Privacy statement

With this Privacy Policy, we provide information about the processing of personal data in connectionour activities and operations, including our website under the domain name www.lux-zurich.ch. In particular, we explain for what purposes, how, and where we process which personal data. We also provide information about the rights of individuals whose data we process.

For specific or additional activities and operations, we may publish additional privacy policies or other information regarding data protection.

1. Contact Addresses

The data controller within the meaning of data protection law is:

Kongresshaus Zürich AG
Gotthardstrasse 5
CH-8002 Zurich

datenschutz@kongresshaus.ch

In individual cases, third parties may be responsible for the processing of personal data, or there may be jointwith third parties. Upon request, we are happy to provide data subjects with information regarding the respective responsibility.

2. Terms and Legal Bases

2.1 Terms

Data Subject: A natural person whose personal data we process.

Personal Data: All information relating to an identified or identifiable natural person.

Sensitive Personal Data: Data regarding economic, political, religious, or philosophical views and activities; data regarding health, privacy, or membership in an ethnic or racial group; genetic data; biometric data that uniquely identifies a natural person; data regarding criminal and administrative sanctions or proceedings, and data regarding social assistance measures.

Edit: Any processing of personal data, regardless of the means and methods used, such as retrieval, comparison, adaptation, archiving, storage, reading, disclosure, collection, recording, erasure, disclosing, classifying, organizing, storing, modifying, disseminating, linking, destroying, and using personal data.

2.2 Legal Basis

We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (Data Protection Act, DPA) and the Data Protection Ordinance (Data Protection Ordinance, DSV).

3. Nature, Scope, and Purpose of the Processing of Personal Data

We process the personal data that is necessary to carry out our activities and operations in a sustainable, user-friendly,, secure, and reliable manner. The personal data processed may include, in particular, the categories of browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data. The personal data may also constitute special-category personal data.

We also process personal data that we receive from third parties, obtain from publicly available sources, or collect in the course of our activities and operations, to the extent that such processing is permitted.

We process personalwhere necessary, with the consent of the data subjects. In many cases, we may process personal data without consent, for example to comply with legal obligations or to safeguard legitimate interests. We may also request consent from data subjects if theiris not required.

We process personal data for the period necessary for the respective purpose. We anonymize or delete personal data, in particular in accordance with statutory retention and statute of limitations periods.

4. Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties may include, for example, specialized providers whose services we utilize. Such third parties may in turn disclose personal data to other third parties.

In the course of our activities and operations, we may disclose personal data, in particular to banks and other financial service providers, government agencies, educational and research institutions, consultantsand attorneys, accounting and fiduciary service providers, debt collection agencies, interest groups, IT service providers, cooperationpartners, credit and business information agencies, logistics and shipping companies, marketing and advertising agencies, media, parent, sister, and subsidiary companies, organizations and associations, social institutions, telecommunications companies, insurance companies, and payment service providers.

5. Communication

We process personal data in order to communicate with individuals as well as with authorities, organizations, and companies. In doing so, we process, in particular, data that a data subject provides to us when contacting us, for example by mail or email. We may store such data in an address book or using comparable tools.

Third parties who provide us with data about other individuals are legallylegally obligated to independently ensure the data protection of these data subjects. In particular, they must ensure that they are authorized to transmit such data and must also guarantee the accuracy of the transmitted data.

We use selected services from suitable providers to facilitate and improve communication with individuals and other communication­partners. We may also use such services to manage and further process the data of data subjects beyond direct communication, for example in connection with orders, services, projects, and resource planning.

6. Data­security

We take appropriate technical and organizational measures to ensure data security commensurate with the respective risk. With our measures, we ensure in particular the confidentiality,availability, traceability, and integrity of the personal data processed, without, however, being able to guarantee absolute data security.

Access to our website and our other digital presence is provided via transport encryption (SSL / TLS, specifically using the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn users before visiting a website without transport encryption.

Our digital communication is subject—as is generally the case with all digital communication—to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence over the processing of personal data by intelligence agencies, police,and other security agencies. Nor can we rule out the possibility that a data subject is being specifically monitored.

7. Personal Data Abroad

We generally process personal data in Switzerland. However, we may also disclose or export personal data to other countries, in particular to process or have it processed there

We may transfer personal data to all countries in the world and elsewhere in the universe, provided that the local law complies with Decision of the Swiss Federal Council ensures adequate data protection.

We may disclose personal data to countries whose laws do not provide adequate data protection, provided that adequate data protection is ensured for other reasons, in particular on the basis of standarddata protection clauses or other suitable safeguards. In exceptional cases, we may export personal data to countries without adequate or suitable data protection if the specific legal requirements for data protection are met, for example, the explicitconsent of the data subjects or a direct connection to the conclusion or performance of a contract. Upon request, we are happy to provide data subjects with information about any safeguards or supply a copy of such safeguards.

8. Rights of Data Subjects

8.1 Data Protection Claims

We grant data subjects all rights in accordance with applicable law. Data subjects have the following rights in particular:

• Information: Data subjects may request information as to whether we process personal data about them and, if so, what personal data is involved. Data subjects shall also receive the information necessaryto assert their data protection rights and to ensure transparency. This includes the personal data processed as such, but also, among other things, details regarding the purpose of processing, the duration of storage,, any disclosure or export of data to other countries, and the origin of the personal data.
• Correction and restriction: Data subjects may correct inaccurate personal data, complete incomplete data, and have the processing of their data restricted.
• Right to express one’s own point of view and to a human review: Data subjects may, in the case of decisions based exclusivelysolely on automated processing of personal data and which produce legal effects concerning them or significantly affect them (automated individual decisions), may present their own point of view and request a review by a human.
• Deletion and Objection: Data subjects may request the deletion of personal data (“right to be forgotten”) and object to the processing of their data with effect for the future.
• Data disclosure and data portability: Data subjects may request the disclosure of personal data or the transfer of their data to another controller.

We may postpone, restrict, or refuse the exercise of data subjects’ rights within the legally permissible scope., restrict, or refuse the exercise of data subjects’ rights. We may inform data subjects of any prerequisites that must be met for the exercise of their data protection rights. For example, we may provide information subject toreference to confidentiality obligations, overriding interests, or the protection of other individuals. For example, we may also refuse to delete personal data,

In exceptional cases, we may charge a fee for the exercise of the rights . We will inform the data subjects in advance of any costs.

We are obligated to identify data subjects who request information or assert other rights by taking appropriate measures. Data subjects are obligated to cooperate.

8.2 Legal Protection

Data subjects have the right to enforce their data protection claims through legal channels or to file a report or complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federalbodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

9. Use of the Website

9.1 Cookies

We may use cookies. Cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data need not be limited to traditional text-based cookies.

Cookies can be stored temporarily in the browser as “session cookies” or for a specific period as so-called permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Persistent cookies have a specific storage duration. Cookies enable, in particular, the recognition of a browser upon the next visit to our website and thereby, for example, the measurement of our website’s reach. Persistent cookies can also be used, for example, for online marketing.

Cookies can be fully or partially disabled, restricted, or deleted at any time in the browser settings. Browser settings often also allow for the automated deletion and other management of cookies. Without cookies, our website may no longer be fully available. We actively request—at least to the extent required by applicable law—your express consent to the use of cookies.

For cookies used for performance and reach measurement or for advertising, a general opt-out is available for numerous services via the AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

9.2 Logging

For every visit to our website and our other digital presence, we may log at least the following information, provided that this information is determined by default during such visits to our digital infrastructure or is transmitted via­: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual subpages of our website accessed including the amount of data transferred, last website accessed in the same browser window (referrer).

We log such information, which may also constitute personal data, in log files. This information is necessary to ensure that our digital presence can be made available permanently, in a user-friendly manner, and reliably. The information is also necessary to ensure data security—including through third parties or with the assistance of third parties.

9.3 Web Beacons

We may incorporate web beacons into our digital presence. Web beacons are also known as tracking pixels. Tracking pixels—including those from third parties whose services we use—are typically small, invisible images or JavaScript scripts that are automatically retrieved when you access our digital presence. Tracking pixels can capture at least the same information as logging in log files.

10. Notifications and Messages

10.1 Performance and Reach Measurement

Notifications and messages may contain web links or tracking pixels that record whether an individual message has been opened and which web links were clicked. Such web links and tracking pixels may also track the use of notifications and communications on a personal basis. We require this statistical tracking of usage for performance and reach measurement in order to send notifications and communications effectively and in a user-friendly manner, as well as permanently, securely, and reliably, based on the needs and reading habits of the recipients.

10.2 Consent and Withdrawal/h3>

You must in principle consent to the use of your email address and other contact information, unless such use is permitted for other legal reasons. We may use the “double opt-in” procedure to obtain double-confirmed consent. In this case, you will receive a message with instructions for double confirmation. We may store obtained consents, including IP address and timestamps for evidentiary and security reasons.

You may in principle object to receiving notifications and communications, such as newsletters, at any time. By objecting in this manner, you may simultaneously object to the statistical tracking of usage for the purpose of measuring success and reach. This does not apply to necessary notifications and communications related to our activities and operations.

10.3 Service Providers for Notifications and Communications

We send notifications and communications using specialized service providersproviders.

In particular, we use:

• Mailchimp: Communication platform; Provider: The Rocket Science Group LLC DBA Mailchimp (USA) as a subsidiary of Intuit Inc. (USA); Privacy policy: Privacy Policy (Intuit) including "Country and Region-Specific Terms," “Mailchimp Privacy FAQs”, «Mailchimp and European Data Transfers», «Security», Cookie Policy, "Inquiries Regarding Data Protection Rights", "Legal Provisions".
• SendGrid: Platform for transactional emails (“Email delivery made easy”); Providers: Twilio Inc. (USA) / Twilio Ireland Limited (Ireland); Privacy information: Privacy Policy.

11. Social Media

We are present on social media platforms and other online platforms to communicate with interested individuals and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland.

The General Terms and Conditions (GTC), Terms of Use, privacy policies, and other provisions of the individual operators of such platforms also apply. These provisions provide information in particular regarding the rights of data subjects directly vis-à-vis the respective platform, including, for example, the right of access.

12. Third-Party Services

We use services provided by specialized third parties to ensure that we can carry out our activities and operations in a sustainable, user-friendly, secure, and reliable manner.user-friendly, secure, and reliable manner. These services allow us, among other things, to embed functions and content into our website. When such embedding occurs, the services used collect, at least temporarily for technical reasons, the IP addresses of users.

For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized manner. This includes, for example, performance or usage data required to provide the respective service.

In particular, we use:

• Google services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland), in part for users in the Euro­Economic Area (EEA) and in Switzerland; All­General information on data protection: "Data Protection & Security Measures", Privacy Policy, "More information on how Google uses personal data", "Google is committed to complying with applicable data protection laws", "Guide to data protection in Google products», "How we use data from websites or apps where our services are used", Cookie Policy, "Advertising you can control" (Personalized advertising settings).
• Microsoft services: Providers: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), Switzerland, and the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; General information on data protection: "Data Protection at Microsoft", "Data Protection and Privacy", Privacy Statement, "Data and Privacy Settings".

12.1 Digital Infrastructure

We use services from specialized third parties to access the digital infrastructure required in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.

12.2 Scheduling

We use services from specialized third parties to schedule appointments online, such as for meetings. In addition to this Privacy Policy, any directly visible terms and conditions of the services used, such as Terms of Use or Privacy Policies, also apply.

12.3 Social Media Functions and Social Media Content

We use third-party services and plugins to embed functions and content from social media platforms and to enable the sharing of content on social media platforms and through other channels.

In particular, we use:

• Facebook (Social Plugins): Embedding Facebook features and Facebook content, such as “Like” or “Share” ("Share"); Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the U.S.); Privacy information: Privacy Policy.
• Instagram Platform: Embedding Instagram content; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the US); Privacy information: Privacy Policy (Instagram), Privacy Policy (Facebook).
• LinkedIn Consumer Solutions Platform: Embedding LinkedIn features and content, for example using plugins such as the "Share Plugin"; Provider: Microsoft; LinkedIn-specific information: "Privacy"), Privacy Statement, Cookie Policy, Cookie Management / Opt-out of Email and SMS Communications from LinkedIn, Objection to interest-based advertising.

12.4 Maps

We use third-party services to embed maps on our website.

In particular, we use:

• Google Maps including Google Maps Platform: Map service; Provider: Google; Google Maps-specific information: “How Google uses location information”.

12.5 Digital Content

We use services from specialized third parties to integrate digital content into our website. Digital content includes, in particular, image and video material, music, and podcasts.

In particular, we use:

• Vimeo: Video platform; Provider: Vimeo Inc. (USA); Privacy policy: Privacy Policy, "Private Video Hosting".
• YouTube: Video platform; Provider: Google; YouTube-specific information: "Privacy & Security Center", "My Data on YouTube".

12.6 Advertising

We use the option to display targeted advertisements with third parties such as social media platforms and search engines for our activities and operations.

