1. Who we are
Eraneos Holding AG (hereafter “we”, “us”, “the service” or “Eraneos”) is a global management & technology consultancy with its legal seat in Zürich, Switzerland. Eraneos acts as the “controller” of your personal data when you use the website https://www.eraneos.com, or any other domain or sub-domain for the Eraneos Group (hereinafter, “the website”), obtain services or products from us, interact with us, communicate with us, or otherwise deal with us, and is therefore responsible for the processing of your data in this context.
For any concern you might have with regard to this document or the processing of your personal data, please contact our representatives:
If you are located in Switzerland:
Herr Alexander Rath
Eraneos Group AG
If you are located in Germany, Austria, Singapore, China or the US:
You can reach out to our appointed Data Protection Officer (“Datenschutzbeauftragter”):
Eraneos Germany Holding GmbH
Datenschutzbeauftragter: Tobias Block
D-20459 Hamburg, Germany
Email to: email@example.com or phone: +49 (0)40 – 809081-172
Other countries in the EEA or outside of the EEA:
Privacy Representative Eraneos Netherlands
De Passage 126-136
1101 AX Amsterdam
+31 20 305 3700
Email to: firstname.lastname@example.org
This Data Protection Statement is aligned with the EU General Data Protection Regulation (“GDPR”), the Swiss Data Protection Act (“DPA”) and the revised Swiss Data Protection Act (“revDPA”) as well as the California Consumer Privacy Act (“CCPA”). However, the application of these laws depends on each individual case.
In this document we utilize the terms ‘personal data and ‘personal information’ interchangeably.
As part of our ongoing efforts to strengthen the protection of personal data, this Data Protection Statement explains how we process personal data and the principles that we uphold with respect to transfers of personal data from the EEA and Switzerland to the US and other non- EEA countries.
We reserve the right, at our discretion, to alter and update this Data Protection Statement from time to time without prior notice. We therefore invite you to review the current version of the Data Protection Statement each time you return to our websites, as the current version published on our websites applies. If the Data Protection Statement is part of an agreement with you, we will notify you by email or other appropriate means in case of an amendment.
2. Note for California, based visitors
If you are from California, the CCPA is applicable. We enforce high privacy standards that are based on EU privacy principles, including purpose limitation and lawfulness of processing, choice (consent), security and transparency. You will find information on the purposes of processing, the data types, recipients etc. further below in the document.
Please rest assured we do not sell your data.
3. Data we process and activities we perform
It is important to note that, generally, you can visit our websites without providing any personal data about yourself.
However, in specific cases, to access some parts of our websites or to ameliorate your experience when you visit our websites, or again in order for you to request specific information or services, we may need to collect personal data from you which we will process for the purposes described hereunder.
Subject to your previous consent, we may also use the personal data you share with us for marketing purposes, to send you information about our services and offers and to help us to create, publish and improve content and services on the website that are relevant to you.
To manage your cookie-consent / web-analysis opt-in settings, please go to the cookie management tool you can always find in the bottom right hand corner of your screen.
Further and more specifically, we process the following personal information when you visit our website or interact with us from the following sources:
(a) Our correspondence: if you contact us by post, telephone, email or other electronic means, we may keep a record of that correspondence; we archive your message for at most 12 months. You are of course free to use a nickname and a pseudonymous email address.
(b) Information you provide to us: personal information that you provide to us, be it through our websites or by otherwise interacting with us, including your name, title, position and contact details.
(c) Your transactions: details of transactions you carry out through electronic or other channels and of the fulfilment of the services we provide.
3.1 Applicants and business partners
For the purposes of assessing possible employment or collaboration and to provide services to our clients we may collect and process the following personal information about you:
(a) Information we may collect about you: we may collect information about you which may include your name, academic and professional background and employment history, including the identities of your current and former employers and job titles/positions, from publicly available sources such as information that can be found using search engines, on corporate websites and information which you have decided to make public.
(b) Information you provide to us: personal information that you provide to us including your name, address, telephone numbers, email address(es) and other contact details, detailed information in respect of your academic and professional background and employment history (and other information typically contained in a detailed CV/resume).
3.2 Customers and prospective customers
If you are a customer (or a prospective customer), in addition to the information referred to in the section 3.1 above, we may collect personal data on you in the ordinary course of our business relationship with you and in the framework of the provision of our services to you. In this case we process your information to perform our contractual obligation towards you.
