Privacy Statement
1. Controller & Contact
The controller responsible for the processing of personal data in connection with this website and our services is:
Btwentyfour AG
Grafenauer Weg 8
6300 Zug, Switzerland
Commercial Register No.: CHE-172.454.429
E-mail: privacy@btwentyfour.com
Website: www.btwentyfour.com
For all questions relating to the processing of your personal data or to exercise your rights, please contact us at the address above, marking your communication "Privacy".
2. Scope & Applicable Law
Btwentyfour AG is incorporated in Switzerland and is primarily subject to the Swiss Federal Act on Data Protection (revFADP / nDSG), which has applied since 1 September 2023.
Where we process personal data of individuals located in the European Economic Area (EEA) or the United Kingdom, the EU General Data Protection Regulation (GDPR) and, where applicable, the UK GDPR apply in addition.
This Privacy Statement explains which personal data we collect through our website (www.btwentyfour.com), how we use it, with whom we share it, and what rights you have.
3. Data We Collect and Why
| Category | Data types | Purpose | Legal basis (GDPR) | legal basis (nDSG) |
| Website usage data | IP address (anonymised), browser, pages visited, session duration | Web analytics, performance optimisation | Art. 6(1)(f) – legitimate interest | Legitimate interest |
| Contact / enquiry data | Name, business e-mail, phone, company, message content | Handle enquiries, CRM management | Art. 6(1)(b) – pre-contractual; (f) | Contract performance / legitimate interest |
| Marketing interaction data | E-mail opens/clicks, form submissions, page views (HubSpot cookie) | Lead nurturing, personalised comms | Art. 6(1)(a) – consent; (f) | Consent / legitimate interest |
| B2B contact data (Cognism) | Company, job title, business e-mail, phone, LinkedIn URL | Outbound B2B sales prospecting | Art. 6(1)(f) – legitimate interest | Legitimate interest |
| Advertising data | Hashed e-mail, LinkedIn Member ID, ad interactions | Retargeting, campaign measurement | Art. 6(1)(a) – consent | Consent |
4. HubSpot – CRM & Marketing Platform
We use HubSpot (HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA) as our CRM and marketing automation platform.
What HubSpot processes
• Contact details submitted via website forms (name, company, e-mail, phone)
• Website visitor behaviour via the HubSpot tracking cookie (__hssc, __hssrc, hubspotutk)
• E-mail engagement data (opens, clicks, unsubscribes)
Purpose & legal basis
HubSpot helps us manage leads and customer relationships, send marketing communications, and measure campaign effectiveness. HubSpot acts as our data processor under a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR and equivalent nDSG provisions.
Transfer safeguards
HubSpot is certified under the EU-US Data Privacy Framework. We additionally rely on Standard Contractual Clauses (SCCs). See HubSpot's Privacy Policy at legal.hubspot.com/privacy-policy.
Opt-out
You may opt out of HubSpot tracking cookies via our cookie consent banner. Every marketing e-mail contains an unsubscribe link.
5. Cognism – B2B Contact Data Provider
We use Cognism Limited (7 Bishopsgate, London EC2N 3AR, United Kingdom) as a data provider for outbound B2B sales activities. Cognism compiles publicly available and legitimately sourced professional contact data.
Data categories received
• Business name, job title, and seniority level
• Business e-mail address and direct-dial telephone number
• Company name, size, and industry
• LinkedIn profile URL
Legal basis
We process this data on the basis of our legitimate interest in communicating with decision-makers at companies that may benefit from Btwentyfour's B2B integration and supply-chain network services (Art. 6(1)(f) GDPR; legitimate interest under nDSG).
Right to object
You may object to our use of your contact details for prospecting at any time by e-mailing privacy@btwentyfour.com. We will cease processing without delay.
6. Google Analytics & Tag Manager
Our website uses Google Analytics 4 (GA4) and Google Tag Manager (GTM) provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Data may be transferred to Google LLC in the USA.
