Basistrade - Privacy policy of BASIS Trade AG

1. WHAT IS THIS PRIVACY POLICY ABOUT?

BASIS Trade AG (the “[company]”, hereinafter also “we”, “us”) is a company with its registered office
in Teufen AR. In the course of our business activities, we obtain and process personal data, in particular

personal data about our clients, associated persons, counterparties, courts and authorities, corre-
spondence companies, professional and other associations, visitors to our website, participants in

events, recipients of newsletters and other bodies or their respective contact persons and employees
(hereinafter also “you”). In this data protection declaration we inform you about these data processing
operations.
If you disclose data to us about other persons (e.g. family members, agents, counterparties or other
associated persons), we will assume that you are authorised to do so and that this data is accurate and
that you have ensured that these persons are informed about this disclosure, insofar as a legal duty to
inform applies (e.g. by bringing this privacy policy to their attention in advance).

2. WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA?

The data protection officer is responsible for the processing described in this data protection declara-
tion:

BASIS Trade AG
Alte Haslenstrasse 5
9053 Teufen AR
office@basistrade.ch

3. FOR WHAT PURPOSES DO WE PROCESS WHICH OF YOUR DATA?

When you use our services, www.basis-trade.com (hereinafter “website”), or otherwise deal with us,

we obtain and process various categories of your personal data. In principle, we may obtain and other-
wise process this data in particular for the following purposes:

• Communication: We process personal data so that we can communicate with you as well as
with third parties, such as parties to proceedings, courts or authorities, by e-mail, telephone,
letter or otherwise (e.g. to answer enquiries, in the context of legal advice and representation
as well as the initiation or execution of contracts). This also includes that we may send our
clients, contractual partners and other interested persons information about events, changes

in the law, news about our company or similar. This may take the form of, for example, news-
letters and other regular contact (electronic, postal, telephone). You may refuse such commu-
nications at any time, or refuse or withdraw consent to such communications. For this pur-
pose, we process in particular the content of the communication, your contact data and the

marginal data of the communication, but also image and audio recordings of (video) telephone
calls. In the event of an audio or video recording,

• we will inform you separately and you are free to inform us if you do not wish a recording to
be made or to terminate the communication. If we need or want to establish your identity, we
will collect additional data (e.g. a copy of an ID card).
• Initiation and conclusion of contracts: With regard to the conclusion of a contract, such as
in particular a contract for the establishment of a client-lawyer relationship, with you or your
client or employer, which also includes the clarification of any conflicts of interest, we may in

particular obtain and otherwise process your name, contact details, powers of attorney, dec-
larations of consent, information on third parties (e.g. contact persons, details of family and

counterparties, contract contents, date of conclusion, creditworthiness data and all other data
which you provide to us or which we receive from you. (e.g. contact persons, family details
and counterparties), contract contents, date of conclusion, creditworthiness data and all other
data which you provide to us or which we collect from public sources or third parties (e.g.
commercial register, credit agencies, sanctions lists, media, legal protection insurance or the
Internet).
• Administration and processing of contracts: We obtain and process personal data so that

we can comply with our contractual obligations towards our clients and other contractual part-
ners (e.g. suppliers, service providers, correspondence companies, project partners) and, in

particular, so that we can provide and claim contractual services. This also includes data pro-
cessing for client management (e.g. fiduciary work) as well as data processing for the enforce-
ment of contracts (debt collection, legal proceedings, etc.), accounting and public communica-
tion (if permitted). For this purpose, we process in particular the data which we receive or have

collected in the course of the initiation, conclusion and execution of the contract as well as
data which we create in the course of our contractual services or which we collect from public
sources or other third parties (e.g. courts, authorities, counterparties, information services,
media, detective agencies or from the Internet). Such data may include, in particular, minutes
of conversations and consultations, notes, internal and external correspondence, contractual
documents, documents that we prepare and receive in the course of proceedings before

courts and authorities (e.g. statements of claim, appeals and complaints, judgments and deci-
sions), background information about you, counterparties or other persons as well as other

mandate-related information, performance records, invoices and financial and payment infor-
mation.

• Operation of our website: In order to operate our website in a secure and stable manner,
we collect technical data, such as IP address, information about the operating system and
settings of your terminal device, the region, the time and the type of use. We also use cookies
and similar technologies. For more information, see para. 8.
• Improving our electronic offerings: In order to continuously improve our website, we collect
data about your behavior and preferences, for example by analyzing how you navigate
through our website.
• Registration: In order to use certain offers and services (e.g. [free Wi-Fi], newsletter), you must

register (directly with us or via our external login service providers). For this purpose, we pro-
cess the data disclosed during the respective registration. Furthermore, we may also collect

personal data about you during the use of the offer or service; if necessary, we will provide
you with further information about the processing of this data.

• Security purposes as well as access controls: We obtain and process personal data to en-
sure and continuously improve the appropriate security of our IT and other infrastructure (e.g.

buildings). This includes, for example, monitoring and controlling electronic access to our IT

systems as well as physical access to our premises, analysis and testing of our IT infrastruc-
tures, system and error checks and the creation of security copies. For documentation and

security purposes (preventive and incident investigation), we also keep access logs or visitor
lists in relation to our premises and use surveillance systems (e.g. security cameras). We draw
your attention to surveillance systems at the relevant locations by means of appropriate signs.
• Compliance with laws, directives and recommendations from authorities and internal

regulations: We obtain and process personal data to comply with applicable laws (e.g. anti-
money laundering, tax obligations or our professional obligations), self-regulations, certifica-
tions, industry standards, our corporate governance and for internal as well as external inves-
tigations to which we are a party (e.g. by a law enforcement or supervisory authority or a

mandated private body).
• Risk management and corporate governance: We obtain and process personal data in the

context of risk management (e.g. to protect against tortious activities) and corporate govern-
ance. This includes, among other things, our business organisation (e.g. resource planning)

and corporate development (e.g. acquisition and sale of business units or companies).
• Job application: If you apply for a job with us, we obtain and process the relevant data for the
purpose of reviewing the application, conducting the application procedure and, in the case
of successful applications, for the preparation and conclusion of a corresponding contract. For
this purpose, in addition to your contact details and the information from the corresponding

communication, we also process in particular the data contained in your application docu-
ments and the data as we can additionally obtain about you, for example from job-related

social networks, the Internet, the media and from references if you consent to us obtaining
references. Data processing in connection with the employment relationship is the subject of
a separate data protection declaration.
Other purposes: Other purposes include, for example, training and educational purposes
and administrative purposes (e.g. accounting). We may listen to or record telephone or video

conferences for training, evidence and quality assurance purposes. In such cases, we will no-
tify you separately (e.g. by displaying a notice during the video conference in question) and

you are free to tell us if you do not wish to be recorded or to end the communication (if you
simply do not wish your image to be recorded, please turn off your camera). In addition, we
may process personal data for the organisation, implementation and follow-up of events, such
as in particular lists of participants and the content of presentations and discussions, but also

image and audio recordings made during these events. The protection of other legitimate in-
terests is also one of the other purposes, which cannot be named exhaustively.

4. WHERE DOES THE DATA COME FROM?

• From you: The majority of the data we process is provided by you (e.g. in connection with our
services, the use of our website or communication with us). You are not obliged to disclose
your data, with exceptions in individual cases (e.g. legal obligations). However, if you wish to
conclude contracts with us or use our services, for example, you must disclose certain data to
us. The use of our website is also not possible without data processing.

• From third parties: We may also take data from publicly accessible sources (e.g. debt en-
forcement registers, land registers, commercial registers, media or the internet incl. social me-
dia) or receive such data from (i) public authorities, (ii) your employer or client who either has

a business relationship with us or otherwise deals with us, as well as from (iii) other third par-
ties (e.g. clients, counterparties, legal protection insurers, credit reference agencies, address

dealers, associations, contractual partners, internet analysis services). This includes, in partic-
ular, the data we process in the course of initiating, concluding and settling contracts as well

as data from correspondence and discussions with third parties, but also all other categories
of data.

5. WHO DO WE DISCLOSE YOUR DATA TO?

In connection with the measures described in para. 3 we transmit your personal data in particular to

the categories of recipients listed below. If necessary, we obtain your consent for this or have our su-
pervisory authority release us from our professional duty of confidentiality.

• Service providers: We work with service providers in Germany and abroad who (i) process
data on our behalf (e.g. IT providers), (ii) process data jointly with us or (iii) process data on
their own responsibility which they have received from us or collected for us. (These service

providers include, for example, IT providers, banks, insurance companies, debt collection com-
panies, credit reference agencies, address checkers, other companies or consultancies). We

usually agree contracts with these third parties on the use and protection of personal data.

• Clients and other contractual partners: First of all, this refers to clients and other contrac-
tual partners of ours for whom the transfer of your data results from the contract (e.g. because

you are working for a contractual partner or he provides services for you). This category of
recipients also includes bodies with which we cooperate, such as other law firms in Germany
and abroad or legal expenses insurers. The recipients process the data under their own
responsibility.

• Authorities and courts: We may disclose personal data to offices, courts and other authori-
ties in Switzerland and abroad if this is necessary for the fulfilment of our contractual obliga-
tions and in particular for the conduct of our mandate, or if we are legally obliged or entitled

to do so or if this appears necessary to protect our interests. These recipients process the data
under their own responsibility.
• Counterparties and persons involved: To the extent necessary for the performance of our
contractual obligations, in particular for the management of the mandate, we also disclose
your personal data to counterparties and other persons involved (e.g. guarantors, financiers,
affiliated companies, other companies, informants or experts, etc.).
• Other persons: This refers to other cases where the inclusion of third parties arises from the

purposes pursuant to para. 3 results. This concerns, for example, delivery addressees or pay-
ment recipients specified by you, third parties within the framework of representative rela-
tionships (e.g. your lawyer or your bank) or persons involved in official or legal proceedings.

We may also disclose your personal data to our supervisory authority, in particular if this is
necessary in individual cases to release you from our professional duty of confidentiality. If we
work with the media and provide them with material (e.g. photos), you may also be affected.
In the course of business development, we may sell or acquire businesses, parts of businesses,
assets or companies, or enter into partnerships, which may also result in the disclosure of

data (including about you, e.g. as a client or supplier or as their representative) to the persons
involved in these transactions. Communications with our competitors, industry organisations,
associations and other bodies may also involve the exchange of data relating to you.
All these categories of recipients may in turn involve third parties, so that your data may also become
accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by
other third parties (e.g. authorities, banks, etc.).

We also allow certain third parties to collect personal data from you on our website and at events or-
ganised by us, also on their own responsibility (e.g. media photographers, providers of tools that we

have integrated on our website, etc.). Insofar as we are not decisively involved in these data collections,
these third parties are solely responsible for them. If you have any concerns or wish to exercise your
data protection rights, please contact these third parties directly. We have explained your rights in para.
7 listed. You can find information about the activities on our website in section 8. 8.

6. DOES YOUR PERSONAL DATA ALSO END UP ABROAD?

We process and store personal data mainly in Switzerland and the European Economic Area (EEA), but

depending on the case – for example via subcontractors of our service providers or in proceedings be-
fore foreign courts or authorities – potentially in any country in the world. Your personal data may also

be transferred to any country in the world in the course of our activities for clients.

If a recipient is located in a country without adequate data protection, we contractually oblige the re-
cipient to comply with an adequate level of data protection (for this purpose, we use the revised stand-
ard contractual clauses of the European Commission, which can be accessed here: https://eur-lex.eu-
ropa.eu/eli/dec_impl/2021/914/oj? including the supplements necessary for Switzerland), unless the re-
cipient is already subject to a legally recognised set of rules to ensure data protection. We may also

disclose personal data to a country without adequate data protection without concluding a separate
contract for this purpose if we can rely on an exceptional provision for this purpose. An exception may

apply in particular in the case of legal proceedings abroad, but also in cases of overriding public inter-
ests or if the performance of a contract which is in your interest requires such disclosure (e.g., if we

disclose data to our correspondent companies), if you have given your consent or it is not possible to
obtain your consent within a reasonable period of time and the disclosure is necessary to protect your
life or physical integrity or that of a third party, or if the data in question has been made generally
available by you and you have not objected to its processing. We may also rely on the exemption for
data from a register provided for by law (e.g. register extract) to which we have been legitimately given
access. We may also rely on the exception for data from a register provided for by law (e.g. register
extract) to which we have been legitimately given access.

7. WHAT RIGHTS DO YOU HAVE?

You have certain rights in connection with our data processing. In accordance with applicable law, you

may in particular request information about the processing of your personal data, have incorrect per-
sonal data corrected, request the deletion of personal data, object to data processing, request the re-
lease of certain personal data in a common electronic format or its transfer to other data controllers.

