Privacy Policy

Rheinstein Investment (hereinafter “we“, “us“, “our“, or “the Company“) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://rheinstein-investment.ch (the “Website”) or otherwise interact with us in the context of our investment services.

Rheinstein Investment is a Swiss investment company with a heritage dating back to 1968, focused on building long-term value through strategic investments across the EMEA region, including direct private equity, industrial and manufacturing platforms, and strategic advisory services.

This Privacy Policy is issued in compliance with the Swiss Federal Act on Data Protection (FADP, in force since 1 September 2023) and, where applicable, the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679).

Please read this Privacy Policy carefully. By using our Website or providing us with your personal data, you acknowledge that you have read and understood this Privacy Policy.

The data controller responsible for the processing of your personal data is:

Rheinstein Investment

c/o Lioncon Treuhand AG

Susenbergstrasse 88

8044 Zürich, Switzerland

Email: info@rheinstein-investment.ch

Phone: +41 76 728 14 56

Commercial Register Number (UID): CHE108.809.069

For all questions related to the processing of your personal data or the exercise of your rights under this Privacy Policy, please contact us using the details provided above or in Section 13.

For the purposes of this Privacy Policy:

• Personal Data means any information relating to an identified or identifiable natural person.
• Processing means any operation performed on personal data, such as collection, recording, storage, use, disclosure, or deletion.
• Data Subject means the natural person whose personal data is processed.
• Controller means the entity that determines the purposes and means of processing personal data.
• Processor means a third party that processes personal data on behalf of the Controller.

Depending on your interaction with us, we may collect and process the following categories of personal data:

4.1 Information you provide to us

• Identification data: first name, last name, date of birth, nationality, copy of ID or passport (for client onboarding).
• Contact data: postal address, email address, telephone number.
• Professional and financial data: occupation, employer, source of funds, financial situation, investment experience, risk profile, tax residence, tax identification number.
• Account and transaction data: bank account details, transaction history, portfolio information.
• Communication data: content of correspondence, recordings of phone calls (where notified in advance), meeting notes.
• Compliance data: information required to fulfill our anti-money laundering (AML), know-your-customer (KYC), and tax reporting obligations.

4.2 Information collected automatically

When you visit our Website, we may automatically collect:

• Technical data: IP address, browser type and version, operating system, device identifiers, time zone setting, screen resolution.
• Usage data: pages visited, time spent on pages, links clicked, referring URL, date and time of access.
• Cookies and similar technologies: see Section 9 below.

4.3 Information from third parties

We may receive personal data from third parties, including:

• Publicly available sources (e.g., commercial registers, sanctions lists, PEP databases);
• Credit reference and identity verification agencies;
• Banks, custodians, brokers, or other financial intermediaries;
• Service providers and business partners.

We process your personal data for the following purposes:

5.1 Provision of investment services

To establish and maintain the business relationship, conduct client onboarding, provide investment advisory or portfolio management services, execute transactions, and administer your account—including in the context of our direct private equity investments, industrial and manufacturing platforms, and strategic advisory engagements.

Legal basis: performance of a contract; legitimate interests; legal obligations.

5.2 Compliance with legal and regulatory obligations

To comply with applicable laws and regulations, including AML, KYC, FATCA, CRS, tax reporting, sanctions screening, and obligations under FINMA supervision (where applicable).

Legal basis: compliance with legal obligations.

5.3 Website operation and security

To operate, maintain, and improve the Website, ensure its security, prevent fraud, and detect technical issues.

Legal basis: legitimate interests.

5.4 Communication and marketing

To respond to your inquiries submitted via the Website contact form, email, or telephone; to send service-related communications; and, where permitted, to provide you with information about our services, market insights, or events.

Legal basis: consent (where required); legitimate interests.

5.5 Establishment, exercise, or defense of legal claims

To protect our rights and interests in legal proceedings.

Legal basis: legitimate interests; legal obligations.

