Privacy Policy

1. Who we are

Eraneos Holding AG (hereafter “we”, “us”, “the service” or “Eraneos”) is a global management & technology consultancy with its legal seat in Zürich, Switzerland. Eraneos acts as the “controller” of your personal data when you use the website, or any other domain or sub-domain for the Eraneos Group (hereinafter, “the website”), obtain services or products from us, interact with us, communicate with us, or otherwise deal with us, and is therefore responsible for the processing of your data in this context.

The following Privacy Policy is meant to provide our clients, prospects, contractors, suppliers, job-candidates or attendees of our events, as well as all visitors of our website about the manner we process personal data.
For any concern you might have with regard to this document or the processing of your personal data, please contact our representatives:

If you are located in Switzerland:
Herr Alexander Rath
Eraneos Group AG
Andreasstrasse 11
CH-8050 Zurich, Switzerland

If you are located in Germany, Austria, Singapore, China or the US: You can reach out to our appointed Data Protection Officer (“Datenschutzbeauftragter”): 
Eraneos Germany Holding GmbH
Data Protection Officer / Datenschutzbeauftragter: Tobias Block
Zeughausmarkt 33
D-20459 Hamburg, Germany
Email to: or phone: +49 (0)40 – 809081-172

If you are located in the Netherlands or Spain:
Privacy Representative Eraneos Netherlands
De Passage 126-136
1101 AX Amsterdam
+31 20 305 3700
Email to:

EU and EEA residents or residents outside of the EEA:
Privacy Representative Eraneos Netherlands
De Passage 126-136
1101 AX Amsterdam
+31 20 305 3700
Email to:

This Data Protection Statement is aligned with the EU General Data Protection Regulation (“GDPR”), the New Federal Act on Data Protection (nFDAPD), the UK GDPR, as well as the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (CPRA). However, the application of these laws depends on each individual case and, on the location of the data subjects
and/or where the services are offered.

In this document we utilize the terms ‘personal data’ and ‘personal information’ interchangeably.

As part of our ongoing efforts to strengthen the protection of personal data, this Data Protection Statement explains how we process personal data and the principles that we uphold with respect to transfers of personal data from the EEA and Switzerland to the US and other non-EEA countries. 

We reserve the right, at our discretion, to alter and update this Data Protection Statement from time to time without prior notice. We therefore invite you to review the current version of the Data Protection Statement each time you return to our websites, as the current version published on our websites applies. If the Data Protection Statement is part of an agreement with you, we will notify you by email or other appropriate means in case of an amendment.

2. Note for California, based visitors

If you are from California, the CCPA and CDPRA are applicable. We enforce high privacy standards that are based on EU privacy principles, including purpose limitation and lawfulness of processing, choice (consent), security and transparency. You will find information on the purposes of processing, the data types, recipients etc. further below in the document. Please rest assured we do never sell your personal data.

3. Data we process and activities we perform

It is important to note that, generally, you can visit our websites without providing any personal data about yourself.

However, in specific cases, to access some parts of our websites or to improve your experience when you visit our websites, or again, in order for you to request specific information or services, we may need to collect personal data from you, which we will process for the purposes described hereunder.

Subject to your previous consent, we may also use the personal data you share with us for marketing purposes, to send you information about our services and offers and to help us to create, publish and improve content and services on the website that are relevant to you.

If you wish to manage your cookie-consent / web-analysis opt-in settings, please go to the cookie management tool you can always find at the bottom right hand corner of your screen.

More information about the cookies we deploy can be found in our cookie policy.

Further and more specifically, we process the following personal information when you visit our website or interact with us from the following sources:

(a) Our correspondence: if you contact us by post, telephone, email or other electronic means, we may keep a record of that correspondence; we archive your message for no longer than 12 months. We do this for our legitimate interest in order to keep track of our correspondence with you and provide you optimal feedback and adequate answers to your requests or questions. You are of course free to use a nickname and a pseudonymous email address.

(b) Information you provide to us: personal information that you provide to us, be it through our websites or by otherwise interacting with us, including your name, title, position and contact details, considering our legitimate interest in optimize the interactions with you and provide the services or answers you request.

In general, we do not intentionally collect any special categories of personal data (sensitive personal information) via our website(s) or in any other way.

3.1 Applicants and business partners

For the purposes of assessing possible employment or collaboration and to provide services to our clients we may collect and process the following personal information about you:

(a) Information we may collect about you:  we may collect information about you which may include your name, academic and professional background and employment history, including the identities of your current and former employers and job titles/positions you share with us.

(b) Information you provide to us: personal information that you provide to us including your name, address, telephone numbers, email address(es) and other contact details, detailed information in respect of your academic and professional background and employment history (and other information typically contained in a detailed CV/resume).

3.2 Customers and prospective customers

If you are a customer (or a prospective customer), in addition to the information referred to in the section 3.1 above, we may collect personal data on you in the ordinary course of our business relationship with you and in the framework of the provision of our services to you. In this case we process your information to perform our contractual obligation towards you.

3.3 Visitors of the websites: web analysis service

Website and communication usage:
If you provided your consent, we process the details of your visits to the websites and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access

More in general we also utilize the following tools to help us understand how our websites are used and further improve their usability and features:

Google Analytics
This website uses Google Analytics, a Web analysis service of Google LLC, 1600 Amphitheatre Parkway, mountain view, CA 94043, USA (“Google”). More information on the use of Google Analytics can be found on this website.

