PRIVACY POLICY

Last update: 11 August 2025

​​

A-QUANTO AG (following AQUANTO) is committed to protecting, maintaining confidentiality, and preserving the privacy of the information and data entrusted to us. We take appropriate measures to comply with applicable data protection regulations.

​

This privacy policy applies to all data we collect as data controllers concerning our business activities and website,
venture-guidebook.com. It does not apply to data we process on behalf of our customers, where our customers act as data controllers.

​

We regularly review and update this privacy policy and adapt our measures to meet requirements. The most current version is available on our website, and we recommend reading it periodically. 

​

Please read this privacy policy to learn about your rights, what data we collect, and how we use and protect it.​

​

Why we need personal data

We collect personal data primarily to provide and market our products and services (including our website), fulfil contracts and obligations, and perform our duties. We aim to be fully transparent when collecting data and only collect and process relevant information.

​​

We want to point out that certain products and services cannot be provided or used without consent. Please be aware that you agree to this privacy policy when using our website.​

​

Furthermore, we are legally obliged to collect specific personal data to document our business activities and retain it for the period defined by the authorities (retention obligation).

​​

How we collect personal data

We only collect personal data for which we have received consent and which is relevant. We may also collect publicly available data if it is of legitimate interest to us, provided this is appropriate and does not override fundamental rights. How we collect personal data:

• Directly: We receive personal data directly from individuals who use our website, actively participate in community activities (e.g., in blogs, forums, or events), register for publications, subscriptions, or newsletters, or contact us directly (e.g., via phone, email, contact forms, or personal meetings).

• Indirectly: We also receive personal data indirectly through third parties, customer orders, public sources, or partner companies. In this situation, we predominantly act as data processors. Please ensure that through the respective service, you transmit to us the data you wish to provide.

​

We will obtain explicit consent from individuals before collecting, processing, or storing sensitive personal data. Consent is gained through explicit affirmative action, such as ticking a box on a web form. We ensure that consent is freely given after being informed. Individuals are informed about their right to withdraw consent at any time and the straightforward process to do so.

​

We may aggregate and augment personal data in profiles (e.g., in the CRM system) to better understand and serve our customers, partners, prospects, subscribers, and individuals, fulfil a legal obligation, or pursue our legitimate interests.​

 

What personal data we collect

The specific data we collect and process depends significantly on the respective interaction and which products and services are used. Below is further information on personal data collected concerning our activities.

​​

Personal data refers to all information that identifies you personally, including contact information such as name, email address, company name and address, phone number, and other information about you or your company. Additionally, technical information such as log files, transactions, IP address of the internet device, browsing behaviour on our websites, or navigation/location data may also be personal data if it is possible to identify you directly or indirectly through it.

 

We avoid collecting, processing, and storing sensitive personal data as much as possible and only collect it for legitimate purposes. Sensitive personal data refers to particularly protected information, such as credit or debit card numbers, government-issued documents (e.g., passport, social security), biometric information, personal health information, personal information of children, or combinations of information that fall under the definition of "special categories of data" (according to the EU General Data Protection Regulation, GDPR) or other applicable privacy and data protection laws.

​

Use of personal data

In addition to the purposes already mentioned, we may use your personal data to:

• Improve and further develop our products and services.

• Provide or send you information that we believe may be of interest to you and is related to the products and services you use.

• Send advertising or informational content in accordance with your communication preferences.

• Collect statistical information on the use of our products and services, including the website, and use it to improve the experience and personalisation.

• Serve you concerning administrative or support activities.

• Monitor, prevent, or investigate security issues or abuse.

• Fulfil legal requirements.

​

We may contact you on behalf of our external business partners or customers. In this case, we process your data only on behalf of the data controller, whether it is a customer or partner.

 

We currently do not use automated processing, machine learning, or other artificial intelligence that processes personal data and results in legally relevant decisions or significantly affects them. Should this change, we will update this section of the privacy policy and proactively inform you (for more information, see section 22 of the GDPR).

​

Disclosure and sale of personal data to third parties

We never sell your personal data to third parties.

We do rely on certain trusted subcontractors and service providers to support our business operations and deliver services. All such providers are carefully vetted and bound by data protection agreements to uphold the same data protection and security standards that we follow. For example, we use Notion as a cloud-based workspace to manage content and some client information, and Miro as an online collaborative whiteboard tool for client projects. These platforms act as data processors on our behalf and process personal data only under our instructions and for the purposes we specify. Notion's platform is hosted on Amazon Web Services (AWS) and employs strong encryption to protect data at rest and in transit, in line with its commitments to EU GDPR compliance and international data transfer safeguards (e.g. standard contractual clauses). Likewise, Miro implements robust security measures. All data on Miro is encrypted in transit and at rest, and access is restricted through role-based permissions. Miro affirms its compliance with major data privacy laws like GDPR and does not sell or share personal data with unrelated third parties. We ensure that each of our subcontractors (including Notion, Miro, and others such as our payment service providers and analytics providers) only uses your data for the intended purposes and maintains the confidentiality and security of your information. We remain responsible for the protection of your personal data throughout these processing activities.

