Privacy Notice

We may amend this Privacy Notice at any time without prior notice. The current version published on our website applies.

Version dated 22 November 2022

This Privacy Notice informs you about the processing of personal data by the companies of the Exentis Group (hereinafter all collectively “Exentis”, “we” or “us”).

This Privacy Notice is subject to Swiss law. Because the European General Data Protection Regulation (“GDPR”) may have to be observed for certain forms of data processing, this Privacy Notice also takes into consideration the GDPR.

If you provide us with personal data of other persons (e.g. data of employees), please make sure that these persons are aware of this Privacy Notice and only share their personal data with us if you are entitled to do so and if this personal data is correct.

1. Controller / contact details

The following companies may be a controller of your personal data depending on the specific data processing:

The Exentis Group AG is the controller of data processed over our website:

Exentis Group AG
Im Stetterfeld 2
CH-5608 Stetten

+41 56 484 55 31
info@exentis-group.com

If personal data is processed in connection with contracts, the Exentis group company that concludes the contract with you or the company for which you are acting is the controller. You will find the contact details on the relevant contract.

When processing personal data of investors, the Exentis company in which the investment is made is the controller of such data. You will find the contact details on the relevant documents.

2. Collection and processing of personal data

We primarily process the personal data that we receive from our customers and other business partners and other persons involved in the course of our business relationships with them. The personal data processed in this regard is mainly contact information. We also process information from investors that we require in connection with the investment. Additionally, when you visit our website, our system automatically collects certain technical information, including your IP address, details of your browser and operating system, the date and time of your visit, and the name and URL of the page accessed.

To the extent permitted, we also obtain certain personal data from publicly accessible sources (e.g., commercial registers, press, internet) or we may receive such information from group companies, from authorities or other third parties. Apart from data you provided to us directly, the categories of data we receive about you from third parties include, but are not limited to, information from public registers, data received in connection with administrative or court proceedings, information in connection with your professional role and activities (e.g., in order to conclude and carry out contracts with your employer), information about you in correspondence and discussions with third parties, information about you given to us by individuals associated with you (legal representatives, etc.) in order to conclude or process contracts with you or with your involvement (e.g. information on compliance with requirements such as the right of representation), information about you found in the media or internet (insofar as indicated in the specific case and permitted by law), your address.

3. Purpose of data processing and legal basis

We process the personal data we collect primarily in order to conclude and administer our contracts with our clients and business partners and to purchase products and services from our suppliers and subcontractors (legal basis: performance of a contract). We process the data of investors insofar as this is necessary in connection with the investment (legal basis: performance of a contract). We also process personal data if you contact us directly in order to process your request and, if applicable, in the context of other pre-contractual measures (legal grounds: performance of a contract, implementation of pre-contractual measures).

We also process personal data in order to comply with our domestic and foreign legal obligations.

In certain cases, we also process personal data if we can rely on our legitimate interests. This is the case in particular:

• for the provision of the website
• for the further development of our offers, services and websites
• for the analysis and evaluation of website activities
• for advertising and marketing (including the organization of events), provided that you have not objected to the use of your data for this purpose (if you are part of our customer base and you receive our advertisement, you may object at any time and we will place you on a blacklist against further advertising mailings)
• for market and opinion research, media surveillance to the extent permitted by law
• for the assertion of legal claims and defense in legal disputes and official proceedings
• for the prevention and investigation of possible criminal offences
• to guarantee our operations, in particular IT, our websites, and other platforms
• for adherence to compliance and other internal guidelines
• for carrying out internal investigations
• for internal administrative purposes
• to monitor and improve system security

If you have given us your consent to process your personal data for certain purposes, we will process your personal data within the scope of and based on this consent. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.

4. Data transfer to third parties / data transfer abroad

We disclose your personal data to third parties to the extent that this is necessary to achieve the stated purposes or to protect our legitimate interests or is required by law. The third parties to whom we transfer data include in particular:

• companies of the Exentis Group
• service providers of ours, in particular providers of IT services, hosting and support, logistics service providers, CRM system providers, banks, insurance companies
• dealers, suppliers, subcontractors and other business partners
• customers
• domestic and foreign authorities and offices, courts, arbitration tribunals
• media
• counterparties in connection with legal proceedings
• acquirers or parties interested in acquiring divisions, companies or other parts of the Exentis Group and their advisors

all together “recipients”.

In principle, these recipients are all in the EEA or Switzerland. In individual cases, however, the recipients are located in any country worldwide. If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose, we use the revised European Commission’s standard contractual clauses, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?, for Switzerland together with the necessary adaptations under Swiss law), unless the recipient is already subject to a legally accepted set of rules to ensure data protection and unless we cannot rely on an exception.

5. Retention period

We process and retain your data for as long as is necessary to achieve the purpose for which it was obtained. Data that we collect for the performance of a contract or for the implementation of pre-contractual measures will be deleted or anonymized if the data is no longer necessary for the performance of the contract. After the termination of the contract, we may retain data in order to fulfil our contractual or legal obligations and to protect our legitimate interests, namely to protect ourselves from claims or to enforce such claims.

Session cookies are generally deleted as soon as the session ends. Permanent cookies are stored for a maximum of 10 days. However, you can delete already stored cookies in your browser at any time.

6. Your rights

In accordance with and as far as provided by applicable law (as is the case where the GDPR is applicable), you have the right to access, rectification or erasure of your personal data, the right to restriction of processing or to object to our data processing, in particular for direct marketing purposes, profiling carried out for direct marketing purposes and for other legitimate interests in processing in addition to a right to receive certain personal data for transfer to another controller (data portability). Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims. If exercising certain rights will incur costs on you, we will notify you thereof in advance. We have already informed you about the possibility to withdraw your consent in Section 3 above. Please further note that the exercise of these rights may be in conflict with your contractual obligations and this may result in consequences such as premature contract termination or involve costs. If this is the case, we will inform you in advance unless it has already been contractually agreed upon. Regarding the contact details for asserting your rights, see Section 1 above.

Every data subject also has the right to enforce his or her claims in court or, depending on the applicable law, to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

7. Data security

Despite the licensed SSL encryption we use for the website, we would like to point out that internet-based data transmission has security vulnerabilities that lie outside our web server, such as nodes in the international network.