and, as such, is responsible for collecting, processing and using your personal data and ensuring that such data processing is compatible with applicable data protection law.

Your trust is important to us, which is why we take the subject of data protection seriously and endeavour to ensure an appropriate level of security. It goes without saying that we comply with the legal provisions of the Federal Data Protection Act (DPA), the Ordinance to the Federal Act on Data Protection (VDSG), the Telecommunications Act (FMG) and any other applicable data protection provisions under Swiss or EU law, in particular the General Data Protection Regulation (GDPR).

To find out which personal data we collect from you and why, please take note of the information provided below.

Data processing in connection with our website

1. Visits to our website

Each time you visit our website, our servers temporarily store information about each visit in a log file. As with any connection to a webserver, the following technical data is recorded without your intervention, stored by us, and automatically deleted after no more than 12 months:

• the IP address of the requesting computer
• the name of the owner of the IP address range (generally your Internet access provider)
• the date and time of access
• the website from which access took place (referrer URL) including the search word used, if applicable
• the name and URL of the file accessed
• the status code (e.g. error message)
• your computer’s operating system
• which browser you use (type, version and language)
• the transmission protocol used (e.g. HTTP/1.1) and
• if applicable, the username used for registration/authentication

This data is collected and processed for the purpose of enabling the use of our website (to establish a connection), to permanently guarantee system security and stability, to enable the optimisation of our Internet offer as well as for internal statistical purposes. This is where our legitimate interest in data processing lies within the meaning of Art. 6 (1) (f) GDPR.

The IP address is also evaluated together with the other data in the event of attacks on the network infrastructure or other unauthorised or abusive use of the website for the purpose of investigating and preventing attacks and may be used in the course of criminal proceedings to identify and prosecute the users concerned under civil and criminal law. This is where our legitimate interest in data processing lies within the meaning of Art. 6 (1) (f) GDPR.

2. Use of our contact form

You have the option of using a contact form to contact us with inquiries both regarding events or of a general nature. To respond to such inquiries, we usually need the following information:

• first name and surname
• email address
• message

We will only use this data in order to provide you with the best possible, personalised response to your contact request. As a result, the processing of such data within the meaning of Art. 6 (1) (b) GDPR is necessary in order to take steps prior to entering into a contract and/or we have a legitimate interest in such processing pursuant to Art. 6 (1) (f) GDPR.

3. Cookies

Cookies help in many ways to make your visit to our website simpler, more pleasant and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our website.

For example, we use cookies to temporarily save your selected services and entries you make when filling out a form on the website, so that you do not have to re-enter the information when you access another subpage. Cookies may also be used to identify you as a registered user after you log into the website so that you do not have to log in again when accessing another subpage.

Most Internet browsers accept cookies automatically. However, you can configure your browser to prevent cookies from being stored on your computer or to display a message whenever you receive a new cookie. You will find explanations on how to configure cookie processing in the most common browsers on the following pages:

• Microsoft’s Windows Internet Explorer
• Microsoft’s Windows Internet Explorer Mobile
• Mozilla Firefox
• Google Chrome for PC
• Google Chrome for mobile
• Apple Safari for PC
• Apple Safari for mobile

If you disable cookies, you may not be able to use all the functions of our website.

4. Tracking tool

a. General information

We use the web analytics service from Google Analytics for the purpose of designing our website to better meet its users' needs and for the continuous optimisation of our website. In this context, pseudonymous user profiles are created and small text files are stored on your computer ("cookies"). Cookie-generated information regarding your use of this website is sent to the servers of the providers of those services where they are stored and preprocessed for us. In addition to the data listed in Section 1, we may receive the following information:

• how a visitor navigates through the site
• time spent on the website or subpage
• last subpage visited before leaving the website
• the country, region or city from where the site was accessed
• terminal (type, version, colour depth, resolution, width and height of the browser window) and
• recurring or new visitor.

This information is used to evaluate how this website is used, to compile reports on website activities and to provide further services associated with the use of the website and the Internet for the purpose of conducting market research and to design our website to better meet its users' needs. As the circumstances require, this information may also be transferred to third parties if required to do so by law or to the extent that a third party is instructed to process this data.

b. Google Analytics

Google Analytics is provided by Google Inc., which belongs to the US-based holding company Alphabet Inc. When IP anonymisation (“anonymizeIP”) is enabled on this website, the IP address will be truncated within the Member States of the European Union or in other countries party to the Agreement on the European Economic Area before any data is sent to the provider. The anonymised IP address sent by your browser within the context of Google Analytics will not be combined with any other Google data. The full IP address will only be transmitted to a Google server in the USA before truncation in exceptional circumstances. In such cases, we have contractual guarantees in place to ensure that Google Inc. maintains an adequate level of data privacy. According to Google Inc., the IP address will not be linked to other user-related data under any circumstances.

You will find additional information about the website analytics service on the Google Analytics website. For instructions on how to prevent the website analytics service from processing your data, go to http://tools.google.com/dlpage/gaoptout?hl=de

5. Data security

We use appropriate technical and organisational security measures to protect any personal data we have stored concerning you against manipulation, partial or complete loss and against unauthorised third-party access. Our security measures are improved on a continuous basis to keep up with technological developments.

You should keep your login details confidential at all times and close your browser window after communicating with us, especially if you share your computer with other people.

We also take in-house data protection very seriously. Our employees and the service providers commissioned by us have been obliged by us to maintain confidentiality and to comply with data protection regulations.

6. Note regarding data transmissions to the USA

For the sake of completeness, we would like to point out to users residing or domiciled in Switzerland that the US authorities have monitoring measures in place in the USA which generally allow the storage of all personal data of all persons whose data was transmitted from Switzerland to the USA. This is done without differentiation, restrictions or exceptions in terms of the objective pursued and without an objective criterion which would make it possible to restrict the US authorities’ access to the data and its subsequent use to very specific, strictly limited purposes that could justify the intrusion constituted by both access to such data and its use. Furthermore, we would like to point out that there are no legal remedies available in the USA for data subjects from Switzerland which would allow them to gain access to the data related to them and to have such data rectified or erased, and that there is no effective judicial protection against the general access rights of US authorities. We explicitly point out this legal and factual situation to data subjects to help them make an appropriately informed decision on whether to grant their consent for the use of their data.

Users residing in an EU Member State are advised that, from the European Union’s standpoint, the US does not have an adequate level of data protection, in part because of the issues mentioned in this section. If we have explained in this Privacy Policy that recipients of data (such as Google) are based in the USA, we will ensure that your data is afforded an appropriate level of protection by our partners, either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU or Swiss-US Privacy Shield.

7. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority at any time.

As at: Ascona, July 2020