Candidate Privacy Policy of Nextech Invest AG

Published August 2024

1. Purpose and Scope

To conduct our business, Nextech collects and uses information about individuals (“Personal Data”), including details about our current, former and prospective candidates for employment (“you”).

This Candidate Privacy Policy (“Privacy Policy”) outlines how the Nextech employing entity ( “Nextech” or “we”) processes Personal Data.

As part of our commitment to protect your Personal Data we aim to inform you transparently about:

  • Why and how Nextech collects, uses and stores your Personal Data;
  • The legal basis for the use of your Personal Data; and
  • Your rights concerning such processing and how to exercise them.

We primarily adhere to the legal provisions of the Swiss Federal Data Protection Act (FDAP) and the European Union’s General Data Protection Regulation (GDPR).

The current version of this Privacy Policy available on the website is applicable.

2. Basis for the processing of Personal Data

This Privacy Policy applies to all forms of use of Personal Data, including the acquisition, disclosure, storage, use, modification, transmission, archiving, and deletion of Personal Data (“processing”).

Nextech processes your Personal Data within the applicable legal framework. Depending on the purpose of the processing activity, the processing of your Personal Data may be based on one of the following grounds:

  • We have obtained your implied or explicit consent;
  • The processing is necessary to comply with legal or regulatory obligations;
  • The processing is necessary to safeguard the legitimate interests of Nextech or third parties (e.g. other involved individuals) or to protect overriding public interests.

If processing is necessary to protect a legitimate interest of Nextech or a third party, it must not outweigh your fundamental rights and freedoms.

2.1. Collection of Personal Data

We may collect basis identification information for prospective, current, and former job candidates, such as your name, title, position, professional history, experience and contact details.

If you actively apply for a role with Nextech, we will typically also collect:

  • Personal details and identification information (e.g. date of birth, nationality, gender, ID card, passport number and other national ID numbers as required, immigration status);
  • Physical and electronic address details (e.g. private email or postal address);
  • Education and employment information (e.g. remuneration at your current employer, employment dates with your current employer, interview performance evaluation);
  • Where relevant, behavioural information and information about personality traits to assess a candidate’s suitability;
  • Any other information submitted as part of your application.

Information you submit as part of your application must be true, accurate, complete, and not misleading. Any false or misleading statement or omissions made during the application process, may be sufficient cause to justify the rejection of your application.

If you accept a role with Nextech, we will also collect the following to conduct necessary background checks and create your record in the Nextech employee database:

  • Family information (e.g. marital status); and
  • Financial information (e.g. summary credit history, bank account details, tax-related information, and information required to undertake required checks for illicit activities).

In some cases, the Personal Data that we process will also include sensitive information according to art. 3 lit. c FADP (“Sensitive Personal Data”), e.g., information on criminal proceedings and sanctions. For the purposes of this Notice, the term Personal Data also includes Sensitive Personal Data.

The Personal Data is collected from information you directly provide (through resumes or curriculum vitae, or through interviews or other communications). In some cases, Nextech will also collect Personal Data indirectly from third parties, such as recruitment agencies that you used to apply to Nextech, background check providers, other administration services providers, or from publicly available sources such as business- and employment-orientated social networking services and job boards.

3. Purposes for which we process Personal Data

All data processing is only carried out for specific purposes, and we process only the Personal Data which is relevant to achieving those purposes. Specifically, we process Personal Data, within legal limitations, for the purposes of:

Recruiting and Application Handling:

  • To undertake recruitment activities, such as determining the suitability of a candidate’s qualifications, maintaining information on the status of your application;
  • To prepare for and enter a contractual employment relationship.

Staff Administration:

  • To manage our HR records and update the Nextech employee database (e.g. keeping your application data on file);
  • To communicate with you about any actual or potential job vacancy.

Onboarding:

  • To set up internal profiles and collect information required to complete the employee onboarding process;
  • To assist us in managing external providers involved in the onboarding process (e.g. insurance companies, pension funds).

Compliance and Risk Management:

  • To carry out background checks as part of the employee onboarding process, including checking for any existing or potential conflicts of interest or any other restrictions which may restrict or prevent a candidate’s employment with Nextech as well as to prevent crime, including fraud or criminal activity, misuses of our products or services, and ensure the security of our IT systems, architecture and networks;
  • To reply to any actual or potential proceedings, requests or the inquiries of a public or judicial authority.

Other purposes:

  • To provide information to other Nextech entities or third parties to benefit from cost-effective services, efficient solutions and subject-matter expertise (e.g. we may opt to use certain IT platforms offered by suppliers. We may also share Personal Data with another Nextech entity so that a team with the appropriate subject-matter expertise can provide advice or support);
  • To provide information to third parties to enable a transfer, merger or disposal to a potential buyer, and their advisers in connection with an actual or potential transfer, merger or disposal of part or all of Nextech’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it;
  • To exercise our duties and/or rights vis-à-vis you or third parties (e.g. if Nextech needs to obtain legal advice or provide Personal Data in connection with judicial proceedings);
  • To collect data to ensure the security of buildings, property and information located or stored on the premises, and prevent unauthorized physical access to secure premises (e.g. maintaining building access logs and CCTV system images).

