Lilja & Co. (hereafter "the Company", "we", "us" or "our") is committed to protecting the privacy and security of the personal information that is provided to us or collected by us during the course of our business. We store and process personal information in accordance with the Swiss Data Protection Act and, as applicable, the EU General Data Protection Regulation (GDPR), the Swiss Data Protection Act (DPA) and the revised Swiss Data Protection (revDPA). However, the application of these laws depends on each individual case.
1. Who is responsible for your personal information?
We at Lilja & Co., Wiesenstrasse 8, 8008 Zurich, Switzerland, UID CHE-111.661.749, are the data controller with respect to your personal information provided to us or collected by us during the course of our business, meaning that we are responsible for deciding the ways in which and purposes for which personal information about you is processed. We may process your personal information ourselves or through others acting as data processors on our behalf.
2. Why and how we collect and use your personal information
We will only collect and use your personal information if and to the extent that applicable law allows. In this context, we collect and process your personal information as follows:
2.1 Business development and client and investor relationship management
As part of business development initiatives and our client and investor relationship management, we track and contact potential clients and investors and you may provide personal information to us in the course of your correspondence with us. In this case, we collect information about prospective clients and investors, their representatives and beneficial owners as well as other business contacts. The type of personal information we may collect includes name and contact details (such as your address, email address and telephone numbers), nationality, business interests and activities, financial standing, details of business relations or ownerships, the organisation of business (especially concerning capital markets and investments) and interactions with us. We may also generate personal information about you in connection with the correspondence, such as meeting records and business opinions.
We obtain this information directly from you, from other business contacts, or from publicly available open sources.
We may use your personal information to maintain and develop our business relationship with you, identify products or services you may be interested in, to pursue certain business development initiatives, send you publications and marketing communications and invite you to events.
If you no longer wish to receive emails relating to our products, services or events, you can unsubscribe at any time by contacting your Lilja & Co. contact.
Where we need to collect information required for our engagement and you fail to provide that information when requested, we may not be able to provide our products and services as requested by you.
2.2 Core business activities of the Company (capital raisings and corporate finance advice)
We collect personal information where it is necessary for the performance of a contract with you or the organisation you work for, and for our business acceptance process. In the course of our business activities, we collect and process personal information about clients and investors, related persons and other persons as well as their respective representatives and employees. The type of personal information that we may collect includes name and contact details (such as your address, email address and telephone numbers), nationality, business interests and activities, employment history and positions held as well as information of all kind from correspondence, contacts and interactions with us. We will also process information of all kind that is revealed to us in the course of our products and services or collected by us. We do not collect and process any special categories of sensitive data.
We collect personal information directly from you, from our clients or other persons to a matter and their respective representatives and employees. We may receive or collect personal information from third persons such as your employer, other organisations that you have dealings with or related to, regulators or government agencies. We may also collect personal information from publicly available sources.
We may use this information to provide our products and services to our clients, such as assisting businesses and funds on capital raisings in the private markets and providing corporate finance advice. Furthermore, we may use this information to run our firm's business (e.g. carry out administrative or operational processes), monitor and analyse our business or to improve our products and services.
If you or the organisation for which you are acting are a client and you fail to provide information that we require when requested, we may not be able to provide our products and services and continue our business relations.
2.3 Use of our website
We may collect, store and process certain personal information when you visit our website or if you contact us through our website, such as IP address, date and time of the enquiry, time zone difference to Greenwich Mean Time (GMT), content of the enquiry (specific page), access status/HTTP status code, volume of data transferred, website the enquiry is made from, browser (e.g. Google Chrome, Firefox, Microsoft Edge), operating system and interface (e.g. Windows 10), language and version of the browser software. We may process this data based on our legitimate interest, to make it technically possible for us to show you our website and to ensure stability and security.
