Privacy policy

1. 2. Privacy Policy of Lang-Stereotest AG

Version as of December 1, 2024

This Privacy Policy explains how we, Lang-Stereotest AG (hereinafter referred to as Lang-Ste-

reotest, we, or us), collect and process personal data. This is not an exhaustive description;

other privacy policies, general terms and conditions, participation terms, or similar documents

may govern specific situations. Personal data refers to all information that relates to an identi-

fied or identifiable person.

If you provide us with personal data of other individuals, please ensure that these individuals

are aware of this Privacy Policy and only share their data with us if you are authorized to do so

and the data is accurate.

This Privacy Policy complies with the requirements of the EU General Data Protection Regula-

tion (“GDPR”), the Swiss Federal Act on Data Protection (“FADP”), and the revised Swiss Fed-

eral Act on Data Protection (“revFADP”). However, the applicability of these laws depends on

the specific circumstances.

Controller / Data Protection Officer / Representative

The controller responsible for the data processing described herein is Mr. Thomas Lang. If you

have concerns regarding data protection, you may contact us at the following address:

Mr Thomas Lang

Lang-Stereotest AG, Obere Heslibachstrasse 8, 8700 Kuesnacht, Switzerland

Phone +41 44 910 61 39

E-Mail: info@lang-stereotest.com

Our Data Protection Officer, as required under Art. 37 GDPR, can also be reached at info@lang-

stereotest.com. He is simultaneously our representative in the EEA under Art. 27 GDPR (if ap-

plicable).

Collection and Processing of Personal Data

We primarily process personal data that we receive in the course of our business relationship

with our customers and other business partners, or that we collect from users of our websites,

contact forms, apps, and other applications.

Other data may be collected automatically or with your consent when you visit our website.

These primarily include technical data (e.g., internet browser, operating system, or time of

page access). This data is collected automatically when you access our website.

Your browsing behavior may be statistically analyzed during your visit to this website. This is

primarily done using analysis programs.3. Privacy Policy Lang-Stereotest AG 2 | 11

Where permitted, we also obtain certain data from publicly accessible sources (e.g., debt reg-

isters, land registries, commercial registries, press, and the internet) or receive such infor-

mation from authorities and other third parties. In addition to the data you directly provide to

us, the categories of personal data we obtain from third parties about you include, in particular,

information from public registers, information we learn in connection with administrative and

judicial proceedings, information related to your professional roles and activities, information

about you contained in correspondence and discussions with third parties, credit information,

information about you that we receive from individuals in your environment (advisors, legal

representatives, etc.) in order to conclude or process contracts with you or involving you (e.g.,

references, your address for deliveries, powers of attorney, compliance-related information

such as anti-money laundering or export restrictions), and information from banks, insurers,

distributors, and other contractual partners of ours regarding the use of or provision of services

by you (e.g., completed payments, purchases made), information from media and the internet

about you (to the extent this is appropriate in a specific case, e.g., in the context of job appli-

cations, press reviews, marketing/sales, etc.), your addresses and, if applicable, interests and

other sociodemographic data (for marketing), data in connection with the use of the website

(e.g., IP address, MAC address of the smartphone or computer, details about your device and

settings, cookies, date and time of the visit, pages and content accessed, functionalities used,

referring website, location data).

Purposes of Data Processing and Legal Bases

We primarily use the personal data we collect to enter and execute contracts with our custom-

ers and business partners, particularly in relation to our products, such as glasses-free tests for

spatial vision, as well as for the procurement of products and services from our suppliers and

subcontractors, and to fulfill our legal obligations both domestically and abroad. If you act on

behalf of such a customer or business partner, your personal data may also be processed in

this context.

Some of the data is also collected to ensure error-free functionality of our website. Other data

may be used to analyze your user behavior.

If you contact us via a contact form, the information you provide in the form, including the

contact details you supply, will be stored by us for the purpose of processing your request and

for potential follow-up questions. We do not disclose this data without your consent.

