Privacy Policy

1. Information about the collection of personal data

Below, we provide information about the collection of personal data when using our website. Personal data is any data that can be related to you personally, e.g. your name, address, email address or your user behaviour.

With this information, we are complying with our legal information obligations, in particular those arising from the EU General Data Protection Regulation (GDPR) and the revised Swiss Federal Act on Data Protection (FADP, SR 235.1), which has been in force since 1 September 2023.

2. Responsible bodies for data processing

Responsible body within the meaning of the GDPR and the DSG:

Brand Leadership Management AG
Sennweidstrasse 35
CH-6312 Steinhausen/Zug, Switzerland

Data protection officer:

Brand Leadership Management AG
Sascha Salis
Sennweidstrasse 35
CH-6312 Steinhausen/Zug
Email: protection@brandleadership.ch

To assert your rights as a data subject or if you have any questions about data processing, please contact: protection@brandleadership.ch

3. Collection of personal data when visiting the website

When using the website for purely informational purposes – i.e. if you do not register or otherwise provide us with information – we only collect the data that your browser auto-matically transmits to our web server. This data is technically necessary for us to display the website to you and to ensure stability and security:

  • IP address

  • Date and time of the request and time zone difference to GMT

  • Content of the request (specific page)

  • Access status / HTTP status code

  • Amount of data transferred

  • Referrer URL (website from which the request originates)

  • Browser, operating system and language version of the browser software

This data is generally deleted within 30 days, unless longer storage is necessary for security purposes (e.g. to investigate misuse or system malfunctions).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the correct presentation and security of the website) / DSG (processing in accordance with the principles of proportionality and pur-pose limitation pursuant to Art. 6 DSG).

4. Request for quotation

When you submit a request via our website, we collect the personal data marked as manda-tory fields in the form (e.g. name, email address, other contact details if applicable) for the purpose of initiating and executing a contract.

Legal basis: Art. 6 (1) (b) GDPR / DSG (purpose limitation and proportionality in accordance with Art. 6 DSG; contractual basis).

Voluntary information is processed on the basis of your consent (Art. 6 (1) (a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG)). You can revoke your consent at any time with effect for the future.

If no contract is concluded, your data will be deleted no later than 90 days after notification, provided that there are no legal retention obligations. Upon conclusion of the contract, we store your data for the duration of the business relationship and in accordance with the retention periods under tax and commercial law in Germany and Switzerland (up to 10 years). After these periods have expired, the data will be deleted or anonymised.

5. Contacting us

When you contact us by e-mail or via our contact form, the personal data specified as man-datory fields (in particular your e-mail address, name and telephone number, if applicable) will be processed for the purpose of handling your enquiry. Further information is voluntary and marked accordingly.

Depending on the nature of your enquiry, processing will take place either:

  • on the basis of your consent (Art. 6(1)(a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG)), or

  • for the implementation of pre-contractual measures or for the fulfilment of a contract (Art. 6 (1) (b) GDPR / Art. 31 (2) (a) DSG), provided that your request is aimed at the conclusion or implementation of a contract.

You can revoke your consent at any time with effect for the future. The data will be deleted as soon as it is no longer required for the purpose, but at the latest after expiry of the stat-utory retention periods (up to 10 years in accordance with tax and commercial law require-ments in Germany and Switzerland). You are entitled to the statutory rights of data sub-jects, in particular the right to information, correction, deletion, restriction of processing, objection and revocation of consent.

6. Customer account

When you open a customer account, we collect the data marked as mandatory fields in the registration form (e.g. name, email address, password) for the purpose of setting up, manag-ing and using your customer account.

Legal basis: Art. 6(1)(b) GDPR / DSG (contractual basis in accordance with Art. 6 DSG). Regis-tration is not possible without this mandatory information.

Further voluntary information is processed on the basis of your consent (Art. 6 (1) (a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG)); you can revoke this consent at any time.

You can close your customer account at any time by notifying us. After closure, your data will be deleted, provided that there are no legal retention obligations to the contrary. Data relevant for tax and commercial law purposes will be stored for up to 10 years in accordance with the requirements in Germany and Switzerland and then deleted or anonymised.

7. Data security

We use appropriate technical and organisational security measures to protect your personal data from accidental or intentional manipulation, partial or complete loss, destruction and unauthorised access by third parties (e.g. TLS encryption for our website).

