Data Protection

Privacy Policy

Last updated: March 2026. This privacy policy applies to the Investor Ready landing page operated by Dr. Asli Chamizo-Toksal and explains how personal data is collected, used, and protected in accordance with the EU General Data Protection Regulation (GDPR) and Austrian data protection law (DSG).

1. Controller

The data controller responsible for processing your personal data is:

Dr. Asli Chamizo-Toksal
Kaiserstrasse 119, 1070 Vienna, Austria
Email: info@28xchange.com

2. Data We Collect

This website does not use cookies, tracking tools, or analytics software. We collect personal data only when you actively contact us, specifically:

• Your name and email address when you send an enquiry via email
• Any information you voluntarily include in your message
• Documents you share via Google Drive as part of a paid engagement

3. Purpose and Legal Basis

Your data is processed for the following purposes:

• To respond to your enquiry — legal basis: Art. 6(1)(b) GDPR (performance of a contract or pre-contractual steps)
• To deliver the Investor Ready service — legal basis: Art. 6(1)(b) GDPR (performance of a contract)
• To comply with legal obligations (e.g. invoicing and tax records) — legal basis: Art. 6(1)(c) GDPR

4. Data Retention

Email correspondence and service-related documents are retained for the duration of the engagement and for a minimum of 7 years thereafter in accordance with Austrian tax and commercial law (§132 BAO). Documents shared via Google Drive are stored only as long as necessary to deliver the service and are deleted upon request once the engagement is complete.

5. Third-Party Services

This website uses the following third-party services:

• Google Fonts — fonts are loaded from Google servers. Google may collect technical data (IP address, browser type) in accordance with Google's privacy policy. For more information, see policies.google.com/privacy.
• Google Drive — used to exchange documents with clients. Google processes data in accordance with their data processing terms. Clients are informed of this before sharing documents.
• Stripe / PayPal — payment processing. When you make a payment, you interact directly with Stripe or PayPal. Their respective privacy policies apply. We do not store your payment details.

6. Your Rights

Under GDPR, you have the right to:

• Access the personal data we hold about you (Art. 15 GDPR)
• Request correction of inaccurate data (Art. 16 GDPR)
• Request deletion of your data where no legal retention obligation applies (Art. 17 GDPR)
• Restrict or object to processing (Art. 18, 21 GDPR)
• Data portability (Art. 20 GDPR)
• Lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde): www.dsb.gv.at

To exercise any of these rights, contact: info@28xchange.com

7. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. All email communication is conducted via encrypted connections where supported.

8. No Automated Decision-Making

We do not use automated decision-making or profiling as defined under Art. 22 GDPR.

9. Changes to This Policy

This privacy policy may be updated from time to time. The current version is always available at this URL. We recommend reviewing this page periodically.