ETIX GmbH (Technoparkstrasse 1, 8005 Zurich, Switzerland) operates the website etix.tech (hereinafter referred to as ‘we’ or ‘us’). On this website, you can find out about our organisation, use our online services and contact us.

The protection of your personal data is very important to us. In this data protection declaration, we provide you with transparent and comprehensible information about the data we collect via our website and how we handle it.

For this reason, we use the icons of the PRIVACY ICONS association. They are designed to help you quickly get an overview of how we process your data.

What information do we provide?

• Who is responsible for data processing;
• What data is collected;
• For what purpose this data is collected;
• With whom we share this data;
• How you can object to data processing;
• What rights you have and how you can assert them.

Contact

If you have any questions or concerns about how we protect your data, you can contact our data protection officer:

Etix GmbH Luca Dalessandro Technoparkstrasse 1 8005 Zürich [email protected]

Data security

We will store your data securely and take all reasonable measures to protect your data from loss, access, misuse or alteration.

Our contractual partners and employees who have access to your data are obliged to comply with data protection regulations. In some cases, it may be necessary for us to forward your enquiries to our affiliated companies as part of the order processing. In these cases, your data will also be treated confidentially.

We use SSL (Secure Socket Layer) technology on our website in conjunction with the highest level of encryption supported by your browser.

Rights of data subjects

Right of access

You have the right to request information about the data we have stored about you at any time. Please send your request for information together with a credible proof of identity to [email protected].

The information will be provided in writing or in another form, including electronically if applicable. If you request it, we can also provide the information orally, provided that you prove your identity in another way. If you submit the request for information electronically, we will provide the information in a commonly used electronic format, unless you request otherwise.

The information is usually provided free of charge. If additional copies are requested, a reasonable fee may be charged.

The right to obtain a copy of the processed data must not adversely affect the rights and freedoms of others.

In the event of manifestly unfounded or excessive requests for information, we reserve the right to refuse to provide the information within the limits of the law or to demand an appropriate fee for doing so.

The processing of your request is subject to the statutory period of 30 days. Due to the complexity and high number of requests, we may extend this period by two further months if necessary. You will be informed of the extension within one month of making the request for information. At the same time, you will be given the reasons for the extension.

Deletion and correction

You have the right to request the deletion or correction or completion of your data at any time, provided that there are no legal obligations to retain it or legal authorisation to the contrary.

Please note that the exercise of your rights may, under certain circumstances, conflict with contractual agreements and have a corresponding impact on the performance of the contract (e.g. premature termination of the contract or cost implications).

Restriction of processing

You also have the right to request a restriction of processing if you dispute the accuracy of the data, the processing is unlawful, the data is no longer needed or you have objected to the processing.

If the processing of the data is restricted, it may only be stored. Further processing may only be carried out with your consent, for the purpose of asserting, exercising or defending legal claims, protecting the rights of another person or on grounds of an important public interest. You will be notified if the restriction is lifted.

Right to data portability

You have the right to receive your data in a commonly used file format or (if technically feasible) to have it transmitted to a third party if we process your data by automated means and if:

• you have given your consent to the processing of this data; or
• you have disclosed data in connection with the conclusion or performance of a contract.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing, including profiling, which is based on our legitimate interests. This right also applies to processing for direct marketing purposes.

Redress

If you are affected by the processing of personal data, you have the right to enforce your rights in court or to file a complaint with the relevant regulatory authority. The relevant regulatory authority in Switzerland is the Federal Data Protection and Information Commissioner.

Data processing in general

What data do we process about you and from whom do we receive this data?

First and foremost, we process personal data that you transmit to us or that we collect when operating our website. We may also receive personal data about you from third parties. These may be in the following categories:

• Personal master data (name, address, date of birth, etc.);
• Contact data (mobile phone number, email address, etc.);
• Financial data (e.g. account details);
• Online identifiers (e.g. cookie identifier, IP addresses);

This data may come from the following sources:

• Information from publicly accessible sources (e.g. media, internet);
• Information from public registers (e.g. commercial register, debt collection register, land register);
• Information in connection with administrative or judicial proceedings;
• Information regarding your professional functions and activities (e.g. professional networks);
• information about you in correspondence and meetings with third parties;
• credit information (insofar as we conduct personal business with you);
• information about you that people close to you provide to us so that we can conclude or execute contracts with you;
• data in connection with the use of the website.