When selecting the measures, we take into account the state of the art, the implementation costs, the nature, scope, context and purpose of the data processing, as well as the existing risks of a data breach, including its likelihood and potential impact (Art. 32 GDPR / Art. 8 DSG). Our security measures are regularly reviewed and adapted to technological develop-ments. Further information is available on request.

8. Cooperation with processors

We use external domestic and foreign service providers (e.g. in the areas of IT, hosting, logis-tics, telecommunications, sales and marketing) to handle our business transactions. These processors process personal data exclusively on our instructions and are contractually obliged under Art. 28 GDPR and Art. 9 of the FADP to comply with data protection regula-tions and to implement appropriate technical and organisational security measures.

If personal data is exchanged between us and companies within our group (e.g. for adminis-trative or advertising purposes), this is done on the basis of existing data processing agree-ments or other suitable legal bases under data protection law.

9. Cookie consent tool

To obtain effective user consent for cookies and cookie-based applications that require con-sent, we use the Cookiebot cookie consent tool from Usercentrics GmbH, Sendlinger Strasse 7, 80331 Munich, Germany.

When you visit our website, a banner is displayed that allows you to give or refuse your consent to certain cookies. The tool blocks the setting of cookies that require consent until you give your consent. You can revoke or adjust your consent at any time using the consent tool.

In order to comply with legal verification and documentation requirements, consent settings, including relevant user data (e.g. IP address, timestamp, consent status), are logged, stored for the duration of the session and for up to 12 months thereafter, and assigned to the respective user. This data is transmitted to Usercentrics and processed within the EU. In exceptional cases, data may be transferred to third countries on the basis of appropriate safeguards (Art. 46 GDPR / Art. 16 DSG).

Legal basis: Art. 6(1)(c) GDPR in conjunction with Art. 7 GDPR (legal obligation to document) and Art. 6(1)(f) GDPR (legitimate interest in legally compliant consent management) / DSG (Art. 6 DSG). Insofar as German data protection law is applicable, the storage and retrieval of information on your end device is also based on Section 25 TDDDG.

10. Use of cookies

We use cookies on our websites. Cookies are small text files that are stored on your device and are assigned to the browser you are using by a characteristic string of characters. They cannot execute programmes or transmit viruses and do not cause any damage to your de-vice. They serve to make our website more user-friendly, effective and secure.

We use cookies from the following categories:

Strictly necessary cookies (type a)

Essential for the operation and basic functions of the website (e.g. page navigation, security functions). Legal basis: Insofar as German law is applicable, Section 25 (2) No. 2 TDDDG; oth-erwise Art. 6 (1) lit. f GDPR (legitimate interest in a secure, functional website) or DSG (pro-cessing in accordance with the principles set out in Art. 6 DSG; technically necessary).

Functional and performance cookies (Type b)

Used to optimise and personalise the website and to analyse website usage. Only used with your consent. Legal basis: Art. 6 (1) (a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG); where German law applies: Section 25 (1) TDDDG.

Marketing and analysis cookies (type c)

Used for marketing and analysis purposes, in particular for measuring reach and personal-ised advertising. Used exclusively with your prior consent. Legal basis: Art. 6(1)(a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG); where German law applies: §25(1) TDDDG.

You can revoke or adjust your consent at any time in the cookie settings on our website with effect for the future. Information on managing and deleting cookies can be found in your browser settings.

11. Web tracking using Google Analytics

(1) This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). The purpose of this is to analyse website usage and compile reports on website activity in order to continuously im-prove our offering.

(2) Google Analytics uses cookies and other technologies that enable analysis of your use (e.g. device/browser information, IP address, usage data, interactions, referrer URL). Your IP address is truncated within the EU/EEA before storage by means of IP anonymisation (‘IP masking’), so that a direct personal reference is excluded.

(3) Google acts as a processor on the basis of a contract in accordance with Art. 28 GDPR. Data transfer to the USA cannot be ruled out. Google is certified under the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of data protection in accordance with Art. 45 GDPR.

(4) Legal basis: Your explicit consent (Art. 6(1)(a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG)). The storage period is a maximum of 14 months. You can revoke your con-sent at any time with future effect via our consent manager or by installing the Google browser add-on:

https://tools.google.com/dlpage/gaoptout?hl=de

(5) Further information:

https://marketingplatform.google.com/about/analytics/terms/de/

https://support.google.com/analytics/answer/6004245?hl=de

https://policies.google.com/privacy?hl=de

12. Adobe Fonts

To ensure a consistent appearance on our website, we use fonts from Adobe Fonts, a ser-vice provided by Adobe Systems Software Ireland Limited, 4–6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland (‘Adobe’).

