Privacy Notice

Accointing Services AG (“Accointing” or “us”, “we”, or “our”) operates the accointing.com website (“Website”) and social media sites and public messenger channels (“Social Media Pages”) (the “Service”). ‍ When you use our Service, we obtain certain Personal Data that can be used to contact or identify you. Personal Data are any information related to an identified or identifiable natural person (“Data Subject”). Such Personal Data may include your e-mail address, nameor other Personal Data you upload to the Website or communicate on the Social Media Pages. This Privacy NoticeNotice informs you about the collection, use and disclosure of information that directly or indirectly identifies you (" Personal Data") when you use our Service. This Privacy Notice governs the processing that is being conducted by us in the context of providing our Service to persons in the EU which are governed by the EU General Data Protection Regulation (GDPR). For Swiss or non-EU customers only the provisions of the Swiss Federal Data Protection Actare applicable.

CONTROLLER

Accointing Services AG Bahnhofplatz, 6300 Zug/Switzerland,

phone: +41 41 481 04 04 e-mail: [email protected]

EU representative of Accointing Services AG is:

SIDD Datenschutz Deutschland UG (haftungsbeschränkt) Schellingstr. 109a 80798 München [email protected]

For further information you may contact us any time, for example via e-mail to [email protected]

USE OF PERSONAL DATA

We process your Personal Data for the following purposes: providing the Website and Service, answering and reacting to any communication or requests provided to us, addressing and performing the application process, complying with our legal obligations, enforcing our legal rights marketing our Service to potential and existing customers

LEGAL BASIS FOR DATA PROCESSING

The legal basis for data protection are contained, in the Swiss Data Protection Act (DPA) or for natural persons based in the EU, the General Data Protection Regulation (GDPR).

We process Personal Data under the following grounds and applicable legal basis.

For the safeguarding of our and third-party legitimate interests

In order to safeguard our legitimate interests and those of third parties, we also process your Personal Data for the following purposes:

to manage risks; to assert legal claims and enable defence in legal disputes; to prevent violations of the law; to ensure IT security and IT operations; to take measures to ensure the security of our systems; to take measures for business management purposes and for the development and marketing of services and products; and to provide tailored customer service. For the fulfilment of contractual obligations

Your data will be processed to provide our Services and related ancillary services as part of the execution of our contracts with you. The purposes of data processing are based primarily on the specific service requested.

On the basis of your consent

Provided your consent has been given, by accepting the Terms and Conditions or this Privacy Notice, we are legally permitted to process your Personal Data for specific purposes. You can withdraw this consent at any time. Please note that the withdrawal of consent has no retroactive effect on the use of your data.

Consent is also often required for sending you newsletters such consent is deemed given, by accepting the Terms and Conditions or this Privacy Notice. This consent can be withdrawn at any time by clicking the unsubscribe link at the bottom of any newsletter.

On the basis of statutory requirements or in the public interest

We are subject to various national and international regulatory obligations under which we are required by law to carry out certain processing.

DATA PROCESSING OUTSIDE THE EU

We process your Personal Data in Switzerland, the EU/EEA (EU) and the USA. In order to carry out transfers to third countries we adhere to the requirements as set out in Article 46 GDPR by ensuring appropriate safeguards are implemented.

DATA SECURITY

We have implemented technical safeguards for processing your Personal Data according to applicable law. For a best possible security of your Personal Data, our Service through the Website is provided via a secured SSL connection between your server and the browser. That means that the data shall be transferred in encrypted form. Further details of these technical and organizational measures are available upon request.

PERSONAL DATA IN JOB APPLICATIONS

If you are applying online for a job at Accointing AG or Accointing Services AG you need to provide certain information via our online application form. In order to evaluate your application properly we need at least your name, e-mail address, or similar information. On a voluntary basis you may further add a link to your website or social profile, your blog, or your AngelList profile.

‍We process your Personal Data for fulfilling our contractual or pre-contractual obligations (based on Art. 13 (2) a. DPA or Art. 6 (1) b. GDPR) or – as applicable – for the purpose of the employment relationship with you. We are collecting and processing those data for the sole purpose of managing our recruitment related activities as well as for organizational planning purposes. Consequently, we may use your Personal Data in relation to the evaluation and selection of applicants including for example setting up and conducting interviews and tests, evaluating and assessing the results thereto and as is otherwise needed in the recruitment processes including the final recruitment.

In particular, we use your Personal Data to communicate with you and to facilitate your application including offering an online-application system. In some cases we also need to carry out vetting of potential staff members. However, if this is the case we will contact you and seek your permission for the vetting process. Additionally, we will maintain adequate records of the application process for the period in which claims can be brought against us.

In some limited circumstances we may receive or collect and handle information related to medical information, ethnic origin. religion or criminal records. This processing is either carried out based on a legal requirement such as the administration for tax purposes and social security laws or based on your express consent.

If you provide us with your consent we will keep you informed about other opportunities. In case we may not hire you we may – with your explicit consent – store your application data for a maximum period of 12 months to contact you in case of new job opportunities.

CONTACT FORM OR OTHER CONTACT

If you send us any requests via the online contact form or send us an e-mail or otherwise contact us, your details in this online form or request, including the contact data, name, e-mail address and other data provided respectively, are processed by us in order to deal with your inquiry or to be able to contact you at a later time for follow up questions. These data are processed only on the basis of initiating a business relationship or performing our contractual obligations (legal basis Art. 13 (2) a. DPA or Art. 6 (1) b. GDPR).

LOG DATA

Every time you access our website, usage data is transmitted through your internet browser and saved in log data (server log files). This data includes e.g. name of the page accessed, date and time of access, amount of data transferred and the requesting provider as well as IP addresses. This data is processed on the legal basis of our legitimate interests and serve exclusively to guarantee the trouble-free operation of our website, security of our servers and to improve our offer.

THIRD PARTY SERVICE PROVIDERS

We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are contractually obligated in accordance with the processor requirements in Article 28 GDPR.

These processors include:

Server providers Analytics providers Marketing agencies and marketing service providers Newsletter providers Accounting services providers IT service providers

Auth0 This Website uses Auth0 (Auth0, Inc., 10800 NE 8th Street, Suite 600, Bellevue, WA 98004, U.S.A.), a single sign-on service. For more information please see the Privacy Notice of Auth0 here: https://auth0.com/privacy When a visitor registers or logs into an account, the following information is transferred to Auth0: The use of Auth0 lies in our legitimate interest to provide the user the best login and logoff experience as possible and to increase adoption rates.

Font Awesome We are using Font Awesome for a representation of fonts named Web Fonts, that are provided by Fonticonts, Inc. at its address at 710 Blackhorn Dr, Carl Junction, MO, 64834, USA. At the opening of a page, the Browser loads the needed Web Fonts in your Browser-Cache, to show texts and fonts in a correct way.

To provide the Web Fonts your Browser needs to connect with the server of Fonticons, Inc. With that Fonticons, Inc. receives information about your web page visit via your IP-address. The use of Web Fonts is in our legitimate interest of creating and marketing our services in an attractive way.

Further information on Font Awesome can be found on the website: https://fontawesome.com/help and in the privacy statement of Fonticons, Inc. https://fontawesome.com/privacy

Bootstrap CDN

On our website we use the Bootstrap-technology, ensuring a modern layout and presentation of our content regardless what device is used. To increase the uploading speed of our website, we use the MaxCDN bootstrap CDN (Content Delivery Network) from MaxCDN to supply your browser with libraries (collections of technical instructions).

