Legal
Privacy Policy
How MyEntourage Sàrl (SuperMe) collects, uses, and protects your personal data. GDPR, Swiss nLPD and UK GDPR compliant.
Contents
Data Controller
The entity responsible for processing your personal data (the “data controller”) is:
We process personal data in accordance with the EU General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (nLPD/revFADP) and the UK GDPR. This policy explains what we collect, why, on what legal basis, and the rights available to you.
Data Collected
2.1 User data
2.2 Expert data
2.3 Data we never collect
We do not collect or store:
Legal Bases and Purposes
SPECIFIC CONSENT — HEALTH DATA (ART. 9 GDPR)
Any health-related information you choose to share is special-category data. We process it only on the basis of your explicit consent, solely to enable your expert to support you. You may withdraw this consent at any time, after which we stop processing it and delete it unless retention is legally required.
Sub-processors and Recipients
International Data Transfers
5.1 Transfers to the United States
Where data is transferred to providers in the USA, we rely on the EU Standard Contractual Clauses (SCCs), certification under the EU–US Data Privacy Framework (DPF) where available, and Transfer Impact Assessments (TIAs) to confirm an adequate level of protection.
5.2 Swiss users
For users in Switzerland, transfers comply with the revised Federal Act on Data Protection (revFADP), using the Swiss addendum to the SCCs where required.
5.3 UK users
For users in the United Kingdom, transfers are made under the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the SCCs, consistent with ICO guidance.
Retention Periods
Your Rights
Subject to the conditions in applicable data protection law, you have the following rights over your personal data:
Right of access (Art. 15 GDPR)
Obtain confirmation of whether we process your data and a copy of it, together with information about the processing.
Right to rectification (Art. 16 GDPR)
Have inaccurate or incomplete personal data corrected without undue delay.
Right to erasure (Art. 17 GDPR)
Request deletion of your data where there is no overriding legal ground for us to keep it.
Right to restriction (Art. 18 GDPR)
Ask us to limit how we use your data while a request or objection is being resolved.
Right to portability (Art. 20 GDPR)
Receive the data you provided in a structured, machine-readable format, or have it sent to another controller.
Right to object (Art. 21 GDPR)
Object to processing based on our legitimate interests, including profiling, and to direct marketing at any time.
Right to withdraw consent (Art. 7 GDPR)
Withdraw any consent you have given (including for health data) at any time, without affecting prior lawful processing.
Rights re: automated decisions (Art. 22 GDPR)
Request human review of, express your view on, and contest any decision based solely on automated processing.
7.1 How to exercise your rights
7.2 Supervisory authorities
You may lodge a complaint with your local authority:
Data Security
8.1 Technical measures
8.2 Organisational measures
8.3 Breach notification
In the event of a personal data breach likely to result in a risk to your rights, we notify the competent supervisory authority within 72 hours and inform affected individuals without undue delay where the risk is high.
Cookies and Tracking
Protection of Minors
SuperMe is intended for adults aged 18 and over. We do not knowingly collect data from minors. If we become aware that we have collected personal data from a person under 18, we delete it promptly. If you believe a minor has provided us data, please contact support@mysuperme.com.
Automated Decision-Making
We use an algorithm to suggest experts who best fit your goals, preferences and assessment answers. This matching supports — but does not replace — your choice: the suggested matches are recommendations, and you decide whom to book.
Matches are subject to human validation, and no decision producing legal or similarly significant effects is taken solely by automated means. You may request human review of, express your view on, and contest a match at any time.
Session Confidentiality
All experts are bound by strict confidentiality obligations regarding anything shared during a session. Sessions are never recorded without your explicit, prior consent. Information shared with an expert is used only to support you and is not disclosed to third parties except as described in this policy or required by law.
Changes to this Policy
We may update this policy from time to time. Where changes are material, we give at least 30 days’ notice by email or in-app before they take effect.
Contact and Complaints
Expert-Specific Provisions
15.1 Expert-specific processing
15.2 Public profile
An expert’s professional profile (name, title, biography, photograph, ratings) is displayed publicly to help users choose. Experts may request changes to their profile at any time.
15.3 Marketing use of name and image
We use an expert’s name and image to promote the platform only with their consent, which can be withdrawn for future use.
15.4 Performance data
Performance metrics and reviews are processed to maintain service quality. Experts may challenge inaccurate performance data and request correction.
15.5 KYC verification
We verify experts’ identity and qualifications (KYC) to protect users; verification documents are retained as set out in Section 6.
15.6 Termination data
15.7 GDPR rights for experts
Experts hold the same data protection rights set out in Section 7 and may exercise them using the same methods.
Last updated: 1 April 2026 · Version 2.0
© 2026 MyEntourage Sàrl. All rights reserved.