When you visit our website, your browser loads the required web fonts directly from Ado-be's servers into your browser cache. This establishes a connection to Adobe's servers, which informs Adobe that our website has been accessed via your IP address.

Legal basis: Your consent (Art. 6(1)(a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG)); where German law applies, additionally §25(1) TDDDG; if granted via the consent tool. Adobe is certified under the EU-U.S. Data Privacy Framework (DPF) (Art. 45 GDPR). You can revoke your consent at any time. Further information:

https://www.adobe.com/de/privacy.html

https://www.adobe.com/de/privacy/policies/typekit.html

13. Google Tag Manager

We use Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’) for the central management and triggering of website tags.

Google Tag Manager itself does not set any cookies and does not process any personal data directly. It is used exclusively for the integration and control of additional tags (e.g. for anal-ysis or marketing purposes). Information on these third-party providers can be found in the respective chapters of this privacy policy.

Google Tag Manager automatically takes into account your settings in the consent tool or in your browser settings and passes these preferences on to the integrated tags. Google is certified under the EU-U.S. Data Privacy Framework (DPF) (Art. 45 GDPR).

Legal basis for the integration and management of tags that process personal data or store information on your device: your consent (Art. 6(1)(a) GDPR / DSG (consent, Art. 6 in con-junction with Art. 31 DSG)); where German law is applicable: Section 25(1) TDDDG, unless another legal basis is relevant for individual services. Further information:

https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

14. Google reCAPTCHA

To ensure security when submitting forms and to protect against misuse by automated ac-cess (bots), we use the reCAPTCHA service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’).

In particular, your IP address and other data required for the function are transmitted to Google and processed there. This may also include transmission to servers of Google LLC in the USA. Google is certified under the EU-U.S. Data Privacy Framework (DPF) (Art. 45 GDPR).

Legal basis: Your consent (Art. 6(1)(a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG)); where German law applies: Section 25(1) TDDDG. You can revoke your consent at any time using the consent tool. Further information:

https://www.google.com/intl/de/policies/privacy/

https://www.google.com/recaptcha/about/

15. Integration of social networks

Components from various social networks are integrated into our website. Personal data is processed exclusively on the basis of your consent (Art. 6(1)(a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG); where German law applies: §25 (1) TDDDG), provided that you have given your consent via our consent management tool. You can revoke your con-sent at any time with effect for the future.

a) X (formerly Twitter)

We use components of the social network X, provided by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When you visit pages with X integration, your IP ad-dress, device/browser data and usage data may be transmitted to X. X is certified under the EU-U.S. Data Privacy Framework (DPF). Further information:

https://twitter.com/de/privacy

https://help.twitter.com/articles/105576

b) Vimeo

We embed videos from the platform provider Vimeo, Inc., 555 West 18th Street, New York, NY 10011, USA. When you visit a page with Vimeo videos, a connection to Vimeo servers is established, whereby technically necessary data and, if applicable, cookies are processed. Vimeo is certified under the EU-U.S. Data Privacy Framework (DPF). Further information:

https://vimeo.com/privacy

c) Meta (formerly Facebook)

We use components from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Ca-nal Harbour, Dublin 2, Ireland (‘Meta’). Meta regularly processes personal data on servers in the United States. Meta is certified under the EU-U.S. Data Privacy Framework (DPF); howev-er, access by US authorities cannot be completely ruled out.

We have entered into an agreement with Meta on joint responsibility in accordance with Art. 26 GDPR / Art. 5 (7) DSG. Further information:

https://www.facebook.com/legal/terms/page_controller_addendum

https://www.facebook.com/about/privacy/

https://www.facebook.com/settings?tab=ads

d) LinkedIn

We use links and, where applicable, components from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. When visiting, IP addresses, browser/device data and interac-tion data may be transmitted to LinkedIn. LinkedIn is certified under the EU-U.S. Data Privacy Framework (DPF); access by US authorities cannot be ruled out.

We have entered into a joint controller agreement with LinkedIn (Art. 26 GDPR / Art. 5(7) DSG). Further information:

https://legal.linkedin.com/pages-joint-controller-addendum

https://de.linkedin.com/legal/privacy-policy

16. Newsletter

We use the double opt-in procedure for registering for our newsletter: after registering, you will receive an email with a confirmation link that you must actively click on to complete your registration. The entire registration process – including your consent, IP address, timestamp and confirmations – is logged to ensure compliance with legal verification and documenta-tion requirements.