If your Browser does not have a cached copy or for any other reason downloads the file from BootstrapCDN, then your IP address will be transmitted to the provider MaxCDN during the connection to the Bootstrap CDN server. Provider is the NetDNA, LLC. (MaxCDN), 3575 Cahuenga Blvd West Suite 330, Los Angeles, CA 90068, USA. More information on data processing can be found on the Privacy Notice at the NetDNA, LLC. (MaxCDN): https://www.maxcdn.com/legal/#pp

Google Single Sign On

When registering a user-account, you also have the option of using a single sign-on account ("SSO"). Our website currently offers you the opportunity to use the SSO services offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google's Privacy notice and Terms of Use apply to the registration and use of the Google SSO service, see https://policies.google.com/privacy/

Please note that the registration for and the use of SSO services are subject to the Privacy notice and terms of use of Google.

If you decide to register using your SSO, in a first step you will be redirected to Google. Google will ask you to enter your login details or register with the SSO service. This prompt may be skipped if you are already logged in to the SSO. We will not be informed of your login details of your SSO, as they will not be transmitted to us.

In a second step, you will be asked to link your SSO-profile with our website. We will use the data provided by Google during the registration process to create a user-account on our website for you. During this step, you will also be informed about the data that we will be able to request from Google. Generally, this data includes your name, your profile and title picture, your gender and your username with the respective SSO-provider. Furthermore, we will need the e-mail address stored in your SSO-profile to register your user-account on our website. If you consent to us using your above data for the purposes described above, you will be redirected to our website to complete the registration of your user-account.

In the event that you wish to use our website with your SSO, Google will become aware that you wish to register a user-account on our website. Your Google will usually place a cookie in your browser when you click on the button with the relevant SSO-provider's logo. Google may use this cookie to collect further information about you and your surfing behavior. The information generated through the cookie is transferred to the servers of Google. It is possible that these servers are located in a third country, for example in the United States. Your information will be saved there and possibly merged with other profile data that Google has stored about you. This may result in Google creating user profiles that include information about you that exceeds that which you have provided.

Google has sign up to the EU-US Privacy Shield for cases in which personal data is transferred to Google in the United States. According to the regulations of the GDPR, such certification offers a sufficient guarantee for the compliance with the European data protection level for processing outside the EEA. More information can be found at https://www.privacyshield.gov/EU-US-Framework.

You can terminate the link between our website and your SSO-profile by logging into your SSO profile and adjusting your preferences as necessary. By doing so, you will be able to deny us the right to access and use the information from your SSO-profile.

The legal basis for our processing relating to the single sign on function offered on our website is your consent in accordance with Art. 6 (1) a. GDPR.

Shopify We use the online shop platform Shopify (Shopify International Ltd, Victoria Buildings, 2. Etage, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland). Shopify offers merchants like us an online store as a service. To be able to provide the service, Shopify collects information directly from our customers such as:

customers’ name email shipping and billing address payment details company name phone number IP address information about orders you initiate information about the Shopify-supported merchant stores that the person visits, and information about the device and browser you use.

This is done, to support and process orders, risk and fraud screening, authentication, and payments. Additionally, it is used to improve the services.

Shopify uses some of the personal information you provide to conduct some level of automated decision-making -- for example, Shopify use certain personal information (for example, IP addresses or payment information) to automatically block certain potentially fraudulent transactions for a short period of time.

For activities, for which Shopify is a processor, a data processing agreement has been reached to safeguard your personal information. For more details on the data processing of Shopify, please visit: https://www.shopify.com/legal/privacy

For Cookies and Marketing & Analytics related processors, please see the Cookie Notice.

NEWSLETTER

Accointing publishes its own newsletter in order to provide up-to-date information about our products and services. We send the newsletter after creating an account on the Website. We use the provider MailChimp to send our newsletter. MailChimp is provided by the Rocket Science Group LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA. The data required to provide you with the newsletter that was provided during the Website registration process will be transmitted to Rocket Science, which will store it. The data entered during registration will not be transferred to other third parties. Furthermore, MailChimp offers various ways to analyze how the newsletter is opened and used once it is sent, e.g. to how many users an email will be sent, whether mails were rejected and whether users unsubscribed from the list after receiving an email. However, these analyses are performed on groups and we do not use them for individual analysis. MailChimp also uses the analysis tool Google Analytics from Google LLC and in some cases integrates it into the newsletter. For more information about Google Analytics please refer to our Privacy Notice section about Google Analytics. For more information about data privacy at MailChimp please go to: ‍http://mailchimp.com/legal/privacy/

The data processing for sending the newsletter is based on your consent (legal basis Art. 6 (1) a. GDPR). The analytics is based on our legitimate interest in reducing costs by deleting users which do not view our newsletters and ensuring the content of our newsletters are relevant to the recipients thus reducing the amount of unwanted content.

