Legal information

Zero Tolerance Statement

LANCRY Natural Capital Advisory AG has zero tolerance for prohibited practices, including but not limited to corruption, fraud, coercion, collusion, obstructive practice, abuse, money laundering, retaliation against whistleblower, terrorism financing and any form of inappropriate, and unethical behaviour. The principles apply to all staff members, third party suppliers, and counterparts collaborating with LANCRY. Employees and representatives of LANCRY are under permanent obligation to practice honesty and integrity when fulfilling their responsibilities to comply with applicable policies, laws and regulations. All employees and persons acting on behalf of LANCRY are obliged to uphold the highest standards of integrity and professionalism. LANCRY encourages reporting of suspected or actual instances of wrongdoing, misconduct or unethical behaviour. All reports are taken seriously and convening dialogues or investigations are conducted in a manner that is timely, fair, and independent.

Transparency Statement
Scope

LANCRY has issued this statement in the light of the Swiss Data Protection Act and the data protection and privacy regulation of the European Union (EU).

Data protection information

With the following information, we would like to give you an overview of how we will process your data and of your rights according to data privacy laws. The details on what data will be processed, and which method will be used depend significantly on the services applied for or agreed upon.

Who is responsible for data processing and how can I contact them?

LANCRY Natural Capital Advisory AG,

c/o a&o kreston ag, Bändliweg 20,

CH-8048 Zürich, Switzerland

E-Mail: Contact@lancry-nc.com

What sources and data do we use?

We process personal data that we obtain from our business clients and suppliers in the context of business relationships. We also process – insofar as necessary to provide our services and organize our procurement of services – personal data that we obtain from publicly accessible sources, (e.g. debt registers, commercial and association registers, press, internet) or that is legitimately transferred between LANCRY group entities or from other third parties (e.g. event organizations).

Relevant data is personal information of contact persons from our clients and suppliers (e.g. name, address and other contact details, date and place of birth, and nationality), and identification data (e.g. ID card details). Furthermore, this can also be order data (e.g. payment order), data from the fulfilment of our contractual obligations (e.g. sales and order data in payment and investment transactions), marketing and sales data, documentation data (e.g. meeting protocols), and other data similar to the categories mentioned.

What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the Swiss Federal Act on Data Protection (FADP) and the European General Data Protection Regulation (GDPR):

  • For fulfilment of contractual obligations data is processed in order to provide and receive services in the context of carrying out our contracts with our clients and suppliers or to carry out pre-contractual measures that occur as part of a request. The purposes of data processing are primarily in compliance with the specific services provided or received. You can find more specific details about the purposes of data processing in the relevant contract documents and terms and conditions.
  • In the context of balancing interests. Where required, we process your data beyond the actual fulfilment of the contract for the purposes of the legitimate interests pursued by us or a third party.

Examples:

  • Consulting and exchanging data with third parties (e.g. debt register to investigate creditworthiness and credit risks)
  • Reviewing and optimizing procedures for needs assessment for the purpose of direct client discussions
  • Marketing or market and opinion research, unless you have objected to the use of your data
  • Asserting legal claims and defence in legal disputes
  • Guarantee of our company’s IT security and IT operation
  • Prevention and clarification of crimes
  • Video surveillance to protect the right of owner of premises to keep out trespassers or for collecting evidence in hold-ups or fraud
  • Measures for building and site security (e.g. access controls)
  • Measures for ensuring the right of owner of premises to keep out trespassers
  • Measures for business management and further development of services and products
  • Risk control within LANCRY Group

In addition, we obtain personal data from publicly available sources for marketing purposes.

  • As a result of your consent. As long as you have granted us consent to process your personal data for certain purposes (e.g. analysis of certain activities for marketing purposes), this processing is legal on the basis of your consent. Consent given can be withdrawn at any time. Withdrawal of consent does not affect the legality of data processed prior to withdrawal.
  • Due to statutory provisions or in the public interest.

Who receives my data?

Within LANCRY Group, every unit that requires your data to fulfil its contractual and legal obligations will have access to it. Service providers and independent agents appointed by us can also receive access to data for the purposes given, if they maintain confidentiality. These are companies in the categories of banking services, IT services, logistics, printing services, telecommunications, collection, advice and consulting, and sales and marketing.

Will data be transferred to a third country or an international organization?

Your data may be shared within LANCRY Group and/or independent service providers. As such, your data may be transferred to countries outside Switzerland or the European Economic Area (EEA). Personal data is transferred outside Switzerland or the EEA on the basis of declarations of adequacy or other appropriate safeguards, in particular standard data protection clauses.

Please contact us if you would like to request to see a copy of the specific safeguards applied to the export of your information.

Security of processing

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we make reasonable efforts to protect personal data against accidental and illegal destruction and loss. We strive to ensure that personal data is used properly and protected from unauthorized access, use or disclosure. We use a combination of process, technology and physical security controls to protect personal data from unauthorized access, use or disclosure.

In addition, access to personal data is restricted to employees, independent service providers, and agents who need such information to perform their assigned functions and to develop or improve our services.

For how long will my data be stored?

We will process and store your personal data for as long as it is necessary in order to fulfil our contractual and statutory obligations. It should be noted here that our business relationship is a long-term obligation, which is set up on the basis of periods of years.

If the data is no longer required in order to fulfil contractual or statutory obligations, it is deleted, unless its further processing is required – for a limited time – for the following purposes: Fulfilling obligations to preserve records according to commercial and tax law.

What data privacy rights do I have?

Every data subject has the right to access its data, the right to rectification, the right to erasure, the right to restrict processing, the right of object, and if applicable – the right to data portability. Furthermore, if applicable on you, there is also a right to lodge a complaint with an appropriate data privacy regulatory authority.

On grounds relating to your particular situation, you shall have the right of objection, at any time to processing of your personal data which is based on data processing in the public interest and data processing based on balancing interests. If you submit an objection, we will no longer process your personal data unless we can give evidence of mandatory, legitimate reasons for processing, which outweigh your interests, rights, and freedoms, or processing serves the enforcement, exercise, or defense of interests. Please note, that in such cases we may not be able to continue to provide services and maintain a business relation.

You can withdraw consent granted to us for the processing of personal data at any time. Please note that the withdrawal only applies to the future. Processing that was carried out before the withdrawal is not affected by it.

The objection or withdrawal does not need to be made in a particular form and should ideally be addressed to the contact details given above.

Right to lodge a complaint with a supervisory authority

As the controller, we are obliged to notify the data subject of the right to lodge a complaint with a supervisory authority. According to this right, without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in Switzerland and/or the EEA member state of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the relevant data privacy laws.

If an affected person wants to complain about us, we ask you to contact only one regulatory body.

To what extent is there automated decision-making or profiling?

In establishing and carrying out a business relationship, we generally do not use any automated decision-making nor any profiling pursuant to the corresponding articles on the FADP or GDPR. If we use this procedure in individual cases, we will inform you of this separately, as long as this is a legal requirement.