If you contact us by email, telephone, or fax, your inquiry, including all resulting personal data

(e.g., name, request), will be stored and processed for the purpose of handling your concern.

We do not share this data without your consent.

The processing of this data is based on Article 6(1)(b) GDPR, provided your inquiry is related

to the performance of a contract or is necessary for pre-contractual measures. In all other cases,

the processing is based on our legitimate interest in effectively processing inquiries directed

to us (Article 6(1)(f) GDPR) or your consent (Article 6(1)(a) GDPR), where this has been re-

quested. Consent may be withdrawn at any time.

Data you provide via the contact form will remain with us until you request its deletion, with-

draw your consent to storage, or the purpose for the data storage ceases to apply (e.g. after

your inquiry has been processed). Mandatory legal provisions, particularly retention periods,

remain unaffected.Privacy Policy Lang-Stereotest AG 3 | 11

Furthermore, we process personal data from you and other individuals, insofar as permitted

and deemed appropriate, for the following purposes, which align with our legitimate interests

or those of third parties:

¾ The offering and further development of our offerings, services, websites, apps, and

other platforms where we are present;

¾ Communication with third parties and processing of their inquiries (e.g., applications,

media inquiries);

¾ Examination and optimization of procedures for needs analysis for direct customer en-

gagement, as well as the collection of personal data from publicly available sources for

customer acquisition purposes;

¾ Advertising and marketing (including organizing events), provided you have not ob-

jected to the use of your data (if you are an existing customer, you can object to receiving

promotional material from us at any time; we will then add you to a list to prevent further

promotional mailings);

¾ Market and opinion research, as well as media monitoring;

¾ Assertion of legal claims and defense in connection with legal disputes and official pro-

ceedings;

¾ Prevention and investigation of criminal acts and other misconduct (e.g., conducting in-

ternal investigations, data analyses for fraud prevention);

¾ Ensuring operational security, particularly IT security, our websites, apps, and other plat-

forms;

¾ Video surveillance to safeguard house rights and other measures for IT, building, and

facility security, as well as for the protection of our employees, other individuals, and

property entrusted to us (such as access controls, visitor lists, network- and mailscanner,

phone records);

¾ Purchase and sale of business units, companies, or parts of companies, and other cor-

porate transactions, as well as related transfers of personal data, and measures for busi-

ness management and as required to comply with legal and regulatory obligations and

internal policies of Lang-Stereotest.

If you have given us consent to process your personal data for specific purposes (e.g., sub-

scription to newsletters or conducting a background check), we process your personal data

within the framework of and based on this consent, provided no other legal basis exists, and

we require such a basis. Consent can be withdrawn at any time, but this does not affect the

legality of data processing that occurred prior to the withdrawal.

In cases of explicit consent to the transfer of personal data to third countries, the data pro-

cessing is also based on Article 49(1)(a) GDPR. If you have consented to the storage of cookies

or access to information on your device (e.g., via device fingerprinting), the data processing is

additionally based on Section 25(1) TDDDG. Consent can be withdrawn at any time. If your

data is necessary for fulfilling a contract or carrying out pre-contractual measures, we process

your data based on Article 6(1)(b) GDPR. Furthermore, we process your data if it is necessary

to comply with a legal obligation based on Article 6(1)(c) GDPR. Data processing may also be

based on our legitimate interest under Article 6(1)(f) GDPR. The applicable legal basis in each

specific case is outlined in the respective sections of this privacy policy.Privacy Policy Lang-Stereotest AG 4 | 11

4. Use of Our Website

4.1 Hosting

Our website is externally hosted. The personal data collected on this website is stored on the

servers of the hosting provider. This may include, in particular, IP addresses, contact inquiries,

metadata and communication data, contract data, contact details, names, website visits, and

other data generated via the website.

External hosting is carried out for the purpose of fulfilling contracts with our potential and ex-

isting customers (Article 6(1)(b) GDPR) and in the interest of secure, fast, and efficient provision

of our online offerings by a professional provider (Article 6(1)(f) GDPR). If consent has been

requested, the processing is exclusively based on Article 6(1)(a) GDPR and Section 25(1)

TDDDG, as far as the consent includes the storage of cookies or access to information in the

user's device (e.g., via device fingerprinting). Consent may be withdrawn at any time.