Under what conditions do we process your data?

We process your data in good faith and for the purposes set out in this data protection declaration. We ensure that the processing is transparent and proportionate.

If, in exceptional cases, we are unable to comply with these principles, the data processing may still be lawful because there is a justification. Justification may be based on:

• your consent;
• the execution of a contract or pre-contractual measures;
• compliance with legal requirements;
• our legitimate interests, provided that your interests do not override them.

Under certain circumstances, you are obliged to disclose certain personal data to us so that we can initiate business relationships with each other. Without such data, we are normally unable to process a contract. The website cannot normally be used either if certain information to ensure data traffic, such as your IP address, is not disclosed.

How can you revoke consent that you have given?

If you have given us consent to process your personal data for specific purposes, we will process your data within the scope of this consent, unless we have another justification or another legal basis for processing.

You can revoke your consent for the future at any time by sending an e-mail to the address given in the imprint. Data processing that has already taken place is not affected by the revocation and remains valid.

In which cases do we pass on your data to third parties?

a. Principle

We may be dependent on using the services of third parties or affiliated companies and commission them to process your data (so-called contract processors). Categories of recipients are namely:

• accounting, trust and auditing companies;
• consulting companies (legal advice, taxes, etc.);
• IT service providers (web hosting, support, cloud services, website design, etc.);
• payment service providers (only with your prior consent);
• providers of tracking, conversion and advertising services.

We ensure that data is only transferred with your express consent, provided that it is not order data processing. We also ensure that these third parties and our affiliated companies comply with data protection requirements and treat your personal data confidentially. Under certain circumstances, we may also be obliged to disclose your personal data to the authorities.

b. Transfer to partners and cooperation companies

We work with a number of different companies and partners who place their offers on our website. It is clear to you that this is a third-party offer (marked as ‘advertisement’).

If you take advantage of such an offer, we will transfer your personal data (e.g. name, function, communication, etc.) to the relevant partner or cooperation company whose offer you wish to take advantage of, provided you have given your express consent to do so. These partners and cooperation companies are independently responsible for the personal data received. After the data has been transmitted, the data protection regulations of the respective partner apply.

c. Transfer abroad

Under certain circumstances, your personal data may be transferred to companies abroad as part of the order processing. These companies are obliged to protect data to the same extent as we are. The transfer can take place worldwide.

If the level of data protection does not correspond to that in Switzerland, we will carry out a prior risk assessment and ensure by contract that the same protection as in Switzerland is guaranteed (e.g. by means of the new standard contractual clauses of the EU Commission or other legally prescribed measures). If our risk assessment is negative, we will take additional technical measures to protect your data. You can access the European Commission's standard contractual clauses at the following Link.

How long do we store your data?

We only store personal data for as long as necessary to fulfil the individual purposes for which the data was collected.

We store contractual data for longer because we are obliged to do so by law. In particular, we have to store business communications, concluded contracts and accounting records for up to 10 years. If we no longer need such data from you to provide our services, the data will be restricted for further processing and we will only use it for accounting and tax purposes.

Data processing in detail

Provision of the website and creation of log files

If you only visit etix.tech, i.e. do not register or disclose any other information, only the data that your browser automatically transmits to our server is collected. The data is technically necessary for the operation of the website.

What data do we process? In particular, the following data is processed to provide the website and to create log files:

• Name of the Internet service provider
• IP address
• Technical information such as browser, operating system or screen resolution
• Date and time of access
• Referrer URL

This data cannot be assigned to a specific person and it is not merged with other data sources. For what purpose do we process the data? The log files are processed to ensure the functionality of the website and to ensure the security of our information technology systems. To whom do we pass on the data? The disclosure of the data by us is based on our explanations on data transfer. How can you prevent data processing? The data is only stored for as long as is necessary to achieve the purpose for which it was collected. Accordingly, the data is deleted after the end of each session. The storage of log files is essential for the operation of the website, so you have no way to object to it, unless you do not visit our website.

Cookies

Our website uses cookies. Cookies are text files that are stored on your device's operating system by the browser when you access our website. Cookies do not harm your computer and do not contain any viruses. Some cookies are technically necessary for the website to function. Most of the cookies we use are so-called ‘session cookies.’ They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them or their term expires. For what purpose do we process the data? We use cookies so that we can use the data collected to make our website more user-friendly, effective and secure. In particular, we use cookies to store your preferences (e.g. language and location settings), to quickly provide and attractively display website content (e.g. by using fonts and content delivery networks), and to analyse the use of this website for statistical evaluation and continuous improvement (usually by means of third-party cookies). The purposes for which we use the (technically unnecessary) cookies in detail can be found in the following explanations in this data protection declaration. To whom do we pass on the data?

The disclosure of data by us is based on our explanations on data disclosure. In addition, the following explanations regarding the individual data processing in this data protection declaration must be observed.

How can you prevent data processing? Cookies are stored on your computer. You can delete them completely or disable or restrict their transmission by changing your browser settings. If you disable cookies for our website, you may no longer be able to use all the website's functions to their full extent. Instructions for the most common browsers can be found here:

• For Google's Chrome
• For Apple's Safari
• For Microsoft's Edge
• For Mozilla's Firefox

For cookies used for performance or reach measurement or for advertising, a general opt-out is available for many services through the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

Web beacons

We may use web beacons on our website or in our emails. Web beacons are also known as tracking pixels. Web beacons are small, usually invisible images that are automatically retrieved when you visit our website or open our e-mails. What data do we process? Web beacons can be used to collect the same information as in log files. In addition, movement profiles of the entire session can be collected. In particular, web beacons are used by third parties whose services we use. These third-party services are described in detail below. What do we process the data for? Tracking pixels are used by various tracking services to analyse the use of this website and for statistical evaluation and continuous improvement. Tracking pixels can also be used for email tracking. Who do we share the data with? We share the data in accordance with our statements on data sharing. Please also note the statements in this data protection declaration on the individual tracking services. How can you prevent data processing? To prevent data processing using web beacons, you can install suitable browser extensions such as uBlockOrigin and block external graphics in your email programme.

reCAPTCHA

We use Google reCAPTCHA on our website, a service provided by Google Ireland Ltd, Google Building Gordon House, Barrow St, Dublin 4, Ireland, headquartered at Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, both together ‘Google’. What data do we process? Google reCAPTCHA is a verification service for websites to distinguish human users from bots. In particular, the following information may be collected:

• IP address
• Technical information such as browser, operating system or screen resolution
• Interactions with the captcha

The IP address is anonymised by Google reCAPTCHA so that it can no longer be linked to a person. When a visitor visits our website for the first time, Google reCAPTCHA can generate an identifier to recognise the visitor when they return to the website. Why do we process the data? The IP address is processed to analyse the visitor's rough location and to prevent any suspicious activity, namely to detect IP addresses associated with spam or other unwanted behaviour. The technical information is processed so that the captcha can be adapted to the device or browser and to detect deviations from normal usage behaviour. Interactions with the captcha are processed to capture behavioural patterns in order to distinguish human behaviour from automated bots. The aim of Google reCAPTCHA is to protect input forms from bots and spam, while at the same time reliably enabling input from humans. The data collected will not be used to identify you personally. Who do we share the data with? We share the data in accordance with our data sharing policy. Since Google is a transnational company, your data may be transferred by Google anywhere in the world. In particular, your data may be transferred to the USA to Google's headquarters. This is a country in which legislation does not ensure adequate data protection.

Cloudflare

Cloudflare is a content delivery network (CDN) and web security platform used to speed up websites, improve website performance and protect against various attacks. It also offers various functions and tools for protecting privacy and optimising website performance. Some of the most common uses of Cloudflare on a website are listed below:

1. Improved website performance: By using Cloudflare, website content can be stored on servers in different geographical locations, resulting in faster content delivery for users in different regions. This helps to reduce page load time and improve overall website performance.
2. Protection against DDoS attacks: Cloudflare uses various security measures, such as IP whitelisting and traffic distribution across multiple servers, to protect websites from Distributed Denial-of-Service (DDoS) attacks.

PrivacyBee

We use PrivacyBee on our website, a service provided by PrivacyBee AG, Laupenstrasse 1, 3008 Bern, Switzerland. PrivacyBee is used to identify all data protection-related services and to generate an individual data protection declaration for the website. What data do we process? PrivacyBee is a service for generating data protection declarations, which are then integrated into our website using JavaScript. The following data is processed to provide this service:

• IP address
• Browser type and version
• Operating system
• Date and time of access to our privacy policy

For what purpose do we process the data? The collection of this data enables us to display the privacy policy correctly on your device configuration and to ensure that the content is accurate and up to date.