Privacy Policy

PRIVACY POLICY OF SHORELIGHT PARTNERS ADVISORS SA

1.       Overview and scope

The protection of your personal data, which Shorelight Partners Advisors SA (hereinafter «we» or «Shorelight») collects and processes as part of its business activities, is an important concern for us. This privacy policy provides information on how and for what purposes we process your personal data (hereinafter «you») which you disclose to us or which we collect from you. The present privacy policy is not exhaustive; General Terms and Conditions (GTC) and similar documents of Shorelight may contain additional information on the processing of your personal data. «Personal data» means any data and information relating to an identified or identifiable natural person.

2.       Responsible person and contact points for data protection issues

The name and address of the controller are as follows:
Shorelight Partners Advisors SA
Wolleraustrasse 41a
8807 Freienbach
Schwyz
Switzerland

E-mail:    contact@shorelight-partners.com

If you have any questions about data protection, please contact our address above.

3.       Data origin and data categories

As a matter of principle, we only process personal data that we receive or collect from our clients, cooperation partners, investors, interested parties and website visitors in the course of our business activities. To the extent permitted, we also obtain certain data from publicly accessible sources (e.g. debt enforcement register, commercial register, press, internet) or receive such data from other companies, from authorities or other third parties. If you provide us with personal data of other persons, we ask you to ensure that these persons are aware of this privacy policy and only share their personal data with us if you have been permitted to do so and if the relevant personal data is correct.

The personal data or categories of personal data processed by us include, depending on the case, in particular personal and contact data (e.g. name, address, gender, telephone number and e-mail address); identification and background information (e.g. passport number, ID number, AHV number, account number, specimen signatures, language, date of birth, nationality); contractual data which we receive or collect in connection with the initiation, conclusion and performance of contracts with you (e.g. goods and services claimed or requested by you and related behavioural and transactional data, financial data for payment purposes such as bank account details); transaction data (e.g. payment transaction data, details of your payment order as well as details of the payee or beneficiary and the purpose of the payment); communication data (e.g. content of emails, written correspondence, chat messages, social media posts, comments on websites and mobile apps, telephone calls, video conferences, proof of identity, marginal data); documentary data or data from your contacts with third parties (e.g. minutes of advice or conversations, file notes, references); preference and marketing data (e.g. data about the use of our website, apps or other digital offerings, data relating to the marketing of products and services such as newsletter sign-ups/sign-offs, documents received and special activities, personal preferences and interests); public data that can be obtained about you (e.g. land register and commercial register data, data from the media and the press); data in connection with (potential) proceedings or investigations by authorities, official agencies, courts, organisations or other bodies; data for compliance with legal requirements, such as anti-money laundering or in connection with export restrictions; image and sound recordings (e.g. photos, videos and sound recordings of customer events, recordings of video surveillance systems, photos, videos and sound recordings of courses, lectures, training sessions as well as recordings of telephone and video conference calls) and technical data (e.g. IP address and other device IDs, identification numbers assigned to your device by cookies and similar technologies).

4.
      Processing purposes and legal bases

‍4.1
   Generally within the scope of our business activities

We process your personal data primarily for those processing purposes, which are necessary in connection with our business activities and the provision of our services. In particular, we may process your personal data for the following purposes:

-    to communicate with you, in particular, to provide you with information or to process your requests, to be able to authenticate and identify you, for customer service and customer care;
-    for the performance of contracts, namely in connection with the initiation, conclusion and performance of contractual relationships. This includes all data processing that is necessary or expedient to conclude, execute and, if applicable, enforce a contract, such as processing to decide whether and how (e.g. with which payment options) we enter into a contract with you (including credit checks), to provide contractually agreed services, e.g. to provide services and functions (including personalised service components), to invoice our services and to process your order, e.g. to provide services and functions (including personalised service components), to invoice our services and generally for accounting purposes, to process applications (e.g. managing and evaluating applications, conducting interviews including creating personality profiles, obtaining reference information), to enforce legal claims arising from contracts (e.g. debt collection, legal proceedings, etc.);

-    to provide you with our services as well as our digital offers (e.g. website, mobile app) and to evaluate and improve them;
-    to inform you about new developments (e.g. newsletters) or to send you other information about our services;
-    to invite you to events;
-    for customer care and marketing purposes, e.g. to send you written and electronic communications and offers and to carry out marketing campaigns (e.g. newsletters);
-    in connection with accounting, archiving data and managing our archives;
-    for training and education: we may process your personal data to provide internal training and to train and develop our employees;
-    when selling receivables, e.g. if we provide the purchaser with information about the reason for and amount of the receivable and, if applicable, the creditworthiness and conduct of the debtor;
-    for security measures, namely IT and building security (such as access controls, visitor lists, prevention, defence and resolution of cyberattacks and malware attacks, network and mail scanners, video surveillance, telephone records) as well as for the prevention and resolution of criminal offences and other misconduct or conducting internal investigations, protection against misuse, evidentiary purposes, data analysis to combat fraud, evaluation of system-side records of the use of our systems (log data);
-    in connection with restructurings or other corporate actions (e.g. due diligence, sale of companies, keeping share registers, etc.);
-    for the assertion of legal claims and defence in connection with legal disputes as well as official proceedings at home and abroad, including the clarification of litigation prospects and other legal, economic and other issues;
-    to comply with our legal, regulatory (including self-regulations) and internal requirements and rules at home and abroad, including compliance with orders of a court or authority as well as clarifications via cooperation partners;
-    other purposes: we may process your personal data for other purposes that are necessary to protect our legitimate interests.

We process your personal data for the above purposes, depending on the situation, in particular based on the following legal bases:

-    the processing of personal data is necessary for the performance of a contract with you or pre-contractual measures;
-    you have given your consent to the processing of personal data relating to you;
-    the processing of personal data is necessary for compliance with a legal obligation;
-    the processing is necessary to protect the vital interests of the data subject or another natural person; or
-    we have a legitimate interest in processing the personal data and our legitimate interests may include, in particular, the following interests – interest in:

providing good customer service, keeping in touch and communicating with customers outside of a contract; in promotional and marketing activities; improving products and services and developing new ones; in combating fraud and preventing and investigating offences; protecting customers, employees and others and our data, trade secrets and assets; ensuring adequate security (both physical and digital); ensuring and organising business operations, including the operation and the further development of websites and other systems; managing and developing our business; selling or buying companies, parts of companies and other assets; enforcing or defending legal claims; complying with Swiss and foreign law and other rules applicable to us.

4.2    When visiting our website

Each time a user accesses our website, our server collects a set of user information which is stored in the server’s log files. The information collected includes, among other things, the IP address, the date and time of access, the time zone difference from the GMT time zone, the name and URL of the file accessed, the website from which access was made, the browser used and the operating system used. The collection of this information or data is technically necessary to display our website to you and to ensure its stability and security. This information is also collected to improve the website and analyse its use.

4.3    E-mail, telephone calls and video conferences

You can contact us via the e-mail address and telephone number provided. The personal data you send us will be stored by us and processed for the purpose of dealing with your enquiry. The legal basis for this personal data processing is your consent and our legitimate interest in pro-cessing your enquiry.If you contact us by e-mail, you authorise us to reply to you via the same channel. Please note that unencrypted e-mails are transmitted via the open internet, which is why it cannot be ruled out that they can be viewed, accessed and manipulated by third parties. We exclude – as far as legally permissible – any liability which you may incur in particular as a result of faulty transmission, falsification of content or disruption of the network (interruptions, overload, illegal interventions, blocking).Telephone and video conference calls with us may be recorded; we will inform you of this at the beginning of each call. If you do not want us to record such conversations, you have the option to terminate the conversation at any time and contact us by other means (e.g. by e-mail).

4.4    Contact form

You can contact us using the contact form provided on our website. The personal data you send us will be stored by us and processed for the purpose of dealing with your enquiry. The legal basis for this personal data processing is your consent and our legitimate interest in pro-cessing your enquiry.

4.5    Newsletter and other marketing activities

If you subscribe to our newsletter, we use your e-mail address and other contact data to send you the corresponding newsletter. By registering for our newsletter, you consent to the associated processing of your personal data. Mandatory data for sending a newsletter are your name and your e-mail address, which we store after your registration. The legal basis for the processing of your data in connection with our newsletter is your consent. You can revoke this consent at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail, by e-mail to our above-mentioned e-mail address or by sending a letter to the above-mentioned postal address.

4.6    Cookies and other third-party services

Our websites may use so-called cookies or other third-party services (hereinafter «cookies» or «third-party services»). Cookies are text files that are stored in the internet browser or by the internet browser on the computer system of the user or a mobile end device. The cookie contains a characteristic string of characters that enables the browser or mobile end device to be uniquely identified when the website is called up again. The purpose of using cookies is, on the one hand, to enable and simplify the use of our website for you. Some functions of our website cannot be offered without the use of cookies (so-called technically necessary cookies). On the other hand, we also use cookies/tools to analyse user behaviour on our website, namely for range measurement and marketing purposes.

4.6.1       Technically necessary cookies
Technically necessary cookies are required for our website to function. Therefore, these cookies cannot be switched off in our systems. They usually record important actions, such as the number of requests made, editing your privacy settings or filling out forms. Although you can block these cookies in your browser, some parts of our website may then no longer function.The legal basis for data processing when using technically necessary cookies is our legitimate interest, which lies primarily in ensuring the functionality and improvement of our website.