If you wish to exercise your rights against us, please contact us; you will find our contact details in
section 2. 2. In order for us to be able to exclude abuse, we must identify you (e.g. with a copy of your
identity card, if necessary).

Please note that prerequisites, exceptions or restrictions apply to these rights (e.g. for the protection
of third parties or business secrets or due to our professional duty of confidentiality). We reserve the
right to black out copies or to supply only excerpts for reasons of data protection or confidentiality.

8. HOW ARE COOKIES, SIMILAR TECHNOLOGIES AND SOCIAL MEDIA PLUG-INS USED ON OUR WEBSITE AND OTHER DIGITAL SERVICES?

When using our website (incl. newsletter), data is generated that is stored in logs (in particular technical

data). In addition, we may use cookies and similar techniques (e.g. pixel tags or fingerprints) to recog-
nise website visitors, evaluate their behavior and recognise preferences. A cookie is a small file that is

transmitted between the server and your system and enables the recognition of a specific device or
browser.
You can set your browser to automatically reject, accept or delete cookies. You can also deactivate or
delete cookies in individual cases. You can find out how to manage cookies in your browser in the help
menu of your browser.
Both the technical data we collect and cookies generally do not contain any personal data.
In addition, we use our own tools as well as third-party services (which in turn may use cookies) on our
website, in particular to improve the functionality or content of our website (e.g. integration of videos
or maps), to compile statistics.
Some of the third-party providers we use may be located outside of Switzerland. Information on the
disclosure of data abroad can be found under para. 6. In terms of data protection law, they are in part
“only” order processors of us and in part responsible bodies. Further information on this can be found
in the data protection declarations.

9. WHAT ELSE NEEDS TO BE CONSIDERED?

We do not assume that the EU General Data Protection Regulation (“GDPR”) is applicable in our case.
However, if this should exceptionally be the case for certain data processing operations, this section
shall additionally apply exclusively for the purposes of the GDPR and the data processing operations
subject to it. 9.
We base the processing of your personal data in particular on the fact that
• they are as described in para. 3 is necessary for the initiation and conclusion of contracts and
their administration and enforcement (Art. 6 para. 1 lit. b DSGVO);
• it is necessary to protect the legitimate interests of us or of third parties as described in section
3. 3 namely for communication with you or third parties, to operate our website, to improve
our electronic offers and registration for certain offers and services, for security purposes, for
compliance with Swiss law and internal regulations for our risk management and corporate
governance and for other purposes such as training and education, administration, evidence
and quality assurance, organisation, implementation and follow-up of events and to safeguard
other legitimate interests (see section 3) (Art. 6 para. 1 lit. f DSGVO);
• it is required or permitted by law on the basis of our mandate or position under the law of the
EEA or a member state (Art. 6(1)(c) DSGVO) or is necessary to protect your vital interests or
those of other natural persons (Art. 6(1)(d) DSGVO);

• you have separately consented to the processing, e.g. via a corresponding declaration on our
website (Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a DSGVO).
We would like to point out that we will process your data for as long as it is necessary for the purposes
for which we process it (cf. para. 3), the legal retention periods and our legitimate interests, in particular
for documentation and evidence purposes, or for as long as storage is technically necessary (e.g. in the
case of backups or document management systems). If there are no legal or contractual obligations or

technical reasons to the contrary, we generally delete or anonymise your data after the storage or pro-
cessing period has expired within the scope of our usual processes and in accordance with our reten-
tion policy.

If you do not provide certain personal data, this may mean that it is not possible to provide the related
services or conclude a contract. As a matter of principle, we indicate where personal data requested by
us is mandatory.
The procedure described in para. 7 applies in particular to data processing for the purpose of direct
marketing.
If you do not agree with our handling of your rights or data protection, please let us know (see contact
details in section 2). If you are in the EEA, you also have the right to complain to the data protection
supervisory authority in your country. You can find a list of the authorities in the EEA here:
https://edpb.europa.eu/about-edpb/board/members_de.

10. CAN THIS PRIVACY POLICY BE CHANGED?

This Privacy Policy does not form part of any contract with you. We may amend this privacy policy at
any time. The version published on this website is the current version.

August 2023