With such advertising, we aim in particular to reach people who are already interested in our activities and operations or who might be interested in them (remarketing and targeting). To this end, we may transmit relevant information—including, where applicable, personal data—to third parties that enable such advertising. We can also determine whether our advertising is successful, specifically whether it leads to visits to our website (conversion tracking).

Third parties with whom we advertise and with whom you, as a user, are registered may, in some cases, associate your use of our website with your profile there.

In particular, we use:

• Google Ads: Search engine advertising; Provider: Google; Google Ads-specific details: Advertising based, among other things, on search queries, whereby various domain names—in particular doubleclick.net, google­adservices.com, and google­syndication.com – are used for Google Ads, Privacy Policy for Advertising, "Manage pop-up ads directly via Ads".
• Meta Ads: Social media advertising on Facebook and Instagram; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the U.S.); privacy information: Targeting, including retargeting, in particular using the Meta Pixel and Custom Audiences, including Lookalike Audiences, Privacy Policy, "Ad Preferences" (User registration required).
• TikTok Ads: Social media advertising; Providers: TikTok Information Technologies UK Limited (United Kingdom) and TikTok Technology Limited (Ireland) for users in the European Economic Area (EEA), Switzerland, and the United Kingdom / TikTok Inc. (USA) for users in the USA / TikTok Pte. Ltd. (Singapore) for most users in the rest of the world; Privacy information: Remarketing and targeting, in particular using the TikTok pixel, Privacy Policy, "Privacy Policy for Children" ("Children’s Privacy Policy"), "Privacy Policy for TikTok Partners", Cookie Policy.

13. Website Extensions

We use extensions for our website to enable additional features. We may use selected services from suitable providers or implement such extensions on our own digital infrastructure.

In particular, we use:

• Google reCAPTCHA: Bot protection (distinguishing between desired activitiesby humans and unwanted activities by bots); Provider: Google; Google reCAPTCHA-specific information: "What is reCAPTCHA?".
• hCaptcha: Bot protection (distinguishing betweendesired human activities and undesired bot activities); Provider: Intuition Machines Inc. (USA); Data protection information: Data, "Ethics Guidelines for Artificial Intelligence" ("AI Ethics Policy").

14. Success and Reach Measurement

We strive to measure the success and reach of our activities and operations. In this context, we may also measure the impact of third-party references or test how different parts or versions of our digital presence are used (the “A/B testing” method). Based on the results, we can, in particular, fix errors, enhance popular content, or make improvements.

For success and reach measurement, in most cases the IP addresses of individual users are collected. In this case, IP addresses are generally truncated (“IP masking”) to comply with the principle of data minimization through appropriate pseudonymization.

Cookies may be used to measure success and reach, and user profiles may be created. Any user profiles created may include, for example, the individual pages visited or content viewedon our digital presence, information about the size of the screen or browser window, and the—at least approximate—location. In principle, any userare created exclusively in pseudonymized form and are not used to identify individual users. Individual third-party services with which users are registered may, in some cases, associate the use of our online offering with the user’s account or user profile on the respective service.

We use in particular:

• Google Marketing Platform: Performance and reach measurement, in particular with Google Analytics; Provider: Google; Google Marketing Platform-specific information: Measurement also across different browsers and devices (cross-device tracking) using pseudonymized IP addresses, which are only in exceptional cases transmitted in full to Google in the U.S., Privacy Policy for Google Analytics, "Browser add-on to disable Google Analytics".
• Google Tag Manager: Integration and management of services from Google and third parties, in particular for measuring performance and reach; Provider: Google; Google Tag Manager-specific information: Privacy Policy for Google Tag Manager; further information on data protection can be found in the individual integrated and managed services.

15. Video Surveillance

We use video surveillance to prevent criminal offenses, to secure evidence in the event of criminal offenses, and to exercise our property rights.

We store recordings from our video surveillance for as long as they are necessary to secure evidence or for any other specified purpose.

We may secure recordings from our video surveillance and transmit them to competent authorities, such as courts or law enforcement agencies, provided that the transmission is necessary for a specified purpose, in our overriding interest, or due to legal obligations.

16. Final Notes on the Privacy Policy

We created this privacy policy using the Privacy Policy Generator from Privacy Policy Partner

We may update this privacy policy at any time. We will notify you of updates in an appropriate manner, in particular by publishing the current privacy policy on our website.