Peak Pioneers Logo

Privacy Policy

Zuletzt aktualisiert am: April 2025

Privacy Policy of Peak Pioneers Consulting Group, Owner Julian Wolf

Valid from: April 21, 2025

General Information and Responsibility

Responsible Entity:
Peak Pioneers Consulting Group, Owner Julian Wolf
Luzernerstrasse 13
6353 Weggis
Switzerland
Email: datenschutz@peak-pioneers.ch

This privacy policy explains the collection and processing of personal data (hereinafter "data") by our company and our website. We treat your data confidentially and process it in accordance with the Swiss Data Protection Act (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

What data we collect and process

Depending on the interaction, we process the following categories of personal data in particular:

  • Contact data: e.g. name, postal address, email address, telephone number, and, if applicable, company name and your position.
  • Communication and contract data: Information that you provide to us in the context of inquiries, orders, or a business relationship (e.g. emails, messages, project requirements, contract contents, customer numbers, agreed services, and terms).
  • Usage data: Technical data that is automatically generated when using our website - e.g. IP address (see Web Analytics section on anonymization), device type, browser type, date/time of access, visited pages, cookie and tracking information. This data helps us ensure the functionality and security of our website and improve our offer. (For details on cookies, see below and our separate Cookie Policy).
  • Payment data: When using paid services, we process payment information such as bank details or invoice and transaction data (only insofar as necessary for payment processing).

Source of the data: We usually collect the data directly from you - for example, when you fill out forms on our website, contact us by phone or email, or as part of contract and project processing. Usage data is automatically collected by IT systems when you use our websites (see Cookies and Web Analytics section).

Purposes and legal bases of data processing

We use your data for the following purposes based on the stated legal bases:

  • Contract fulfillment and business processing (Art. 6 para. 1 lit. b GDPR; Art. 31 para. 2 lit. a FADP): To answer inquiries, prepare and fulfill contracts, and manage the ongoing business relationship.
  • Communication (Art. 6 para. 1 lit. b or f GDPR; Art. 31 para. 1 or 2 lit. a FADP): To get in touch with you as a customer, interested party, or business partner. Our legitimate interest (lit. f / para. 1) here is efficient communication.
  • Newsletter and marketing (Art. 6 para. 1 lit. a GDPR; Art. 31 para. 1 FADP in conjunction with Art. 6 para. 6 FADP): To send you - only with your explicit consent - our newsletter or other information about our services. You can revoke your consent at any time.
  • Web analytics and optimization (Art. 6 para. 1 lit. a or f GDPR; Art. 31 para. 1 FADP): To improve our online offering and user-friendliness. Essential technical analyses are carried out on the basis of our legitimate interest. Further analyses using cookies/tracking are only carried out with your consent.
  • Security and legal obligations (Art. 6 para. 1 lit. c or f GDPR; Art. 31 para. 1 FADP): To ensure IT security (legitimate interest) and to fulfill legal storage and documentation obligations (legal obligation).
  • Support of internal processes by AI (Art. 6 para. 1 lit. f GDPR; Art. 31 para. 1 FADP): To increase efficiency in internal processes (e.g. text analysis, text creation). See section "AI Services" for details and risks. Our legitimate interest lies in the optimization of our working methods.

Where consent is required, we actively obtain this in advance. You can revoke any consent given at any time with effect for the future.

Disclosure of data to third parties and transfer to third countries

We only pass on your data if this is necessary, if you have consented, or if there is a legal basis. We use carefully selected service providers (processors) and contractually oblige them (DPA) to comply with data protection.

Our most important service providers and purposes:

  • Hosting – All-Inkl (Germany): Website hosting in Germany.
  • CDN & Security – Cloudflare Inc. (USA): Website optimization and protection.
  • Consent Management – CookieYes (UK): Management of cookie consents.
  • Web Analytics – Google Analytics 4 (Google Ireland Ltd., Ireland / Google LLC, USA): Website analysis (only with consent, IP anonymization activated).
  • Web Analytics – Hotjar (Hotjar Ltd., Malta / Ireland): Usability analysis (only with consent, sensitive inputs configured for suppression).
  • Tag Management – Google Tag Manager (Google Ireland Ltd., Ireland / Google LLC, USA): Management of website tags.
  • Online Advertising – Google Ads (Google Ireland Ltd., Ireland / Google LLC, USA): Advertisements and performance measurement (only with consent).
  • Email & Office – Microsoft 365 (Microsoft Ireland Operations Ltd., Ireland / Microsoft Corp., USA) & Google Workspace (Google Ireland Ltd., Ireland / Google LLC, USA): Communication and document management. Data may also be processed on servers in the USA. We check configurations to use data storage preferably in Switzerland/EU where technically possible and reasonable.
  • Customer Management – Bexio AG (Switzerland): CRM and accounting. Data processing exclusively in Switzerland.
  • AI Services – OpenAI (OpenAI Inc., USA) & Google Gemini (Google Ireland Ltd., Ireland / Google LLC, USA):
    • We use these AI services to support internal work processes, such as for analyzing or creating texts or for evaluating information.
    • Risk: Although we strive not to send personal data to these services, it cannot be completely ruled out that personal data (such as names, email addresses, communication contents, company data) may also be transmitted and processed during use (e.g. when analyzing emails or documents). This can also happen unintentionally, as we have not implemented automated anonymization processes. We do not knowingly transmit particularly sensitive data.
    • Protective measures: We have concluded Data Processing Agreements (DPAs) with both providers (OpenAI and Google). These agreements include the assurance of the providers not to use the transmitted data for training their general AI models. Access to the data by the providers is contractually regulated.

Transfer to third countries (especially USA and UK):

Some of the service providers mentioned (Cloudflare, Google, Microsoft, OpenAI) are located or process data in the USA, a country without a general level of data protection comparable to Switzerland or the EU. CookieYes is based in the UK.

  • USA: In order to nevertheless ensure an adequate level of protection for data transfers to the USA, we rely on the Standard Contractual Clauses (SCCs) approved by the European Commission, which we have concluded with the service providers. Additionally, where applicable, certifications of the providers under the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework can offer a higher level of protection (we check applicability on a case-by-case basis). Despite these contractual guarantees, we cannot completely rule out residual risks associated with access by US authorities.
  • UK: For the United Kingdom, there is an adequacy decision, so that data transfers there are treated similarly to those within the EU/Switzerland.

We ensure through contracts (DPA) and the transfer mechanisms mentioned that your data is also protected by these service providers in accordance with the requirements of the FADP and the GDPR.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies.

  • Essential Cookies: Technically necessary (Legal basis: Legitimate interest).
  • Non-essential Cookies (Analytics, Marketing): Only with your active consent via the CookieYes banner (Legal basis: Consent).

Details can be found in our separate Cookie Policy. You can manage cookies in your browser and use the opt-out add-on for Google Analytics: https://tools.google.com/dlpage/gaoptout.

Duration of Data Storage

We store data only as long as necessary for the purpose, if we have a legitimate interest, or if we are legally obligated:

  • Business records: Usually 10 years (legal obligation).
  • Other data (communication, marketing, usage, etc.): As long as necessary for the purpose or until your consent is revoked. We periodically review data records for deletion needs.
  • Application data: Max. 6 months after rejection, unless consent is given for longer storage.

Data no longer needed and without retention obligation is deleted or anonymized.

Your Rights as a Data Subject

You have the right to access, rectification, erasure, restriction of processing, objection, and, if applicable, data portability, as well as the right to revoke consent.

Contact us at datenschutz@peak-pioneers.ch. For identity verification, we may request appropriate evidence (e.g. comparison with existing contact data) to prevent misuse. We usually process requests within 30 days. Upon request, we will delete all entries associated with you, provided there are no legal obligations to the contrary.

Right to Complain to Supervisory Authorities

You can complain to the FDPIC (Switzerland) or your local data protection authority in the EU. However, we ask that you contact us first for clarification.

Data Security

We take appropriate technical and organizational security measures (TOMs):

  • SSL/TLS encryption.
  • Firewalls and security systems.
  • Access controls (need-to-know principle).
  • Use of two-factor authentication (2FA), where available and useful.
  • Regular review of the measures.
  • Contractual obligation of service providers.
  • Employee training and confidentiality obligation.

Absolute security on the Internet is not possible.

Changes to this Privacy Policy

The current version on our website applies.