Privacy Notice

1. Controller and Scope

This Privacy Notice explains how Blue Earth Capital AG and its affiliates (collectively “BlueEarth”, “we,” “our” or “us”) collect and process your personal data when you visit our website or interact with us online or offline. For the purposes of this notice, the data controller is the BlueEarth entity responsible for the processing activity — typically the entity operating this website or engaging with you. Blue Earth Capital AG is located at Neuhofstrasse 4, 6340 BaarZug , Switzerland.
This notice applies to:

  • Website visitors and users, including individuals contacting us via email or otherwise interacting with our IT infrastructure;
  • BlueEarth alumni;
  • Potential directors or members of investment committees for BlueEarth advised entities;
  • Current and potential contractual counterparties such as investors, service providers, portfolio companies and their representatives; and
  • Individuals connected with these categories.

We have separate privacy notices for employees, job applicants, investors/subscribers and suppliers/visitors; please consult those notices where applicable.

2. Our commitment to data protection principles

Blue Earth Capital is committed to the data protection principles set out in the Swiss FADP and the EU GDPR. We process personal data lawfully, fairly and transparently; we collect data only for specified, legitimate purposes and do not process it further in ways incompatible with those purposes; we limit data collection to what is necessary and keep it accurate and up to date; we retain data no longer than needed for the stated purposes; and we implement appropriate technical and organisational measures to protect the integrity and confidentiality of the data. BlueEarth takes responsibility for and can demonstrate compliance with these principles.

3. What information we collect

We collect personal data about you directly from you, from your use of our website, and from third parties (e.g. service providers or publicly available sources). The nature of the data depends on your relationship with us.
If you are a website visitor or user we may collect:

  • Basic personal data and contact details, e.g., name, email;
  • Authentication information (where applicable), such as login credentials.
  • Online electronic information, including IP address, device/browser data, cookie identifiers, engagement statistics, usage analytics, IT traffic and content accessed, shared or downloaded. See our Cookies Notice for details.
  • Information you provide in forms, such as when you subscribe to newsletters.
  • Information related to your electronic interactions with us or our service providers (e.g., emails, phone calls or other electronic communications), as permitted by law.

If you are a BlueEarth alumnus, we may collect basic personal data, contact details, photographs (e.g., taken at alumni events) and information related to electronic interactions with us.
If you are a potential director or investment committee member, we may collect your basic personal data, contact details and information related to your background, skill set and experience (e.g. your résumé).
If you are a current or potential contractual counterparty (or you represent one), we may collect basic personal data, contact details, biographical information, recordings or photographs at meetings or events, identity verification information (e.g. ID checks or CCTV images), and other data disclosed as part of the contract or required by law.
Generally we do not intentionally collect special categories of personal data (e.g., health or religious data). In limited circumstances, sensitive data may be inferred from the information you voluntarily provide (e.g., dietary requirements or accessibility needs) and will be processed in accordance with applicable law.

4. Why we process your personal data and our legal bases

We process personal data for specific, legitimate purposes and only to the extent relevant to those purposes. Depending on your relationship with us, we may use your data to:

  • Manage our relationship with you (including identity verification and responding to enquiries).
  • Communicate with you (e.g., provide updates, marketing communications or event information).
  • Provide and improve our services, including access to secure areas such as client or video portals.
  • Protect the security and integrity of our IT systems, networks and data including detecting and preventing cybersecurity threats or fraud.
  • Manage our business operations, governance and resources.
  • Enhance our knowledge of markets and analyse market data.
  • Enter into or perform contracts, including precontractual assessments and due diligence checks.
  • Organise and participate in meetings, calls and video conferences (which may be recorded where legally required or with consent).
  • Secure our premises and ensure the safety of visitors and staff.
  • Comply with legal and regulatory obligations, such as anti money laundering, antibribery, financial services rules, tax laws, sanctions monitoring and health and safety requirements.
  • Protect our legal interests, such as enforcing or defending rights, managing mergers or acquisitions, and meeting corporate and social responsibility objectives.

Our legal bases include: (i) taking pre contractual steps; (ii) performing contractual obligations; (iii) complying with legal or regulatory obligations; (iv) pursuing legitimate interests (e.g., improving services, ensuring security, conducting due diligence, marketing our services) while balancing your privacy rights; and (v) obtaining your consent where required. Where consent is the basis, you may withdraw it at any time; withdrawal will not affect prior processing.

5. Automated decision making, profiling and compliance screening

Blue Earth Capital may use automated tools or algorithms to assist with regulatory compliance, such as screening client names against sanctions or politically exposed person (PEP) lists to meet anti money laundering (AML) obligations. These tools flag information for review but do not, by themselves, make final decisions about whether to enter into or continue a business relationship. Where a screening result could affect you, a qualified Blue Earth Capital professional will review the outcome and any relevant context before making a determination.
We do not carry out decisions that produce legal or similarly significant effects about individuals solely by automated means. If, in the future, we adopt fully automated decision making that could significantly affect you, we will:

  • Inform you in advance about the logic involved, the potential consequences and your rights;
  • Ensure you can request human intervention and challenge the decision; and
  • Obtain your explicit consent where required.

This section ensures that you understand how automated compliance tools are used and your rights in relation to them.

