If you want to read our updated privacy notice in a different language, please select the one below.
This Privacy Notice sets out
how we collect, use, process and store your personal data, and what are your
rights regarding your personal data and is accessible on our website
https://lynxcapinvestments.com/de/privacy-notice/. Any future changes to the Privacy Notice will be posted there as well.
1. Who is the controller of your personal data
The data controller in respect of your personal data is LynxCap Investments AG,
Lüssihofweg 4, 6300 Zug, Switzerland. In this Privacy Notice, we will refer to
this company as "
LynxCap". Apart from LynxCap, other companies
within our group may also process your personal data - see Section 4.2 of this
Privacy Notice.
The representative of LynxCap in the European Union (EU) is LynxCap Services
S.à r.l., 34, rue du Curé, 1368 Luxembourg, Grand Duchy of Luxembourg, ID
number: B268389, email:
eu.representative@lynxcapinvestments.com. In this Privacy Notice, we
will refer to this company as "
EU representative".
For any questions or concerns regarding your personal data collected and
processed by us, or if you wish to use any of your rights in relation to your
personal data (we describe these in Section 7 of this Privacy Notice), you may
contact either:
2. Personal data we collect about you and how we obtain them
We obtain your personal data either from you directly or from other sources, as
further explained in this Section. We explain why we collect your personal data
in Section 3 below.
2.1. Personal data you share with us
You may provide us with your personal data yourself, for example when you
contact us in any way, either by telephone, email or by regular mail, and when
you talk to our staff in person or fill in forms intended for us or when you
create and log in to your account on our website. While it will be up to you to
decide which exact personal data to share in such case, these will typically be
in relation to a contract you have with us or another company within our group,
and may include contact, financial or educational data, or data related to your
employment or assets you own. Such personal data may be of similar types as
those listed in Section 2.2 below.
During your visit, a banner appears at the bottom of the screen informing
you of the use of cookies when browsing our website. A cookie is a small piece
of data or message that is sent from an organisation's web server to your web
browser and stored on the hard drive of your device (computer, tablet, mobile,
etc.). We use cookies to ensure smooth and optimal navigation on our website.
To learn more about cookies, please see our Cookie Notice.
2.2. Personal data we receive from other source
We also receive your personal data from other sources, such as:
- our business
partners with whom you had a business relationship in the past and who
transferred your personal data (collected under contract or because you
have consented for them to do so for a specific purpose) to us; for
example, if you took out a loan or entered into a leasing agreement with a
bank or a leasing company, we received your personal data when we acquired
such loan or leasing agreement from the bank or the leasing company;
- companies within our group, which provide us
with information they obtain, including personal data, while managing specific
assets which they own (for example a loan receivable owed by you);
- other third parties,
including, for example, courts, regulators and other public authorities,
business partners, sub-contractors in technical, payment and delivery
services, analytics providers, search information providers, credit
reference agencies, and background checking agencies; we may receive your
personal data from them as part of the service they perform for us, or for
legal reasons;
- publicly available
sources such as the court and business register, land register, internet
and other media.
Types of personal data we collect about you in this way include:
- your personal details (name, address, date, place
of birth, nationality, personal ID, gender, occupation, education, marital
status, employment status, income, family income, income description,
number of children, phone number, email and other contact details, etc.);
- authentication data (for example specimen
signature);
- data related to the fulfilment of your
contractual obligations (for example turnover data in payment transactions
and data on your payments under the contract you have with us or with
another company within our group);
- information about your financial status (for
example, creditworthiness data, scoring or rating data, source of wealth, origin
of funds, personal bank account information, etc.);
- data from public registers and courts, for
example, data on your real estate ownership from the land register or
ownership of shares in companies from the business register or central
clearing corporation, data as to whether you are a party in civil, enforcement
or insolvency proceedings;
- data related to your profession: occupational
activity, spouse or partner’s activity (if any), PEP duty(ies) if
applicable;
- information from your electronic communication
with us (for example emails, letters, etc.);
- data created by our processing of your personal
data listed here.
