1. Introduction

Pexapark AG and its affiliated entities (we, our, or Pexapark), we recognize the importance of your privacy and of transparency.  

This General Privacy Notice applies to all our activities, including the digital solutions and platforms accessible at https://pexapark.com/, https://app.pexapark.com, https://platform.pexapark.com, https://quote.pexapark.com, https://quantonline.pexapark.com, https://portfolio.pexapark.com, and https://greenpowertrader.pexapark.com (the Solution), and the services we provide in this context (together with the provision of the Solution, our Services).

We may have additional privacy notices (the Additional Privacy Notices), as specified in section 13 of this General Privacy Notice (Service-Specific Information), which apply in addition or instead of this General Privacy Notice in specific situations or for specific Services, in which case the terms of such Additional Privacy Notices will prevail over those of this General Privacy Notice. 

This General Privacy Notice is incorporated into and forms an integral part of our terms of use for the Solution (ToU). All capitalized terms not defined in this document have the meaning given to them in the ToU. 

2. Short Version

The following is a summary of (but not a replacement for) this General Privacy Notice. We recommend all users read the General Privacy Notice fully.   

• Our role. We, Pexapark, are responsible for the processing, as controller, of your personal data (but only for our own activities and not those of third-party providers) (see section 3);  
• Data we collect. We collect the information which is provided to us by you or third parties. We also automatically collect some information when you interact with the Services (see section 4); 

• How we use it. We process your personal data in compliance with applicable  data protection laws, which may include Swiss law, UK law, U.S. federal and state laws, and/or EU General Data Protection Regulation (GDPR). This generally means that we will only process your information where we have a legal basis to do so (see section 5), and only for certain reasons (mainly for providing our Services, operating our Solution, and for the other legitimate purposes indicated in this General Privacy Notice) (see section 6); 
• Control and Access. Your personal data is stored in Switzerland and/or the European Union. We do not share it with third parties or transfer it abroad unless this is both necessary for the operation of our Services and permitted by applicable laws. This may for instance be the case when we use service providers or must interact with third parties to conduct our professional activities (see sections  7 and 8); 
• Retention. We do not store your personal data for longer than necessary for us to fulfill the purposes set out in this General Privacy Notice (see section 9); 
• Security. We apply security measures and strive to protect your personal data. However, no IT infrastructure is completely secure, and we cannot guarantee that ours is (see section 10); 
• Your rights. You may contact us at dpo@pexapark.com to exercise your rights pertaining to your personal data (see section 12 and 15).

3. Who is responsible for the processing of your personal data

In general, Pexapark AG, Wiesenstrasse 5, 8952 Schlieren, Switzerland, is responsible for the processing, as controller, of your personal data. You will find our contact details in section 15 below.  

However, some of the processing activities set out in this General Privacy Notice are undertaken by our group entities, which will then act as data controller. The exact split differs between group entities and over time. We can confirm which processing activities are undertaken by which entity, on request. 

This General Privacy Notice only applies to data processing undertaken by or on behalf of us. Whilst we may provide links to third party websites, contents, or services, we are not responsible for their policies in relation to personal data. In such circumstances, the collection and use of your personal data are governed by the privacy policy of those third-party providers, which you should carefully review to learn more about their personal data processing practices.  

4. How we collect your personal data

We collect the personal data you provide to us.

We collect the personal data that you provide to us when using our Services, for example when you use our Solution, place an order, or communicate with us, when you create and/or manage your account, through web forms you fill or when you subscribe to our newsletter. 

It is only mandatory that you complete the data fields identified as such. If one or more mandatory data fields are not completed, we will not be able to provide access to our Services. You are not required to complete the optional data fields to access our Services. These fields may be completed at any time through your account settings. 

Some information about you may also be provided to us directly by our users

Even if you are not a user of our Services, we may collect certain information about you if this is provided to us by one of our users. Such information may comprise anything that is included in the datasets that are uploaded by our users in connection with their use of our Services. 

Certain personal data are also collected in an automated manner. 

We also automatically collect personal data, including by means of tools, web forms, cookies and other active elements, as further described in this General Privacy Notice.  