 

Transfer of personal data abroad

Some of our external service providers may process or store personal data outside Switzerland and the EU/EEA. For instance, using the Notion collaboration platform or Miro's services may involve transferring and storing data in the United States (on secure AWS cloud servers). In all such cases, we take appropriate safeguards to ensure compliance with Swiss and EU data protection requirements. This includes implementing encryption for data in transit and at rest, and entering into Data Processing Addendums (DPAs) with Standard Contractual Clauses or other approved transfer mechanisms to protect your information. Our subcontractors are obliged to adhere to GDPR-equivalent privacy standards, and we regularly review their measures and certifications. By using our services, you acknowledge that your data may be processed in countries outside your jurisdiction; however, we will always ensure an adequate level of protection for any exported data. We do not permit any foreign or unauthorised access to your personal data and remain the data controller responsible for its security and lawful processing at all times.

​

Your privacy rights

In connection with data processing, you have the rights listed below:

• Access: You can ask us to verify whether we are processing personal data about you and, if so, to provide more detailed information.

• Correction: You can ask us to correct our records if you believe they contain incorrect or incomplete information about you.

• Deletion: You can ask us to delete your personal data after you have withdrawn your consent to the processing. In general, we delete your data that is no longer needed. Note that we cannot delete all your personal data due to legal obligations (e.g., historical data or data for accounting purposes).

• Data portability: If you have provided us with personal data and it is technically feasible, you can ask us to transfer it electronically.

• Processing restrictions: You can ask us to temporarily restrict the processing of your personal data if you dispute its accuracy or want to restrict its use instead of deleting it.

• Right to object to marketing, including profiling: You can object to the use of your personal data for marketing purposes, including profiling. We may need to retain some minimal information to comply with your request to stop marketing to you.

• Right to withdraw consent: You can withdraw your previously given consent to process your personal data. This does not affect the legality of the processing carried out before the withdrawal of your consent. It may mean we cannot offer you certain products or services; we will inform you of this in such cases.

​​

Before responding to a request regarding your data rights, we may ask you to provide proof of identity to fully identify you. This helps ensure that personal data is not disclosed to individuals who have no right to receive this data. We may also ask for sufficient information about your relationship with us so that we can locate your personal data.

​

Individuals have the right to be forgotten and can contact our Data Protection Officer (DPO) through the contact details below to exercise this right. We will respond to such requests without undue delay and ensure that data is erased from all systems, unless retention is required by law.

 

If your request is unfounded or excessive, we may refuse your request or charge a fee. We reserve the right not to comply with your request for legitimate reasons.

​

Cookies and tracking technologies

We, our partners and subcontractors use cookies or similar technologies (such as web beacons and JavaScript) to manage the website and its functions, analyse usage, track user activities, and collect aggregated demographic data about our users. Collecting this information allows us to customise the online experience, improve the performance, security, usability, and effectiveness of our web presence, and measure the effectiveness of our marketing, product, or service promotion activities.​

 

The providers of these cookies and tracking technologies and referenced sites may collect and process additional technical data. Adobe (and similar applications) use technologies to store settings, preferences, and usage data. These technologies create locally stored objects, often referred to as "Flash Cookies." We do not use Flash Cookies; our technology partners or referenced sites may use Adobe's Flash Cookies on websites related to our products or services. In such cases, we are not responsible for this additional data collection, nor do we control the technology companies or providers in these cases.

​

For more information on our use of cookies and how to manage your cookie settings, please see our Cookie Notice.

​​

Security and confidentiality of personal data

We use various security technologies and procedures to ensure the security and confidentiality of personal data. These procedures protect personal data from unauthorised access, use, damage, or disclosure. We protect personal data using measures such as encryption, security certificates, or robust multi-level authorisation procedures. Additionally, appropriate physical, technical, and organisational measures protect personal data.​

 

We cannot take responsibility for external websites, third-party content, or links to this information on our website, products, or services.

​​

Retention of personal data

We retain personal data for as long as necessary for the purposes for which it was collected. We may also retain non-sensitive personal data beyond this period to stay in touch with you and fulfil products, services, or other contractual obligations. In general, we delete personal data when it is no longer needed and when any applicable legal retention period has expired.

​

Data breach notification and protocol

In the event of a data breach, we will follow a structured protocol to mitigate risks and inform relevant parties:

1. Detection and containment: Immediate steps to identify and contain the breach.

2. Assessment: Evaluate the extent of the breach and potential impact.

3. Notification: We will notify the supervisory authority within 48 hours of becoming aware of the breach. If the breach is likely to result in a high risk to individuals' rights and freedoms, we will also notify the affected individuals without undue delay.

4. Remediation: Take corrective actions to prevent future breaches and minimise harm.

5. Documentation: Maintain records of the breach, including its impact and the measures taken.

​

Contact data protection officer 

If you have any questions about this privacy policy or our data protection practices, please get in touch with us at:

​​

Email: guide@venture-guidebook.com

 

Contact: Christian Hug

Address: A-QUANTO AG, Nordstrasse 9, CH-8006 Zürich

 

Data protection authority: We are subject to the Swiss Federal Data Protection and Information Commissioner. If you believe your rights have been violated, you have the right to submit a complaint to the data protection authority.

​

We reserve the right to modify this privacy policy and related documents at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. 

​

The AQUANTO team is committed to complying with data protection regulations and ensuring the privacy and security of the personal data we process. Thank you for your trust.