1 April 2020

1 General

¹This Privacy Policy applies to MABEWO AG, Küssnacht am Rigi, Switzerland («We», «Us»). We are responsible for the data processing outlined hereafter.

²The terms of this Privacy Policy shall prevail over provisions specified in our general terms and conditions, should contradictions arise.

³The purpose of this Policy is to inform you (e.g. as our client, contractor, employee, job applicant, or visitor of our website) about how we collect, handle and protect your personal information. Furthermore, this Policy explains your rights, and those of any data subject, under current laws and regulations. This Privacy Policy is addressed to individuals making contact with us and sharing their information.

2 How we collect and process personal information

¹The term «Personal information» or «Personal data» refers to information relating to an identified person or information that can be traced to an identified person. The term refers to your own personal information as a natural person, or that of employees, clients, contractors, target groups, agencies, job applicants, website visitors, consumers, and associated companies.

²We collect a variety of personal data, in the scope outlined above. In particular, we collect the following personal information, automatically or by manual means:

• Personal information: First and last name(s); date of birth and age; gender; residential address; civil status; place of origin/ nationality; billing address; credit card and banking information; language settings; telephone and fax number(s); email addresse(s); company/ companies; position(s); credit rating and registry information; business relationship; employment history (e.g. CV, certificates, diplomas).

• Information related to client activities: contract information (incl. content, date, contract partner); session data related to physical meetings and website visits (incl. duration, frequency, language and country settings).

• Information related to browser and operating system, internet protocol addresses, search words, search results, ratings given; telephone, fax and e-mail communications, audio messages, text messages (SMS), multimedia messages (MMS), video messages, instant messages, website contact form, etc.

   

³If you provide someone else‘s personal information (e.g. family members, work colleagues), please make sure that the individual or individuals in question have read this Policy and only share their personal information, if they have authorised you to and the data is correct.

⁴The processing of personal data in accordance with this Privacy Policy refers to any type of handling of the data, e.g. the collection, storage, administration, utilisation, transmission, publication, and deletion of personal data.

3 How we protect personal information

¹We have technical and operational safety procedures in place to secure personal information against unauthorised and unlawful processing, unintentional loss, alteration, publication, and unauthorised access.

²However, users should be aware that the transmission of data via the internet and other electronic means always carries certain security risks and that we cannot guarantee the security of information transmitted in this way or otherwise processed.

³If you use an open network or third-party network to share personal data you should be aware that data may get lost and third parties may potentially access, collect and use the information without your consent.

4 Storage period

¹We store personal information for as long as we deem it necessary and appropriate under applicable law or as long as it is needed for the purposes it was collected for. For instance, data can be stored for the period of time a legal claim could be made against our company (i.e. period of limitation), as long as we are legally obliged, or our legitimate interests require (e.g. for evidence or documentation). As soon as your information is no longer needed for any of these purposes, as a rule, it will be deleted (to the extent possible) or anonymised. Shorter storage periods of up to twelve months apply to operational data (e.g. system protocols, logs).

5 Rights of data subjects

¹Data subjects have the right, within the scope of applicable law, to be informed about whether any of their personal information is being stored and processed by us, and they can request a duplicate.

²In addition, and within the scope of applicable law, data subjects have the right to have inaccurate information held about them rectified, to object to the processing of their data or, in particular circumstances, to request the deletion of their personal information. Data subjects can also object to and restrict the processing of their data. Please note that the deletion of certain information may mean that we cannot fulfil orders and that we are no longer able to send you communications such as invites. Furthermore, you have the right to receive a duplicate of your personal information on a machine-readable disc and to share it with a third party.

³To exercise these rights, you have to verify your identity (e.g. by providing a copy of your ID in case your identity cannot otherwise be verified). In order to enforce your rights, you can contact us at the address specified under 6.

⁴Data subjects can exercise their privacy rights at any time. If a data subject does not agree with how we handle and process their data, they have the option to report this to the Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB) and/ or the designated regulatory bodies of the EU.

6 Contact options

¹Data subjects wishing to exercise their privacy rights or who have questions or concerns with regards to the handling of their data or other queries related to data protection, may contact us at the following address: MABEWO AG, Mr Jörg Trübl, Chli Ebnet 3, 6403 Küssnacht am Rigi, Switzerland, ph: +41 41 817 72 00, www.mabewo.com.

²We reserve the right to use electronic means of communication (namely, e-mail). Inquiries will be answered as quickly as possible.

³Please note that in certain cases, applicable law may prohibit us from providing certain information concerning processed data.

7 Who owns the collected data?

¹The collected personal information is owned by MABEWO AG.

8 How is personal information collected?

¹The personal data we collect is primarily transmitted in the following constellations: in connection with the initiation of a contractual relationship; in connection with the fulfilment of our contractual obligation; when you (or your entities/ staff members) communicate with us; when you request newsletters or other mailings or information; when you register for an event; when you apply for a job; when you visit our website and, for instance, use our contact form.

²In certain cases, we may complete the personal data we have collected with publically available information (e.g. online).

9 At what point is personal data collected?

¹We collect personal information, when we are in contact with you and other data subjects, in a variety of situations. These situations may include: You purchase one of our products (e.g. technical facilities) or services (e.g. installation, activation, or maintenance services); you are interested in a collaboration, financing solution or investment; you attend our courses, seminars, or trainings; you receive newsletters or promotional mailings about our services; you communicate with us via telephone, fax, e-mail, voice message, text message (SMS), multimedia message (MMS), video message, instant messaging, etc.; you use or communicate with us or third parties via our website (i.e. the contact form); you visit our offices; your mobile phone connects to our wi-fi network provided in our offices; you make contact with us at events, promotional events, etc.; you send a job application by post, e-mail, and other electronic means of communication.

10 For what purpose is personal information processed?

¹We process personal data for various purposes, which fall into different categories. We may process some or all personal information for one or more of the following purposes:

• Purposes in connection with our contractual obligations, services, initiation, execution, and finalisation of orders, incl. invoicing, financing solutions and cooperations; organisation and implementation of courses, seminars and trainings; enforcement of legal claims and defence in connection with legal disputes and official proceedings; verification of clients’ credit history.

• Purposes in connection with client relationships, business communication by post, telephone, fax, e-mail, voice message, text message (SMS), multimedia message (MMS), video message, instant messaging, online contact form, etc.; communication in order to send you newsletters and other information about us, invitations to events, courses, conferences, talks, etc.; and to keep our database up to date.

• Purposes in connection with special activities and events, promotional activities, etc. as well as insurance purposes.

• Direct marketing purposes.

• Use of insights derived from the analysis of client behaviour to help us improve our services on a continual basis.

• Customisation and personalisation of our portfolio and advertising on our website, apps for mobile devices and our channels on internet platforms and social media.

• Purposes related to job applications; communication and the review of job applications.

11 What is our legal basis for processing personal information?

¹Our main basis for processing personal data is the performance of contracts. In addition, we process personal information to further our legitimate interests, to stay in contact with you, our client, to take pre-contractual steps, to fulfil our contracts as agreed, to manage contractual relationships and to communicate with you and inform you about our activities and events.

²We assume that our legitimate interests are consistent with applicable regulation and the rights of data subjects.

³With respect to job applications, our legal basis is your consent to us processing your personal information. Be aware that you have the right to withdraw your consent at any time.

⁴Apart from that, we process personal data based on the data subject’s consent or the existing legal basis.

12 How we store personal information

¹MABEWO AG is a Swiss company. We process all your personal information in Switzerland and use only servers in Switzerland to store it.

13 How we share personal information

¹We may share personal information with associated companies or third parties, in order to make use of technical, organisational and other services, which we need to fulfil the aforementioned purposes and perform other business activities. In particular, this applies to:

• Service providers (e.g. banks, insurances), incl. contractors (e.g. IT providers);

• Retailers, manufacturers, suppliers, agents (e.g. solicitors, law firms, local and foreign experts) and other business partners;

• Clients, customers, and their associated companies and their counter parties, domestically and abroad;

• Local and foreign authorities, government agencies, courts of law, and arbitrators;

• Media and the public, incl. website visitors and social media users;

• Competitors, industry organisations, associations, institutions, societies and other councils;

• Potential counter parties or interested parties with respect to transactions under company law; other parties in potential or actual legal disputes.

   

²Some of these recipients may be based in Switzerland, but others may be in any location in the world. In particular, data may be transmitted to countries where our clients and their associated companies, counter parties or business partners as well as service providers and experts are based, or where our clients and their associated groups are involved in operations. If we transmit data to a country that does not have appropriate data protection laws in place, we ensure the necessary protection, as required by law, through contracts (based on the standard contractual clauses of the European Commission) and so-called Binding Corporate Rules, or we rely on the legal exceptions of consent, performance of contracts, the identification, exercise or enforcement of rights, prevailing public interests, published personal information, or because it is necessary to protect the integrity of data subjects.

³Our service providers are contractually bound to process personal information only on our account and according to our instructions. In addition, our service providers are obliged to comply with technical and organisational measures and regulations implemented to protect personal information.

⁴In the case of a takeover of our company or a restructuring of our business, personal data will be passed on, in order to allow you to continue to access our services. We will also share personal data with potential clients, if we consider a partial or full sale or partial or full outsourcing of certain business activities or departments. We take steps to ensure that potential clients protect the data.

⁵We may also share personal information, if it is deemed necessary in order to comply with applicable laws and regulations, in court proceedings, at the request of relevant courts and authorities, or because of other legal obligations, or in order to protect and defend our rights and our property.

14 Use of cookies

14.1 Why do we use cookies?

¹Our website uses cookies, i.e. small files that are placed on your computer or mobile device every time you use our website. We want to inform you in detail about how we use cookies. The main purpose of our cookies is to make sure our website functions properly. We also use cookies to make the use of our website more comfortable for you.

14.2 What kinds of cookies do we use?

¹Most of the cookies we use are automatically removed from your computer or mobile device after the end of the browser session (i.e. session cookies).

²We also use temporary and persistent cookies which remain on your computer or mobile device after the browser session has finished. If you return to our website, your previous preferred settings and input are automatically recognised. Depending on the type of cookie, these temporary and persistent cookies may remain on your computer or mobile device for a month and up to ten years. They will be deactivated automatically after a pre-set period of time. They make our website more user-friendly, effective and safer.

³Most internet browsers accept cookies automatically. However, you can instruct your browser not to accept cookies or to ask for your permission every time a website you are visiting wants to leave a cookie. You can delete cookies on your computer or mobile device at any time by selecting the appropriate option in your browser. If you choose not to accept our cookies or our partners’ cookies, it is possible that you may not be able to access some of the content on our website or that some functions that are intended to give you a better experience will not work.

14.3 Use of log files

¹For technical reasons, your internet browser shares certain usage data every time you visit our website. These are saved in protocol files, i.e. log files. This applies to the following data: date and time of the visit; browser address; IP-address of your computer or mobile device; address of the website from which you came to our website; amount of transferred data; browser name and version.

²Analysing the log files helps us to continually improve our website and to make it more user-friendly, to find and fix bugs faster and to manage server capacity. For instance, we can see at what time of the day our website is particularly popular and make sure the necessary volume is available, giving you the best possible user experience.

14.4 Use of web analysis tools

¹We constantly strive to improve our website and your experience as a user. In order to achieve that, we use tracking technologies. Web analysis tools provide us with statistics and graphs, which show is how our website is used. Usage data are transmitted to the server and depending on where the provider of the analysis tool is based, these servers may be abroad.

²With regards to the most commonly used web analysis tool, Google Analytics, the IP-address transmitted with the data is shortened, so individual devices cannot be identified. Google complies with the data protection regulations of the «Swiss-U.S. Privacy Shield» treaty and has registered for the «Swiss-U.S. Privacy Shield» with the US Department of Commerce. For more information on the Swiss-U.S. Privacy Shield, please visit https://www.privacyshield.gov/Swiss-US-Privacy-Shield-FAQs.

³The IP-address transmitted by your browser for the purposes of Google Analytics is not linked with other Google data. Google shares the data with third parties only if it is legally required or in the course of order data processing.

⁴You can prohibit the collection of cookie data and related to your usage of the website (incl. your IP-address) by Google and the processing of the data by Google by downloading and installing the browser plugin on this website: (http://tools.google.com/dlpage/gaoptout)

⁵If you want to know more about Google Analytics and data protection, please go to: http://tools.google.com/dlpage/gaoptout or http://www.google.com/intl/de/analytics/privacyoverview.html.

14.5 Use of Social Plugins

¹Our website uses social plugins, e.g. LinkedIn. The plugins are identified with the provider logo.

²When you visit a website that uses a social plugin, your browser establishes a direct connection with the provider. The content of the plugin is transmitted directly from the provider’s website to your browser and embedded on the website by your browser. By embedding the plugin, the provider is notified that you have visited our website. If you are logged in on the provider’s website at the same time, the provider can match your visit with your profile. If you interact with the plugin, e.g. by clicking the «Like» button or leaving a comment, that information is shared with the provider by your browser and saved there.

³If you do not want the provider to collect information about you via our website, you have to log out on their platform before visiting our website. Please note that even if you are not logged in, providers collect anonymised information via their social plugin and they will leave a cookie. When you log in again on their platform, the data can be matched with your profile.

⁴If you want to know more about how much data is collected by providers and for what purpose, as well as how the data is processed and what your rights and privacy setting options are, please refer to the privacy declaration of the respective providers: LinkedIn Ireland Unlimited Company: https://www.linkedin.com/legal/privacy-policy; Facebook Ireland Ltd: https://www.facebook.com/privacy/explanation.

⁵If you do not want providers to collect information about you with these cookies, you can select the option «block third-party cookies» in your browser’s privacy settings. That will stop your browser sending cookies to external providers because of embedded content. Please note that this setting may also cause some functions of our website to malfunction.

15 Changes and inclusion of the Privacy Policy

¹This Privacy Policy may be changed or updated at any time with without prior notice. The current version is always the one published on our website. Should you or another data subject want to reference this policy, please contact us for the current version.