Privacy Information Notice

On the processing of personal data in the context of due diligence processes

deugro group is committed to protecting your privacy and complying with applicable data protection laws. This Privacy Information Notice has been drafted in light of the EU and UK General Data Protection Regulation (“GDPR”) and Swiss Federal Data Protection Act (“FADP”) and it provides information on the processing of your Personal Data that we may collect and use as part of deugro group’s third party’s anti-corruption, anti-bribery and Know Your Client due diligence processes in accordance with related compliance requirements, such as the UK Bribery Act 2010 and the Foreign Corrupt Practices Act (hereinafter “Due Diligence”), as described within our System Procedures.

The Due Diligence process is one of the key elements of deugro-group’s Anti-Corruption Compliance Program and is aimed at verifying that any third party intending to enter into a contractual relationship with a deugro-group company complies with the ethical and anti-corruption principles established by us as part, and at signaling the existence of potential risks factors which must be taken into consideration (hereinafter “Red Flags”).

This Information Notice is supplemental to and it should be read together with our Website Privacy Policy.

Who we are

DEHOCO AG, (Huobsstrasse 3, 8808, Pfaeffikon, Switzerland), hereinafter referred to as “Company” or “we”, part of the deugro group of companies, is the controller of your personal data processed for Due Diligence.

How to contact us

If you have any questions about how we use your personal data or this Privacy Policy in general, please contact us at dpo@deugro-group.com. You can also write to us:

ATTN: Compliance – Data Protection
DEHOCO AG
Huobsstrasse 3
8808, Pfaeffikon, Switzerland

If we are unable to resolve your concerns, you also have the right to contact your local data protection authority.

What Personal Data We May Collect

“Personal Data” refers to any information that may be used, alone or in combination with other information, to identify you.

The Personal Data we collect and process may include Data (i) requested within our Due Diligence questionnaires and (ii) acquired autonomously by us through the consultation of information present in publicly available databases, sanctions and watch lists, the internet, media news sources and other databases of corporate information (like official corporate registries) in order to verify the presence of possible Red Flags.

The Personal Data mentioned above may include information like: your name and surname, aliases, gender, citizenship, date and/or place of birth, personal identification number, your location details (e.g., domicile, residences), e-mail address, tax identification number. We may also process information about explicit sanctions imposed on you by federal governments, national public authorities and/or (financial) institutions; your political affiliation(s); your ownership in certain companies (i.e., percentage of shares).

We may ask you to provide information, including Personal Data such as mentioned above about owners, shareholders, directors, officers, or agents of the company you represent. You must ensure that you notify in advance the third parties whose personal data you provide to us (i.e., before sharing their personal data with us), by showing them this Information Notice, explaining that their personal data shall be processed in accordance with this Information Notice and obtain their consent, where appropriate.

If the above-mentioned Data is not provided by you at our request or is not collected autonomously by us, the Due Diligence cannot be carried out for the potential establishment of business relations with deugro group companies.

How We Use Your Personal Data

Your Data will be processed, without the need of your consent, in cases where it is necessary for us to pursue our legitimate interest for fraud prevention and specifically, the prevention of corruption offenses that could expose us to serious reputational risks, as well as to sanctions deriving from the failure to comply with anti-bribery and corruption regulations to which we are subject – Foreign Corrupt Practices Act, UK Bribery Act, national Anti-Corruption laws in areas we operate. Such data processing will be carried out by us in compliance with the principles of purpose limitation, data minimization, integrity and confidentiality.

In addition, your Data may be processed whenever it is necessary in order to ascertain, exercise or defend our rights.

Sharing of Your Personal Data with Third Parties

For the purposes described above, your Personal Data will be processed by personnel appointed by us and may be shared with:

Other deugro-group entities

We may share your Personal Data with other companies belonging to the deugro-group who may use your Personal Data for the execution of processing operations having purposes and in a manner consistent with the information set out above.

deugro group companies may disclose your personal data to third parties (such as service providers, agents and public authorities and institutions) if this is necessary for deugro group to lawfully carry out its business activities in accordance with the above purposes and as required and permitted by applicable law.

Service providers

We may disclose your Personal Data to companies and professional advisors that provide services to us and our group companies, such as legal services, consultant services, auditing activities, certification activities, companies specialized in forensic activities.

Our service providers are required to keep your Personal Data confidential and are not permitted to use it for any other purpose than to carry out the services they are performing for us.

Third parties, where required by law

We may disclose your personal data to third parties if it is necessary to comply with a legal obligation or the decision of a judicial authority, authority or government body, or if the disclosure is necessary for national security, law enforcement or other matters of significant public interest.

Business partners

We may disclose your Personal Data to our business partners (clients) within their auditing proceedings on our Company and deugro-group affiliates, based on the contractual provisions or as required by law.

International Transfers of Your Personal Data

When we share your Personal Data with our affiliated companies or other companies with whom we contract (as described in the section above on Sharing of Your Personal Data with Third Parties), such companies may be located outside the European Economic Area (“EEA”), the UK, Switzerland or your country of residence, as applicable, in countries with different laws for protection of Personal Data than the laws in your country of residence.

If we transfer your Personal Data outside the EEA, Switzerland or your country of residence, as applicable, we will take steps to ensure that such data will receive the same level of protection as if it was being processed within the EEA, Switzerland or your country of residence, as applicable. For example, we include Standard Contractual Clauses adopted by the European Commission in our contracts with third parties or our group companies to ensure there are safeguards in place to protect your Personal Data. Please contact us using the details in “How to contact us” for more information about the specific measures we have taken.

How Long Do We Keep Your Personal Data

We will only keep your Personal Data for the time necessary to achieve the purposes set out in this Information Notice, and will subsequently be deleted. Your Personal Data may be retained for a longer period in the event of any litigation, requests from relevant authorities or pursuant to applicable legislation.

How Do We Keep Your Personal Data Secure

We will take reasonable precautions to protect your personal data against loss, misuse, or alteration. Among other measures, we ensure the security of your Personal Data by means of encryption, password protection and by otherwise restricting access to it.

Your Rights for Your Personal Data

You have the following rights with respect to your Personal Data that we process, subject to conditions set out in the applicable laws:

to request access to your Personal Data (commonly known as a “data subject access request”) and to certain additional information about our processing of your Personal Data that this Information Notice is designed to address;
to request the correction of any inaccurate or incomplete Personal Data;
to request the erasure of your Personal Data in presence of one of the grounds referred to in Article 17 of the GDPR;
to request the restriction of the processing of your Personal Data in cases required by applicable law, and specifically Article 18 of the GDPR;
to object to our processing of your Personal Data;
to withdraw any consent you have given;
under certain circumstances to demand data portability;
to lodge a complaint with your local data protection supervisory authority; please see our Website Privacy Policy for more information on Supervisory Authorities.
to contest certain automated decisions we make about you that have legal or otherwise similarly-significant consequences. We do not carry out such automated decision-making but, if we do, we will make it clear where such decisions are being made.

To exercise your rights, please contact us using the contact details listed in the section “How to Contact Us”.

Changes to the Privacy Policy

This Information Notice was last updated on December 5, 2023. We may change and update this Information Notice from time to time. Any changes will be posted on this page. We encourage you to contact us for questions related to how we process your personal data.