1. Who we are
ERANEOS AG (hereafter «we», «us», «the service» or «Eraneos») is a global management & technology consultancy headquartered in Zurich, Switzerland. Eraneos acts as the «controller» of your personal data when you use our website, services, or interact with us in any capacity. For purposes of this Privacy Policy, «we» also refers to our subsidiaries and affiliates within the Eraneos Group.
This Privacy Policy provides clients, prospects, contractors, suppliers, job candidates, attendees of our events, and all visitors of our website with detailed information on how we process personal data.
If you have any concerns regarding this document or the processing of your personal data, please contact our representatives:
If you are located in Switzerland:
Fokko Oldewurtel
Domenig & Partner Rechtsanwälte AG
Eraneos Group AG
Andreasstrasse 11
8050 Zurich, Switzerland
Email: compliance.ch@eraneos.com
If you are located in Germany, Austria, Singapore, China or the US: You can reach out to our appointed Data Protection Officer (“Datenschutzbeauftragter”):
Eraneos Germany Holding GmbH
Data Protection Officer / Datenschutzbeauftragter: Tobias Block
Zeughausmarkt 33
D-20459 Hamburg, Germany
Email to: dataprotection.de@eraneos.com or phone: +49 (0)40 – 809081-172
If you are located in the Netherlands or Spain:
Privacy Representative Eraneos Netherlands
De Passage 126-136
1101 AX Amsterdam
+31 20 305 3700
Email to: privacy.nl@eraneos.com
EU and EEA residents or residents outside of the EEA:
Privacy Representative Eraneos Netherlands
De Passage 126-136
1101 AX Amsterdam
+31 20 305 3700
Email to: privacy.nl@eraneos.com
If you are located in the UK:
Contact & Data Protection Officer: Julian Meyrick
Eraneos UK Ltd
1 Angel Court
London EC2R 7HJ
Email: julian.meyrick@eraneos.com
This Privacy Policy is aligned with the EU General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (nFDAPD), the UK GDPR, the UK Data Protection Act 2018, the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA). However, the application of these laws depends on the location of the data subjects and/or the location where the services are offered.
2. Note for California, based visitors
If you are a resident of California, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to access, delete, and opt-out of the sale of your personal data. Please note that we do not sell your personal data under any circumstances.
We uphold high privacy standards based on EU privacy principles, including purpose limitation, lawfulness of processing, consent, security, and transparency.
For more details on your rights under CCPA/CPRA, please refer to Section 10 below.
3. Data we process and activities we perform
You can generally visit our websites without providing any personal data. However, in certain circumstances, such as when requesting specific information or services, we may need to collect and process personal data for the following purposes:
- To respond to inquiries or requests.
- To deliver services or products.
- To improve your experience on our website.
- For marketing purposes (with your consent).
We process the following personal data based on specific lawful bases, including consent, contractual obligation, legitimate interest, and legal obligation.
3.1 Applicants and business partners
For the purposes of assessing possible employment or collaboration, and to provide services to clients, we may collect and process the following personal information about applicants and business partners:
- Information we may collect: Name, academic and professional background, employment history, and job titles/positions.
- Information you provide: Your name, address, telephone number(s), email address(es), and detailed information about your academic and professional background, including your CV/resume.
3.2 Customers and prospective customers
For customers and prospective customers, we may collect personal data as part of our contractual relationship or during the provision of services. We process this information based on our contractual obligations with you.
3.3 Visitors of the website: web analysis service
If you provide consent, we process the details of your visits to our website, including information collected via cookies and tracking technologies such as your IP address, browser version, operating system, location data, and web logs.
We use tools like Google Analytics to analyze website usage. Google Analytics anonymizes IP addresses through the «_anonymizeIp()» feature to ensure compliance with privacy regulations.
Social Media widgets and tools
Our websites will typically include functionality to enable sharing via third party social media applications, such as the Facebook Like button. These social media applications will collect and use information regarding your use of Eraneos websites. Any personal information that you provide via such social media applications will often be collected and used by other members of that social media application and such interactions are governed by the privacy policies of these external companies that provide the application. We do not have control over, or responsibility for, those companies or their use of your information and employment history (and other information typically contained in a detailed CV/resume).
Please visit our cookie policy for further information.
4. Sharing of your personal information
We disclose your personal information only when a valid legal ground exists, and specifically to the following:
- Public authorities: Such as law enforcement, when legally required or to protect our rights or the rights of third parties.
- Subsidiaries and affiliates: Within the XX Group for business operations.
- Service providers: Such as cloud storage and hosting services.
5. Transfer to third parties and guarantees
We may transfer your personal data to countries outside Switzerland, the EU, or the EEA. Where applicable, we ensure appropriate safeguards are in place, such as the European Commission’s Standard Contractual Clauses (SCCs) or rely on other legal mechanisms such as adequacy decisions or legal exceptions.
6. Retention / deletion policies
Personal data is retained only as long as necessary to fulfill the purposes for which it was collected, or to meet legal retention requirements. Once no longer needed, data is either anonymized or securely destroyed.
If the processing is based on your consent, we will delete your personal data after you withdraw your consent.
7. Security of your data
We implement appropriate technical and organizational measures, such as encryption and access controls, to protect your personal data from unauthorized access, loss, or misuse.
We restrict access to your personal information to those persons who need to use it for the relevant purpose(s).
Because the internet is an open system, the transmission of information via the internet is
never completely secure. Although we will implement reasonable measures to protect your personal data, we cannot guarantee the security of the data transmitted to us using the internet (including email). We are not responsible or liable for the security of your data whilst in transit via the internet. Any such transmission is at your own risk, and you are responsible for ensuring that any personal data that you send to us is sent securely.
In the event of security or privacy affecting that personal data, we have in place solid incident response procedures, including appropriate reporting channels.
8. Your rights
Under the GDPR and Swiss data protection laws, you have the following rights:
- Access: Request a copy of your personal data.
- Rectification: Correct inaccurate personal data.
- Erasure: Request the deletion of your personal data.
- Restriction of Processing: Request a restriction on the processing of your personal data.
- Objection: Object to the processing of your personal data for legitimate reasons.
- Data Portability: Request that we transfer your personal data to another service provider in a structured, machine-readable format.
Please consider that some of these rights (in particular deletion and restriction) are not absolute and only apply in certain circumstances.
If you wish to exercise any of these rights, please contact us using the contact details provided in Section 1.
You also have the right to lodge a complaint with your relevant data protection authority.
- For Switzerland: Federal Data Protection and Information Commissioner (edoeb.admin.ch)
- For the EU/EEA: European Data Protection Board
- For California: California Privacy Protection Agency (cppa.ca.gov)
9. US Requirements
Under the California Consumer Privacy Act (CCPA), we confirm that we do not sell your personal data. We also adhere to CPRA regulations regarding the collection and use of personal data.
California residents have the right to designate an authorized agent to make requests on their behalf. To do so, we will require proof of the agent’s authority.
10. Your rights under the California Privacy Protection Act (CPPA) and California Privacy Rights Act (CPRA)
If you are a resident of California, you have certain rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) regarding your personal data. These rights include:
1. Right to Know
You have the right to request information about the categories and specific pieces of personal data we have collected about you, the sources of that data, the purposes for which we collect it, and whether we share that data with third parties.
2. Right to Delete
You have the right to request that we delete the personal data we have collected about you, subject to certain exceptions. For example, we may not be required to delete data if it is necessary for us to comply with legal obligations or perform a contract.
3. Right to Correct
You have the right to request that we correct any inaccurate personal data we hold about you.
4. Right to Opt-Out of Sale or Sharing
Under the CPRA, you have the right to opt out of the «sale» or «sharing» of your personal information with third parties, if applicable. Please note that we do not sell or share your personal data.
5. Right to Limit Use of Sensitive Personal Information
You have the right to request that we limit the use of your sensitive personal information to certain purposes permitted by law.
6. Right to Non-Discrimination
You have the right to exercise the above rights without being discriminated against. For example, we cannot deny you services or charge you different prices for exercising your rights under the CPPA/CPRA.
7. Right to Data Portability
You have the right to request a copy of the personal data we have collected about you in a structured, commonly used, and machine-readable format so that it can be transferred to another organization if you choose.
To exercise any of these rights, you can contact us at the details provided in Section 1 above. In your request, please include sufficient information to verify your identity and help us process your request. We will respond within the time frame set by law (usually within 45 days of receiving your request, with one extension allowed).
If you would like to designate an authorized agent to make a request on your behalf, we will verify the agent’s authority to act on your behalf. We may require a signed permission from you or other verification to ensure the agent’s legitimacy.
In addition to the rights provided by the CPRA, California law allows you to request a list of third parties with whom we have shared personal information for direct marketing purposes in the preceding calendar year. To request this information, please contact us at the contact details provided in Section 1 above.
11. Updates
We may update this Privacy Policy from time to time to reflect changes in our data processing practices or legal requirements. We will notify you of any significant changes by posting an updated version on our website or by other means.
Last update: 12/06/2025