Information about the collection of personal data
Below, we provide information about the collection of personal data when using our website. Personal data is any data that can be related to you personally, e.g. your name, address, email address or your user behaviour.
With this information, we are complying with our legal information obligations, in particular those arising from the EU General Data Protection Regulation (GDPR) and the revised Swiss Federal Act on Data Protection (FADP, SR 235.1), which has been in force since 1 September 2023.
Responsible bodies for data processing
Responsible body within the meaning of the GDPR and the DSG:
Brand Leadership Management AG
Sennweidstrasse 35
CH-6312 Steinhausen/Zug, Switzerland
Data protection officer:
Brand Leadership Management AG
Sascha Salis
Sennweidstrasse 35
CH-6312 Steinhausen/Zug
Email: protection@brandleadership.ch
To assert your rights as a data subject or if you have any questions about data processing, please contact: protection@brandleadership.ch
Collection of personal data when visiting the website
When using the website for purely informational purposes – i.e. if you do not register or otherwise provide us with information – we only collect the data that your browser automatically transmits to our web server. This data is technically necessary for us to display the website to you and to ensure stability and security:
- IP address
- Date and time of the request and time zone difference to GMT
- Content of the request (specific page)
- Access status / HTTP status code
- Amount of data transferred
- Referrer URL (website from which the request originates)
- Browser, operating system and language version of the browser software
This data is generally deleted within 30 days, unless longer storage is necessary for security purposes (e.g. to investigate misuse or system malfunctions).
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the correct presentation and security of the website) / DSG (processing in accordance with the principles of proportionality and purpose limitation pursuant to Art. 6 DSG).
Request for quotation
When you submit a request via our website, we collect the personal data marked as mandatory fields in the form (e.g. name, email address, other contact details if applicable) for the purpose of initiating and executing a contract.
Legal basis: Art. 6 (1) (b) GDPR / DSG (purpose limitation and proportionality in accordance with Art. 6 DSG; contractual basis).
Voluntary information is processed on the basis of your consent (Art. 6 (1) (a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG)). You can revoke your consent at any time with effect for the future.
If no contract is concluded, your data will be deleted no later than 90 days after notification, provided that there are no legal retention obligations. Upon conclusion of the contract, we store your data for the duration of the business relationship and in accordance with the retention periods under tax and commercial law in Germany and Switzerland (up to 10 years). After these periods have expired, the data will be deleted or anonymised.
Contacting us
When you contact us by e-mail or via our contact form, the personal data specified as mandatory fields (in particular your e-mail address, name and telephone number, if applicable) will be processed for the purpose of handling your enquiry. Further information is voluntary and marked accordingly.
Depending on the nature of your enquiry, processing will take place either:
- on the basis of your consent (Art. 6(1)(a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG)), or
- for the implementation of pre-contractual measures or for the fulfilment of a contract (Art. 6 (1) (b) GDPR / Art. 31 (2) (a) DSG), provided that your request is aimed at the conclusion or implementation of a contract.
You can revoke your consent at any time with effect for the future. The data will be deleted as soon as it is no longer required for the purpose, but at the latest after expiry of the statutory retention periods (up to 10 years in accordance with tax and commercial law requirements in Germany and Switzerland). You are entitled to the statutory rights of data subjects, in particular the right to information, correction, deletion, restriction of processing, objection and revocation of consent.
Customer account
When you open a customer account, we collect the data marked as mandatory fields in the registration form (e.g. name, email address, password) for the purpose of setting up, managing and using your customer account.
Legal basis: Art. 6(1)(b) GDPR / DSG (contractual basis in accordance with Art. 6 DSG). Registration is not possible without this mandatory information.
Further voluntary information is processed on the basis of your consent (Art. 6 (1) (a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG)); you can revoke this consent at any time.
You can close your customer account at any time by notifying us. After closure, your data will be deleted, provided that there are no legal retention obligations to the contrary. Data relevant for tax and commercial law purposes will be stored for up to 10 years in accordance with the requirements in Germany and Switzerland and then deleted or anonymised.
Data security
We use appropriate technical and organisational security measures to protect your personal data from accidental or intentional manipulation, partial or complete loss, destruction and unauthorised access by third parties (e.g. TLS encryption for our website).
When selecting the measures, we take into account the state of the art, the implementation costs, the nature, scope, context and purpose of the data processing, as well as the existing risks of a data breach, including its likelihood and potential impact (Art. 32 GDPR / Art. 8 DSG). Our security measures are regularly reviewed and adapted to technological developments. Further information is available on request.
Cooperation with processors
We use external domestic and foreign service providers (e.g. in the areas of IT, hosting, logistics, telecommunications, sales and marketing) to handle our business transactions. These processors process personal data exclusively on our instructions and are contractually obliged under Art. 28 GDPR and Art. 9 of the FADP to comply with data protection regulations and to implement appropriate technical and organisational security measures.
If personal data is exchanged between us and companies within our group (e.g. for administrative or advertising purposes), this is done on the basis of existing data processing agreements or other suitable legal bases under data protection law.
Cookie consent tool
To obtain effective user consent for cookies and cookie-based applications that require consent, we use the Cookiebot cookie consent tool from Usercentrics GmbH, Sendlinger Strasse 7, 80331 Munich, Germany.
When you visit our website, a banner is displayed that allows you to give or refuse your consent to certain cookies. The tool blocks the setting of cookies that require consent until you give your consent. You can revoke or adjust your consent at any time using the consent tool.
In order to comply with legal verification and documentation requirements, consent settings, including relevant user data (e.g. IP address, timestamp, consent status), are logged, stored for the duration of the session and for up to 12 months thereafter, and assigned to the respective user. This data is transmitted to Usercentrics and processed within the EU. In exceptional cases, data may be transferred to third countries on the basis of appropriate safeguards (Art. 46 GDPR / Art. 16 DSG).
Legal basis: Art. 6(1)(c) GDPR in conjunction with Art. 7 GDPR (legal obligation to document) and Art. 6(1)(f) GDPR (legitimate interest in legally compliant consent management) / DSG (Art. 6 DSG). Insofar as German data protection law is applicable, the storage and retrieval of information on your end device is also based on Section 25 TDDDG.
Use of cookies
We use cookies on our websites. Cookies are small text files that are stored on your device and are assigned to the browser you are using by a characteristic string of characters. They cannot execute programmes or transmit viruses and do not cause any damage to your device. They serve to make our website more user-friendly, effective and secure.
We use cookies from the following categories:
Strictly necessary cookies (type a)
Essential for the operation and basic functions of the website (e.g. page navigation, security functions). Legal basis: Insofar as German law is applicable, Section 25 (2) No. 2 TDDDG; otherwise Art. 6 (1) lit. f GDPR (legitimate interest in a secure, functional website) or DSG (processing in accordance with the principles set out in Art. 6 DSG; technically necessary).
Functional and performance cookies (Type b)
Used to optimise and personalise the website and to analyse website usage. Only used with your consent. Legal basis: Art. 6 (1) (a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG); where German law applies: Section 25 (1) TDDDG.
Marketing and analysis cookies (type c)
Used for marketing and analysis purposes, in particular for measuring reach and personalised advertising. Used exclusively with your prior consent. Legal basis: Art. 6(1)(a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG); where German law applies: §25(1) TDDDG.
You can revoke or adjust your consent at any time in the cookie settings on our website with effect for the future. Information on managing and deleting cookies can be found in your browser settings.
Web tracking using Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). The purpose of this is to analyse website usage and compile reports on website activity in order to continuously improve our offering.
(2) Google Analytics uses cookies and other technologies that enable analysis of your use (e.g. device/browser information, IP address, usage data, interactions, referrer URL). Your IP address is truncated within the EU/EEA before storage by means of IP anonymisation (‘IP masking’), so that a direct personal reference is excluded.
(3) Google acts as a processor on the basis of a contract in accordance with Art. 28 GDPR. Data transfer to the USA cannot be ruled out. Google is certified under the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of data protection in accordance with Art. 45 GDPR.
(4) Legal basis: Your explicit consent (Art. 6(1)(a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG)). The storage period is a maximum of 14 months. You can revoke your consent at any time with future effect via our consent manager or by installing the Google browser add-on:
https://tools.google.com/dlpag...
(5) Further information:
https://marketingplatform.goog...
https://support.google.com/ana...
https://policies.google.com/pr...
Adobe Fonts
To ensure a consistent appearance on our website, we use fonts from Adobe Fonts, a service provided by Adobe Systems Software Ireland Limited, 4–6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland (‘Adobe’).
