Privacy Policy

Preamble

We highly value your privacy and the protection of your personal data. Therefore, we provide you with this Privacy Policy to inform you about the processing of your personal data, ensuring you can use our website with knowledge and confidence that we handle your data strictly according to this Privacy Policy and in compliance with legal regulations. This statement transparently explains which types of personal data are involved and how, to what extent, and for what purpose they are processed by us. This Privacy Policy is comprehensive, thus applying to all processing activities we conduct. You are not obligated to provide us with personal data. However, we may not be able to consider and process your request according to your interests if you choose not to.

Personal data refers to all information related to an identified or identifiable person.

Responsible Entity

Below, information on the responsible entity or controller according to applicable data protection laws, and your contact option for data protection inquiries:

Ariser AG Huobstrasse 21 6333 Hünenberg See Switzerland Represented by: Florian Stasch

Phone: +41415080767 Email: info@ariser.com

This Privacy Policy informs data subjects about the purposes, scope, and nature of the processing of personal data by the aforementioned responsible entity. The responsible entity is the legal person which decides on the means and purposes of processing personal data alone or jointly with others. The controller is the entity you can contact for inquiries and to exercise your rights.

We take data protection very seriously and therefore work with certified data protection officers/advisors. However, we are not legally required to appoint a data protection officer/advisor and have thus not designated one. If you have any questions about data protection, we are happy to provide detailed information via the contact details mentioned above.

Legal Basis for Data Processing

According to the GDPR, personal data within the EU/EEA can only be processed with a legal basis under Article 6 GDPR. In most cases, this is a legitimate interest on our part (Article 6(1) sentence 1 lit. f GDPR) or your consent (Article 6(1) sentence 1 lit. a GDPR), provided you have given it. If you are in a contractual relationship with us, or such is being initiated, this also constitutes a basis for processing personal data (Article 6(1) sentence 1 lit. b GDPR). Additionally, there may be a legal obligation for us to process data (Article 6(1) sentence 1 lit. c GDPR). The specific legal bases applicable in each case are listed below in this Privacy Policy. Please note that, depending on your location or residence, additional data protection regulations, particularly national provisions, may apply.

For processing personal data of data subjects from Switzerland, we comply with the Swiss Data Protection Act (DSG neu CH) effective from September 1, 2023. Unlike the GDPR, according to DSG neu CH, processing personal data is generally allowed without a legal basis. However, for consistency, the term legal basis is used throughout this text, even when Swiss law does not require it, but referring to the relevant DSG neu CH norm. We adhere to the principles of Article 6 DSG neu CH, including processing in good faith and for a specific and identifiable purpose, the proportionality of processing, and the destruction or anonymization of personal data once the processing purpose is no longer applicable and processing is not required.

Since this Privacy Policy may also be used across borders, we use the following terminology from the GDPR for equivalent terms in DSG neu CH:

Term GDPR Equivalent DSG neu CH

Processing Bearbeitung (Processing) Personal Data Personendaten (Personal Data) Legitimate Interest Überwiegendes Interesse (Predominant Interest) Special Categories of Personal Data Besonders schützenswerte Personendaten (Particularly Sensitive Personal Data) Transmission of Personal Data Bekanntgabe von Personendaten (Disclosure of Personal Data)

Types and Purposes of Processing Personal Data as well as their Collection and Storage General Information

Depending on your use of our offer, we process different personal data for different purposes.

Various purposes may include providing our online presence, managing our IT infrastructure, security measures, office procedures, organizational management, and marketing. Furthermore, the purpose of processing may involve fulfilling contractual obligations, including providing a contracted service, as well as communication, managing and responding to contact and other inquiries, and/or conducting contests.

For these purposes, we process different types of data, primarily inventory, usage, content, and/or metadata, but also payment, contact, communication, location, other contract, and/or procedural data, as well as event data. The types of processed data are always limited depending on the specific purpose.

The following categories of persons may be affected by our processing of personal data: users and interested parties; customers, applicants, business and other contractual partners; further communication partners, participants in contests or similar competitions, and members.

The respective purposes, data types, and affected persons are also detailed below.

2.1 General and Beyond the Website Data Processing during a Visit to "https://www.ariser.com" Server Log Files

When you access our website, the following data are automatically processed, which are necessary to establish a smooth connection between your end device and our website and to properly display the website:

IP address Name and address of the visited website and files Access time Message about successful retrieval Used operating system and browser Referrer URL Internet provider

The processed personal data also serve to optimize and ensure the security of the website and the information technology systems.

The legal basis for processing this data is our legitimate interest, which allows processing of personal data to protect the legitimate interests of the controller. The legitimate interests arise from the reasons mentioned above. The data are deleted once they are no longer needed, which is the case at the end of the session, unless legitimate interests in further storage exist (e.g., unlawful access).

Processed Data: Communication and procedural data (e.g., IP addresses), usage data (e.g., access times) Affected Persons: Users Processing Purposes: Providing an optimal online presence, IT infrastructure; security measures Legal Bases: Legitimate interests (Article 6(1) sentence 1 lit. f GDPR) Consent (Article 6(1) sentence 1 lit. a GDPR) / legitimate interest in providing an online offer (according to Article 6 and 8 DSG neu CH), consent of participants (Article 31(1) DSG neu CH)

Guarantees: Data processing agreement and, if data transfer to third countries occurs, the use of EU standard contractual clauses and possibly additional certification of the host/provider according to the EU-US Data Privacy Framework DPF.

According to Article 45 GDPR, all EU member states are considered safe data export countries for personal data, and currently (as of the last check in June 2023), the following third countries: Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, Japan, the United Kingdom, and South Korea have been deemed compliant with data protection by the European Commission, allowing the export of personal data from the EU to these countries.

For processing personal data from Switzerland in the EU/EEA or the United Kingdom (UK), according to the Swiss Federal Council, adequate data protection is currently (as of the last check in June 2023) ensured under Article 16(1) DSG neu CH, allowing the export of personal data from Switzerland to these countries.

Regarding our website, we also refer to the privacy policy of the hosting provider Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel, https://de.wix.com/about/privacy

Business Services and Applications

If you are a business partner, applicant, customer, or other contractual partner in a contractual or contract-like legal relationship with us, we generally process your personal data to fulfill our obligations from this relationship – providing the owed service or pre-contractual measures. Additionally, depending on the individual data, legal obligations for processing may exist, such as tax obligations. Moreover, we regularly have a legitimate interest in processing, particularly for proper business management and protecting the business operation. Your data are only disclosed to third parties in accordance with legal requirements. The processed data include in particular inventory and contact data (name, address, phone number, email address), as well as payment data (bank details, invoices). If you use our online offer within the contractual relationship, corresponding usage and metadata (e.g., IP address, time and duration of access, possible consents) can also be processed.

These personal data are processed after the end of the contractual relationship usually as long as potentially statutory warranty or similar obligations exist or as long as statutory retention periods exist.

We note that terms and privacy notices of third parties may apply if they become part of the contractual relationship. This can be the case if we use or commission third-party providers to fulfill our services and obligations.

Processed Data: Communication and procedural data (e.g., IP addresses), usage data (e.g., access times), contact data (e.g., email address), payment data, inventory data (e.g., name, address) Affected Persons: Interested parties, applicants, customers, contractual and business partners Processing Purposes: Ensuring contractual services/obligations, communication and contact inquiries, office and organizational procedures; security measures, administration, suitability for a position check Legal Bases: Contractual claims (Article 6(1) sentence 1 lit. b GDPR), legal obligations (Article 6(1) sentence 1 lit. c GDPR), legitimate interests (Article 6(1) lit. f GDPR) / legitimate interest (according to Article 6 and 8 DSG neu CH) Task Completion according to Business Regulations or Statutes

If you are a member or in a comparable relationship with us, such as a supporter or business partner, we process personal data in carrying out our tasks and receiving donations or other services. This may also include a legitimate interest on our part, for example, in organizational tasks. The exact processed data depend on the respective membership or other contractual relationship. Typically, these are inventory and contact data (name, address, phone number, email address), payment data (bank details, invoices), and other contract data (term, subject of the contract).

We process these data as long as they are necessary for the respective statutory purposes. This includes any warranty and liability obligations. After these purposes no longer apply, we destroy the data except for those for which statutory retention obligations exist.

Processed Data: Contract data (e.g., subject of the contract), contact data (e.g., email address), payment data, inventory data (e.g., name, address) Affected Persons: Users, members, contractual and business partners Processing Purposes: Ensuring contractual services/obligations, communication and contact inquiries, administration Legal Bases: Contractual claims (Article 6(1) sentence 1 lit. b GDPR), legitimate interests (Article 6(1) lit. f GDPR) / legitimate interest (according to Article 6 and 8 DSG neu CH)

Should we use so-called cookies – small text files – to operate this website, they are stored on your device and may, for example, ensure the website's functionality or enable an analysis of website usage. In this case, personal data are processed. Details on individual cookies, such as the respective legal basis (e.g., consent or legitimate interest), the storage duration, or revocation and objection options, are then detailed in the cookie management below. Regarding the use of cookies, affected persons generally have a right to object or the option to deactivate these in the browser settings. However, we note that this may result in not ensuring the website's full functionality.

Should we use cookies, this occurs either based on your consent or with a legitimate interest, for example, to improve our website functions or to fulfill contractual obligations if a cookie is necessary for contract conclusion. Cookies are stored differently long. Some cookies are temporary and are deleted at the latest when you close your browser or app. Other cookies are permanently stored on your device. You can delete the permanently stored cookies independently at any time. Alternatively, please refer to the cookie management tool for when cookies are automatically deleted.

The selection of cookies for analysis/statistics or advertising can be adjusted by you at any time via the cookie settings.

Opt-In and Opt-Out

When first accessing this website, you can generally consent to the use of cookies or customize consent for different cookies.

If you consent to the use of cookies requiring consent, we store your consent declaration to not have to obtain it again during your next website visit, referring to our cookie consent management for storage periods. In addition to the declaration, your IP address, the browser used, and the model of the device used may be stored. You can revoke your consent declaration(s) at any time.

Should cookies be used, storing cookies on your used end device and accessing the stored cookies occur based on either their necessity for providing the website or with your consent based on clear and comprehensive information. The consent to cookies requiring consent is revocable at any time. Data processing is based on the European Union's e-Privacy Directive 2002/58/EC. Its implementation into national law in Germany occurs in § 25(1) and (2) TTDSG. In Austria, the implementation into national law occurs in § 165(3) TKG 2021 AT.

Should cookies be used, we hereby inform you that cookies process data on your end devices according to Art. 45c lit. b FMG CH. The processing serves the purpose described above. You can refuse the processing of cookies requiring consent at any time.

Processed Data: IP address, consent declaration, browser, used end device Affected Persons: Users Processing Purposes: Ensuring contractual services/obligations, functioning online offer, effective and targeted advertising measures Legal Bases: Consent (Article 6(1) lit. a GDPR), legitimate interests (Article 6(1) lit. f GDPR), fulfillment of contractual obligations (Article 6(1) lit. b GDPR) / legitimate interests in a functioning online offer and effective and targeted advertising measures (Article 6 and 8 DSG neu CH), consent (Article 31(1) DSG neu CH)

Plugins and Embedded Functions

We integrate functions and content from external providers, hereinafter referred to as "third-party providers," into our online platform. These may include graphics, videos, or interactive maps, referred to as "content."

Displaying these contents or functions requires processing users' IP addresses by the third-party providers. The transmission of these contents to users' browsers is not possible without using the IP address. We strive to integrate only content from providers who use the IP address solely for content delivery. Third-party providers may also use "pixel tags" (invisible graphics or "web beacons") for statistical or marketing purposes. Through these "pixel tags," information such as visitor traffic on our pages can be evaluated.

The collected pseudonymous information may be stored in cookies on users' devices. These cookies contain technical information about the browser, the operating system, referring websites, visit times, and other details about the use of our platform.

Processed Data: Communication and procedural data (e.g., IP addresses), usage data (e.g., access times), content data, contact data, inventory data (e.g., names, addresses), location data; event data (e.g., via Facebook Pixel, which we can transmit to Facebook, these are processed for audience targeting and do not contain actual content, contact information, login information), event data are deleted by Facebook after a maximum storage duration of 2 years Affected Persons: Users Processing Purposes: Ensuring contractual services/obligations, providing the online presence, creating user profiles, collecting feedback, marketing measures Legal Bases: Consent (Article 6(1) lit. a GDPR), legitimate interests (Article 6(1) lit. f GDPR) / legitimate interest in effective and targeted advertising measures (according to Article 6 and 8 DSG neu CH), consent (Article 31(1) DSG neu CH)

Web Analytics

Web analytics, as a part of digital analytics, encompasses various methods for collecting and analyzing data about companies' online presences. These data are used by the website operator to optimize the customer experience. Furthermore, testing procedures can be used to examine different versions of the online offer.

For these purposes, we can create usage profiles containing pseudonymized data about usage processes. The information is stored on the end device or browser and retrieved from there. The collected data include, among others, visited websites, used functions, and technical details (e.g., the used browser). If users have consented to the collection of their location data by us or the service providers we use, these data can be collected.

IP addresses of users are also stored, but we use a process called IP masking. This pseudonymizes the IP address to protect users' identity. Generally, we do not store personal data (such as email addresses or names) in web analytics, A/B tests, and optimization processes, but exclusively pseudonymized data. Neither the providers nor we know the identity of the users.

Processed Data: Communication and procedural data (e.g., IP addresses), usage data (e.g., access times) Affected Persons: Users Processing Purposes: Generating user profiles, reach measurement (e.g., determining the visit frequency of a website) Legal Bases: Consent (Article 6(1) lit. a GDPR) legitimate interest (Article 6(1) lit. f GDPR) / legitimate interest in effective and targeted advertising measures (according to Article 6 and 8 DSG neu CH), consent (Article 31(1) DSG neu CH) Security Measures: IP masking Guarantees: Data processing agreement and, if data transfer to third countries occurs, the use of EU standard contractual clauses and possibly additional certification of the host/provider according to the EU-US Data Privacy Framework DPF

Social Media Presences

We maintain online presences in social networks. In this context, we process data of the respective users for informational purposes and communication with them. Data processing may occur in third countries, potentially making the enforcement of data subjects' rights more difficult. Details can be found in the respective section of this Privacy Policy and the privacy policies of the used social networks.

Data processing in the social network by the respective operator primarily serves the evaluation of user data and advertising placement. From the collected information, clusters can be formed to show users interest-based advertisements. To enable this user tracking, e.g., cookies (small text files) are stored on users' end devices, which serve to assign and record data. The data collection also occurs independently of the used end device after logging in to the respective social network.

Specific information on the forms of data processing by social networks and the respective objection options can be found in the individual companies' privacy policies and in our clauses. Exercising the rights of data subjects is most effective directly with the operator. However, you can also contact us for this purpose.

Processed Data: Communication and procedural data (e.g., IP addresses), content data, contact data (name, email address) Affected Persons: Users Processing Purposes: Collecting feedback, communication, marketing measures Legal Bases: Legitimate interests (Article 6(1) sentence 1 lit. f GDPR) / legitimate interest in effective and targeted advertising measures (according to Article 6 and 8 DSG neu CH)

Advertising Communication

We process your contact data for advertising communication purposes, provided you have given us your consent. You can revoke this consent at any time. In this case, the data are deleted, and you will no longer be contacted by us for advertising purposes.

Based on our legitimate interest, data can also be stored to prove compliance with legal requirements even after revoking your consent. This storage serves exclusively to defend against possible claims. The data are deleted in this case once they are no longer needed for this purpose. This occurs once the respective applicable limitation periods have expired. Generally, data of affected persons from the EU are deleted after three years. For affected persons from Switzerland, data are usually deleted after one year. Furthermore, we refer to 4. (Storage Duration and Deletion of Personal Data) of this Privacy Policy.

The processing of these data serves exclusively to defend against possible claims. You can request deletion at any time. In this case, we delete the stored data prematurely, provided you confirm simultaneously that consent was given for the advertising communication that occurred.

Processed Data: Contact data (e.g., email address), inventory data (e.g., name, address) Affected Persons: Communication partners Processing Purposes: Direct marketing Legal Bases: Consent (Article 6(1) sentence 1 lit. a GDPR), legitimate interests (Article 6(1) sentence 1 lit. f GDPR) / legitimate interest in effective and targeted advertising measures (according to Article 6 and 8 DSG neu CH), consent (Article 31(1) DSG neu CH)

Contacting by Phone, Fax, Email, and/or Postal Mail

If you contact us by phone, fax, email, and/or postal mail, the personal data you provide in this context are processed and stored by us to enable an evaluation of the communication. The collected data are limited to:

First and last name Phone number / email address / postal address Content of the message or other voluntarily transmitted data

When contacting us via a contact form or our presence in social media, further data collection may occur. The additionally collected data include:

IP address Visited websites Access time

The personal data collected by us in this context are not disclosed to third parties unless this is necessary for the proper handling of the matter due to legitimate interests. Personal data can then be transmitted to affected customers, freelancers, cooperation partners, and authorities. The legal basis for data processing is legitimate interests. In the case of contact aiming at contract conclusion, the legal basis for processing is contractual.

Processed Data: Communication and procedural data (e.g., IP addresses), content data, contact data (e.g., email address) Affected Persons: Communication partners Processing Purposes: Collecting feedback, providing an optimal online presence, communication, and contact inquiries Legal Bases: Contractual claims (Article 6(1) sentence 1 lit. b GDPR), legitimate interests (Article 6(1) sentence 1 lit. f GDPR) / legitimate interest in effective and targeted advertising measures (according to Article 6 and 8 DSG neu CH)

Guarantees: If data transfer to third countries occurs, the use of EU standard contractual clauses and possibly additional certification of the provider according to the EU-US Data Privacy Framework DPF is ensured.

Regarding our phone numbers, we also refer to the privacy policy of the telephone provider Salt Mobile SA, Rue du Caudray 4, 1020 Renens, Switzerland: https://www.salt.ch/en/legal/privacy

2.2 Specific Data Processing/Data Handling on "https://www.ariser.com"

Data Subject Rights Rights as a Data Subject according to the GDPR

As a data subject, you have the following rights according to the GDPR:

Right to Information about Data Processing and Data Subject Rights

You have the right to obtain confirmation from us whether we are processing personal data concerning you. If this is the case, you further have the following rights. You have the right to receive information about your rights according to Articles 13-22, 34 GDPR.

Right to Withdraw Consents

You have the right to withdraw consents granted for processing personal data at any time with future effect towards the controller (Article 7(3), Article 8 GDPR), without suffering disadvantages. The processing of data originally covered by the consent may then no longer be continued by us. The lawfulness of processing based on consent before its withdrawal remains unaffected.

Right to Access

According to Article 15 GDPR, you have the right to request information about the personal data stored about you. You are entitled to the following information:

Purposes of processing Categories of personal data being processed Recipients or categories of recipients to whom the personal data have been or will be disclosed, especially recipients in third countries or international organizations. In the case of third countries and international organizations, you also have the right to be informed about the appropriate safeguards according to Article 46 GDPR. if possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period Existence of the right to request rectification or erasure of personal data concerning you or restriction of processing by the controller or a right to object to such processing Existence of a right to lodge a complaint with a supervisory authority if the personal data are not collected from you, all available information on the source of the data the existence of automated decision-making, including profiling, according to Article 22(1) and (4) GDPR and, at least in these cases, meaningful information about the involved logic as well as the significance and envisaged consequences of such processing for you

Right to Rectification or Completion

According to Article 16 GDPR, you have the right to request us to rectify any incorrect personal data concerning you and to have incomplete personal data completed. We are obliged to comply immediately.

Right to Erasure (Right to be Forgotten) or Destruction

According to Article 17 GDPR, you have the right to request the immediate erasure of personal data concerning you.

We are obliged to erase personal data if one of the reasons listed in Article 17(1) applies. This does not apply to personal data subject to a statutory retention and security period that we must observe, and for the following exceptions regulated in Article 17(3) GDPR:for exercising the right of freedom of expression and information for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller for reasons of public interest in the area of public health in accordance with Article 9(2) letters h and i and Article 9(3) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing for the establishment, exercise or defense of legal claims Right to Restriction of Processing

You have the right to request the restriction of processing if one of the conditions of Article 18(1) GDPR is met.

Right to Notification

You have the right to request information from us about which recipients have been notified that personal data concerning you have been erased, rectified, or restricted.

Right to Data Portability

According to Article 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from us.

Right to Object

According to Art. 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on legitimate interests (Article 6(1) lit. f GDPR). We may then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

Right to Lodge a Complaint with a Supervisory Authority

According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. The competent supervisory authority is the state data protection officer of the federal state in which our company is based. A list of data protection authorities can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html

Rights as a Data Subject according to DSG neu CH

As a data subject, you have the following rights according to DSG neu CH

Right to Information about Data Processing and Data Subject Rights

According to Art. 25(1) DSG neu CH, you have the right to obtain confirmation from us whether we are processing personal data concerning you.

Right to Access

According to Art. 25 DSG neu CH, you are entitled to the following information if you have your seat or residence in Switzerland:

Identity and contact details of the controller Processed personal data Purpose of processing Duration of retention of personal data or criteria for determining the duration Information on the source of the personal data, insofar as not obtained from the data subject Existence of automated individual decision-making, as well as the logic on which the decision is based if applicable, recipients to whom personal data are disclosed, as well as the information according to Art. 19(4)

Right to Rectification or Completion

According to Art. 32(4) DSG neu CH, you have the right to request us to rectify any incorrect personal data concerning you and to have incomplete personal data completed. We are obliged to comply immediately.

Right to Erasure (Right to be Forgotten) or Destruction

According to Art. 32(2) lit. c) DSG neu CH, you have the right to request the immediate erasure of personal data concerning you. Furthermore, according to Art. 32(2) lit. c) DSG neu CH, you have the right to destruction of personal data.

Right to Notification

According to Art. 32(4) DSG neu CH, you have the right to request information from us about which recipients have been notified that personal data concerning you have been erased, rectified, or restricted.

Right to Data Portability

According to Art. 28 DSG neu CH, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from us.

Right to Object

According to Art. 30(2) lit. b) DSG neu CH, you have the right, on grounds relating to your particular situation, to object at any time to processing of personal data concerning you which is based on legitimate interests. We may then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

Right to Lodge a Complaint

You have the right to enforce your data protection rights through legal proceedings or to lodge a complaint with a competent data protection supervisory authority. The competent Swiss data protection supervisory authority for private controllers and federal bodies is the Federal Data Protection and Information Commissioner (FDPIC).

1. Storage Duration and Deletion of Personal Data

Unless explicitly stated in this Privacy Policy, we delete your processed personal data once the reason for processing no longer exists. This is without prejudice to all cases of statutory retention and storage periods (e.g., in Germany § 14b UStG, § 257(1) nos. 2 and 3 HGB, § 147 AO or in Austria § 1478 ff. ABGB) (e.g., in Switzerland Art. 60 OR) In these and other cases, storage duration and deletion occur according to statutory requirements.

2. Changes to this Privacy Policy

We reserve the right to adapt and change this Privacy Policy so that it always meets the current legal requirements as well as our services. The new Privacy Policy then applies from your next visit to our website.

3. Principle of Data Minimization and SSL Encryption

The processing of your personal data only occurs if this is necessary to provide you with a functioning website where all our content and services are technically correctly presented. Other processing operations regularly only occur based on consent given by you according to Article 6(1) lit. a GDPR / Art. 31(1) DSG neu CH, unless the data processing is permitted by other legal provisions.

For security reasons and to protect the transmission of personal data, we use SSL encryption.

Furthermore, we take appropriate technical and organizational measures (TOMs) to ensure an adequate level of protection. Here, the state of the art, implementation costs, the nature, scope, context, and purposes of processing, as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons are considered.

4. Data of Third Parties

If you have provided us with personal data of other persons in addition to data concerning you, please inform these persons about the processing of their personal data using this Privacy Policy.

5. Personal Data Transfer and Third Country Transfers

We sometimes cooperate with third parties in processing personal data, for example, with service companies in the context of embedded content such as videos or in statistical analyses. Personal data may be disclosed in this context. These third parties are in a data processing relationship or as joint controllers with us. In any case, we ensure with appropriate agreements that the legally required and guaranteed by us protection of your personal data is fully observed. These agreements include in particular contracts (data processing agreements, standard contractual clauses, etc.).

Some of our contractual partners are located in third countries, so data transfer can also occur abroad.

If we process personal data in third countries outside the EU or EEA, lawful processing is ensured by one or more of the following methods:

Transfer to a third country with recognized data protection level (Art. 45 GDPR): The EU Commission may determine whether a third country has a data protection concept sufficient for the requirements of the GDPR, allowing a DSGVO-compliant transfer to such a third country. Details can be found at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_de (last accessed on August 12, 2023). The current list of adequate countries by the EU Commission can be seen at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de (last accessed on August 12, 2023). Transfer subject to appropriate safeguards (Art. 46 GDPR): These safeguards include, among others, an obligation to the EU-US Data Privacy Framework (DPF) effective from July 10, 2023, and the EU Commission's standard contractual clauses (SCCs). A list of companies committed to complying with the DPF is maintained at https://www.dataprivacyframework.gov (last accessed on August 13, 2023). The EU Commission's SCCs can be found at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en (last accessed on August 13, 2023). Existence of a condition (Art. 49 GDPR): For example, the existence of your explicit consent, the necessity for contract fulfillment, or a legal obligation. Other grounds from Art. 44-49 GDPR: The list provided here serves for comprehensibility and transparency and is not exhaustive. Which basis for lawful transfer to a third country applies in detail is listed below in this Privacy Policy.

For disclosure of personal data to third countries outside Switzerland, the Federal Council has published a list of states with an adequate level of data protection. This can be viewed at https://www.fedlex.admin.ch/eli/cc/2022/568/de#annex_1/lvl_u1 (last accessed on August 13, 2023). If we disclose personal data to a third country without an adequate level of data protection, this only occurs while complying with the guarantees according to Art. 16 DSG neu CH, in particular, the use of standard data protection clauses recognized by the FDPIC. Further information from the FDPIC itself can be found here: https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/arbeit_wirtschaft/datenuebermittlung_ausland.html (last accessed on August 13, 2023)

Alternatively, disclosure to third countries can occur with your explicit consent, for contract fulfillment, or for example, to protect the overriding public interest (Art. 17 DSG neu CH). The individual measures we take to ensure disclosure to third countries according to the rules of DSG neu CH are listed below in the respective sections.

Contact Option for Data Protection Questions

For questions and comments on this Privacy Policy, please email us at info@ariser.com.

This Privacy Policy was generated with www.DatenBuddy.de / www.DatenBuddy.ch under the customer terms and conditions of u-create.it UG (limited liability). The generator was created in collaboration with AID24 law firm - RA Christoph Scholze and AV-Vertrag.org