Imprint and
Data Protection

Intro
ICS Automation AG (referred as ICS) and its subsidiary Automation + Controlsystem ACS AG (referred as acs) are committed to protecting the privacy of individuals who interact with ICS or acs and their personal data. This privacy statement applies to ICS and acs and describes how ICS or acs processes and protects personal data.

Principle
The protection of your privacy is an important concern for us. With the following data protection declaration, we explain to you which personal data we process from you when you visit our website or use our online services, or more generally when we provide services for you. We collect and process your personal data carefully and only for the purposes described in this data protection declaration and only to the extent necessary for this purpose and within the framework of the applicable legal provisions. We retain your personal data only to the extent and for as long as necessary to provide our services or as required by law. In close cooperation with our IT partners and hosting providers, we make every effort to protect the data from unauthorized access, loss, misuse or falsification. In particular, this privacy policy is also aligned with the EU General Data Protection Regulation (DSGVO). Although the DSGVO is a regulation of the European Union, it is relevant to us. The Swiss Data Protection Act (DPA) is heavily influenced by EU law, and companies outside the European Union or EEA must comply with the DPA under certain circumstances.

Data Protection Officer
Responsible for compliance with the applicable data protection provisions within the meaning of the CH-DSG or responsible person within the meaning of the EU-DSGVO is:

ICS Automation AG bzw. Automation + Controlsystem ACS AG
Wattstrasse 14
CH-9240 Uzwil
+41 71 955 04 50
info@ics-automation·com

Collection and processing of personal data
ICS or acs process in particular

• Contract data
• Payment data
• Contact data (name, address, tel, e-mail, title, place of work, etc.)

for the purpose of providing contractual services, service and customer care, marketing, advertising, to comply with legal obligations, to manage business relationships, to identify customer needs, to evaluate and improve our services, and to communicate on various topics. ICS or acs do not operate an online store, nor do we offer or sell products or services to individuals in Switzerland or the EU. When individuals inquire about job openings on our website or apply for a job, those applications and any additional information submitted may be used to match skills and interests with job openings at ICS or acs. When contact is made with ICS or acs (e.g., e-mail, telephone, etc.), the information provided by the person making the contact is processed to handle the contact and its completion. We use the "Microsoft Teams" service to conduct telephone conferences, online meetings, video conferences and/or webinars ("online meetings") The following data is processed in this context: User name, general information about service preferences, information about each user's device and network and Internet connection, such as IP address(es), MAC address, other device IDs (UDID), device type, operating system type and version, client version, information about the use of or other interaction with "Microsoft" products ("Usage Information"), other information that the user uploads, provides or creates while using the service, and metadata used to maintain the service provided. Where appropriate, as is common with collaborative tools, other personal data may also be exchanged between the participants, such as chat messages, images, files, audio or video recordings, contact information, or metadata used for the maintenance of the service provided. Only a minimum of data is processed if you participate in an "online meeting" of "Microsoft Teams" without registration. Recordings of the "Online Meeting" are only made with prior notice and are generally stored locally. Additional information about the processing of personal data by "Microsoft Teams" can be found in their privacy policy.

Purposes of data processing and legal bases
We only process personal data in which we have a legitimate interest corresponding to the purpose or in the case of a legal obligation, namely for the following purposes

• Contract processing
• Information on offers, services, websites and other platforms on which we are present;
• Communication with third parties and processing of their requests (e.g. applications, inquiries);
• Collection of personal data from publicly available sources for the purpose of customer acquisition, insofar as our legitimate interests require it and it is permitted by law;
• Advertising and information about our services and offers to existing customers, unless you have objected to the use of your data for this purpose (if we send you advertising from us as an existing customer, you can object to this at any time, we will then put you on a block list against further advertising mailings);
• Assertion of legal claims and defense in connection with legal disputes and official proceedings;
• Prevention and investigation of criminal offenses and other misconduct (e.g., conducting internal investigations, data analysis to combat fraud);
• Guarantees of our operations, in particular IT, our websites and other platforms;
• Taking measures to ensure IT, building and facility security and to protect our employees and other persons and assets belonging to or entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone records);
• Conducting "online meetings."

If you have given us consent to process your personal data for specific purposes, we process your personal data within the scope of and based on this consent, unless we have another legal basis and we require such a basis. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place. Insofar as the processing of your personal data is within the scope of the administration of industrial property rights, the law and ordinance specify which data we process and in what form. For example, we are required by law to inform the public about the intellectual property rights valid in Switzerland and the personal data associated with them.

Cookies and image elements
Our websites may use "cookies" and similar technologies to identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser you use when you visit our website. This allows us to recognize you when you return to this website, even if we do not know who you are. In addition to cookies that are only used during a session and deleted after your website visit ("session cookies"), cookies can also be used to store user settings and other information for a certain period of time (e.g. two years) ("permanent cookies"). However, you can set your browser to reject cookies, store them for one session only, or otherwise delete them early. Most browsers are preset to accept cookies.

Newsletters and marketing emails
The receipt of newsletters and other marketing emails requires your consent. You can revoke this at any time by unsubscribing from the newsletter.

Google Maps
We sometimes include maps from the Google Maps service on our websites. This is a service provided by third parties, which may be located in any country of the world (in the case of Google Maps, it is Google LLC in the USA, www.google.com). The processed data may include, in particular, IP addresses and location data of the users, which, however, are not collected without their consent (usually executed within the settings of their mobile devices). Privacy policy: https://www.google.com/policies/privacy/

Plug-ins
Our websites may use so-called plug-ins from social networks such as Facebook, Twitter, Xing, LinkedIn. This is apparent to you in each case (typically via corresponding icons). We have configured these elements so that they are deactivated by default. If you activate them (by clicking on them), the operators of the respective social networks can register that you are on our website and where and can use this information for their purposes. The processing of your personal data is then the responsibility of this operator according to its data protection regulations. We do not receive any information about you from him.