4.6.2       Analytical and marketing cookies

Analytical cookies allow us to analyse visitor behaviour and traffic sources so that we can measure the performance of our website and improve the user experience. They help us to see how popular which pages are and show how visitors move around our website. Marketing cookies allow us to deliver advertising that is relevant to you. These cookies may remember that you have visited our website and share this information with other companies, including other advertisers. Specifically, we may use the following cookies and other third-party services:

-      Google Analytics of Google Ireland Ltd., Ireland (hereinafter «Google»). The privacy policy for Google Analytics can be found here: https://policies.google.com/privacy?hl=en.
-      Google Tag Manager of Google. The privacy policy for Google Tag Manager can be found here: https://policies.google.com/privacy?hl=en.
You can object to the use of cookies, for example (i) by selecting the appropriate settings in your browser, (ii) by using appropriate cookie blocker software (e.g. ghostery etc.) or (iii) by downloading and installing the browser plug-in available at the following link regarding cookies from Google: https://tools.google.com/dlpage/gaoptout?hl=en.

4.6.3       Web beacons

Our website may contain electronic images, known as web beacons. These enable us to count users who have visited certain pages on our website. In order to do so, various data about you is collected and processed using web beacons. In order to prevent the use of web beacons on our website, you can object to it as described above.

4.7    Applications

You can submit your application for a position with us by post or by e-mail. The application documents and all personal data disclosed to us with them will only be processed for the purpose of processing your application for employment with us. Without your consent to the contrary, your application file will either be returned to you or deleted/destroyed after the application process has been completed, unless it is subject to a legal duty of safe-keeping.

5.       Disclosure of personal data to recipients and abroad

‍5.1
   Disclosure of personal data to recipients

In addition to the data transfers to recipients expressly mentioned in this privacy policy, we may disclose personal data to the following categories of recipients, where permitted:
-    Providers to whom we have outsourced certain services (e.g. IT and hosting providers, advertising and marketing services, company administration, including accounting and/or asset management, collection services, photographers, payment service providers, banks, insurance companies, etc.) as well as other suppliers and subcontractors;
-    Other Shorelight companies in Switzerland and abroad;
-    Business partner of ours;
-    Third-party providers of software applications used by clients in connection with our services;
-    Third parties who collect data about you via the website;
-    advisory service providers, e.g. tax advisors, lawyers;
-    Insurances;
-    Credit bureaus, which store this data for credit rating information;
-    Prospective purchasers or investors in the event of restructuring or other corporate actions;
-    Auditors;
-    Parties to potential or actual legal proceedings or litigation;
-    Domestic and foreign authorities, official agencies or courts.

5.2    Disclosure of personal data abroad

In principle, we process your personal data in Switzerland. However, in certain cases (e.g. when using certain service providers or certain software applications), your personal data may also be transferred abroad, primarily to the member states of the European Union and EFTA, but also in some cases to other countries worldwide, in particular to the USA (primarily in connection with cookies, social media plug-ins and other third-party software applications). If we transfer data to a country without adequate legal data protection, we ensure an adequate level of protection as provided for by law by using appropriate contracts (namely on the basis of the so-called “standard contractual clauses” of the European Commission) or rely on the legal exceptions of consent, the execution of the contract, the establishment, exercise or enforcement of legal claims, the overriding public interests, the published personal data or because it is necessary to protect the integrity of the data subjects. Nevertheless, we would like to point out that data transmitted abroad is no longer protected by Swiss law and foreign laws as well as official orders may demand that this data be passed on to authorities and other third parties.

6.       Retention period

We process and store your personal data only for as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, or as provided for by another legal basis (e.g. statutory retention periods). We retain personal data that we hold on the basis of a contractual relationship with you at least as long as the contractual relationship exists and limitation periods for possible claims by us run or contractual retention obligations exist. As soon as your personal data is no longer required for the above-mentioned purposes, they will be set inactive, deleted or anonymised as far as possible.

7.       Your rights

Within the framework of the data protection law applicable to you and insofar as provided therein, you have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to our data processing as well as to the release of certain personal data for the purpose of transfer to another controller (so-called data portability). Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to retain or process certain data, if we have an overriding interest in doing so (insofar as we are entitled to rely on this) or if we need the data to assert claims. If you incur costs, we will inform you in advance. If data processing is based on your consent, you can revoke this at any time after giving your consent with effect for the future. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. The exercise of such rights generally requires that you clearly prove your identity (e.g. by means of a copy of your identity card if your identity is otherwise not clear or cannot be verified). To exercise your rights, you can contact us at the address given in para. 2 of this privacy policy.In addition, every data subject has the right to enforce his or her rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html).

8.       Data security

We take appropriate security measures of a technical and organisational nature to maintain the security of your personal data, namely to protect it against unauthorised or unlawful processing and to prevent the risk of loss, accidental alteration, unauthorised disclosure or access. Like all companies, however, we cannot rule out data security breaches with absolute certainty because certain residual risks are unavoidable. As part of our security measures, we use firewalls, logging and encryption in particular, have authorisation concepts and have implemented other protective measures to ensure the most complete possible protection of personal data.

9.       Adjustments to this privacy policy

We expressly reserve the right to amend this privacy policy at any time. If such amendments are made, we will immediately publish the amended data protection statement on our website. The most recent data protection statement published on our website is always valid.