3. Why we collect and process your personal data and what is the legal basis
for doing so
This table summarizes why we collect and process your personal data and what
legal basis (reasons) we have to do so. Information in this table applies to
personal data collected from you directly (see Section 2.1 above) as well as to
personal data that we obtain from other sources (see Section 2.2 above).
Purpose of collection
and processing (why we collect and process)
|
Legal bases (our reasons)
|
We need your personal
data to continue the business relationship you have with us or other
companies within our group, to exercise rights under contracts we or other
companies within our group have with you and to manage and coordinate our
activities in this respect; for example, we need your personal details to
contact you to agree on a payment plan, to follow up on your compliance with
the plan, or to pursue legal action for debt collection if this is necessary,
to assess and process your investment, transactions requests and other share
or interest dealings; likewise, we need your financial information and data
on asset ownership to develop a payment plan appropriate for your situation
and to assess your credit score.
|
- processing is
necessary for performance of a contract you are a party to
- processing is
necessary for our legitimate interest:
- being in the
investment business, it is our commercial interest to collect on the
claims owned by us or other companies within our group, for which we
need to be able to contact you or pursue legal action;
- to do our
business efficiently, we need to organize our activities around certain
criteria, which will often be based on personal data of debtors.
|
Sometimes we or other
companies within our group need to process (in particular transmit and store)
personal data to act in accordance with the law; this may for example be necessary
under anti-money laundering rules or consumer credit regulation.
|
- Processing is
necessary for the fulfilment of our legal obligations.
|
We or other companies
within our group need to analyse personal data to prevent debtor fraud and to
implement fraud prevention; for example, we may obtain personal data from a
background checking agency to verify whether our existing information is
correct.
|
- processing is
necessary for our legitimate interest: it is in our commercial
interest to safeguard against fraud.
|
We also collect your
personal data in order to maintain our IT infrastructure, information systems
and website and to ensure physical security of the people, items and
confidential information located in or accessible from our premises
|
- processing is
necessary for our legitimate interest: it is our interest to
protect our infrastructure and data bases
|
We will only use your personal
data for the purposes for which we collected it and which we informed you
about, unless we reasonably consider that we need to use it for another reason
which is compatible with the original purpose. If we need to use your personal
data for an unrelated purpose, we will notify you and we will explain the legal
basis which allows us to do so.
4. Who we share your personal data with
Within LynxCap, your personal data is processed mainly by our departments and
employees responsible for managing contractual relationships and ensuring we
comply with the law, for example case handlers in charge of your case, credit
boards and committees, business analysists, accounting department, legal
department, compliance department and internal auditors.
When and only to the extent
this is needed for purposes we described in Section 3 of this Privacy Notice,
we share your personal data outside of LynxCap, with other companies in our
group or with third parties. In any case, we only share personal data with
companies or third parties based in European Union / European Economic Area or
Switzerland (see also Section 5 below). Here, we list with whom we share your
personal data in this way:
- companies within our group;
- service providers, agents, subcontractors and
other companies whose activities are connected to debt collection;
- courts, regulatory agencies and any other public
authorities;
- fraud
prevention agencies;
- cloud
storage providers;
- banking and financial services providers that
help us finance our business;
- credit reference agencies for assessing your
credit score;
- generally, all companies and organizations from
whom we obtain your personal data, as listed in Section 2.2 of this
Privacy Notice; among these, we only share personal data with companies
and organizations based in European Union / European Economic Area or
Switzerland (see also Section 5 below);
- if assets of LynxCap (or one or more companies
within the same group) would be acquired by a third party, your personal
data held by LynxCap or such company that relates to any such asset will
transfer to the acquirer.
In addition, we may, from time
to time, provide third parties with data that has been aggregated or
anonymized. This means that your personal data that could be used to identify
you have been removed from such aggregated or anonymized data. Data provided to
third parties in this way is not personal data.
