Data Privacy Policy
We appreciate your interest in our website and our web services. The protection of personal data is important to us. In the following, we inform you about which personal data we process in connection with the use of our website and our services, for what purposes this is done and what rights you have to have.
1. Controller
smartmerger.com AG
Rämistrasse 38
CH-8001 Zürich
Schweiz
Telefon: +49 89 6282400-0
Telefon: +41 44 551 00 60
E-Mail: hello@smartmerger.com
2. Rights of Data Subjects
As a data subject, you have the following rights under the applicable data protection laws, in particular the General Data Protection Regulation (GDPR), provided the respective legal requirements are met:
Access: You have the right to obtain confirmation as to whether and which personal data we process about you.
Rectification: You may request the rectification of inaccurate personal data. You may also request the completion of incomplete personal data.
Erasure: In certain cases, you may request the erasure of your personal data.
Restriction of processing: In certain cases, you may request that the processing of your personal data be restricted.
Data portability: Where we process data automatically based on your consent or a contract, you may request to receive the data you have provided in a structured, commonly used and machine-readable format, or to have us transmit such data directly to another controller, where technically feasible.
Right to Object
Right to object on grounds relating to your particular situation
You have the right, on grounds relating to your particular situation, to object at any time to processing of personal data based on Art. 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
In such cases, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
Objection to direct marketing
Where we process your personal data for direct marketing purposes, you have the right to object at any time to such processing. This also applies to profiling to the extent it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Withdrawal of consent: If you have given us consent to process your personal data, you may withdraw this consent at any time with effect for the future. The lawfulness of processing prior to withdrawal remains unaffected. You may also withdraw or change consent regarding cookies and similar technologies via the cookie settings on our website.
Exercising your rights: To exercise your rights, please contact us using the contact details above. Please ensure that we can clearly identify you.
Right to lodge a complaint: You have the right to lodge a complaint with a competent data protection supervisory authority if you believe that the processing of your personal data is unlawful. You may, in particular, contact the supervisory authority at your habitual place of residence, your place of work, or the place of the alleged infringement.
3. Obligation to Provide Data
You are not obliged to provide us with personal data. However, without your information we may not be able to process your request, or certain functions (contact forms, appointment booking, newsletter) may not be available or only available to a limited extent.
4. Automated Decision-Making
No automated decision-making, including profiling, within the meaning of Art. 22 GDPR takes place.
5. Server Log Files and Hosting
Our website is hosted by HubSpot, Inc. (USA). When you access the website, the hosting provider processes connection data for the technical provision and security of the website (IP address, date/time, page accessed, browser/device information, referrer URL). We do not carry out any further analysis of this data.
The legal basis is Art. 6(1)(f) GDPR; our legitimate interest lies in providing the website in a secure and stable manner.
6. Retention Periods
We retain personal data only for as long as is necessary for the relevant purposes or as required by statutory retention obligations. Contact and inquiry data are retained until the inquiry has been processed and, where applicable, until the end of the business relationship; thereafter the data is deleted or restricted, unless commercial or tax law retention obligations (typically 6 or 10 years) apply. Newsletter data is retained until you unsubscribe; the opt-in process is logged for evidence purposes. Retention periods for cookies are set out in the tables below.
7. Transfers to Third Countries
Some of our service providers (in particular HubSpot, Google, Calendly, Vimeo, Stripe) process data in the USA. Such transfers take place on the basis of the EU-US Data Privacy Framework (Art. 45 GDPR) where the respective provider is certified, or otherwise on the basis of the Standard Contractual Clauses (Art. 46(2)(c) GDPR). You may request a copy of the safeguards from us.
8. Cookies and Similar Technologies
We use cookies and comparable technologies (local storage, pixels, server-side log data) to provide the website, ensure security, analyse usage, and manage your inquiries, bookings and our marketing communications.
Strictly necessary cookies are active without your consent (legal basis: Art. 6(1)(f) GDPR or Section 25(2) TDDDG). We only use analytics and marketing cookies with your consent (Art. 6(1)(a) GDPR or Section 25(1) TDDDG); you can change your settings at any time via the cookie banner.
8.1 Strictly Necessary Cookies and Security
| Cookie / Technology | Provider / Domain | Purpose | Typical Retention | Category |
|---|---|---|---|---|
__cf_bm |
Cloudflare / HubSpot CDN / embedded services where applicable | Bot detection, protection from automated traffic, secure delivery of the website and embedded content | approx. 30 minutes | Necessary / Security |
_cfuvid / __cfuvid |
Cloudflare / HubSpot CDN / embedded services where applicable | Rate limiting and distinction of individual users behind the same IP address to prevent abuse | Session | Necessary / Security |
__cfruid |
Cloudflare / HubSpot CDN, if set | Rate limiting and protection of CDN delivery | Session | Necessary / Security |
__hs_cookie_cat_pref |
HubSpot | Storage of selected cookie categories | up to 6 months | Necessary / Cookie settings |
__hs_do_not_track |
HubSpot, if set | Storage of a tracking opt-out; prevents HubSpot tracking | up to 6 months | Necessary / Cookie settings |
__hs_opt_out |
HubSpot, if set | Storage of an opt-out so users are not asked again | up to 6 months | Necessary / Cookie settings |
__hs_initial_opt_in |
HubSpot, if set | Supports the initial display of the cookie banner | up to 7 days | Necessary / Cookie settings |
__hs_gpc_banner_dismiss |
HubSpot, if set | Storage that a Global Privacy Control notice has been dismissed | up to 180 days | Necessary / Cookie settings |
8.2 HubSpot — Website, Forms, CRM, Marketing
Our website runs on HubSpot (HubSpot, Inc., USA). We also use HubSpot for web analytics, contact forms, lead management, CRM and marketing communications. The data processed includes in particular your name, business contact details, company, content of your inquiry, time of submission, technical data (IP, browser, device), referrer/campaign data, and — where tracking has been consented to — interaction history.