When you visit our website, your browser loads the required web fonts directly from Adobe's servers into your browser cache. This establishes a connection to Adobe's servers, which informs Adobe that our website has been accessed via your IP address.
Legal basis: Your consent (Art. 6(1)(a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG)); where German law applies, additionally §25(1) TDDDG; if granted via the consent tool. Adobe is certified under the EU-U.S. Data Privacy Framework (DPF) (Art. 45 GDPR). You can revoke your consent at any time. Further information:
https://www.adobe.com/de/priva...
https://www.adobe.com/de/priva...
Google Tag Manager
We use Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’) for the central management and triggering of website tags.
Google Tag Manager itself does not set any cookies and does not process any personal data directly. It is used exclusively for the integration and control of additional tags (e.g. for analysis or marketing purposes). Information on these third-party providers can be found in the respective chapters of this privacy policy.
Google Tag Manager automatically takes into account your settings in the consent tool or in your browser settings and passes these preferences on to the integrated tags. Google is certified under the EU-U.S. Data Privacy Framework (DPF) (Art. 45 GDPR).
Legal basis for the integration and management of tags that process personal data or store information on your device: your consent (Art. 6(1)(a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG)); where German law is applicable: Section 25(1) TDDDG, unless another legal basis is relevant for individual services. Further information:
https://marketingplatform.goog...
Google reCAPTCHA
To ensure security when submitting forms and to protect against misuse by automated access (bots), we use the reCAPTCHA service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’).
In particular, your IP address and other data required for the function are transmitted to Google and processed there. This may also include transmission to servers of Google LLC in the USA. Google is certified under the EU-U.S. Data Privacy Framework (DPF) (Art. 45 GDPR).
Legal basis: Your consent (Art. 6(1)(a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG)); where German law applies: Section 25(1) TDDDG. You can revoke your consent at any time using the consent tool. Further information:
https://www.google.com/intl/de...
https://www.google.com/recaptc...
Integration of social networks
Components from various social networks are integrated into our website. Personal data is processed exclusively on the basis of your consent (Art. 6(1)(a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG); where German law applies: §25 (1) TDDDG), provided that you have given your consent via our consent management tool. You can revoke your consent at any time with effect for the future.
X (formerly Twitter)
We use components of the social network X, provided by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When you visit pages with X integration, your IP address, device/browser data and usage data may be transmitted to X. X is certified under the EU-U.S. Data Privacy Framework (DPF). Further information:
https://twitter.com/de/privacy
https://help.twitter.com/artic...
Vimeo
We embed videos from the platform provider Vimeo, Inc., 555 West 18th Street, New York, NY 10011, USA. When you visit a page with Vimeo videos, a connection to Vimeo servers is established, whereby technically necessary data and, if applicable, cookies are processed. Vimeo is certified under the EU-U.S. Data Privacy Framework (DPF). Further information:
Meta (formerly Facebook)
We use components from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Meta’). Meta regularly processes personal data on servers in the United States. Meta is certified under the EU-U.S. Data Privacy Framework (DPF); however, access by US authorities cannot be completely ruled out.
We have entered into an agreement with Meta on joint responsibility in accordance with Art. 26 GDPR / Art. 5 (7) DSG. Further information:
https://www.facebook.com/legal...
https://www.facebook.com/about...
https://www.facebook.com/setti...
LinkedIn
We use links and, where applicable, components from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. When visiting, IP addresses, browser/device data and interaction data may be transmitted to LinkedIn. LinkedIn is certified under the EU-U.S. Data Privacy Framework (DPF); access by US authorities cannot be ruled out.
We have entered into a joint controller agreement with LinkedIn (Art. 26 GDPR / Art. 5(7) DSG). Further information:
https://legal.linkedin.com/pag...
https://de.linkedin.com/legal/...
Newsletter
We use the double opt-in procedure for registering for our newsletter: after registering, you will receive an email with a confirmation link that you must actively click on to complete your registration. The entire registration process – including your consent, IP address, timestamp and confirmations – is logged to ensure compliance with legal verification and documentation requirements.
Legal basis: your express consent (Art. 6(1)(a) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG)).
We use BSI Business Systems Integration AG, Täfernstrasse 1, CH-5405 Baden (‘BSI’), as a service provider. Your email address and other data required for sending the newsletter are stored exclusively on BSI servers in Luxembourg.
To optimise the newsletter, we analyse your user behaviour (in particular openings, clicks, interactions and unsubscriptions). This processing is carried out exclusively on the basis of your consent.
You can revoke your consent at any time with future effect – via the unsubscribe link in each newsletter or by email. Your personal data will be deleted after revocation, termination of the subscription or after 24 months of inactivity at the latest.
Storage period and deletion
We only process and store personal data for as long as is necessary for the respective processing purposes – in particular for the initiation, implementation and execution of contractual relationships, for the fulfilment of legal obligations and for the maintenance of our business relationships.
Please refer to the respective sections of this privacy policy for the specific storage period for individual processing operations. Unless an explicit period is specified, the storage period is based on the statutory retention periods, in particular the tax and commercial law regulations in Switzerland and the EU (usually up to 10 years).
After expiry of the periods or as soon as the purpose of processing no longer applies, personal data will be deleted or anonymised, provided that there are no legal obligations to retain or document data. If processing is based on your consent or our legitimate interests, your data will be deleted immediately upon revocation or justified objection, provided that there are no mandatory legal retention obligations.
Processing in third countries
If we process personal data in countries outside the EU, the EEA or Switzerland, or if this is done through the use of third-party services, this is done exclusively in accordance with the legal requirements. Such a transfer only takes place if:
- an adequacy decision has been issued by the European Commission or the Federal Data Protection and Information Commissioner (FDPIC), or
- suitable safeguards are in place, in particular EU Standard Contractual Clauses (SCC) or Binding Corporate Rules (BCR), or
you have expressly consented or a legal exception applies (e.g. for the performance of a contract or the assertion of legal claims).
Legal basis: Art. 44 ff. GDPR / Art. 16 ff. DSG.
Your rights as a data subject
You can assert your rights at any time using the contact details provided at the beginning. In particular, you have the following rights:
Right to information (Art. 15 GDPR / Art. 25 DSG)
You may request information about the purposes of processing, categories of data processed, recipients, planned storage period, origin of the data and the existence of automated decision-making, including profiling.
Right to rectification (Art. 16 GDPR / Art. 32(1) DSG)
You may request the immediate rectification of inaccurate data or the completion of incomplete data.
Right to erasure (Art. 17 GDPR / Art. 32(2) DSG)
You may request the erasure of your data, provided that there are no legal retention obligations or other exceptional reasons to the contrary.
Right to restriction of processing (Art. 18 GDPR / Art. 30 DSG)
You may request the restriction of processing, in particular if you dispute the accuracy of the data or if the processing is unlawful.
Right to data portability (Art. 20 GDPR / Art. 28 DSG)
You may receive your data in a structured, commonly used and machine-readable format or request that it be transferred to another controller.
Right to object (Art. 21 GDPR / Art. 30 DSG)
You may object to the processing if it is based on Art. 6(1)(e) or (f) GDPR. Unless the objection is to direct marketing, we ask you to explain the reasons for your objection.
Right to withdraw consent (Art. 7(3) GDPR / DSG (consent, Art. 6 in conjunction with Art. 31 DSG))
You may withdraw your consent at any time with effect for the future. The withdrawal does not affect the lawfulness of the processing carried out up to that point.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR / Art. 49 DSG)
You may lodge a complaint about the processing of your personal data with a competent data protection supervisory authority.
Competent supervisory authorities:
For Switzerland:
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1, 3003 Bern, Switzerland
Telephone: +41 (0)58 462 43 95 | Email: edoeb@edoeb.admin.ch
For Germany:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22, 7th floor, 20459 Hamburg
Telephone: +49 (0)40 428 54-4040 | Email: mailbox@datenschutz.hamburg.de
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Deutschland
Website: https://www.lda.bayern.de
For California:
LA:
California Privacy Protection Agency (CPPA)
2101 Arena Blvd Sacramento
CA 95834
USA
Website: https://cppa.ca.gov
Changes to the privacy policy
In line with developments in data protection law and technological or organisational changes, this privacy policy is regularly reviewed to determine whether it needs to be amended or supplemented.
Status: February 2026
Thank for your interest
You will receive an email shortly to confirm your address and subscription.
gateB Consulting, Inc.
815 Hampton Drive, Unit 1B
Venice, CA, 90291
USA
gateB Consulting, Inc.
815 Hampton Drive
Venice, CA, 90291
USA
Thank you for your interest
You will receive an email shortly to confirm your address and subscription.
