Privacy Policy of Ringele AG
Version of February 2026

In this privacy policy, we, Ringele AG (hereinafter «Ringele», «we» or «us»), explain how we collect and process personal data. Personal data means all information relating to an identified or identifiable natural person.

This privacy policy is designed to meet the requirements of the Swiss Federal Act on Data Protection («FADP», «nFADP») as well as – where applicable – the EU General Data Protection Regulation («GDPR»). Whether and to what extent the GDPR applies in individual cases depends, among other things, on where the data subject is located.

If you provide us with personal data of other persons (e.g. employees, family members or colleagues), please ensure that these persons are aware of this privacy policy and that you only share their personal data if you are authorised to do so and the data is accurate.

Unless otherwise specified in individual cases, the controller responsible for the data processing described in this privacy policy is:

Ringele AG
Wasenstrasse 49
4133 Pratteln
Switzerland

Phone: +41 (0)61 827 32 11
E-mail: info@ringele.ch

For enquiries and concerns regarding data protection, you can contact us using the contact details above.

Notes, reports and concerns about compliance or integrity issues (e.g. reporting misconduct) can be submitted via our reporting solution «Integrity Line» at https://www.ringele.ch/de/integrity-line/

2.1 Data of Visitors to Our Website

When you visit our website, we process in particular the following categories of personal data:

• Log data (e.g. IP address, date and time of access, pages visited, volume of data transferred, name and version of browser, referrer URL).
• Device and settings data (e.g. information about your device, operating system, language settings).
• Cookie and tracking data in connection with the use of our website (see section 5).
• Content of requests that you send to us via contact forms, e-mail, telephone or other communication channels.

2.2 Data of Customers, Suppliers and Other Business Partners

In the context of contractual relationships with customers, suppliers and other business partners, we process in particular:

• Master data (e.g. name, contact details, position, employer).
• Contract data (e.g. contract contents, ordered services, deliveries, billing and payment data).
• Communication data (e.g. correspondence, meeting notes).
• Data for compliance with legal requirements (e.g. for combating money laundering or export restrictions).

Where we use service providers in connection with these processing activities, they are located – with the exception of certain IT services from Microsoft – in Switzerland or the EEA.

2.3 Data in the Application and Employment Process (HR)

In the context of applications and employment relationships, we process in particular:

• Master data (e.g. name, contact details, date of birth, nationality).
• Application documents (e.g. CV, cover letter, certificates, references).
• Data relating to the application process and employment (e.g. interview notes, test results, contract data, salary data, social security data).

Where we use service providers in connection with these processing activities, they are located – with the exception of certain IT services from Microsoft – in Switzerland or the EEA.

We receive personal data:

• directly from you (e.g. when using the website, in connection with an enquiry, order, application or contract processing)
• from third parties (e.g. from your employer, authorities, credit agencies, references, publicly accessible sources such as the commercial register, debt enforcement register or media).

We process personal data in particular for the following purposes:

• Provision and further development of our website, offerings and services.
• Processing and management of contractual relationships with customers, suppliers and other business partners.
• Handling enquiries and communicating with you.
• Conducting the application and employment process as well as HR administration.
• Ensuring IT and operational security (e.g. monitoring, troubleshooting, access controls).
• Marketing and customer relations (e.g. sending information about our services, invitations to events), provided you have not objected to this.
• Fulfilment of legal obligations and exercise of rights (e.g. asserting or defending legal claims, cooperation with authorities and courts).

Where the GDPR is applicable, we base the data processing in particular on the following legal bases:

• Performance of a contract or pre-contractual measures.
• Compliance with legal obligations.
• Protection of legitimate interests (e.g. efficient and secure provision of our offerings, marketing to existing customers, IT security).
• Consent, where we ask you separately for this (e.g. for receiving newsletters); consent can be withdrawn at any time with effect for the future.

5.1 Cookies

We use cookies and similar technologies on our website to provide basic functions and to analyse the use of our website.

Cookies are small text files that are stored on your device when you visit our website. A distinction is made in particular between:

• Technically necessary cookies: These are required for the website to function correctly (e.g. language settings, session cookies). These cookies cannot be disabled without impairing the website.
• Analytics cookies: These help us understand how our website is used in order to improve it (see Google Analytics below).

You can configure your browser to block or delete cookies. However, disabling cookies may result in certain functions of the website no longer being fully available.

5.2 Google Analytics (Statistics)

We use Google Analytics on our website, a web analytics service provided by Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). Google partly relies on Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for this.

Google Analytics uses cookies that enable analysis of your use of the website. The information generated by the cookie about your use of our website (including truncated IP address) is generally transmitted to a Google server and stored there.

We use Google Analytics in such a way that your IP address is truncated (IP anonymisation) before being transmitted to Google. This means that a direct personal reference is generally no longer possible. Google uses this information on our behalf to evaluate the use of the website and to compile reports on website activities.

The cookies set by Google Analytics generally store data for a period of up to 14 months; they are then automatically deleted or anonymised.

You can prevent the storage of cookies by adjusting your browser software settings, or you can install a browser add-on offered by Google to deactivate Google Analytics. For more information on data protection at Google, please refer to their privacy policy at https://policies.google.com/privacy

Where personal data is transferred to countries without an adequate level of data protection (in particular the USA), we rely – where required – on appropriate safeguards (e.g. standard contractual clauses) or on your express consent.

Our website may contain links or buttons to Ringele's presence on social networks (e.g. LinkedIn, YouTube). When you click on such a button, you will be redirected to the website of the respective provider.

In doing so, the respective providers may register that you are coming from our website and collect personal data (e.g. IP address, further usage data). The data protection provisions of the respective providers are solely applicable to the processing of this data.

We share personal data with third parties in the course of our business activities and for the purposes stated in this privacy policy, to the extent that this is permissible and necessary. This may include in particular:

• Service providers (e.g. IT providers, hosting providers, consultants).
• Customers, suppliers, subcontractors and other business partners.
• Companies within the Obermark Group.
• Authorities, courts and other public bodies, where a legal obligation or legitimate interest exists.
• Purchasers or interested parties in business divisions, companies or other parts of Ringele AG.

These recipients are generally located in Switzerland or the European Economic Area (EEA). Disclosure to countries outside Switzerland or the EEA («third countries») only takes place in exceptional cases, in particular:

• when using certain IT services from Microsoft (e.g. cloud or collaboration solutions)
• when using Google Analytics (see section 5.2)

In these cases, data may be processed in countries without an adequate level of data protection (in particular the USA). We then ensure an adequate level of protection for your personal data through appropriate safeguards (e.g. EU Commission standard contractual clauses or other legally provided instruments), provided that no statutory exception applies (e.g. consent, performance of a contract, assertion of legal claims, overriding public interests, publicly disclosed data).

We process and store personal data for as long as this is necessary to fulfil our contractual and legal obligations or to achieve the purposes pursued by the processing.

In doing so, we take into account in particular:

• Duration of the entire business relationship (initiation, execution and termination of a contract).
• Statutory retention obligations (e.g. commercial and tax law obligations).
• Limitation periods and legitimate interests (e.g. for the preservation of evidence).

Once personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymised, provided that no statutory retention obligations or overriding interests prevent this.

We take appropriate technical and organisational measures to protect your personal data from unauthorised access, misuse, loss or destruction. These include in particular:

• Access and entry controls.
• IT and network security solutions.
• Data encryption and pseudonymisation where appropriate.
• Instructions and training for employees.

In the context of our business relationship, you must provide the personal data that is required to enter into and carry out the business relationship and to fulfil the associated contractual obligations. Without this data, we will generally be unable to conclude or perform a contract.

For the use of our website, the provision of certain data (e.g. IP address) is technically required; without this data, the website cannot be provided.

Within the scope of the applicable data protection law and to the extent provided therein, you have the following rights:

• Right of access to the personal data we process about you.
• Right to rectification of inaccurate or incomplete personal data.
• Right to erasure of your personal data, provided no legal or contractual obligations prevent this.
• Right to restriction of processing.
• Right to object to certain processing activities (in particular against direct marketing).
• Right to data portability, where applicable.

If you have given us consent to process personal data, you can withdraw it at any time with effect for the future.

To exercise your rights, you can contact us using the contact details provided in section 1. To process your request, we may require proof of identity to prevent misuse.

You also have the right to enforce your claims through the courts or to lodge a complaint with the competent data protection authority. The competent authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC, www.edoeb.admin.ch).