“Personal Data” means all details and information relating to an identified or identifiable natural person.
We process Personal Data in accordance with the requirements of the Swiss Federal Data Protection Act (hereinafter “FDPA“) and, if and to the extent applicable, in accordance with the EU General Data Protection Regulation (hereinafter “GDPR“) and local data protection laws. Where we deem it appropriate, we may provide you with additional privacy policies.
The contact person for any queries You may have regarding data protection is:
Bright Peak Therapeutics AG
Attn: Jeremy Beauchamp
Please contact us at the above addresses with any questions regarding data protection at Bright Peak.
2. Data origin and data categories
We primarily process Personal Data that we receive or collect from our guests, customers (including their employees, shareholders, directors, etc.), website visitors, service providers, banks and other business partners in the course of our business activities. In addition, we may also process Personal Data that we have obtained from publicly accessible sources (e.g. websites or public registers such as the commercial register, etc.). Finally, we may also have received Your Personal Data from family members of Yours, from business partners of ours, from official agencies and authorities or from other third parties.
The Personal Data we process includes, as the case may be, in particular name and contact details (e.g. address, telephone number and e-mail address), identification and background information (e.g. passport number, ID-number, language, date of birth, nationality, gender, religious denomination), license plate, political data, job title and business relationship, country of residence, geographic location, origin-related data, family situation (e.g. marital status, number of children), data on criminal proceedings, financial information for payment purposes (e.g. bank account details, credit card details), economic data (e.g. financial assets, origin of funds), investment related information (e.g. investment profile, risk profile, suitability test, asset allocation, investments), transaction data (e.g. payment instructions, investment instructions), information about the use of our websites and information of any kind from correspondence, contacts and interactions (e.g. photographs, videos and voice recordings) with us.
3. Processing purpose and legal basis
3.1 In connection with our business activities
We process Your Personal Data primarily in order to provide our services in connection with our business activities. In particular, we process Your Personal Data for the following purposes:
− to communicate with You, in particular to provide You with information or to process Your requests. If You contact us by e-mail/contact form, You authorise us to reply to You via the same channel. Please note that unencrypted e-mails are transmitted via the open Internet, which is why it cannot be ruled out that they can be viewed, accessed and manipulated by third parties. Therefore, we ask You not to send us confidential information by e-mail. We exclude – as far as legally permissible – any liability which You may incur in particular as a result of faulty transmission, falsification of content or disruption of the network (interruptions, overloading, illegal interventions, blocking);
− to make our services and our websites available to You and to evaluate and improve them;
− to organise events and webinars and report them or make them available on our websites (e.g. in the form of texts, photographs, videos and voice recordings);
− for the conclusion, administration and performance of our contractual relationships;
− to maintain and manage the business relationship with You (incl. issuing invoices);
− to inform You of recent updates or to provide You with other information about our services;
− to promote services of ours;
− for statistical purposes;
− for IT and building security measures (such as access controls, visitor lists, network and mail scanners, telephone recordings) and risk control reasons;
− for the assertion of legal claims and defence in connection with legal disputes as well as proceedings before the authorities;
− to comply with our legal obligations nationally and internationally.
We process Your Personal Data for the purposes specified above, depending on the situation, in particular on the following legal bases:
− the processing of Personal Data is necessary for the performance of an agreement with You;
− You have given Your consent to the processing of the Personal Data relating to You;
− the processing of Personal Data is necessary for the fulfilment of a legal obligation;
− the processing is necessary to protect the vital interests of the data subject or another natural person; or
− we have a legitimate interest in processing the Personal Data.
3.2 When visiting our website
Each time a user accesses our website, our server collects a set of user information which is stored in the server’s log files. The information collected includes, but is not limited to, the IP address, the date and time of access, the time zone difference relative to GMT, the name and URL of the downloaded file, the website from which the access takes place, the browser used and the operating system used.
The use of this general information does not involve identification of a specific person. The collection of this information or data is technically necessary in order to display our websites to You and to guarantee its stability and security. This information is also collected in order to improve the website and to analyse its use. The legal basis for the temporary storage of the information and log files is our legitimate interest in being able to offer You our websites in sufficient quality and to continuously improve it.
3.3 Contact form and contact by e-mail and telephone
You can contact us by using the contact form or the e-mail addresses and telephone numbers provided on our website. The Personal Data You send us will be stored and processed by us for the purpose of processing Your request. The legal basis for this Personal Data processing is Your consent and our legitimate interest in processing Your request.
Our website may use so-called cookies or other technologies/tools such as pixels, tags or external services (hereinafter “Cookies” or “Tools“). Cookies are text files that are stored in or by the internet browser on the computer system or a mobile device of the user. The Cookie contains a characteristic string that allows the browser or mobile device to be identified unambiguously when the website or app is visited again.
3.4.1 Technically necessary Cookies
Technically necessary Cookies are necessary for the functioning of our website. Therefore, these Cookies cannot be deactivated in our systems. These Cookies usually record important actions, such as the number of requests made, the editing of Your privacy settings or when You fill out forms. Although You can block these Cookies in Your browser, some parts of our website may no longer function then.
The legal basis for the data processing when using technically necessary Cookies is our legitimate interest, which lies primarily in ensuring the functionality and improvement of our website.
3.4.2 Analytical and marketing Cookies
Analytical Cookies allow us to analyse visitor behaviour and traffic sources so that we can measure the performance of our website and improve the user experience. They help us to identify how popular which pages are and indicate how visitors move around our website. The information collected is aggregated and anonymous.
Marketing Cookies allow us to deliver advertising that is relevant to You. These Cookies may remember that You have visited our website and share this information with other companies, including other advertisers.
