To make the bioeconomy real, develop for scalability and creditworthiness Read more x

Privacy Notice

This Privacy Notice (Privacy Notice) informs you (you) about how Blue Horizon Corporation Ltd, Tödistrasse 61, 8002 Zurich, Switzerland (Blue Horizon, our, we, or us), and, to the extent applicable, its subsidiaries, treats your personal data (Data) according to the Swiss Federal Act on Data Protection (DPA) and/or (as applicable) the EU General Data Protection Regulation (GDPR) when accessing our Website (www.bluehorizon.com) and as otherwise specified herein.

1. Controller and Contact Details

Controller is Blue Horizon Corporation Ltd, Tödistrasse 61, 8002 Zurich, Switzerland (or, in case of one of our subsidiaries using this Privacy Notice by reference, such subsidiary). You may contact us via the contact form on our website or by email (DPO@bluehorizon.com).

Our EU representative is Blue Horizon Growth sarl, 15, Boulevard F.W. Raiffeisen, L-2411 Luxembourg, Grand Duchy of Luxembourg.

2. What Kind of Data We Process

We process the following categories of Data:

    1. Usage Data: When accessing our Website (and through our Website our services, such as e.g. the client portal, contact form, newsletter subscription, etc.), the following information about your device may be collected automatically in so-called server logfiles: server name, IP address, operating system, type of device, browser name and version, date and time of access, address of the Website from which you were redirected to our Website (regarding cookies used on our Website please see our Cookies Policy).
    1. Contact Data: Your contact information, including your first name, middle name(s), maiden name, last name, address, email address, telephone number.
    1. Professional Data: Contact Data (see above) and information about your employer and professional status (e.g., name of your company and your title and position) as well as your previous positions and professional experience.
    1. Service Data: Contact Data (see above) and profile information regarding the client portal (including your username(s) and password(s), your interests, feedback and survey responses, including information about your vegetarian or vegan lifestyle) as well as financial data (including your bank account details) and further service related data (including details about services received/provided and payments made to/from you).
    1. Communication Data: Contact Data (see above) and communication related data such as subject matter, communication content, and associated metadata (e.g. time of sending, receipt, processing data, responder, etc.).
    1. KYC (Know Your Customer) Data: Contact Data (see above), Professional Data (see above) and date of birth, passport number, photographic identification, gender, information about your criminal convictions and offences and any further information required to perform KYC checks according to applicable laws and internal regulations.

3. Purpose and Legal Basis of Data Processing

We collect and process Data in the following situations for the indicated purpose(s) and, within the scope of applicability of the GDPR, based on the legal basis as indicated:

    1. Website: When you access our Website (including the Client Portal, see below), we process Usage Data for the purposes of operating and securing our Website, in particular for security reasons to ensure the stability and integrity of our systems. Within the scope of the GDPR, such processing is based on our legitimate interest (GDPR 6.1.f). We may also use cookies as set out in our Cookies Policy. Furthermore, we may analyze your use of our Website with web analysis tools, including Google Analytics (with IP anonymization activated), in order to optimize our Website regarding usability and to gain insight about the use of our Website. The collected data will not be merged with other personal data or disclosed to third parties. Within the scope of GDPR, such processing is based on our legitimate interest (GDPR 6.1.f). Further information on the use of data by Google and configuration options can be found here: https://www.google.com/intl/en/policies/privacy/partners.
    1. Client Portal: When you access our client portal, we process Service Data and Usage Data for the purpose of verifying whether you are authorized to access the client portal, granting you access thereto, operating and securing the portal, and providing you the services accessible via the client portal, according to your client contract. Within the scope of the GDPR, such processing is based on the performance of the contract with you (GDPR 6.1.b).
    1. Newsletter: When you subscribe to, receive, and interact with our newsletter (e.g. by opening it and clicking on links), we process Marketing Data and Usage Data for the purpose of marketing our services to you, making you aware of our investment strategy, improving our marketing services and the quality of our marketing materials, providing you with more relevant information, and securing our systems. Within the scope of the GDPR, such processing is based on your consent (GDPR 6.1.a) and/or our legitimate interest (GDPR 6.1.f).
    1. Communication: When you contact us by any communication channel available (e.g. contact forms, emails, phone, etc.), we process Communication Data (and to the extent applicable Usage Data) for the purpose of processing your inquiry. Within the scope of the GDPR, such processing is based on your consent (GDPR 6.1.a) and/or the performance of the contract with you (GDPR 6.1.b).
    1. Investment Opportunities: In order to identify, evaluate and/or manage existing and potential investment opportunities and to market our services to our clients and prospects and make them aware of our investment strategy, we process Professional Data and Marketing Data. Within the scope of the GDPR, such processing is based on our legitimate interest (GDPR 6.1.f) and/or the performance of a contract (GDPR 6.1.b).
    1. Client Contract: When entering and fulfilling a contract with you (including record-keeping, billing, invoicing, and archiving), we may process Contact Data, Professional Data and KYC Data as well as Service Data, Marketing Data and Communication Data for the purpose of providing our services and fulfilling our contractual obligations to you (including related communication, marketing and profiling). Within the scope of the GDPR, such processing is based on the performance of a contract (GDPR 6.1.b).

Under certain circumstances, we may also collect and process Data for the following purpose(s) and, within the scope of applicability of the GDPR, based on the legal basis as indicated:

    1. To preserve our legal interests, e.g. by enforcing or defending our legal rights. Within the scope of the GDPR, such processing is based on our legitimate interest (GDPR 6.1.f).
    1. To comply with a legal obligation to which we are subject. Within the scope of the GDPR, such processing is based on the corresponding legal obligation (GDPR 6.1.c).

