Privacy Statement

This Data Protection Statement outlines how TOPOCROM SYSTEMS AG (hereinafter “TOPOCROM SYSTEMS”, “we”, or “us”) processes personal data in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the General Data Protection Regulation (EU) 2016/679 (GDPR).

Please note that specific data protection notices, general terms and conditions, or participation terms may apply to particular services or events.

We reserve the right to amend this Privacy Statement at any time without prior notice. The most current version is available at Privacy Statement.

We process personal data in accordance with applicable data protection law, including the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

Depending on the purpose, processing may be based on:

• Performance of a contract or steps prior to entering into a contract (Art. 31 para. 2 lit. a FADP);
• Compliance with legal obligations (Art. 31 para. 1 FADP);
• Consent (Art. 6 para. 6 FADP), where required;
• Legitimate interests pursued by TP or third parties, provided these are not overridden by the rights and freedoms of the data subject (Art. 31 para. 1 FADP);
• Employment-related processing, particularly for recruitment (Art. 328b CO; Art. 31 FADP).

Specific processing purposes and corresponding legal grounds are outlined in Section 4 ("Purposes of the Data Processing").

The data controller for the data processing activities described in this statement is:

TOPOCROM SYSTEMS AG
Gewerbestrasse 8
8212 Neuhausen am Rheinfall
Switzerland
Person: Falko Krambeer
Telephone: +41 716200183
Email: f.krambeer@topocrom.com

For data protection-related inquiries, please contact us using the information above.

TOPOCROM SYSTEMS processes personal data of individuals concerned (“data subjects”) for the following purposes, as permitted under the applicable legal bases outlined in Section 2:

• To initiate and manage contractual relationships, including preparing offers, negotiations, and performance of obligations (e.g., shipping products, handling inquiries, and collections);
• To communicate in relation to existing or potential contracts or at the initiative of data subjects;
• To manage recruitment processes and evaluate applications;
• To comply with legal obligations, including accounting, retention, and documentation requirements;
• To operate and maintain our website, including system performance, user experience optimization, and cybersecurity;
• For marketing and promotional purposes, such as distributing newsletters and hosting events, based on consent where required or TP’s legitimate interest in promoting its offerings.

Each processing activity is based on one or more legal grounds, such as the performance of a contract, compliance with a legal obligation, consent, or our legitimate interest, as further explained in Section 2.

When visiting our website, the following personal data may be processed:

• Pages visited on our website;
• Referring URL (website visited immediately before);
• Date and time of access;
• Device-specific information (e.g., operating system, browser type, screen resolution);
• IP address;
• Unique identifiers (cookies and plugins as further described below).

Data subjects have the following rights, subject to applicable legal conditions:

• Right of access: To obtain confirmation as to whether personal data is being processed and to receive information about such processing;
• Right to rectification: To request correction of inaccurate or incomplete data;
• Right to object: To object to processing based on legitimate interests or for direct marketing purposes;
• Right to withdraw consent: To withdraw previously given consent at any time (without affecting the lawfulness of prior processing);
• Right to restriction of processing: To request limited processing under certain conditions;
• Right to data portability: To receive personal data in a structured, commonly used, and machine-readable format;
• Right to erasure: To request deletion of personal data where it is no longer needed or processing is unlawful;
• Right to lodge a complaint: With a competent supervisory authority.

We may share personal data with:

• Service providers and processors, such as IT support, logistics, and marketing partners;
• Affiliates or subsidiaries within the TOPOCROM SYSTEMS Group, where necessary and lawful;
• Public authorities or regulators, when required by law or in connection with legal claims.

Where personal data is transferred to a third country lacking adequate data protection, appropriate safeguards are implemented, such as the use of Standard Contractual Clauses approved by the European Commission (please refer to https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en) with the necessary amendments according to Federal Data Protection and Information Commissioner (FDPIC) The transfer of personal data to a country without an adequate level of data protection based on standard data protection clauses in accordance with Article 16 paragraph 2 letter d FADP (https://backend.edoeb.admin.ch/fileservice/sdweb-docs-prod-edoebch-files/files/2025/02/12/fc143071-a80a-4f61-b479-0ac3249961d6.pdf), or reliance on other recognized legal frameworks

We retain personal data only for as long as necessary for the purposes for which it was collected, including:

• Duration of the business relationship;
• Statutory retention periods;
• Limitation periods for legal claims;
• Compliance with legal or regulatory obligations.

Once the data is no longer required, it is deleted or anonymized unless otherwise required for legal or operational reasons.

We implement appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. Data protection principles are embedded in our systems and processes by design and by default.

In the context of a contractual relationship, you must provide the personal data necessary for entering into and performing the contract. Failure to provide required data may result in our inability to provide the requested services.

We use cookies, Google Analytics, and various social media plugins. Please refer to our Cookies and Technologies Declaration for further information.

For inquiries or to exercise your rights under data protection law, please contact us at:

f.krambeer@topocrom.com

We endeavor to respond to all data protection-related requests in a timely manner.