Links to other websites
Our websites may contain links to other websites (including LinkedIn, Facebook, Instagram and YouTube) or to integrated websites. ICS or acs are not responsible for the content of the websites of other companies (third-party websites) or for the practices of these companies in collecting personal data. When visiting third party websites, the website operators' personal data protection policies and other relevant policies should be read.

Hosting
We host our website at Virtualtec AG in Zurich, Switzerland. At Virtualtec, standard web server log files containing the following information are created for each access to this website: IP address, date and time including time zone, browser request including origin of the request (referer respectively), operating system used including user interface and version, browser used including language and version, amount of data transferred.

Social Media
We have only limited influence on the data processing by the operators of the social media platform (e.g. management of members and the information shared). At the points where we can exert influence, we work towards data protection-compliant handling by the platform operator within the scope of the options available to us. At many points, however, we cannot influence the data processing by the platform operator and also do not know exactly what data the operator processes.
The platform operator operates the entire IT infrastructure of the service, maintains its own data protection regulations and maintains its own user relationship with registered users. In addition, the operator is solely responsible for all questions regarding the data of your user profile, to which we as a company have no access. More detailed information on data processing by the platform provider and further objection options can be found in the provider's privacy policy:

• Facebook: https://www.facebook.com/help/568137493302217
• Instagram: https://help.instagram.com/519522125107875
• YouTube: https://policies.google.com/privacy?gl=CH&hl=de
• LinkedIn: https://de.linkedin.com/legal/privacy-policy?

In the context of platform use, personal data is generally also processed by the respective platform operator on servers in third countries, in particular in the USA and the United Kingdom.

Transmission of data to third parties
Personal data will only be passed on or disclosed to the extent permitted by law:

• When the recipient provides services on behalf of ICS or acs such as visa procurement, banking, insurance, etc.
• For the establishment, exercise or defense of our legal rights.
• When the data subject has given prior consent for personal data to be disclosed
• In the event of mergers, sales, joint ventures, succession planning, etc.

In general, your personal data will not be disclosed, sold or otherwise transferred to third parties, unless this is necessary for the purpose of contract execution or to fulfill our legal duties, or unless you have expressly consented. In addition, data may be transferred to third parties if we are required to do so by law or by enforceable governmental or court order.
The recipients of such data are sometimes domestic, but may be anywhere in the world. If we transfer data to a country without adequate legal data protection, we ensure an adequate level of protection by using appropriate contracts or rely on the legal exceptions of consent, contract performance, establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the data subjects.
The "Microsoft Teams" service used for "Online Meetings" is provided by a provider from the USA; processing of personal data therefore also takes place in a third country. An appropriate level of data protection is contractually guaranteed.
You can request information about the contractual guarantees mentioned at any time from our data protection officer. However, we reserve the right to black out copies for data protection or confidentiality reasons or to provide only excerpts.

Duration of the retention of personal data

• General
  We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise the purposes pursued with the processing, i.e. for example for the duration of the entire business relationship (from the establishment of contact, processing to the termination of a contract or project) as well as beyond that in accordance with the statutory retention and documentation obligations. After expiry of the purpose, the personal data will be irrevocably deleted, unless the data is subject to a legal obligation to retain data or the data is used for the exercise or defense of legal claims.
• Customer data
  ICS or acs will retain personal data for marketing purposes after termination of the contract for as long as the legitimate interests of ICS or acs so require and as permitted by law.
• Application dossiers
  Application files are deleted no later than 12 months after the application process has been completed. Exceptions:
  • The dossier of a successful applicant is transferred to the employee file.
  • The applicant agrees to store the application dossier for a longer period of time.

Data security
We use appropriate technical and organizational security measures to protect the managed data against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons, taking into account the state of the art, the cost of implementation, the likelihood of occurrence and the severity of the risk to the rights and freedoms of natural persons. The security measures are continuously improved in line with technological developments.
In particular, the measures include safeguarding the confidentiality, integrity and availability of data by limiting physical access to the data.

Obligation to provide personal data
In the context of our business relationship, you must provide those personal data that are necessary for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations (you usually do not have a legal obligation to provide us with data). Without this data, we will generally not be able to conclude a contract with you (or the entity or person you represent), to process it or to fulfill our legal duties.

Profiling and automated decision making
The personal data is not used as the basis for automated decision-making. We do not carry out any profiling with the personal data.

Rights of the data subject
Within the scope of the data protection law applicable to you and insofar as provided therein (such as in the case of the GDPR), you have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to our data processing as well as to the surrender of certain personal data for the purpose of transfer to another entity (so-called data portability). Please note, however, that we reserve the right to enforce the restrictions provided for by law. For example, if we are obliged to store or process certain data, if we have an overriding interest in doing so (insofar as we are entitled to rely on this) or if we need the data to assert claims. If you incur costs, we will inform you in advance. We have already informed you about the possibility of revoking your consent in the chapter "Purposes of data processing and legal basis". Please note that exercising these rights may conflict with contractual agreements and may have consequences such as premature termination of the contract or cost consequences. We will inform you in advance if this is not already contractually or legally regulated.
The exercise of such rights usually requires that you clearly prove your identity (e.g. by means of a copy of your identity card, where your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address given in chapter "Data protection officer". Every data subject also has the right to enforce his or her claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch).

Changes
We may amend this privacy policy at any time without prior notice. The current version published on our website shall apply. Insofar as this appears appropriate, we will inform you of the change by e-mail or other suitable means in the event of an update.