Last updated: 21 May 2026

At SuccessOptima e.U., we take the protection of personal data seriously. This Privacy Policy explains how we collect, use, and protect personal data when you visit our website, contact us, or book a call with us.

1. Controller

The controller responsible for the processing of personal data on this website is:

SuccessOptima e.U.
Springergasse 9/14-15
1020 Vienna
Austria

Email: info@successoptima.com
Phone: +43 676 844 880291

2. General information on data processing

We process personal data in accordance with applicable data protection law, in particular the General Data Protection Regulation (GDPR). We process personal data only to the extent necessary to operate our website, respond to enquiries, arrange calls, and provide requested information.

3. Categories of personal data we may process

Depending on how you interact with our website, we may process the following categories of personal data:

• first name
• last name
• email address
• phone number, if provided
• company name
• job title / role
• country / location
• message content submitted through the contact form or by email
• booking-related information submitted when scheduling a call
• technical data required for website delivery and security, such as IP address and server log data

We do not knowingly collect personal data from children, and our website and services are not directed to minors.

4. Purposes and legal bases of processing

We process personal data for the following purposes:

a) Responding to enquiries

If you contact us through the contact form or by email, we process your data in order to respond to your enquiry and manage related follow-up communication.

Legal basis:

• Article 6(1)(f) GDPR — our legitimate interest in handling business communication is the primary basis for general enquiries.
• Article 6(1)(b) GDPR — where your request relates to pre-contractual steps or the active discussion of a specific service or business relationship.

b) Scheduling calls

If you book a meeting through our booking page, we process your contact and scheduling data to arrange and manage the meeting.

Legal basis:

• Article 6(1)(f) GDPR — legitimate interest in managing business appointments.
• Article 6(1)(b) GDPR — where the meeting relates to pre-contractual steps.

c) Sending requested materials

If you request materials from us, we process the data necessary to deliver those materials and to communicate with you in relation to that request.

Legal basis:

• Article 6(1)(f) GDPR — legitimate interest in responding to business requests.
• Article 6(1)(b) GDPR — where delivery of materials forms part of pre-contractual steps.
• Article 6(1)(a) GDPR — where consent is specifically requested prior to sending.

d) Website operation and security

We process technical data where necessary to ensure website functionality, stability, and protection against misuse.

Legal basis:

• Article 6(1)(f) GDPR — our legitimate interest in maintaining a secure and functioning website.

5. Contact form

When you use the contact form on our website, we process the data you provide — such as your name, email address, optional phone number, and message content — for the purpose of handling your enquiry and related follow-up communication.

Form submissions are transmitted to our business email address at info@successoptima.com. We use a contact form plugin to provide this functionality. We do not intentionally retain form submissions in the plugin’s backend storage.

We recommend that you do not submit sensitive personal data through the contact form unless this is necessary.

6. Booking pages

We use Proton Calendar Booking Pages to allow website visitors to book a call with us. When you use this functionality, the booking data you provide — such as your name and email address — is processed by Proton for the purpose of scheduling and managing the meeting. Proton acts as a data processor in this context, and we have sought to put in place appropriate contractual safeguards accordingly.

The booking page is accessed through a link rather than embedded as an on-site widget.

7. Email communication

If you contact us directly by email, we process the personal data contained in your message and email metadata for the purpose of handling your request and maintaining related business communication.

8. Hosting and service providers

We use third-party service providers where necessary for website hosting and business communication. At present, this may include in particular:

• World4You (World4You Internet Services GmbH, Wolfgang-Pauli-Straße 2, BT3, 4020 Linz, Austria) — website hosting and related infrastructure
• Proton (Proton AG, Route de la Galaise 32, 1228 Plan-les-Ouates, Geneva, Switzerland) — email, calendar booking, and cloud-based business tools
• Brevo (Sendinblue SAS, 7 rue de Madrid, 75008 Paris, France) — email marketing platform used to manage newsletter subscriptions and send marketing communications
• Anthropic (Anthropic, PBC, 548 Market St, PMB 90375, San Francisco, CA 94104-5401, USA) — AI processing infrastructure used to generate personalised analytical reports in the CS Management Practice Capability Self-Assessment tool. Assessment results are transmitted to Anthropic’s API solely for the purpose of generating the report and are not retained by Anthropic after processing.

Where required by applicable law, we have entered into Data Processing Agreements with each of these providers to ensure that personal data is processed only in accordance with our instructions and in compliance with the GDPR.

9. International data transfers

Some of our service providers may be located outside the EU/EEA or may process data in a third country.

At present, this includes Proton, which is based in Switzerland. Switzerland is covered by an adequacy decision of the European Commission, which means that personal data may generally be transferred there on that basis.

