Privacy Notice

This Privacy Notice (Privacy Notice) informs you (you) about how Nuos Ltd, Tödistrasse 61, 8002 Zurich, Switzerland (Nuos, our, we, or us), and, to the extent applicable, its subsidiaries, treats your personal data (Data) according to the Swiss Federal Act on Data Protection (DPA) and/or (as applicable) the EU General Data Protection Regulation (GDPR) when accessing our Website (www.nuos.com) and as otherwise specified herein.

1. Controller and Contact Details

Controller is Nuos Ltd, Tödistrasse 61, 8002 Zurich, Switzerland (or, in case of one of our subsidiaries using this Privacy Notice by reference, such subsidiary). You may contact us by email (info@nuos.com).

2. What Kind of Data We Process

We process the following categories of Data:

a. Usage Data: When accessing our Website (and through our Website our services, such as e.g. the client portal, contact form, newsletter subscription, etc.), the following information about your device may be collected automatically in so-called server logfiles: server name, IP address, operating system, type of device, browser name and version, date and time of access, address of the Website from which you were redirected to our Website.

b. Contact Data: Your contact information, including your first name, middle name(s), maiden name, last name, address, email address, telephone number.

c. Professional Data: Contact Data (see above) and information about your employer and professional status (e.g., name of your company and your title and position) as well as your previous positions and professional experience.

d. Service Data: Contact Data (see above) and profile information regarding the client portal (including your username(s) and password(s), your interests, feedback and survey responses, including information about your vegetarian or vegan lifestyle) as well as financial data (including your bank account details) and further service related data (including details about services received/provided and payments made to/from you).

e. Communication Data: Contact Data (see above) and communication related data such as subject matter, communication content, and associated metadata (e.g. time of sending, receipt, processing data, responder, etc.).

f. KYC (Know Your Customer) Data: Contact Data (see above), Professional Data (see above) and date of birth, passport number, photographic identification, gender, information about your criminal convictions and offences and any further information required to perform KYC checks according to applicable laws and internal regulations.

3. Purpose and Legal Basis of Data Processing

We collect and process Data in the following situations for the indicated purpose(s) and, within the scope of applicability of the GDPR, based on the legal basis as indicated:

a. Website: When you access our Website (including the Client Portal, see below), we process Usage Data for the purposes of operating and securing our Website, in particular for security reasons to ensure the stability and integrity of our systems. Within the scope of the GDPR, such processing is based on our legitimate interest (GDPR 6.1.f). We may also use cookies as set out in our Cookies Policy (see 12 below). Furthermore, we may analyze your use of our Website with web analysis tools, including Google Analytics (with IP anonymization activated), in order to optimize our Website regarding usability and to gain insight about the use of our Website. The collected data will not be merged with other personal data or disclosed to third parties. Within the scope of GDPR, such processing is based on our legitimate interest (GDPR 6.1.f). Further information on the use of data by Google and configuration options can be found here: https://www.google.com/intl/en/policies/privacy/partners.

b. Client Portal: When you access our client portal, we process Service Data and Usage Data for the purpose of verifying whether you are authorized to access the client portal, granting you access thereto, operating and securing the portal, and providing you the services accessible via the client portal, according to your client contract. Within the scope of the GDPR, such processing is based on the performance of the contract with you (GDPR 6.1.b).

c. Newsletter: When you subscribe to, receive, and interact with our newsletter (e.g. by opening it and clicking on links), we process Marketing Data and Usage Data for the purpose of marketing our services to you, making you aware of our investment strategy, improving our marketing services and the quality of our marketing materials, providing you with more relevant information, and securing our systems. Within the scope of the GDPR, such processing is based on your consent (GDPR 6.1.a) and/or our legitimate interest (GDPR 6.1.f).

d. Communication: When you contact us by any communication channel available (e.g. contact forms, emails, phone, etc.), we process Communication Data (and to the extent applicable Usage Data) for the purpose of processing your inquiry. Within the scope of the GDPR, such processing is based on your consent (GDPR 6.1.a) and/or the performance of the contract with you (GDPR 6.1.b).

e. Investment Opportunities: In order to identify, evaluate and/or manage existing and potential investment opportunities and to market our services to our clients and prospects and make them aware of our investment strategy, we process Professional Data and Marketing Data. Within the scope of the GDPR, such processing is based on our legitimate interest (GDPR 6.1.f) and/or the performance of a contract (GDPR 6.1.b).

f. Client Contract: When entering and fulfilling a contract with you (including record-keeping, billing, invoicing, and archiving), we may process Contact Data, Professional Data and KYC Data as well as Service Data, Marketing Data and Communication Data for the purpose of providing our services and fulfilling our contractual obligations to you (including related communication, marketing and profiling). Within the scope of the GDPR, such processing is based on the performance of a contract (GDPR 6.1.b).