Some personal data are also collected from a third-party data processer and/or controller

When you access our Services online, such as webinars and virtual events, or when you access or download content available through the Services (guides, market reports, etc.), we collect personal data that you provide to us to access such Services. When you do so, we may also enrich your personal data by using a third party platform, who processes personal data on behalf of Pexapark as the event owner/data controller, and on your behalf as the attendee/user who signs up to our events or wants to download our content. When we sponsor an external event through a contractual relationship, we may obtain information about you as an event delegate through a third party event organiser as part of a sponsorship contract.

You may define certain authorizations relating to the automatic collection of your personal data when you configure your device or your internet browser according to available functionalities.

You may also define certain settings for the automated collection of your personal data through the cookies setting plugin available on the Solution. For more detailed information, please see our Cookie Policy. 

5. How we use your data

We process your personal data in accordance with applicable laws and only if we have a valid legal ground to do so. 

We process your personal data in compliance with applicable law, in particular Swiss data protection laws and, to the extent they apply to us, other data protection legislations, such as the EU General Data Protection Regulation (GDPR) or its equivalent in the United Kingdom, or The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (CCPA) in California, manually or automatically using computer tools. 

This means that we will only process your information for certain reasons (see Section 7) where we have a legal basis to do so.

6. Why we use your data

We process your personal data for the reasons indicated in this section or in any Additional Privacy Notice: 

To provide our Services and operate the Solution. 

We mainly process your personal data to provide the Solution and the Services, including for creating and maintaining your user account, interacting with you, processing your orders and payments, and providing you with the requested information and Services. 

Legal basis: Contractual Necessity, Legitimate Interests

For our legitimate business interests related to the provision of the Services, including to ensure the security of the Services, improve our Services, as well as for monitoring or statistical purposes.

We may also process your personal data for our legitimate business operations related to providing our Services, which include (i) ensuring that our Services are provided in an efficient and secure way (e.g. through internal analysis of the Services’ stability and security, updates and troubleshooting); (ii) protecting the security of our IT systems, architecture and networks; (iii) benefiting from cost-effective services (e.g. we may opt to use certain services offered by suppliers rather than undertaking the activity ourselves); (iv) improving and developing the Services (including monitoring the use of our Services, and for statistical purposes); and (v) achieving our corporate goals). 

Legal basis: Legitimate Interests, Consent  

To send you our newsletter and other advertising information.

If you subscribe to our newsletter or agree to receive our marketing emails, we will collect your contact details and use them to provide you with our email communications. You may choose to unsubscribe or opt into the newsletter service at any time through our Email Preferences page. When you unsubscribe, you will not receive marketing emails from Pexapark until you resubscribe. You may contact us at any time and ask for your contact details to be deleted from our mailing list. 

Legal basis: Consent 

We also process the time of registration and your opt-in confirmation to demonstrate compliance. We also analyse your use of our newsletter, e.g. whether you have opened it or clicked on certain links, and process this data to optimize and improve our newsletter. 

Legal basis: Legal Obligation; Legitimate Interests 

We use the third-party services of Salesforce to provide our newsletter service, which will have access to your login data to this end. Salesforce’s privacy policy applies in connection with this. You will find it here: https://www.salesforce.com/company/privacy/. 

Based on the information you already provide, we use the third-party service for conducting a survey [Typeform, Qualtrics], for appointment scheduling [Calendly] and for enriching the data for accuracy [Cognism]. Their privacy policies apply to the processing of your personal data in connection with these services. You will find them here: https://www.typeform.com/help/a/security-privacy-standards-at-typeform-9350912237844/, https://www.qualtrics.com/privacy-statement/, https://calendly.com/privacy and https://www.cognism.com/en/privacy-policy 

Independently from your subscription to our newsletter, we may contact you by email to inform you about our activities if you have previously subscribed for the use of our Services, if you have not objected to the corresponding use of your email address. You can object to the use of your email address for this purpose at any time by contacting us (see contact details in section 14).  

We use the third-party services of Mailgun to provide you with important notifications from our applications in case you have subscribed to them (such as Multi-factor authentication codes). Mailguns privacy policy applies in connection with this. You will find it here: https://www.mailgun.com/legal/privacy-policy/  

Legal basis: Legitimate Interest  

To provide you with job opportunities within Pexapark.

We may process your personal data to allow you to consult and apply for job opportunities within Pexapark. We will process the personal data you provide. In addition, if you provide us with links to your profile on social media platforms (such as LinkedIn) or with contact information for references, we will assume that we may gather information from these sources. 

