Privacy Policy

Website Privacy Policy

Your privacy is important to Clearlake Capital Group, L.P. (together with its affiliates, “Clearlake,” “we,” “us,” and “our”). To better protect your privacy as you access our websites and investor reporting portals, including www.clearlake.com, and any websites that are automatically redirected to them, as well as through other electronic communications (such as emails or social media messaging) through which we may collect limited types of personal information (collectively, the “Sites”), we are providing information explaining how we use your personal information (or “personal data,” “personally identifiable information,” or such other similar terms).

As further described below in the section titled “How We Obtain Your Personal Information,” this privacy policy (this “Privacy Policy”) applies to our collection and processing of personal information:

from and about visitors of the Sites or our other digital platforms;
when you opt to receive communications from Clearlake, including when you communicate with us offline and online;
from and about representatives of, or individuals in connection with, our actual and prospective vendors, business partners or portfolio companies;
to conduct business with you;
when you apply for a job with us;
about visitors to our premises and attendants of events or meetings we may arrange; and
through other data collection points where we refer to this Privacy Policy.

This Privacy Policy does not apply to any processing of personal information by or on behalf of Clearlake that is covered by a more specific privacy notice. Please read this Privacy Policy carefully.

If you are a resident of California, please also refer to our California Website Privacy Policy, which is set forth after this Privacy Policy.

If you are located in the United Kingdom (the “UK”), the European Union (the “EU”), the European Economic Area (the “EEA”), or Switzerland, or the processing of your personal data would otherwise be subject to applicable laws and regulations relating to privacy, protection or processing of personal data in the EEA, EU, UK, or Switzerland, including the General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”) and the UK’s equivalent to the EU GDPR (the “UK GDPR”) and the Swiss Federal Act on Data Protection (“Swiss Privacy Law,” and collectively, the “EEA-UK Data Protection Laws”), in addition to the details contained in this Privacy Policy, please also refer to our EEA-UK Privacy Supplement, which is set forth after this Privacy Policy.

The Personal Information We Collect

We collect limited types of personal information. The types of personal information we collect about you depends on the nature of your interaction with us. The categories of personal information we collect from individuals subject to this Privacy Policy, and as collected over the last twelve (12) months, include, without limitation, the following:

Your basic information: such as your name, prefix/title, gender, age and/or date of birth, job title and/or position.
Contact details: such as physical addresses, telephone numbers and/or email addresses.
Information we obtain by automated means: such as information about your computer / device and IP address, content and traffic data. We may also collect personal data about you through automated technology when you access and use the Sites, such as cookies and similar technology (please see the “Cookies” section below for information about how we use such technologies).
Information obtained through communications with us: such as information obtained through telephone calls (which may be recorded for compliance purposes), video communications and other verbal communications, and written correspondence.
Job applicant information: information that you may provide to us in connection with a job application, such as resume or CV information and identification documentation.
Other information: such as information provided by third parties or obtained through publicly available sources.

Some internet browsers have incorporated “Do Not Track” features. Most of these features, when turned on, send a signal or preference (the “DNT Signal”) to websites you visit indicating that you do not wish to be tracked. At this time, we do not currently respond to DNT Signals.

We also may collect anonymous demographic information, which is not unique to you, such as your ZIP code, age, gender, preferences, interests and favorites.

We only collect “sensitive” or “special category” personal information when the relevant individuals voluntarily provide us with this information or where such information is required or permitted to be collected by law or professional standards. Sensitive information includes personal information regarding a person’s race, ethnicity, political beliefs, trade union membership, religious or similar beliefs, physical or mental health, sexual orientation or the processing of genetic or biometric data for the purpose of uniquely identifying someone; similar rules apply to information relating to criminal offences or related security measures. Please use your discretion when providing sensitive information to Clearlake, and do not provide it unless specifically needed. If you have any questions about whether the provision of sensitive information is, or may be, necessary or appropriate for particular purposes, please contact compliance@clearlake.com.

How We Obtain Your Personal Information

The sources from which we may collect and maintain your personal information include, without limitation:

Information captured on the Sites or our other digital platforms, including registration and account information, information provided through online forms, and the “Contact” page.
Information provided by you in person or through communications with us, such as information obtained through written correspondence, including when you provide it to us in online or offline correspondence via physical mail, email, telephone calls (which may be recorded for regulatory purposes), video communications and other verbal communications.
Information provided by third parties or publicly available sources, such as a resume or CV sent to us by a recruiting firm, background information from a background check provider, personal data we viewed on social media (e.g., LinkedIn) or information obtained from publicly available lists of individuals subject to sanctions or trade restrictions, including government registers. If you choose to register or login to one of the Sites using a third party single sign−in service that authenticates your identity and/or connects your social media login information (e.g., LinkedIn, Google, or Vimeo), we will collect any information or content needed for the registration or log−in that you have permitted the social media provider to share with us, such as your name and email address. If you represent one of our vendors, business partners or portfolio companies, we may also collect your personal information from the entity that you work for where this is necessary to receive products or services from, or otherwise conduct business with, such third party.
Information such as your IP address and other online identifiers that are collected through automated technology when you access and use the Sites, such as cookies and similar technology.

We process information in relation to companies that we are evaluating in connection with a corporate transaction or potential investment. This information may include, without limitation, your personal data including name, title, email address, postal address, job title, telephone number, passport or other government-issued identification, financial information and/or job and benefits information, as appropriate.

How We can Use the Personal Information We Collect

We will use the personal information we collect for one or more of the following purposes:

Purpose: To conduct business with you or to provide you with the services or information you have requested, including responding to your inquiries and requests and providing you with support
Legal basis (relevant to the EEA-UK Privacy Supplement): Contractual necessity; and/or our legitimate interest in operating our business and providing investment services
Purpose: To communicate with you, to operate, schedule and facilitate meetings (in-person and online) and to administer your participation in any of our events
Legal basis (relevant to the EEA-UK Privacy Supplement): Our legitimate interest in operating our business and providing investment services; and/or consent
Purpose: To verify your identity (including to conduct anti-money laundering or KYC checks and to enable you to access our offices) or to evaluate a business partner or supplier
Legal basis (relevant to the EEA-UK Privacy Supplement): Our legitimate interest in operating our business and providing investment services; contractual necessity; legal requirement; and/or consent
Purpose: To protect against, identify and prevent fraud, money-laundering, cyber-attacks, theft of our property, other threats to the safety, security and integrity of the Sites and other digital platforms (including investor portals, products and services, databases, technology assets) or our business, and other malicious, or unlawful activity
Legal basis (relevant to the EEA-UK Privacy Supplement): Legal requirement; and/or our legitimate interest in operating our business, the Sites and our digital platforms
Purpose: To conduct conflicts checks
Legal basis (relevant to the EEA-UK Privacy Supplement): Legal requirement
Purpose: To process and administer details associated with you, and to offer and improve our services
Legal basis (relevant to the EEA-UK Privacy Supplement): Our legitimate interest in operating our business
Purpose: Complying with our legal obligations, tax and corporate governance practices, which may require recording or monitoring telephone calls or other communications with you
Legal basis (relevant to the EEA-UK Privacy Supplement): Legal requirement; our legitimate interest in operating our business
Purpose: Litigation management and conducting internal audits and investigations
Legal basis (relevant to the EEA-UK Privacy Supplement): Legal requirement; and/or our legitimate interest in operating our business
Purpose: To keep a record of and manage your relationship with us
Legal basis (relevant to the EEA-UK Privacy Supplement): Our legitimate interest in operating our business and providing services; and/or legal requirement
Purpose: To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding
Legal basis (relevant to the EEA-UK Privacy Supplement): Our legitimate interest in operating our business; and/or legal requirement
Purpose: Corporate transactions and investment reporting
Legal basis (relevant to the EEA-UK Privacy Supplement): Legal requirement
Purpose: To administer, ensure the performance of, and protect, our business and the Sites (and our other digital technologies), including to ensure compliance with our Terms and Conditions of Use
Legal basis (relevant to the EEA-UK Privacy Supplement): Our legitimate interest in operating our business
Purpose: To make suggestions and recommendations to you, or to provide you with updates or other information, about our business and services that may be of interest to you, including in relation to services that are similar to those services we currently provide, or previously provided, to you
Legal basis (relevant to the EEA-UK Privacy Supplement): Consent, or our legitimate interest in operating our business where we have an existing relationship with you
Purpose: For statistical analysis and market research including via surveys to conduct research about your opinion of current services or of potential new services that may be offered
Legal basis (relevant to the EEA-UK Privacy Supplement): Our legitimate interest in operating our business
Purpose: For any other purpose that has been notified in writing
Legal basis (relevant to the EEA-UK Privacy Supplement): As identified in the relevant notice or where the data subject has given consent to the processing of their personal information for the specific purpose

If we require your personal information due to a legal requirement or obligation or in order to perform a contract with you, failure to provide this information means that we may not be able to conduct business with you. In this case, we may have to cancel an existing business arrangement with you but we will notify you if this is the case at the time.

Additionally, we may use your personal information to keep you informed of our services, if you have provided your consent to us doing so, or where we have an existing relationship with you and we wish to contact you about services similar to those which we provide you, in which you may be interested. You may opt-in to certain kinds of marketing, or all forms of marketing at any time, by contacting us and you may unsubscribe to receiving emails by clicking on the “opt-out” or “unsubscribe” link provided in all our marketing emails. You may also request that we stop sending you marketing communications by emailing compliance@clearlake.com at any time.

Disclosure of Personal Information

Your personal information may be disclosed to and processed by our affiliates and agents and certain service providers as necessary to fulfill the purposes set out in this Privacy Policy, including professional advisors, recruitment firms, consultants and data hosting providers, and in some instances, placement agents and other fund administrators, as well as regulators, law enforcement and other government bodies. We make sure anyone who provides a service to, or for us, enters into an agreement with us and meets our standards for data security. When we disclose your personal information, we will only do so to the extent such disclosure complies with applicable data protection laws.

We may also disclose personal information for the purposes described in this Privacy Policy and as required by law or regulation, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial, administrative or tribunal proceeding, court order, request from a regulator, national security or any other legal or investigatory process involving us (such disclosure, for the purposes of EEA-UK Data Protection Laws, is on the legal basis of compliance with law and in our (and/or a third party’s) legitimate interest). Should we, or any of our affiliated entities, be the subject of a takeover, divestment, acquisition, joint venture, bankruptcy or similar proceeding, we may disclose your personal information to the new owner of the relevant business and their advisors (such disclosure, for the purposes of EEA-UK Data Protection Laws, is on the legal basis of our (and/or a third party’s) legitimate interest).
We do not transfer your personal information to any third parties for their own direct marketing use.

Please be aware that the Sites and our digital platforms may contain links to other websites which are not hosted, affiliated or operated by us and are therefore not governed by this Privacy Policy. Your use of such websites is subject to the privacy policies or notices of the provider’s website. We encourage users to review the privacy policy of each website visited before disclosing any personal information.

Cookies

Information regarding how you access the Sites (e.g., browser type, access times and IP address) and your hardware and software is automatically collected through the use of cookies (a small text file placed on your hard drive) or other technologies or tools. This information is used to improve the Sites’ performance and for our business purposes, including to help provide you with a better experience when you browse the Sites. Where cookies are not necessary for us to provide the services you have requested or for the functioning of the Sites, we will ask you to consent to their use. You may opt-in to accept cookies automatically by changing the settings on your browser. If you opt-out of certain cookies, you may not be able to access certain parts of the Sites. You may wish to visit www.aboutcookies.org, which contains comprehensive information about types of cookies, how they are used and how you manage your cookie preferences.

You may access any personal information we have about you by contacting compliance@clearlake.com.

Security and Retention

We have security policies and procedures in place designed to protect personal information from unauthorized loss, misuse, alteration, or destruction. We secure the personal information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. Despite our best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal information is limited to those who have a need to know. Those individuals who have access to the data are required to maintain the confidentiality of such information.

We have put in place internal procedures to deal with any personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We retain personal information only for so long as the information is necessary for the purpose for which it was collected, or to comply with applicable law or defend or pursue legal claims. We may sometimes anonymize your personal information (so that it can no longer identify you) for statistical purposes, in which case we may use this information indefinitely without further notice to you. For further information about how long we will keep your personal information, please contact compliance@clearlake.com.

Privacy Policy Changes

We reserve the right to amend this Privacy Policy from time to time and for any reason, in our sole discretion, without notice, by updating this Privacy Policy. Accordingly, users are strongly encouraged to review our Privacy Policy regularly. If we decide to change our Privacy Policy, we will post those changes to the Sites so our users are always aware of what information we collect, how we use it and under what circumstances, if any, we disclose it. If at any point we decide to collect personal information or use any collected information in a manner different from that stated at the time it was collected, we will notify users by posting changes on this page. We will use information only in accordance with the Privacy Policy under which the information was collected. Your continued access or use of the Sites following the posting of changes to this Privacy Policy means that you accept such revisions, changes and/or amendments. If you object to any of the changes to this Privacy Policy, please stop accessing the Sites. Please check this page frequently and review any changes to this Privacy Policy carefully so you are aware of any changes, as they are binding on you.

Capacity

We understand the importance of protecting children’s privacy, especially in an online environment. In particular, the Sites are not intentionally designed for or directed at children under the age of 18. It is our policy never to knowingly collect or maintain information about anyone under the age of 18, except as part of an engagement to provide professional services.

Contact Us

If you have any questions or comments about this Privacy Policy, wish to access this Privacy Policy in an alternative format, submit requests, or wish to notify us of any errors or changes as to any personal information you provide us through the Sites (each, a “Communication”), you can e-mail us at compliance@clearlake.com.

We verify Communications by matching information provided in or in connection with your Communication to information contained in our records. Depending on the sensitivity of the Communication and the varying levels of risk in responding to such Communications (for example, the risk of responding to fraudulent or malicious communications), we may request further information or your investor portal access credentials, if applicable in order to verify your Communication.

California Website Privacy Policy

This California Website Privacy Policy (the “California Website Privacy Policy”) supplements the Privacy Policy with respect to specific rights granted under the California Consumer Privacy Act of 2018 (as amended, the “CCPA”) to natural person California residents and provides information regarding how such California residents can exercise their rights under the CCPA. This California Website Privacy Policy is only relevant to you if you are a resident of California as determined in accordance with the CCPA. Information required to be disclosed to California residents under the CCPA regarding the collection of their personal information that is not set forth in this California Website Privacy Policy is otherwise set forth in the Privacy Policy. To the extent there is any conflict with the privacy requirements under the Gramm-Leach-Bliley Act and/or Regulation S-P (“GLB Rights”), GLB Rights shall apply.

What does this California Website Privacy Policy apply to?

This California Website Privacy Policy applies solely to your interactions with us through the Sites. If you provide personal information to us through another means (e.g., as an employee, as a client, or as an investor) you will receive a separate privacy notice and that notice will govern that personal information.

What information do we collect about you?

We collect limited types of personal information through the Sites. The types of personal information we collect about you depends on the nature of your interaction with us.

We do not collect or use sensitive personal information other than:

To perform services, or provide goods, as would reasonably be expected by an average consumer who requests those goods or services;
As reasonably necessary and proportionate to detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information;
As reasonably necessary and proportionate to resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for such actions;
For short-term, transient use (but not in a manner that discloses such information to another third party or is used to build a profile of you or otherwise alter your experience outside of your current interaction with us);
To perform services on behalf of our business; and
To collect or process sensitive personal information where such collection or processing is not for the purpose of inferring characteristics about a consumer.

How do we use your personal information?

We collect personal information for the business or commercial purposes and from the sources set forth in “The Personal Information We Collect” and “How We Obtain Your Personal Information,” respectively, in the Privacy Policy above. We retain the categories of personal information set forth above in the “What information do we collect about you?” section of this California Website Privacy Policy only as long as is reasonably necessary for those business or commercial purposes set forth in “The Personal Information We Collect” in the Privacy Policy above, except as may be required under applicable law, court order or government regulations.

To whom do we disclose your personal information?

We do not share for the purpose of cross-context behavioral advertising or sell (as such terms are defined in the CCPA) any of the personal information we collect about you to third parties.

How do we keep your personal information secure?