We also use Anthropic, a US-based AI service provider, in connection with our CS Management Practice Capability Self-Assessment tool. When a user generates an analytical report, anonymised assessment results are transmitted to Anthropic’s servers located in the United States. These results do not contain any personal data as defined under Article 4(1) GDPR — they consist solely of aggregated capability scores and pattern summaries that cannot be used to identify any individual. The transfer is made on the basis of Standard Contractual Clauses in accordance with Article 46(2)(c) GDPR, or such other appropriate transfer mechanism as may apply at the relevant time.

If, in the future, we engage service providers in other third countries, we will rely on appropriate transfer mechanisms as required by applicable law, such as the Standard Contractual Clauses adopted by the European Commission.

10. Cookies and similar technologies

At present, we do not intentionally use analytics, advertising, or retargeting tools on this website.

The website may, however, use technically necessary cookies or similar technologies required for website functionality, security, or basic session management. These are used on the basis of our legitimate interest in operating a functional and secure website (Article 6(1)(f) GDPR).

If non-essential cookies or analytics tools are introduced in the future, this Privacy Policy and, where required, our consent mechanism will be updated accordingly.

11. Newsletter and marketing

We use Brevo (Sendinblue SAS, 7 rue de Madrid, 75008 Paris, France) as our email marketing platform to manage contact lists and send marketing communications — including informational updates, workshop announcements, and follow-up materials — to individuals who have given their consent through our website or other channels, such as professional events, direct communication, or social media.

When you subscribe, we collect your email address. This data is transferred to and processed by Brevo as our data processor, subject to a Data Processing Agreement.

Consent and legal basis: We collect your consent explicitly through a subscription form before sending any marketing communications. Your consent is recorded and stored by Brevo. The legal basis for this processing is Article 6(1)(a) GDPR — your freely given, specific, informed, and unambiguous consent. In accordance with Article 7(3) GDPR, you may withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal. To unsubscribe, click the unsubscribe link included in every email, or contact us at info@successoptima.com.

Retention: We retain your contact details in our mailing list for as long as you remain subscribed. Upon unsubscription or withdrawal of consent, your data will be removed from our active mailing list.

We do not use open or click tracking at this time. If this changes, this Privacy Policy will be updated accordingly.

For more information on how Brevo processes personal data, please refer to Brevo’s Privacy Policy.

12. CS Management Practice Capability Self-Assessment

We offer a CS Management Practice Capability Self-Assessment tool accessible on our website. When you use this tool:

Registration: Your email address is collected via a subscription form managed by Brevo (see Section 11) for the purpose of providing access to the tool. The legal basis is your consent (Article 6(1)(a) GDPR).

Assessment responses: Your answers to the assessment questions are processed exclusively within your browser. They are not transmitted to our servers, not stored, and not associated with your email address or any other personal data.

Report generation: When you request a personalised analytical report, a summary of your assessment results — consisting of anonymised capability scores and pattern data — is transmitted to Anthropic’s API for processing. This data does not contain any information that could identify you as an individual. It is processed solely to generate the report and is not retained after processing. The report is displayed in your browser only and is not stored on our servers.

No profiling: The assessment results are not used to profile individuals, make automated decisions about you, or build any personal record. The tool is a self-diagnostic instrument intended to inform your own professional decisions.

13. Data retention

We retain personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required by law. This reflects the storage limitation principle under Article 5(1)(e) GDPR.

As a general rule:

• contact enquiries are retained for up to 12 months after the matter has been closed
• booking data is retained for up to 12 months after the meeting, unless further communication or a business relationship follows
• business correspondence may be retained for as long as needed to manage the relationship or to establish, exercise, or defend legal claims
• accounting and invoicing records are retained for the legally required period, which is generally 7 years under Austrian law

After the relevant retention period expires, data is deleted or its processing is restricted, unless continued retention is legally required.

14. Data security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access, as required by Article 32 GDPR.

These measures may include, among others:

• access restrictions
• strong passwords
• two-factor authentication
• backups
• endpoint protection
• secure communication tools
• device and access management appropriate to the size and nature of our business

15. Your rights

Under applicable data protection law, you may have the following rights, subject to the relevant legal conditions:

• Right of access — Article 15 GDPR
• Right to rectification — Article 16 GDPR
• Right to erasure — Article 17 GDPR
• Right to restriction of processing — Article 18 GDPR
• Right to data portability — Article 20 GDPR
• Right to object — Article 21 GDPR
• Right to withdraw consent at any time, where processing is based on consent — Article 7(3) GDPR

Where processing is based on our legitimate interests under Article 6(1)(f) GDPR, you have the right to object at any time on grounds relating to your particular situation. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless processing is necessary for the establishment, exercise, or defence of legal claims.

You may exercise any of these rights by contacting us at: info@successoptima.com

You also have the right to lodge a complaint with a supervisory authority. In Austria, this is the Austrian Data Protection Authority (Datenschutzbehörde).

16. No automated decision-making

We do not use automated decision-making within the meaning of Article 22 GDPR, including profiling that produces legal effects or similarly significant effects on individuals.

17. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. The current version will always be published on this website.