DATA PROTECTION DECLARATION

1. 1. 1. 1. General Information

Siriuz AG processes personal data in accordance with applicable data protection law, in particular the Swiss Federal Act on Data Protection

as well as, where applicable, the General Data Protection Regulation of the European Union.

This Data Protection Declaration is addressed to business customers, their employees, applicants, partners, investors as well as other natural

persons whose data is processed in the course of the business activities of Siriuz AG.

1. 1. 1. 1. Responsible Entity

The responsible entity for data processing is:

Siriuz AG
Eimatt 16
6372 Ennetmoos
Switzerland
[email protected]
HP Wuersch

1. 1. 1. 1. Roles of Data Processing

Siriuz AG acts depending on the specific processing activity:

- - - - as controller for the operation of the platform as well as its own business processes
        
        as processor on behalf of customers
        
        as joint controller in coordinated matching or project processes

The specific role is determined based on the actual data processing.

1. 1. 1. 1. Categories of Personal Data

In particular, the following categories of personal data are processed:

- - - - identification and contact data
        
        professional and qualification-related data
        
        communication data
        
        usage and system data
        
        technical metadata
        
        project-related data
        
        data in connection with investors, partners and stakeholders

Additionally, within the scope of the services, the following may be processed:

- - - - strategic company information
        
        project-related analyses
        
        evaluation and matching data

Special categories of personal data are only processed where a legal basis exists or where there has been an explicit transfer by the customer.

1. 1. 1. 1. Purposes of Data Processing

Processing is carried out exclusively for the following purposes:

- - - - provision and operation of the platform
        
        execution of matching and recruitment processes
        
        provision of consulting services
        
        support in tender and procurement procedures
        
        international project coordination
        
        identification and evaluation of investors and business partners
        
        execution of analyses and due diligence processes
        
        communication with users and customers
        
        contract execution
        
        ensuring security and system stability
        
        further development of services

Any further use shall not take place without an appropriate legal basis.

1. 1. 1. 1. Legal Bases of Processing

The processing of personal data is carried out on the basis of:

- - - - performance of a contract
        
        implementation of pre-contractual measures
        
        consent of the data subject
        
        legitimate interests of Siriuz AG or its customers
        
        legal obligations

1. 1. 1. 1. Artificial Intelligence and Profiling

Siriuz AG uses automated data analysis procedures, in particular for:

- - - - evaluation of profiles
        
        execution of matching processes
        
        prioritisation of candidates, projects or partners
        
        recommendation systems

These procedures may constitute profiling within the meaning of data protection law.

No solely automated decision with legal effect is carried out without the possibility of human review.

Data subjects have the right to request human review.

The systems are regularly reviewed in order to avoid inappropriate bias. The use of personal data for training systems takes place

exclusively in anonymised form or within the legally permissible framework.

1. 1. 1. 1. Disclosure of Data

Personal data may be disclosed to:

- - - - customers within the scope of projects and placement processes
        
        investors and business partners within the scope of transactions
        
        external service providers and subcontractors
        
        authorities where there is a legal obligation

Following disclosure, the receiving parties are independently responsible where they act as controllers.

1. 1. 1. 1. International Data Transfers

Siriuz AG may transfer personal data internationally.

The transfer takes place using appropriate safeguards, in particular:

- - - - standard contractual clauses
        
        additional technical and organisational measures

An equivalent level of data protection is sought but not guaranteed.

1. 1. 1. 1. Data Security

Siriuz AG implements appropriate technical and organisational measures to protect personal data.

Absolute protection against security incidents cannot be guaranteed.

1. 1. 1. 1. Retention and Deletion

Personal data is only stored for as long as necessary for the respective purposes or where statutory retention obligations exist.

After the purpose ceases to apply, data is deleted, anonymised or processing is restricted.

1. 1. 1. 1. Rights of Data Subjects

Data subjects have, within the framework of applicable law, in particular the following rights:

- - - - access
        
        rectification
        
        deletion
        
        restriction of processing
        
        data portability
        
        objection

The exercise of these rights may be restricted where legal or contractual obligations prevent this.

1. 1. 1. 1. Confidentiality and Trade Secrets

Siriuz AG treats all data, in particular also non-personal business and project data, as strictly confidential.

Use is exclusively purpose-bound.

1. 1. 1. 1. Liability

Siriuz AG is liable within the framework of statutory provisions.

