Privacy Policy

We, LeadersBridge GmbH, Lindenweg 4, 5620 Bremgarten AG, Switzerland, are the provider of the AcquisitionOS Program. We are the controller responsible for the collection, use, and processing of your data.

Below, we explain whether and how we process your data.

Processing, Storage and Deletion of Personal Data

We process only personal data that we collect directly via our website, the associated applications, external platforms, so-called landing pages, or within the scope of the business relationship with our customers and other business partners. Processing is carried out only where you have given explicit consent or where a legal basis exists, for example for contract performance, for compliance with legal obligations, or on the basis of our legitimate interests.

Where you have granted consent, we process your data only within the limits of that consent, unless one of the legal bases listed below applies. You may withdraw your consent at any time; however, any processing activity already carried out lawfully remains unaffected by the withdrawal.

The following legal bases may apply:

Consent of the data subject.

Performance of a contract with the data subject as a contracting party, or necessary pre-contractual measures taken at the request of the data subject.

Compliance with necessary legal obligations of our company.

Performance of a task carried out in the public interest,.

Legitimate interests of our company, provided that the interests of the data subject or their fundamental rights do not override those interests.

We delete personal data as soon as the purpose for which it was collected has been fulfilled and there is no need for further storage. However, in certain cases we are legally required to store data for a longer period. This applies in particular to provisions of Swiss or European legislators in areas such as contract and tax law as well as commercial bookkeeping. For example, business records, contracts, and accounting vouchers must be retained for a period of 10 years. Personal data that is stored exclusively for legal reasons and is no longer required for the provision of our services is blocked by us and used solely for accounting and tax purposes.

Disclosure to Third Parties

In the course of contract performance, it may be necessary to use third-party services. In doing so, it may be necessary to disclose data to external service providers to ensure proper performance of the contract. The legal bases for such disclosures correspond to those of lawful processing and are described above. We ensure through contractual arrangements that third parties entrusted with data processing comply with data protection requirements. In certain cases, we may also be obliged by official or court orders to disclose data to public authorities or third parties.

Provision of Our Services and Creation of Log Files

When you access our website, our system automatically collects and stores information in so-called log files. This includes the following information:

Browser type and version

Operating system

IP address

Internet service provider

Date and time

The above data cannot be directly attributed to any individual and is not combined with other personal data; however, it remains in our system. The collection and storage of this data in log files is based on our legitimate interests, in particular ensuring the functionality and security of our services and their optimization. The log files are automatically deleted after the end of each session.

The collection and storage of your data in log files is essential for the operation of our website; therefore, there is no possibility to object to this processing.

Cookies, Tracking and Similar Technologies

We use cookies and comparable technologies on our website. Cookies are small text files stored by your browser that enable unique identification of your browser when you revisit our website. They store and transmit display settings and login information in order to make our website user-friendly and secure. The use of cookies is based on our legitimate interests in optimizing our website.

You control the use of cookies. By adjusting your browser settings, you can deactivate or restrict the transmission of cookies and delete cookies that have already been stored at any time. Please note, however, that disabling cookies may limit the functionality of our services.

When you visit our website, you are informed via a cookie banner through which you can give your consent to the use of cookies. This consent is the legal basis for the use of those cookies that are required for the full use of our services.

Tools, Applications and Other Technologies Used

Skool

We use the community platform Skool to host the AcquisitionOS program content, provide access to the client area, and enable communication and collaboration within the program (e.g., posts, comments, group discussions, and direct messages where applicable). For this purpose, clients (and, where applicable, their authorized users) must create a user account on Skool and log in to access the program.

As part of providing the program via Skool, the following categories of personal data may be processed (depending on what the user provides and how the platform is used): account and profile data (e.g., name, email address, username, password), program participation data (e.g., posts, comments, uploaded content), communication data, and technical usage data (e.g., log data, device and connection information).

The provider of the platform is SKOOL.COM, INC., 111 Main St, El Segundo, CA 90245, USA (“Skool”).

Data may be processed in the United States. Where required, appropriate safeguards (such as standard contractual clauses) may be used for international data transfers.

The legal basis for this processing is generally the performance of the contract (provision of the AcquisitionOS program and access to the platform) and, where applicable, our legitimate interest in operating and securing the program platform and improving service delivery.

Reference: Skool Privacy Policy: https://www.skool.com/legal?t=privacy

Google Meet

We use Google Meet to conduct online meetings with clients and other contacts (video conferencing, screen sharing, and related functions).

Depending on use, Google Meet may process in particular the following categories of personal data: account and contact data (e.g., name, email address), meeting metadata (e.g., date/time, participants, device and connection information), and communication content (audio/video and chat content). If meeting recording is enabled, recordings may be stored (typically in Google Drive, depending on configuration).

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (service provider contact information), and/or affiliated Google entities depending on the service context.

Data may be processed outside Switzerland and the EEA. For Google Workspace/Cloud services, Google offers a Cloud Data Processing Addendum that incorporates standard contractual clauses (SCCs) as a transfer mechanism under EU/UK/Swiss data protection laws.

The legal basis is, in particular, the performance of the contract (communication and delivery) and our legitimate interest in efficient and secure communication and collaboration.

Further information is available in Google’s privacy policy and Google Workspace privacy/compliance information: https://policies.google.com/privacy

Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called cookies that are stored on your computer and enable an analysis of your use of our website. As a rule, the information generated by the cookie (such as browser type, operating system, IP address, referrer URL) is transmitted to a Google server in the USA and stored there.

On our behalf, Google uses the stored information to evaluate your use of our website, to compile reports on website activity, and to provide other services related to website usage or internet usage for us.

By changing the settings in your browser, you can disable or restrict the transmission of cookies. You can also delete stored cookies at any time via your browser settings; this can also be automated. Please note that disabling cookies may mean that not all services of our website can be used.

We point out that our use of Google Analytics requires your consent, which therefore constitutes the legal basis. You can provide your consent via the cookie banner. In addition, our company has a legitimate interest in using Google Analytics.

You can also prevent Google from collecting the information generated by the cookie and related to your use of the website, as well as the processing of this information by Google. For this purpose, the following browser add-on to deactivate Google Analytics has been developed and can be downloaded and installed directly from Google via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on Google Analytics can be found in the Google Analytics Terms (https://marketingplatform.google.com/about/analytics/terms/de/), the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de) and the related privacy policy (https://policies.google.com).

Google Calendar

We use Google Calendar on our website to schedule appointments. In Europe, the following company in Ireland is responsible for Google Calendar: Google Ireland Limited, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Ireland. For this purpose, we use your email address and your name. Your data may be transferred by Google to the USA.

The legal basis for the processing of data and the transfer of data to the USA is so-called Standard Contractual Clauses. Through these clauses, Google undertakes to comply with applicable European law and the required level of data protection. This also applies if the data is processed in a third country such as the USA.

Further information about Google's data processing can be found at: https://policies.google.com/privacy.

Google Fonts

We use the fonts of the Google Fonts service on our website. In Europe, the following company in Ireland is responsible for Google Fonts: Google Ireland Limited, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Ireland. Using Google Fonts enables us to use fonts without uploading them to our servers, which improves the quality of our website (legitimate interest).

Visiting our website causes the fonts to be loaded from Google's servers. Google receives your IP address. Your data is stored, among other places, in the USA. The legal basis for the processing of data and the transfer of data to the USA is so-called Standard Contractual Clauses. Through these clauses, Google undertakes to comply with applicable European law and the required level of data protection. This also applies if the data is processed in a third country such as the USA.

Further information regarding Google Fonts can be found in the data processing terms for Google advertising products (applicable accordingly to Google Fonts): https://business.safety.google/adsprocessorterms/.

In addition, we refer to Google's privacy policy: https://policies.google.com/privacy.

Google Maps

We use Google Maps on our website to provide location information. In Europe, Google Maps is provided by Google Ireland Limited, Dublin, Ireland. Google Maps uses cookies to collect information such as your browser type, operating system, IP address and referrer URL. This data, including your location data, may be transmitted to Google's servers, possibly also in the USA, and stored there.

The processing and transfer of data to the USA is based on Standard Contractual Clauses, by which Google undertakes to comply with European data protection standards even when processing data in third countries.

For further information on data protection at Google, please visit: https://policies.google.com/privacy.

Google Workspace

We use Google Workspace, among other services, to provide our services. In Europe, the following company in Ireland is responsible for Google Workspace: Google Ireland Limited, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Ireland. Data processing may also take place in the USA.

