Skip to main contentSkip to navigationSkip to search

Personal Data Protection Policy

Last Modified: 2022-11-02

1. Introduction

Interogo Holding AG embraces the fundamental principle of respect for an individual’s right to privacy. We take this very seriously and protect all personal data entrusted to us, whether they relate to our co-workers, applicants, suppliers, business partners, clients, portfolio companies etc.

At Interogo Holding AG and our direct and indirect subsidiaries (the “Interogo Holding Group”) we commit to act in a careful and responsible way when it comes to Personal Data (as defined in point 4.3. below). We comply with data protection laws and applicable legislations in all countries where we operate. We collect, access or process personal data that is necessary to conducting our business and only for the purpose for which it is intended. We also ensure that such data is stored securely.

The mindful handling of Personal Data flows from of our core values, such as ‘caring for people and planet’, ‘simplicity’, ‘give and take responsibility’ and ‘lead by example’.

2. Scope

The present Policy outlines the main personal data protection terms and the guiding principles for the protection of personal data we should follow in our daily work.

This Personal Data Protection Policy applies to all companies which are directly or indirectly consolidated by Interogo Holding AG when handling Personal Data. The Policy does not apply to portfolio companies within our private equity, long-term equity and infrastructure strategies, as they are governed through their ownership structure and therefore only indirectly guided by the Interogo Holding AG Personal Data Protection Policy.

3. DATA PROTECTION PRINCIPLES

Flowing from our Interogo Holding Group core values and the applicable laws, we should ALWAYS keep in mind the personal data protection principles when we are dealing with Personal Data.

Personal Data.

3.1 Lawfulness, fairness, and transparency
Trust, respect, integrity and honesty are essential in the Interogo Holding Group.

These translate to our obligations to always act in a lawful manner, be fair about how we handle Personal Data and at all times be transparent to those whose Personal Data we process.

3.2 Purpose limitation
We do not use Personal Data for a purpose that is incompatible with the initial purpose for which it was collected.

For instance, if a CV is collected to assess an applicant’s eligibility, this CV cannot just be shared for another reason.

3.3 Data minimization
We take responsibility of the Personal Data we collect.

At Interogo Holding Group we only collect Personal Data that is adequate, relevant and not excessive in relation to the purpose for which the Personal Data is processed.

3.4 Storage limitation
We do not keep Personal Data for longer than is necessary for the purpose it was collected.

When Personal Data is no longer required, we always destroy it in a safe manner. We do not keep Personal Data “just in case it might come in handy in the future.

3.5 Integrity and confidentiality
Our core value ‘caring for people and planet’ means that we protect all Personal Data processed by any of the companies of the Interogo Holding Group.

We all take appropriate technical and organizational measures against unauthorised or unlawful Processing of Personal Data and against accidental loss or destruction of Personal Data.

Each co-worker has a responsibility to ensure that Personal Data held in the Interogo Holding Group does not end up in the wrong hands.

3.6 Accountability principle
We, as Co-workers in the Interogo Holding Group are, at all times, able to demonstrate that we have understood these principles and are able to act in a compliant manner.

4. MAIN PERSONAL DATA PROTECTON TERMS AND GUIDANCE (I/V)

The main terms for protection of Personal Data as per the applicable legal framework and some practical guidance are listed below.

4.1 Personal Data Protection Laws
The General Data Protection Regulation (GDPR) is EU legislation regulating the protection of Personal Data.

Its main goal is (i) to empower those whose Personal Data is used (data subjects) by giving them control to their data and (ii) to impose safeguards to ensure that such data is handled in a secure and transparent manner.

GDPR became applicable in the national legislation of all EU member states as of 25 May 2018.

The United Kingdom and Switzerland provide similar protection of personal data through their national laws (currently the UK Data Protection Act 2018 and the Swiss Data Protection Act 2020) and are considered equivalent jurisdictions.

GDPR, the national laws transposing GDPR in each EU country, the UK Data Protection Act 2018 and the Swiss Data Protection Act 2020 as applicable and any similar national legislation are referred to as the “Personal Data Protection laws”.

The Personal Data Protection laws mostly rely on definitions provided in the GDPR. These Personal Data Protection laws are applicable when Personal Data is processed.

Any breaches of the Personal Data Protection laws have to be investigated immediately and in some cases need to be reported to the national Data Protection Authority within 72h by the data controller.

4. MAIN PERSONAL DATA PROTECTON TERMS AND GUIDANCE (II/V)

4.2 Roles under the GDPR and the national Personal Data Protection Laws
“Data Subject” - individual whose personal data is collected and processed. Data subject retain certain rights with respect to their data which have to be safeguarded by the data controller.

“Controller” - the entity or person who determines the purposes and means of the Processing of Personal Data (or in other words: the “why” and “how”).

Controllers are responsible for the Personal Data Process, for example employee personal data or personal data regarding counterparties or customers.

The GDPR and the national Personal Data Protection laws impose extensive requirements on controllers, which include the requirement to implement different personal data protection policies and procedures.

In its day-to-day activities, most of the companies of the Interogo Holding Group operate as a “controller”.

“Processor” is a natural or legal person, public authority, agency or other body which processes personal data on behalf of a controller.

The duties of the processor towards the controller must be specified in a contract or another legal act. For example, the contract must indicate what happens to the personal data once the contract is terminated.

4. MAIN PERSONAL DATA PROTECTON TERMS AND GUIDANCE (III/V)

4.3 Personal Data
‘Personal Data’ means any information relating to an identified or identifiable natural living person. An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as: