With this privacy policy, we inform you about the processing of personal data in connection with our activities and operations, including our website under the domain name www.nordel-invest.com. In particular, we inform you about the purpose, manner, and location of the personal data we process. We also inform you about the rights of individuals whose data we process.

For individual or additional activities and operations, we may publish further privacy policies or other data protection information.

We are subject to Swiss law as well as, where applicable, foreign law, in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR).

The European Commission recognised with its decision of 26 July 2000 that Swiss data protection law ensures an adequate level of data protection. With its report of 15 January 2024, the European Commission confirmed this adequacy decision.

Table of Contents

1. Contact Addresses

Untermüli 9,
6300 Zug
Switzerland

investor.relations@nordel-invest.com

In individual cases, third parties may be responsible for the processing of personal data, or there may be joint responsibility with third parties. We will be happy to provide information about the respective responsibility upon request.

2. Definitions and Legal Bases

2.1 Definitions

Data subject: A natural person about whom we process personal data.

Personal data: All information relating to an identified or identifiable natural person.

Special categories of personal data: Data on trade union, political, religious, or philosophical views and activities; data on health, the private sphere, or membership of a race or ethnic group; genetic data; biometric data that uniquely identify a natural person; data on criminal or administrative sanctions or prosecutions; and data on social assistance measures.

Processing: Any handling of personal data, regardless of the means and procedures used, such as querying, comparing, adapting, archiving, storing, reading, disclosing, obtaining, collecting, deleting, disclosing, organising, storing, modifying, disseminating, linking, destroying, and using personal data.

European Economic Area (EEA): Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.

2.2 Legal Bases

We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).

Where and insofar as the General Data Protection Regulation (GDPR) applies, we process personal data in accordance with at least one of the following legal bases:

  • Art. 6(1)(b) GDPR for the processing of personal data necessary for the performance of a contract with the data subject and for the implementation of pre-contractual measures.
  • Art. 6(1)(f) GDPR for the processing of personal data necessary to protect the legitimate interests—including those of third parties—unless the fundamental freedoms and rights and interests of the data subject override these interests. Such interests include, in particular, the permanent, user-friendly, secure, and reliable exercise of our activities and operations, ensuring information security, protection against misuse, enforcement of our own legal claims, and compliance with Swiss law.
  • Art. 6(1)(c) GDPR for the processing of personal data necessary to fulfil a legal obligation to which we are subject under the applicable law of Member States in the European Economic Area (EEA).
  • Art. 6(1)(e) GDPR for the processing of personal data necessary for the performance of a task carried out in the public interest.
  • Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6(1)(d) GDPR for the processing of personal data necessary to protect the vital interests of the data subject or of another natural person.
  • Art. 9(2) GDPR for the processing of special categories of personal data, in particular with the consent of the data subjects.

The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data and the processing of special categories of personal data as the processing of special categories of personal data (Art. 9 GDPR).

3. Nature, Scope, and Purpose of Personal Data Processing

We process personal data that is necessary to enable us to carry out our activities and operations permanently, in a user-friendly, secure, and reliable manner. The personal data processed may include, in particular, browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data. The personal data may also constitute special categories of personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, provided that such processing is permissible.

We process personal data, where necessary, with the consent of the data subjects. In many cases, we can process personal data without consent, for example to fulfil legal obligations or to protect overriding interests. We may also ask data subjects for their consent when their consent is not required.

We process personal data for the duration necessary for the respective purpose. We anonymise or delete personal data, in particular depending on statutory retention and limitation periods.

4. Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties may include, for example, specialised providers whose services we use.

In the course of our activities and operations, we may disclose personal data in particular to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and economic information agencies, logistics and shipping companies, marketing and advertising agencies, media, parent, sister, and subsidiary companies, organisations and associations, social institutions, telecommunications companies, insurers, and payment service providers.

5. Communication

We process personal data in order to be able to communicate with individuals as well as with authorities, organisations, and companies. In doing so, we process in particular data that a data subject transmits to us when making contact, for example by post or email. We may store such data in an address book or with comparable tools.

Third parties who transmit data about other persons to us are obliged to ensure the data protection of such data subjects themselves. They must in particular ensure that such data is accurate and may be transmitted.

6. Data Security

We take appropriate technical and organisational measures to ensure data security appropriate to the respective risk. With our measures, we ensure in particular the confidentiality, availability, traceability, and integrity of the personal data processed, without being able to guarantee absolute data security.

Access to our website and our other digital presence is via transport encryption (SSL / TLS, in particular with Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers warn against visiting a website without transport encryption.

Our digital communication—like all digital communication—is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence on the corresponding processing of personal data by intelligence services, police authorities, and other security authorities. We also cannot exclude the possibility that a data subject may be specifically monitored.

7. Personal Data Abroad

We process personal data primarily in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular to process it there or have it processed there.

We may export personal data to all states on earth and elsewhere in the universe, provided that the law there ensures adequate data protection in accordance with the decision of the Swiss Federal Council and—where and insofar as the General Data Protection Regulation (GDPR) applies—also in accordance with the decision of the European Commission.

We may transfer personal data to countries whose law does not ensure adequate data protection, provided that data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or with other suitable guarantees. Exceptionally, we may export personal data to countries without adequate or appropriate data protection if the special data protection requirements are met, for example the explicit consent of the data subjects or a direct connection with the conclusion or performance of a contract. We will be happy to provide data subjects with information about any guarantees upon request or provide a copy of any guarantees.

8. Rights of Data Subjects

8.1 Data Protection Claims

We grant data subjects all claims in accordance with the applicable law. Data subjects have in particular the following rights:

  • Information: Data subjects may request information as to whether we process personal data about them and, if so, what personal data is involved. Data subjects also receive the information necessary to assert their data protection claims and to ensure transparency. This includes the personal data as such, but also, among other things, information on the purpose of processing, the duration of storage, any disclosure or export of data to other countries, and the origin of the personal data.
  • Correction and restriction: Data subjects may have incorrect personal data corrected, incomplete data completed, and the processing of their data restricted.
  • Opportunity to express their own position and human review: Data subjects may express their own position and request human review in the case of decisions based solely on automated processing of personal data and which have legal consequences for them or significantly affect them (automated individual decisions).
  • Deletion and objection: Data subjects may have personal data deleted („right to be forgotten“) and object to the processing of their data for the future.
  • Data release and data transfer: Data subjects may request the release of personal data or the transfer of their data to another controller.

We may postpone, restrict, or refuse the exercise of data subjects‘ rights within the legally permissible framework. We may inform data subjects of any conditions to be fulfilled in order to exercise their data protection claims. For example, we may refuse to provide information with reference to confidentiality obligations, overriding interests, or the protection of other persons, in whole or in part. For example, we may also refuse to delete personal data, in particular with reference to statutory retention obligations, in whole or in part.

We may exceptionally charge a fee for the exercise of rights. We will inform data subjects in advance about any costs.

We are obliged to identify data subjects who request information or assert other rights with appropriate measures. Data subjects are obliged to cooperate.

8.2 Legal Protection

Data subjects have the right to enforce their data protection claims through legal channels or to lodge a complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities are organised as members of the European Data Protection Board (EDPB). In some Member States of the European Economic Area (EEA), the data protection supervisory authorities are structured federally, in particular in Germany.

9. Use of the Website

9.1 Cookies

We may use cookies. Cookies—both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies)—are data stored in the browser. Such stored data does not have to be limited to traditional cookies in text form.

Cookies can be stored in the browser temporarily as „session cookies“ or for a certain period of time as so-called permanent cookies. „Session cookies“ are automatically deleted when the browser is closed. Permanent cookies have a certain storage period. Cookies make it possible, among other things, to recognise a browser the next time it visits our website and thus, for example, to measure the reach of our website. However, permanent cookies can also be used for online marketing, for example.

Cookies can be deactivated, restricted, or deleted at any time in the browser settings. The browser settings often also allow for the automatic deletion and other management of cookies. Without cookies, our website may no longer be fully available. We request—at least where and insofar as required by applicable law—active explicit consent to the use of cookies.

9.2 Logging

For each access to our website and our other digital presence, we may log at least the following information, provided that it is transmitted to our digital infrastructure as standard during such access: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-pages of our website accessed including the amount of data transferred, last website accessed in the same browser window (referrer).

We log such information, which may also constitute personal data, in log files. The information is necessary to provide our digital presence permanently, in a user-friendly, secure, and reliable manner. The information is also necessary to ensure data security—including by third parties or with the help of third parties.

9.3 Tracking Pixels

We may integrate tracking pixels into our digital presence. Tracking pixels are also known as web beacons. Tracking pixels—including those from third parties whose services we use—are usually small, invisible images or scripts written in JavaScript that are automatically retrieved when accessing our digital presence. With tracking pixels, at least the same information as in log file logging can be recorded.

10. Third-Party Services

We use services from specialised third parties to carry out our activities and operations in a permanent, user-friendly, secure, and reliable manner. With such services, we can, among other things, embed functions and content into our website. When embedding, the services used necessarily collect the IP addresses of users at least temporarily for technical reasons.

For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data in connection with our activities and operations in an aggregated, anonymised, or pseudonymised manner. This may include, for example, performance or usage data in order to be able to offer the respective service.

Digital Infrastructure

We use services from specialised third parties to be able to use the required digital infrastructure in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.

In particular, we use:

11. Final Notes on the Privacy Policy

We may update this privacy policy at any time. We will inform you about updates in an appropriate manner, in particular by publishing the current privacy policy on our website.