Legal basis: your express consent (Art. 6(1)(a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG)).

We use BSI Business Systems Integration AG, Täfernstrasse 1, CH-5405 Baden (‘BSI’), as a service provider. Your email address and other data required for sending the newsletter are stored exclusively on BSI servers in Luxembourg.

To optimise the newsletter, we analyse your user behaviour (in particular openings, clicks, interactions and unsubscriptions). This processing is carried out exclusively on the basis of your consent.

You can revoke your consent at any time with future effect – via the unsubscribe link in each newsletter or by email. Your personal data will be deleted after revocation, termination of the subscription or after 24 months of inactivity at the latest.

17. Storage period and deletion

We only process and store personal data for as long as is necessary for the respective pro-cessing purposes – in particular for the initiation, implementation and execution of contrac-tual relationships, for the fulfilment of legal obligations and for the maintenance of our busi-ness relationships.

Please refer to the respective sections of this privacy policy for the specific storage period for individual processing operations. Unless an explicit period is specified, the storage period is based on the statutory retention periods, in particular the tax and commercial law regula-tions in Switzerland and the EU (usually up to 10 years).

After expiry of the periods or as soon as the purpose of processing no longer applies, per-sonal data will be deleted or anonymised, provided that there are no legal obligations to re-tain or document data. If processing is based on your consent or our legitimate interests, your data will be deleted immediately upon revocation or justified objection, provided that there are no mandatory legal retention obligations.

18. Processing in third countries

If we process personal data in countries outside the EU, the EEA or Switzerland, or if this is done through the use of third-party services, this is done exclusively in accordance with the legal requirements. Such a transfer only takes place if:

  • an adequacy decision has been issued by the European Commission or the Federal Data Protection and Information Commissioner (FDPIC), or

  • suitable safeguards are in place, in particular EU Standard Contractual Clauses (SCC) or Binding Corporate Rules (BCR), or

  • you have expressly consented or a legal exception applies (e.g. for the performance of a contract or the assertion of legal claims).

Legal basis: Art. 44 ff. GDPR / Art. 16 ff. DSG.

19. Your rights as a data subject

You can assert your rights at any time using the contact details provided at the beginning. In particular, you have the following rights:

Right to information (Art. 15 GDPR / Art. 25 DSG)

You may request information about the purposes of processing, categories of data pro-cessed, recipients, planned storage period, origin of the data and the existence of automated decision-making, including profiling.

Right to rectification (Art. 16 GDPR / Art. 32(1) DSG)

You may request the immediate rectification of inaccurate data or the completion of incom-plete data.

Right to erasure (Art. 17 GDPR / Art. 32(2) DSG)

You may request the erasure of your data, provided that there are no legal retention obliga-tions or other exceptional reasons to the contrary.

Right to restriction of processing (Art. 18 GDPR / Art. 30 DSG)

You may request the restriction of processing, in particular if you dispute the accuracy of the data or if the processing is unlawful.

Right to data portability (Art. 20 GDPR / Art. 28 DSG)

You may receive your data in a structured, commonly used and machine-readable format or request that it be transferred to another controller.

Right to object (Art. 21 GDPR / Art. 30 DSG)

You may object to the processing if it is based on Art. 6(1)(e) or (f) GDPR. Unless the objec-tion is to direct marketing, we ask you to explain the reasons for your objection.

Right to withdraw consent (Art. 7(3) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG))

You may withdraw your consent at any time with effect for the future. The withdrawal does not affect the lawfulness of the processing carried out up to that point.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR / Art. 49 DSG)

You may lodge a complaint about the processing of your personal data with a competent data protection supervisory authority.

Competent supervisory authorities:

For Switzerland:

Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1, 3003 Bern, Switzerland
Telephone: +41 (0)58 462 43 95
Email: edoeb@edoeb.admin.ch

For Germany:

The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22, 7th floor, 20459 Hamburg
Telephone: +49 (0)40 428 54-4040
Email: mailbox@datenschutz.hamburg.de

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Deutschland
Website: https://www.lda.bayern.de

For California:

California Privacy Protection Agency (CPPA)
2101 Arena Blvd Sacramento
CA 95834
USA
Website: https://cppa.ca.gov

20. Changes to the privacy policy

In line with developments in data protection law and technological or organisational changes, this privacy policy is regularly reviewed to determine whether it needs to be amended or supplemented.

Status: February 2026

Need a hand?
Get in touch