top of page

Privacy policy.

Last updated: 6 october 2025

We take your privacy and the protection of your personal data seriously. This policy explains in detail how we collect, use, and safeguard your information in line with Swiss and European data protection laws. Our goal is to be transparent while keeping your data safe.

In this Privacy Policy, we, Olympia Advisory GmbH (Olympia Advisory LLC) hereinafter “Olympia Advisory”, “we” or “us”, explain how we collect and process personal data. Personal data means all information relating to an identified or identifiable individual.

 

This Privacy Policy is designed to comply with the requirements of the EU General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (FADP), and the revised Swiss Federal Act on Data Protection (revFADP). The applicability of these laws depends on the individual case.

 

If you provide us with personal data of other individuals (e.g. employees, colleagues, business partners), please ensure these individuals are aware of this Privacy Policy and that you are authorised to provide such data.

 

1. Controller and Contact Information

 

The data controller for purposes of applicable data protection law is Olympia Advisory GmbH (Olympia Advisory LLC).

 

The person responsible for the data processing described here is the owner and managing director, unless otherwise specified in individual cases.

 

If you have data protection concerns, you can contact us at:

 

Olympia Advisory GmbH (Olympia Advisory LLC)

c/o startup space AG

Wiesenstrasse 10a, 8952 Schlieren, Switzerland

Email: privacy@olympia-advisory.com

 

2. Collection and Processing of Personal Data

 

We primarily process personal data that we receive directly in the course of business relationships with our clients, prospective clients, business partners, and website users.

 

Where permitted, we may also obtain information from publicly available sources (e.g. commercial registers, press, professional platforms) or receive data from third parties such as business partners, service providers, or authorities.

 

The categories of personal data we may process include in particular:

 

  • Identification and contact details – such as name, email address, phone number, postal address.

  • Professional information – role, employer, sector, expertise, and related details needed for collaboration.

  • Contract and billing information – services provided, invoices, payments, delivery addresses, powers of attorney, compliance-related data (e.g. anti-money laundering).

  • Communications – correspondence, meeting notes, or information shared with us by you or by authorised third parties (e.g. family, advisors, representatives).

  • Financial and transactional data – payment information, purchase details, or credit information if relevant to a direct business relationship.

  • Publicly available information – from registers, media, or the internet, where appropriate (e.g. applications, professional background, marketing).

  • Technical and usage data – such as IP address, device/browser details, log files, cookies, pages visited, date/time of access, referring websites, and location data where applicable.

  • Marketing and profiling data – interests, participation in events, or other socio-demographic information relevant for business development.

  • Information received in connection with legal or administrative proceedings.

​

3. Purposes of Processing and Legal Basis

 

We process personal data in particular for the following purposes and based on the legal grounds of contractual necessity, legal obligations, legitimate interests, or consent (where required):

 

  • Service delivery and development – to provide and manage our advisory services, workshops, and client projects, as well as to improve our services, website, and digital platforms. This also includes communicating with clients, prospects, and third parties (e.g. handling enquiries, applications, or media requests).

  • Business development and marketing – including customer acquisition from public sources, direct contact, events, advertising, and newsletters. Existing clients may receive information about similar services unless they object; such objections will be honoured immediately and the contact placed on a blocking list.

  • Research and monitoring – such as market and opinion research, and media monitoring to better understand and improve our activities.

  • Legal and compliance matters – including the assertion or defence of legal claims, fraud prevention and internal investigations, compliance with laws and internal policies, and corporate transactions (purchase/sale of business units or company parts).

  • Operations and security – to ensure the functioning of our IT systems, website, and communications, and to protect data and users through appropriate security measures (e.g. secure networks, firewalls, encryption, and malware/spam filters).

 

Where processing is based on consent (e.g. newsletters, cookies, certain marketing activities), consent is obtained explicitly — for example, through opt-in checkboxes for newsletters or via the CookieYes banner for non-essential cookies. You may withdraw your consent at any time. This does not affect the lawfulness of processing carried out prior to withdrawal.

 

4. Cookies and Similar Technologies

 

We use cookies and similar technologies on our website. Cookies are small files stored on your device when you visit a website. They help us make our site more user-friendly, effective and secure, as well as to analyse its use and support certain embedded services. Cookies may be session-based (deleted when you close your browser) or persistent (remain stored until expiry or deletion).

 

Categories of cookies we may use:

 

  • Essential cookies: Required for the website to function properly (e.g. security, form submissions, appointment scheduling via Calendly, or cookie consent via CookieYes).

 

  • Analytics cookies: Used to measure and improve performance. For example, We use Google Analytics with IP anonymisation enabled, which means your full IP address is truncated before being stored or processed. Analytics cookies may collect information such as your IP address, browser type, operating system, pages visited, referring website, date and time of access, and location data.

​

  • Marketing and advertising cookies:  Used to tailor content and advertising to your interests. This includes technologies from LinkedIn (Insight Tag), Meta (Facebook/Instagram), YouTube embeds, and Google Ads. These tools may track page views, referrers, and device/browser data to measure campaign effectiveness and build interest-based audiences. You can manage or withdraw consent at any time via our cookie banner or directly in your LinkedIn, Google, or Meta account settings.

 

Your choices

 

You can manage your preferences through our CookieYes cookie banner and your browser settings. Most browsers allow you to block cookies entirely or delete them after each session. Please note that blocking certain cookies may limit the functionality of our website.

​

Details of the specific cookies in use, their purposes and durations are available in the CookieYes banner on our website, where you can manage your preferences at any time. You can reopen the CookieYes banner at any time by clicking the cookie icon displayed in the bottom corner of our website to review or update your preferences.”

 

Where required by law, we only set non‑essential cookies (e.g., analytics and marketing) with your consent via the cookie banner, and you can change your choices at any time.

 

5. Use of Third-Party Services

 

We work with selected service providers who process personal data on our behalf (“processors”). These providers are contractually bound to comply with data protection law and to process data only as instructed by us. Depending on the service, personal data may also be transferred to countries outside Switzerland and the EU/EEA (particularly the USA). Where this is the case, we ensure appropriate safeguards (e.g. EU standard contractual clauses).

 

The main categories of third-party services we use are:

​

  • Website and hosting: Wix (website hosting, form submissions) – Privacy Policy

  • Cookie and consent management: CookieYes (cookie banner, consent logging and policy management) – Privacy Policy

  • Communications and collaboration: Google Workspace (email, calendar, file storage) – Privacy Policy

  • Client and lead management: Hubspot (managing client relationships, tracking interactions – Privacy Policy

  • Email marketing: MailerLite (email newsletters, campaign management, signup forms) – Privacy Policy

  • Scheduling: Calendly (online appointment booking) – Privacy Policy

  • Analytics: Google Analytics (website traffic analysis with IP anonymisation enabled in EU/CH) – Privacy Policy

  • Advertising and marketing: LinkedIn and Meta (Insight Tag for analytics, conversion tracking, and interest-based advertising) – LinkedIn Privacy Policy, Meta Privacy Policy

  • Multimedia: YouTube (video embeds on our website) – Privacy Policy

 

Social media plugins are deactivated by default and only activate when you click them; their providers may then receive personal data as described in their own policies.

 

Where these providers set cookies or comparable technologies, this is described separately in Section 4, Cookies and Similar Technologies.

 

6. Disclosure and Transfer of Personal Data

 

We may disclose personal data to third parties if this is necessary for the purposes set out in this Privacy Policy, if we are legally obliged or entitled to do so, or if you have given your consent.

 

These recipients may include in particular:

​

  • Service providers (see Section 5, Use of Third-Party Services) who process data on our behalf.

  • Business partners, counterparties, or other organisations involved in a mandate, project, or event.

  • Professional advisors such as lawyers, auditors, or tax consultants.

  • Authorities, regulators, courts, or other official bodies in Switzerland and abroad where required by law or legal proceedings.

  • Buyers or parties to potential acquisitions, mergers, or other corporate transactions involving Olympia Advisory.

 

Personal data may therefore also be transferred outside Switzerland, the EU or the EEA (e.g. to the USA). Where the recipient country does not have adequate data protection, we ensure appropriate safeguards such as EU Standard Contractual Clauses (SCCs), or rely on exceptions (e.g. consent, contract performance, establishment or defence of legal claims, overriding public interests).

 

7. Retention of Personal Data

 

We process and store personal data only for as long as necessary to fulfil the purposes set out in this Privacy Policy, to meet legal or contractual obligations, or where we have a legitimate interest (e.g. evidence and documentation, IT security). The retention period is determined using the following criteria: purpose and duration of the business relationship, statutory retention duties, applicable limitation periods, and operational/security needs.

 

Typical retention periods

​

  • Contract and business records (e.g. contracts, project files, invoices, accounting documents, correspondence): generally 10 years after the end of the relevant financial year in line with Swiss commercial and tax law.

  • Communications (general enquiries, meeting notes) where no contract follows: retained for the period necessary to handle the enquiry and for reasonable follow‑up; typically up to 24 months from the last interaction unless earlier deletion is requested or required.

  • Marketing data (newsletter subscriptions, event sign‑ups): retained until you withdraw consent or object. We keep a minimal suppression (blocking) record indefinitely to ensure your opt‑out is respected.

  • Technical and security logs (e.g. web server/access logs, email gateway logs): generally up to 12 months unless a longer period is required for security investigations or legal reasons.

  • Analytics and cookies data: retained according to the cookie lifetime (see the CookieYes banner for specific cookie lifetimes currently in use on our site). Aggregated or anonymised analytics may be retained longer without personal data.

  • Legal matters (claims, disputes, regulatory proceedings): retained until the matter is finally resolved and applicable limitation periods have expired.

 

Deletion and anonymisation

 

When personal data is no longer required for the above purposes, it is deleted or anonymised where possible. If deletion is not feasible (e.g. due to backup or archival constraints), the data is segregated and access‑restricted until deletion becomes possible through the normal backup/archival cycle.

 

8. Data Security

 

We take appropriate technical and organisational security measures to protect personal data from unauthorised access, misuse, accidental loss, manipulation, or destruction. These measures are regularly reviewed and adapted in line with technological developments.

 

Our security measures include, in particular:

  • Use of secure networks, firewalls, and intrusion detection systems.

  • Encryption of data transmissions (e.g. SSL/TLS for our website).

  • Access controls and restriction of personal data to authorised persons only.

  • Secure storage, backup, and deletion procedures.

 

Please note that the internet is an open network. Although we take extensive precautions, the transmission of personal data over the internet is always at your own risk.

 

9. Obligation to Provide Personal Data

 

Within our business relationship, you must provide the personal data necessary for us to initiate and perform that relationship and fulfil related obligations. Without such data, we will generally be unable to conclude or perform a contract with you (or the entity you represent). Certain technical information (e.g. IP address) is required for use of our website.

 

10. Profiling and Automated Decision-Making

 

We may process personal data automatically to evaluate certain personal aspects (profiling), for example to tailor information or offers. We do not use automated decision-making that produces legal or similarly significant effects on you within the meaning of Art. 22 GDPR.

​

11. Your Rights

 

Under applicable data protection law (in particular the Swiss FADP/revFADP and, where applicable, the GDPR), you have the following rights in relation to your personal data:

  • Right of access (to obtain information about your personal data and how we process it).

  • Right to rectification (to correct inaccurate or incomplete data).

  • Right to erasure (to request deletion of your data, subject to legal retention requirements).

  • Right to restriction of processing.

  • Right to data portability (to receive personal data you have provided to us in a structured, commonly used, and machine-readable format).

  • Right to object to processing, particularly to data processing for direct marketing purposes.

  • Right to withdraw consent at any time, where processing is based on consent (without affecting prior lawful processing).

​

You can exercise your rights by emailing us at privacy@olympia-advisory.com.

 

If you believe your rights have been infringed, you also have the right to lodge a complaint with the competent data protection authority. For Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC); for the EU, it is the authority in your country of residence or work.      

 

To process your request, we may need to verify your identity (e.g., by reasonable means). We aim to respond within one month; where requests are complex or numerous, we may extend this by up to two further months and will inform you accordingly.

 

These rights are subject to the conditions and limitations set out in applicable law.

 

12. Changes to this Privacy Policy

​

We may amend this Privacy Policy at any time without prior notice. The version published on our website applies. Where this Policy forms part of an agreement with you, we will inform you of material updates by email or other suitable means.

 

The date of the latest update is shown at the top of this page. For website users, we indicate material changes by updating the ‘Last updated’ date at the top of this page. If changes are significant, we may also post a notice on our website or inform you by other appropriate means.

bottom of page