Privacy Policy

Last Updated: March 10, 2026

1. Introduction

At Talpa & Co. ("we," "us," or "our"), your privacy is important to us. As a data controller under the General Data Protection Regulation (GDPR), we are committed to protecting your personal data and being transparent about how we collect, use, and store it.

This Privacy Policy applies to all clients, including participants in our Lead As You Are (LAYA) Premium coaching program, Group Coaching programs, and Coach As You Are (CAYA) Group Supervision program, as well as visitors to our website www.talpaco.com.

By engaging with our services or using our website, you acknowledge the practices described in this Privacy Policy.

2. Information We Collect

We collect and store the following types of information:

Type of Data

Examples

Purpose

Personal Data

Name, email, phone number, billing address, payment details

To administer coaching agreements, schedule sessions, and fulfill legal obligations

Coaching Data

Signed program documents, session dates, brief notes on session themes or focus

To maintain professional records, track progress, and deliver personalized coaching

Technical Data

IP address, browser type, device information, cookies

To improve website functionality and user experience

Communication Data

Emails (administrative and session-related), scheduling information

To coordinate sessions and respond to inquiries

3. How We Collect and Store Your Data

We collect data in several ways:

Directly from youWhen you sign up for coaching, book sessions, subscribe to communications, or contact us via email or forms.

AutomaticallyThrough cookies and analytics tools when you visit our website.

Through trusted service providersSuch as Calendly (scheduling), Stripe (payments), MailerLite (email communications), and SuperIndep (business administration tools).

Storage and Security

Your data is stored electronically in secure systems, including:

• Google Drive for documents and agreements• Password-protected computers for professional notes• Secure cloud services protected by two-factor authentication

Administrative emails (for example scheduling messages) are typically deleted once acted upon. Emails relating to coaching sessions may be stored securely as part of professional records.

4. How We Use Your Data

We use your information for the following purposes:

• Delivering coaching services and fulfilling our professional obligations• Scheduling and managing sessions• Processing payments and maintaining financial records• Communicating with you about sessions or administrative matters• Complying with legal and regulatory requirements

Legal Basis for Processing

Under GDPR, we process personal data based on the following legal grounds:

• Performance of a contract – delivering coaching services and managing agreements• Legal obligations – maintaining financial or business records• Legitimate interests – managing and improving our services and maintaining professional records• Consent – where applicable (for example testimonials or marketing communications)

5. Data Retention

Coaching records (including signed agreements and session notes) are retained for 7 years, after which they are permanently deleted.

Payment and financial data may be retained for 7–10 years in accordance with financial regulations.

Administrative emails are generally deleted once acted upon unless they relate to coaching records.

6. Data Sharing

We do not sell your personal data.

Your information may only be shared in limited circumstances:

With your consentFor example for testimonials or case studies (which may be anonymized if requested).

With trusted service providersSuch as Calendly, Stripe, MailerLite, and SuperIndep, who process data on our behalf and maintain GDPR-compliant data protection standards.

Legal obligationsIf required by law (for example disclosures relating to terrorism or money laundering), unless we are legally prohibited from informing you.

Risk of harmIf we believe you or another person may be at risk of significant harm, relevant information may be shared with an appropriate professional. We will normally inform you beforehand unless doing so could increase the risk.

7. Your Rights Under GDPR

Under GDPR you have the following rights regarding your personal data:

• Access – request a copy of the data we hold about you• Rectification – correct inaccurate or incomplete information• Erasure – request deletion of your data (unless we are legally required to retain it)• Restriction – limit how we process your data• Portability – receive your data in a machine-readable format• Object – opt out of certain processing activities• Withdraw consent – for any processing based on consent (such as testimonials)

Requests will be responded to within one month, as required under GDPR.

To exercise these rights, contact:jessica@talpaco.com

If you subscribe to our newsletter, you may unsubscribe at any time using the link included in every email.

8. Cookies and Website Data

Our website may use cookies and similar technologies to:

• ensure the website functions properly• analyze website traffic• improve user experience

You can control or disable cookies through your browser settings. For more details, please see our Cookie Policy.

9. Data Security

We take data security seriously and implement measures including:

• Encryption for electronic communications and storage• Password protection and two-factor authentication• Secure cloud storage systems• Periodic review of data protection practices

10. Third-Party Links and Tools

Our website and services may link to third-party tools or platforms (such as Calendly or Stripe). These services operate under their own privacy policies, and we encourage you to review them.

We are not responsible for the privacy practices of external websites.

11. Children’s Privacy

Our services are not directed at individuals under the age of 16, and we do not knowingly collect personal data from children.

12. International Data Transfers

Some service providers we use may process data outside the European Economic Area.

When this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, to ensure GDPR compliance.

13. Updates to This Policy

We may update this Privacy Policy periodically. The most recent version will always be available on our website with the effective date indicated at the top of the page.

14. Contact

For questions or requests regarding your personal data, contact:

Jessica Vogt EI / Talpa & Co.67B Rue Jeanne d’Arc69003 Lyon, France

Contact: via the contact form on this website.

15. Supervisory Authority

If you believe your data protection rights have been violated, you may file a complaint with the French data protection authority: CNILhttps://www.cnil.fr