4. How Personal Data Is Collected

We use different methods to collect Data. In most cases, you provide such Data to us in your direct interactions with us, e.g. by filling in forms on our Website, providing information through the client portal, corresponding with us via email, subscribing to our newsletter or in personal interactions with our staff, e.g. at conferences, fairs or other business events.

5. No Obligation to Provide Data

You are under no obligation to provide Blue Horizon with any Data. However, if you do not make the necessary Data available to us, we may not be able to interact with you or provide the corresponding services to you (e.g. communicate with you, send a newsletter to you, grant you access to the client portal, or enter into a contract with you).

6. How Long we Retain Data

We retain / store Data in general as follows:

    1. Usage Data: As long as (i) required to enable the requested access and secure the stability and integrity of our systems, (ii) where processed for the purpose of website analysis for as long as required to perform such analysis (see also our Cookies Policy), and (iii) as part of any other data category as applicable for such category.
    1. Contact Data: : As long as (i) you are subscribed to our Newsletter, (ii) Contact Data is required with regard to Investment Opportunities, (iii) the Client Contract with you persists or (iv) as part of any other data category as applicable for such category.
    1. Professional Data:As long as (i) Professional Data is required with regard to Investment Opportunities and/or (ii) the Client Contract with you persists and (ii) as part of any other data category as applicable for such category.
    1. Service Data: As long as (i) you are accessing (or have the right to access) our client portal and/or (ii) the Client Contract with you persists.
    1. Marketing Data: As long as (i) you are subscribed to our Newsletter and/or (ii) Marketing Data is required with regard to Investment Opportunities and (iii) as part of any other data category as applicable for such category.
    1. Communication Data: As long as (i) required to respond to and complete your inquiry or other communication with you and/or (ii) the Client Contract with you persists.
    1. KYC (Know Your Customer) Data: As long as (i) required to reach a decision about entering a Client Contrat with you and/or (i) the Client Contract with you persists.

After the above storage periods, your personal data will be deleted (or anonymized), if and to the extent (a) we are not legally obliged to retain such data (e.g. for accounting or document retention purposes) and (b) we do not have an overriding legitimate interest to retain such data for the assessment or exercise of, or for the defence against, legal claims.

7. Data Transfers

We may use service providers (including other members of the Blue Horizon group) for the hosting and operation of our Website, cloud and database services and further services, including the client portal. Such service providers may have access to your Data, strictly limited to the performance of their services for us. Otherwise, we do not transfer your Data to any third parties.

In general, your Data is processed in Switzerland, the European Union (EU) or the European Economic Area (EEA), or in other countries that are considered to guarantee an adequate level of data protection according to the DPA and the GDPR, such as e.g. the United Kingdom. If we transfer Data to (or grant access to Data from) a third country which does not meet this requirement, we ensure that appropriate safeguards are in place, such as the EU Standard Contractual Clauses, amended to comply with Swiss data protection law. For additional information regarding the safeguards or a copy thereof please contact us as specified in Section 1.

8. Data Security

We have put appropriate technical and organizational security policies and procedures in place to protect your Data from loss, misuse, alteration, or destruction. Such measures include:

    1. the pseudonymisation and encryption of personal data;
    1. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
    1. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
    1. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

We limit access to personal data in general. Those individuals who have access to the data are required to maintain the confidentiality of such information.

9. Right to Object

You have the right to object to the processing of your Data if (a) the processing takes place for direct marketing purposes; or (b) the processing is based on our legitimate interest (GDPR 6.1.f), by explaining the particular reasons and circumstances of your objection.

Regarding cookies through which certain personal data may be collected, you can block the setting of such cookies at any time by changing the settings in your browser accordingly or taking appropriate steps as set out in our Cookies Policy. You will then be notified whenever your browser attempts to create a cookie and you can decide whether you want to allow the cookie or not. Please note that a deactivation of cookies may result in a limited user experience and you may not be able to use every function of our Website or services or to access the services in an appropriate manner altogether. For further information, please refer to our Cookies Policy.

10. Your Rights

You have the right to request information about your Data we process. In particular, you have – or may have, depending on the circumstances – the right to:

    1. Information, i.e. to ask us whether we are processing Data about you, and if so, to provide you with further information related thereto.
    1. Correction, i.e. to ask us to correct your Data if it is incorrect or incomplete.
    1. Deletion, i.e. to delete your Data (to the extent we are not under a legal obligation or have an overriding legitimate interest to retain such data).
    1. Restrict Processing, i.e. to ask us to temporarily restrict our processing of your Data.
    1. Data Portability, i.e. to ask us to provide you in electronic form (to the extent technically feasible) the Data you have provided to us.
    1. Withdraw Your Consent, i.e. to withdraw your consent if and to the extent you have previously given your consent to any specific purpose of processing of your Data. This will not affect the lawfulness of any processing carried out before you withdraw your consent and it may mean that we will no longer be able to provide our services to you.

In case you wish to exercise any of these rights, please contact us as specified in Section 1. Before responding to your request, we may ask for proof of identity. This helps us to ensure that your Data is not disclosed to any person who has no right to receive it.

11. Complaint / Regulatory Authority

If you believe that our processing of your Data contradicts the applicable data protection laws, you have the possibility to lodge a complaint with the competent data protection authority.

The data protection authority for Blue Horizon is the Swiss Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, CH-3003 Berne, Switzerland (https://www.edoeb.admin.ch).  

Last Updated: 9 February 2022