Data Privacy

1. General information

Data protection is an important concern for us. Therefore, we process your personal data ("personal data") with great care and in accordance with the applicable legal requirements. Castle Private Equity AG, Schützenstrasse 6, 8808 Pfäffikon, Switzerland processes your personal data for different purposes and informs transparently about this data processing. Personal data" means any information that can be associated with an identified or identifiable natural person. The term "processing" includes any handling of personal data, e.g. obtaining, disclosing, storing, deleting, etc.

Please read the entire privacy policy carefully. This will tell you how and why we process your personal data and what rights you have in connection with this data processing.

This privacy policy is based on the Swiss Data Protection Act (DSG). It is also based on the European General Data Protection Regulation (GDPR). It depends on the individual case to what extent the GDPR is applicable at all.

To whom and when does this privacy policy apply?

  • If you purchase services or products from us or have a contractual relationship with us.
  • visitors to our website
  • when you contact us, e.g. by e-mail, letter, via our contact form or any other contact tool
  • when you receive information or marketing communications from us
  • ou register for certain offers (e.g. events)
  • when you subscribe to our newsletter
  • when you apply for a job with us
  • when you deal with us in the context of further data processing related to our offers

SSL or TLS encryption
When you enter your data on websites, place online orders or send e-mails over the Internet, you must always be prepared for unauthorized third parties to access your data. There is no complete protection against such access. However, we do our utmost to protect your data as best we can and to close security gaps as far as we can.

An important protection mechanism is the SSL or TLS encryption of our website, which ensures that data you transmit to us cannot be read by third parties. You can recognize the encryption by the lock icon in front of the Internet address entered in your browser and by the fact that our Internet address begins with https:// and not with http://.

Google reCAPTCHA

This website uses "Google reCAPTCHA" (hereinafter "reCAPTCHA"). The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter "Google". The purpose of reCAPTCHA is to verify whether data entry on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run entirely in the background. Website visitors are not made aware that an analysis is taking place. The data processing is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. For more information on Google reCAPTCHA and Google's privacy policy, please see the following links: and

Google Maps

This website uses the offer of Google Maps. This allows us to display interactive maps directly on the website and enables you to comfortably use the map function. By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. For more information on the purpose and scope of data collection and processing by Google, as well as further information on your rights in this regard and settings options for protecting your privacy, please visit:​​​​​​​

Google Webfonts

This website uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, a standard font is used by your computer.

You can find more information on Google Web Fonts at and in Google's privacy policy: 


2. Responsibility

The company responsible for the processing of personal data is the company that specifies the purpose for which and the means by which the processing is to be carried out. For the data processing according to this privacy policy, the following company or person is the "responsible party" in the sense of the Data Protection Act, i.e. the body responsible for data protection, unless otherwise communicated in the specific individual case (identity):

Castle Private Equity AG Schützenstrasse 6 8808 Pfäffikon Switzerland.

If you have any concerns or questions regarding data protection, you can contact us at the following address:

3. Personal data to be processed

We also process different categories of personal data in view of the different purposes. In the case of contractual partners that are companies, we process less personal data - here we process in particular data of contact persons of the companies (e.g. name, e-mail address, function in the company, communication data). You provide us with much of the following personal data yourself. However, as a rule you are not obliged to do so. If you disclose data about other persons to us, we assume that you are authorized to do so and that this data is also correct. You automatically confirm this when you provide us with data about these third parties. Please ensure that the third parties concerned have been made aware of this data protection declaration.

3.1 Basic data and contact information

Basic data and contact information relate directly to your person and characteristics (for example, to contact you). For example, we process the following basic data:

  • Name, first name
  • E-mail address
  • Telephone number
  • Information on language preferences
  • Information on professional function and employment (e.g. employment relationship, employer).

We obtain this master data directly from you. However, under certain conditions, we may also obtain personal data from third parties, such as our contractual partners, associations and address dealers, and from publicly available sources such as the Internet.

3.2 Contract data

Contract data is information that accrues in connection with the execution of the contract. We process the following data:

  • Data from the run-up to the conclusion of a contract and data on the conclusion of the contract itself (e.g. on the subject matter of the contract), as well as the data required or used for the execution of the contract
  • Date, information on the type and duration as well as conditions of the relevant contract, data on the termination of the contract
  • Customer history
  • Information on payments and payment modalities, mutual claims
  • information on complaints, customer satisfaction, complaints, feedbacks
    Responses to customer and satisfaction surveys

3.3 Application data

Application data is data that is generated in connection with your application to us, e.g. the following data:

  • CV, letter of motivation
  • work and degree certificates
  • Information about your current job (e.g. notice period)
  • Salary expectations
  • Information in connection with a job interview

3.4 Communication data
Communication data is data that arises in connection with communication with you, e.g. this is the follow

  • Contact details such as postal address, e-mail address and telephone number.
  • Content of all correspondence
  • Details of the nature, time and other peripheral data of the communication

3.5 Location data and technical data

When you visit our website, technical data is collected. This includes, for example, the following data:

  • Location and traffic data
  • IP address of the end device and device ID
  • mation about your device, the operating system of your terminal device
  • Information about your Internet provider
  • ed or logs in which the use of our systems is recorded
  • Date and time of access to the website

3.6 Other possible data

Depending on necessity, we may then also process the following additional data:

  • We may collect data about who attends events and when

4. purposes of our data processin

We process personal data from you, to the extent permitted, for different purposes in which we have a legitimate interest corresponding to the purpose:

  • For the performance of contracts
  • To improve our services and products
  • For communication purposes (e.g. replying to your messages)
  • For marketing and information purposes (so that we can, for example, inform you about offers or new activities according to your personal interests)
  • To review your application (so that we can assess whether you are suitable for a position with us)
  • To maintain our IT security (in particular to monitor the performance of our website)
  • For internal administration (e.g., in the context of accounting or archiving data)
  • To comply with legal requirements (e.g., to process complaints, prevent and investigate criminal offenses or other misconduct)
  • To assert legal claims (if necessary, we also process personal data to enforce claims in court, out of court and before authorities in Germany and abroad, or to defend ourselves against legal claims)
  • For company development (e.g. for company management, for handling the purchase and sale of business units and the associated transfer of personal data)

5. Online advertising technique

On our website, we use online advertising techniques such as cookies. We use them to measure the user experience and the success of the website and online advertising campaigns.

