does not currently recognise the United States as providing an adequate level of data protection equivalent to Swiss standards. Transfers of data to US-based service providers (including Google, Meta, Microsoft, Zapier, and Coachvox’s AWS infrastructure) are therefore made on the basis of SCCs and subject to an assessment of the specific circumstances of each transfer. 

Where you have concerns about international transfers of your data, you may contact me using the details in Section 1 to request further information about the specific safeguards in place. 

 

8. Data Retention

I retain personal data only for as long as is necessary for the purpose for which it was collected, or as required by applicable law. The following retention periods apply as a general guide: 

 

  • Contact form enquiries and correspondence: Retained for a period of three (3) years from the date of last communication, unless a client engagement results, in which case the engagement record retention period applies. 
  • Email subscriber data (newsletters and free resource sign-ups): Retained for as long as you remain subscribed. Upon unsubscribing, your data will be removed from the active subscriber list within thirty (30) days. Suppression records may be retained to honour your opt-out preferences. 
  • Website analytics data (Google Analytics, Microsoft Clarity): Retained in accordance with the data retention settings of each platform. Google Analytics data is retained for a maximum of fourteen (14) months by default. Microsoft Clarity data is retained for up to ninety (90) days. 
  • Cookie consent records: Retained for a period sufficient to demonstrate compliance with consent obligations, typically up to twelve (12) months or until consent is updated. 
  • Legal and compliance records: Retained for the period required under applicable Swiss law. 

 

When personal data is no longer required, I will ensure that it is securely deleted, anonymised, or that its deletion is requested from the relevant third-party processor. Where data is held by third-party processors (including Coachvox, Google, Meta, Microsoft, or Zapier), their own retention policies will also apply. 

9. Data Security

I take the security of your personal data seriously and apply appropriate technical and organisational measures to protect it against unauthorised access, disclosure, alteration, loss, or destruction. These measures include: 

  • Use of reputable, industry-standard third-party platforms with established security certifications and practices; 
  • Encrypted data transmission via HTTPS on this Website; 
  • Restricting access to personal data to those who have a legitimate need to process it; 
  • Regular review of the security practices of key third-party processors. 

 

However, no method of electronic transmission or storage is completely secure. While I take all reasonable steps to protect your personal data, I cannot guarantee absolute security. In the event of a personal data breach that poses a risk to your rights or freedoms, I will take the steps described in Section 18 below. 

10. Your Rights as a Data Subject

Under the Swiss Federal Act on Data Protection (revDSG/FADP) and, where applicable, the EU General Data Protection Regulation (GDPR), you have the following rights in respect of your personal data: 

 

10.1 Right of Access 

You have the right to obtain confirmation as to whether I hold personal data about you, and if so, to receive a copy of that data together with information about how it is being processed. I will respond to access requests within thirty (30) days of receipt. 

 

10.2 Right to Rectification 

You have the right to request the correction of inaccurate or incomplete personal data held about you. I will action valid rectification requests without undue delay. 

 

10.3 Right to Erasure 

You have the right to request the deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you withdraw consent, where you object to processing and there is no overriding legitimate interest, or where the data has been unlawfully processed. This right is subject to any legal obligation I may have to retain certain records. 

 

10.4 Right to Restriction of Processing 

You have the right to request that I restrict the processing of your personal data in certain circumstances — for example, where you contest the accuracy of the data, or where processing is unlawful but you prefer restriction to deletion. 

 

10.5 Right to Data Portability 

Where processing is based on your consent or on a contract, and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that it be transmitted to another controller where technically feasible. 

 

10.6 Right to Object 

You have the right to object at any time to the processing of your personal data where that processing is based on legitimate interests. I will cease processing unless I can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless processing is necessary for the establishment, exercise, or defence of legal claims. 

You have an unconditional right to object to the processing of your personal data for direct marketing purposes. If you exercise this right, I will cease processing for that purpose immediately. 

 

10.7 Right to Withdraw Consent 

Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. To withdraw consent for marketing emails, use the unsubscribe link in any communication or contact me directly. To withdraw cookie consent, use the Cookie Settings tool in the footer of this Website. 

 

10.8 Rights Under the Swiss FADP 

In addition to the rights above, the revised FADP provides Swiss data subjects with the right to request information about automated individual decisions that have a significant impact on them, and to request human review where appropriate. Janine AI is designed as a career support and reflection tool and does not make binding decisions about individuals. Nevertheless, users may at any time request human review of any AI-generated guidance by contacting me directly. 

