NATALIA DUDAREVA, MLaw

Data protection declaration

1. Privacy Policy

This data protection declaration informs you about the processing of your
personal data. We process your personal data when you visit our website,
enter into a customer or other contractual relationships with us and/or
purchase our services or products, work for us, apply for a job with us, or
otherwise engage with us.

We will inform you in advance of any processing activities not covered in
this declaration.

The processing of your personal data is carried out in accordance with the
Swiss Data Protection Act and, where applicable, the EU General Data
Protection Regulation (“GDPR”).

2. Our Company

Natalia Dudareva, MLaw, is a legal consulting company.

The company listed below is responsible for data processing:

Natalia Dudareva, MLaw
Büelstrasse 5
6340 Baar

If you have any concerns about data protection or to assert your rights,
please contact the office listed below:

Natalia Dudareva, MLaw

Büelstrasse 5

6340 Baar

natalia@dudareva.ch

3. Processing of personal data

Personal data 1 refers to all information that relates to a specific or
identifiable natural person. “Data processing” means any handling of
personal data, in particular the procurement, storage, use, modification,
disclosure, archiving, deletion or destruction of data.

We observe the principles of data protection law when processing personal
data. Where necessary, we only process personal data with your prior
consent.

We process personal data that we receive from you or from third parties. To
the extent permitted and appropriate, we then obtain personal data
ourselves, for example from publicly accessible sources such as the
Internet, newspapers and reports.

If you provide us with personal data about other people, you must be
authorized to do so, for example by having received the permission of the
person concerned. The data must then be correct. Please also ensure that
individuals have read and understood this Privacy Policy.

4. Data processing

Visitors to our website

We process personal data when you visit our website

www.dudareva.ch.

In particular, we process the following data:

• Technical data, such as the IP address, browser used, operating system,
  cookies, protocols, etc.
• Data related to sending mailings and newsletters

Further information about visiting our website and the associated data
processing is listed below under section 10.

Customers

We process personal data that we receive as part of (initiating) a customer
relationship. We receive the data directly from you as part of the provision
of our legal and business consulting services or partly from third parties
or obtain it ourselves.

In particular, we process the following data:

• Master data (e.g. name, address, email address, telephone number, date
  of birth, gender, nationality, social media profiles, copies of ID
  cards)
• Contract data, i.e. the data we need to process the contractual
  relationship with you (e.g. type of contract, services, financial data,
  etc.)
• Data that we need to fulfill our due diligence clarifications, e.g. data
  for identification or background investigations
• Data about your preferences, for example based on the products and
  services you request
• Financial information
• Communication data

In the application process

We generally process the data that we receive from you or third parties as
part of your application or which we obtain ourselves.

In particular, we process the following personal data:

• Master data (e.g. name, address, email address, telephone number, date
  of birth, gender, nationality, social media profiles, copies of ID
  cards)
• Communication data
• Data from your CV
• Data from your employment references
• Information from reference persons
• Criminal record extract, debt collection register extract or other
  government information, confirmations, etc.
• Data that we obtain as part of further investigations (e.g. credit
  reports, personal data in media reports, etc.)

It is possible that particularly sensitive personal data may be processed.
If your consent is necessary for this, we will inform you separately.

Employees

We process data that we receive or obtain ourselves in connection with the
employment relationship from you or from third parties, for example as part
of your employment, in connection with your work with us or in individual
cases from external third parties and authorities as part of the fulfillment
of the requirements arising from the Employer obligations arising from the
employment relationship.

In particular, we process the following data:

• Master data (e.g. name, address, email address, telephone number, date
  of birth, gender, nationality, social media profiles, copies of ID
  cards)
• Data related to social insurance
• Payroll data (e.g. salary, marital status, children, occupational
  pension plans)
• Data as part of the performance evaluation/project assessment and as
  part of fact clarifications/investigations into misconduct
• Data as part of employee qualifications (e.g. further training,
  assessment center)
• Criminal record extract, debt collection register extract and, if
  necessary, other data from authorities or public bodies
• Log data relating to telephone calls, email traffic and internet use
• “Movement data”, e.g. through the use of electronic door locks or when
  using company cars
• Health data, e.g. in the context of accident reports

It is possible that particularly sensitive personal data may be processed.
If consent is necessary for this, we will inform you separately.

Business partners & other third parties

We process personal data that we receive as part of (initiating) a business
relationship with you or with a business partner or in another context. We
receive the data directly from you, from third parties or obtain it
ourselves.

In particular, we process the following data:

• Master data (e.g. name, address, email address, telephone number, date
  of birth, gender, nationality, social media profiles, copies of ID
  cards)
• Contract data, i.e. the data we need to process the contractual
  relationship with you (e.g. type of contract, services, financial data,
  etc.)
• Communication data
• Data that we obtain as part of further investigations (e.g. credit
  reports, personal data in media reports, etc.)

5. Purpose of processing

The purpose of processing, i.e. the way in which we process your personal
data, depends on how you interact with us.

We process your data in particular for the following purposes:

We process data for the recording, administration and processing of
customer, contractual and employment relationships, for example

• Providing our services/offering our products to you
• Fulfillment of contractually agreed obligations
• As part of your employment relationship or when you apply to us
• Fulfillment of our due diligence obligations, e.g. in the context of
  “Know your Customer” clarifications or in supply chain management
• Further development of services and products
• Marketing including the implementation of events, market and opinion
  research, statistical surveys, testing and optimization of procedures
  for needs analysis for the purpose of direct customer contact as well as
  collection of personal data from publicly available sources for the
  purpose of customer acquisition
• Sending publications, information about events and sending newsletters
• Media monitoring
• Asserting legal and other claims and defense in connection with legal
  disputes and governmental proceedings
• Prevention and investigation of crimes and other misconduct including
  carrying out investigations

To communicate with you, e.g

• Contact
• Exchange information and respond to inquiries
• Relationship maintenance
• Asserting your rights

Communication can take place using all common means of communication, e.g.
by letter, via email, via an app, by telephone, via social media, via chat,
via forms on our website, etc.

In connection with ensuring “compliance”, i.e. if laws and regulations,
orders/recommendations, etc. from authorities, internal regulations, etc.
must be adhered to or as part of the due diligence clarifications we carry
out.

To operate the website www.dudareva.ch including authentication when
visiting the customer area. Further information on this can be found under
section 10.

For other purposes such as protecting our legitimate interests and our
rights, to ensure the functionality of our company (including accounting,
risk management, granting signing authorizations, creating employee
directories on the intranet, etc.), as part of M&A transactions, to
ensure operational safety and to clarify facts/misconduct, for training and
education purposes, etc.

6. Data transfer and data transfer abroad

We may share your data with third party recipients where necessary based on
your consent or if they need your data to fulfill our contractual and legal
obligations or to carry out their respective tasks. We can then pass on your
data to protect our legitimate interests.

In particular, the recipients listed below may receive your data:

• Third parties such as consultants, marketing companies, translation
  agencies, or providers of IT services who process your data as well as
  other external service providers and bodies such as banks, insurance
  companies, auditors, associations
• Our contractual partners including our customers, i.e. possibly your
  employer
• Public bodies and authorities if there is a legal or regulatory
  obligation or for quality controls
• Third parties who have access to the personal data processed when you
  visit our website
• Other third parties, such as different delivery addressees, payment and
  service recipients, third parties in the context of M&A
  transactions, lawyers, industry organizations, etc.

The recipients of your data may in turn involve third parties. We restrict
processing by some selected third parties, for example contractually. This
is not always possible for other third parties (e.g. public bodies and
authorities as well as financial intermediaries).

The recipients of your data can be located in Switzerland and Europe but, in
exceptional cases, also in any other country in the world.

If the data recipient is located in a country without adequate legal data
protection and is not already subject to a recognized set of rules to ensure
data protection, corresponding additional protective measures will be
necessary, for example through contractually agreed specific data protection
clauses. However, exceptions to this rule (e.g. in direct connection with
the conclusion or execution of a contract, legal proceedings abroad,
overriding public or private interest or your consent) may occur.

7. Information, Correction, Deletion and Restriction

You have the right to request information about which data we process about
you. You can also request that your personal data be corrected, blocked or
deleted.

In addition, you have the option of receiving certain personal data relating
to you in a structured, common and machine-readable format and transmitting
it to another person responsible yourself or through us.

If our data processing is based on your consent, you have the right to
revoke this consent.

Finally, you have the right to assert your claims through legal action
and/or to file a complaint with the responsible authority. Such an authority
can be based in Switzerland or abroad.

To assert your rights, please contact the specialist office listed under
point 2 in writing. Please note that your rights may not be enforceable or
limited under certain circumstances. If this is the case, we will inform you
accordingly.

8. Duration of Retention of Personal Data

In principle, personal data is only retained until the purpose of processing
has been achieved. Personal data will not be deleted if we are obliged to
retain it due to a legal or regulatory requirement, orders from authorities,
for example, or a contractual agreement.

Different storage obligations are also possible if claims can be asserted
against our company and if we are otherwise legally obliged to do so or if
there is an overriding interest on our part in storage (e.g. for evidentiary
and documentation purposes).

9. Data Security

In order to ensure the confidentiality, integrity, availability and
traceability of the data we store and its processing, we take extensive
technical and organizational security precautions in our area of
​​responsibility, which are regularly checked and adapted to technological
progress.

The following measures in particular were taken:

• Access Restrictions and Controls
• Data backups
• IT network and security solutions
• Encryption of data carriers and transmissions
• Instructions
• Training
• Controls

10. Use of our Website

If you visit our website or our app (hereinafter referred to as website,
website, etc.), this usually leads to data processing.

When you visit the website, log files containing in particular the following
information are stored:

• the name of the retrieved file
• the time (date and time) of your retrieval
• the amount of data transferred
• a message about successful retrieval
• your web browser, operating system and the requesting domain
• the IP address

This data is evaluated exclusively to improve our offering and generally
does not allow any conclusions to be drawn about you personally.

Optional: If you want to use the services we offer on our website, you will
need to provide further data. This is the data that is required for the
respective processing.

By using our website and any other services based on it, you expressly
consent to the associated processing of your personal data.

Use of Data

We use the information we collect about you to provide the products and
services we offer, to answer your questions, and to operate and improve our
websites and applications. We use your personal data to offer you a
comprehensive service via our website. For further purposes, please see
section 5.

We will not pass on your personal data submitted online to third parties
unless it serves one of the purposes listed in section 5 or, if necessary,
you have not expressly agreed to this beforehand. It can be passed on to the
recipients listed in section 6.

User Profiles

As a general rule, we do not create any personal user profiles. In
connection with the retrieval of the information you require, data is only
stored on our servers in anonymized form to provide our various services or
for evaluation purposes. General information is logged, for example when
which content from our offering is accessed or which pages are visited most
frequently.

Use of Cookies

We use so-called “cookies”. Cookies are small text files that are sent from
our web server to your browser when you visit our website and are stored on
your computer for later retrieval. By using our website you agree to the use
of cookies.

The cookies used are used in particular to determine the frequency of use
and the number of users of our websites and to continue to identify your
computer during a visit to our website when you switch from one of our
websites to another of our websites and to be able to determine the end of
your visit. This allows us to find out which area of ​​our websites and
which other websites our users have visited. However, this usage data does
not allow any conclusions to be drawn about the user. All of this
anonymously collected usage data will not be combined with your personal
data and will be deleted immediately after the end of the statistical
evaluation.

When you visit our website, cookies are permanently stored on your computer.
This serves to optimize user-friendliness and easy and quick access to the
websites. Most browsers are preset to automatically accept cookies. However,
you can deactivate the storage of cookies or set your browser to notify you
before cookies are stored.

You can also prevent cookies from being installed by setting the appropriate
settings in your browser software. However, we would like to point out that
in this case you may not be able to fully use all of the functions of our
website.

Hyperlinks to External Websites

Our website contains so-called hyperlinks to websites of other providers.
When these hyperlinks are activated, you will be redirected from our website
directly to the websites of the other providers. You can recognize this by
the change in the URL, among other things. We cannot assume any
responsibility for the confidential handling of your data on these
third-party websites, as we have no influence on whether these companies
comply with data protection regulations. Please visit these websites to find
out more about how these companies handle your personal data.

Social Media Buttons

Our websites also contain social media buttons. The buttons shown on our
website are not plug-ins. Behind the buttons there is an external link to
our site on the respective platforms. Neither cookies are stored on your
computer nor are your data transferred. Currently links to the following
social networks are included:

“LinkedIn” (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA
94043, USA),

These are operated exclusively by the respective provider. The links to our
company profiles on the corresponding platforms are identified as part of
our online presence by the respective button belonging to the service.

When you visit our websites that contain such a button, your browser will
not establish a connection with the servers of the respective service unless
you click on the corresponding button. This means that the information about
your visit to our website is not forwarded to the respective service.

If you are logged into the respective service via your personal user account
at the same time as you are visiting our website (e.g. via another browser
session) and you click on the buttons, your visit to our website can be
assigned to your account.

If you would like to prevent such data transfer, you must log out of your
user account for the respective service before visiting our websites or do
not use the links. You can find the scope and purpose of data collection by
the respective service, as well as the further processing and use of your
data, in the data protection information directly on the service’s website.
There you will also receive further information about your relevant data
protection rights and setting options to protect your privacy.

11. Changes

This data protection declaration can be changed at any time without prior
notice. The version published on our website or delivered to you in another
way applies, provided it is more recent. Unless otherwise agreed, the data
protection declaration is not part of a contract concluded with you.

Update date: March 1, 2024

[1] The terms personal data, personal data and data are used synonymously in
this data protection declaration.