Our hosting provider processes your data only to the extent necessary to fulfill its performance

obligations and follows our instructions with respect to this data.

We use the following hosting provider:

Webland AG

Emil Frey-Strasse 85

CH-4142 Muenchenstein

Switzerland

E-Mail: support@webland.ch

Website: www.webland.ch

Phone 0840 20 20 20 Fax 0840 20 20 21

4.2 Cookies

We typically use "cookies" and similar technologies on our website, which enable us to identify

your browser or device. A cookie is a small file sent to your computer or automatically stored

by the browser on your computer or mobile device when you visit our website. When you re-

visit the website, we can recognize you even if we do not know who you are. Cookies that are

only used during a session and deleted after your visit are called "session cookies," while other

cookies store user preferences and other information for a certain period (e.g., two years) and

are referred to as "permanent cookies." You can set your browser to reject cookies, accept

them for only one session, or delete them early. Most browsers are preset to accept cookies.

Cookies required to perform the electronic communication process, provide specific functions

you request (e.g., shopping cart functionality), or optimize the website (e.g., audience meas-

urement cookies) are stored based on Article 6(1)(f) GDPR unless another legal basis is speci-

fied. The website operator has a legitimate interest in the storage of necessary cookies for the

technically error-free and optimized provision of its services. If consent has been requested for

the storage of cookies and similar recognition technologies, the processing is exclusively

based on that consent (Article 6(1)(a) GDPR and Section 25(1) TDDDG); the consent may be

withdrawn at any time.Privacy Policy Lang-Stereotest AG 5 | 11

We use permanent cookies to better understand how you use our offerings and content. Some

cookies are set by us, while others are set by our contractual partners. If you block cookies,

some functionalities (e.g., language selection, shopping cart, order processes) may no longer

work.

We also embed visible and invisible image elements in our newsletters and marketing emails,

which allow us to determine whether and when you opened the email. This helps us under-

stand how you use our offerings and allows us to tailor them to you. You can block this feature

in your email program, which is often the default setting.

By using our website and consenting to receive newsletters and other marketing emails, you

agree to the use of these techniques. If you do not wish this, you must adjust your browser or

email program accordingly.

4.3 Contact Form

If you submit inquiries via our contact form, the data provided in the form, including your con-

tact details, will be stored by us for the purpose of processing your request and for follow-up

questions. We do not share this data without your consent.

The processing of this data is based on Article 6(1)(b) GDPR if your request is related to fulfilling

a contract or necessary for pre-contractual measures. In all other cases, the processing is based

on our legitimate interest in effectively processing inquiries addressed to us (Article 6(1)(f)

GDPR) or your consent (Article 6(1)(a) GDPR) if requested. Consent may be withdrawn at any

time.

The data you provide in the contact form remains with us until you request deletion, withdraw

your consent to storage, or the purpose for storing the data no longer applies (e.g., after pro-

cessing your request). Mandatory statutory provisions, particularly retention periods, remain

unaffected.

4.4 Google Tag Manager

We use Google Tag Manager on our website. The provider is Google Ireland Limited

("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other

technologies on our website. Google Tag Manager itself does not create user profiles, store

cookies, or perform independent analyses. It merely manages and deploys the tools integrated

through it. Google Tag Manager, however, collects your IP address, which may also be trans-

mitted to Google's parent company in the United States.

The use of Google Tag Manager is based on Article 6(1)(f) GDPR. The website operator has a

legitimate interest in quickly and easily integrating and managing various tools on its website.

If consent has been requested, processing is exclusively based on Article 6(1)(a) GDPR and

Section 25(1) TDDDG, as far as the consent includes the storage of cookies or access to infor-

mation in the user's device (e.g., via device fingerprinting). Consent may be withdrawn at any

time.Privacy Policy Lang-Stereotest AG 6 | 11

4.5 Google Analytics

Our website uses features of the web analytics service Google Analytics. The provider is

Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows the website operator to analyze the behavior of website visitors. The

website operator receives various usage data, such as page views, time spent on the website,

operating systems used, and the user's origin. This data is summarized in a user ID and as-

signed to the respective device of the website visitor. Furthermore, Google Analytics uses

modeling approaches to enhance the collected data sets and employs machine learning tech-

nologies for data analysis. The technologies used by Google Analytics (e.g., cookies or device

fingerprinting) allow user recognition to analyze user behavior. The information collected by

Google about the use of this website is usually transferred to a Google server in the USA and

stored there.

The use of this service is based on your consent under Article 6(1)(a) GDPR and Section 25(1)

TDDDG. Consent may be withdrawn at any time.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. For

details, see: https://privacy.google.com/businesses/controllerterms/mccs/.

4.6 Browser Plugin

You can prevent Google from collecting and processing your data by downloading and in-

stalling the browser plugin available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=en.

More information on how Google Analytics handles user data can be found in Google's privacy

policy: https://support.google.com/analytics/answer/6004245?hl=en.

4.7 Data Processing Agreement

We have entered into a data processing agreement with Google and fully comply with the strict

requirements of the German data protection authorities in our use of Google Analytics.

4.8 Plugins und Tools

a) YouTube

Our website may use so-called plug-ins from social networks (e.g., YouTube). The operator of

the YouTube pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin

4, Ireland.

We use YouTube in extended data protection mode. According to YouTube, this mode en-

sures that YouTube does not store any information about visitors to this website before they

view a video. However, the transfer of data to YouTube partners is not necessarily excluded by

the extended data protection mode. For example, YouTube establishes a connection to the

Google DoubleClick network regardless of whether you watch a video.Privacy Policy Lang-Stereotest AG 7 | 11

Once you start a YouTube video on this website, a connection to YouTube's servers is estab-

lished. This informs the YouTube server which of our pages you visited. If you are logged into

your YouTube account, you enable YouTube to associate your browsing behavior directly with

your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube may store various cookies on your device after starting a video or use

comparable recognition technologies (e.g., device fingerprinting). In this way, YouTube can

receive information about visitors to this website. This information is used, among other things,

to compile video statistics, improve user experience, and prevent fraud attempts.

Additional data processing activities may be triggered after you start a YouTube video, over

which we have no control.

The use of YouTube is in the interest of a visually appealing presentation of our online offer-

ings. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If corre-

sponding consent has been requested, processing is carried out exclusively on the basis of

Art. 6(1)(a) GDPR and § 25(1) TDDDG, provided that consent includes the storage of cookies

or access to information in the user's device (e.g., device fingerprinting) under the TDDDG.

Consent can be revoked at any time.

Further information about data protection at YouTube can be found in their privacy policy at:

https://policies.google.com/privacy?hl=en.

b) Google Fonts (Local Hosting)

Our website uses Google Fonts for a consistent presentation of fonts, which are provided by

Google. The Google Fonts are locally installed on our servers. No connection to Google serv-

ers is established in this process.

Further information about Google Fonts can be found here https://develop-

ers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/pri-

vacy?hl=en.

c) Font Awesome (Local Hosting)

Our website uses Font Awesome for a consistent presentation of fonts. Font Awesome is locally

installed on our servers. No connection to servers of Fonticons, Inc. is established in this pro-

cess.

Further information about Font Awesome can be found in their privacy policy: https://fontawe-

some.com/privacy.

d) Google Maps

Our website uses the Google Maps map service. The provider is Google Ireland Limited

("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the features of Google Maps, your IP address must be stored. This information is typi-

cally transmitted to and stored on a Google server in the USA. The provider of this site has no

influence on this data transfer. When Google Maps is activated, Google may use Google FontsPrivacy Policy Lang-Stereotest AG 8 | 11

to ensure consistent font presentation. When you call up Google Maps, your browser loads the

necessary web fonts into your browser cache to display text and fonts correctly.

