Privacy Policy

Privacy Policy of Publicis Media Switzerland AG

In this Privacy Policy, we, Publicis Media Switzerland AG, explain how we collect and otherwise process personal data. This is not an exhaustive description; other privacy policies or general terms and conditions, conditions of participation and similar documents may govern specific matters. Personal data is any information relating to an identified or identifiable individual.

If you provide us with personal information about other people (e.g. family members, work colleagues), please ensure that they are aware of this Privacy Policy and only share their personal information with us if you are authorised to do so and the personal information is accurate.

This privacy policy is designed to meet the requirements of the EU General DataProtection Regulation ("GDPR"), the Swiss Data Protection Act("DPA") and the revised Swiss Data Protection Act("revDSG"). However, whether and to what extent these laws apply will vary from case to case.

Responsible Person / Data Protection Officer / Representative

Publicis MediaSwitzerland AG, Stadelhoferstrasse 25, 8001 Zurich, is responsible for the data processing described here. If you have any privacy concerns, please contact us at info@publicismedia.ch.

Our representative in the EEA for the purposes of Art. 27 GDPR is Mr Yusuf Tuncay-Eberl, Data Protection Officer D/A/CH, yusuf.tuncay-eberl@publicisresources.com.

Collection and Processing of Personal Data

We primarily process personal data that we receive from our clients and other business partners in the course of our business relationship with them and other involved parties, or that we collect from their users in the course of operating our websites, apps and other applications.

Where permitted, we also obtain certain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, press, Internet) or receive such data from other companies within Publicis Groupe Switzerland, from public authorities and other third parties (e.g. credit reference agencies, address dealers). In addition to the data about you that you provide directly to us, the categories of personal data about you that we receive from third parties include, in particular, information from public registers, information that we receive in connection with official and legal proceedings, information related to your professional functions and activities (for example, so that we can conclude and process contracts with your employer with your help), information about you in correspondence and meetings with third parties, credit information (insofar as we do business with you personally), information about you that we receive from your environment (family, advisors, legal representatives, etc.)so that we can conclude or process contracts with you or with your involvement (for example, to conclude and process contracts with you personally). ) to enable us to enter into or perform contracts with you or with your involvement (for example References, your delivery address, powers of attorney, information to comply with legal requirements such as anti-money laundering and export restrictions, information from banks, insurance companies, sales and other contractual partners of ours regarding the use or provision of services by you(e.g. payments made, purchases made), information from the media and theInternet about you (if this is indicated in the specific case, e.g. in the context of an application for a job). Your addresses and, where applicable, interests and other socio-demographic data (for marketing purposes), data relating to the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of visit, pages and content accessed, functions used, referring website, location data).

Data Processing Purposes and Legal Basis

We use the personal data we collect primarily to enter into and perform our contracts with our clients and business partners, to provide products and services to our customers and to purchase products and services from our suppliers and subcontractors, and to comply with our legal obligations in Switzerland and abroad. If you work for one of these clients or business partners, your personal data may also be affected in that capacity.

We also process personal data about you and others for the following purposes, where permitted and where we consider it appropriate, in which we (and sometimes third parties) have a legitimate interest that is proportionate to the purpose:

- To provide and develop our products, services and websites, applications and other platforms on which we are present;

- Communicating with third parties and processing their requests (e.g. applications, media enquiries);

- Reviewing and optimising needs analysis processes for direct client contact and the collection of personal data from publicly available sources for client acquisition purposes;

- Advertising and marketing (including the organisation of events), unless you have objected to the use of your data (if we send you advertising from us as an existing clients, you can object at any time and we will then blacklist you from further advertising mailings);

- Market and opinion research, media monitoring;

- Enforcement of legal claims and defence in connection with litigation and regulatory proceedings;

- Preventing and investigating crime and other misconduct (e.g. conducting internal investigations, analysing data to combat fraud);

- Securing our operations, in particular IT, our websites, applications and other platforms.

If you have given us your consent to process your personal data for specific purposes (for example, when registering to receive newsletters or carrying out a background check), we will process your personal data within the scope and on the basis of that consent, unless we have and need another legal basis. You may withdraw your consent at any time, but this will not affect any processing that has already taken place.

Cookies / Tracking and other Technologies associated with using our Website

We typically use "cookies" and similar technologies on our websites to identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser you use when you visit our website. This enables us to recognise you when you return to this website, even if we do not know who you are. In addition to cookies that are only used during a session and are deleted after your visit to the website ("session cookies"), cookies may also be used to store user preferences and other information for a set period of time (e.g. two years) ("persistent cookies"). However, you can set your browser to refuse cookies, to store them for a single session only, or to delete them prematurely. Most browsers are preset to accept cookies. We use persistent cookies to help us better understand how you use our services and content(which may also happen on other companies' websites), but we do not tell them who you are, if we know at all, because they only see that the same user is on their website as was on a particular page on our site.

In some of our newsletters and other marketing emails, where permitted, we also include visible and invisible gifs that we can retrieve from our servers to determine if and when you have opened the email, so that we can measure and better understand how you use our offers and tailor them to you. You can block this in your email program; most are set up to do this by default.

By using our website and agreeing to receive newsletters and other marketing emails, you consent to the use of these techniques. If you do not wish to receive these, you will need to adjust your browser or email program accordingly.

