Privacy policy FERUS Society GmbH

In this privacy policy we, the FERUS Society GmbH, Engimattstrasse 15, 8002 Zurich (hereinafter we or us), explain how we collect and further process personal data. We are a strategic branding and commercialization studio that specializes in luxury and lifestyle hospitality.

The aim of this information is

• comprehensive information about the processing of your personal data by us;
• the explanation of your rights in connection with the processing of your personal data; and
• providing the contact details of the entity responsible for processing your personal data of FERUS Society GmbH.

Your trust is important to us, which is why we take the issue of data protection seriously and ensure appropriate security. We are committed to handling your personal data responsibly. It goes without saying that we comply with the provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (OFADP), the Telecommunications Act (TCA) and, the European General Data Protection Regulation (GDPR) (EU) 2016/679, where applicable, other provisions of data protection law.

So that you know what personal data we collect from you and for what purposes we use it, please take note of the information below.

Depending on your activity, we process the following personal data:

2.1 Visit the website

When you visit our website, our servers temporarily save each access in a log file. The following data is collected without your intervention and stored by us until automatic deletion (at the latest after 12 months):

• the IP address of the requesting computer (shortened);
• the name of your internet access provider (usually your internet access provider);
• the date and time of access;
• the name and URL of the retrieved file;
• the page and address of the website from which you were redirected to our websites and, if applicable, the search term used;
• the country from which our website is accessed;
• the operating system of your computer and the browser you use (provider, version and language);
• the transmission protocol used (e.g., HTTP/1.1).

The collection and processing of this data is carried out for the purpose of enabling the use of our websites (connection establishment), to ensure system security and stability on a permanent basis, to enable the optimization of our internet offer as well as for internal statistical purposes.

Only in the event of an attack on the network infrastructure or suspicion of other unauthorized or abusive website use will the IP address be evaluated for the purpose of clarification and defense and, if necessary, used as part of criminal proceedings to identify and take civil or criminal action against the users concerned.

The legal basis is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in providing a stable and functional website.

Finally, we use cookies and other applications based on cookies when you visit our websites. You will find further information on this in the "Cookies" and “Plug-in” chapters.

2.2 Entering in a business relationship

When entering in a business relationship, we process the following personal data:

• Name
• Email
• Register date
• Telephone number
• Address
• Job titel
• Date of birth
• LinkedIn profile

This data processing is necessary in order to enter into a contractual relationship with us. Furthermore, this data is used to maintain the business relationship with you.

The legal basis is the necessity for the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b GDPR.

2.3 Client relationship management

When managing client relationships, we process the following personal data:

• Name
• Email
• Bank information
• Register date
• Telephone number
• Address
• Country
• IBAN
• Language
• Correspondence
• WhatsApp number
• Instagram Profile
• Facebook Profile
• Twitter Profile
• Threads Profile
• YouTube Profile
• TikTok Profile
• Google business
• Phone note
• Photos from events
• Donation receipts
• Tax receipts
• Event history
• Guest lists
• Marketing strategies
• Business assessments
• Internal business documents

The legal basis is the necessity for the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b GDPR as well as legitimate interest of building a client base in the meaning of Art. 6 para. 1 lit. f GDPR.

2.4 Contact Form

If you use the contact form on our website, we will process the following personal data:

• First
• Last name
• Phone number
• E-mail address

The legal basis is consent in the meaning of Art. 6 para. 1 lit. a GDPR.

2.5 Newsletters

The following data is used to send Newsletters:

• Title
• First name
• Last name
• E-mail address
• Language

Preferences & Modifications The legal basis is consent in the meaning of Art. 6 para. 1 lit. a GDPR.

2.6 List of interested people /Leads

The following data is used to have a list of interested people:

• Name
• E-Mail address
• Telephone number
• Job title
• Job function
• LinkedIn profile
• Address
• Language
• Messages
• Notes
• Communication

The legal basis is the legitimate interest of maintaining leads in the meaning of Art. 6 para. 1 lit. f GDPR.

2.7 Partner business

The following data is used to have a list of Partner Businesses:

• Name
• E-Mail address
• Address
• Contact person
• Phone number

The legal basis is the legitimate interest of maintaining a business relationship within the meaning of Art. 6 para. 1 lit. f GDPR.

In principle, we collect personal data directly from you (e.g., via forms, in the course of communication with us, in connection with contracts, when using the website, etc.).

Unless this is inadmissible, we also take data from publicly accessible sources (e.g., debt enforcement registers, land registers, commercial registers, the media or the internet incl. social media).

Your personal data is stored in Switzerland or in the EU/EEA.

We share your personal data with the following categories of recipients:

• Service providers: We work with service providers in Switzerland and abroad who process data about you on our behalf or in joint responsibility with us or who receive data about you from us in their own responsibility (e.g., IT providers, advertising service providers, login service providers, debt collection companies or address checkers).

We disclose to these service providers the data required for their services, which may also concern you. These service providers may also use such data for their own purposes, e.g., information about outstanding debts and your payment history in the case of credit agencies or anonymized data to improve services. We also enter into contracts with these service providers that include provisions to protect your personal data. Our service providers may also process data about how their services are used and other data arising from the use of their services as independent data controllers for their own legitimate interests (e.g., for statistical analysis or billing purposes). Service providers inform about their independent data processing in their own data protection statements.

• Authorities: We may pass on personal data to offices, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. The authorities then process this data on their own responsibility.

All these categories of recipients may in turn involve third parties, so that your data may also be made accessible to them. We can restrict processing by certain third parties (e.g., IT providers), but not by other third parties (e.g., authorities, banks, etc.).

We also allow certain third parties to collect personal data from you on our website and at events organized by us (e.g., media photographers, providers of tools that we have embedded on our website, etc.). Insofar as we are not decisively involved in these data collections, these third parties are solely responsible for them. If you have any concerns or wish to exercise your data protection rights, please contact these third parties directly.

Cookies help in many ways to make your visit to our website easier, more enjoyable and more meaningful.

Cookies are individual codes (e.g., a serial number) that our server or a server of our service providers or advertising contract partners transmits to your system when you connect to our website and that your system (browser, mobile) accepts and stores until the programmed expiry time. With each subsequent access, your system transmits these codes to our server or the server of the third party. In this way, you are recognized, even if your identity is not disclosed.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in providing a user-friendly and up-to-date website.

Our websites use cookies and similar technologies. If the settings of your device allow it, we use cookies and similar tools to provide you with an optimal browsing experience on our websites.

Cookies collect data such as:

• the IP address;
• the website from which you are visiting us;
• the type of device you are using;
• how you use our search function (so-called search log);
• what actions you take when you receive the newsletter.

It is also possible to visit our website without cookies. You can prevent the storage of cookies in the browser settings. However, this may affect your ability to use the website. Under no circumstances will cookies be used by us to install malware or spyware on your computer.

Most internet browsers automatically accept cookies. However, you can configure the Internet browser so that no cookies are stored or a notice always appears when you receive a new cookie. On the following pages you will find explanations on how you can configure the processing of cookies:

• Android
• iOS

On the following pages you will find explanations on how to configure the processing of cookies in the most common browsers.

• Microsoft Edge
• Mozilla Firefox
• Google Chrome for Desktop
• Google Chrome for Mobile
• Apple Safari for Desktop
• Apple Safari for Mobile

Please note that deactivating cookies may mean that you cannot use all the functions of our website.

A distinction is made between the following cookies:

• Necessary cookies: Some cookies are necessary for the website to function as such or for certain functions. For example, they ensure that you can switch between pages without losing information entered in a form. They also ensure that you remain logged in. These cookies are only temporary ("session cookies"). If you block them, the website may not work. Other cookies are necessary so that the server can save decisions or entries made by you beyond one session (i.e., one use of the website), if you request this function (e.g., language selected, consent given, the function for automatic login etc.). These cookies have an expiry date of up to [24] months.

• Performance cookies: In order to optimize our website and corresponding offers and to better adapt them to the needs of users, we use cookies to record and analyze the use of our website, possibly even beyond the session. We do this through the use of third-party analytics services. We have listed these below. Before we use such cookies, we ask you to accept them. You can deactivate them at any time via the cookie settings. Performance cookies also have an expiry date of up to [24] months. Details can be found on the websites of the third-party providers.

• Marketing cookies: We and our advertising partners have an interest in targeting advertising, i.e., displaying it only to those we want to target. We have listed our advertising partners below. For this purpose, we and our advertising partners - if you consent - also use cookies that can be used to record the content accessed or contracts concluded. This allows us and our advertising partners to display advertisements that we think you may be interested in on our website, but also on other websites that display advertisements from us or our advertising partners. These cookies have an expiry date of between a few days and [12] months depending on the situation. If you consent to the use of these cookies, you will be shown appropriate advertising. If you do not consent to these cookies, you will not see less advertising, but advertising that is not tailored to your user behavior.

We may also integrate further third-party offers on our website, in particular from social media providers. These offers are deactivated by default. As soon as you activate them (e.g., by clicking a button), the corresponding providers can determine that you are on our website. If you have an account with the social media provider, they can assign this information to you and thus track your use of online offers. These social media providers process this data on their own responsibility.

a. Google Analytics

In our website we use Google Analytics, an analysis tool of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google). Google Analytics uses methods that enable an analysis of the use of the website, such as cookies. The information generated by the cookie about your use of our website, such as:

• App updates
• Browser information
• Click path
• Date and time of the visit
• Device information
• Downloads
• Flash version
• Location information
• IP address
• JavaScript support
• pages visited
• Purchase activity
• Referrer URL
• Usage data
• Widget interactions
• Navigation path that a visitor follows on the websites
• Dwell time on the websites and subpages
• The sub-page on which the websites are left
• The country, region or city from where access is made
• End device (type, version, color depth, resolution, width and height of the browser window)
• Returning or new visitor
• Browser provider/version
• The operating system used
• The referrer URL (previously visited website)
• Host name of the accessing computer (IP address)
• Time of the server request

These are usually transferred to a Google server in the USA and stored there. In the process, the IP address is shortened by activating IP anonymization ("anonymize IP") before transmission within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area or Switzerland. According to Google, the masked IP address transmitted within the scope of Google Analytics will not be merged with other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In these cases, we ensure through contractual guarantees that Google complies with a sufficient level of data protection.

The information is used to evaluate the use of our website, to compile reports on the activities on our website and to provide other services associated with the use of our website for the purposes of market research and demand-oriented design of our website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.

Users can prevent the collection of the data generated by the cookie and related to the use of our website by the user concerned (incl. the IP address) to Google as well as the processing of this data by Google by preventing cookies or by making the appropriate settings on our website.

The legal basis for this data processing with the tools mentioned above is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent or refuse processing at any time with effect for the future by rejecting or switching off the relevant cookies in your web browser settings or by making use of the service-specific options described below.

Third-party content may be used within the FERUS Society GmbH website (so-called plugins). We use LinkedIn, WhatsApp, Facebook, Instagram, YouTube, Twint, Credit card, Post Finance, PayPal, Text messages, and Google Maps.

If you are on the FERUS Society GmbH website, a connection may be established with the respective website. This allows the content of the buttons to be transmitted to your browser, which then integrates it into the website. This means that the respective provider always receives the information that you have accessed the FERUS Society GmbH website. It is not relevant whether you are a member of a social network or not logged into one. Furthermore, regardless of whether you actually act with the embedded content, information is automatically collected by the website. The following data may be transmitted in this context: IP address, browser information and operating systems, screen resolution, installed browser plugins (e.g., Adobe Flash Player), origin of visitors (if you have followed a link) and the URL of the current page.

If you are logged into one of the social networks while using the FERUS Society GmbH website, the information about your visit to the website may be linked to your membership data and stored. If you are a member of a social network and do not wish this data transfer, you must log out of the social network before visiting the FERUS Society GmbH website.

We have no influence on the scope of the data collected by the social networks. Please refer to the data protection declarations of the respective social network for the type, scope and purpose of the data processing, information on the further processing of the data as well as your rights in this regard and setting options for protecting your privacy. You also have the option of blocking social media plugins by means of add-ons in your browser and thus preventing data transmission.

LinkedIn: Our website uses functions of the LinkedIn network. The provider is LinkedIn Inc (USA). Each time one of our pages containing LinkedIn functions is called up, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our web pages with your IP address. If you click the "Recommend Button" of LinkedIn and are logged into your account at LinkedIn, it is possible for LinkedIn to assign your visit to our website to you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.

You can find more information on this in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.

Facebook: Plugins of the social network Facebook, provider Meta Platforms Inc. (USA) are integrated on our pages. You can recognize the Facebook plugins by the Facebook logo on our page. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/

When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited our site with your IP address. This allows Facebook to assign the visit to our pages to your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its processing by Facebook. For more information, please refer to Facebook's privacy policy at http://de-de.facebook.com/policy.php

If you do not want Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.

Instagram: Plugins of the social network Instagram, provider Meta Platforms Inc. (USA) are integrated on our pages. You can recognize the Instagram plugins by the Instagram logo on our page.

When you visit our pages, a direct connection is established between your browser and the Instagram server via the plugin. Instagram thereby receives the information that you have visited our site with your IP address. This allows Instagram to assign the visit to our pages to your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its processing by Instagram.

You can find more information on this in Instagram’s privacy policy at: https://help.instagram.com/155833707900388

If you do not want Instagram to be able to associate your visit to our pages with your Instagram user account, please log out of your Instagram user account.

YouTube: Our website uses plugins from the YouTube site operated by Google. The operator of the pages is YouTube LLC (USA). When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

For more information on the handling of user data, please refer to YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.

Google Maps: In order to display interactive maps directly on the website and to enable the convenient use of the map function, we integrate Google Maps from the service provider Google LLC (USA) on our website. In order to use these services, the IP address of the user is transmitted to Google. The IP address is required for the display of this content, but is only used to deliver the content. Your location data will not be collected by Google without your consent (usually within the scope of your device settings).

You can access Google's privacy policy below: https://policies.google.com/privacy

Your data is transferred to our service providers in the EU/EEA and in the USA.

If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which are available here: [https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?]), insofar as they are not already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have consented or if it is a matter of data that you have made generally accessible and you have not objected to its processing.

Please also note that data exchanged via the internet is often routed via third countries. Your data can therefore end up abroad even if the sender and recipient are in the same country.

Some of the third-party service providers mentioned in this privacy policy are based in the USA. For the sake of completeness, we would like to point out for users resident or domiciled in Switzerland that there are surveillance measures in place in the USA by US authorities which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without any differentiation, restriction or exception based on the objective pursued and without any objective criterion that would make it possible to restrict the access of the US authorities to the data and their subsequent use to very specific, strictly limited purposes that are capable of justifying the intrusion associated with both access to and use of this data. Furthermore, we would like to point out that in the USA, data subjects from Switzerland do not have any legal remedies that allow them to obtain access to the data concerning them and to obtain their correction or deletion, or that there is no effective judicial legal protection against general access rights of US authorities. We explicitly draw the attention of data subjects to this legal and factual situation so that they can make an appropriately informed decision to consent to the use of their data.

We would like to point out to users who are resident in Switzerland that the USA does not have a sufficient level of data protection from the point of view of Switzerland - among other things due to the issues mentioned in this section. Insofar as we have explained in this data protection declaration that recipients of data (such as Google) are based in the USA, we will ensure that your data is protected at an appropriate level with our partners through contractual arrangements with these companies as well as any additional appropriate guarantees required, which protect the rights of persons whose personal data is transferred to a third country.

You can object to data processing at any time. You also have the following rights:

Right of access: You have the right to request access to your personal data stored by us at any time and free of charge if we are processing it. This gives you the opportunity to check what personal data we are processing about you and that we are using it in accordance with applicable data protection regulations.

Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort.

Right to erasure: You have the right to have your personal data erased under certain circumstances. In individual cases, the right to erasure may be excluded.

Right to restrict processing: Under certain circumstances, you have the right to have us restrict the processing of your personal data.

Right to object: You have the right to object to data processing, in particular to the processing of personal data, in particular to direct marketing

Right to data transfer: In certain circumstances, you have the right to receive, free of charge, the personal data you have provided to us in a machine-readable format.

Right of withdrawal: In principle, you have the right to withdraw your consent at any time with effect for the future. Processing activities based on your consent in the past do not become unlawful as a result of your revocation.

Right of complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g., against the way your personal data is processed.

We retain personal data for as long as it is needed for the purpose for which it was collected, or for a period of time that we are obliged to retain it under applicable laws, regulations or contractual agreements, as well as for as long as we have an overriding interest in retaining it. After that, the data will be deleted.

Retention obligations that oblige us to retain data result from accounting regulations and tax regulations. According to these regulations, business communication, concluded contracts and accounting vouchers must be kept for up to 10 years.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the efficient management of user data.

We take appropriate technical and organizational security measures to protect personal data from unauthorized access and misuse. These include IT and network security solutions, access restrictions, encryption of data carriers and transmissions, instructions, training and controls.

If third parties have access to our data, special measures are taken which are regulated in the order processing contract.

If you have any questions about data protection, would like information, would like to object to data processing or would like to have your data deleted, please contact us by sending an e-mail to privacy@fer.us.

Please send your request by letter to the following address:

FERUS Society GmbHEngimattstrasse

158002

Zurich

The representative of the responsible person in the EU is:

VGS Datenschutzpartner UG_Am Kaiserkai 69_20457 Hamburg_Deutschland_info@datenschutzpartner.eu (mailto:info@datenschutzpartner.eu)

This Privacy Policy does not form part of any contract with you. We may amend this privacy policy at any time. The version published on [date] is the current version.

Last updated: 8. October 2025