6. Cross border data transfers

Blue Earth Capital operates globally. As part of our investment activities, including in emerging markets, we sometimes need to transfer personal data to countries outside Switzerland and the European Economic Area. For example, when we set up or administer investments, we may be legally required to share personal data (such as the names and identity documents of directors or ultimate beneficial owners) with fund administrators, regulatory bodies or professional advisers in those jurisdictions.
Such transfers only occur for legitimate purposes and are carried out in accordance with applicable data protection law. Specifically:

  • We may transfer data to countries recognised by the Swiss Federal Council or the EU as providing an adequate level of protection.
  • Where no adequacy decision exists, we implement appropriate safeguards – such as the Swiss adapted EU standard contractual clauses, Binding Corporate Rules or other FDPIC/EU approved mechanisms – to ensure that your personal data enjoys a level of protection equivalent to that required under the FADP and the GDPR.
  • When sharing sensitive documents (e.g. passports), we use secure data room platforms that comply with GDPR level security standards. These platforms employ strong encryption, multifactor authentication and granular access controls. Access is limited to authorised individuals, and all downloads are logged and monitored.
  • You can request further information about cross border transfers and obtain a copy of the relevant safeguards using the contact details provided in Section 11.

7. How we protect your personal data

Blue Earth Capital implements technical and organisational measures aligned with international standards to protect the confidentiality, integrity and availability of personal data. Measures include:

  • Access controls and role-based permissions to ensure data is only available to those who need it;
  • Encryption of data in transit and at rest, where appropriate, and the use of secure dataroom platforms with end-to -end encryption for sharing sensitive documents such as passports. These platforms employ multifactor authentication, granular access controls and activity logging to prevent unauthorised access and monitor downloads;
  • Segregated data storage systems and secure back up procedures;
  • Regular security audits, vulnerability assessments and penetration tests;
  • Employee training and awareness programmes; and
  • Incident management procedures, including breach notification obligations and a quality assurance / incident management system as described in our Compliance and Data Protection Framework.

While we strive to protect your data, no internet transmission is completely secure, and we cannot guarantee absolute security.

8. Data retention

We retain your personal data only as long as necessary to fulfil the purposes described in this notice, comply with legal or regulatory requirements, or establish or defend legal claims. The retention period may vary depending on the data type and the context of our relationship (e.g., contact data used for marketing is retained until you unsubscribe; contractual data is retained for the duration of the contract plus the statutory limitation period). Backup copies may persist for a limited period, but they are isolated from routine processing and are securely stored. Once data is no longer required, it will be securely deleted or anonymised.

9. Your rights

Under the FADP and GDPR, you have the following rights in respect of your personal data, subject to statutory exceptions:

  • Right to information and access: to obtain confirmation as to whether Blue Earth Capital processes your personal data and, if so, to access that data and relevant processing information (controller’s identity, purpose, categories of data and recipients, retention period, source of data).
  • Right to correction: to request correction of inaccurate or incomplete data.
  • Right to deletion: to request erasure of your personal data where processing is unlawful or no longer necessary.
  • Right to restrict processing: to limit processing of your data in certain situations.
  • Right to object: to object to the processing of your personal data on grounds relating to your particular situation or for direct marketing purposes.
  • Right to data portability: to receive the personal data you provided to us in a structured, commonly used and machine readable format and to have that data transferred to another controller without hindrance.
  • Rights relating to automated decision making: to be informed of decisions based solely on automated processing and to request human intervention.
  • Right to withdraw consent: if processing is based on consent, to withdraw it at any time; withdrawal does not affect prior processing.
  • Right to lodge a complaint: to complain to a supervisory authority (FDPIC in Switzerland or the relevant EU authority) if you believe your data has been processed unlawfully.

You may exercise these rights by contacting us (see Section 11). To protect your data, we may ask you to verify your identity before responding. We will respond within the statutory timeframe unless exceptions apply (e.g., disproportionate effort or overriding third party interests).

10. Data protection impact assessments and breach notification

Blue Earth Capital conducts Data Protection Impact Assessments (DPIAs) for new or significantly changed processing activities that may present a high risk to individuals. The DPIA evaluates necessity, proportionality and risks, and identifies measures to mitigate risks. Where residual risk remains, we consult the FDPIC and, if required, relevant EU authorities.
If a personal data breach occurs that is likely to result in a high risk to the rights and freedoms of individuals, Blue Earth Capital will notify the competent supervisory authority without undue delay and, where required, the affected individuals. Our incident management procedures (outlined in our Compliance and Data Protection Framework) set out internal reporting, investigation and remediation responsibilities.

11. Who has access to your personal data

We will never sell your personal data. We may share your data with:

  • Our personnel (management, compliance, communications, IT, client services, etc.) and other Blue Earth Capital entities providing intragroup services.
  • Suppliers and service providers, such as IT providers, marketing agencies, cloud service platforms and consultants.
  • Professional advisers and external lawyers.
  • Banks, lenders and external auditors where lawfully required.
  • Third parties to whom we assign or transfer our rights and obligations.
  • Authorities, regulators and law enforcement agencies where legally required to comply with judicial or administrative orders.

All recipients are contractually obliged to protect the confidentiality and security of your data. Where recipients act as data processors, they may process personal data only on our instructions.

12. Contact information

If you have questions about this Privacy Notice, wish to exercise your rights or seek information about data transfers, please contact our Data Protection Officer at:

Blue Earth Capital AG
Neuhofstrasse 4
6340 Baar Zug, Switzerland
E mail: dpo@blueearth.capital

You also have the right to complain to the Federal Data Protection and Information Commissioner (FDPIC) or the relevant EU supervisory authority if you believe your data has been processed unlawfully.
If you have concerns about misconduct or wish to report a compliance issue unrelated to your personal data rights, you may also use our Speak Up whistleblowing tool. Please note that this channel should not be used to exercise the privacy rights described above.

13. Changes to this notice

We may update this Privacy Notice from time to time to reflect changes in our practices or legal requirements. The effective date will be shown below. We encourage you to review this page periodically for updates.
Effective date: 1 September 2025