Data Protection Statement of Center for Innovation and Sustainability in Business (CISB) Foundation

With this Data ProtectionStatement we, the Center for Innovation and Sustainability in Business (CISB) Foundation («CISB»), describe how we collect and further process personal data. This Data Protection Statement is not necessarily a comprehensive description of our data processing. If necessary, we will inform you of further processing of your personal data in other documents and/or notices. This Data Protection Statement is aligned with the Swiss Data Protection Act («DPA»), the EU General Data Protection Regulation («GDPR») and the Principality of Liechtenstein Data Protection Act («LI-DPA»). However, the application of these laws depends on each individual case.

1. Identity and Contact Details of the Controller
The Controller for the data processing in the context of our business activity in Switzerland and without website is ordinarily Center for Innovation and Sustainability in Business (CISB) Foundation, c/o Gagoz 73, 9496 Balzers, Liechtenstein.Lake Street Family Office AG, Seestrasse 29, 8700 Küsnacht, Schweiz («LSFO») is ordinarily jointly responsible for the processing of your personal data with CISB. The joint responsibility of CISB and LSFO relates particularly to the processing of personal data in the context of the operational management and implementation of CISB's projects. LSFO is ordinarily responsible for the fulfilling of the duty to provide information when collecting personal data pursuant to Art. 13 f. GDPR and Art. 19 DPA, as well as for ensuring the rights of data subjects (e.g., requests for information and correction of personal data). You can notify us of any data protection related concerns using the following contact details: LakeStreet Family Office AG, Compliance Abteilung, Seestrasse 29, 8700 Küsnacht (

2. Collection and Processing of Personal Data

2.1. Definition of Personal Data
The term "personal data" in this Data Protection Statement to shall mean any information relating to an identified or identifiable individual («data subject»).

2.2 Direct Survey of Data Subjects
We primarily process personal data that we obtain from you or from your employer or from other persons that you represent in the course of the consideration or implementation of a business relationship or a project. The processing may also relate to personal data that you provide to us aspart of the implementation of one of our projects (e.g., as a participant in a survey) or in any other way (e.g., as part of a request for contact or an application for funding). If you provide us with personal data of other persons (such as family members, work colleagues, funding beneficiaries, etc.), please make sure the respective persons are aware of this Data Protection Statement and only provide us with their data if you are allowed to do so and such personal data is correct.

2.3 Indirect Collection from Third Parties
Insofar as it is permitted to us, we obtain certain personal data from publicly accessible sources (e.g., debt registers, land registries, commercial registers, press, internet) or we may receive such information from authorities or other third parties. Apart from data you provided to us directly (see section 2.2), the categories of data we receive about you from third parties include, but are not limited to, information
  • from public registers (e.g., information from the commercial register about your position as a member of the board of directors and your authority to sign for the company that you represent);
  • given to us by individuals associated with you (work colleagues, business partners, family, consultants, legal representatives, etc.) in order to conclude or process a business relationship or project;
  • from banks, insurances, our distributors and other business partners for the purpose of ordering or delivering services to you or by you (e.g., payments made, previous purchases, etc.);
  • found in the media or on the internet, where appropriate in the specific case (e.g., in connection with the identification, preparation or process of projects).

3. Data Processing

3.1 Purpose of Data Processing
We primarily use personal data in order to conclude and process contracts with our clients and business partners and to process (funding)projects. Furthermore, we process the collected data, if and to the extent necessary, in order to comply with our legal obligations.

In addition, in line with applicable law and where appropriate, we may process your personal data and personal data of third parties for the following purposes, which are in our (or, as the case maybe, any third parties') legitimate interest, such as:
  • communication with you (e.g., as part of a contact request);
  • ensuring the functionality and safety of our operation, in particular IT and our website;
  • improvement and optimization of our services, website etc.;
  • marketing, provided that you have not objected to the use of your data for this purpose. If you are part of our customer base and you receive our advertisement, you may object at any time by sending an e-mail to the address given in section 1;
  • asserting legal claims and defense in legal disputes and official proceedings;
  • prevention and investigation of criminal offences and other misconduct (e.g., conducting internal investigations, data analysis to combat fraud).

3.2 Legal Grounds
Within the scope of application of the DPA, we generally do not require justification for processing your personal data.
Insofar the GDPR is applicable, the processing of personal data shall be based on any of the following grounds, which shall ordinarily constitute the objective of the processing (see section 3.1.):
  • performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 para. 1 b) GDPR);
  • compliance with a legal obligation (Art. 6 para. 1 c) GDPR);
  • protecting overriding legitimate interests (Art. 6 para. 1 f) GDPR);
  • exceptions for processing of special categories of personal data such as personal data concerning health, trade union membership, personal data relating to criminal convictions and offences (Art. 9 para. 2 und Art. 10 GDPR).

In exceptional cases, we may also rely on your consent (Art. 6 para. 1 a) GDPR; Art. 6 para. 6 DPA).If you have given us your consent to process your personal data for certain purposes, we will process your personal data within the scope of and based on this consent, unless we have another legal basis, provided that we require one. Consent given can be withdrawn at any time by sending an email to the address given in section 1, but this does not affect data processed prior to withdrawal.

4. Datatransfer
In the context of our business activities and in line with the purposes of the data processing set out in section 3, we may transfer data to third parties. These third parties process your personal data either on our behalf and in accordance with our instructions (so-called "processors") or on their own responsibility. In particular, the following categories of recipients may be concerned:
  • service providers (e.g., IT providers, web hosting agencies, print shops);
  • financial institutions (e.g., domestic and foreign banks);
  • suppliers, subcontractors and other business partners;
  • trustees, accounting firms;
  • consultants and lawyers;
  • domestic and foreign authorities or courts;
  • the public, including users of our websites and social media;
  • associations, organizations and other bodies;
  • other parties in possible or pending legal proceedings.
together «Recipient».

5. Transfer of Data abroad
The Recipients according to section 5 may be within the Principality of Liechtenstein or Switzerland but they may be located in any country worldwide. In particular, you must anticipate your data tobe transmitted to other countries in the European Economic Area (EEA) and the USA. If a recipient is located in a country without adequate statutory data protection, we require the recipient to undertake to comply with data protection law by concluding the revised European Commission’s standard contractual clauses (available under: –with modifications according to DPA if necessary – unless the recipient is subject to a legally accepted set of rules to ensure data protection and unless we cannot rely on an exception (e.g., legal proceedings abroad, overriding public interest, if the performance of a contract requires disclosure, consent of the data subject).

6. Retention Periods for your Personal Data
We process and retain your personal data as long as required for the performance of our contractual obligation and compliance with legal obligations or other purposes pursued with the processing, i.e., for the duration of the entire business relationship (from the initiation, during the performance of the contract until it is terminated) as well as beyond this duration in accordance with legal retention and documentation obligations. Personal data may be retained for the period during which claim scan be asserted against our company or insofar as we are otherwise legally obliged to do so or if legitimate business interests require further retention. As soon as your personal data are no longer required for the above-mentioned purposes, they will be deleted or anonymized.

7. Data Security
We have taken appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse.

8. Obligation to provide Personal Data to us
In the context of our business relationship you must provide us with any personal data that is necessary for the conclusion and performance of a business relationship and the performance of our contractual obligations. Without this information, we will usually not be able to provide the services you have requested. In addition, the website cannot be used unless certain information is disclosed to enable data traffic.

9. Your Rights
In accordance with and as far as provided by applicable law, you have the right to information, correction and erasure of your personal data, the right to restriction of processing and to object to data processing, in particular for direct marketing purposes and for other legitimate interests in processing in addition to right to receive certain personal data for transfer to another controller. Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest or need the data for asserting claims. If exercising certain rights will incur costs on you (e.g., in the case of complex requests for information), we will notify you thereof in advance. We have already informed you of the possibility to withdraw consent in section 3.2 above. Please further note that the exercise of these rights may be in conflict with your contractual obligations and this may result in consequences such as premature contract termination. In general, exercising these rights requires that you are able to prove your identity by a copy of identification documents. In order to assert these rights, please contact us at the addresses provide din section 1 above. In addition, every data subject has the right to enforce his/her rights in court or to lodge a complaint with the competent data protection authority.

10. Amendments of this Data Protection Statement
We may amend this Data Protection Statement at any time without prior notice. The current versionpublished on our website shall apply. If the Data Protection Statement is part of an agreement with you, we will notify you by e-mail or other appropriate means in case of an amendment.

Version effective as of March 12, 2024