Privacy Policy

The purpose of this privacy policy (hereinafter the “Privacy Policy”) is to inform you (hereinafter “you” or “User”) about how we collect, process and use your personal data.

This Privacy Policy is applicable between you as User of our Website and OSSA, owner and publisher of the Website. This Privacy Policy applies to the use of any personal data we collect or that you provide to us in connection with your use of our website.

In case you provide us with personal data of third persons (such as family members, work colleagues) you should make sure that these persons are familiar with this Privacy Policy and you should only share their personal data if you have permission to do so and ensure that this personal data is correct.

We can assure you that we comply with the Swiss Federal Act on Data Protection, the Swiss Ordinance to the Federal Act on Data Protection, and the European General Data Protection Regulation (hereinafter the “GDPR”) and that we process your Data lawfully, fairly and transparently.

If you are younger than 18 years old, you are not allowed to use our Website without the permission of your parents or legal guardian.

We take confidentiality and privacy issues very seriously. We therefore ensure that your personal information is secure; we communicate our privacy and security guidelines and practices to all our employees and service providers and strictly enforce privacy safeguards within our company.

1. DEFINITIONS AND INTERPRETATION

1.1. In this Privacy Policy, the following definitions are used: Data: all information that you submit to us via our website.

Personal Data: all information making you directly or indirectly identifiable (e.g. your name, first name, address, phone number or email address but also the IP address of your computer, for example, or the information relating to your browsing of our Website).

Cookies: A small text file placed on your computer by our website when you visit certain parts of our website and/or when you use certain features of the website. Please refer to the Cookie Policy for more information.

Data Controller: he processing of any personal data provided or collected on the Website is carried out under the supervision of OSSA,.

GDPR: The “General Data Protection Regulation” (EU Regulation 2016/679), as well as any national legislation adopted in accordance therewith.

Website: Website: The website all subdomains of this Website, unless they are expressly excluded from the scope of this Privacy Policy by their own terms and conditions. 1.2. In this Privacy Policy, unless the context requires a different interpretation:

The singular includes the plural and vice versa;

References to sections, clauses, appendices refer to the sections, clauses, appendices of this Privacy Policy;

A reference to a person includes firms, companies, government entities, trusts, and partnerships;

“Including” means “including but not limited to”;

A reference to any legislative provision includes all amendments thereto;

Headings and subheadings are not part of this Privacy Policy.

2. SCOPE OF THIS PRIVACY POLICY

This Privacy Policy applies only to the actions of OSSA and of Users with respect to our Website. It does not extend to websites that can be accessed from our Website, including, but not limited to, any links we may provide to social media websites.

3. DATA PROCESSING IN CONNECTION WITH OUR WEBSITE

3.1. General data and Information resulting from your activity on our Website:

We receive and store certain types of information every time you visit our Website. For example, like many websites, we use Cookies and we obtain certain types of information when your Web browser accesses our Website and other content provided by or on behalf of OSSA on other Website. We may therefore also collect the following technical Data from you:

IP address (automatically collected);

Web browser type and version (automatically collected);

Operating system used by accessing the Website (automatically collected);

Your browsing history to and from the Website;

The date and time of access to the Website

The internet service provider of the accessing system

Any other similar data and information that may be used in the event of attackes on our information technology systems The collection and processing of this technical data is for the purpose of

enabling the use of our website:

developing our products, contents of our Website and services further;

Continuously improving our Website and offering you a more enjoyable and efficient experience.

For internal statistical purposes

This is our legitimate interest in the processing of Data in the sense of Art. 6 Par. 1 lit. f. GDPR.

3.2. Contact Possibility via the Website:

The Website may contain a contact form that enables a quick electronic contact to OSSA, as well as direct communication with us, which also included a general address of the e-mail address. If you contact us by e-mail or via contact form, the personal data transmitted by you is automatically stored.

Such Personal Data transmitted on a voluntary basis by you to us is stored for purpose of processing or contacting you and to handle your request and provide you the service or support you requested. The legal basis for the data processing for these purposes lies in the fulfilment of an agreement in accordance with Art. 6 Par. 1 lit. b GDPR and you have provided consent in accordance with Art. 6 Par. 1 lit. a GDPR.

3.3. Use of Website Cookies:

The Website uses cookies. Cookies are text files that are stored in a computer system via an

When you visit our websites, we may collect information from you automatically through cookies. Through the use of cookies, OSSA can provide the users of the Website with more user-friendly services that would not be possible without the cookie setting.

You may prevent the setting of cookies through our Website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, previously set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If you deactivate the setting of cookies in the Internet Browser used, it may not be possible to use all the functions of our Website.