We treat your personal data with the utmost confidentiality. We may disclose your personal data to the following categories of recipients:

• Affiliated entities and business partners: where necessary for the purposes set out above, including in connection with our investments and partnerships.
• Service providers (processors): including our trustee Lioncon Treuhand AG, as well as IT, hosting, cloud, software, communication, marketing, accounting, auditing, and legal service providers, acting on our instructions.
• Financial intermediaries: banks, custodians, brokers, asset managers, and other counterparties involved in executing transactions on your behalf.
• Authorities and regulators: Swiss and foreign tax, regulatory, supervisory, judicial, or law enforcement authorities, including FINMA, the Swiss Federal Tax Administration, and the FDPIC, where required by law.
• Professional advisors: lawyers, auditors, and consultants bound by professional secrecy.
• Acquirers or successors: in the event of a merger, acquisition, reorganisation, or sale of assets.

All recipients are required to maintain the confidentiality and security of your personal data and to process it only for the purposes disclosed.

Your personal data may be transferred to, processed, or stored in countries outside Switzerland or the European Economic Area (EEA), including countries that may not provide the same level of data protection as Switzerland or the EEA. Given our investment activities across the EMEA region, such transfers may occur in the ordinary course of business.

Where we transfer personal data to such countries, we ensure that appropriate safeguards are in place, such as:

• Transfers to countries recognized by the Swiss Federal Council and/or the European Commission as providing an adequate level of protection;
• Standard contractual clauses approved by the Federal Data Protection and Information Commissioner (FDPIC) and/or the European Commission;
• Binding corporate rules or other appropriate safeguards in accordance with applicable law.

You may request a copy of these safeguards by contacting us using the details set out in Section 13.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

Typical retention periods include:

• Client and transaction records: at least 10 years following the end of the business relationship or completion of the transaction, in accordance with Swiss AML and Code of Obligations requirements.
• Accounting and tax records: at least 10 years, in accordance with Swiss tax law.
• Marketing data: until you withdraw your consent or object to processing.
• Website log data: typically up to 12 months, unless required for security investigations.

After expiry of the applicable retention period, your personal data will be securely deleted or anonymised.

Our Website uses cookies and similar technologies to ensure the proper functioning of the site, analyze its use, and improve your user experience.

9.1 What are cookies?

Cookies are small text files stored on your device when you visit a website. They allow the website to recognize your device and remember certain information.

9.2 Types of cookies we use

• Strictly necessary cookies: required for the Website to function properly. These cannot be disabled.
• Functional cookies: enable enhanced functionality and personalization.
• Analytics cookies: help us understand how visitors use the Website (e.g., Google Analytics or similar tools).
• Marketing cookies: may be used to deliver relevant content and measure the effectiveness of campaigns.

9.3 Managing cookies

You can manage your cookie preferences via the cookie banner displayed on our Website or through your browser settings. Please note that disabling certain cookies may affect the functionality of the Website.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include encryption, access controls, secure servers, regular security assessments, and staff training.

However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.

Subject to applicable law, you have the following rights regarding your personal data:

• Right of access: to obtain confirmation as to whether we process your personal data and to receive a copy of such data.
• Right to rectification: to request the correction of inaccurate or incomplete personal data.
• Right to erasure: to request the deletion of your personal data, subject to legal retention obligations.
• Right to restriction: to request that we restrict the processing of your personal data in certain circumstances.
• Right to object: to object to the processing of your personal data based on our legitimate interests, including profiling.
• Right to data portability: to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller (where applicable).
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
• Right not to be subject to automated decision-making: you have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you, except in the limited circumstances permitted by law.

To exercise your rights, please contact us using the details provided in Section 13. We may require you to verify your identity before responding to your request. We will respond within the timeframes set by applicable law.

If you believe that our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with:

Federal Data Protection and Information Commissioner (FDPIC)

Feldeggweg 1

3003 Bern, Switzerland

Website: https://www.edoeb.admin.ch

If you are located in the EU/EEA, you may also have the right to lodge a complaint with the competent data protection authority in your country of residence.

If you have any questions, comments, or requests regarding this Privacy Policy or the processing of your personal data, please contact us:

Rheinstein Investment

c/o Lioncon Treuhand AG

Susenbergstrasse 88

8044 Zürich, Switzerland

Email: info@rheinstein-investment.ch

Phone: +41 76 728 14 56

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. The updated version will be posted on this page with a revised “Last updated” date. We encourage you to review this Privacy Policy periodically.

Where required by law, we will obtain your consent or provide you with advance notice of any material changes.