5. Where we store your personal data and where do we transfer it
We store and process your personal data on locations inside European Union /
European Economic Area and Switzerland.
European Commission has recognized Switzerland as a country with adequate level
of protection of personal data, and issued so called adequacy decision in this
respect.
You can take a look at the adequacy decision on this link:
At the moment, information on
this topic is generally available on the website of the European Commission (
https://ec.europa.eu/info/index_en) under "Policies,
information and services" tab, in the "Law / Law by topic / Data
protection / Data transfers outside the EU" sub-section. Please note that
the European Commission may change the online location of these information in
the future.
Also, we undertake to
implement appropriate technical and organizational measures to ensure the
security of the personal data. This includes protecting the data against a
breach of security leading to accidental or unlawful destruction, loss,
alteration, unauthorized disclosure, or access to the data (personal data
breach). In assessing the appropriate level of security, we take due account of
the state of the art, the costs of implementation, the nature, scope, context
and purposes of processing and the risks involved for the data subjects.
6. How long will we keep your personal data
Due to the nature of our business and contractual relationships we or other
companies from our group have with you, we cannot state precisely for how long
we will keep your personal data. This period will be dependent on several
factors, such as the duration of the contract concluded with you, statutory or
contractual limitation period in respect of certain rights and obligation
stipulated in the contract with you and compliance and regulatory requirements
imposed to us by law. However, in any case we retain your personal data only
for as long as is necessary for the purpose for which we obtained them. We list
some examples of how we decide on how long to keep your personal data below.
6.1. Personal data used to perform a contract
In relation to your personal data used to perform any contractual rights and/or
obligations with you, we may retain that personal data whilst the contract
remains in force and until you or we (or another company from our group)
completely fulfill their obligations, allowing for reasonable time after that
for updating of our records.
6.2. Personal data needed for legal proceedings
In relation to any personal data where we reasonably believe it will be
necessary to defend, prosecute and/or make a claim against you, us or a third
party, we may retain that personal data for as long as the claim could be
pursued under the applicable law or otherwise needed in such legal proceedings.
6.3. Personal data used for compliance requirements
In relation to any personal data used to comply with anti-money laundering,
anti-terrorism financing, tax, audit or similar data retention requirements, we
shall not store and use such personal data longer than we are required to do so
under the specific retention requirement.
7. Your rights
Below is the summary of rights that you have under law, and what LynxCap does
to protect those rights. You may contact our Data Protection Officer at
dpo@lynxcapinvestments.com (or our EU representative at
eu.representative@lynxcapinvestments.com) if you wish to know more or
to use any of these rights.
7.1. The right to access your personal data
You have the right to
- obtain from LynxCap confirmation as to whether or
not personal data concerning you are being processed; and
- access your personal data by receiving a copy
thereof.
Please contact our Data
Protection Officer at
dpo@lynxcapinvestments.com or our EU representative at
eu.representative@lynxcapinvestments.com if you wish to access your personal data held by LynxCap.
7.2. The right to correction (rectification)
If the personal data LynxCap holds about you are inaccurate or not complete,
you have the right to ask us to correct them. If that personal data has been
passed to a third party, we will ask them to correct the data, unless this is
impossible or requires disproportionate effort on our part. We will tell you to
which third parties your personal data has been passed if you ask us to. We may
need to verify the accuracy of the new data you provide to us. Please contact
our Data Protection Officer at
dpo@lynxcapinvestments.com or our EU representative at
eu.representative@lynxcapinvestments.com if you need us to correct your personal data.
7.3. The right to erasure
This is sometimes called ‘the right to be forgotten’. You can ask us to erase
all your personal data held by us and we will do so in these cases:
- your personal data are no longer necessary for
the purposes we processed or collected them for;
- if you withdraw your consent to process your
personal data – but only in cases where we have no other legal basis to do
so apart from your consent;
- if you object to the processing of your personal
data and there are no overriding legitimate grounds for the processing
(see right to object in Section 7.6 of this Privacy Notice);
- it turns out your personal data have been
unlawfully processed;
- your personal data must be erased because the law
requires us to.
