Privacy Policy of Dr. Thomas Leiber

Version: May 2026

In this privacy policy, I, Dr. Thomas Leiber (hereinafter referred to as "I" or "my"), explain how I collect and otherwise process personal data. This is not an exhaustive description; other data protection declarations, general terms and conditions, conditions of participation and similar documents may regulate specific circumstances. Personal data refers to all information relating to an identified or identifiable person.

If you provide me with the personal data of other persons (e.g. family members, data of work colleagues), please ensure that these persons are aware of this privacy policy and only provide me with their personal data if you are authorised to do so and if this personal data is correct.

This Privacy Policy is designed to meet the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Data Protection Act ("DSG") and the revised Swiss Data Protection Act ("revDSG"). However, whether and to what extent these laws are applicable depends on the individual case.

1. Responsible person / data protection contact

Dr. Thomas Leiber is responsible for the data processing described here. If you have data protection concerns, you can reach me at the contact details provided on this website.

2. Collection and processing of personal data

I primarily process the personal data that I receive from my clients and other business partners as part of my professional activities and other business relationships, or that I collect from users when operating my website and other applications.

Insofar as this is permitted, I also obtain certain data from publicly accessible sources (e.g. press, internet, professional directories) or receive such data from authorities and other third parties. In addition to the data you have provided directly, the categories of personal data I receive about you from third parties may include information from public registers, data received in connection with legal proceedings, information in connection with professional functions and activities, information about you in correspondence and discussions with third parties, and creditworthiness information.

3. Purposes of data processing and legal bases

I use the personal data I collect primarily to provide and develop my professional services, to communicate with clients and other contacts, and to fulfil my legal obligations. In addition, I also process personal data where permitted and appropriate for the following purposes:

  • Offering and further development of my services, website and other platforms on which I am active;

  • Communication with third parties and processing their enquiries (e.g. client enquiries, media enquiries);

  • Examination and optimisation of procedures for needs analysis for the purpose of direct client contact;

  • Advertising and marketing, provided you have not objected to the use of your data;

  • Market and opinion research, media monitoring;

  • Assertion of legal claims and defence in connection with legal disputes and official proceedings;

  • Prevention and investigation of misconduct;

  • Ensuring the operation of my website and other platforms;

  • Acquisition and sale of business divisions or other transactions under company law.

If you have given me your consent to process your personal data for specific purposes, I will process your personal data within the scope of and based on this consent. Consent given can be withdrawn at any time, but this has no effect on data processing that has already taken place.

4. Cookies, tracking and other technologies in connection with the use of my website

I typically use "cookies" and similar technologies on my website to identify your browser or device. In addition to session cookies, I also use permanent cookies to store user settings and other information for a certain period of time. You can configure your browser to reject or delete cookies.

In my newsletters and other marketing e-mails, I may include visible and invisible image elements whose retrieval from my servers allows me to determine whether and when you have opened the e-mail. You can block this in your email programme.

By using my website and agreeing to receive newsletters and other marketing emails, you consent to the use of these techniques. If you do not want this, you must set your browser or email programme accordingly.

5. Third-party tools and services

Website hosting – Squarespace

This website is hosted by Squarespace Inc., 225 Varick Street, New York, NY 10014, USA. When you visit this website, Squarespace may collect technical data such as your IP address, browser type, and pages visited as part of operating the hosting infrastructure. Squarespace acts as a data processor on my behalf and is bound by a data processing agreement. Squarespace’s data policy applies: squarespace.com/privacy.

Website analytics – Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies and similar technologies to collect and analyse information about how visitors use this website (e.g. pages visited, time spent, referring websites). This data is transmitted to and stored on Google’s servers in the United States.

The legal basis for this processing is your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time via the cookie settings on this website. You can also prevent Google Analytics from collecting your data by installing the Google Analytics opt-out browser add-on: tools.google.com/dlpage/gaoptout.

The data transfer to the USA is based on the EU Standard Contractual Clauses. For more information, see Google’s privacy policy: policies.google.com/privacy.

LinkedIn

This website contains a link to my LinkedIn profile (linkedin.com). Clicking the link will take you to LinkedIn’s platform, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (for users in the EU/EEA/Switzerland). LinkedIn has its own privacy policy which governs how it processes your data: linkedin.com/legal/privacy-policy. I have no influence over LinkedIn’s data processing

6. Data transfer and data transmission abroad

As part of my professional activities and for the purposes set out in Section 3, I also disclose data to third parties, insofar as this is permitted and appropriate, whether for them to process on my behalf or for their own purposes. This applies in particular to the following parties:

  • Service providers, including contract processors (such as IT providers);

  • Partners, subcontractors and other business associates;

  • Clients;

  • Domestic and foreign authorities, official bodies or courts;

  • Media;

  • The public, including visitors to websites and social media;

  • Other parties to potential or actual legal proceedings;

  • Other companies and all joint recipients.

These recipients are partly domestic, but can be anywhere in the world. If a recipient is located in a country without adequate legal data protection, I contractually oblige the recipient to comply with applicable data protection law (using the standard contractual clauses of the European Commission where applicable), insofar as they are not already subject to a legally recognised set of rules to ensure data protection.

7. Duration of storage of personal data

I process and store your personal data for as long as is necessary for the fulfilment of my professional and contractual obligations and any associated legal obligations or other purposes pursued with the processing. Data that is no longer required will generally be deleted or anonymised, unless temporary further storage is required for legal documentation, retention obligations, or other legitimate interests.

Information submitted through the contact form on this website is retained for as long as it is relevant to your inquiry and any follow-up matters arising from it. Once no longer needed, it will be deleted or anonymised.

8. Data security

I take appropriate technical and organisational security precautions to protect your personal data from unauthorised access and misuse, such as IT and network security solutions, access controls, encryption of data and transmissions, pseudonymisation, and regular reviews.

9. Obligation to provide personal data

In the context of my professional and business relationship with you, you must provide the personal data that is necessary for the establishment and conduct of this relationship and the fulfilment of the associated obligations. Without this data, I will generally not be able to enter into or conduct a professional engagement with you. The website can also not be used if certain information to ensure data traffic (such as IP address) is not disclosed.

10. Rights of the data subject

You have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to my data processing, in particular for the purposes of direct marketing and profiling, as well as to the disclosure of certain personal data for the purpose of transfer to another body (so-called data portability) within the framework of the data protection law applicable to you. Please note that I reserve the right to assert restrictions provided for by law, for example if I am obliged to store or process certain data, have an overriding interest in doing so, or need it for the assertion of claims.

The exercise of such rights generally requires that you clearly prove your identity. To assert your rights, you can contact me at the address provided on this website.

Every data subject also has the right to enforce their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch).

11. Changes

I may amend this privacy policy at any time without prior notice. The current version published on my website shall apply. Insofar as the privacy policy is part of an agreement with you, I will inform you of the change by e-mail or other appropriate means in the event of an update.