The use of Google Maps is in the interest of an attractive presentation of our online offerings

and easy location of the places indicated by us on the website. This constitutes a legitimate

interest within the meaning of Art. 6(1)(f) GDPR. If corresponding consent has been requested,

processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG,

provided that consent includes the storage of cookies or access to information in the user's

device (e.g., device fingerprinting) under the TDDDG. Consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commis-

sion. Details can be found here: https://privacy.google.com/businesses/gdprcontrol-

lerterms/ und https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

Further information about handling user data can be found in Google's privacy policy:

https://policies.google.com/privacy?hl=en.

5. Newsletter

If you would like to receive the newsletter offered on our website, we require an email address

from you, along with information that allows us to verify that you are the owner of the provided

email address and consent to receive the newsletter. No further data is collected, or it is only

collected on a voluntary basis. We use the services of newsletter providers, as described be-

low, to handle newsletter distribution.

Our website uses Sendinblue for sending newsletters. The provider is Sendinblue GmbH, Kö-

penicker Strasse 126, 10179 Berlin, Germany.

Sendinblue is a service that helps organize and analyze newsletter distribution. The data you

provide for the purpose of receiving the newsletter is stored on Sendinblue's servers in Ger-

many.

With the help of Sendinblue, we can analyze our newsletter campaigns. For example, we can

see whether a newsletter message was opened and which links, if any, were clicked. In this

way, we can determine which links were clicked most often. We can also recognize whether

specific predefined actions were taken after clicking (conversion tracking). For instance, this

allows us to determine if a purchase was made after clicking a newsletter link. Sendinblue also

enables us to group newsletter recipients into different categories ("clustering"). For instance,

newsletter recipients can be divided by age, gender, or place of residence. This allows us to

tailor newsletters more effectively to the target audience.

If you do not want your data to be analyzed by Sendinblue, you must unsubscribe from the

newsletter. For this purpose, we provide a corresponding link in every newsletter message.

Detailed information about Sendinblue's features can be found at the following

link: https://de.sendinblue.com/newsletter-software/.6. 7. Privacy Policy Lang-Stereotest AG 9 | 11

Inquiries via E-mail, Telephone, or Fax

If you contact us via e-mail, telephone, or fax, your inquiry, including all resulting personal data

(e.g., name, inquiry), will be stored and processed by us for the purpose of handling your re-

quest. We do not share these data without your consent.

The processing of these data is based on Art. 6(1)(b) GDPR, provided your inquiry is related to

the fulfillment of a contract or is necessary for the implementation of pre-contractual measures.

In all other cases, the processing is based on our legitimate interest in the effective handling

of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if this has

been requested; consent can be withdrawn at any time.

The data you send us via contact inquiries will remain with us until you request deletion, revoke

your consent to storage, or the purpose for data storage ceases to apply (e.g., after your re-

quest has been processed). Mandatory statutory provisions – in particular, statutory retention

periods – remain unaffected.

Data Disclosure and Transfer Abroad

In the context of our business activities and the purposes outlined in section 3, we may disclose

personal data to third parties where permitted and deemed appropriate. This may involve third

parties processing the data on our behalf or using the data for their own purposes. Such third

parties include, in particular:

¾ Service providers engaged by us (within Lang-Stereotest as well as external parties, such

as banks, insurers), including data processors (e.g., IT providers);

¾ Suppliers, subcontractors, and other business partners;

¾ Clients;

¾ Authorities, agencies, or courts in Switzerland and abroad;

¾ Media outlets;

¾ The general public, including visitors to websites and social media platforms;

¾ Competitors, industry organizations, associations, and other bodies;

¾ Buyers or interested parties of business segments, companies, or parts of the Lang-Ste-

reotest Group;

¾ Other parties in potential or actual legal proceedings;

¾ Other entities within the Lang-Stereotest Group;

all together «recipients».