We consider the protection of sensitive information to be a sound business practice, and to that end we employ appropriate organizational, physical, technical and procedural safeguards, which seek to protect your personal information in our possession or under our control to the extent possible from unauthorized access and improper use.

Your rights under the CCPA

Deletion Rights: You have the right to request that we delete any of your personal information that we retain, subject to certain statutory exceptions, including, but not limited to, our compliance with U.S., state, local and non-U.S. laws, rules and regulations. We will notify you in writing if we cannot comply with a specific request and provide an explanation of the reasons.

Disclosure and Access Rights: You have the right to request that we disclose to you certain information regarding our collection and use of personal information specific to you over the last twelve (12) months. Such information includes, without limitation:

the categories of personal information we collected about you;
the categories of sources from which the personal information is collected;
our business or commercial purpose for collecting such personal information;
the categories of third parties to whom we disclose the personal information;
the specific pieces of personal information we have collected about you; and
whether we disclosed your personal information to a third party, and, if yes, the categories of personal information that each recipient obtained.

Correction Right: You have the right to request that we correct any inaccuracies in the personal information that we retain, subject to certain statutory exceptions, including, but not limited to, our compliance with U.S., state, local and non-U.S. laws, rules and regulations. We will notify you in writing if we cannot comply with a specific request and provide an explanation of the reasons.

No Discrimination: We will not discriminate against you for exercising your rights under the CCPA, including by denying service, suggesting that you will receive, or charging, different rates for services or suggesting that you will receive, or providing, a different level or quality of service to you.

How to Exercise Your Rights: To exercise any of your rights under the CCPA, or to access this notice in an alternative format, please submit a request on your behalf using any of the methods set forth in the Contact us section below.

Contact Us

For any requests relating to the exercise of your rights under the CCPA, to access this notice in an alternative format, or questions regarding our processing of your personal information, please submit or have your authorized representative submit a request by emailing us at the following email address: compliance@clearlake.com.

We will contact you to confirm receipt of your request under the CCPA and request any additional information necessary to verify your request. We verify requests by matching information provided in connection with your request to information contained in our records. Depending on the sensitivity of the request and the varying levels of risk in responding to such requests (for example, the risk of responding to fraudulent or malicious requests), we may request further information or your investor portal access credentials, if applicable, in order to verify your request. You may designate an authorized agent to make a request under the CCPA on your behalf, provided that you provide a signed agreement verifying such authorized agent’s authority to make requests on your behalf, and we may verify such authorized person’s identity using the procedures above.

Please contact us at compliance@clearlake.com with any questions about this California Website Privacy Policy.

EEA-UK Privacy Supplement

This EEA-UK privacy policy (the “EEA-UK Privacy Supplement”) supplements the Privacy Policy with respect to our use of personal data to the extent that EEA-UK Data Protection Laws (as defined in the Privacy Policy) apply to our processing of your personal data.
Information required to be disclosed under EEA-UK Privacy Supplement regarding the collection of your personal data that is not set forth in this EEA-UK Policy is otherwise set forth in the Policy above. To the extent there is any conflict in respect of any processing subject to EEA-UK Data Protection Laws between the general Privacy Policy and this EEA-UK Privacy Supplement, this EEA-UK Privacy Supplement shall apply. Please read this EEA-UK Privacy Supplement carefully.

You do not need to take any action as a result of this EEA-UK Privacy Supplement, but you may have certain rights as described below in the section headed “Your Rights.”
If you have any questions regarding our use of your personal data, or this EEA-UK Privacy Supplement, please contact compliance@clearlakecredit.com.

The Controller

For the purposes of EEA-UK Data Protection Laws, Clearlake and certain of its affiliates will each be a controller of any personal data collected by us. In simple terms, this means that we: (i) “control” the personal data that we collect from you or other sources provide, including making sure that it is kept secure; and (ii) make certain decisions on how to use and protect your personal data.

Clearlake Capital (UK) LLP is a registered fee payer with the UK Information Commissioner’s Office under number ZA120754.

Any Additional Personal Data We May Collect

As discussed in the “The Personal Information We Collect” section of the Privacy Policy, the types of personal data we collect about you depends on the nature of your interaction with us.

