Privacy Statement

1. What Is This Privacy Statement and to Whom Does It Apply?

The protection and confidentiality of personal data are of particular concern to us. In this privacy policy, we as SIPRO Siderprodukte AG (“SIPRO”, “we” or “us”), explain how, when and why we process personal data of the respective persons or employees and other representatives when initiating and conducting business activities with customers, suppliers and other business partners.

“Personal data” means all information relating to an identified or identifiable individual person.

“Processing” means any handling of personal data, regardless of the means and procedures used. In particular, this includes obtaining, storing, keeping, using, modifying, disclosing, archiving, deleting or destroying personal data.

2. Responsibility for Data Processing and Legal Basis

SIPRO® STAHL HOLDING AG and its sales companies are responsible for the processing of personal data in accordance with this privacy statement.

SIPRO Siderprodukte AG, Grindlenstrasse 5, 8954 Geroldswil
SIPRO Beltrame AG, Grindlenstrasse 5, 8954 Geroldswil
DONALAM Siderprodukte AG, Grindlenstrasse 5, 8954 Geroldswil
PITTINI Siderprodukte AG, Grindlenstrasse 5, 8954 Geroldswil
VENETE Siderprodukte AG. Grindlenstrasse 5, 8954 Geroldswil
SIPRO International AG, Hammergut 6, 6330 Cham

SIPRO processes your personal data according to the applicable Swiss federal law on data protection (DSG) as of 25 September 2020, the decree on data protection (DSV) of 31 August 2022 and any other applicable legal provisions.

3. What Personal Data Do We Process?

We process personal data relating to our business relationships with (future) customers, suppliers and other business partners. Typically, this involves the following categories of personal data about you as a customer, supplier, business partner or as their employee or other representative.

• Name, address as well as contacts (i.e., e-mail address, phone number etc.)
• Communication content and marginal data
• Details of the company or organization (i.e., company, composition of the group, beneficial owners, etc.)
• Function in the company or organization, your authority to sign, etc.
• Invoice information (i.e., details of services provided and the time spent on them, agreed hourly rates, etc.) and payment history
• History of customer and supplier relationships
• Any other personal data you provide us with

4. Where Do We Obtain the Personal Data?

We receive personal data primarily directly from you or from our customers, suppliers or business partners. Depending on the nature of the business, we also receive personal data from business or contractual partners of our customers, suppliers or business partners, insurance companies and other third parties. To the extent permitted by law, we sometimes also obtain personal data from publicly available sources such as commercial registers, the internet, social media, etc.

If you disclose data about other persons (e.g., employees or other persons) to us, we assume that you are authorized to do so and that these data are correct. We also assume you have ensured that these persons have been informed about this disclosure, insofar as a legal duty to inform applies (e.g., by bringing this privacy policy to their attention in advance).

5. For What Purposes Do We Process Your Personal Data?

We process personal data namely for the following purposes:

• The initiation, establishment, management and administration of business relations with our customers, suppliers and business partners, as well as invoicing and collection of payments
• Communication with you
• Execution of the business relationship (e.g., contract processing, joint projects)
• Maintaining relations with you (e.g., customer database)
• Sending invitations to events (e.g., trade fairs) and newsletters, etc. as well as the organization of events (you can object to this at any time; we will then put you on an unsubscribed list for further mailings)
• Compliance with legal requirements to which we are subject
• To assert our own legal claims and to protect our rights in connection with legal disputes and in the context of official or judicial proceedings
• To ensure our operations and the security of our business premises and IT systems
• Accounting, auditing and reporting
• Processing in connection with a merger, sale, spin-off or the acquisition of companies or businesses in which we are involved, or any other business transfer affecting us

6. To Whom May We Disclose Your Personal Data?

In connection with the purposes mentioned in section 5 above, we may, in individual cases, disclose relevant personal data to third parties, whereby we endeavor to limit this to the minimum necessary. Typically, these are found in the following categories of recipients:

• Our Group’s companies
• Our business partners, insofar as they are involved in the specific transaction at hand
• Insurance companies
• Our external consultants (e.g., lawyers)

For the execution of certain business processes, we may involve external service providers, who may process your personal data based on contractual obligations (i.e., for the operation and security of our IT infrastructure and e-mail servers, for the storage of our business data, for payroll accounting, for the processing of insurance claims, etc.).

7. Do We Transmit Your Personal Data Abroad?

Personal data is generally processed in Switzerland. However, service providers or third parties as well as other group companies that receive access to your personal data may be located abroad or process personal data abroad. In addition, individual business processes involving the usage of personal data may take place abroad, possibly in countries with a lower level of data protection than in Switzerland, such as the USA.

8. How Long Do We Keep Your Personal Data?

The storage period of personal data is generally based on statutory retention periods and any additional need to process the personal data (e.g., evidence in the event of a legal dispute). We normally retain personal data for 10 years from the completion of an order or project.

9. Your Rights

You have various rights regarding your personal data processed by us. In accordance with applicable law, you may request information about the processing of your personal data, have incorrect personal data corrected, request the deletion of personal data, object to data processing, request the release of certain personal data in a common electronic format or its transfer to other data controllers.

These rights may be restricted in individual cases on the basis of legal provisions (e.g., attorney-client privilege) or justification grounds. In all cases, you must provide clear proof of your identity.

10. May We Change This Privacy Statement?

We may at any time and at our discretion unilaterally amend this Privacy Statement with future effect.

11. Contact for Data Privacy Concerns

Your contact person for data protection concerns is:

Mr Gregorio Bani
Tel: +41 44 749 22 11
E-mail: gbani@siprostahl.ch