 

To exercise any of the rights set out in this Section, please contact me via the contact form at www.janinehugo.com. I will respond within thirty (30) days of receiving your request. In some cases, I may need to verify your identity before processing a request. 

11. Janine AI — Privacy Considerations

Janine AI is a career mentoring tool built on the Coachvox platform and accessible via a redirect link from this Website. Because Janine AI involves the processing of personal data entered by users in the course of career coaching conversations, the following additional privacy information is provided: 

 

  • Data entered into Janine AI: Users may input career history, professional goals, personal reflections, CV content, cover letters, and other career-related information into the Janine AI chat interface. This data is processed by Coachvox on its platform infrastructure. 
  • Data storage: User account data and chat transcripts are stored on Coachvox’s infrastructure, hosted on Amazon Web Services in the United States and the EEA. 
  • Joint controller arrangement: As creator of Janine AI, I act as joint controller with Coachvox Ltd. in respect of chat content. My role is to review completed transcripts for quality improvement and service development. I do not access or review conversations in real time. 
  • Sensitive data: The service does not intentionally collect special category personal data. Users should avoid inputting sensitive health, financial, or similarly sensitive personal information unless they are comfortable with such data being stored and processed as described in Coachvox’s Privacy Policy. 
  • Automated processing: Janine AI generates responses automatically using language model technology trained on my proprietary content. Its outputs are for reflective and informational purposes and do not constitute binding professional advice. No automated decision-making with significant legal or similarly significant effect on users is carried out. 
  • User rights for Janine AI data: To exercise rights in relation to data held on the Coachvox platform — including access, deletion, or portability of chat transcripts — please contact Coachvox directly in accordance with their Privacy Policy at coachvox.ai/privacy/. For any concern relating to my role as joint controller, you may also contact me directly. 

12. Legal Basis for Processing — Summary Table

The following summarises the legal bases relied upon for the principal categories of processing carried out in connection with this Website: 

 

Contact form enquiries: Legitimate interests (Article 6(1)(f) GDPR; FADP legitimate interest). 

Email sign-ups and newsletter delivery: Consent (Article 6(1)(a) GDPR; FADP consent). 

Free resource delivery: Consent; performance of a pre-contractual arrangement (Article 6(1)(b) GDPR). 

Analytics cookies (Google Analytics, Microsoft Clarity): Consent and legitimate interests, conditional on cookie consent choices. 

Marketing cookies (Meta Pixel): Consent (Article 6(1)(a) GDPR; FADP explicit consent). 

Compliance with legal obligations: Legal obligation (Article 6(1)(c) GDPR; FADP legal obligation). 

14. Links to Third-Party Websites

This Website contains links to third-party websites and platforms, including Coachvox (for Janine AI) and Amazon (for the book). These third-party websites operate independently and are not covered by this Privacy Policy. 

Once you follow a link to an external site, the privacy practices of that site’s operator will apply to any data you provide. I recommend that you review the privacy notices of any external site before submitting personal data to it. 

I accept no responsibility for the privacy practices of any third-party website linked from this Website. 

15. Automated Decision-Making and Profiling

I do not carry out automated decision-making or profiling through this Website that produces legal effects or similarly significant effects on you. 

Janine AI generates career guidance responses automatically using language model technology. These outputs are reflective and informational in nature. No decision that has a legal, contractual, or similarly significant effect on you is made on the basis of Janine AI outputs alone, whether by me or by the platform. You retain full autonomy over any decisions you make in connection with your career. 

If you have concerns about any AI-generated content you have received through Janine AI, you may contact me directly to request human review. 

16. Swiss FADP — Specific Compliance Provisions

The following provisions address specific requirements of the Swiss Federal Act on Data Protection (revised FADP, in force since 1 September 2023): 

 

16.1 Data Processing Register 

As required under Article 12 of the revised FADP, I maintain an internal register of processing activities describing the categories of data processed, the purposes, the third parties involved, and the safeguards applied to international transfers. SME exemptions may apply where processing presents limited risk, but I maintain this register as a matter of best practice. 

 

16.2 Privacy by Design and Privacy by Default 

In accordance with Article 7 of the revised FADP, I apply the principles of privacy by design and privacy by default. This means that data protection is considered from the outset when new services or processing activities are introduced, and that default settings do not result in more data being collected or shared than is strictly necessary. 