How We Obtain Your Personal Data

We collect and process your personal data from you and other third parties and/or publicly available sources listed in “How We Obtain Your Personal Information” section of the Privacy Policy above.

How We Use Your Personal Data and Lawful Basis

Further information about the legal bases under which we process your personal data is included in the section of the Privacy Policy headed “How We Use the Personal Information we Collect.”
We may process your personal information on more than one legal basis depending on the specific purpose for which we are using your personal information. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Disclosure and Transfers of Personal Data

Further information about who we may disclose your personal data to is included in the section of the Privacy Policy headed “Disclosure of Personal Information.”

To the extent we transfer your personal data to a Non-Equivalent Country (as defined below), such transfers will only be made in accordance with EEA-UK Data Protection Laws. For the purposes of this EEA-UK Privacy Supplement, “Non-Equivalent Country” means a country or territory other than (i) a member state of the EEA; (ii) the UK; or (iii) a country or territory which has at the relevant time been decided by the European Commission or the Government of the UK, or the UK Information Commissioner (as applicable) in accordance with the applicable EEA-UK Data Protection Laws to ensure an adequate level of protection for personal data. For further information about the safeguards/derogations used, please contact compliance@clearlakecredit.com.

Retention and Security of Personal Data

Information about the legal bases under which we process your personal data is included in the section of the Privacy Policy headed “Security and Retention.”

We will keep your personal data only for as long as is reasonably necessary for the purposes set out in this EEA-UK Privacy Supplement, unless a longer retention period is required by law. We will not keep more information than we need for those purposes. For further information about how long we will keep your personal data, please contact compliance@clearlakecredit.com.

Your Rights

To the extent the EEA-UK Data Protection Laws apply to our processing of your personal data, you may have the following rights:

Access: You have the right to ask for a copy of the personal data that we hold about you free of charge, however we may charge a ‘reasonable fee’, if we think that your request is excessive, to help us cover the costs of locating the information you have requested.
Correction: You may notify us of changes to your personal data if the data we hold and process about you is inaccurate or it needs to be updated.
Deletion: If you think that we shouldn’t be holding or processing your personal data anymore, you may request that we delete it. Please note that this may not always be possible due to legal obligations.
Restrictions on use: You may request that we stop processing your personal data (other than storing it), if: (i) you contest the accuracy of it (until the accuracy is verified); (ii) you believe the processing is against the law; (iii) you believe that we no longer need your data for the purposes for which it was collected, but you still need your data to establish or defend a legal claim; or (iv) you object to the processing, and we are verifying whether our legitimate grounds to process your personal data, override your own rights.
Object: You have the right to object to processing, including: (i) for direct marketing; (ii) for research or statistical purposes; or (iii) where processing is based on legitimate interests unless we reasonably demonstrate compelling legitimate grounds for the processing.
Portability: If you wish to transfer your personal data that we hold and process about you on the legal ground of contractual necessity to another organization (and certain conditions are satisfied), you may ask us to do so, and we will send it directly if we have the technical means.
Withdrawal of consent: If you previously gave us your consent (by a clear affirmative action) to allow us to process your personal data for a particular purpose not specified in this EEA-UK Privacy Supplement, but you no longer wish to consent to us doing so, you can contact us to let us know that you withdraw that consent.

These rights are not absolute and in certain circumstances their exercise may not be possible including when personal data must be maintained to comply with applicable laws.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Contact Us

If you have any questions or concerns about this EEA-UK Privacy Supplement, please contact us by emailing us at compliance@clearlakecredit.com.

Complaints

Should you wish to lodge a complaint with regard to how your personal data has been processed by us, you may do so with your local supervisory authority, including under:

the UK GDPR and/or Data Protection Act 2018, by contacting the UK Information Commissioner’s Office – https://ico.org.uk/global/contact-us; or
the EU GDPR, by contacting your local supervisory authority in particular in the EU Member State of your habitual residence, place of work, or place of the infringement, concern or complaint; or
Swiss Privacy Law, by contacting the Swiss Federal Data Protection and Information Commissioner in Switzerland (FDPIC).

We would, however, appreciate the opportunity to address your concerns before you approach the relevant supervisory authority, so please contact us in the first instance.