These recipients may be located domestically or internationally. You should particularly expect

your data to be transferred to any country where Lang-Stereotest operates through group

companies, branches, or other offices, as well as to other countries in Europe and the USA,

where service providers such as Google and Microsoft are based.

If a recipient is located in a country without adequate legal data protection, we require the

recipient to comply with applicable data protection standards by contract (using the revisedPrivacy Policy Lang-Stereotest AG 10 | 11

EU Standard Contractual Clauses, which can be accessed here), unless the recipient is already

subject to a legally recognized framework ensuring data protection. Exceptions may apply in

cases of legal proceedings abroad, overriding public interests, contract execution requiring

such disclosure, your consent, or if the data were made publicly available by you and you did

not object to their processing.

8. Duration of Retention of Personal Data

We process and retain your personal data for as long as necessary to fulfill our contractual and

legal obligations or for the purposes for which they were collected. This typically means for the

duration of our entire business relationship (from initiation and processing to the termination

of a contract) and beyond, in accordance with legal retention and documentation obligations.

It is possible that personal data may be retained for a period during which claims could be

made against our company, and as far as we are otherwise legally obliged to retain them or

have a legitimate business interest in doing so (e.g., for evidence and documentation purpo-

ses). Once your personal data are no longer required for the above purposes, they will gene-

rally be deleted or anonymized. Operational data (e.g., system logs) are generally subject to

shorter retention periods, typically twelve months or less.

If you submit a legitimate request for deletion or withdraw your consent to data processing,

your data will be deleted unless we have other legally permissible reasons for retaining your

personal data (e.g., tax or commercial retention periods). In such cases, the data will be deleted

once these reasons no longer apply.

9. Data Security

We take appropriate technical and organizational security measures to protect your personal

data from unauthorized access and misuse. These measures include IT and network security

solutions, encryption of data carriers and transmissions, and pseudonymization.

Please note that data transmission over the Internet (e.g., when communicating via email) can

have security vulnerabilities. Complete protection of data from access by third parties is not

possible.

10. Obligation to Provide Personal Data

Within the scope of our business relationship, you are required to provide the personal data

that is necessary for initiating and conducting a business relationship and fulfilling the associ-

ated contractual obligations (you are typically not legally obligated to provide us with data).

Without this data, we are generally unable to enter or execute a contract with you (or the entity

or individual you represent). Furthermore, our website cannot be used if certain information

required to ensure data traffic (such as the IP address) is not disclosed.

11. Rights of the Data Subject

You have the right, within the framework of the applicable data protection laws and to the

extent provided therein (such as under the GDPR), to request information, correction, deletion,

or restriction of the processing of your personal data. You also have the right to object to our

processing of your data, especially for purposes of direct marketing, profiling related to directPrivacy Policy Lang-Stereotest AG 11 | 11

marketing, and other legitimate interests in data processing. Furthermore, you have the right

to request the transfer of certain personal data to another entity (so-called data portability).

Please note, however, that we reserve the right to apply legally permitted restrictions, such as

if we are obliged to retain or process certain data, have a predominant interest (where we are

allowed to invoke such), or need the data to assert claims. If any costs arise due to the exercise

of your rights, we will inform you in advance. We have already informed you about the possi-

bility of revoking your consent in Section 3. Please note that exercising these rights may conflict

with contractual agreements and may result in consequences such as premature termination

of the contract or additional costs. In such cases, we will inform you beforehand unless this has

already been contractually regulated.

To exercise these rights, you will generally need to clearly verify your identity (e.g., by provid-

ing a copy of your identification document if your identity cannot otherwise be clarified or ver-

ified). You can contact us at the address provided in Section 1 to exercise your rights.

In addition, every affected individual has the right to pursue claims in court or lodge a com-

plaint with the responsible data protection authority. In Switzerland, the responsible authority

is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

12. Amendments

We may amend this Privacy Policy at any time without prior notice. The version currently pub-

lished on our website applies. If the Privacy Policy is part of an agreement with you, we will

notify you of any updates to the Privacy Policy via email or other suitable means.

* * * * *