Note that we may not erase
your personal data even if you request us to in some cases, in particular when
their processing is necessary for us to comply with the law (e.g. where we are
legally required to keep the data) and for establishment, exercise and defence
of legal claims. Please contact our Data Protection Officer at
dpo@lynxcapinvestments.com or our EU representative at
eu.representative@lynxcapinvestments.comif you wish to request the erasure of your personal data held by LynxCap.
7.4. The right to restrict processing
You have the right to ask LynxCap to restrict how we process your personal
data. This means that we are permitted to store your personal data but not
further process it. We will restrict processing of your personal data in the
following cases:
- if you want us to establish the data's accuracy;
we will restrict processing for the time needed to establish accuracy;
- where our use of the data is unlawful but you do
not want us to erase it;
- where you need us to hold the data even if we no
longer require it as you need it to establish, exercise or defend legal
claims; or
- you have objected to our use of your data but we
need to verify whether we have overriding legitimate grounds to use it
(see Section 7.6 of this Privacy Notice on your right to object); we will
restrict processing for the time needed for such verification;
When we restrict processing
only temporarily (first and last case above), we will let you know when the
restriction is lifted. Note that we are permitted to process your personal data
in certain cases even if the processing is restricted, for example for
establishment, exercise or defence of legal claims, protection of rights of
other persons or for reasons of important public interest. If you want to
request us to restrict processing of your personal data, please contact our
Data Protection Officer at
dpo@lynxcapinvestments.com or our EU representative at
eu.representative@lynxcapinvestments.com.
7.5. The right to data portability
You can ask us to send you your personal data which you have provided to us
yourself (see Section 2.1 of this Privacy Notice) in structured, commonly used
and machine-readable format (this means that the data can be easily understood
by a computer). You have the right to transfer such personal data to a
different company (data controller), or ask us to do so directly. We will send you such personal data
in case:
- we have been
processing your personal data because you gave us your consent to do so or
to perform a contract you have with LynxCap or another company within our
group; and
- we process your
personal data by automated means (this means for example that we cannot
give you your personal data in this form if we only have it in paper
files).
Please contact our Data
Protection Officer at
dpo@lynxcapinvestments.com or our EU representative at
eu.representative@lynxcapinvestments.com on more information on how to use this right.
7.6. The right to object
When the legal basis for us to process your personal data is our legitimate
interest, and you feel that because of your particular situation you no longer
wish us to do so, you can at any time object to further processing of your
personal data. In this case, we will stop processing your personal data. Note
however that we are still allowed to continue to process your personal data
even if you object, if our legitimate interests in a particular case outweigh
your interests, rights and freedoms (meaning that your rights are not affected
disproportionally, while it is important to us if we can continue processing),
as well as for the establishment, exercise or defence of legal claims. If you
object to the processing of your personal data, please contact our Data
Protection Officer at
dpo@lynxcapinvestments.com or our EU representative at
eu.representative@lynxcapinvestments.com.
7.7. The right to withdraw consent
If we process your personal data on the basis of your consent but you change
your mind later, you have the right to withdraw your consent at any time, and
LynxCap will stop processing your personal data. If you withdraw your consent,
our processing prior to your withdrawal will remain lawful. If you want to
withdraw your consent, please contact our Data Protection Officer at
dpo@lynxcapinvestments.com or our EU representative at
eu.representative@lynxcapinvestments.com.
7.8. The right to complain to a supervisory authority
You have the right to complain to a personal data protection supervisory
authority if you believe our processing of your personal data may be against
the law. You may complain either to a supervisory authority in the place of
your habitual residence (where you live most of the time), in the place where
you work or in the place where you believe infringement may have happened.
Depending on your choice, these supervisory authorities may be relevant to you
if you wish to complain: