Privacy Policy of Goldbach Group AG

We have technical and organizational security procedures in place to maintain the security of your personal information and to protect your session data and personal information against unauthorized or unlawful processing and/or accidental loss, alteration, disclosure or access. However, you should always be aware that the transmission of information via the Internet and other electronic means involves certain security risks and that we cannot guarantee the security of information transmitted in this way. All data via the website, such as newsletter registration or forms, is transmitted via SSL. With the SSL procedure, we protect your data that you as a customer send to our company's servers via the Internet. SSL grants a 3-fold protection:

• The entries that are to be transmitted are encrypted.
• It is ensured that the form is only sent back to the server from which it was opened.
• It is checked whether the data reaches its respective recipient completely and unchanged.

We will retain your Personal Data for as long as we deem necessary or appropriate to comply with applicable law or as long as it is necessary for the purposes for which it was collected. We delete your personal data as soon as they are no longer needed and in any case after the expiry of the legally required ma-ximum retention period.

We are required by law to inform you of the owner of the data collection containing your personal data. The owner of the data collection is Goldbach Group AG.

We collect your personal data whenever we have contact with you. The situations in which we have contact with you are varied. For example, we collect your personal information in the following circumstances:

• You provide us with goods or services
• You attend our meetings, customer events or seminars;
• You make use of a service from us
• You receive a newsletter
• You participate in a contest or sweepstakes; You become a member of one of our customer loyalty programs;
• You participate in one of our market research campaigns or opinion surveys;
• You use or communicate with us or third parties via our Internet pages, apps for mobile devices or offers on Internet platforms, multimedia portals or social networks;
• You communicate with us via telephone, fax, email, voice messages, text messages (SMS), picture messages (MMS), video messages or instant messaging or social media;
• You contact us at customer events, promotional events, sponsorship events or similar events;
• You send us your application dossier.

Most of our service offerings do not require registration, so you can visit our website without telling us who you are. However, some services may require you to provide personal information. In such a case, if you choose not to provide personal information requested by us, you may not be able to use certain areas of the Site or we may not be able to respond to a request from you.

The personal data we collect is diverse. On the one hand, we collect personal data that you provide to us. On the other hand, we collect personal data that is automatically or manually collected when you contact us, such as:

6.1 Personal data

• Surname and first name;
• Birthday and age;
• Gender;
• Residential address;
• Delivery address;
• Billing Address;
• Language preferences;
• Telephone number(s);
• E-mail address(es);
• Identification numbers of your technical devices;
• Information about newsletters you have subscribed to or other advertising;
• Consent to receive advertising;
• Memberships within our business unit;
• Photo and video recordings of visits to our events, meetings, seminars or other recordings on our premises.

6.2 Customer Activity Data

• Contract data (including date of contract, type of contract, content of contract; party to contract; term of contract; value of contract; claims made under contract);
• Customer service information
• Session data relating to visits to our Internet pages, apps for mobile devices or offers on Internet platforms, multimedia portals or social networks (including duration and frequency of visits, language and country preferences, information about browser and computer operating system, Internet protocol addresses, search terms and search results; ratings given, comments on the blog);
• Location-based data when using mobile devices;
• Communications via telephone, facsimile, email, voice messages, text messages (SMS), picture messages (MMS), video messages or instant messaging;

We process your personal data for different purposes. These purposes can be grouped into different categories. Specifically, we may process all or part of your personal data for one or more of the following purposes:

7.1. Processing purposes in connection with customer communication

• Provision, administration and execution of customer communication by mail and via electronic means of communication;
• Business communication by mail and via telephone, fax, e-mail, voice messages, text messages (SMS), picture messages (MMS), video messages or instant messaging;
• Evaluation of the use of our offers via telephone, fax, e-mail, voice messages, text messages (SMS), picture messages (MMS) or instant messaging such as: Type of use, frequency and duration of use, exact location of use.

7.2. Processing purposes in connection with special events

• Organization and implementation of contests or sweepstakes, including notification and publication of winners via our Internet pages, apps for mobile devices or our offerings on Internet platforms, multimedia portals or social networks;
• Organization and implementation of special events such as conferences, seminars or customer events.

7.3. Right of objection (opt-out) regarding our direct marketing activities.

We process your data for the purposes mentioned in section 7.2 because we have a business interest in contacting you and convincing you of our services. Of course, you are free to object to this processing, which we will take into account accordingly. You can object to the processing via the same communication channel as we contacted you. You will find our contact details in section 17. You can unsubscribe from our newsletter mailing directly using the opt-out link, which can be found at the end of each newsletter (see also section 14). Information regarding your right to object to the setting of cookies can be found below in section 10.4.

We may share your personal data with other sub companies of Goldbach Group AG as well as with the companies of our parent company TX Group for the purposes stated in this privacy policy. These other companies may use your personal data in their own interest for the same purposes as we do. The companies of Goldbach Group AG may process your personal data in particular for individualized and personalized analyses of customer behavior and for direct marketing activities in their own interest. Within Goldbach Group AG, employees are only given access to your personal data to the extent necessary for the performance of their duties.

We may also disclose your personal data to other sub companies of Goldbach Group AG, TX Group AG and to third parties outside Goldbach Group AG in order to use technical or organizational services that we require for the fulfillment of the aforementioned purposes or our other business activities. These service providers are contractually obligated to process the personal data exclusively on our behalf and in accordance with our instructions. We also require our service providers to comply with technical and organizational measures that ensure the protection of personal data.

If the service providers are located in countries where the applicable laws do not provide for a level of protection of personal data comparable to Swiss or European law, we will contractually ensure that the relevant service providers comply with the Swiss and European level of data protection (for example, with the standard contractual clauses issued by the EU Commission) and take further technical measures where necessary.

The list of our service providers and what we use them for, updated from time to time, can be found here.

We may also disclose your personal data if we believe it is necessary to do so in order to comply with applicable laws and regulations, in the event of legal proceedings, at the request of the competent courts and authorities, or as a result of other legal obligations, in order to protect and defend our rights or property.

Most of the service offerings available on this website are directed to people 18 years of age and older. Any person requesting information about any of our services that is approved for use by children must be 18 years of age or older. We will not knowingly collect, use or disclose personal information from minors under the age of 18 without first obtaining the consent of a parent or guardian. The parent or guardian will be provided with (i) information about the specific type of personal information being collected from the minor and (ii) the opportunity to object to any further collection, use or storage of such information. We comply with the laws for the protection of minors.

We also use so-called cookies on our Internet pages. These are small files that are stored on your computer or mobile device when you use one of our Internet pages. We would also like to inform you comprehensively about our use of cookies.

10.1. Why do we use cookies?

The cookies we use serve first of all to ensure the functions of our Internet pages - such as for storing the preferred language. In addition, we use cookies to adapt our Internet offer to your customer wishes and to make surfing with us as comfortable as possible for you.

10.2. Which cookies do we use?

Most of the cookies we use are automatically deleted from your computer or mobile device at the end of the browser session (so-called session cookies). For example, we use session cookies to store your country and language preferences across different pages of an Internet session.

In addition, we also use temporary or permanent cookies. These remain stored on your computer or mobile device after the browser session ends. When you visit one of our Internet pages again, it is then automatically recognized which inputs and settings you prefer. Depending on the type of cookie, these temporary or permanent cookies remain stored on your computer or mobile device for between one month and ten years and are automatically deactivated after the programmed time has elapsed. They serve to make our Internet pages more user-friendly, effective and secure. Thanks to these cookies, you will, for example, be shown information on the page specifically tailored to your interests.

The cookies stored on your computer or mobile device may also originate from partner companies under certain circumstances. These may be other companies of Goldbach Group AG or companies outside of Goldbach Group AG. The list of our partner companies, which is updated from time to time, and what we use them for can be found in section 8. The cookies of the partner companies remain stored on your computer or mobile device for between one month and ten years and are automatically deactivated after the programmed time has expired.

You can also obtain information about the purposes of the cookies and about which third parties set cookies when you visit our website from the Privacy Center, , which is displayed when you first visit our website or which you can easily find on our website. In the Privacy Center, you also have the option to object to the processing of your personal data for certain purposes or by certain companies.

10.3. What data is stored in cookies?

When a cookie is set, it is assigned an identification number. This number cannot be linked to any specific personal data (such as name or address) and is linked to the device with which you visit our website. The collection of data based on a cookie identification number is therefore referred to as pseudonymous data. This pseudonymous identification number can be used, for example, to collect data about your interaction with our website.

10.4. How can you prevent cookies from being stored?

Most Internet browsers accept cookies automatically. However, you can instruct your browser not to accept cookies or to prompt you each time before accepting a cookie from an Internet site you visit. You can also delete cookies on your computer or mobile device by using the appropriate function of your browser.

You can also use the Privacy Center mentioned in Section 10.2 to object to the setting of cookies for certain purposes or by certain companies.

If you decide not to accept our cookies or the cookies of our partner companies, you may not be able to see certain information on our Internet pages or use some features designed to enhance your visit.

Every time you access our Internet pages, your Internet browser transmits certain usage data to us for technical reasons and stores it in log files. This involves the following usage data: Date and time of accessing our Internet site; name of the Internet site accessed; IP address of your computer or mobile device; address of the Internet site from which you came to our Internet site; amount of data transferred, as well as name and version of your browser. The analysis of the log files helps us to further improve our Internet services and make them more user-friendly, to find and correct errors more quickly and to control server capacities. Based on the log files, we can determine, for example, at what time the use of our Internet services is particularly popular and provide appropriate data volume to ensure the best possible use for you.

In order to constantly improve and optimize our Internet offering, we use so-called tracking technologies. Web analysis tools provide us with statistics and graphics that give us information about the use of our Internet pages. In the process, data about the use of an Internet page is transmitted to the server used for this purpose.

The analytics service providers we use can be found in the list of third-party service providers we use in section 8. You can also use the Privacy Center mentioned in section 10.2 to object to the setting of cookies by Google Analytics or other analytics tools used.

In the course of a registration for our newsletter, we process the data that you provide as a newsletter recipient. After your registration, we will send you an e-mail with a link to confirm the registration.

You can cancel the receipt of the newsletter at any time by clicking on the corresponding link in each newsletter or by sending an e-mail to [email protected]. We will then immediately delete your data in connection with the newsletter dispatch and you will not receive any further newsletters.

You can find the partner we use for sending and analyzing the newsletters in the list of our service providers in section 8.

Our newsletter contains a "web beacon". This is a pixel-sized file that is retrieved from the server of our newsletter service provider when the newsletter is opened. Technical information on the browser and the operating system of the newsletter recipient as well as the IP address are collected for the purpose of technical improvement of the newsletter dispatch. It is also analyzed whether and when the newsletter is opened and which links are called up in order to be able to improve our newsletter content and make it more relevant for the recipients. We do not analyze or monitor individual newsletter recipients.

In some cases, we have to redirect you as a newsletter recipient within the newsletter to the websites of our external service providers, for example, in order to be able to call up the latest version of their privacy policy. Please note that cookies are set on the websites of such service providers and thus personal data may be processed by the service providers and their partners (e.g. Google Analytics). We have no influence on this. For more information, please refer to the privacy statements of our service provider.

If you apply to a group company belonging to Goldbach Group AG, we store your application data as part of the application process. If the position is not filled or is filled by another person, the purpose of the original data storage no longer applies and we delete your application data again or return the documents to you. Application data is only made accessible to those persons in the company who are involved with the application. These are the potential supervisor (incl. other decision-makers) and the employees of the HR department (see section 8).

You have the right to opt out of data processing, particularly if we process your personal data based on a legitimate interest and the other applicable requirements are met. Furthermore, you may opt out of data processing in relation to direct marketing (e.g. advertising emails) at any time.

Provided that the relevant applicable requirements are met, and no statutory exceptions apply, you also have the right to information, rectification, erasure, restriction of data processing, and the right to receive the personal data provided by you in a commonly used format. Moreover, you have the right to revoke prospectively any consent you have given to us.

• Right to information: You have the right to be informed as to how we process your personal data and as to your rights in relation to the processing of your personal data. We fulfil this obligation by publishing this Privacy Policy. If you would like further information, please do not hesitate to contact us.
• Right of access: You have the right to request access to your personal data stored by us at any time. This gives you the opportunity to check which personal data we process about you. In individual cases, the right of access may be restricted or excluded, particularly if there are doubts as to the identity concerned or if this is necessary for protecting other persons.
• Right to rectification: You have the right to have incorrect or incomplete personal data rectified or completed, or to have it supplemented with a note about the objection, and to be informed of the rectification.
• Right to erasure: You have the right to request the erasure of your personal data if the personal data is no longer necessary for the purposes pursued, you have validly revoked your consent or have validly opted out of the processing, or if the personal data is being processed unlawfully. The right to erasure may be excluded in individual cases, particularly if the processing is required in order to exercise the right of free expression or to enforce legal claims. We may also anonymise personal data so that it is no longer available. Please note that, even after you have requested the erasure of your personal data, we must retain it in some instances in accordance with our statutory or contractual retention duties. In such cases, we will only block your personal data to the extent required for this purpose. Furthermore, an erasure of your personal data may mean that you can no longer obtain or use the services registered by you.
• Right to restrict processing: Under certain conditions, you have the right to request that the processing of your personal data be restricted. This may mean, for instance, that the processing of personal data is (temporarily) discontinued or that published personal data is (temporarily) removed from a website.
• Right to the surrender or transfer of data: You have the right to obtain from us the personal data that you have provided to us in a structured, commonly used and machine-readable format if the specific data processing is based on your consent or is necessary for the performance of the contract and the processing is performed through automated processes.
• Right to revoke consent: If we process your personal data based on consent, you have the right to revoke your consent at any time. The revocation shall apply only for the future; however, past processing activities based on your consent are not rendered unlawful by your revocation. We reserve the right to continue to process personal data on a different basis in the event of a revocation of consent.
  You may contact us as described in Section 16 if you wish to exercise one of your rights or if you have any questions about the processing of your personal data. You can also unsubscribe from newsletters and other promotional emails by clicking on the relevant link at the end of the email.

You are also free to lodge a complaint with the appropriate supervisory authority if you have any concerns as to whether the processing of your personal data is legally compliant.

The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

If you have any questions, concerns or comments about the processing of your personal data or this privacy policy, please contact us by e-mail or mail at:

Goldbach Group Ltd
Seestrasse 39
CH-8700 Küsnacht (Canton of Zurich)
Switzerland

Email: [email protected]

If you contact us using a form on the website or by email, we will store the details you enter for the purposes of processing your query and in the event of follow-up questions, for a period of six months. We will not disclose this data without your consent.

Data Protection Officer:

Goldbach Group Ltd
Meret Sagoo
Seestrasse 39
CH-8700 Küsnacht ZH
Switzerland

[email protected]

For requests from the EU area, you can contact our representative (Art. 27 GDPR):

ePrivacy GmbH
Burchardstrasse 14
20095 Hamburg
Germany
www.eprivacy.eu/en

This Privacy Policy may be amended over time, in particular if we further develop our website, implement new technologies, or if new legislation becomes applicable. In the event of significant changes, we will actively inform persons registered with us of such changes by contacting them at the email address provided during registration or by posting a corresponding notice at an appropriate location, where this is possible without disproportionate effort. In general, the Privacy Policy in the version current at the start of the processing in question applies to data processing in each case.

The original Privacy Policy is in German. The translated versions are for ease of comprehensibility only. In the event of discrepancies, the German text shall prevail.