Cookie-generated information about your use of this website is usually transmitted to and stored on a Google server in the USA. Our website uses Google Analytics exclusively with the extension “_anonymizeIp()”, which ensures an anonymisation of the IP address by shortening and excludes a direct personal relationship. On our behalf, Google will use this information for the purpose of evaluating your use of the website, for compiling reports on website activity, and for providing us other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not conflated with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser. Furthermore, you can prevent the collection of data generated by the cookie and related to the usage of the website (incl. your IP address) and the processing of the data by Google by downloading and installing the browser plugin.

Social Media widgets and tools
Our websites will typically include functionality to enable sharing via third party social media applications, such as the Facebook Like button. These social media applications will collect and use information regarding your use of Eraneos websites. Any personal information that you provide via such social media applications will often be collected and used by other members of that social media application and such interactions are governed by the privacy policies of these external companies that provide the application. We do not have control over, or responsibility for, those companies or their use of your information and employment history (and other information typically contained in a detailed CV/resume).

4. Sharing of your personal information

We disclose the information you provide solely when a valid legal ground exists to do so, and more specifically with:

  • Public authorities, such as law enforcement, only if we reasonably believe we are legally required to do so or if we need to protect our rights or the rights of third parties;
  • Our subsidiaries and affiliates; Eraneos has country subsidiaries in different locations around the world and our internal processes are internationally focused, (see also section 5 below for more information on the international transfers of your information);
  • A subsequent owner, co-owner or operator and their advisors in connection with a corporate merger, consolidation, restructuring, or the sale of a substantial part of or of all our stock and/or assets, or other corporate reorganization, in accordance with this Data Protection Statement.

5. Transfer to 3rd parties and guarantees

We store personal data on servers mainly located in the European Union.

We may transfer personal data to our Affiliates and Entities abroad, and a few carefully selected third parties situated within or outside Switzerland and the EU, when we have a business reason to engage these organizations.

Due to the international nature of our business, certain recipients, more specifically certain service providers, (especially IUT providers), clients and our subsidiaries and affiliates may not only be located in Switzerland, the EU or even the EEA, but in any country worldwide, especially in the USA. Due to the global reach of the activities performed by ERANEOS, your data might be transmitted to countries with a lower level of maturity and sensibility with regard to data protection guarantees and rules.

Every time we transfer personal information to countries outside the EU, EEA or Switzerland, under GDPR and Swiss data protection legislation, we have to ensure the presence of an adequate level of data protection on the recipient’s side. If a recipient is located in a country that according to the adequacy decision of the European Commission or an ordinance of the Swiss Federal Council, does not guarantee an adequate degree of data protection at statutory level, we apply the appropriate modules of the revised European Commission’s Standard Contractual Clauses (which can be accessed here), and perform a data transfer assessment to evaluate the data protection guarantees offered by the recipient, unless we can rely on an exception. An exception may for example apply in case of legal proceedings abroad, in case of overriding public interest, in case the performance of a contract requires disclosure, or if data has been made available generally by you and you have not objected against its processing.

6. Retention / deletion policies

We store the data only as long as we need it in order to fulfill the processing purposes, to follow legal retention terms or for the establishment, exercise or defense of legal claims. Our retention periods are based on business needs and all personal information that is no longer needed is either fully and irreversibly anonymized (and the anonymized information may be retained) or securely destroyed.

When the processing is based on your consent (opt-in), we delete your information timely after you withdraw your consent (opt-out).

7. Data security

We have taken appropriate technical and organizational measures designed to protect your personal data from unauthorized access, misuse, destruction, loss or alteration.

We restrict access to your personal information to those persons who need to use it for the relevant purpose(s).

Because the internet is an open system, the transmission of information via the internet is never completely secure. Although we will implement reasonable measures to protect your personal data, we cannot guarantee the security of the data transmitted to us using the internet (including email). We are not responsible or liable for the security of your data whilst in transit via the internet. Any such transmission is at your own risk, and you are responsible for ensuring that any personal data that you send to us is sent securely.

In the event of security or privacy affecting that personal data, we have in place solid incident response procedures, including appropriate reporting channels.

8. Your rights

According to the GDPR and the nFDAPD, EU and EEA residents enjoy a wide set of rights: the right to request from us access to and rectification or erasure of your personal data or restriction of the processing activities concerning your information, or, where applicable, the right to object to processing carried out by automated means and the right to data portability. In all cases where the processing is based on the consent we obtained by you, you also have the right to withdraw your consent at any time. Please note that withdrawing your consent does not affect the lawfulness of processing based on consent before its withdrawal.

Please find more information on your rights on the website of the European Commission.

You have, in any case, the right to lodge a complaint with your data protection authority.

For Switzerland: Federal Data Protection and Information Commissioner (

For the EU and EEA: Please find a list of authorities via the following link:

For California: California Privacy Protection Agency (

If you wish to exercise one or more of these rights, please contact our representative(s) (see section 1 above).

9. US Requirements

Certain US privacy laws, like the CCPA, requires specific disclosures and guarantees. These disclosures have been duly clarified in the paragraphs above.

We will never sell your personal data and do not ‘share’ your data under the meaning of the CCPA.

California residents have the right to designate an authorized agent to perform a request on their behalf. We will verify the identity of the agent and genuinity of the representation directly with you or by requesting a power of attorney.

10. Updates

We may update this Policy to reflect changes in our privacy practices or legislative developments. Please consult this page regularly to make sure you are aware of the most recent updates.
Last updated: 6 February 2024