Four people seated at a table in a meeting room, with a presenter speaking in front of a screen.

Data Protection

Version 2.0 – February 13, 2026

Privacy Policy

This Privacy Policy (“Privacy Policy”) explains how we process and protect your personal data when you use this website or our services offered through https://www.odcus.com/ (collectively, “our Services”).

The website is operated by ODCUS AG, Grabenstrasse 15a, 6340 Baar, Switzerland (the “Company”, “we”, “our” or “us”). The Company is the controller of the data processing described below.

Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meaning as in the Swiss Federal Act on Data Protection (“DSG”) or the EU General Data Protection Regulation (“GDPR”).

1. Personal Data We Collect

When you use our services, we may collect or receive personal data for a range of purposes related to our business operations. This includes the following:

Usage and analytics data (e.g., identifiers, number of clicks, tracking data)
Contact data (e.g., name, address, phone number, date of birth)
Payment data (e.g., billing information, account information)
Inquiry details (e.g., details and content of your inquiries to us)
Website visitor data (e.g., IP address, log files, device ID)

There is no obligation to provide your personal data. Please note, however, that our services cannot be provided if you do not provide the necessary data that is absolutely necessary for the fulfillment of the contract between you and us.

2. How We Collect Personal Data

We collect information about our users when they use our services, including certain actions on our website.

Directly

Through our website and electronic communication
When you use our services
When you provide us with services
When you correspond with us electronically
When you browse, fill out a form, or make an inquiry while using our services

Indirectly

From public sources
From public registers (e.g., commercial registers), news articles, and internet searches
When our business customers hire us to provide professional services and share personal data that they control in the course of that assignment
From external service providers

3. Legal Bases and Purposes of Data Processing

Our legal basis for collecting and using the personal data described in this Privacy Policy depends on the personal data we collect and the specific purposes for which we collect it.

Contract: To fulfill our (pre-)contractual obligations or take actions related to a contract with you. In particular:

To assist you with inquiries
To provide our services

Consent: We may rely on your consent, which you give voluntarily at the time of providing your personal data. Specifically:

To analyze, improve, and personalize the use of our services and our communication with you
To set optional cookies and similar technologies on your device

Legitimate Interests: We may rely on legitimate interests based on our assessment that the processing is fair and reasonable and where your interests or fundamental rights and freedoms do not override it. Specifically:

To set technically necessary cookies and similar technologies on your device
To develop new services
To maintain and improve our services as well as to prevent, identify, and address security vulnerabilities

Necessity for Compliance with Legal Obligations: To fulfill legal and public interest obligations. Specifically:

To inform you about changes to our services and our Privacy Policy
To comply with applicable regulations and laws
For the legal enforcement of claims and rights

4. Retention Periods

We retain personal data for as long as necessary for the purposes for which it was collected, and in accordance with legal and regulatory requirements or contractual agreements. After this period, we delete your personal data or fully anonymize it.

5. Recipients of Personal Data

We engage third-party companies (“service providers”) to facilitate the operation of our services, assist with the analysis of service usage, or provide necessary services such as payment processing and IT services. These third parties have access to your personal data only to the extent necessary to fulfill these tasks.

Types of service providers who may access your personal data:

Professional advisors we use, such as accountants, auditors, and attorneys
Third parties we engage in the provision of our services for you, like consultants, banks, and other payment service providers, KYC/AML providers, as well as postal and courier services
Third parties that support us with IT and software solutions
Third parties that help us gain customer insights and support marketing activities

6. Transferring Data to Third Countries

We and/or our service providers may transfer and process your personal data in the following locations:

EU and EEA
USA

We may use service providers that are partly located in so-called third countries (outside the European Union or the European Economic Area or Switzerland) or process personal data there, i.e., in countries whose level of data protection does not correspond to that of the EU or Switzerland.

We protect your personal data according to our contractual obligations and applicable data protection laws when we transfer data abroad.

Such safeguards may include:

Transferring to countries that provide an adequate level of protection as recognized by the Federal Council or for which there is an adequacy decision by the European Commission
Using standard contractual clauses, binding corporate rules, or other standard contractual obligations that ensure adequate data protection

If a third-country transfer occurs and no adequacy decision or suitable safeguards exist, there is a possibility and a risk that authorities in the third country (e.g., intelligence services) may access the transferred data and that enforceability of data subject rights may not be guaranteed.

6.1 Google Analytics

We use Google Analytics on our web pages, a web analysis service of Google Ireland Limited (https://www.google.de/intl/de/about/) (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter “Google”). In this context, pseudonymized usage profiles are created and cookies (see the section “Cookies”) are used. The information generated by the cookie about your use of this website, such as

Browser type/version,
Used operating system,
Referrer URL (the previously visited page),
Hostname of the accessing computer (IP address),
Time of server request,

is transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, compile reports on website activities, and provide other services related to website and internet usage for market research and customized design of these internet pages. This information may also be transferred to third parties if required by law or if third parties process this data on behalf. In no case will your IP address be merged with other data by Google. The IP addresses are anonymized, so an assignment is not possible (IP masking).

You can prevent the installation of cookies by setting your browser software accordingly; however, we would like to point out that in this case, not all functions of this website may be used to their full extent.

These processing operations are carried out exclusively with your express consent pursuant to Art. 6 para. 1 lit. a GDPR.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

Alternatively to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on the following link: Disable Google Analytics. An opt-out cookie will be set, preventing the future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).

6.2 Plausible Analytics

We also use Plausible Analytics (Plausible Insights OÜ, Estonia) for privacy-friendly website analysis. Plausible does not set cookies, does not store IP addresses, does not process personal data, is fully GDPR compliant, and data remains in the EU.

Legal basis: Legitimate interest (Art. 6 para. 1 lit. f DSG) in analyzing website usage to improve our offer. Privacy policy: https://plausible.io/privacy

6.3 HubSpot

We use HubSpot (HubSpot Inc., USA) for Customer Relationship Management (CRM) and Marketing Automation. Processed data includes: contact data (name, email, company, phone), website interactions and page views, email openings and clicks, form submissions, communication history.

Purposes: Managing customer relationships, personalized communication, email marketing (only with your consent), lead management.

Legal basis: For marketing tracking, we use consent (Art. 6 para. 1 lit. a DSG), for CRM functions legitimate interest (Art. 6 para. 1 lit. f DSG), for contract communication contract fulfillment (Art. 6 para. 1 lit. b DSG).

HubSpot tracking cookies are only activated after you consent to the use of marketing cookies via our cookie banner. Privacy policy: https://legal.hubspot.com/privacy-policy

7. Data Disclosure

We may disclose your personal data if we believe in good faith that such action is necessary to:

Comply with a legal obligation (i.e., if it is required by law or in response to legitimate requests from authorities, such as a court or government agency)
Protect the security of the website and defend our rights or property
Prevent or investigate possible misconduct in connection with us

8. Data Security

We use appropriate technical and organizational security measures to protect your stored data against manipulation, loss, or unauthorized third-party access. Our security measures are continually adapted in line with technological developments.

We also take internal data protection very seriously. Our employees and the service providers hired by us are obliged to maintain confidentiality and to comply with applicable data protection laws. Additionally, they only receive access to personal data to the extent necessary for the fulfillment of their respective tasks or their mandate.

The security of your personal data is important to us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We recommend using antivirus software, a firewall, and other similar software to protect your system.

9. Your Rights

You have the following data protection rights. To exercise these rights, you can contact the address above or send an email to: contact@odcus.com. Please note that we may ask you to verify your identity before responding substantively to such requests.

Right of Access: You have the right to request a copy of your personal data, which we will provide to you in electronic form.
Right to Rectification: You have the right to ask us to correct our records if you believe they contain inaccurate or incomplete information about you.
Right to Withdraw Consent: If you have given consent to the processing of your personal data, you have the right to withdraw that consent for the future. This applies if you wish to unsubscribe from marketing communications. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose(s) you originally agreed to, unless another legal basis for processing applies.
Right to Erasure: You have the right to request that we delete your personal data, provided these are no longer necessary for the purposes for which they were collected or are unlawfully processed.
Right to Restrict Processing: You have the right to request the restriction of processing of your personal data if you believe the data is inaccurate, the processing is unlawful, or we no longer need the data for the original purpose, but we cannot delete it due to a legal obligation or because you do not want it to be deleted.
Right to Data Portability: You have the right to request that we transfer your personal data in a standard format such as Excel to another controller, provided it is data you have provided to us and we process it based on your consent or to fulfill our contractual obligations.
Right to Object to Processing: If the legal basis for processing your personal data is our legitimate interest, you have the right, for reasons related to your specific situation, to object to this processing. We will comply with your request unless we have a compelling legal basis for the processing that outweighs your interests, or we must continue to process the personal data to exercise or defend a legal claim.
Right to Lodge a Complaint with a Supervisory Authority: You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. In the EU and EEA, you may, for example, exercise this right with a supervisory authority in the Member State of your residence, workplace, or place of alleged infringement. You can find a list of relevant authorities at: https://edpb.europa.eu/about-edpb/about-edpb/members_de. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner, Feldeggweg 1, CH – 3003 Bern, info@edoeb.admin.ch.

10. Social Media and Links to Third-Party Apps and Websites

Our services contain links to websites or apps not operated by us. If you click on a third-party link, you will be directed to that third-party's website or app. We have no control over the content, privacy policies, or practices of third-party websites or services.

We maintain an online presence on social networks to communicate with customers and prospects and inform them about our products and services. If you have an account with the same network, the information and media you make available may be visible to us, for example when we view your profile. The social network may also allow us to contact you under certain circumstances. Once we transfer personal data to our own systems, we are independently responsible for it. This is done for the implementation of pre-contractual measures and to fulfill a contract. The legal bases for the data processing carried out on their own responsibility by the social networks can be found in their respective privacy policies. Below is a list of the social networks where we maintain an online presence: