Privacy Policy

Last Update: 20.10.2023

With this data protection declaration, ION Tech AG (hereinafter "ION Tech", "we" or "us") explains to its customers, users, business partners, applicants, authorities and other persons involved ("you") how personal data is collected and processed in the company. Responsible handling of your personal data is very important to us.

You may only disclose personal data of third parties to us if you are authorised to do so and the personal data is correct. We ask you to ensure that the persons concerned are aware of this data protection declaration.

We use the feminine and masculine form alternately in this data protection declaration. The respective designation also includes all other gender designations. We may change this Privacy Policy at any time without notice. The current version published on our website applies in each case.

We may change this Privacy Policy at any time without notice. The current version published on our website applies in each case.

Responsible for the content of this data protection declaration and for the data processing described is:

ION Tech AG
Badenerstrasse 650
8048 Zurich
[email protected]
Tel.: +41 44 203 00 07

For natural persons with simple residence in countries of the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein, as well as for the country-specific supervisory authorities provided for under the GDPR, we designate the following person as EU Data Protection Representative pursuant to Art. 27 GDPR:

VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
[email protected]
Tel.: +41 44 203 00 07

By way of introduction, we would like to clarify the most important terms used in the following for better understanding. In this regard, we adhere to the definitions from the Swiss Data Protection Act.

• Personal data: any information relating to an identified or identifiable natural person.
• Data subjects: natural persons about whom data are processed;
• Personal data requiring special protection: (1) data concerning religious, philosophical, political or trade union beliefs or activities, (2) data concerning health, privacy or racial or ethnic origin, (3) genetic data, (4) biometric data uniquely identifying a natural person, (5) data concerning administrative or criminal prosecutions or sanctions, and (6)data concerning social assistance measures.
• Processing: any handling of personal data, irrespective of the means and procedures used, in particular the acquisition, storage, keeping, use, modification, disclosure, archiving, deletion or destruction of data.
• Controller: a private person or federal body who, alone or together with others, decides on the purpose and means of processing.
• Data processor: a private person or federal body that processes personal data on behalf of the data controller.

This privacy policy complies with the requirements of the Swiss Federal Law on Data Protection ("FADP") and the associated Ordinance ("DPA") as well as the General Data Protection Regulation of the European Union ("GDPR"). The type and scope of the applicable legislation depends on the individual case. Foreign data protection law shall only be applied insofar as this is mandatory under the applicable law and only for the data processing processes and persons affected by it.

When processing personal data, we comply with the applicable data protection provisions.

Die Bearbeitung von Personendaten darf die Persönlichkeit der betroffenen Personen nicht widerrechtlich The processing of personal data must not unlawfully infringe the personality of the persons concerned. For this reason, such data processing must comply with the processing principles of data protection law and/or must be legitimised by a justification. In particular, we are legitimised to process personal data if the processing:

• is based on a legal basis
  The processing of personal data may be required or legitimised by law (e.g. statutory retention obligations).
• is necessary for the fulfilment of a contract with the data subject or for pre-contractual measures.
  the substantial part of the processing of personal data in our company is carried out in the context of the fulfilment of contractual obligations (e.g. with our supporters and users)
• is necessary for the protection of legitimate interests on our part or on the part of third parties.
  A legitimate interest on our part exists in particular if the processing of personal data is carried out in the context of the purposes stated in section 7 as well as the disclosure of data in accordance with section 10 and the associated objectives.
• is based on consent
  If the processing of personal data is based on your consent, we will inform you of this separately and transparently. You can revoke your consent with effect for the future at any time using the functions provided for this purpose (e.g. unsubscribe link for newsletters) or by notifying us in writing (cf. contact points under points 2 and 3 above). Upon receipt of your revocation, we will cease the data processing affected by it, unless we can base the processing on another justification.
• is necessary to comply with domestic and foreign legal provisions.

In addition to our role as controller, we also act as a processor for our supporters. We assume the role of processor in particular in connection with the provision of the following services for our supporters:

• Arrange appointments
• Process payments
• Provide infrastructure for online meetings
• Marketing
• Support users and clients

In our role as processor, we process personal data on behalf of and on the instructions of our supporters, who are considered "data controllers" in the sense of data protection law with regard to this personal data. For the purpose of regulating the associated rights and obligations, we conclude a so-called data processing contract with our clients.

This data protection declaration only relates to data processing which we carry out in our role as data controller. If you have any questions about the processing of your personal data which we carry out in our role as data processor, please contact the responsible data controller (supporter).

Depending on the products, services and services you use and the respective business relation between you and us, we process in particular the following categories of personal data:

• Master data (e.g. title, surname, first name, title, user name, date of birth, address, contact details, gender, nationality, correspondence, language, CV, employer, account details, place of residence, identifiers (AHV no. etc.), marital status, details of family and spouse, etc.)
• Contractual data e.g. information relating to the initiation, conclusion, processing, administration and termination of contracts between you and us, information in connection with job applications [see also section 16 below], interaction history, calendar entries, financial and payment information such as creditworthiness, information in connection with the enforcement of claims, bank data, etc.)
• Communication data (e.g. content exchanged via the respective communication channel, type, time and, if applicable, location of the communication that took place, boundary data, etc.)
• Behavioural and transactional data (e.g. in connection with the use of our platform, participation in events, competitions and surveys, use of electronic communication channels, etc.)
• Technical data(e.g. IP addresses, device IDs, details of the devices and applications you use and their settings, internet provider you use, user names, passwords [as hash value], information in connection with 2-factor authentication, log data, time and, if applicable, approximate location within the scope of the use of our services, etc.)
• Marketing data (e.g. information on personal preferences and interests, subscriptions and unsubscriptions to newsletters, content of marketing correspondence)
• Visual and audio recordings (e.g. recordings of telephone and video conference calls [only made after prior announcement and, if necessary, with your consent], recordings in connection with customer and staff events).

Our services primarily consist of bringing clients and supporters together. For this reason, we do not process any particularly sensitive personal data of our customers. This category of data is processed directly by the respective supporter.

If, in exceptional cases, we nevertheless process personal data about you that is particularly sensitive, this processing is carried out within the scope of our function as order processor and thus on behalf of the supporter you have selected.

Our services are only intended for persons over the age of 18. We do not knowingly collect personal data from anyone under the age of 18. If you are a parent or guardian and know that your child has provided us with personal data, please contact us. If we discover that we have collected personal information from individuals under the age of 18 without verifying parental consent, we will take steps to remove that information from our servers.

To a large extent, we collect personal data directly from you as the data subject. This includes in particular master data, contract data, communication data, marketing data as well as behavioural and transaction data. The collection of such personal data takes place in the context of the initiation and processing of business relationships as well as the use of our products and services.

We may also collect personal data about you ourselves or automatically or derive it from existing data. This includes in particular behavioural and transaction data as well as technical data.

Finally, we also receive personal data from third parties to the extent permitted by law. Such third parties include, in particular, persons from your environment (e.g. family members), service providers, business partners, insurance companies, banks, authorities, official agencies, courts, parties and their legal representation in the context of legal disputes etc. We may also collect personal data from public sources (e.g. credit agencies, social media).

We process the collected data in order to fulfil our legal and contractual obligations towards you and third parties. This includes in particular the establishment, administration and processing of contractual relations.

We also process the data collected to ensure communication with you, to provide and improve the products, services and information you have requested, to manage your use of and access to our products, services and information, to maintain our business relationship with you, to carry out advertising and marketing measures (insofar as we are authorised to do so, e.g. by obtaining your consent), to monitor the performance of our offering and to provide you with the information you require. We use this data to monitor and improve the performance of our services, to enforce or defend ourselves against legal claims, to detect, prevent or investigate illegal activities, to ensure compliance with laws and recommendations of domestic and foreign authorities and internal regulations, to generally guarantee our operations (especially IT, website, etc.) and to ensure administrative processes (e.g. data archiving, accounting, master data maintenance, quality assurance).

We process your personal data for as long as we are legally obliged to do so (e.g. storage and archiving obligations) or our legitimate business interests require this (e.g. enforcement or defence of claims, guaranteeing IT security) or as long as the purpose of the collection of your data makes it necessary or the storage is technically required. In the case of contracts, the data is generally stored for the duration of the contractual relationship as well as for the statutory retention periods beyond this (generally 10 years).

This may mean that your personal data or extracts thereof must be retained for several years after the end of the contractual relationship between you and us. If your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymised as far as possible.

In certain cases, based on your consent, we may keep your personal data for a longer period of time (e.g. job applications that we have pending).

Insofar as we act as a processor, we comply with the instructions of the respective person responsible with regard to the storage and deletion of personal data.

The security of your personal information is important to us. But remember that no method of transmission over the Internet or electronic storage is 100% secure. Although we strive to protect your personal data, we cannot guarantee its absolute security. To secure your data, we maintain technical and organisational security measures in accordance with the current state of technology.

Communication via our website is encrypted using the SSL/TLS encryption protocol.

In particular, unencrypted e-mail messages can possibly be viewed by unauthorised third parties. Your data may also be viewable by third parties abroad, as internet traffic is regularly routed via third countries. We cannot guarantee data security for e-mails received unencrypted and therefore exclude any warranty and liability for this. This advice also applies in particular to the sending of particularly sensitive personal data (e.g. health data) by unencrypted e-mail.

We oblige our employees as well as our business partners to maintain secrecy and confidentiality and to comply with the applicable data protection regulations.

To the extent legally permissible and necessary, we may also pass on certain personal data to third parties in the course of our business activities. To the extent permitted, these third parties process your personal data either on our behalf (processor), under joint responsibility with us or under their own responsibility. These include among others:

• our service providers, such as banks, insurance companies, IT providers, debt collection companies, credit agencies, cleaning companies, advertising service providers, lawyers, external consultants, etc.
• >Business partners, such as supporters (counsellors, coaches, therapists, etc.), insurance companies, distribution partners, suppliers, etc.
• Domestic and foreign authorities, official agencies and courts
• Other parties in administrative and legal proceedings
• Parties involved in transactions under company law (e.g. purchase, sale or mergers of companies, business units, etc.)
• Other third parties who are necessary to achieve the purpose of the data processing in question

Where necessary, we have concluded corresponding data processing contracts with our service providers. In these contracts, they undertake to comply with data protection and data security regulations. Furthermore, they may only process personal data in accordance with our instructions. They also grant us comprehensive auditing and control rights as well as the right to information, correction and deletion.

We process and store personal data in Switzerland and in the European Union (EU) or the European Economic Area (EEA). In certain cases, however, we may also disclose personal data to service providers and recipients located outside this area or process personal data outside this area, in principle in any country in the world. In particular, you must expect personal data to be disclosed to all countries in which the service providers we use and their subcontractors are located (especially the USA).

By taking appropriate measures, we ensure compliance with the legal requirements. Specifically, an adequacy decision by the responsible authority is available. In the absence of such a decision, the personal data is transferred on the basis of appropriate safeguards (in particular standard contractual clauses approved by the European Commission and the Federal Data Protection and Information Commissioner [FDPIC]) or there are exceptions for certain situations (contract execution, law enforcement abroad, etc.) or we obtain your express consent.

Insofar as the legal requirements are met and no legal exceptions apply, you as the data subject have the following rights in particular:

• to request information on whether and, if so, which personal data we are processing about you
• correction of incorrect or incomplete personal data
• the deletion or anonymisation of your personal data, provided this does not conflict with a legal obligation to retain data
• data portability
• revoke your consent to the processing of your personal data with effect for the future
• object to the processing of your personal data.

Please note that these rights may be restricted or excluded in specific individual cases (e.g. to protect third parties or business secrets).

For the purpose of asserting your rights as a data subject or if you have any questions regarding this data protection declaration and the processing procedures described therein, you can contact the offices named in section 2 above at any time.

If you believe that your data has been processed unlawfully, we would be grateful if you could contact us directly. Alternatively, you can file a complaint with the supervisory authority responsible for you. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).. In der EU ist die Beschwerde bei der jeweiligen nationalen In the EU, the complaint must be submitted to the respective national data protection authority.

Our website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website. In addition, all data stored in your user account is stored by this hoster.

Our hoster will only process your data to the extent that this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data. We have concluded an order processing contract with the hoster.

Within the scope of the GDPR, the associated processing of your personal data is carried out either for the purpose of initiating and fulfilling a contract (Art. 6 para. 1 lit. b GDPR) or based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in providing a user-friendly, secure and efficient website in cooperation with a professional provider.

Unsere Our mail servers are hosted by an external service provider (hoster). The personal data collected in the course of the mail traffic is stored on the hoster's servers. This may include IP addresses, meta and communication data, contact data, names and other data.

Our hoster will only process your data to the extent that this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data. We have concluded an order processing contract with the hoster.

Within the scope of the GDPR, the associated processing of your personal data is carried out either for the purpose of initiating and fulfilling a contract (Art. 6 (1) (b) GDPR) or based on our legitimate interest (Art. 6 (1) (f) GDPR) in processing the enquiries and communication content addressed to us and in providing secure, fast and efficient e-mail communication in cooperation with a professional provider.

Our internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the display of videos). Other cookies are used to evaluate user behaviour or display advertising.

Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions you have requested (functional cookies) or to optimise the website (e.g. cookies to measure web audience) are stored within the scope of our legitimate interests, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based on this consent; consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited. Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the framework of this data protection declaration and, if necessary, request your consent.

You can register on our website in order to use additional functions on the site or our services. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration. In the event of important changes, for example in the scope of the offer or in the event of technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.

The data entered and provided during registration and subsequently is processed for the purpose of implementing the user relationship established by registration and for initiating and processing contracts.

In the scope of application of the GDPR, this data is processed either for the purpose of fulfilling a contract (Art. 6 para. 1 lit. b GDPR) or on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in providing our services.

Our website uses Google Analytics, Google Ads, Google Fonts, Google Tag Manager from Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services (hereinafter "Google").

In addition to the following explanations, you will find further information on data protection at Google in the Google data protection declaration: https://policies.google.com/privacy.

We have concluded an order processing contract with Google.

Within the scope of the GDPR, the processing of this data is based on your consent (Art. 6 para. 1 lit. a GDPR). The consent can be revoked at any time with effect for the future.

We use functions of the web analysis service Google Analytics on our website. Google Analytics uses so-called "cookies", i.e. text files that are stored on your computer and enable an analysis of your use of the website (cf. above explanations under section 13.3). The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on these websites, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area as well as Switzerland. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

The purposes of the data processing are to evaluate the use of the website and to compile reports on activities on the website. Further associated services are then to be provided on the basis of the use of the website and the internet.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent the collection of the data generated by the cookie and related to your use of the website (incl. your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout.

Alternatively, you can prevent tracking by Google Analytics on our websites by installing an opt-out cookie on your device. This will prevent the collection by Google Analytics for this website and for this browser in the future, as long as the cookie remains installed in your browser. You can find the opt-out cookie here: https://chrome.google.com/webstore/detail/google-analytics-opt-out/fllaojicojecljbmefodhfapmkghcbnh?hl=en

This website uses the "demographic characteristics" function of Google Analytics in order to be able to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that include statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".

We also use the Google Ads advertising tool to promote our website. For this purpose, we use the "Conversion Tracking" analysis service from Google on our website. If you have accessed our website via a Google ad, a cookie is stored on your computer. These so-called "conversion cookies" lose their validity after 30 days and do not serve to identify you personally. If you visit certain pages of our website and the cookie has not yet expired, we and Google can recognise that you, as a user, have clicked on one of our ads placed with Google and have been redirected to our site. The information obtained with the help of the conversion cookies is used by Google to compile visit statistics for our website. Through these statistics, we learn the total number of users who clicked on our ad and also which pages of our website were subsequently accessed by the respective user. However, we do not receive any information with which users can be personally identified. You can prevent the installation of the conversion cookies by setting your browser accordingly, for example by using a browser setting that generally deactivates the automatic setting of cookies or specifically blocks only the cookies from the domain "googleadservices.com" (cf. section 13.3 above).

This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq.

We use the Google Tag Manager to centrally integrate and manage website tags. Website tags are code snippets from e.g. GoogleAds or Google Analytics, with which we can track and trace activities on our website. The Google Tag Manager allows us to manage website tags efficiently and effectively. You can find more information about the Google Tag Manager at: https://tagmanager.google.com/.

We use a tracking pixel from Facebook on our website. The provider is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter "Facebook").

When you click on a Facebook ad or visit our website, the pixel stores a cookie on your device. The cookie processes data about whether you have reached our website via a Facebook ad and enables us to analyse the user's behaviour up to the point of purchase. The pixel also processes data about your website visit to us and allows us to tailor the ads played on Facebook to your interests. This allows us to track the success of our own Facebook advertising campaigns and optimise the playout of Facebook advertising campaigns to interested target groups.

The Facebook pixel establishes a direct connection to Facebook's servers. The information generated by the cookie about your use of our website (including your IP address) is transmitted to Facebook in the USA.

The data collected is anonymous to us and does not allow us to draw any conclusions about the user. If you are registered with Facebook, Facebook can assign the collected information to your account. Even if you do not have a Facebook account or are not logged in when you visit our website, it is possible for Facebook to process and store your IP address and other identification data.

You can find more information about the processing of your personal data by Facebook in their data protection declaration: https://www.facebook.com/privacy/policy.

In the scope of application of the GDPR, the processing of this data is based on your consent (Art. 6 para. 1 lit. a GDPR). The consent can be revoked at any time with effect for the future.

Auf We embed YouTube videos on some of our websites. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode, which, according to YouTube, only initiates the storage of user information when the video is played. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode.

As soon as you start a YouTube video on our website, a connection is established to the YouTube servers (possibly also to the USA). In this context, YouTube learns which of our pages you have visited. If you are logged into your YouTube account, you also enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube may store various cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting) (cf. above explanations under section 14.3). In this way, YouTube can obtain information about you. According to YouTube, this serves, among other things, to collect video statistics, to improve the user experience and to prevent abusive behaviour.

If applicable, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.

We have concluded an order processing contract with Google.

You can find more information about data protection at YouTube in their privacy policy at: https://www.google.de/intl/de/policies/privacy/.

In the scope of application of the GDPR, the processing of this data is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in an appealing website or based on your consent (Art. 6 para. 1 lit. a GDPR). Consent can be revoked at any time with effect for the future.

We use content or service offers from third-party providers within the websites. These usually require a query of your IP address, as without the IP address they could not send any content to their browser.

Within the scope of application of the GDPR, the processing of this data takes place either for the purpose of fulfilling a contract (Art. 6 para. 1 lit. b GDPR) or on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in a contemporary Internet presence and in increasing our reach, or based on your consent (Art. 6 para. 1 lit. a GDPR). Consent can be revoked at any time with effect for the future.

We use functions from CloudFlare. The provider is CloudFlare, Inc. 101 Townsend St., San Francisco, CA 94107, USA. CloudFlare offers a globally distributed content delivery network with DNS. Technically, the transfer of information between your browser and our website is routed via CloudFlare's network. CloudFlare is thus able to analyse the data traffic between users and our websites, for example, in order to detect and ward off attacks on our services. In addition, CloudFlare may store cookies on your computer for optimisation and analysis. You can find more information about the data logged by CloudFlare here: https://blog.cloudflare.com/what-cloudflare-logs/

We use this service to protect our legitimate interests in the provision of a service that is as secure as possible, which outweigh our other interests.

We have concluded an order processing contract with CloudFlare.

In the CloudFlare privacy policy you will find further information on data protection at CloudFlare: https://www.cloudflare.com/privacypolicy/

We may use your personal data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any or all of these communications from us by following the unsubscribe link or instructions in an email we send or by contacting us (see 2 above). We may use email marketing service providers to manage and send emails to you (see below)..

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and that you agree to receive the newsletter (so-called double opt-in procedure). No further data is collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The data entered in the newsletter registration form is processed exclusively on the basis of your consent. You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide us with for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this. After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

We use Mailjet to send newsletters. The provider is Mailjet SAS (Global HQ) Office and postal address Paris: 13-13 bis, rue de l'Aubrac, 75012 Paris, France.

Mailjet is a service with which, among other things, the sending of newsletters can be organised and analysed. The data you enter for the purpose of receiving newsletters is stored on Mailjet's servers.

If you do not want Mailjet to analyse your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. You can also unsubscribe directly on the website.

With the help of Mailjet, we are able to analyse our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links, if any, were clicked on. In this way, we can determine, among other things, which links were clicked on particularly often.

In addition, we can see whether certain previously defined actions were carried out after opening/clicking (conversion rate). For example, we can see whether you have made a purchase after clicking on the newsletter.

Mailjet also enables us to subdivide ("cluster") the newsletter recipients according to various categories. For example, newsletter recipients can be subdivided according to age, gender or place of residence. In this way, the newsletters can be better adapted to the respective target groups.

We have concluded an order processing contract with Mailjet.

For detailed information on the functions of Mailjet, please see the following link: https://www.mailjet.de/funktion/.

You can find Mailjet's privacy policy at: https://www.mailjet.de/sicherheit-datenschutz/.

We use remarketing services to suggest advertisements to you on third party websites after you have visited our website. We and our third party providers use cookies to optimise and serve ads based on your previous visits to our service.

The Facebook Remarketing Service is provided by Facebook Inc.

For more information on Facebook's interest-based advertising, please visit this page: https://www.facebook.com/help/164968693837950

Follow these instructions from Facebook to opt out of Facebook's interest-based ads: https://www.facebook.com/help/568137493302217

Facebook adheres to the self-regulatory principles for online behavioural advertising set by the Digital Advertising Alliance. You also have an opt-out option with Facebook and other participating companies:

• European Interactive Digital Advertising Alliance in Europe: http://www.youronlinechoices.eu/
• Digital Advertising Alliance in the USA: http://www.aboutads.info/choices/
• Digital Advertising Alliance of Canada in Kanada: http://youradchoices.ca/

or deactivate the settings of your mobile device.

For more information about Facebook's privacy practices, please see Facebook's Privacy Policy: https://www.facebook.com/privacy/explanation

We may offer chargeable products and services. In this case, we may use third-party services for payment processing (hereinafter "payment service providers"). When a payment is made, your payment data is forwarded to the respective payment service provider via an interface on our site in order to carry out the payment.

The data processed by the payment service providers includes master data, such as name and address, bank data (including account numbers or credit card numbers), passwords, TANs and checksums as well as contract data. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. We as the operator do not receive any information about the (bank) account or credit card, but only information to confirm (accept) or reject the payment.

The payment service providers adhere to the standards set by PCI-DSS, which are administered by the PCI Security Standards Council. This is a joint effort by brands such as Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

We use as payment service provider:

• Stripe: The provider for customers within the EU is Stripe Payments Europe, Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. You can find more information about their data protection practices at: https://stripe.com/de/privacy.
• PayPal: The provider for customers within Switzerland is PayPal Pte. Ltd, 5 Temasek Boulevard, #09-01 Suntec Tower Five, Singapore 038985. For more information about their privacy practices, please visit: https://www.paypal.com/webapps/mpp/ua/privacy-full.
• Twint: The provider for customers within Switzerland is Twint AG, Stauffacherstrasse 41, 8004 Zurich, Switzerland.For more information about their privacy practices, please visit: https://www.twint.ch/datenschutz/

Our website contains hyperlinks to third-party websites that are not operated or controlled by us. We are not responsible for their content or data protection practices.

Among other things, we use online conference tools to communicate with you. The individual tools we use are listed below. If you communicate with us by video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conferencing tools collect all data that you provide/enter to use the tools (e-mail address and/or your telephone number, etc.). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other "contextual information" in connection with the communication process (metadata).

Furthermore, the provider of the tool processes all technical data required to handle the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.

If content is shared, uploaded or otherwise made available within the tool, it will also be stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/ instant messages, voicemails uploaded photos and videos, files, whiteboards and other information shared while using the service.

We retain this data for as long as we are required to do so by law or we can demonstrate a legitimate interest in retaining the data.

Please note that we do not have full control over the data processing operations of the tools used. Our options depend largely on the company policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection statements of the respective tools used, which we have listed below this text. We have concluded order processing contracts with the tool providers.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers and supporters. Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our partners.

We use the following conference tools:

• Twilio: The provider of this service is Twilio Headquarters, 375 Beale Street, Suite 300, San Fransisco, CA, 94105, USA. For details on data processing, please refer to Twilio's privacy policy: https://www.twilio.com/legal/privacy.
• Zoom: The provider is Zoom Video Communications, Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113. For details on data processing, please refer to Zoom's privacy policy: https://explore.zoom.us/de/privacy/
• Google Meet: The provider is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland). For details on data processing, please refer to Google's privacy policy: https://policies.google.com/privacy.
• Teams:The provider is Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin, Ireland). For details on data processing, please refer to Microsoft's privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

Within the scope of application of the GDPR, this data is processed either for the purpose of initiating and fulfilling a contract (Art. 6 para. 1 lit. b GDPR) or on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in providing an up-to-date communication infrastructure in accordance with the aforementioned purposes or based on your consent (Art. 6 para. 1 lit. a GDPR). Consent can be revoked at any time with effect for the future.

In our role as order processor of our supporters, we provide the infrastructure for online sessions. The online sessions are conducted exclusively via Twilio. The data exchanged during the online session is automatically deleted at the end of the session and can no longer be accessed thereafter. Communication between supporter and customer is encrypted.

We maintain the publicly accessible profiles on social networks listed below. In connection with the use of social networks, we would like to point out the following:

By visiting our profiles on the social networks, personal data about you may be collected. For example, if you are logged into your accounts on the social networks and visit our profile at the same time, the portal operator can assign this visit to your user account. However, even if you have logged out of your account or if you do not have an account with the respective portal, your personal data may be collected. Such data collection can occur, for example, through the setting of cookies. Based on the data collected in this way, the portal operators can create user profiles and show you interest-related advertising. You can find more information on this in the respective data protection declarations of the portal operators.

The use of social networks and the associated data processing is based on our legitimate interest. In particular, we want to use them to present ourselves on the internet and increase our reach.

Within the scope of the GDPR, the use of social networks is in the interest of an appealing presentation of our online offers, increasing our reach and promoting our services. This is our legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is based on Art. 6 para. 1 lit. a of the GDPR. The consent can be revoked at any time with effect for the future.

We use selected tools from Facebook (e.g. Facebook Fan Page, Facebook Insights, Meta Business Suite). The provider of these tools is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

With the help of these tools, we want to optimise the customer experience by showing our services and products only to those people who are interested in them. To do this, Facebook collects certain information about visitors to our website and social media platforms. Based on this, we receive analytics regarding the way our website, services and products are used.

You can use this link to opt out of receiving advertising tailored to you: www.facebook.com/settings?tab=ads.

Facebook and we are considered jointly responsible for certain data processing (e.g. Facebook fan page, Page Insights, etc.). Where necessary, we have therefore entered into agreements with Facebook to regulate the rights and obligations of both parties as joint data controllers (cf. www.facebook.com/legal/terms/page_controller_addendum).

You can find more information on data protection at Facebook here: https://www.facebook.com/policy.php.

We use the Facebook Insights function in connection with the operation of the Facebook fan page to obtain anonymised statistical data about our users.

For this purpose, Facebook places a cookie on the device of the user who visits our Facebook fan page. Each cookie contains a unique identification code and remains active for two years unless deleted before the end of this period.

Facebook receives, records and processes the information stored in the cookie, in particular when the user visits Facebook services, services provided by other members of the Facebook fan page and services provided by other companies using Facebook services.

We use functions of the Instagram service. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

If you have a user account with Instagram, you can interact with us via Instagram. As part of this interaction, we process the personal data you provide.

You can find more information about data protection on Instagram here: https://instagram.com/about/legal/privacy/.

We use functions and services of the TikTok service. This includes the TikTok Pixel tool for the purpose of conversion tracking for advertisers. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

If you have a user account with TikTok, you can interact with us via TikTok. As part of this interaction, we process the personal data you provide. TikTok processes various visitor data (e.g. IP address, terminal information, advertising ID, usage behaviour). The information collected may also be made available to us in the form of statistical analyses (e.g. number of profile views, information on followers, information on our videos).

You can find more information about data protection at TikTok here: https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE.

We maintain a profile on Twitter. The responsible company is Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

If you have a user account on Twitter, you can interact with us via it. As part of this interaction, we process the personal data you provide.

By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. In the process, data is also transferred to Twitter.

You can change your data protection settings on Twitter in the account settings https://twitter.com/account/settings ändern.

You can find more information on this in Twitter's privacy policy at: https://twitter.com/de/privacy.

We maintain a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. The data is stored and analysed on the basis of our legitimate interest in achieving the greatest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on this basis; the consent can be revoked at any time.

Further information on this can be found in Xing's privacy policy:https://privacy.xing.com/de/datenschutzerklaerung.

We maintain a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. The data is stored and analysed on the basis of our legitimate interest in achieving the greatest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on this basis; the consent can be revoked at any time.

Further information on this can be found in the LinkedIn privacy policy:https://www.linkedin.com/legal/privacy-policy.

LinkedIn uses advertising cookies. If you would like to deactivate them, please follow this link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-outhttps://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

We maintain a profile on YouTube and can also use it to embed videos on our website or apps. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Further information on the use of YouTube can be found in section 13.5.3 above.

We use Google Business Profile from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). When you visit and interact with our Google Business profile, Google also collects your IP address and other information that is collected in the form of cookies on your terminal device. This information is collected for statistical purposes. The data collected about you in this context will be processed by Google and may also be transferred to the USA. The use of Google Business Profile is your own responsibility.

You can find more information on how Google handles your data in their privacy policy: https://policies.google.com/privacy.

We use Bing Places from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland ("Microsoft"). When you visit and interact with our Bing Places listing, Mircorosft also collects your IP address and other information that is collected in the form of cookies on your terminal device. This information is collected for statistical purposes. The data collected about you in this context is processed by Microsoft and may also be transferred to the USA. You use Bing Places on your own responsibility.

For more information on how Microsoft handles your data, please refer to their privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

We accept applications by regular mail or e-mail. We may also work with external partners (e.g. job portals and employment agencies) as part of the recruitment process. In this case, please also note the data protection information of these partners. We treat your data as strictly confidential. Your personal data will only be passed on within our company to persons who are entrusted with processing your application.

We process the personal data sent to us as part of your application and the personal data collected as part of the application process insofar as this is necessary to decide on the conclusion and implementation of an employment contract. This includes:

• Master data (surname, first name, address, contact details, date of birth, marital status, etc.)
• Information on your educational, professional and personal qualifications
• Information that we have collected as part of the application process (e.g. as part of assessments)
• Other information that you have provided to us in connection with your application

We process your personal data in this regard for as long as is necessary for the decision on your application. They will be deleted a maximum of six months after the end of the application process, unless longer storage is legally required or permitted or you have not consented to longer storage.

If an employment relationship is established following the application process, your application documents will be transferred to your personnel file.

Under this Privacy Policy, and by law if you are a California resident, you have the following rights:

• The right to be informed. You must be duly informed about the categories of personal data collected and the purposes for which the personal data will be used.
• The right of access / right to request. The CCPA allows you to request and receive from the Company information about the disclosure of your personal information collected by the Company or its subsidiaries for direct marketing purposes during the previous 12 months.
• The right to refuse the sale of personal data. You also have the right to ask the Company not to sell your personal data to third parties. You can submit such a request by visiting our 'Do not sell my personal data' section (see below) or our website.
• The right to know about your personal information. You have the right to request and receive information from the Company about the disclosure of the following:
  - The categories of personal data collected
  - The sources from which the personal data was collected
  - The business or commercial purpose for collecting or selling the personal data
  - Categories of third parties with whom we share personal data
  - The specific personal information we have collected about you
• The right to delete personal data. You also have the right to request the deletion of your personal data collected in the last 12 months.
• The right not to be discriminated against. You have the right not to be discriminated against for exercising your consumer rights, including by:
  - Refusal to provide goods or services
  - Charging different prices or rates for goods or services, including using discounts or other benefits or imposing penalties
  - Providing you with a different level or quality of goods or services
  - Suggesting that you receive a different price or rate for goods or services or a different level or quality of goods or services

To exert your rights under the CCPA, and if you are a California resident, you may email us, call us, or visit our website.

The Company will disclose and provide the required information free of charge within 45 days of receipt of your verifiable request. The time period to provide the required information may be extended once for an additional 45 days with notice.

We do not sell personal information. However, the service providers with whom We work (e.g., Our advertising partners) may use technology on the Service that "sells" personal information within the meaning of the CCPA Act.

If you wish to opt-out of the use of your Personal Information for interest-based advertising purposes and these potential sales within the meaning of the CCPA Act, you may do so by following the instructions below.

Please note that each opt-out is specific to the browser you are using. You may need to disable each browser you use.

On your mobile device, you may be able to disable the use of information about the apps you use to serve ads targeted to your interests:
You can also stop the collection of location information from your mobile device by changing the settings on your mobile device.

Our services do not respond to Do Not Track signals.

However, some third-party websites track your browsing activity. When you visit such websites, you can set your web browser preferences to notify websites that you do not want to be tracked. You can enable or disable DNT by visiting your web browser's settings or preferences page.