5.1 What are online advertising techniques such as cookies?

If we track you, we can distinguish your accesses from accesses by other users so that we can ensure the functionality of the website and carry out statistical evaluations. Each time you access a page, you are recognized as an individual visitor and can thus be distinguished from other persons, for example by the server assigning a unique identification number to your browser (this is then referred to as a "cookie"). Cookies are automatically stored on your terminal device when you visit our website. We use cookies, for example, to save settings between your visits to the website or to collect statistical, technical data.

5.2 Which cookies or online advertising techniques do we use?
We use analytics services so that we can optimize our website. In the following, we explain by way of example how our most important analytics service providers work. Other third-party providers of corresponding tools usually process personal data in a similar way.

  • Google Analytics, an analytics service provided by Google LLC and Google Ireland Ltd. Google Ireland Ltd. is the responsible party for the processing of personal data. Google uses cookies and online advertising techniques to analyze certain information about the behavior of individual users on the website. Based on the analyzed data, Google provides us with evaluations, but also processes data for its own purposes. Information on data protection at Google Analytics can be found here:

6. Data disclosure to other companies and further recipients

We disclose your personal data to service providers. This applies in particular to IT service providers, but may - where necessary - involve analysis service providers, debt collection service providers, credit reporting agencies, marketing service providers, etc. Insofar as these service providers process personal data as order processors, they are obliged to process personal data exclusively in accordance with our instructions and to take data security measures. Data may then also be disclosed to other recipients, e.g. to courts and authorities in the context of legal proceedings.In individual cases, it is possible that we may also disclose personal data to other third parties for their own purposes, e.g. if you have given us your consent to do so or if we are legally obliged or entitled to disclose it.

7. Duration of data processing

We store and process your personal data for as long as it is necessary for the purpose of the processing (in the case of data relating to contracts, this is usually for the duration of the contractual relationship), for as long as we have a legitimate interest in storing the data (e.g. in order to enforce legal claims, or to ensure IT security) and for as long as data is subject to a statutory retention obligation (for certain data, for example, there is a ten-year retention period that we must comply with). We destroy or anonymize your personal data after the storage or processing period has expired, provided that no legal or contractual obligations prohibit this.

8. Legal basis according to the GDPR for the data processing.

As the case may be, data processing is only permitted if the applicable law specifically allows it. This does not apply under Swiss data protection law, but it does apply under the European GDPR to the extent that it applies. In this case, we base the processing of your personal data on the following legal bases:

  • on your consent (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a DSGVO);
  • that the processing is necessary for the performance of the contract or pre-contractual measures (Art. 6 para. 2 lit. b DSGVO).
  • rocessing is necessary for a legitimate interest in the data processing (Art. 6 para. 1 lit. f DSGVO)
  • that the processing is necessary for the assertion or defense of legal claims or civil proceedings (Art. 6 para. 1 lit. f and Art. 9 para. 2 lit. f DSGVO)
  • that the processing is necessary for compliance with domestic or foreign legal provisions (Art. 6 para. 1 lit. c and lit. f as well as Art. 9 para. 2 lit. g DSGVO)

9.Data subject rights

You have certain rights under applicable data protection law so that you can obtain further information about and act on our data processing. These are in particular the following rights:

  • You have a right to information. This means that you can request information about our data processing. We are at your disposal for this purpose. You can also submit a so-called information request if you wish to receive further information and a copy of your data.
  • You have a right of transfer. This means that you have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format or to have it transferred to a third party, insofar as the corresponding data processing is based on your consent or is necessary for the performance of the contract.
  • You have a right to erasure and objection. This means that you can object to our data processing so that we can no longer process your data. You can then request that we delete your personal data. However, we would like to point out that we will continue to process and store your data if we are obliged to do so.
  • You have a right to rectification. This means that you can have incorrect or incomplete personal data corrected or completed or then provided with a so-called denial note.
  • You have a right of revocation. This means that you can revoke your consent at any time, provided that you have previously given your consent for data processing. The revocation applies from this moment, that is, only for the future and not for the past. However, it may be that we continue to process your data on a different basis in the event of your revocation.

If you assert your data subject rights, we must verify your identity (this is done, for example, by providing a copy of your ID). The listed data subject rights are then subject to legal requirements and restrictions. This means that the exercise of rights is not always possible in full. For example, we still need to process your personal data in order to fulfill an order with you, to protect our own interests worthy of protection or to meet legal obligations. Insofar as it is legally permissible (e.g. to protect the privacy of third parties as well as to protect our own interests worthy of protection, such as the existence of business secrets), we may restrict or refuse to allow you to exercise your rights. It should also be mentioned that you also have the option of taking your concerns to the competent data protection authority.

10. Status of the privacy policy

This Privacy Policy is up to date and dated 08/31/2023.