- Google Analytics: We use Google Analytics or similar services on our websites. This is a service provided by a third party, which may be located in any country in the world (in the case of Google Analytics, it is Google Ireland (based in Ireland), which uses Google LLC (based in the USA) as its processor (both "Google"), www.google.com), which enables us to measure and analyse website usage (on a non-personalised basis). Persistent cookies set by the service provider are also used for this purpose. We have configured the service so that visitors' IPaddresses are truncated by Google in Europe before being sent to the US, making them untraceable. We have disabled the "data transfer" and"signals" settings. Although we believe that the information we provide to Google is not personally identifiable information to Google, Google may use this information for its own purposes to identify visitors, create personal profiles and associate this information with those individuals' GoogleAccounts. If you have registered with the service provider, the service provider will also know you. The service provider will then be responsible for processing your personal data in accordance with its privacy policy. The service provider will only tell us how our website is being used (no information about you personally).

-Social Media: We also use plug-ins from social networks such as Facebook, Twitter, YouTube, TikTok or Instagram on our websites. This is visible to you in each case (usually via icons). We have configured these elements to be disabled by default. If you choose to enable them (by clicking on them), the operators of those social networks will be able to register that you are on our website and where you are, and use that information for their own purposes. The processing of your personal data will then be the responsibility of that operator in accordance with its privacy policy. We do not receive any information about you from them.

Data Transfer andinternational Data Transfer

In the course of our business and for the purposes set out in section 3, we may also disclose information to third parties where it is lawful and appropriate to do so, either because they process it for us or because they wish to use it for their own purposes. This applies in particular to the following parties:

- Our service providers (within Publicis Groupe Switzerland and externally, e.g. banks, insurance companies), including contract processors (e.g. IT providers);

- Distributors, suppliers, subcontractors and other business partners;

- Clients;

- Domestic or foreign authorities, official entities or courts

- The media;

- The public, including visitors to websites and social media;

- Competitors, industry entities, associations, organisations and other entities

- Other parties to potential or actual legal proceedings;

- Other Publicis Groupe Switzerland companies

all "Receivers"together.

Some of these recipients are located in Switzerland, but they may be located anywhere in the world. In particular, you should be aware that your data may be transferred to any country in which Publicis Groupe is represented by subsidiaries, affiliates or other offices, as well as to other countries in Europe and the United States where the service providers we use (e.g. Microsoft, SAP, Salesforce) are located.

If a recipient is located in a country that does not have an adequate level of data protection, we will contractually require the recipient to comply with the applicable data protection law (we use the European Commission's revised standard contractual clauses, which can be accessed here), unless the recipient is already subject to a legally recognised data protection regime and we cannot rely on an exception. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interest, or if the performance of a contract requires such disclosure, if you have given your consent, or if the data in question has been made generally available by you and you have not objected to its processing.

Retention Period of Personal Data

We process and store your personal data for as long as is necessary to fulfil our contractual and legal obligations or otherwise for the purposes for which the data is processed, e.g. for the duration of the entire business relationship (from initiation and processing to termination of a contract) and beyond that in accordance with statutory retention and documentation obligations. It is possible that personal data may be stored for as long as claims may be asserted against our company and to the extent that we are otherwise legally obliged to do so or that legitimate business interests require it (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the purposes set out above, it will be deleted or made anonymous where possible. Shorter retention periods of twelve months or less generally apply to operational data (e.g. system logs, records).

Data Security

We take appropriate technical and organisational security measures to protect your personal data from unauthorised access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymisation, audits.

Obligation to provide Personal Data

As part of our business relationship, you will be required to provide us with personal information that is necessary for us to establish and maintain a business relationship with you and to perform our contractual obligations with you (you will not normally be required by law to provide us with such information). Without this information, we will generally not be able to enter into or perform a contract with you (or the entity or person you represent). In addition, the Website cannot be used without the provision of certain traffic security information (such as IP address).

Profiling

We process some of your personal data automatically in order to evaluate certain personal aspects (profiling). We use profiling in particular to provide you with targeted information and advice about products. In doing so, we use evaluation tools that enable us to provide needs-based communication and advertising, including market and opinion research.

Rights of the Data Subject

You have the right to access, rectify, delete, restrict and otherwise object to our data processing, in particular for the purposes of direct marketing, profiling for direct advertising and other legitimate interests in processing, as well as to the disclosure of certain personal data for the purpose of transfer to another organisation (so-called data portability) within the framework of the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR). Please note, however, that we reserve the right to enforce the restrictions provided by law, for example, if we are obliged to store or process certain data, have an overriding interest in doing so (to the extent that we can invoke this) or require it for the assertion of claims. We will inform you in advance if there are any costs involved. We have already informed you about the possibility of withdrawing your consent in section 3. Please note that exercising these rights may conflict with contractual agreements and may have consequences such as early termination of the contract or cost consequences. We will inform you in advance if this is not already provided for in the contract.

In order to exercise these rights, you will generally be required to clearly prove your identity (e.g. by providing a copy of your identity card if your identity is otherwise not clear or cannot be verified). To exercise your rights, you may contact us at the address set out in Section 1.

Everydata subject also has the right to pursue his or her claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch).

Changes

We may change this privacy policy at any time without notice. The current version posted on our website will apply. If the Privacy Policy forms part of an agreement with you, we will notify you of the change by email or other appropriate means when the Privacy Policy is updated.