Under certain circumstances, we may also collect and process Data for the following purpose(s) and, within the scope of applicability of the GDPR, based on the legal basis as indicated:

a. To preserve our legal interests, e.g. by enforcing or defending our legal rights. Within the scope of the GDPR, such processing is based on our legitimate interest (GDPR 6.1.f).

b. To comply with a legal obligation to which we are subject. Within the scope of the GDPR, such processing is based on the corresponding legal obligation (GDPR 6.1.c).

4. How Personal Data Is Collected

We use different methods to collect Data. In most cases, you provide such Data to us in your direct interactions with us, e.g. by filling in forms on our Website, providing information through the client portal, corresponding with us via email, subscribing to our newsletter or in personal interactions with our staff, e.g. at conferences, fairs or other business events.

5. No Obligation to Provide Data

You are under no obligation to provide Nuos with any Data. However, if you do not make the necessary Data available to us, we may not be able to interact with you or provide the corresponding services to you (e.g. communicate with you, send a newsletter to you, grant you access to the client portal, or enter into a contract with you)

6. How Long we Retain Data

We retain / store Data in general as follows:

a. Usage Data: As long as (i) required to enable the requested access and secure the stability and integrity of our systems, (ii) where processed for the purpose of website analysis for as long as required to perform such analysis (see also our Cookie Policy in 12 below), and (iii) as part of any other data category as applicable for such category.

b. Contact Data: As long as (i) you are subscribed to our Newsletter, (ii) Contact Data is required with regard to Investment Opportunities, (iii) the Client Contract with you persists or (iv) as part of any other data category as applicable for such category.

c. Professional Data: As long as (i) Professional Data is required with regard to Investment Opportunities and/or (ii) the Client Contract with you persists and (ii) as part of any other data category as applicable for such category.

d. Service Data: As long as (i) you are accessing (or have the right to access) our client portal and/or (ii) the Client Contract with you persists.

e. Marketing Data: As long as (i) you are subscribed to our Newsletter and/or (ii) Marketing Data is required with regard to Investment Opportunities and (iii) as part of any other data category as applicable for such category.

f. Communication Data: As long as (i) required to respond to and complete your inquiry or other communication with you and/or (ii) the Client Contract with you persists.

g. KYC (Know Your Customer) Data: As long as (i) required to reach a decision about entering a Client Contrat with you and/or (i) the Client Contract with you persists.

After the above storage periods, your personal data will be deleted (or anonymized), if and to the extent (a) we are not legally obliged to retain such data (e.g. for accounting or document retention purposes) and (b) we do not have an overriding legitimate interest to retain such data for the assessment or exercise of, or for the defence against, legal claims.

7. Data Transfer

We may use service providers for the hosting and operation of our Website, cloud and database services and further services, including the client portal. Such service providers may have access to your Data, strictly limited to the performance of their services for us. Otherwise, we do not transfer your Data to any third parties.

In general, your Data is processed in Switzerland, the European Union (EU) or the European Economic Area (EEA), or in other countries that are considered to guarantee an adequate level of data protection according to the DPA and the GDPR, such as e.g. the United Kingdom. If we transfer Data to (or grant access to Data from) a third country which does not meet this requirement, we ensure that appropriate safeguards are in place, such as the EU Standard Contractual Clauses, amended to comply with Swiss data protection law. For additional information regarding the safeguards or a copy thereof please contact us as specified in Section 1.

8. Data Security

We have put appropriate technical and organizational security policies and procedures in place to protect your Data from loss, misuse, alteration, or destruction. Such measures include:

a. the pseudonymisation and encryption of personal data;

b. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

c. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and

d. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

We limit access to personal data in general. Those individuals who have access to the data are required to maintain the confidentiality of such information.

9. Right to Object

You have the right to object to the processing of your Data if (a) the processing takes place for direct marketing purposes; or (b) the processing is based on our legitimate interest (GDPR 6.1.f), by explaining the particular reasons and circumstances of your objection.

Regarding cookies through which certain personal data may be collected, you can block the setting of such cookies at any time by changing the settings in your browser accordingly or taking appropriate steps as set out in our Cookies Policy. You will then be notified whenever your browser attempts to create a cookie and you can decide whether you want to allow the cookie or not. Please note that a deactivation of cookies may result in a limited user experience and you may not be able to use every function of our Website or services or to access the services in an appropriate manner altogether. For further information, please refer to our Cookies Policy.