Cookies are small text files that are placed in browser directories on your computer or mobile device when you visit our website. Our website uses session cookies and persistent cookies. Session cookies enable you to move from page to page within the website and any information you enter to be remembered. A session cookie is deleted when you close your browser or after a short time. Persistent cookies allow the website to remember your preferences and settings when you visit the website in the future. Persistent cookies expire after a set period of time.
- Social plugin: We use a plugin for the social network LinkedIn, which you can recognise by the logo which is placed on our website. If you interact with this social network, the relevant information will be forwarded, and your visit recognised by LinkedIn.
If you apply for a job or a recruiting event at the Company, you may need to provide personal information including special categories of personal information, such as health data to the extent it would be necessary for the job you are applying for and permitted under applicable data protection law. With your application you expressly consent to our use of this information. We will use this information to consider your application. We may also use this information to carry out checks to verify the information you provided (including references, background, identity, suitability, excerpts from the debt enforcements register and criminal record checks).
Where we need to collect information required for your employment and you fail to provide that information when requested, we may not be able to further consider your employment.
2.5 Other contacts and processing purposes
Further, we collect and process personal information about you if doing such is necessary with a legal obligation, such as certain storage and information retention duties, or if you have given your consent (where necessary) to such use or the organisation you work for has obtained your consent (where necessary) to share your information with us. We also may collect and process personal information about you if you offer or provide products or services to us, if we evaluate your products or services, and generally when you request information from us, provide information to us or contact us.
We also may process your information if we or a third party have a legitimate interest which is not overridden by your interests or your rights and freedoms.
3. How and why we may share your personal information
We may share your personal information collected in the course of providing our products and services with certain third persons (such as partners and advisors, authorities, third-party providers of CRM solutions and other persons) in Switzerland, the EU or other countries if required or useful for providing our products and services. Further, we may share your personal information with third persons where:
- you have consented to us doing so (where necessary) or the organisation that you work for has obtained your consent for us to do so (where necessary);
- we are under a legal, regulatory or professional obligation to do so (for example, to comply with anti-money laundering or sanctions requirements); or
- it is necessary in connection with legal proceedings or in order to exercise or defend legal rights.
We use third parties who provide products and services on our behalf and may share your information with them, for example banks, insurance companies or technology suppliers who may have access to your personal information when providing software support.
If we share your personal information with third parties domiciled outside of Switzerland, we only do so if such country provides an adequate level of data protection or based on other measures required for the transfer of personal information abroad according to applicable data protection law.
4. How we protect your personal information
We have put in place appropriate security measures to hold your personal information securely in electronic and physical form, to protect it from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss. Our premises are access controlled and surveyed by video recording where required and our electronic databases require logins and password authentication.
Our employees and third-party service providers who have access to confidential information (including personal information) are subject to confidentiality obligations.
5. How long we keep your personal data
We will retain your personal information for as long as is necessary for the purpose for which it was collected. We will further retain your personal information to comply with legal and regulatory obligations, for as long as claims could be brought against us and for as long as legitimate interest, including data security, requires.
6. Your rights
In relation to the processing of your personal information you have rights that you can exercise under certain circumstances. These rights are to:
- request access to your personal information and certain information in relation to its processing;
- request rectification of your personal information;
- request the erasure of your personal information;
- request that we restrict the processing of your personal information; and
- object to the processing of your personal information, in particular for direct marketing purposes, for profiling carried out of direct marketing purposes and for other legitimate interests.
If you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.
We may refuse to provide access if the relevant data protection legislation or other legislation allows or obliges us to do so, in which case we will provide reasons for our decision as required by the law.
If you would like to exercise these rights, please contact us in writing by email to: firstname.lastname@example.org or by letter to:
Lilja & Co. AG
You will not, in general, have to pay a fee to exercise any of your individual rights. However, we may charge a fee for access to your personal information if the relevant data protection legislation allows us to do so, in which case we will inform you as required by the law.
If you feel we have not handled your query or concern to your satisfaction you can contact the competent data protection authority in Switzerland, the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).