3.5 Google Analytics
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link http://tools.google.com/dlpage/gaoptout?hl=de.
For more information, please visit http://tools.google.com/dlpage/gaoptout?hl=de or http://www.google.com/intl/de/analytics/privacyoverview.html (general information about Google Analytics and data protection). Please note that on this website Google Analytics has been extended by the code “gat._anonymizeIp( );” to ensure anonymized collection of IP addresses (so-called IP masking).
3.6 Google Tag Manager
On our website, we may use Google Tag Manager from Google. Google Tag Manager is a solution that allows us to manage website tags through one interface. The Tool itself is a Cookie-free domain and, according to Google, does not collect any Personal Data. The Tool triggers other tags, which in turn may collect Personal Data. Google Tag Manager does not access this data. If a deactivation has been made at domain or Cookie level, this remains in place for all tracking tags implemented by Google Tag Manager. You can prevent the setting of tags at any time.
The legal basis for this is Your consent and our legitimate interests.
We can embed videos from the YouTube platform on our websites so that they can be played directly from our websites. The YouTube videos are all embedded in “extended data protection mode”, which means that no data about You as a user is transmitted to YouTube if You do not play the videos. Only when You play the videos will data about You be transmitted.
The legal basis for the processing of Your data is Your consent. Further information on the processing of Personal Data by Google Ireland Limited in connection with the playing of YouTube videos can be found at https://policies.google.com/privacy?hl=en&gl=de.
3.8 Google Maps
We may use the Google Maps plug-in from Google Ireland Limited or Google LLC, USA, on our website. If You use Google Maps on our website, information about the use of our website (incl. IP address) may be transmitted to a Google server in the USA and also stored on this server. We have no knowledge of the precise content of the data that are transmitted nor of their use by Google. However, the data about You as a user is only transmitted to Google if You activate the content of Google Maps on our website.
3.9 Social Media Plug-ins
We have no control over the data collected and data processing operations of the plug-in providers. These are subject to the respective privacy policies of the third-party providers. Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the privacy policies of these providers provided below.
You can submit Your application for a position with us by post or via the e-mail addresses provided on our websites. Your application documents and all Personal Data thereby disclosed to us will be treated in the strictest confidence, will not be disclosed to any third party and will only be processed for the purpose of processing Your application for employment with us. Unless You
have given consent which provides otherwise, Your application file will either be returned to You after the conclusion of the application process or will be deleted/destroyed, unless it is subject to a statutory retention requirement. The legal basis for the processing of Your data is Your consent, the performance of the contract with You and our legitimate interests.
4. Disclosure of Personal Data to recipients and abroad
4.1 Disclosure of Personal Data to recipients
− Providers to whom we have outsourced certain services (e.g. IT and hosting providers, payment service providers, debt collection service providers, risk management and compliance providers etc.);
− Service providers, subcontractors and other business partners;
− Banks and insurance companies;
− Tax advisors, auditors, lawyers, notaries and other external professional advisors of Bright Peak;
− National and foreign authorities, agencies and courts.
4.2 Disclosure of Personal Data abroad
Your Personal Data may be processed within Switzerland, the European Union or the European Economic Area (hereinafter “EU/EEA“) but may also be processed in and transferred to a country outside of Switzerland, EU or EEA, for example the USA.
If we transfer data to a country without adequate legal data protection, we ensure an adequate level of protection as provided for by law by using appropriate contracts (namely on the basis of the so-called standard contractual clauses of the European Commission) or we rely on the legal exceptions of consent, the performance of a contract, the establishment, exercise or enforcement of legal claims, overriding public interests, published Personal Data or because it is necessary to protect the integrity of the data subjects. We would like to point out that data transmitted abroad is no longer protected by Swiss law and foreign laws as well as official orders may require the disclosure of this data to authorities and other third parties.
5. Duration of storage
We process and store Your Personal Data only for as long as is necessary in accordance with the relevant purpose of processing or if there is another legal basis for doing so (e.g. statutory retention periods). We retain Personal Data that we hold on the basis of a contractual relationship with You for at least the duration of that contractual relationship and the statutory limitation periods for potential claims or based on contractual retention obligations. As soon as Your Personal Data are no longer required for the above-referenced purposes, they will be set inactive, deleted or anonymised as far as possible.
6. Your rights
Under the data protection law applicable to You and to the extent provided for, You have the right to information, rectification, erasure, the right to restrict data processing and otherwise to object to our data processing as well as to the handover of certain Personal Data for transfer to another location (so-called data portability). Please note, however, that we reserve the right to assert the statutory restrictions on our part, for example if we are obliged to retain or process certain data, if we have an overriding interest in this (to the extent we are entitled to rely on such interest) or if we need the data in order to assert claims. If this results in costs for You, we will inform You in advance.
If data processing is based on Your consent, after giving Your consent You may withdraw it at any time with future effect. However, this does not affect the lawfulness of the processing carried out on the basis of Your consent prior to Your withdrawal of consent.
In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority may vary depending on Your place of residence or the place where the alleged infringement of the applicable data protection law takes place.
7. Links to third party websites
Our Site may provide links to third party websites for your convenience and information. These websites are operated independently from Bright Peak. Linked websites may have their own privacy notices or policies, which we strongly suggest you review if you visit any linked websites. To the extent any linked websites you visit are not owned or controlled by Bright Peak, the latter is not responsible for the websites’ content, any use of the websites, or the privacy practices of the websites.
8. Data security
We take appropriate security measures in order to maintain the required security of your Personal Data and ensure its confidentiality, integrity and availability, and to protect it against unauthorized or unlawful processing, and to mitigate the risk of loss, accidental alteration, unauthorized disclosure or access.