Siriuz AG assumes no liability for:

- - - - data processing by customers
        
        decisions in the recruitment process
        
        data transfers to third parties following release by users
        
        actions of third parties outside its sphere of influence

DATA PROCESSING AGREEMENT

1. 1. 1. 1. Subject Matter

Siriuz AG processes personal data exclusively on behalf of and in accordance with the instructions of the customer,

insofar as it acts as a processor.

1. 1. 1. 1. Right to Issue Instructions

The customer shall issue all instructions in documented form.

Siriuz AG is entitled to refuse instructions if they are unlawful.

1. 1. 1. 1. Security Measures

Siriuz AG implements technical and organisational measures in accordance with the state of the art, taking into account

the nature, scope and purpose of processing.

Siriuz AG is entitled to adjust security measures at any time.

1. 1. 1. 1. Subcontractors

Siriuz AG may engage subcontractors worldwide.

An objection by the customer is only permissible for important reasons.

1. 1. 1. 1. Assistance

Assistance to the customer is provided only to a reasonable extent and may be subject to separate remuneration.

1. 1. 1. 1. Data Breaches and Data Protection Violations

Notifications are made without undue delay, taking into account the available information.

1. 1. 1. 1. Audit

Audits are only permitted:

- - - - with reasonable prior notice
        
        during business hours
        
        no more than once per year

Costs shall be borne by the customer.

1. 1. 1. 1. Data Return

After termination of the contract, data shall be deleted or returned at the customer’s choice.

1. 1. 1. 1. Liability

Liability is governed exclusively by the main contract and is limited to a maximum of CHF 50,000.

SERVICE LEVEL AGREEMENT

1. 1. 1. 1. Subject Matter of Services

Siriuz AG provides a cloud-based platform as well as supporting services.

1. 1. 1. 1. Availability

Siriuz AG strives for high availability but does not assume a binding guarantee for a specific level of availability.

1. 1. 1. 1. Support

Support services are provided based on commercially reasonable efforts.

Response times are target values and are not binding.

1. 1. 1. 1. Maintenance

Siriuz AG is entitled to carry out maintenance work at any time.

1. 1. 1. 1. Liability

Liability is governed by the main contract. No claims for service credits or damages arise due to unavailability.

ENTERPRISE CLAUSES

1. 1. 1. 1. Platform and Consulting Delineation

Siriuz AG provides both technological and consulting services.

Siriuz AG provides a technology platform and assumes no responsibility for:

- - - - hiring decisions
        
        employment relationships
        
        legal compliance of the customer

1. 1. 1. 1. Responsibility of the Customer

The customer is solely responsible for:

- - - - compliance with labour law provisions
        
        legal evaluation of decisions
        
        compliance with regulatory requirements
        
        compliance with data protection obligations
        
        use of the platform

1. 1. 1. 1. Artificial Intelligence

Results of artificial intelligence systems constitute support and not binding decisions.

Siriuz AG assumes no warranty for:

- - - - accuracy of artificial intelligence results
        
        completeness of recommendations
        
        economic outcomes

1. 1. 1. 1. Use of Data

Siriuz AG is entitled to use data:

- - - - for analysis
        
        for aggregation
        
        for anonymisation
        
        for product improvement

1. 1. 1. 1. Confidentiality

All project-related information is subject to strict confidentiality.

1. 1. 1. 1. Exclusions of Liability

Liability is excluded for:

- - - - indirect damages
        
        loss of profit
        
        reputational damages
        
        data loss

1. 1. 1. 1. International Use

International projects are carried out taking into account local legal systems. All international risks are borne by the customer.

1. 1. 1. 1. Amendments

Siriuz AG is entitled to modify all services and conditions at any time.

COOKIE POLICY

1. 1. 1. 1. General

Siriuz AG uses cookies to ensure the functionality and security of the platform.

1. 1. 1. 1. Types of Cookies

The following are used:

- - - - technically necessary cookies
        
        analysis cookies
        
        functional cookies

1. 1. 1. 1. Purpose

Cookies serve:

- - - - system functionality
        
        improvement of user experience
        
        analysis of usage

1. 1. 1. 1. Legal Basis

Non-essential cookies are only set with consent.

1. 1. 1. 1. Storage Duration

Cookies are stored only as long as necessary.

1. 1. 1. 1. Objection

Users may disable cookies at any time.

DATA PROTECTION DECLARATION

Contact us