4. Disclosure of Personal Data and Data Transfers Abroad

4.1. Within Nextech and the Nextech Group

We make Personal Data available to members of our personnel and within the Nextech Group for the purposes indicated above. Other companies of the Nextech Group may process your Personal Data on behalf and upon request of Nextech.

4.2. Outside Nextech and the Nextech Group

For the purposes indicated above, and to the extent permitted under applicable law, we may also transfer and disclose Personal Data to third parties outside Nextech and the Nextech Group, such as:

  • Third-party service providers, who are contractually bound to confidentiality, such as our IT system or hosting providers, cloud service providers, insurers, and consultants;
  • A potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of Nextech’s business or assets;
  • Authorities, e.g. regulators, enforcement or exchange bodies or courts or parties to proceedings where we are required to disclose information by applicable law or regulation or at their request, or to protect our legitimate interests.

We may disclose your Personal Data to third parties only if permitted by applicable data protection laws. Where Nextech or the Nextech Group transfer your data to third-party service providers processing data on Nextech’s behalf, we take steps to ensure they meet our data security standards, so that your Personal Data remains secure. Third-party service providers are thereby mandated to comply with a list of technical and organizational security measures, irrespective of their location.

4.3. Transfer of Personal Data to other countries

Your Personal Data will generally be stored in databases within Switzerland. However, in certain circumstances to the Personal Data transferred within or outside Nextech and the Nextech Group, may in some cases also be processed in countries outside Switzerland or the European Union (e.g. our subsidiary Nextech Ventures (U.S.) LLC, which is based in the United States). If we transfer your Personal Data to countries not considered to provide an adequate level of data protection, we use appropriate safeguards (e.g. standard contractual clauses adopted by the European Commission and recognized by the competent Data Protection Authority) or another statutory exemption provided by local applicable law.

5. Retention Periods

We will only retain your Personal Data for as long as necessary for the purposes for which it was collected, including, without limitation, to comply with contractual and legal requirements, whichever is longer. In general, although there may be exceptions, data relating to unsuccessful candidates for roles within Nextech is kept for 3 months from the date of our last recorded communication with you.

Personal Data relating to successful candidates is managed by the employee privacy policy that will be provided to you upon joining Nextech. If your application is successful, your application will be retained as part of your personnel record.

However, if you wish to have your Personal Data removed from our databases, you can make a request as described below.

6. Data Security

All Nextech employees and consultants accessing Personal Data must comply with internal rules and processes in relation to the processing of Personal Data to protect them and ensure their confidentiality.

We use adequate technical and organisational security measures to protect your Personal Data stored by us against loss and unlawful processing, against unauthorised access by third parties.

However, data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities, and complete protection of data against access by unauthorised third parties is not possible.

7. Your Rights

Information and access to Personal Data

You have a right to know what Personal Data we are processing about you, and you may at any time request that we provide you with a copy of the Personal Data we are processing about you. In addition, you may request information about the origin, disclosure, purpose of collection and use, the intended retention period, the logic applied in processing the Personal Data and, where applicable, the country to which the Personal Data has been disclosed.

Right to rectification

We take all reasonable steps to ensure that Personal Data is accurate and that inaccurate or incomplete Personal Data is corrected, deleted or destroyed. You have the right to have inaccurate or incomplete Personal Data corrected and to be informed of the correction. In this case, we will inform the recipients of the data concerned of the corrections made, unless this is impossible or involves a disproportionate effort.

Right to erasure

You have the right to have your Personal Data deleted in certain circumstances. In some cases, particularly where there is a legal obligation to retain data, the right to erasure may be excluded.

Right to restriction of processing

You have the right to restrict the processing of your Personal Data.

Right to data output/data transfer

You have the right to receive your Personal Data from us in a structured, commonly used and machine-readable format. You also have the right to have us transfer that data to another controller.

Right to object

You may object to the processing of your data at any time.

Right to withdraw consent

You have the right to withdraw your consent at any time. However, processing activities based on your consent in the past will not become unlawful as a result of your revocation.

To exercise these rights, or if you have any questions or comments about this Privacy Policy, please contact us at

Nextech Invest AG, Bahnhofstrasse 18, 8001 Zurich, Switzerland

Phone : +41 44 366 66 11

E-mail: info@nextechinvest.com

You may also exercise your rights by lodging a complaint with the competent data protection authority. The competent authority is determined by your habitual residence, place of work or the location of the alleged infringement. In Switzerland, the competent authority is the Federal Data Protection and Information Commissioner (FDPIC, Feldeggweg 1, 3003 Bern, https://www.edoeb.admin.ch/edoeb/en/home.html).

© Nextech Invest Ltd.  |  privacy policy