If you purchase goods or services from us, we may in future send you information E-Mails for similar goods or services. Data processing will be based on the business relationship with you (Art. 6 (1) b. GDPR and carried out in accordance with the requirements of your local competition law as it related to newsletters.

OPT-OUT: You can unsubscribe to the newsletter at any time by using the contact information on the Website or click on the unsubscribe link that is contained in the footer of every newsletter.

‍DATA PROCESSING ON OUR SOCIAL MEDIA PAGES

We operate the following Social Media Pages on the following networks (“Social Media”):

Twitter: twitter.com by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, please also refer to https://twitter.com/en/privacy, Opt-out: https://twitter.com/personalization;

Medium: medium.com by A Medium Corporation, 799 Market Street, 5th Floor, San Francisco, CA 94103, USA, please also refer to Privacy notice Opt-out: https://medium.com/policy/medium-privacy-policy-f03bf92035c9 , https://medium.com/me/settings or https://medium.com/me/following/suggestions

Telegram: telegram.org and mobile APP by Telegram Messenger Inc. and Telegram UK Holdings Ltd., C/O Skadden, Arps, Slate, Meagher & Flom (UK) LLP, 40 Bank Street, London, United Kingdom E14 5DS, UK please also refer to https://telegram.org/privacy Opt-out: https://telegram.org/deactivate

LinkedIn: linkedin.com or linkedin mobile app by LinkedIn. LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, please also refer to https://www.linkedin.com/legal/privacy-policy / Opt-out: https://www.linkedin.com/psettings/privacy

Reddit: reddit.com by Reddit, Inc., 548 Market St. #16093, San Francisco, CA 94104, USA and Reddit, Inc., c/o First European Data Rep B.V., Schiphol Boulevard 195, 1118 BG Schiphol, The Netherlands, please also refer to [email protected] / https://www.redditinc.com/policies/privacy-policy

Facebook: by Facebook Ireland Ltd. 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland. Please refer to the Privacy notice of Facebook: Facebook Privacy notice

Instagram: Facebook Ireland Ltd. 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland. Please refer to the Privacy notice of Facebook &

Instagram product: https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram-Hilfebereich&bc[1]=Privatsph%C3%A4re%20und%20Sicherheit

Youtube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Please refer to the Privacy notice of Google: https://support.google.com/youtube/answer/2801895?hl=en

When using Twitter, Medium, Telegram, LinkedIn, Reddit or any other social media site, data may also be processed outside the EU. Please read the Privacy notice and the safeguards on data transfer of each provider before signing up to the services.

With our Social Media Pages, we can communicate with you and provide you with interesting information. We may receive further data from you through your comments, shared images, messages and reactions, which we then process to answer or communicate with you. If you use Social Media on several end devices, a cross-device analysis of the data can take place.

Furthermore, the providers of the Social Media Pages may also use cookies and tracking technologies to analyze and improve their services.

Data processing takes place with your consent or for the purpose of answering your enquiry (Art. 13 (1) DPA or Art. 6 (

  1. a., b. GDPR) or on the basis of legitimate interests in improving the services and presentation to the outside world (Art. 13 (2) DPA or Art. 6 (1) f. GDPR). By signing up for any of the above services you have consented to the processing by the service provider as set out in the terms of services. Information on our Facebook pages As controllers within the meaning of the EU General Data Protection Regulation, we and:

Facebook Ireland Ltd. (hereinafter "Facebook")

4 Grand Canal Square

Grand Canal Harbor Dublin 2

Ireland

operate webpages to draw attention to our products and services and to contact you as a visitor and user of our Facebook page and our website. As the operator of the Facebook pages, we have no interest in the collection and further processing of your individual personal data for analysis or marketing purposes. The operation of the Facebook page, including the processing of personal data of the users is based on our legitimate interests in an efficient information and interaction with our visitors (Art. 6 (1) f. GDPR).

Processing of personal data by Facebook

According to Facebook, your data will be used for the following purposes:

Advertising (analysis, creation of personalized advertising)

Creation of user profiles

Market Research

Facebook uses cookies for storage and further processing of this information, which is stored on the various user terminals. The storage and analysis are also cross-device.

The Facebook Privacy notice contains more information about data processing. Opt-Out options can be found here and here https://www.youronlinechoices.com

Facebook Inc., the US parent company of Facebook Ireland Ltd. is certified under the EU-US. Privacy Shield. For more information, see here.

As the person responsible, Facebook is not bound by our instructions, but processes your personal data independently. Due to the continuous change of the Facebook platform, we ask you to consult the current Facebook Privacy notice (see link above).

Our use of statistical data

Statistic data are available to us via the so-called "Insights" of the Facebook pages. These statistics are generated and provided by Facebook. We have no influence on the production and presentation as operator of the site. We cannot disable this feature or prevent the generation and processing of the data. For a selectable period, as well as for the categories including fans, subscribers, reached persons and interacting persons, we will be provided with the following data on our Facebook page:

Total number of page views, likes, page activity, post interactions, reach, video views, post coverage, comments, shared content, answers, percentage of men and women, country and city origin, language, views, and clicks in the shop, clicks on route planner, clicks on phone numbers. Likewise, data is provided in this way for the Facebook groups linked to our Facebook pages.

We use this aggregated data to make our posts and activities on our Facebook pages more attractive to users. According to the Facebook Terms of Service, we can identify the subscribers and fans of the site and view their profiles and other shared information.

Rights of the user

Since only Facebook has full access to the user data, we recommend that you contact Facebook directly if you would like to request information or to ask other questions about your rights as a user (for example, the right to delete). If you need assistance or have any other questions, feel free to contact us at the contact details provided in this Privacy notice.

If you no longer want your data to be processed as described here, please use the "I do not like this page" function to unlink your user profile from our site.

YOUR RIGHTS UNDER GDPR

In certain circumstances, you have the following rights relating to your Personal Data (Art. 13-22 GDPR):

To request access to your Personal Data. This is to enable you to receive a copy of the Personal Data we hold about you and to check that we are processing it lawfully.

To request correction (rectification) of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

To request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data in certain circumstances. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).

To object to processing of your Personal Data where we are relying on the public interest or our legitimate interests ( or those of a third party) or processing your data for direct marketing purposes.

To request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you: for example, if you want us to establish its accuracy or that it is being properly used by us. This means that it can only be used for certain limited purposes, such as dealing with legal claims or exercising our legal rights. In this situation, we would not use or share your information in other ways while it is restricted.

To request the transfer of your Personal Data to another party where we process it based on your consent and the processing is carried out by automated means.

To withdraw any consent you have given, allowing us to send marketing communications to you or collect or use your Personal Data in any other way.

Please note that exercising some of these rights may mean that we are unable to provide our services to you because some of the information is necessary for some services. In other cases, it may mean that we are providing services based on incomplete information, which may result in those services not meeting your needs or expectations.

Furthermore, you have the right to lodge a complaint with the competent supervisory body (Art. 77 GDPR).

STORING AND DELETING YOUR PERSONAL DATA

The Personal Data are deleted if you withdraw your consent and/or such Personal Data are no longer necessary for the purpose of processing. Specific deletion periods are set out in this Privacy Notice referring to the specific data or are implemented by us according to the following measures: Settings and measures provided by the engaged third party providers, affected interests by the data subjects, our legitimate interest of deleting data in an economical way etc. Furthermore, we store your Personal Data if we are obliged to do so in accordance with legal retention periods applicable under commercial and tax law.