Any information you submit must be true, complete and not misleading. Should the information provided be inaccurate, incomplete, or misleading, subject to applicable law, this may lead to a rejection of your application during the application process or disciplinary action including immediate dismissal if you have been employed.   

We will process your personal data exclusively for assessing your application. Your personal data is generally retained no longer than the duration of the recruitment process unless otherwise required by applicable laws and regulations. 

Legal basis: Contractual Necessity (to take pre-contractual steps at your request) 

To provide you with targeted information or advertisements based on the content you published and your interactions with the Solution.

Provided we have collected your valid consent. we use as part of our operation of the Solution the services of third parties, which may place cookies on your device in order to provide you with personalized advertisements based on your interaction with the Solution. The privacy policies of those providers are applicable in relation to their activities. You may withdraw your consent at any time (see section 12 below for additional information on your rights). 

You will find additional information in section 11 in relation to the use of cookies for this purpose, including on the duration for which data collected this way are stored, and the link to the privacy policies of those external service providers. 

Legal basis: Consent 

To comply with our other legal obligations or for other legitimate interests.

We may further process your personal data if we have a legal obligation to do so or for other legitimate interests. This will for instance be the case if we need to disclose certain information to public authorities or retain such information for tax or accounting purposes, or for the establishment, exercise, or defense of legal claims.  

The personal data that we process for this purpose are those that we collected for one of the purposes indicated elsewhere in this section 6. We retain the personal data for the duration of the legal obligation imposed on us. 

Legal basis: Legal Obligations, Legitimate Interests 

7. The circumstances in which we share your personal data with third parties

We will only share your personal data with third parties if this is necessary for the operation of our Services, if there is a legal obligation or permission to do so, or if there is another valid reason to do so. 

8. International Transfers

We store your personal data on servers located in Switzerland and/or the European Union.  

In principle, we do not transfer your personal data to other countries or make it available there. However, in certain circumstances, in particular in connection with the operations of our subcontractors, your personal data may be made available to recipients located abroad (e.g.  USA, countries of the European Union, United Kingdom, Ukraine, Serbia, from which locations some data may be available). In such cases, we will ensure that suitable safeguards are in place, in accordance with applicable data protection laws, for instance by relying on standard contractual clauses adopted by the European Commission.  

If you transmit information and data to us, you are expressly deemed to consent to such data transfers. You may request additional information in this regard and obtain a copy of the relevant safeguards upon request by sending a request to the contact address indicated in section 15 below. 

9. How long we store your personal data

Your personal data will not be stored longer than necessary. We will generally erase or anonymize your personal data as soon as it is no longer necessary for us to fulfil the purposes set out in section 6 of this General Privacy Notice. This period varies, depending on the type of data concerned and the applicable legal requirements. More information on each type of processing can be found in section 6 above.  

Your account information is retained for as long as your account is active. If you suppress your user account, your account information will be deleted or anonymized within 30 days after such event, unless data must be retained for a valid reason (such as evidentiary or tax purposes). 

In view of the legal obligations incumbent upon us, certain information relating in particular to the contractual relationship must be retained for at least 10 years.

10. Security

We are committed to the security of your personal data, and have in place physical, administrative and technical measures designed to keep secure your personal data and to prevent unauthorized access to it. We use two-factor authentication whenever possible. We restrict access to your personal data to those persons who need to know it for the purpose described in this General Privacy Notice. In addition, we use standard security protocols and mechanisms to exchange the transmission of sensitive data. When you enter sensitive information on our Solution, we encrypt it using Transport Layer Security (TLS) technology. 

Although we take appropriate steps to protect your personal data, no IT infrastructure is completely secure. Therefore, we cannot guarantee that data you provide to us is safe and protected from all unauthorized third-party access and theft. We waive any liability in this respect. 

The internet is a global environment. As a result, by sending information to us electronically, such data may be transferred internationally over the internet depending upon your location. Internet is not a secure environment, and this General Privacy Notice applies to our use of your personal data once it is under our control only. Given the inherent nature of the internet, all internet transmissions are done at your own risk. 

Pexapark is committed to the security of your personal data. In the unfortunate event of a data breach, we will adhere to the applicable laws related to data breach notification. If we have a reasonable basis to believe that your personal data have been acquired by an unauthorized person, and applicable law requires notification, we will promptly notify you of the breach by email (if we have it) and/or by any other channel of communication (including by posting a notice on the Solution). 

11. How we use cookies or other analytical tools

We and our third-party service providers use cookies and other similar technologies (Cookies) in connection with our Solution for us to provide our Services and ensure that it performs properly, to analyse our performance, to personalize your experience, and for our marketing activities, some of which are capable of automatically processing data on your electronic device and/or of transferring personal data about you to us or third parties. 

You can learn more about how we use Cookies and similar technologies and how you can exercise control over them in our Cookie Policy. 

12. Your rights regarding the processing of your personal data

You have the right to access your personal data we process and may request that they be removed, updated, or rectified. 

Unless otherwise provided by law, you have the right to know whether we are processing your personal data. You may contact us to know the content of such personal data, to verify its accuracy, and to the extent permitted by law, to request that it be supplemented, updated, rectified, or erased. You also have the right to ask us to cease any specific processing of personal data that may have been obtained or processed in breach of applicable law, and you have the right to object to any processing of personal data for legitimate reasons. However, if you are not a user of our Services, you should direct your privacy inquiries relating to the use of your personal data by your Organization, including any requests to exercise your data protection rights, directly to your Organization. 

By accessing your user account (if you have one), you can review, update, correct or delete the personal data available within your user account. Should there not be an option to edit the information in the interface, you can contact us in accordance with section 15 and request that we review, update, correct or delete the personal data, and we will comply with this request within 30 days. 

If you request us to delete your personal data from our systems, we will do so unless we need to retain your data for legal or other legitimate reasons. Please note that any information that we have copied may remain in back-up storage for some period of time after your deletion request. 

Where we rely on your consent to process your personal data, we will seek your freely given and specific consent by providing you with informed and unambiguous indications relating to your personal data. You may revoke at any time such consent (without such withdrawal affecting the lawfulness of processing made prior to).  

The above does not restrict any other rights you might have pursuant to applicable data protection legislation under certain circumstances.  

Certain other rights may be available to you in specific jurisdictions. For example, section 18 more fully describes rights that you may be entitled to as a resident of the State of California. You will find further details of your rights in sections  5 and 6 and  of this General Privacy Notice in connection with each processing activity we perform. If you want to exercise any of your rights, or want additional information about them, please contact us using the contact details listed below (see section 15). 

You have the right to lodge a complaint with the competent authority.

If you are not satisfied with the way in which we process your personal data, you may lodge a complaint with the competent data protection supervisory authority, in the Member State of your habitual residence, place of work or place of the alleged infringement, in addition to the rights described above.  

Although this is not required, we recommend that you contact us first, as we might be able to respond to your request directly. 

13. Service-Specific Information

This section of the General Privacy Notice contains the information which is specific to certain  specific services provided by Pexapark. It applies in addition to the other sections of this General Privacy Notice.

14. Children Privacy

Pexapark’s services are not intended for children. Pexapark does not knowingly collect personal data from children under the age of 16. If you learn that a child has provided us with personal data in violation of this General Privacy Notice, please alert us via email (see contact details under section 15). 

15. Contact Us

If you believe your personal data has been used in a way that is not consistent with this General Privacy Notice, or if you have any questions or queries regarding the collection or processing of your personal data, please contact us at dpo@pexapark.com. 

You can also contact our representative in the European Union via email at info@datenschutzpartner.eu or by mail at: 

VGS Datenschutzpartner UG 

Am Kaiserkai 69, 20457 Hamburg, Germany  

16. Updates to this General Privacy Notice

We may update this General Privacy Notice from time to time. At a minimum, we will notify you of any changes by posting the new General Privacy Notice on this page and updating the “Last updated” date at the top of this General Privacy Notice.

Please review this General Privacy Notice periodically for any changes. Changes to this General Privacy Notice are effective when they are posted on this page, except as otherwise provided herein. By continuing to use the Services, you are confirming that you have read and understood the latest version of this General Privacy Notice. If you do not agree to the changes made, you must stop accessing and/or using the impacted Services.

17. Compliance with U.S. State-Specific Privacy Laws

Pexapark recognizes and adheres to state-specific privacy laws in the United States where applicable. As such, we commit to comply with applicable privacy laws and regulations of each state where we conduct business, including but not limited to the Virginia Consumer Data Protection Act (CDPA), the Colorado Privacy Act (CPA), and any other state laws that may be enacted. We may update our privacy practices and this General Privacy Notice as necessary to ensure full compliance with the specific requirements of these laws.

18. Additional Information for California Residents

The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”) requires certain businesses to provide additional information to California residents. This section 18 may apply to you if you are a California resident using our Services as described in section 1 above, which is titled “Introduction.” It does not apply to information collected about employees, former employees, job candidates, or independent contractors. We may share personal data (in the form of identifiers and internet activity information) with third party advertisers for purposes of targeting advertisements on non-Pexapark websites, applications, and services.

Under the CCPA, we also have to provide you with the categories of “personal information” and “sensitive personal information” we collect and disclose for “business or commercial purposes.” Where we refer to “personal information” or “sensitive personal information” in quotes, we are referring to those terms as uniquely defined in the CCPA.

In the twelve months leading up to the effective date of this General Privacy Notice, we have collected and disclosed the categories of “personal information” described in section 4, which is titled “How we collect your personal data”, for business or commercial purposes. The categories of “personal information” are: identifiers, commercial or transactional information, internet or other electronic network activity information, general geolocation data, professional or employment-related information, other information about you that you may provide to us voluntarily, other information that may identify you, and inferences drawn from the information we collect.

We process the categories of “personal information” identified above for the purposes as described in more detail in section 5 above, which is titled “How we use your data.”

We collect the categories of “personal information” identified above from the following sources: (1) directly from you; (2) through your use of the Services; and (3) other parties such as data brokers and other unaffiliated parties.

We disclose the categories of “personal information” identified above for our business purposes for the purposes described in section 6 above, which is titled “Why we use your data”, and to the entities described in section 7 above, which is titled “The circumstances in which we share your personal data with third parties.”

The CCPA sets forth certain obligations for businesses that “sell” or “share” “personal information”. Where we refer to “sell” or “share” (or their variants) in quotes, we are referring to those terms as uniquely defined in the CCPA. We may use third party analytics services and online advertising services that may result in the “sharing” of online identifiers (e.g., cookie data, IP addresses, device identifiers, general geolocation information, and usage information) with advertising partners to advertise the Services on third party websites. If you or your authorized agent would like to opt out of our “sharing” of your information for such purposes, you may do so as described in the paragraph below.

If you are interested in more information about tailored advertising and how you can generally control cookies from being put on your computer to deliver tailored marketing, you may visit the Network Advertising Initiative’s (“NAI”) Consumer Opt-Out Link, the Digital Advertising Alliance’s (“DAA”) Consumer Opt-Out Link, and/or the European Interactive Digital Advertising Alliance to opt-out of receiving tailored advertising from companies that participate in those programs. To exercise choices about how Google personalizes Display Advertising or to customize Google Display Network ads, you can visit the Google Ads Settings page. Please note that to the extent advertising technology is integrated into the Services, you may still receive advertising content even if you opt out of tailored advertising. In that case, the advertising content may not be tailored to your interests. Please also note that we do not control any of the above opt-out links and are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms. If your browsers are configured to reject cookies when you visit these opt-out pages, or you subsequently erase your cookies, use a different computer or change web browsers, your opt-out may no longer be effective.

We do not knowingly “sell” or “share” the “personal information” of children under 16.

California law grants state residents certain rights, including the rights to know and access specific types of “personal information”, to learn how we process “personal information”, to request deletion of “personal information”, to request correction of “personal information”, and not to be denied goods or services for exercising these rights.

For information on how to exercise your rights, please refer to section 12 above on your rights regarding the processing of your personal data. The CCPA also allows you to limit the use or disclosure of your “sensitive personal information” if your “sensitive personal information” is used for certain purposes. Please note that we do not use or disclose “sensitive personal information” other than for purposes for which you cannot opt out under the CCPA.

Please note that we also respond to and abide by opt-out preference signals sent through the Global Privacy Control. Any opt out preferences you have exercised through these methods will only apply to the specific device/browser on which you made them. Please see the California Privacy Protection Agency’s website at https://oag.ca.gov/privacy/ccpa for more information on valid Global Privacy Controls.

For information on how long we retain personal information about you, please see section 9 above, which is titled “How long we store your personal data.”

Last Updated Version

August 2025