Privacy Policy of ifolor AG, Kreuzlingen (Switzerland)

Welcome to our website and thank you for your interest. The protection of your personal data is important to us. We therefore conduct our activities in accordance with the applicable legal provisions on the protection of personal data and data security. We would like to inform you below about which data from your visit is used for which purposes.

In the following, the abbreviation "DPA" refers to the completely revised new Federal Act on Data Protection (FADP), which came into force on September 1, 2023.

Responsible body for processing according to FADP

The controller within the meaning of the FADP and other provisions of a data protection nature is the:

Ifolor AG
Sonnenwiesenstrasse 2
8280 Kreuzlingen
https://www.ifolor.ch
service@ifolor.ch
+41 71 686 54 54

Data Protection Officer
The data protection officer 
Keyed GmbH
Siemensstrasse 12
48341 Altenberge, Westphalia
+49 (0) 2505 - 639797
https://keyed.de

What is personal data?

The term "personal data" is defined in the FADP. According to this, this is all information that relates to an identified or identifiable natural person; this includes, for example, your civil name, your address, your telephone number or your date of birth.

Use of cookies

The Internet pages of Ifolor AG use cookies. Cookies are data that are stored by the Internet browser on the user's computer system. The cookies can be transmitted to a page when it is called up and thus enable the user to be identified. Cookies help to simplify the use of Internet pages for users.

It is possible to object to the setting of cookies at any time by changing the settings in your Internet browser. Cookies that have been set can be deleted. Please note that if cookies are deactivated, it may not be possible to use all the functions of our website to their full extent. The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the user. When accessing our website, users are informed by an info banner about the use of cookies for analysis purposes and referred to this privacy policy. In this context, there is also a reference to how the storage of cookies can be prevented in the browser settings. To find out whether and to what extent cookies are used on our website, please refer to our cookie banner and our information in this privacy policy.

Creation of log files

Each time the website is accessed, Ifolor AG collects data and information through an automated system. This data is stored in the server log files. The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

The following data may be collected:

• Information about the browser type and version used
• The user's operating system
• The user's internet service provider
• The user's IP address
• Date and time of access
• Websites from which the user's system accesses our website (referrer)
• Websites that are accessed by the user's system via our website
• Duration of the requests (in ms)
• Result of the request (status code)
• Size of the request and the response (in bytes)
• Content of the cookies
• Client connection

Duration of storage of personal data

Personal data is stored for the duration of the respective statutory retention period. After this period has expired, the data is routinely deleted, unless there is a need to initiate or fulfill a contract.

Contact options

There is a contact form on the Ifolor AG website that can be used to contact us electronically. Alternatively, contact can be made via the e-mail address provided. If the data subject contacts the data controller via one of these channels, the personal data transmitted by the data subject will be stored automatically. The data is stored solely for the purpose of processing or contacting the data subject. The data will not be passed on to third parties. The data is deleted as soon as it is no longer required for the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

Newsletter & Selligent

If you subscribe to our company's newsletter, the data in the respective input mask will be transmitted to the person responsible for processing. Subscription to our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no-one can register with other people's e-mail addresses. When registering for the newsletter, the user's IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to unauthorized third parties. However, data required for the purpose of sending the newsletter may be transmitted to corresponding service providers. There is also an exception if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. The subscription to the newsletter can be canceled by the data subject at any time. Consent to the processing of personal data can also be revoked at any time with effect for the future. There is a corresponding link for this purpose in every newsletter. The legal basis for the processing of data after the user has subscribed to the newsletter is the user's consent.

If you have subscribed to our newsletter, it will be sent via the technical service provider Selligent SA in Belgium (Selligent), to whom we will pass on the data you provided when registering for the newsletter. Belgium is recognized by Switzerland as a country with adequate data protection. This transfer serves our legitimate interest in using an effective, secure and user-friendly newsletter system. Selligent uses this information for sending and for statistical, pseudonymized evaluation of the newsletter on our behalf. You can unsubscribe from the newsletter at any time in writing or directly in the newsletter.

We also use Selligent to send you other electronic messages/emails, e.g. for order confirmation. Accordingly, Selligent may receive your personal data as part of the existing order processing with us. The storage there takes place for the duration for which storage is otherwise lawful for purposes in accordance with this data protection declaration, i.e. in particular for contractual communication within the framework of existing contracts with you or otherwise for advertising communication.

The applicable data protection provisions of Selligent may be retrieved under https://www.selligent.com/privacy-policy-europe/

Online Shop

We use your personal data to process your online purchases (your orders and returns are processed via our online services) and to send you notifications regarding the delivery status or notifications in the event of problems with the delivery of your items and the delivery of these. We use your personal data to process your payments. We also use your data to process complaints and product warranty claims. Your personal data is used to verify your identity, to ensure that you have reached the legal minimum age for online purchases and to check your address with external partners. We would like to offer you several payment methods and carry out analyses to find out which payment options are available to you, including your payment history and credit checks.

Forwarding of data when using online payment service providers

If you decide to pay with one of the online payment service providers we offer as part of your order process, your contact details will be transmitted to them as part of the order triggered in this way. The electronic payment process (with the exception of payment by invoice) is handled by our certified payment service provider, Datatrans AG, Kreuzbühlstr. 26, CH-8008 Zurich. When you pay, your payment data is exchanged directly between you and our payment service provider and stored exclusively with the latter for a limited period of time for the purpose of payment processing and for any complaints or credit notes. The applicable data protection provisions of Datatrans can be found at https://www.datatrans.ch/en/privacy-policy/.

The lawfulness of the transfer of the data results from the fulfillment of our contractual obligations or pre-contractual obligations, for the execution of the payment method you have chosen and our legitimate interests in enabling user-friendly and uncomplicated payment processing. The personal data transmitted to the online payment service provider is usually first name, surname, address, IP address, e-mail address or other data required for order processing, as well as data related to the service, such as type of service, identity of the recipient, invoice amount and taxes as a percentage, billing information, etc. This transmission is necessary to perform the service with the payment method you have selected, in particular to confirm your identity, to administer your payment and the customer relationship. Please note, however, that personal data may also be passed on by the online payment service provider to service providers, subcontractors or other affiliated companies if this is necessary to fulfill the contractual obligations arising from your order or if the personal data is to be processed on our behalf. Depending on the selected payment method, e.g. invoice or direct debit, the personal data transmitted to the provider will be transmitted by the provider to credit agencies. This transmission is used to check your identity and creditworthiness in relation to the order you have placed. You can find out which credit agencies are involved here and which data is generally collected, processed, stored and passed on by the respective provider in the respective data protection declarations of the providers:

1. Datatrans AG, Kreuzbühlstrasse 26, 8008 Zurich, Switzerland. Your payments are processed for us by our partner Datatrans AG in Switzerland, except in the case of payment against invoice. We only receive transaction data from Datatrans, such as the amount of the transaction and a payment confirmation. You can find information about data protection in Datatrans' privacy policy: https://www.datatrans.ch/en/privacy-policy/
2. American Express Cards, issued by Swisscard AECS GmbH, Neugasse 18, 8810 Horgen unter https://www.swisscard.ch/en/legal-conditions-and-information
3. Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium unterhttps://www.mastercard.co.uk/en-gb/vision/terms-of-use/commitment-to-privacy/privacy.html
4. Visa Europe Services Inc., Zweigniederlassung London, 1 Sheldon Square , London W2 6TT , Vereinigtes Königreich unter https://www.visa.co.uk/legal/global-privacy-notice.html
5. PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg athttps://www.paypal.com/us/legalhub/privacy-full?country.x=US&locale.x=en_U S
6. Amazon Payments Europe s.c.a., and secondarily by Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all three located at 5, Rue Plaetis L 2338 Luxembourg (hereinafter "Amazon Payments") at https://pay.amazon.com/help/201751600
7. Stripe, Inc.,185 Berry Street, Suite 550, San Francisco, CA 94107, USA at https://stripe.com/en-ch/privacy
8. micropayment GmbH, Scharnweberstrasse 69, D-12587 Berlin at https://www.micropayment.de/about/privacy/?lang=en
9. giropay GmbH, An der Welle 4, 60322 Frankfurt/Main, Germany at https://www.giropay.de/agb/datenschutzinformationen.pdf
10. RatePAY GmbH, Schlüterstraße 39, 10629 Berlin, Germany at RatePAY GmbH, Schlüterstraße 39, 10629 Berlin, Germany at https://www.ratepay.com/en/data-privacy-policy and https://www.ratepay.com/legal
11. Payment service provider Skrill Ltd, Floor 27, 25 Canada Square, London, E14 5LQ, England at https://www.skrill.com/en/footer/terms-conditions/skrillaccounttermsofuse
12. Sofort GmbH, Theresienhöhe 12, 80339 Munich at https://cdn.klarna.com/1.0/shared/content/legal/terms/en-ch/privacy
13. Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden at https://cdn.klarna.com/1.0/shared/content/legal/terms/en-ch/privacy

Transmission abroad

We would like to inform you that your personal data may also be transmitted to a server abroad and therefore processed outside Switzerland. Please refer to the linked data protection information of the providers for the respective foreign countries.

Duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if you withdraw your consent or request the deletion of your personal data.

Registration on our website for orders, project reminders and sending promotions & discounts

Description & Purpose

If the data subject uses the option of registering on the controller's website by providing personal data, the data in the respective input mask will be transmitted to the controller. The data is stored exclusively for internal use by the controller. The data is deleted as soon as it is no longer required for the purpose for which it was collected. During registration, the user's IP address and the date and time of registration are stored. This serves to prevent misuse of the services. The registration of data is necessary for the provision of content or services. You will also receive e-mails with reminders for projects started for a photo project in the Web Designer (4 reminders within 90 days) or Desktop Designer if you have not completed a project you have started. Registered persons have the option of having the stored data deleted or modified at any time. The data subject can obtain information about their stored personal data at any time.

As part of the registration process, you have the option of subscribing to a newsletter for promotions and discounts. If you have given your consent (incl. double opt-in procedure) by ticking the corresponding checkbox, you will receive e-mails from us as part of our e-mail campaigns with promotions and discounts on various Ifolor products and services. Your consent is the legal basis for e-mails with promotions & discounts.

Duration

The storage period for started projects is 90 days on the web.

Recipients & transmissions

The newsletter service provider Selligent SA from Belgium is used to send the emails. Further information about Selligent can be found in this privacy policy in the section "Newsletter & Selligent".

Further data protection information

The applicable data protection provisions of Selligent may be retrieved under https://www.selligent.com/privacy-policy-europe/

Routine deletion and blocking of personal data

The data controller shall process and store the personal data of the data subject only for as long as is necessary to achieve the purpose of storage. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. As soon as the storage purpose no longer applies or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely blocked or deleted.

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the FADP and you have the following rights vis-à-vis the controller:

Right to withdraw consent

If you have given your consent to the processing of personal data, you have the right to withdraw your consent at any time. This can be done informally and without giving reasons and is effective for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out prior to the withdrawal.

Right to information pursuant to Art. 25 FADP

You can request confirmation from the controller as to whether personal data concerning you is being processed by us. You may receive the information necessary to enable you to assert your rights under this law and to ensure transparent data processing. In any case, the following information will be provided:

1. the identity and contact details of the controller;
2. the processed personal data as such;
3. the processing purpose;
4. the retention period of the personal data or, if this is not possible, the criteria for determining this period;
5. the available information on the origin of the personal data, unless it was obtained from the data subject;
6. where applicable, the existence of automated individual decision-making and the logic on which the decision is based
7. where applicable, the recipients or categories of recipients to whom personal data are disclosed, as well as the information pursuant to Article 19 para. 4 FADP.

Right to rectification pursuant to Art. 32 para. 1 FADP

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay. Rectification is not possible if this is prohibited by law or if the personal data is processed for archiving purposes in the public interest.

Right to data disclosure or transfer pursuant to Art. 28 FADP

You have the right to receive your personal data, which you have provided to the controller, in a commonly used electronic format free of charge if

• 1. the controller processes the data automatically; and
  2. the data are processed with the consent of the data subject or in direct connection with the conclusion or performance of a contract between the controller and the data subject.

You can also request that we transfer your personal data to another controller if the requirements of Art. 28 para. 1 FADP are met and this does not require disproportionate effort.

Right to erasure pursuant to Art. 32 para. 2 lit. c) FADP

If your personal rights have been violated, you can take legal action in accordance with Art. 32 para. 2 lit. c) FADP in conjunction with Art. 28, 28a and 28 g-l of the Swiss Civil Code. Art. 28, 28a and 28 g-l of the Swiss Civil Code to obtain the deletion and destruction of your data.

Right to prohibition of data processing pursuant to Art. 32 para. 2 lit. a) FADP

If your personal rights have been violated, you can take legal action in accordance with Art. 32 para. 2 lit. a) FADP in conjunction with Art. 28, 28 and 28 g-l of the Swiss Civil Code. Art. 28, 28a and 28 g-l of the Swiss Civil Code to obtain a ban on the processing of your personal data.

Right to prohibition of data transfer to third parties pursuant to Art. 32 para. 2 lit. b) FADP

If your personal rights have been violated, you can take legal action in accordance with Art. 32 para. 2 lit. b) FADP in conjunction with Art. 28, 28 and 28 g-l of the Swiss Civil Code. Art. 28, 28a and 28 g-l of the Swiss Civil Code to obtain a ban on the disclosure of your personal data to third parties.

Automated decision-making in individual cases, including profiling in accordance with Art. 21 FADP

We inform the data subject about a decision based solely on automated processing which produces legal effects concerning him or her or significantly affects him or her (automated individual decision-making).

As the data subject, you have the opportunity to express your point of view upon request. You can request that the automated individual decision be reviewed by a natural person.

This does not apply if:

1. the automated individual decision is directly related to the conclusion or performance of a contract between the controller and the data subject and the data subject's request is granted; or
2. the data subject has expressly consented to the decision being made by automated means.

Right to revoke the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Integration of other third-party services and content

Third-party content, such as videos, fonts or graphics from other websites, may be integrated into this online offering. This always presupposes that the providers of this content (hereinafter referred to as "third-party providers") are aware of the user's IP address. Without the IP address, they would not be able to send the content to the respective user's browser. The IP address is therefore required to display this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence on whether the third-party providers store the IP address, e.g. for statistical purposes. Insofar as we are aware of this, we will inform users of this. We would like to provide and improve our online offering through these integrations.

Our overriding legitimate interest lies in the intention to present our online presence accordingly and to provide user-friendly and economically efficient services on our part. Further information can be found in the respective data protection information of the providers.

Applications 

By submitting their application to us, applicants consent to the processing of their data for the purposes of the application process in accordance with the nature and scope set out in this privacy policy. We use the provider of our job portal, Abacus Research AG, Abacus-Platz 1, CH-9300 Wittenbach, for applicant management. The applicable data protection provisions of Abacus can be found at https://www.abacus.ch/en/data-protection.

If provided, applicants can send us their applications using an online form on our website. The data is transmitted to us in encrypted form in accordance with the state of the art. Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. We therefore cannot assume any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend using an online form or sending it by post. Instead of applying via the online form and e-mail, applicants still have the option of sending us their application by post. In the event of a successful application, we may process the data provided by applicants for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant's data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. The deletion takes place after a period of six months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the General Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.

Further functions of the website

guuru - Expert chat

We offer you a live chat with experts on our website. We use the technology of GUURU Solutions GmbH, Switzerland ("guuru") for this purpose. If the information collected in this way has a personal reference, it is processed on the basis of our legitimate interest in effective customer service and the statistical analysis of user behavior for the purpose of optimizing our website.

The applicable data protection provisions of guuru may be retrieved under https://www.guuru.com/en/privacy-policy/

Sovendus Switzerland

As a thank you for placing orders, we enable you to access vouchers and special offers for purchasing and obtaining other services from other providers on the internet via Sovendus Switzerland, an offer from our partner adfocus GmbH, based in Zug, Switzerland (adfocus GmbH, Blegistrasse 9, 6340 Baar, Switzerland). To enable you to access this information, we integrate a corresponding message from adfocus via an encrypted connection when you place orders on our website, whereby data such as your Internet Protocol (IP) address, which may represent personal data, is exchanged with adfocus. Any personal data exchanged in this way is used solely to enable Sovendus Switzerland to offer a permanent, secure and reliable service.

If a Sovendus Switzerland user lands on ifolor.ch after the voucher selection process, Sovendus Switzerland writes a first-party cookie using a javascript. The first-party cookie is used for identification on the order completion page. Sovendus Switzerland only stores the client ID in the cookie. The following information is collected for the visual integration on the order completion page:

• Website language
• Sovendus Switzerland cookie
• Conversion data (order value, order number, voucher code used) from conversion tracking (this data is only used if Sovendus Switzerland is the agent for the order)

Sovendus Switzerland only uses the IP address for possible geolocalization. The IP address is not processed in any other way and is not stored in the system.

Sovendus Switzerland uses the following cookies, which have a shelf life as follows:

• Session cookies (for session recognition, language handling, version numbers, etc.; lifespan: one session, i.e. until the browser is closed)
• Long-term cookies (for pseudonymized recognition of returning visitors and their requests: 90 days)

Sovendus Switzerland does not offer its own opt-out solution because no session data is collected or session-specific data is processed.

The data is processed in Germany. This is a country that is recognized by Switzerland as having an adequate level of data protection.

The applicable data protection provisions of Sovendus Switzerland may be retrieved under Online Privacy Notice - Sovendus.

Surveypal

In order to better understand and address customer needs, we use the online survey tool of Surveypal Inc, Näsilinnankatu B 25, 2nd Floor, 33200 Tampere, Finland ("Surveypal") as part of order processing. Finland is recognized by Switzerland as a country with adequate data protection. This means that data is automatically collected and stored. Surveypal uses this data to create anonymized reports for us about the online survey. The use of our online surveys and the information provided therein is voluntary at all times.

The applicable data protection provisions of Surveypal may be retrieved under https://surveypal.com/privacy-policy/

Excentos Product Guides - "Gift Guide"

Our online offering uses Product Guides from excentos Software GmbH, Reiterweg 1, 14469 Potsdam, Germany ("excentos") to make it as easy as possible for you as a user of our websites to select products. Germany is recognized by Switzerland as a country with an appropriate level of data protection. The Product Guides collect the user's usage activities, such as selected response options and navigation activities as well as interaction with and any purchases of the product recommendations in the Product Guide. This usage data is stored permanently in a web analysis system operated by excentos. No IP addresses are stored in the web analysis system; they are only stored in anonymized form. In addition, the Product Guides or the server services required for this purpose collect the IP address and usage activities of the user as part of a justified weighing up of interests in order to ward off cyberattacks. This is a necessary precautionary measure in order to be able to offer our services. This data is only stored temporarily (7 days) in order to identify potential attack patterns; during this period, an indirect timestamp-based assignment to usage activities may be possible. The IP addresses, including all log data, are then completely deleted. Furthermore, the usage activities of a user are queried during the session with the Product Guide in order to be able to operate the Product Guide, including its interaction and recommendation calculations, at all. This data only remains in the memory, but is not persisted.

If you do not agree with the storage and evaluation of the usage measurement from your visit, you can object to this by clicking on the following link:

https://analytics.excentos.com/index.php?module=CoreAdminHome&action=optOut& language=en

This allows you to place an opt-out cookie in your browser. This means that the service does not set any cookies to measure usage and no session data is collected. Please note: If you delete your cookies, the opt-out cookie will also be deleted and may need to be reactivated by you.

The applicable data protection provisions of excentos may be retrieved under https://www.excentos.com/en/privacy-policy

Trusted Shops Trustbadge

Description and purpose

The Trustbadge® plug-in or widget from Trusted Shops is used on our website. Trusted Shops is operated by Trusted Shops GmbH, Colonius Carré, Subbelrather Straße 15c, 50823 Cologne. Through the Trusted Shops Trustbadge® plug-in or widget, we present you with a summary of our current profile at Trusted Shops directly on our website. In this way, you can see on our website how other users rate us and what position we have on Trusted Shops. This integration enables you to find our profile immediately so that you can also obtain further information about us and rate us. The purpose of processing the data is to integrate a summary of our Trusted Shops profile on our website, in particular the presentation of our Trusted Shops seal of approval and any reviews we may have collected. The plug-in or widget from Trusted Shops is integrated on our website via an interface ("API") to Trusted Shops using Javascript. In particular, the Trustbadge also sets cookies. When the Trustbadge is called up, the web server automatically saves a so-called server log file, which contains, for example, your IP address, the amount of data transferred, the date and time of the call and the requesting provider (access data) and documents the call. This access data is not analyzed. Further personal data is only transferred to Trusted Shops if you have consented to this, have decided to use Trusted Shops products after completing an order or have already registered for use. In this case, the contractual agreement concluded between you and Trusted Shops applies. We do not collect any data ourselves if you view the Trustbadge.

Recipients

The recipient of your personal data is Trusted Shops GmbH, Colonius Carré, Subbelrather Straße 15c, 50823 Cologne.

Transmission abroad

With regard to the transfer of personal data abroad, Trusted Shops provides the following information:

"Trusted Shops uses hosting and infrastructure service providers. It also uses services from Amazon Web Services (AWS). AWS is based in the USA. However, Trusted Shops and AWS have agreed on Germany as the server and thus processing location. As a result, Art. 44 et seq. of the GDPR on the transfer of personal data to a third country does not apply. The ECJ ruling Schrems II therefore has no direct impact on processing.

Transmission to the United States can only occur in the following exceptional cases: To display the Trustbadge properly, AWS is used as a CDN provider. The processing required for this generally takes place on servers in the European Union, in particular in

Germany. However, servers in third countries may also be used if the website is accessed from such a country.

In addition, when the website is accessed and the Trustbadge is displayed, a log file is written and stored on servers provided by AWS. In this case, processing also takes place within the European Union.

An appropriate level of data protection is also ensured by the conclusion of EU standard contractual clauses."

The source of this information and further information about Trusted Shops can be found here:

https://help.etrusted.com/hc/en-gb/articles/360026764732-FAQ-on-Trusted-Shops-Da ta-Protection

Duration of data storage

According to Trusted Shops, the data is automatically overwritten no later than seven days after the end of your visit to the site (see https://business.trustedshops.de/impressum#a0_content)

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here: https://help.etrusted.com/hc/en-gb/articles/360026764732-FAQ-on-Trusted-Shops-Da ta-Protection

TikTok

Description and purpose

Our online offer uses the "TikTok pixel" of TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok"). With the help of the TikTok pixel, TikTok is able to determine the visitors to the website as a target group for the display of advertisements. Accordingly, we use the TikTok pixel to display the TikTok ads placed by us only to those TikTok users who have also shown an interest in our online offering or who have certain characteristics that we transmit to TikTok. The TikTok pixel also enables us to statistically analyze the TikTok ads placed. Data processing by TikTok is carried out in accordance with TikTok's data usage policy.

Each time you access our website, information transmitted by your browser is collected and analyzed for this purpose. The collection takes place via a Java script and cookies. The following information is collected anonymously and processed statistically

• Browser used
• Operating system used
• Time of the call
• Type and content of the campaign
• Reaction to the respective campaign (e.g. purchase, newsletter registration)
• etc.

Cookies are set for the pseudonymized recognition of returning visitors. These cookies lose their validity after 13 months and are not used for personal identification. If you do not agree with the storage and evaluation of the usage measurement from your visit, you can object to this by clicking on the following link.

This allows you to place an opt-out cookie in your browser. This means that the service will not set any cookies to measure usage and no session data will be collected. Please note: If you delete your cookies, the opt-out cookie will also be deleted and may need to be reactivated by you.

Recipients

The recipient is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok").

Transmission abroad:

TikTok also processes your personal data outside Switzerland/EEA, namely in China. To ensure an adequate level of data protection, Ifolor AG has concluded standard contractual clauses with TikTok.

Duration of data storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion and no retention periods prevent deletion.

Further data protection information

The applicable data protection provisions of TikTok may be retrieved under https://www.tiktok.com/legal/privacy-policy or https://ads.tiktok.com/help/article/about-tiktoks-privacy-policy?lang=en

Pinterest Conversion

Description and purpose

Within our online offer, the so-called "Pinterest tag" of the company Pinterest Inc. is used for the analysis, optimization and economic operation of our online offer. With the help of the Pinterest tag, Pinterest is able to determine the visitors of our online offer as a target group for the display of ads (so-called "Pinterest ads"). Accordingly, we use the Pinterest tag to display the Pinterest ads placed by us only to those Pinterest users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Pinterest (so-called "ActALike Audiences"). With the help of the Pinterest tag, we also want to ensure that our Pinterest ads correspond to the potential interest of users and are not annoying. With the help of the Pinterest tag, we can also track the effectiveness of Pinterest ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Pinterest ad (so-called "conversion"). The Pinterest tag is integrated directly by Pinterest when you visit our website and can save a cookie, i.e. a small file, on your device. If you subsequently log in to Pinterest or visit Pinterest while logged in, the visit to our online offer will be noted in your profile. The data collected about you is anonymous to us and does not allow us to draw any conclusions about the identity of the user. The data is processed by Pinterest in accordance with Pinterest's data usage policy.

Recipients

The recipient is Pinterest Inc, 651 Brannan Street, San Francisco, CA, 94107, USA.

Transmission abroad

The personal data will be transferred to the United States.

Duration of data storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion and no retention periods prevent deletion.

Further data protection information

Further information on the processing of your personal data can be found here: https://policy.pinterest.com/en/privacy-policy

Usercentrics

Description and purpose

This website uses Usercentrics' cookie consent technology to obtain your consent to the storage of certain cookies on your device and to document and record this consent in accordance with data protection regulations. As soon as you enter this website, the following personal data is transferred to Usercentrics:

• Your consent(s) or the withdrawal of your consent(s)
• Your IP address
• Information about your browser (http agent, http referrer)
• Information about your end device
• Time of your visit to the website

The following additional data will be added:

• Opt-in and opt-out data
• Referrer URL
• User Agent
• User settings
• Consent ID and Consent Number
• Information on whether implicit or explicit consent has been given
• Time (date and time) of consent
• Consent type
• Template version
• Banner language

Usercentrics also stores a cookie in your browser in order to be able to assign the consents you have given or revoke them. The data collected in this way is stored until you ask us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.

Recipients

The recipient of your personal data is Usercentrics GmbH, Rosental 4, 80331 Munich.

Transmission abroad

The personal data is processed in Germany. Germany is recognized by Switzerland as a country that guarantees adequate data protection.

Duration of data storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion and no retention periods prevent deletion.

Further data protection information

Further information on the processing of your personal data by Usercentrics can be found here:

• https://usercentrics.com/privacy-policy/
• https://usercentrics.com/terms-and-conditions/
• https://usercentrics.com/wp-content/uploads/2023/10/Usercentrics_DPA_Sept ember-2023.pdf

Google Tag Manager

Description and purpose

We use Google Tag Manager (Google LLC. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website. Google Tag Manager allows us to manage website tags via an interface and is a cookie-free domain that does not collect personal information, but can trigger other tags that collect data. Google pseudonymizes the data and the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

Recipients

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

Transmission abroad

The personal data is stored on a server in Europe. It cannot currently be ruled out that personal data will be transferred to the United States of America. An adequacy decision (EU-US Data Privacy Framework) and a Swiss-US Data Privacy Framework have been in place for the USA since July 10, 2023. Google LLC is certified in accordance with the EU-US Data Privacy Framework and Swiss-US Privacy Framework. The requirements of Art. 16 para. 1 FADP are therefore met.

Duration of data storage

The data will be stored for a period of 9 - 18 months. In addition, the data will be deleted if you assert your right to deletion and no retention periods prevent deletion.

Further data protection information

Further information on the processing of your personal data can be found here: https://policies.google.com/privacy?hl=en-GB

Google Ads, Conversion Linker & Conversion Tracking

Description and purpose

In order to draw attention to our services and products, we place Google Ads ads and use Google conversion tracking and the Google conversion linker as part of this. The conversion linker tracks conversion data when a user accesses a website via an ad. Google Ads is a service provided by Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). These ads are displayed after search queries on websites in the Google advertising network. We have the option of combining our ads with specific search terms. We also use Ads remarketing lists for search ads. This allows us to customize search ad campaigns for users who have previously visited our website. The services allow us to combine our ads with certain search terms or to place ads for previous visitors, e.g. advertising services that visitors have viewed on our website. An analysis of online user behavior is necessary for interest-based offers. Google uses cookies to carry out this analysis. When you click on an advertisement or visit our website, Google places a cookie on the user's computer. This information is used to target the visitor in a subsequent search query. Further information on the cookie technology used can also be found in Google's information on website statistics and in the privacy policy. With the help of this technology, Google and we as a customer receive information that a user has clicked on an ad and has been redirected to our websites to contact us via the contact form. Google and we as the customer also receive information via Google forwarding numbers that a user has clicked on one of our telephone numbers on the Internet and contacted us by telephone. The information obtained in this way is used exclusively for statistical analysis to optimize advertising. We do not receive any information with which visitors can be personally identified. The statistics provided to us by Google include the total number of users who have clicked on one of our ads and, if applicable, whether they were redirected to a page on our website with a conversion tag. Based on these statistics, we can see which search terms were clicked on our ad particularly often and which ads lead to the user contacting us via the contact form or by telephone. With regard to telephone contact by interested parties or customers, the statistics provided by Google include the start time, the end time, the status (missed or received), the duration (seconds), the caller's area code, the telephone costs and the call type.

Recipients

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The data controller responsible for processing your information depends on your usual place of residence, unless otherwise stated in the privacy policy of a particular service:

• Google Ireland Limited for users of Google services who have their habitual residence in the European Economic Area or Switzerland
• Google LLC for users of Google services who have their habitual residence in the United Kingdom.

Transmission abroad

The personal data is transferred to the United States. An adequacy decision (EU-US Data Privacy Framework) and a Swiss-US Data Privacy Framework have been in place for the USA since July 10, 2023. Google LLC is certified in accordance with the EU-US Data Privacy Framework and Swiss-US Privacy Framework. The requirements of Art. 16 para. 1 FADP are therefore met.

Duration of data storage

The data will be stored for a period of 9 - 18 months. In addition, the data will be deleted if you assert your right to deletion and no retention periods prevent deletion.

Further data protection information

Further information on the processing of your personal data can be found here: www.google.com/policies/privacy/

Google Analytics 4

Description and purpose

This website uses the service “Google Analytics 4”, which is offered by Google LLC, to analyze website usage by users. The service uses “cookies” - text files that are stored on your end device. First-party cookies are used for this purpose. With a first-party cookie, the user can only be recognized by the page from which the cookie originates, not across multiple domains. The information collected by the cookies is usually sent to a Google server in the USA and stored there. If necessary, Google Analytics on this website is extended by the code “gat._anonymizeIp();” in order to ensure anonymized collection of IP addresses (so-called IP masking). Please also note the following information on the use of Google Analytics: The IP address of users is shortened within the member states of the EU and the European Economic Area. This shortening eliminates the personal reference of your IP address. For EU citizens, the IP address is also only used to derive location data and then deleted again. You also have the option of activating or deactivating the collection of detailed location and device data for individual regions (tracking settings). As part of the order processing agreement that the website operators have concluded with Google LLC, the latter uses the information collected to compile an analysis of website usage and website activity and provides services associated with internet usage.

Recipients

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

Disclosure abroad

The personal data is processed on a server in European Servers. It cannot currently be ruled out that personal data will be disclosed to the United States of America. An adequacy decision (EU-US Data Privacy Framework) and a Swiss-US Data Privacy Framework have been in place for the USA since July 10, 2023. Google LLC is certified in accordance with the EU-US Data Privacy Framework and Swiss-US Privacy Framework. Ifolor AG has concluded standard contractual clauses with Google LLC for the disclosure of personal data to the USA.

Duration of data storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion and no retention periods prevent deletion.

Further data protection information

Further information on the processing of your personal data can be found here:  https://support.google.com/analytics/answer/6004245?hl=en
https://policies.google.com/privacy?hl=en&gl=uk

Google Signals

Description and purpose

We have added Google Signals to our existing Google Analytics functions on our website. Google Signals is a service integrated into Google Analytics that enables cross-device tracking of users (cross-device tracking). When Google Signals is activated, data is processed and assigned to your Google account. This allows Google to determine, for example, that you initially viewed products on our website on your smartphone and later placed your order from another device, such as your computer. If Google Signals is activated for Google Analytics, user data is collected. This may include, for example, location data, search history or other data associated with the use of our website. As a result, we gain more in-depth information about your interests and demographic characteristics. This enables us to divide the users of our website into target groups in order to serve the wishes and interests of specific target groups. The reports created on this basis only contain aggregated data. Personalization by Google Signals only takes place if you have activated “personalized advertising” in your account settings, your end devices are linked to your Google account and you have given us your consent to the use of Google Analytics on our website. To prohibit cross-device data collection and storage by Google Signals, you can deactivate the “personalized ads” function within your Google account. You can find more information on this at: https://support.google.com/My-Ad-Center-Help/answer/12155764?hl=en.

Further information on the processing of your personal data by Google Analytics can also be found in this privacy policy.

Recipients

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

Disclosure abroad

The personal data is processed on a server in European Servers. It cannot currently be ruled out that personal data will be disclosed to the United States of America. An adequacy decision (EU-US Data Privacy Framework) and a Swiss-US Data Privacy Framework have been in place for the USA since July 10, 2023. Google LLC is certified in accordance with the EU-US Data Privacy Framework and Swiss-US Privacy Framework. Ifolor AG has concluded standard contractual clauses with Google LLC for the disclosure of personal data to the USA.

Duration of data storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion and no retention periods prevent deletion.

Further data protection information

Further information on the processing of your personal data can be found here: https://support.google.com/analytics/answer/6004245?hl=en
https://policies.google.com/privacy?hl=en&gl=us

Microsoft Ads

Description and purpose

We use Microsoft Ads technologies (bingads.microsoft.com) on the website, which are provided and operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). Microsoft places a cookie on your device if you have reached our website via a Microsoft Bing ad. In this way, Microsoft Bing and the website operator can recognize that someone has clicked on an ad, has been redirected to our website and has reached a previously determined target page (conversion page). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. Microsoft collects, processes and uses information via the cookie, from which user profiles are created using pseudonyms (Microsoft Conversion Tracking). These usage profiles are used to analyze visitor behavior and are used to display advertisements. No personal information about the identity of the user is processed.

Recipients

The recipient of your personal data is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft") and stored there.

Transmission abroad

The personal data is processed on a server in the Netherlands. It cannot currently be ruled out that personal data will be transferred to the United States of America. An adequacy decision (EU-US Data Privacy Framework) and a Swiss-US Data Privacy Framework have been in place for the USA since July 10, 2023. Microsoft Corporation is certified in accordance with the EU-US Data Privacy Framework and

Swiss-US Privacy Framework. The requirements of Art. 16 para. 1 FADP are therefore met.

Duration of data storage

The following table summarizes which personal data is processed and for how long. In addition, the data will be deleted if you assert your right to deletion and no retention periods prevent deletion.

Name	Storage duration	Memory type	Contents	Link
MUID	1 year	Cookie	Widely used by Microsoft as a unique user ID. The cookie enables user tracking by synchronizing the ID in many Microsoft domains.	More info...
_uetsid	30 minutes	Cookie	This cookie is used by Bing to collect anonymous information about how visitors use our website	More info...
_uetvid	approx. 16 hours	Cookie	This cookie is used by Bing to determine which ads are displayed that may be relevant to the end user visiting the website.	More info...

Further data protection information

Further information on the processing of your personal data can be found here: https://privacy.microsoft.com/en-US/privacystatement

Mapp Intelligence

Description and purpose

On this website, we use the statistics program "Webtrekk" from Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin. In the process, anonymous measurement values about the use of our online services are transmitted to us by your browser to improve quality and for the purpose of a user-friendly design. Webtrekk truncates the IP address immediately upon receipt and uses it on our behalf only for session detection, geolocalization and to defend against cyber attacks. When using Webtrekk, the following cookies are set, which have a shelf life as specified: Session cookie (for session recognition, lifespan: one session, i.e. until the browser is closed).

Recipients

The recipient of your personal data is Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin.

Transmission abroad

The personal data is processed in Germany. Germany is recognized by Switzerland as a country that guarantees adequate data protection.

Duration of data storage

The data is stored for the following duration:

• Session cookie: For one session
• Long-term cookie: 6 months
• Opt-out cookie in the event of an objection in the case of tracking: at least 60 months

In addition, the data will be deleted if you assert your right to deletion and no retention periods prevent deletion.

Further data protection information

Further information on the processing of your personal data can be found here: https://www.webtrekk.com/privacy-notice.html

Facebook Connect

Description and purpose

On our website, we use a web tracking service provided by Meta Platforms Inc (hereinafter: Facebook Connect). As part of web tracking, Facebook Connect uses cookies that are stored on your computer and enable an analysis of the use of our website and your surfing behavior (so-called tracking). We carry out this analysis on the basis of the Facebook Connect tracking service in order to constantly optimize our website and make it more accessible. When you use our website, data, in particular your IP address and your user activities, are transmitted to Facebook servers.

Recipients

The recipient of your personal data is Meta Platforms Inc (1 Hacker Way, Menlo Park, California 94025, USA).

Transmission abroad

The personal data is processed on a server in European Servers. It cannot currently be ruled out that personal data will be transferred to the United States of America. An adequacy decision (EU-US Data Privacy Framework) and a Swiss-US Data Privacy Framework have been in place for the USA since July 10, 2023. Meta Platforms Inc. is certified in accordance with the EU-US Data Privacy Framework and Swiss-US Privacy Framework. The requirements of Art. 16 para. 1 FADP are therefore met.

Duration of data storage

According to Meta, the data is stored for the following duration:

"We keep your information for as long as we need it to provide our products, comply with legal obligations or protect our interests or the interests of others. We decide on a case-by-case basis how long we need information."

You can find more information here: Meta Privacy Policy - How Meta collects and uses user data | Privacy Center | Manage your privacy on Facebook, Instagram and Messenger | Facebook Privacy

YouTube

Description and purpose

We use the YouTube.com platform to post our own videos and make them publicly accessible. YouTube is a service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Some of our website pages contain links or connections to the YouTube service. In general, we are not responsible for the content of linked websites. However, in the event that you follow a link to YouTube, we would like to point out that YouTube stores the data of its users (e.g. personal information, IP address) in accordance with its own data usage guidelines and uses it for business purposes. We also directly integrate videos stored on YouTube on some of our websites. During this integration, content from the YouTube website is displayed in parts of a browser window. However, the YouTube videos are only called up by clicking on them separately. This technique is also known as "framing". When you call up a (sub)page of our website on which YouTube videos are integrated in this form, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser.

Recipients

The recipient of your personal data is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Transmission abroad

The personal data is processed on a server in Europe. It cannot currently be ruled out that personal data will be transferred to the United States of America. An adequacy decision (EU-US Data Privacy Framework) and a Swiss-US Data Privacy Framework have been in place for the USA since July 10, 2023. Google LLC is certified in accordance with the EU-US Data Privacy Framework and Swiss-US Privacy Framework. The requirements of Art. 16 para. 1 FADP are therefore met.

Duration of data storage

With regard to the duration of the processing of personal data, we refer to the privacy policy of Google LLC. In addition, the data will be deleted if you assert your right to deletion and no retention periods prevent deletion.

Further data protection information

Further information on the processing of your personal data can be found here: https://policies.google.com/privacy?hl=eng

VWO (Wingify)

In order to continuously improve our online services, we regularly carry out A/B and multi-variant tests on our website. In doing so, we collect information about visitor access and your interaction with our online offering, which is recorded anonymously and statistically analyzed. For this purpose, we use the Visual Website Optimizer ("VWO") technology, operated by Wingify Software Pvt. Ltd. - 703, 7th Floor, KLJ North Tower, Plot No. B-5, Netaji Subhash Place, Pitampura, Delhi-110034, INDIA.

Each time you access our website, information transmitted by your browser is collected and analyzed for this purpose. The information is collected via a Java script and cookies. The following information is collected anonymously and processed statistically:

• Browser used
• Number of pages viewed
• Number of visits
• Order of the visit
• Duration of the visit
• Interactive actions such as filling/emptying a shopping cart
• Recording the use of individual websites (except e.g. in the check-out and registration process)
• Transactions carried out
• Etc.

VWO uses your IP address to carry out geolocalization (regional details of your location). After geolocalization, which takes place immediately when you visit the site, your IP address is deleted immediately.

When VWO is used, the following cookies are set, which have the following lifetimes:

• Session cookie (for session recognition, lifetime: one session, i.e. until the browser is closed)
• Long-term cookie (for pseudonymized recognition of returning visitors: 10 years)
• Opt-out cookie (if you object to tracking: 10000 days)

If you do not agree with the storage and evaluation of the usage measurement from your visit, you can object to this by clicking on the following link: https://vwo.com/opt-out/

This allows you to place a so-called opt-out cookie in your browser. This means that the service will not set any cookies to measure usage and will not collect any session data. Please note: If you delete your cookies, the opt-out cookie will also be deleted and may need to be reactivated by you.

Recipients

The recipient is Wingify Software Pvt. Ltd. - 703, 7th Floor, KLJ North Tower, Plot No. B-5, Netaji Subhash Place, Pitampura, Delhi-110034, INDIA.

Transmission abroad

Your personal data is processed on a server in India and the USA. The transfer is subject to appropriate safeguards in the form of standard data protection clauses. In addition, we are aware of our responsibility and, where necessary, take further measures to protect the rights and freedoms of natural persons to ensure the protection of personal data.

Duration of data storage

According to Wingify, the data is stored for the following duration:

"Wingify will immediately and in any event between 45 and 90 days after the date of termination/expiration of the Agreement or upon request, delete all User Data in accordance with Wingify's procedures."

Further data protection information

The applicable data protection provisions of VWO may be retrieved under https://vwo.com/privacy-policy/.

Speed Kit

Description and purpose

This website uses the Speed Kit product to reduce page load time. For this purpose, publicly accessible data is delivered via the infrastructure of the Speed Kit provider, Baqend GmbH. No personalized or personal content is transmitted or stored. IP addresses are anonymized immediately after transmission.

Recipients

The recipient of your personal data is Baqend GmbH, Stresemannstr. 23, 22769 Hamburg.

Transmission abroad

The personal data is processed in Germany. Germany is recognized by Switzerland as a country that guarantees adequate data protection.

Duration of data storage

With regard to the storage period for the processing of personal data, please refer to Speed Kit's privacy policy.

Further data protection information

You can find more information about Speed Kit here: Speed Kit privacy policy

Useberry

Description and purpose

We use the Useberry service to conduct studies and user tests. Useberry processes your data under its own responsibility under data protection law.

Recipients

The recipient of your personal data is Useberry User Testing Technologies IKE, Thessalonikis 187, Athens 118 52, Greece.

Transmission abroad

The personal data is processed on Google servers in England (London) and other European locations. It cannot currently be ruled out that personal data will also be transferred to the United States of America. An adequacy decision (EU-US Data Privacy Framework) and a Swiss-US Data Privacy Framework have been in place for the USA since July 10, 2023. Google LLC is certified in accordance with the EU-US Data Privacy Framework and Swiss-US Privacy Framework. The requirements of Art. 16 para. 1 FADP are therefore met.

Duration of data storage

The data will be stored for a period of two years. In addition, the data will be deleted if you assert your right to deletion and no retention periods prevent deletion.

Further data protection information

Further information on the processing of your personal data can be found here: https://www.useberry.com/privacy-policy/

Participation and terms of use of Useberry: https://www.useberry.com/terms/

Criteo

1.Description and Purpose

We use the services of Criteo SA (32 Rue Blanche, 75009 Paris, France) to deliver personalized advertisements and marketing services. Criteo processes personal data to:

• Deliver personalized advertisements based on users’ interests and browsing behavior.
• Measure and optimize ad performance, including conversions, views, and clicks.
• Limit ad repetition and improve user experience.
• Provide retargeting services.
• Enable audience segmentation and targeting.
• Support analytics, reporting, and campaign performance monitoring.
• Ensure fraud detection and security.

2.Legal Basis

The processing of personal data by Criteo is based on:

• Your consent, when required by applicable data protection laws, particularly for profiling and targeted advertising.
• Our legitimate interests in marketing, advertising, and website optimization, provided such interests are not overridden by data subject rights.

3.Recipients

• Criteo’s advertising partners (clients and publishers) to support ad delivery and performance reporting.
• Service providers (e.g., cloud hosting, fraud detection, and analytics) under data protection agreements to ensure data protection and confidentiality.
• Authorities or regulators if required to comply with legal obligations.

4.Transfer to Third Countries

Criteo may transfer personal data outside of Switzerland, the EU, and the EEA to countries that may not provide the same level of data protection. In such cases, appropriate safeguards are implemented, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Explicit consent from the data subject when legally required.

5.Duration of Data Storage

Personal data is retained by Criteo for a maximum of 13 months from the time of collection. After this period, the data is either deleted or anonymized to ensure it cannot be linked back to any individual.

6.Contractual and Legal Obligation

There is no legal or contractual obligation for you to provide personal data. However, opting out of data processing may impact personalized advertising and marketing services.

7.Further Data Protection Information

There is no legal or contractual obligation for you to provide personal data. However, opting out of data processing may impact personalized advertising and marketing services.

For more information on Criteo’s data processing practices, your rights, and options to opt out of personalized advertising, please visit the Criteo Privacy Policy: https://www.criteo.com/privacy/

Customer Relationship Management (CRM)

Description and purpose

The data is collected, stored and, if necessary, passed on by us to the extent necessary to enable the administration of customer data, which also records the movement of goods. The collection, storage and forwarding is therefore carried out for the purpose of fulfilling a contract with the data subject and/or for the purpose of pre-contractual measures at the request of the data subject. Failure to provide this data may mean that goods and/or services cannot be delivered or cannot be delivered promptly.

Recipients

The recipient of your personal data is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Transmission abroad

The personal data is processed on a server in European Servers. It cannot currently be ruled out that personal data will be transferred to the United States of America. An adequacy decision (EU-US Data Privacy Framework) and a Swiss-US Data Privacy Framework have been in place for the USA since July 10, 2023. Microsoft Corporation is certified in accordance with the EU-US Data Privacy Framework and Swiss-US Privacy Framework. The requirements of Art. 16 para. 1 FADP are therefore met.

Duration of data storage

With regard to the duration of the processing of personal data, we refer to Microsoft's to: https://www.microsoft.com/gb-eng/privacy/privacystatement

Opt-Out:

https://account.microsoft.com/privacy/ad-settings/signedout?ru=https:%2F%2Faccou nt.microsoft.com%2Fprivacy%2Fad-settings

Further data protection information

Further information on the processing of your personal data can be found here: https://www.microsoft.com/gb-eng/privacy/privacystatement

Enterprise Resource Planning (ERP)

Description and purpose

We process the data to the extent necessary to enable the management of customer data (also known as ERP), which also records the movement of goods. The processing of personal data serves the purpose of fulfilling a contract with the data subject or for the purpose of pre-contractual measures at the request of the data subject. Failure to provide this data may mean that goods and/or services cannot be delivered or cannot be delivered promptly.

Recipients

The recipient is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Transmission abroad

The personal data is processed on a server in the Netherlands. It cannot currently be ruled out that personal data will be transferred to the United States of America. An adequacy decision (EU-US Data Privacy Framework) and a Swiss-US Data Privacy Framework have been in place for the USA since July 10, 2023. Microsoft Corporation is certified in accordance with the EU-US Data Privacy Framework and Swiss-US Privacy Framework. The requirements of Art. 16 para. 1 FADP are therefore met.

Duration of data storage

With regard to the duration of the processing of personal data, we refer to Microsoft's https://www.microsoft.com/gb-eng/privacy/privacystatement

Further data protection information

Further information on the processing of your personal data can be found here: https://www.microsoft.com/gb-eng/privacy/privacystatement

Hosting (Microsoft Azure)

Description and purpose

The operator of this website uses the functions of Microsoft Azure. In this context, our website and our ecommerce store are hosted in the Azure data center on European servers. The customer login and uploaded photos are also stored on Azure. The processing of personal data serves the purpose of fulfilling a contract with the data subject or for the purpose of pre-contractual measures at the request of the data subject. Failure to provide this data may mean that goods and/or services cannot be delivered or cannot be delivered promptly.

The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Azure offers a so-called globally distributed content delivery network with DNS. Technically, the transfer of information between your browser and our services is routed via the Azure network. Microsoft Azure is therefore able to analyze the data traffic between you and our services, for example to detect and ward off attacks on our services. Azure Front Door may also store cookies on your

end device for optimization and analysis purposes. In addition, Azure offers us the option of dynamically adapting content in the services.

Recipients

The recipient is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Transmission abroad

The personal data is processed on a server in the Netherlands. It cannot currently be ruled out that personal data will be transferred to the United States of America. An adequacy decision (EU-US Data Privacy Framework) and a Swiss-US Data Privacy Framework have been in place for the USA since July 10, 2023. Microsoft Corporation is certified in accordance with the EU-US Data Privacy Framework and Swiss-US Privacy Framework. The requirements of Art. 16 para. 1 FADP are therefore met.

Duration of data storage

With regard to the duration of the processing of personal data, we refer to Microsoft's privacy policy.

Further data protection information

Further information on the processing of your personal data can be found here: https://www.microsoft.com/gb-eng/privacy/privacystatement

Other recipients

If this is permitted or required by law or if you have given your consent, we will also share your personal data with other recipients who provide services for us. The following categories of service providers/recipients may receive your data:

• Service provider in the field of applications to support the selection of applicants
• Service provider for development work, including programming, development, maintenance and support of software applications
• Service provider for postal services
• External legal advice
• Marketing agencies/ website support
• Other IT service providers (e.g. system houses)
• Other services and tools

The service providers commissioned by us must meet strict confidentiality requirements. They are only given the necessary access to your data in order to fulfill the assigned tasks.

In the event of suspicion of a criminal offense, data may be passed on to law enforcement authorities.

Security

We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress. In addition, we ensure data protection on an ongoing basis by constantly auditing and optimizing our data protection organization.

Conclusion

Ifolor AG reserves all rights to make changes and updates to this privacy policy. This privacy policy was created by the data protection management system within hellotrust, a brand of Keyed GmbH. If Keyed has been appointed as an external data protection officer, you can make inquiries free of charge.