If you do not agree to our use of cookies, you should set your browser settings accordingly as described above or not use our Website. By continuing to use our Website without changing your settings, you are agreeing to our use of cookies and the terms with regard to Cookies of this Privacy Policy.

Two types of cookies may be used on the Website – “session cookies” and “persistent cookies”. Session cookies are temporary cookies that remain on your device until you leave the Website. A persistent cookie remains on your device for much longer or until you manually delete it (how long the cookie remains on your device will depend on the duration or “lifetime” of the specific cookie and your browser settings).

4. RETENTION OF PERSONAL DATA

The retention period of Personal Data processed by OSSA may vary depending on common practice, and considered in accordance with the legal obligations and the applicable limitation rules. In any way, OSSA will process and store the Personal Data only for the period necessary to achieve the purpose of storage or as far as this is granted by the applicable laws or regulations.

If the storage purpose is not applicable any more, or if the storage period prescribed by the applicable laws and regulations expires, the personal data are routinely erased in accordance with legal requirements.

5. PERSONAL DATA SECURITY

Personal Data security is of great importance to OSSA. In order to protect your Personal Data, we have implemented appropriate physical, electronic and organizational procedures to safeguard and secure the Personal Data collected via our Website in order to ensure its integrity and confidentiality. Our security measures are continuously being improved in line with technical developments. All Personal Data is securely stored in accordance with industry standards and the Swiss Federal Act on Data Protection, the Swiss Ordinance to the Federal Act on Data Protection and the GDPR.

If a password is required to access certain sections of our Website, you are responsible for keeping this password confidential.

We endeavor to do all we can to protect your Personal Data. However, the transmission of information on the Internet is not fully secure and remains under your sole responsibility. We cannot ensure the security and accept no liability of the transmission of your Data to our Website.

6. OTHER PARTIES WHO HAVE ACCESS TO INFORMATION WE COLLECT

With the exceptions described in this section, we do not make your Personal Data available to third parties unless you have expressly consented to it, if we are legally obligated to, or if this is necessary to enforce our rights concerning a contractual relationship.We transmit your Data only to our employees who are authorized to process them as part of their duties.

We may transmit some of your Data to the technical and logistic service provider of our Website located in Switzerland acting on our behalf, and we ensure that they provide for the necessary guarantees with respect to the Swiss Federal Act on Data Protection, the Swiss Ordinance to the Federal Act on Data Protection and the GDPR. The transfer of data is for purpose of providing and maintaining the functionality of our Website. This is our legitimate interest in the sense of Art. 6 Par.1 lit. b and lit f GDPR.

We process your Data in principle in Switzerland. In case it is necessary to transfer your Data to third parties outside Switzerland and the EU, the Data will only be transferred to countries and/or parties that provide an adequate level of protection in accordance with the Swiss and European standards.

If the level of data protection in a country where a service provider is located does not correspond to the Swiss and European data protection level, we contractually ensure that the protection of your personal data corresponds to that in Switzerland and the EU at all times by concluding agreements using the standard contractual clauses complying with the GDPR.

All Personal Data used by these third parties is solely used for the purposes of the services provided at your request. Any use for other purposes is strictly prohibited. In addition, any Personal Data processed by third parties will be in accordance with the terms of this Privacy Policy and in compliance with the Swiss Federal Act on Data Protection and the GDPR. The third party providers we use will only collect and use your information to the extent necessary to enable them to perform the services they provide to us.

7. LINKS TO OTHER WEBSITES

Our Website may, from time to time, provide links to other websites. When you activate them (by clicking on them), the operators of the respective website may record that you are on our website and may use this information. We have no control over such websites and we are not responsible for their content. The processing of your personal data then lays in the responsibility of the individuals of these websites and occurs according to their privacy policy. This Privacy Policy does not extend to the use of such websites. We advise you to read the privacy policy applicable to such other websites before using them.

8. YOUR RIGHTS REGARDING YOUR PERSONAL DATA

a) Right to confirmation

You have the right to obtain confirmation from OSSA as to whether or not personal data concerning you is being processed. If you wish to avail yourself of this right of confirmation, you may, at any time, contact the Responsible Person as stated in section 3 of this Privacy Policy.

b) Right to access

You have the right to obtain from OSSA free information about your personal data stored at any time and a copy of this information. Furthermore, you will have access to the following information:

the purposes of the processing;

the categories of personal data concerned;

the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries;

where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

the existence of the right to request from OSSA rectification or erasure of personal data, or restriction of processing of personal data concerning you, or to object to such processing;

the existence of the right to lodge a complaint with a supervisory authority;

where the personal data are not collected directly from you, any available information as to their source; and

the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you.

If you wish to avail yourself of this right of access, you may at any time contact the Responsible Person as stated in section 3 of this Privacy Policy.

c) Right to rectification

You have the right to obtain from OSSA, without undue delay, the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If you wish to exercise this right to rectification, you may, at any time, contact the Responsible Person as stated in section 3 of this Privacy Policy.

d) Right to erasure (right to be forgotten)

You have the right to obtain from OSSA the erasure of personal data concerning you as soon as possible, and OSSA shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;

ou withdraw consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing;

The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR;

The personal data has been unlawfully processed;

The personal data must be erased for compliance with a legal obligation in accordance with the applicable law to which OSSA is subject; and/or

The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If any one of the aforementioned reasons applies, and you wish to request the erasure of personal data stored by OSSA, you may at any time contact the Responsible Person as stated in section 3 of this Privacy Policy. The Responsible Person at OSSA shall promptly ensure that the erasure request is complied as soon as possible.

e) Right to restriction of processing

You have the right to obtain from OSSA restriction of processing where one of the following applies:

The accuracy of the personal data is contested by you, for a period enabling OSSA to verify the accuracy of the personal data;

The processing is unlawful and you oppose the erasure of the personal data and requests instead the restriction of their use instead;

OSSA no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; and/or

The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of OSSA override those of the data subject.

If any one of the aforementioned conditions is met, and you wish to request the restriction of the processing of Personal Data stored by OSSA, you may at any time contact OSSA’s Responsible Person. The Responsible Person will arrange the restriction of the processing.

f) Right to object

You have the right to object, on grounds relating to your particular situation, at any time, to the processing of personal data concerning you, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

OSSA shall no longer process the personal data in the event of the objection, unless OSSA can demonstrate reasonable grounds for the processing, which override the interests, rights and freedoms of you, or for the establishment, exercise or defense of legal claims. In order to exercise the right to object, you may directly contact the Responsible Person.

g) Right to data portability

You have the right to receive the personal data concerning you, which was provided to OSSA, in a structured, commonly used and machine-readable format. You shall have the right to transmit those data to another controller without hindrance from OSSA to which the personal data has been provided, as long as the processing is based on consent pursuant to article 6 (1) GDPR or point (a) of article 9 (2) GDPR, or on a contract pursuant to point (b) of article 6 (1) GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest.

Furthermore, in exercising your right to data portability pursuant to article 20 (1) GDPR, you shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

In order to assert the right to data portability, you may at any time contact the Responsible Person according to section 3.

h) Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you, as long as the decision (1) is not necessary for entering into, or the performance of, a contract between you and OSSA, or (2) is not authorized by the applicable law and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or (3) is not based on your explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between you and OSSA, or (2) it is based on your explicit consent, OSSA shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and contest the decision.

Please note that OSSA does not use automatic decision-making but we may use profiling according to these Privacy Policy rules. OR If you wish to exercise the rights concerning automated individual decision-making, you may, at any time, contact the Responsible Person.

i) Right to withdraw data protection consent

You have the right to withdraw your consent to processing of your Personal Data at any time.

If you wish to exercise the right to withdraw the consent, you may at any time directly contact the Responsible Person as stated in section 3.

9. MISCELLANEOUS

If a court or competent authority considers that any provision of this Privacy Policy (or any part thereof) is invalid, illegal or unenforceable, that provision or relevant part of the provision will, to the extent required, be deemed to be deleted. The validity and enforceability of the other provisions of this Privacy Policy will not be affected.

Unless otherwise agreed, no delay, act or omission by a party in exercising a right or remedy will be deemed a waiver of such right, or of another right or remedy.

This Privacy Policy will be governed by and interpreted according to Swiss law. Any dispute arising out of this Privacy Policy will be subject to the exclusive jurisdiction of the courts in Zug, Switzerland.

CHANGES TO THIS PRIVACY POLICY

We reserve the right to make changes to this Privacy Policy as we deem necessary from time to time or as may be required by law. All changes will be posted immediately on our Website and you are deemed to have accepted the new terms of the Privacy Policy when you first use the Website after such changes. Always the current version of the Privacy Policy, as published on our Website, is applicable.

If our company is the subject of a corporate transaction such as an acquisition or merger with another company, your information may be transferred to the new owners so that we can continue to sell our products to you.

MORE INFORMATION ABOUT PRIVACY REGULATIONS

● EU General Data Protection Regulation https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG

● Swiss Federal Act on Data Protection https://www.admin.ch/opc/en/classified-compilation/19920153/index.html

● Swiss Ordinance to the Federal Act on Data Protection https://www.admin.ch/opc/en/classified-compilation/19930159/index.html