 

16.3 Data Protection Impact Assessment 

A formal Data Protection Impact Assessment (DPIA) is required under the revised FADP where processing is likely to result in a high risk to the fundamental rights of data subjects. Based on the nature, scope, context, and purposes of the processing activities carried out through this Website, I have assessed that no mandatory DPIA is currently required. Processing through this Website is limited in scope, is not high-risk in nature, and does not involve large-scale processing of sensitive data. A proportionate internal risk review has been conducted and documented. 

 

16.4 Swiss Representative 

A Swiss representative is not required under Article 14 of the revised FADP, as I am already based in Switzerland and am subject to Swiss law as a matter of domestic application. This requirement applies to foreign controllers processing Swiss resident data on a large-scale, high-risk basis — a threshold that does not apply here. 

 

16.5 FDPIC as Supervisory Authority 

The competent supervisory authority for data protection matters in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC). The FDPIC’s contact details and further information on your rights under the FADP are available at www.edoeb.admin.ch. 

17. GDPR — Specific Provisions for EU/EEA Users

If you are located in the European Union or the European Economic Area, the following additional provisions apply: 

 

  • Supervisory authority: In addition to your right to contact me directly, you have the right to lodge a complaint with the data protection supervisory authority in your EU member state of residence. A list of EU supervisory authorities is available at edpb.europa.eu. 
  • Adequacy: Switzerland is currently recognised by the European Commission as providing an adequate level of data protection, which means that transfers of personal data from the EU to Switzerland do not require additional safeguards beyond compliance with the GDPR. 
  • Legal bases: All processing of EU user data is carried out on the legal bases set out in Section 4 of this Policy, which align with the requirements of Article 6 (and Article 9 where applicable) of the GDPR. 
  • Data subject rights: All rights set out in Section 10 of this Policy are available to EU users under the GDPR and may be exercised in the same manner described in that Section. 

18. Personal Data Breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, I will: 

  • Take immediate steps to contain the breach and assess its scope and severity; 
  • Notify the Federal Data Protection and Information Commissioner (FDPIC) as required under Article 24 of the revised FADP, where the breach creates a high risk to the personality or fundamental rights of data subjects; 
  • For EU users, notify the competent EU supervisory authority within 72 hours where required under Article 33 of the GDPR; 
  • Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms, providing clear information about the nature of the breach, the likely consequences, and the steps taken or proposed to mitigate it. 

 

If a breach involves data processed by a third-party processor (including Coachvox, Google, Meta, Microsoft, or Zapier), I will liaise with that processor in accordance with our contractual data processing arrangements and applicable law. 

19. Updates to This Privacy Policy

I review and update this Privacy Policy periodically to reflect changes in my data processing activities, changes in applicable law, or changes to the third-party services I use. The “Last updated” date at the top of this page indicates when the most recent version was published. 

Where a change is material — meaning it significantly affects how I process your personal data or the rights available to you — I will take reasonable steps to bring this to your attention, such as by posting a notice on this Website or, where I hold your email address, by notifying you directly. 

Your continued use of this Website after any update constitutes your acknowledgement of the revised Policy. If you do not accept the updated terms, you should discontinue use of this Website and, where applicable, exercise your rights to erasure or restriction as described in Section 10. 

 

20. How to Contact Me and How to Complain

If you have any questions about this Privacy Policy, wish to exercise any of your data subject rights, or have a concern about the way in which I have handled your personal data, please contact me: 

 

Janine Hugo 

Canton Vaud, Switzerland 

Website: www.janinehugo.com 

Contact: via the contact form at www.janinehugo.com 

 

I will acknowledge your request within five (5) working days and will provide a substantive response within thirty (30) days. Where a request is complex or involves a large volume of data, I will notify you of any extension to this timeframe. 

 

If you are not satisfied with my response, or if you consider that your data has been processed unlawfully, you have the right to lodge a complaint with: 

 

For Swiss users: 

Federal Data Protection and Information Commissioner (FDPIC) 

Feldeggweg 1, CH-3003 Bern, Switzerland 

www.edoeb.admin.ch 

 

For EU/EEA users: 

The data protection supervisory authority in your EU member state of habitual residence, place of work, or the place of the alleged infringement. 

A directory of EU supervisory authorities is available at: edpb.europa.eu 

 

 

© 2026 Janine Hugo. All rights reserved. 

Scroll to Top