10. Your Rights

You have the right to request information about your Data we process. In particular, you have – or may have, depending on the circumstances – the right to:

a. Information, i.e. to ask us whether we are processing Data about you, and if so, to provide you with further information related thereto.

b. Correction, i.e. to ask us to correct your Data if it is incorrect or incomplete.

c. Deletion, i.e. to delete your Data (to the extent we are not under a legal obligation or have an overriding legitimate interest to retain such data).

d. Restrict Processing, i.e. to ask us to temporarily restrict our processing of your Data.

e. Data Portability, i.e. to ask us to provide you in electronic form (to the extent technically feasible) the Data you have provided to us.

f. Withdraw Your Consent, i.e. to withdraw your consent if and to the extent you have previously given your consent to any specific purpose of processing of your Data. This will not affect the lawfulness of any processing carried out before you withdraw your consent and it may mean that we will no longer be able to provide our services to you.

In case you wish to exercise any of these rights, please contact us as specified in Section 1. Before responding to your request, we may ask for proof of identity. This helps us to ensure that your Data is not disclosed to any person who has no right to receive it.

11. Complaint / Regulatory Authority

If you believe that our processing of your Data contradicts the applicable data protection laws, you have the possibility to lodge a complaint with the competent data protection authority.

The data protection authority for Nuos is the Swiss Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, CH-3003 Berne, Switzerland (https://www.edoeb.admin.ch).

Last Updated: September 2023

12. Cookies Policy

By using this website  (the “Website”) you consent to the use of cookies by Nuos Ltd and its affiliates (together, “Nuos“, “we” or “us“) in accordance with this cookies policy. If you do not agree to the use of cookies, please stop using the Website immediately. In here, you will find information about the use of cookies on our Website.

What do we mean by cookies?

Cookies created in a web environment or app are small text files that are stored on your device. This enables the website or app to remember specific entries and settings (for example, your login, language, usage, preferences and statistics) over a certain period of time to optimise user experience, security and analysis in particular.

Which cookies do we use and why?

We use the following types of cookies for the following purposes:

  • Strictly necessary cookies: These cookies are technically required for the functionality of the Website and the provision of the Website content and services.
  • Statistical cookies: These cookies gather information about users’ technical behaviour on the Website and (for example, how frequently the Website or sub-pages are visited, the security of the Website, error messages, loading times for the Website and the Website display in different browsers).

Which third-party cookies do we use?

We use third-party cookies as well as our own cookies. Please note that as a result of the technical and organisational measures in place, third-party providers are unable to identify specific users.

The following overview shows third-party tools that are used to improve customers’ experience on the Website, as well as the purpose of the tools and the duration for which cookies are kept.

Cookie Name

_ga
_gid
_gat
_gac_

Source
Google Analytics
Purpose

These cookies are used to collect information about how visitors use the Website. Nuos uses the information to compile reports and to help us improve our Website. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

Duration
Persistent
Cookie Name
Source
Purpose
Duration

_ga
_gid
_gat
_gac_

Google Analytics

These cookies are used to collect information about how visitors use the Website. Nuos uses the information to compile reports and to help us improve our Website. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

Persistent

How can you prevent the use of cookies or delete them?

You can disable the use of cookies at any time by deleting the cookies placed by the Website. The technical instructions within the browser settings include information such as how you can delete cookies in your browser. Alternatively, you can use the keyboard shortcut Ctrl+Shift+Delete to open the relevant settings window in most browsers.

Use of IP addresses and web logs

Nuos may also use your IP address and browser type to help diagnose problems with our server, to administer our Website and to improve the service we offer to you. An IP address is a numeric code that identifies your computer on the Internet. Your IP address might also be used to gather broad demographic information.

Nuos may perform IP lookups to determine which domain you are coming from (e.g. google.com) to more accurately gauge our users’ demographics. We may collect and process IP addresses and web logs for the purpose of website administration, security, and improving our services.

COOKIES POLICY DOES NOT COVER THIRD PARTY WEBSITES

Please note that this cookies policy does not apply to, and we are not responsible for, the privacy practices of third party websites which may be linked to this Website. This cookies policy must be read in conjunction with our Terms of Use for the Website and our Privacy Notice.

CHANGES TO THE COOKIES POLICY

We may update this cookies policy at any time without notice and we would encourage you to review the policy from time to time to stay informed of how Nuos is using cookies.

CONTACT

If you have any questions about this cookies policy or the cookies used on our Website, please send an email to nuos@bluehorizon.com.