The legal basis is, depending on the context, Art. 6(1)(b) GDPR (pre-contractual/contractual), (f) GDPR (legitimate interest in processing inquiries and managing customer relationships) or (a) GDPR (consent).
Newsletter: Sign-up takes place via a double opt-in procedure; sign-up and confirmation are logged. You can unsubscribe at any time via the link in every email.
| Cookie / Technology | Provider / Domain | Purpose | Typical Retention | Category |
|---|---|---|---|---|
__hstc |
HubSpot | Main tracking cookie; stores information on visitor ID, first visit, last visit, current visit and number of sessions | up to 6 months | Analytics / Tracking |
hubspotutk |
HubSpot | Unique visitor identifier; may be used during form submission for contact attribution and deduplication | up to 6 months | Analytics / Lead attribution |
__hssc |
HubSpot | Session cookie; counts page views within a session | approx. 30 minutes | Analytics / Session tracking |
__hssrc |
HubSpot | Detects whether a new browser session has started | Session | Analytics / Session tracking |
| HubSpot Browser Storage / Event Queue, if set | HubSpot | Temporary storage of tracking events and interactions before processing | depends on browser/HubSpot configuration | Analytics / Tracking |
8.3 Google Analytics
Provider: Google Ireland Limited, Dublin, Ireland. Used only with your consent (Art. 6(1)(a) GDPR, Section 25(1) TDDDG). A transfer to the USA is possible (see section 7).
| Cookie | Provider / Domain | Purpose | Typical Retention | Category |
|---|---|---|---|---|
_ga |
Google Analytics | Distinguishes individual users | up to 2 years or depending on browser/Google configuration | Analytics |
_ga_* |
Google Analytics | Stores session state and assigns interactions to a session | up to 2 years or depending on browser/Google configuration | Analytics |
8.4 Calendly — Appointment Booking
Provider: Calendly LLC, Atlanta, USA. When you book an appointment, we process your name, email, company, phone number (where applicable), preferred appointment, answers to booking questions and technical data. Legal basis: Art. 6(1)(b) GDPR (pre-contractual) or (f) GDPR (efficient appointment management); for non-essential cookies, your consent.
| Cookie / Technology | Provider / Domain | Purpose | Typical Retention | Category |
|---|---|---|---|---|
_calendly_session |
Calendly, if set | Session and functional cookie for the appointment booking process | Session | Functional / Booking |
| Calendly Session Cookies | Calendly | Secure provision of the booking process, session management, abuse prevention | Session | Necessary / Functional |
| Calendly Persistent Cookies, if set | Calendly | Storage of preferences, where applicable analytics and optimisation of Calendly usage | depends on Calendly configuration | Preferences / Analytics / Marketing |
8.5 Embedded Videos (HubSpot Video, Vimeo)
HubSpot Video: Delivered via HubSpot; depending on configuration and your consent, views and interactions may be measured.
Vimeo: On individual pages we embed videos from Vimeo.com, Inc. (USA) with the Do-Not-Track parameter (dnt=1) enabled. If, despite dnt=1, a tracking cookie (vuid) is set, we treat this as requiring consent.
| Cookie / Technology | Provider / Domain | Purpose | Typical Retention | Category |
|---|---|---|---|---|
__cf_bm |
Vimeo / Cloudflare, if set | Bot detection and protection of the Vimeo player | approx. 30 minutes | Necessary / Security |
_cfuvid |
Vimeo / Cloudflare, if set | Rate limiting and secure player delivery | Session | Necessary / Security |
player_clearance / cf_clearance |
Vimeo / Cloudflare, if set | Security check for the player | depends on Vimeo/Cloudflare | Necessary / Security |
vuid |
Vimeo, if set despite dnt=1 or due to existing cookies |
Vimeo analytics / visitor identifier | depends on Vimeo | Analytics / Tracking |
8.6 Google reCAPTCHA
To protect our forms from spam and bots, we use reCAPTCHA from Google Ireland Limited. The data processed includes IP address, browser/device information and interaction data. Legal basis: Art. 6(1)(f) GDPR (security and abuse prevention) or your consent, where required.
8.7 Stripe (in Connection with Calendly)
When you use Calendly to book appointments, components of Stripe (Stripe Payments Europe, Dublin / Stripe, Inc., USA) may be loaded for fraud prevention and security purposes. The data processed includes technical data (IP, browser, device, interactions). If payment functions are actually activated, payment data is also processed. Legal basis: Art. 6(1)(f) GDPR or (b) GDPR for payment processing.
9. Security
Data is transmitted in encrypted form (TLS/HTTPS).
10. Changes
We update this policy if the legal situation or the services we use change. The date of the current version is shown at the top of this page.
Last updated: May 2026