Data Protection

Version 1.1 – February 11, 2025

Privacy Policy

This Privacy Policy (“Privacy Policy”) explains how we process and protect your personal data when you use this website or our services offered via https://www.odcus.com/ (collectively, “our services”).

The website is operated by ODCUS AG, Grabenstrasse 15a, 6340 Baar, Switzerland (the “Company”, the “Firm”, “we”, “our” or “us”). The Company is responsible for the data processing activities described below.

Unless otherwise defined in this Privacy Policy, the definitions used in this Privacy Policy have the same meaning as in the Swiss Federal Act on Data Protection (“FADP”) or the EU General Data Protection Regulation (“GDPR”).

1. Personal Data We Collect

When you use our services, we may collect or receive personal data for a variety of purposes related to our business operations. This includes the following:

Usage and analytics data (e.g., identifiers, number of clicks, tracking data)
Contact data (e.g., name, address, phone number, date of birth)
Payment data (e.g., billing information, account information)
Inquiry details (e.g., details and content of your inquiries to us)
Website visitor data (e.g., IP address, log files, device ID)

There is no obligation to provide your personal data. Please note, however, that our services cannot be provided if you do not provide the necessary data that is essential for fulfilling the contract between you and us.

2. How We Collect Personal Data

We collect information about our users when they use our services, including certain actions on our website.

Directly

Through our website and electronic communications
When you use our services
When you provide us with services
When you correspond with us electronically
When you browse, fill out a form, or make an inquiry while using our services

Indirectly

Through public sources
From public registers (e.g., commercial registers), news articles, and internet searches
When our business customers engage us to provide professional services and share personal data they control as part of this engagement
From external service providers

3. Legal Bases and Purposes of Data Processing

Our legal basis for collecting and using the personal data described in this Privacy Policy depends on the personal data we collect and the specific purposes for which we collect it.

Contract: To fulfill our (pre-)contractual obligations or to take steps related to a contract with you. Specifically:

To assist you with inquiries
To provide our services

Consent: We may rely on your consent, which you provide voluntarily at the time you provide your personal data. Specifically:

To analyze, improve, and personalize the use of our services and communication with us
To set optional cookies and similar technologies on your device

Legitimate Interests: We may rely on legitimate interests based on our assessment that the processing is fair and appropriate and does not outweigh your interests or fundamental rights and freedoms. Specifically:

To set technically necessary cookies and similar technologies on your device
To develop new services
To maintain and improve our services as well as to prevent, detect, and address security issues

Necessity to Comply with Legal Obligations: To comply with legal and public interest obligations. Specifically:

To inform you about changes to our services and our Privacy Policy
To comply with applicable regulations and laws
For the legal enforcement of claims and rights

4. Retention Periods

We retain personal data for as long as it is necessary for the purposes for which it was collected and in accordance with legal and regulatory requirements or contractual agreements. After this period, we delete your personal data or completely anonymize it.

5. Recipients of Personal Data

We engage third-party companies (“Service Providers”) to facilitate the operation of our services, to assist with analyzing the use of the services, or to provide necessary services such as payments and the provision of IT services. These third parties only have access to your personal data to the extent necessary to perform these tasks.

Types of service providers that may access your personal data:

Professional advisors we use such as accountants, auditors, and lawyers
Third parties we engage in the course of our service delivery to you, such as consultants, banks, and other payment service providers, KYC/AML service providers, as well as postal and courier services
Third parties that support us with IT and software solutions
Third parties that assist us with obtaining customer insights and marketing activities

6. Data Transfers to Third Countries

We and/or our service providers may transfer and process your personal data in the following locations:

EU and EEA
USA

We may use service providers located in so-called third countries (outside the European Union or the European Economic Area or Switzerland) or process personal data there, i.e., in countries whose level of data protection does not correspond to that of the EU or Switzerland.

We protect your personal data in accordance with our contractual obligations and applicable data protection laws when we transfer data abroad.

Such safeguards may include:

The transfer to countries that provide an adequate level of protection according to the Federal Council, as well as countries for which an adequacy decision of the European Commission is in place
Implementation of standard contractual clauses, binding corporate rules, or other standard contractual obligations providing adequate data protection

If a third country transfer takes place and there is no adequacy decision or appropriate safeguards, it is possible and there is a risk that authorities in the third country (e.g., intelligence services) could access the transferred data and that enforceability of the rights of data subjects cannot be guaranteed.