3.3 Visitors of the websites: web analysis service
Website and communication usage:
We process the details of your visits to the websites and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access
We also utilize the following services:
In order to be able to evaluate our website statistically, we use the program AWStats. The program is a free web analysis software. It is used for evaluating log files, create the web server on the basis of visitor requests. The program does not use cookie files for the evaluation. The statistical analysis is carried out via the log files, which also contain IP addresses. This data cannot be used to identify specific people. This information is not merged with other data sources, and the information is deleted after it has been statistically analysed. Unlike other statistics programs transmitted data to a remote server with AWStats. The program is installed on your own hosting package.
This website uses Google Analytics, a Web analysis service of Google LLC, 1600 Amphitheatre Parkway, mountain view, CA 94043, USA (“Google”). More information on the use of Google Analytics can be found on this website.
Social Media widgets and tools
Our websites will typically include functionality to enable sharing via third party social media applications, such as the Facebook Like button. These social media applications will collect and use information regarding your use of Eraneos websites. Any personal information that you provide via such social media applications will often be collected and used by other members of that social media application and such interactions are governed by the privacy policies of these external companies that provide the application. We do not have control over, or responsibility for, those companies or their use of your information.und and employment history (and other information typically contained in a detailed CV/resume).
4. Sharing of your personal information
We may disclose the information you provide to:
- Service providers, such as payment processors;
- Public authorities, such as law enforcement, if we are legally required to do so or if we need to protect our rights or the rights of third parties;
- Our subsidiaries and affiliates; Eraneos has country subsidiaries in different locations around the world and our internal processes are internationally focused (see also section 5. below);
- A subsequent owner, co-owner or operator and their advisors in connection with a corporate merger, consolidation, restructuring, or the sale of a substantial part of or of all our stock and/or assets, or other corporate reorganization, in accordance with this Data Protection Statement.
5. Transfer to 3rd parties and guarantees
Due to the international nature of our business, certain recipients may not only be located in Switzerland or the EEA, but in any country worldwide, especially in the USA. You must anticipate that in the course of our business relationship with you, your data might be transmitted to any country in which our clients, their affiliates or business partners as well as service providers or experts consulted are located. Furthermore, within Eraneos Group’s organization, there is a need to exchange personal data on an intra-group basis, and Eraneos entities might also be established outside Switzerland or the EEA.
In cases where we transfer personal information to countries outside the EEA or Switzerland, under GDPR and Swiss rules we have to ensure that there is an adequate level of data protection on the recipient’s side. If a recipient is located in a country that according to an adequacy decision of the European commission or an ordinance of the Swiss Federal Council does not have adequate statutory data protection, we require the recipient to comply with EU/Swiss data protection standards. For this purpose, we use the appropriate modules of the revised European Commission’s standard contractual clauses (which can be accessed here, unless we can rely on an exception. An exception may for example apply in case of legal proceedings abroad, in case of overriding public interest, in case the performance of a contract requires disclosure, or if data has been made available generally by you and you have not objected against its processing.
6. Retention / deletion policies
We do store the data only as long as we need it in order to fulfill the processing purposes, to follow legal retention terms or for the establishment, exercise or defense of legal claims. Our retention periods are based on business needs and your information that is no longer needed is either anonymised (and the anonymised information may be retained) or securely destroyed.
When the processing is based on your consent (opt-in), we delete your information immediately after you withdraw your consent (opt-out).
7. Data security
We have taken appropriate technical and organizational measures designed to protect your personal data from unauthorized access, misuse, destruction, loss or alteration.
We restrict access to your personal information to those persons who need to use it for the relevant purpose(s).
Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement reasonable measures to protect your personal data, we cannot guarantee the security of the data transmitted to us using the internet (including email). We are not responsible or liable for the security of your data whilst in transit via the internet. Any such transmission is at your own risk and you are responsible for ensuring that any personal data that you send to us is sent securely.
8. Your rights
According to the GDPR as well as the revDPA (and the CCPA), you have the right to request from us access to and rectification or erasure of your personal data or restriction of processing concerning you, or, where applicable, the right to object to processing or the right to data portability. Where applicable, you also have the right to withdraw your consent at any time. Please note that withdrawing your consent does not affect the lawfulness of processing based on consent before its withdrawal.
Please find more information on your rights on the website of the European Commission.
You have, in any case, the right to lodge a complaint with your data protection authority.
For Switzerland: Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
For the EEA: Please find a list of authorities via the following link: https://edpb.europa.eu/about-edpb/about-edpb/members_en
For California: California Privacy Protection Agency (https://cppa.ca.gov)
If you wish to exercise one or more of these rights, please contact our representative(s) (see section 1 above).