Further information on the use of Google services can be found in the relevant privacy policy at: https://policies.google.com.

HubSpot

We use HubSpot on our website, provided by HubSpot, 1 Sir Jon Rogerson’s Quay, Dublin 2, Ireland. HubSpot may also process your data in the USA.

The legal basis for the processing of data and the transfer of data to the USA is so-called Standard Contractual Clauses. Through these clauses, HubSpot undertakes to comply with applicable European law and the required level of data protection. This also applies if the data is processed in a third country such as the USA.

The legal basis for using HubSpot is your consent as the data subject. In addition, we have a legitimate interest in using HubSpot; HubSpot is used to optimize our website and our offering.

Further information on HubSpot can be found at: https://legal.hubspot.com/de/privacy-policy.

Contact Form

Our website includes contact forms that enable you to contact us. In the course of using these forms, the following data you provide is transmitted to us and stored, among other things: first and last name, telephone number, email address, subject and message.

The information you transmit to us is used solely to process your inquiry/message. By submitting your inquiry/message, you consent to the data processing described (legal basis: consent). You may withdraw your consent at any time; however, processing already carried out remains unaffected by the withdrawal.

LinkedIn

We use so-called social plug-ins from LinkedIn, provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, on our website. You can recognize the relevant plug-ins by the LinkedIn logo or the “Recommend” button on our website. When you visit our website, the respective plug-in establishes a connection from your browser to LinkedIn’s server. Regardless of whether you are logged in to LinkedIn, or whether you have a LinkedIn account at all, LinkedIn receives the information that you visited our website with your IP address. This information is stored on the aforementioned server in the USA.

If you click the “Recommend” button while logged in to your account, you can share our pages on your profile. As we have no knowledge of the transmitted information and the details of data collection, and for information on your rights and settings options, we refer you to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

Links to Third-Party Websites

Where we provide links to websites of other organizations, the privacy policies published on those websites apply.

YouTube

We use so-called social plug-ins from YouTube, provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, on our website. You can recognize the relevant plug-ins by the YouTube logo on our site.

When you visit our website, the respective plug-in establishes a connection from your browser to YouTube’s server. Regardless of whether you are logged in to YouTube, or whether you have a YouTube account at all, YouTube receives the information that you visited our website with your IP address. This information is stored on servers in the USA. If you are logged in to YouTube during your visit to our website, the platform creates an identifier/connection with your YouTube account.

YouTube therefore also processes the data in the USA. The legal basis for the processing of data and the transfer of data to the USA is so-called Standard Contractual Clauses. Through these clauses, YouTube undertakes to comply with applicable European law and the required level of data protection. This also applies if the data is processed in a third country such as the USA.

We point out that YouTube may use this information for purposes such as advertising, market research, or other purposes such as adapting displayed advertisements; we have no influence over this. If you do not wish your account to be associated, please log out of your YouTube account before visiting our website. Further information can be found in YouTube’s privacy policy: https://policies.google.com/privacy.

Fathom

We use Fathom to record online meetings (audio/video, where enabled) and to create meeting notes and transcripts. This helps us document discussions, create internal summaries, and improve follow-up and delivery.

Depending on use, Fathom may process in particular the following categories of personal data: account data (e.g., name, email address), meeting metadata (e.g., date/time, participants), and meeting content (e.g., audio/video recordings, transcripts, notes, and related information).

The provider is Fathom Video Inc. (also referenced as Fathom Inc. in its data processing terms). Data may be processed in the United States. Where required, appropriate safeguards for international data transfers may be used, in particular standard contractual clauses and/or applicable data transfer frameworks, as described in Fathom’s documentation.

The legal basis is, in particular, the performance of the contract (meeting performance and documentation) and our legitimate interest in efficient meeting documentation and internal organization. Where legally required (e.g., for recordings), we will obtain the necessary consent and/or provide appropriate notice.

Further information is available in Fathom’s privacy policy and DPA: https://www.fathom.ai/privacy

AbaNinja

We use AbaNinja for invoicing and accounting administration (e.g., creating and sending offers and invoices, processing supplier invoices, and managing accounting-related information).

Depending on use, AbaNinja may process in particular the following categories of personal data: master and contact data (e.g., name, company, address, email address), billing and transaction data (e.g., invoice and offer details, services, amounts, VAT information, payment status), and—where applicable—information contained in supplier invoices uploaded to the system.

The provider of “Ninja” / AbaNinja is DeepCloud AG, Abacus-Platz 1, 9300 Wittenbach, Switzerland.

The servers for “Ninja” are operated in data centres in Switzerland; data transmission is encrypted.

The legal basis is, in particular, the performance of the contract (billing and administration), compliance with applicable statutory record-keeping and accounting obligations, and our legitimate interest in efficient business administration.

Further information is available in the provider’s data protection / contractual documentation (e.g., Swiss21 / Ninja data protection information): https://helpdesk.swiss21.org/hc/en-gb/articles/360020693480-Data-protection

DocuSign

We use DocuSign to prepare, send, sign, and manage contracts and other documents electronically (e.g., agreements, order forms, and related documentation).

Depending on use, DocuSign may process in particular the following categories of personal data: identity and contact data of signatories (e.g., name, email address), document and transaction data (e.g., signed documents, signature metadata, audit trail, timestamps, IP address and device information), and communication/notification data (e.g., email notifications related to the signing process).

The provider is Docusign, Inc., 221 Main Street, Suite 1550, San Francisco, CA 94105, USA, and its affiliates.

DocuSign may process personal data in countries outside Switzerland and the EEA (including the United States). Where required, appropriate safeguards for international data transfers may be used, in particular standard contractual clauses and/or binding corporate rules, as described in DocuSign’s data protection documentation.

The legal basis is, in particular, the performance of the contract (execution and administration of contractual documents) and our legitimate interest in efficient, secure, and verifiable contract handling.

Further information is available in DocuSign’s Privacy Notice and Data Protection Attachment (DPA): https://www.docusign.com/privacy

Slack

We use Slack as an internal communication and collaboration platform for our team (e.g., messaging, coordination, file sharing). Slack is not intended as a client communication channel. If personal data of clients or other third parties is nevertheless included in Slack in individual cases, this is done solely for internal coordination in connection with our services.

The provider is Slack Technologies, LLC, 500 Howard Street, San Francisco, CA 94105, United States, and, depending on the workspace setup and location, Slack Technologies Limited, Central Park (Block G), 1 Central Park, Leopardstown, Dublin 18, Ireland.

Depending on use, the following categories of personal data may be processed: account and profile data (e.g., name, email address), communication content (messages and shared files), and usage and device metadata (e.g., log data). Processing is carried out for the purpose of efficient internal communication, collaboration, and operational organization.

The legal basis is our legitimate interests in secure and efficient internal communication and collaboration and, where applicable, the performance of a contract (e.g., employment or contractor relationship). Where Slack processes data in third countries (e.g., the USA), appropriate safeguards may be used, in particular standard contractual clauses, as described in Slack’s data protection documentation and data processing terms: https://www.salesforce.com/en-us/wp-content/uploads/sites/4/documents/legal/Agreements/data-processing-addendum.pdf

Calendly

We use Calendly to schedule meetings with clients, prospects, and other contacts (e.g., booking discovery calls, program sessions, and follow-up appointments).

Depending on use, Calendly may process in particular the following categories of personal data: identity and contact data (e.g., name, email address), scheduling data (e.g., date, time, time zone, meeting type, invitee responses to booking questions), and technical usage data (e.g., device, browser, and connection information).

The provider is Calendly, LLC, 271 17th St NW, Ste 1000, Atlanta, GA 30363, USA.

Data may be processed in the United States. Where required, appropriate safeguards for international data transfers may be used, in particular standard contractual clauses, as described in Calendly's data protection documentation.

The legal basis is, in particular, the performance of the contract or pre-contractual measures taken at your request (i.e., booking and conducting a meeting), and our legitimate interest in efficient and reliable appointment scheduling.

Further information is available in Calendly's privacy notice: https://calendly.com/legal/privacy-notice

Loom

We use Loom to record and share short videos with clients (in particular asynchronous feedback, walkthroughs, and updates on their progress through the AcquisitionOS program).

Depending on use, Loom may process in particular the following categories of personal data: account and contact data (e.g., name, email address), video content (e.g., audio, video, and screen recordings created by us, and any personal data visible or audible in those recordings), and viewer engagement data (e.g., views, reactions, and comments on shared videos).

The provider is Loom, Inc., a subsidiary of Atlassian, 130 Lytton Avenue, Suite 300, Palo Alto, CA 94301, USA.

The legal basis is, in particular, the performance of the contract (delivery of the AcquisitionOS program, including feedback to clients) and our legitimate interest in efficient and well-documented client communication.

Further information is available in Loom's privacy policy: https://www.loom.com/privacy-policy

Rights of Data Subjects

Right of Access

As a data subject, you may request confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have the right to obtain information about:

The purposes for which the personal data is processed.

The categories of personal data that are processed.

The recipients or categories of recipients to whom the personal data has been disclosed or will be disclosed, in particular recipients in third countries or international organizations.

The intended duration of storage of the personal data relating to you, or, if this is not possible, the criteria used to determine that duration.

The existence of a right to rectification or erasure of personal data relating to you, or to restriction of processing by us, or a right to object to such processing.

The existence of a right to lodge a complaint with a supervisory authority.

All available information as to the source of the personal data, where it was not collected from you.

The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You also have the right to request information as to whether personal data relating to you is transferred to a third country or an international organization; in such a case, you have the right to be informed of the appropriate safeguards relating to the transfer.

Right to Rectification and Erasure

You have the right to request from us without undue delay the rectification and/or completion of inaccurate and/or incomplete personal data relating to you.

You also have the right to request that we erase personal data relating to you without undue delay, provided that one of the following grounds applies:

The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.

You withdraw your consent and there is no other legal basis for the processing.

You object to the processing for reasons arising from your particular situation and there are no overriding legitimate grounds for the processing, or you object to processing for direct marketing purposes.

The personal data relating to you has been processed unlawfully.

Erasure of the personal data relating to you is necessary for compliance with a legal obligation.

The personal data relating to you was collected in relation to offered information society services pursuant to Article 8(1) GDPR.

Right to Restriction of Processing

As a data subject, you have the right to request restriction of processing if one of the following conditions is met:

The accuracy of the personal data is contested. Restriction may be requested for a period enabling us to verify the accuracy of the personal data.

The processing is unlawful and you request restriction instead of erasure.

We no longer need the personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims.

You object to the processing.

Where processing of personal data relating to you has been restricted, such data may, with the exception of storage, be processed only with your consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of public interest.

If you have obtained restriction of processing under the above conditions, we will inform you before the restriction is lifted.

Information and Notification Obligations Toward Third Parties

If we have made your personal data public and are obliged under the legal requirements to erase it, we will, taking into account available technology and implementation costs, take reasonable measures, including technical measures, to inform other controllers and processors processing the data that you have requested erasure of all links to such personal data, or of copies or replications of such personal data.

We inform all recipients to whom your personal data has been disclosed of any rectification or erasure of the data, as well as any restriction of its processing, unless this is impossible or involves a disproportionate effort. In such cases, we endeavor to clearly communicate the reasons for non-notification and to ensure that your rights are nevertheless protected.

Exceptions to the Right to Erasure

The right to erasure does not apply where processing is necessary to exercise the right to freedom of expression and information and/or for the establishment, exercise and/or defense of legal claims.

Right to Data Portability

As a data subject, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit that data to another controller without hindrance from us, provided that the processing is based on consent or on a contract and the processing is carried out by automated means.

You also have the right to have the personal data concerning you transmitted directly by us to another controller, where technically feasible. The rights and freedoms of others must not be adversely affected as a result.

Right to Object

As a data subject, you have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data relating to you that is carried out on the basis of Article 6(1)(e) or (f) GDPR. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms. An additional exception applies where processing is carried out for the establishment, exercise, or defense of legal claims.

Where we process personal data relating to you for direct marketing purposes, you have the right to object at any time to processing for such marketing. If you object to processing for the aforementioned purpose, we will no longer use personal data relating to you for that purpose.

You have the right to withdraw your consent at any time. The lawfulness of processing carried out before the withdrawal remains unaffected.

Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the EU/CH at your place of residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR or the Swiss Data Protection Act (DSG).

The competent authority in Switzerland is: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern.

The supervisory authority with which the complaint has been lodged will inform the complainant of the status and the outcome of the complaint, including the possibility of a judicial remedy.

LeadersBridge GmbH, December 2025