What is collected
• Anonymised IP address (IP masking is enabled)
• Pages visited, time on page, scroll depth, and events
• Browser, device type, and operating system
• Referring website and campaign parameters (UTM)
Purpose & legal basis
We use these tools to understand website interactions and improve our content. Processing is based on your consent (Art. 6(1)(a) GDPR / nDSG), granted via our cookie consent banner.
Opt-out
• Refuse analytics cookies via our cookie consent banner
• Google Analytics Opt-out Add-on: tools.google.com/dlpage/gaoptout
7. LinkedIn Insight Tag
We use the LinkedIn Insight Tag provided by LinkedIn Ireland Unlimited Company (Wilton Plaza, Dublin 2, Ireland; parent: LinkedIn Corporation, USA).
Purpose
• Measure conversions from LinkedIn ad campaigns
• Build retargeting audiences (Matched Audiences)
• Obtain aggregated demographic insights on website visitors
Legal basis
Processing is based on your consent (Art. 6(1)(a) GDPR / nDSG). The Insight Tag is only activated after consent is given.
Opt-out
Withdraw consent via our cookie banner or at: linkedin.com/psettings/guest-controls/retargeting-opt-out.
8. Cookies & Tracking Technologies
| Category | Examples | Consent required |
| Strictly necessary | Session management, cookie-consent preference storage | No (exempt) |
| Analytics | _ga, _ga_* (Google Analytics), __hssc, hubspotutk (HubSpot) | Yes |
| Marketing / retargeting | li_fat_id, UserMatchHistory (LinkedIn), HubSpot marketing cookies | Yes |
You can review and change your cookie preferences at any time by clicking "Cookie Settings" in the footer of our website.
9. International Data Transfers
Some of our service providers are based outside Switzerland and the EEA, in particular in the USA. We ensure an adequate level of protection through:
• EU-US Data Privacy Framework (where the recipient is certified)
• Standard Contractual Clauses (SCCs) adopted by the European Commission
• Swiss standard data protection clauses as approved by the FDPIC
A copy of the applicable safeguards can be requested at privacy@btwentyfour.com.
10. Data Retention
| Data category | Retention period |
| Website analytics (GA4) | 14 months (event-level) |
| HubSpot CRM (active contacts) | Duration of business relationship + 3 years |
| HubSpot CRM (no engagement) | 24 months from last interaction; then deleted or anonymised |
| Cognism prospect data | Until opt-out or 12 months from acquisition if no engagement |
| LinkedIn Insight Tag data | 90 days (LinkedIn's standard retention) |
| E-mail correspondence | 10 years (Swiss commercial record-keeping obligation) |
11. Your Rights
Depending on your location and applicable law, you have the following rights:
| Right | Description |
| Access (Art. 25 nDSG / Art. 15 GDPR) | Request a copy of the personal data we hold about you |
| Rectification (Art. 32 nDSG / Art. 16 GDPR) | Have inaccurate or incomplete data corrected |
| Erasure (Art. 32 nDSG / Art. 17 GDPR) | Request deletion of data no longer necessary |
| Restriction (Art. 18 GDPR) | Ask us to restrict processing in certain circumstances |
| Data portability (Art. 20 GDPR) | Receive your data in a structured, machine-readable format |
| Object (Art. 21 GDPR / nDSG) | Object to processing based on legitimate interest, incl. direct marketing |
| Withdraw consent | Withdraw consent at any time without affecting past processing |
Submit requests to: privacy@btwentyfour.com. We will respond within 30 days (extendable to 90 days for complex requests under Swiss law; one month extendable to three months under GDPR).
You may also lodge a complaint with the relevant supervisory authority:
• Switzerland: Federal Data Protection and Information Commissioner (FDPIC) – www.edoeb.admin.ch
• EU/EEA: Data protection authority of your country of residence
12. Security
We implement appropriate technical and organisational measures (TOMs) to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Measures include TLS encryption, access controls, and regular security reviews of our service providers.
13. Changes to This Statement
We may update this Privacy Statement from time to time. The date of the latest version is always shown at the beginning of this document. For material changes, we will provide a more prominent notice on our website.
Version 23rd of March 2026