6.1 Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited (https://www.google.de/intl/de/about/) (Gordon House, Barrow Street, Dublin 4, Ireland, hereafter “Google”), on our websites. In this context, pseudonymized usage profiles are created and cookies (see point “Cookies”) are used. The information generated by the cookie about your use of this website such as

Browser type/version,
used operating system,
referrer URL (the previously visited page),
hostname of the accessing computer (IP address),
time of server request,

is transmitted to and stored by Google on servers in the USA. The information is used to evaluate the use of the website, compile reports on website activities, and provide other services associated with website and internet use for market research and the tailored design of these internet pages. This information may also be transferred to third parties if required by law or if third parties process this data on behalf. In any case, your IP address will not be merged with other data held by Google. The IP addresses are anonymized, making an assignment not possible (IP masking).

You can prevent the installation of cookies by selecting the appropriate settings on your browser software; however, we point out that if you do this, you may not be able to use all the functions of this website to their full extent.

These processing operations are only carried out with your express consent pursuant to Art. 6 para. 1 lit. a GDPR.

You can also prevent the collection by the cookie and related data about your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

Alternatively, particularly with browsers on mobile devices, you can also prevent Google Analytics from collecting your data by clicking on the following link: Deactivate Google Analytics. An opt-out cookie will be set, preventing future collection of your data when visiting this website. The opt-out cookie only applies in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).

7. Data Disclosure

We may disclose your personal data if we believe in good faith that such an action is necessary:

To comply with a legal obligation (i.e., if it is required by law or in response to legitimate requests by public authorities, such as a court or government agency)
To protect the security of the website and defend our rights or property
To prevent or investigate possible wrongdoing in connection with us

8. Data Security

We implement reasonable technical and organizational security measures to protect your stored data against manipulation, loss, or unauthorized access by third parties. Our security measures are continuously adjusted according to technological developments.

We also take internal data protection seriously. Our employees and the service providers we engage are bound to confidentiality and compliance with applicable data protection laws. Furthermore, they only have access to personal data to the extent necessary for their respective tasks or contract.

The security of your personal data is important to us, but remember that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security. We recommend using antivirus software, a firewall, and other similar software to protect your system.

9. Your Rights

You have the following data protection rights. To exercise these rights, you can contact the address mentioned above or send an email to: contact@www.odcus.com. Please note that we may ask you to verify your identity before responding substantively to such requests.

Right to Access: You have the right to request a copy of your personal data, which we will provide to you in electronic form.
Right to Rectification: You have the right to request that we correct our records if you believe they contain incorrect or incomplete information about you.
Right to Withdraw Consent: If you have consented to the processing of your personal data, you have the right to withdraw this consent with effect for the future. This also applies if you wish to unsubscribe from marketing communications. Once we receive notice that you have withdrawn your consent, we will no longer process your data for the purpose(s) to which you originally agreed unless there is another legal basis for processing.
Right to Erasure: You have the right to request the deletion of your personal data from us if it is no longer necessary for the purposes for which it was collected or if it has been unlawfully processed.
Right to Restriction of Processing: You have the right to request the restriction of the processing of your personal data if you believe the data is incorrect, the processing is unlawful, or we no longer need the data for the original purpose but cannot delete it due to a legal obligation or because you do not wish it.
Right to Data Portability: You have the right to request that we transfer your personal data to another controller in a standard format such as Excel, provided that it relates to data you have provided to us and we process it on the basis of your consent or to fulfill our contractual obligations.
Right to Object to Processing: If the legal basis for processing your personal data is our legitimate interest, you have the right to object to this processing for reasons arising from your particular situation. We will comply with your request unless we have a compelling legal basis for processing, which outweighs your interests, or must further process the personal data to exercise or defend a legal claim.
Right to Complain to a Supervisory Authority: You have the right to complain to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. In the EU and EEA, for example, you may exercise this right before a supervisory authority in your place of residence, workplace, or location of the alleged infringement. You can find a list of relevant authorities at: https://edpb.europa.eu/about-edpb/about-edpb/members_de. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner, Feldeggweg 1, CH – 3003 Bern, info@edoeb.admin.ch.

10. Social Media and Links to Third-Party Apps and Websites

Our services contain links to websites or apps not operated by us. If you click on a third-party link, you will be directed to that third party’s website or app. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

We maintain an online presence on social networks to communicate with customers and interested parties and provide information about our products and services. If you have an account on the same network, it is possible that the information and media you make available there can be seen by us when we, for example, view your profile. The social network may also allow us to contact you. Once we incorporate personal data into our own systems, we are independently responsible for it. This is done to carry out pre-contractual measures and to fulfill a contract. The legal basis for data processing by social networks on their own responsibility can be found in their privacy policies. Below is a list of social networks where we maintain an online presence: