DATA PROTECTION AND TERMS OF USE

Disclaimer

Important information on data protection

Version: August 2023

For us, Doetsch Grether AG, the protection and security of your personal data, as well as compliance with data protection regulations, is important. In the following, we inform you about which data is collected in the course of using our website and how we use it. We treat personal data as strictly confidential, and we do not disclose or sell data to third parties. In close cooperation with our hosting provider, we endeavour to protect the databases from unauthorised access, loss, misuse or falsification.

In this privacy policy, we provide information about which personal data we process in connection with our activities and operations, including our website, and how we handle it.

Basic

The services offered by Doetsch Grether are geared towards Switzerland. Likewise, our websites are aimed at people in Switzerland. People living abroad can visit our websites, but they are not our target audience. We are subject to Swiss data protection law, in particular the Federal Data Protection Act (hereinafter DSG).

Individual activities may additionally be subject to the General Terms and Conditions (GTC), specific terms of use or participation or other legal documents. Personal data is information that can be used to discover your identity. We collect, process and use your personal data as described in this privacy policy and in compliance with the legal data protection requirements. During a simple visit to our website, i.e. if you do not contact us by e-mail or telephone, we only collect the personal data that your browser transmits to our server.

Server log files

During the connection of your browser to our websites, data is exchanged between your browser and our website hoster. This information is absolutely necessary for the establishment of the IP connection, does not allow any conclusions to be drawn about your person and is not evaluated by us. Our website hoster is legally obliged to keep this information (log files) for six months. After expiry of this period, they will be deleted.

Purpose of the collection, processing and use of personal data

- date and time of your visit to our website
- The accessed files (texts, graphics, photos, videos, etc.)
- The HTTP status of the request (file found, file not found).
- The browser you use, the browser version and the browser settings
- The operating system you are using and its version
- The amount of data transmitted
- The requesting IP address

Our product websites refer to shops of our product customers or sales partners by means of backlinks. We do not register any purchase information and refer to the data protection provisions of the respective product shops.

The legal basis for processing your personal data is our legitimate interest. Our legitimate interest is to ensure the functionality of our website and in this context, of course, to respond to your enquiries. Your data will not be passed on to third parties unless we are legally obliged to do so (e.g. in the case of a request from an authority or a court) or you have given us your consent to do so. We only use your data for the purpose for which you have provided us with the data. Your data will be deleted as soon as it is no longer required for the fulfilment of the purpose for which it was collected (after the end of your visit to our website or when processing your enquiry by e-mail/mail/telephone) and the deletion does not conflict with any statutory retention obligations. Cookies We use cookies to make the websites more user-friendly.

Cookies are data that the visited website or its server stores in your computer via the browser, e.g. in order to recognise it later. By using the website with cookies activated, you consent to the processing of your personal data collected by cookies, if you have not already expressly granted consent to the use of cookies. In principle, this website can also be used without accepting cookies, although individual functionalities may then be restricted.

We use session cookies as well as temporary and permanent cookies on our websites and mobile applications. So-called session cookies are automatically deleted from your computer or mobile device after the end of a browser session. Temporary or permanent cookies remain stored on your computer or mobile device for a longer period of time or indefinitely after the end of a browser session and make it possible, for example, for you to be recognised on a future visit to our websites and for your preferred settings to be adopted.

Most internet browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears when you receive a new cookie. On the following pages you will find explanations on how to configure the processing of cookies in the most popular browsers: Microsoft's Windows Internet Explorer Microsoft's Windows Internet Explorer Mobile Mozilla Firefox Google Chrome for Desktop Google Chrome for Mobile Apple Safari for Desktop Apple Safari for Mobile Disabling cookies may mean that you cannot use all the functions of our websites. You can view and delete the cookies stored on your computer and control and prevent the setting of cookies via the settings of your Internet browser.

For more information, please contact the manufacturer or consult the help function of your internet browser.

Automated decision-making or profiling

We do not use automated decision-making as defined by Swiss data protection legislation. Should we use this in individual cases in the future, we will inform you of this separately, insofar as this is required by law.

Contact form

Should you provide your contact details on the website (e.g. name, address, e-mail address, telephone number), we will use these, among other things, to contact you by telephone, e-mail or letter post and for the identifiable and stated purposes. When you submit the form, your IP address and the date and time of submission are also stored. This information is used to prevent misuse of our contact form.

Newsletter order

Doetsch Grether processes personal data that you disclose to us in connection with a newsletter order for the marketing purposes stated on the relevant website. As part of the registration process, your consent to the transmission of newsletters to the specified address will be obtained. The only mandatory information is the e-mail address to be supplied.

If you have purchased products or services via our website and have entered your e-mail address, this may subsequently be used by us to send you newsletters. In such a case, the newsletter will only be used to send direct advertising for our own similar goods or services. Your data will be stored until the newsletter subscription is terminated and analytical evaluations will be made. (e.g. through pixel tracking). For this purpose, we analyse, for example, which newsletter you open or which link in it you click and link this to stored data and information, e.g. about your interests and preferences. If users do not want their data to be processed as described, they should unsubscribe from the newsletter. A link to unsubscribe is included in every newsletter email. In addition, you can contact the address given below.

With the service provider Mailchimp used, data may be transferred to the USA and processed there. Security measures are taken in accordance with applicable legal requirements to ensure adequate protection for any personal data transferred from Switzerland, the United Kingdom or the EEA to the United States.

Mailchimp: Communication platform. Service provider: The Rocket Science Group, LLC (Atlanta, USA), subsidiary of Intuit Inc. (USA) Information on data transmission: https://mailchimp.com/de/help/mailchimp-european-data-transfers/. General privacy policy: https://www.intuit.com/privacy/statement/#5._General_InformationUnerwünschte Adverse drug reactions (ADRs)If you experience an adverse drug reaction after taking one of our medicinal products, you can report this to your doctor or pharmacist or directly to the Swiss Agency for Therapeutic Products (Swissmedic) https://nebenwirkung-melden.swissmedic.admin.ch/.

Please observe the Swissmedic data protection regulations if you wish to report side effects.

Apply and contact us by e-mail

We can be contacted via our website (job advertisement) and the e-mail address provided as a link. In this case, your personal data transmitted with the enquiry (in any case first and last name and e-mail address) as well as your message will be stored. Optionally, you can enter further information such as contact details, company name, etc. in the respective fields or checkboxes.

The processing of this personal data serves us to process the contact and your request. The legal basis for the processing of this data, which is transmitted in the course of sending a request, is our legitimate interest as the controller in communicating with the users of our website. If the request is aimed at the conclusion of a contract, the additional legal basis is - fulfilment of a contract or pre-contractual measures to this end).

The above-mentioned data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data sent by e-mail or the contact form, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant matter has been conclusively clarified and no contractual relationship results from it.

Cloud services

We use software services (so-called "cloud services", also referred to as "software as a service") accessible via the Internet and executed on the servers of their providers for us and our customers for the following purposes: Document storage and management, calendar management, emailing, spreadsheets and presentations, sharing documents, content and information with specific recipients or publishing web pages, forms or other content and information, and chatting and participating in audio and video conferencing.

Personal data may be processed and stored on the providers' servers as part of communications with us or otherwise processed by us as set out in this Privacy Policy. This data may include, in particular, master data and contact data of users, data on transactions, contracts, other processes and their contents. The cloud service providers also process usage data and metadata that they use for security purposes and service optimisation. If we use cloud services to provide forms or other documents and content to other users or publicly accessible websites, the providers may store cookies on users' devices for the purposes of web analytics or to remember users' settings (e.g. in the case of media control).

Microsoft: Cloud storage services; service providers: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Website: https://microsoft.com/de-de; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement, safety instructions: https://www.microsoft.com/de-de/trustcenter. The most common Azure services such as computers (virtual machines), databases and web services are now available in the Microsoft Cloud Switzerland and are also stored in Switzerland.

Social Media

We are present in various social networks to communicate with interested people. If you also use these networks, your data may be processed in countries such as the USA, where the legal foundations in terms of data protection may be weaker than in Switzerland or the European Economic Area (EEA). Furthermore, user data is usually processed for market research and advertising purposes. For example, profiles can be created based on usage behaviour.

We recommend that you log out of social media apps and online accounts before visiting other websites. Otherwise, your surfing behaviour will be recorded by the providers of these services and assigned to your profile. Without prior opt-out, these providers also record visits to our websites, even if there is no integration on them. We refer to the privacy policies and information of the operators of the corresponding networks. Requests for information and concerns about data subject rights are most effectively directed to the providers. Only they have access to the data and can take direct action and provide information.

Facebook: Social network. Service provider: Meta Platforms Inc, (Palo Alto, USA). Facebook data policy and further information regarding the handling of personal data: https://www.facebook.com/policy, https://www.facebook.com/legal/terms/information_about_page_insights_data.

Instagram: Social network. Service provider: Meta Platforms Inc, (Palo Alto, USA) Instagram Privacy Policy:

https://help.instagram.com/155833707900388Pinterest: Social network. Service provider: Pinterest Europe Ltd (Dublin, Ireland), parent company: Pinterest Inc (San Francisco, USA). Privacy Policy: https://policy.pinterest.com/de/privacy-policy; Privacy settings:

https://www.pinterest.com/settings/privacy/Twitter/X: Social network. Service provider: X Corp. (Dublin, Ireland). Parent company: X Corp. (San Francisco, USA). Privacy Policy: https://twitter.com/de/privacy, (settings) https://twitter.com/settings/account/personalization.Vimeo:

Social network and video platform. Service provider: Vimeo Inc, (New York, USA). Privacy Policy:

https://vimeo.com/privacyYouTube: Social network and video platform. Service provider: Google Ireland Limited, (Dublin, Ireland). Parent company: Google LLC (Mountain View, USA). Privacy Policy: https://policies.google.com/privacy; Possibility of objection (opt-out): https://adssettings.google.com/authenticated.

LinkedIn: Our websites use the "share function" of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. If you click on the LinkedIn "Share- Button" (plug-in), you will be redirected to your user account in a separate browser window, provided you are logged into your user account at LinkedIn, and you can share the electronic publication deposited on our website by adding a comment. The plug-in establishes a direct connection between your browser and the LinkedIn server. LinkedIn thereby receives the information that you have visited our website with your IP address. Furthermore, it is then possible for LinkedIn to assign your visit to our website to you and your user account. We would like to point out that we have no knowledge of the content of the transmitted (personal) data or its use by LinkedIn. For more information, please see LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy. If you do not want LinkedIn to be able to assign your visit to our pages to your account, please log out of your LinkedIn account.

Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc, USA ("Google"), to collect usage and movement data for our websites. The information generated by Google Analytics cookies about your use of this website is generally transmitted to a Google server in the USA and processed there. However, if IP anonymisation has been activated on this website, your IP address will be abbreviated beforehand by Google within the member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by installing the browser plugin available at http://tools.google.com/dlpage/gaoptout?hl=de.

More information on terms of use and data protection : https://www.google.de/intl/de/policies/. We also use Google Analytics to evaluate data from AdWords and the double-click cookie for statistical purposes. If you do not want this, you can deactivate it via the Ads Preferences Manager at http://www.google.com/settings/ads/onweb/?hl=de.

Google AdWords: Our website uses Google conversion tracking. If you have reached our website via an ad placed by Google, Google AdWords will set a cookie on your computer. The conversion tracking cookie is set whenever a user clicks on an ad placed by Google. These cookies expire after 30 days. The customers are informed of the total number of users who clicked on their ad and were redirected to a page featuring a conversion tracking tag. However, they do not receive any information with which users can be personally identified.

Google Remarketing / Retargeting: Our website uses the functions of Google Analytics remarketing in combination with the cross-device functions of Google AdWords and Google DoubleClick. These functions allow interest-based, personalised ads that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) to also be displayed on another of your end devices (e.g. tablet or PC). For this purpose, web and app browsing history is linked to your Google account.

To support this feature, Google Analytics collects Google-authenticated IDs of users, which are temporarily linked to Google Analytics data. This allows to define and create target groups for cross-device ad advertising.

Remarketing technologies are used for marketing purposes. You can object to cross-device remarketing/targeting by deactivating personalised advertising in your Google account https://www.google.com/settings/ads/onweb/.

Further information and the privacy policy in Google's privacy policy: https://www.google.com/policies/technologies/ads/.

Security

We have taken various technical and organisational measures to ensure that the data we collect and process is protected against unauthorised access, loss, destruction or manipulation. Legal requirements for data protection are of course complied with. However, we would like to point out that no data transmission via the Internet is one hundred percent secure; in particular, there is a risk of access by third parties when data is transmitted by e-mail. As a result, we cannot guarantee complete protection of the data and information you transmit via our website.

Furthermore, we ensure that our data storage of our personal data in the cloud takes place with providers who are also active in Switzerland and store our data at least in Europe. We use Microsoft's Office 365 https://privacy.microsoft.com/de- en/privacystatement.

Data security

To increase data security, Doetsch Grether takes appropriate technical and operational measures. These are, for example, protecting certain areas of the website with SSL encryption or with passwords, and limiting access to personal data to employees and contractors of ours who need to know the data in order to process it in accordance with its purpose. However, you should bear in mind that no internet transmission is ever 100% secure or error-free. E-mails in particular can be insecure. Unauthorised third parties may be able to access your data that you transmit via the Internet. This can result in this data being made available to third parties, disclosed, changed in content, lost or other problems. Even if the sender and recipient are in the same country, data sent over the Internet may leave that country and be transferred to a country where data protection requirements are less restrictive than in your country of residence. Doetsch Grether expressly points out that data transmission on the Internet has security vulnerabilities and protection against access by third parties is not always guaranteed. We are not responsible or liable for the security of your data while it is being transmitted to us over the Internet.

Data Transfer / Disclosure to Third Parties

We may transfer your data, within the scope of the purpose for which it was collected, to affiliated companies and their and our own agents and third party service providers within or outside the country in which you reside or from which the data was transmitted; in order for these third party service providers to use your data as Doetsch Grether is permitted to do. You too are obliged to observe data protection. Your data will only be passed on in any other way if this is legally permissible or you have given us your consent to do so, or if Doetsch Grether is obliged to do so by applicable laws, government orders or a decision of an authority or court.

Links to other websites

For your convenience, this website may contain links to other websites, in particular to our respective partners. This privacy policy does not apply to those other websites. We recommend that you read the relevant data protection notices for information on data collection and data processing.

Your rights

You can exercise the following rights with regard to your personal data:

The right to information
Information on the origin, disclosure, purpose of collection and use, the planned duration of storage and the type of processing of those data concerning your person.

The right to rectification
Rectification, truncation or completion of those data concerning your person which you cannot correct yourself.

The right to erasure
Erasure or blocking of those data concerning your person that you cannot erase yourself.

The right to restriction of processing
Restriction with regard to the duration of use and the material reference of those data which concern you personally, including revocation of authorisations already granted. See also chapter "Objection to data processing for the future".

The right to data transfer
Release of your personal data in machine-readable form.

Where we are unable to allocate requests for information, correction, deletion, restriction of processing and data transfer without doubt, we reserve the right to assure ourselves of the identity of the person making the request and to demand copies of meaningful documents such as ID cards or certifications.

Right to lodge a complaint
If you are of the opinion that your rights to information have not been sufficiently fulfilled or your
If your personal data is not being processed in accordance with the law, you can contact us.
Complaint to the competent supervisory authority. In Switzerland, this authority is
the Federal Data Protection and Information Commissioner (FDPIC).

Concluding

Accessing websites and online shops as well as sending and receiving e-mails is never absolutely secure. In addition, numerous security authorities and secret services monitor the use of the Internet and collect information that is not related to a specific suspicion or criminal offence.

Contact

If you have any questions about data protection on our website, would like to request information or request the deletion of your data, please contact our contact person for data protection law by sending an e-mail to datenschutz@doetschgrether.ch or writing to the following address:

DOETSCH GRETHER AG
Data Protection Officer
Sternengasse 17
CH-4051 Basel / Switzerland

Tel. +41 61 287 34 11
Fax +41 61 287 34 13 datenschutz@doetschgrether.ch of the Privacy Notice This Privacy Notice may be updated from time to time as we continue to develop and improve our services.

For this purpose, the latest version is published on our website.

Last update: 30 August 2023