Privacy Policy

1. Controller

The controller responsible for the processing of personal data in connection with this website and the investor access made available through it is:

Speechless AG Bahnhofstrasse 7 6300 Zug Switzerland Email: info@speechlessag.com

2. Purpose of this Privacy Policy

This Privacy Policy explains which personal data we process in connection with speechlessag.com, for which purposes we process it, how access and use are managed, and which rights data subjects may have.

It applies to:

• public visits to the website,
• contact requests submitted through the website,
• the technical provision and protection of the platform,
• protected investor access and the data room,
• the use of embedded or connected services triggered through the website.

3. Which Personal Data We Process

Where necessary in the individual case, we process in particular the following categories of personal data:

• identity and contact data such as name, company, title and contact details,
• communication data such as the content of inquiries and correspondence,
• registration and access data for authorized investors,
• technical data such as IP address, date and time of access, browser information, operating system, referrer, device information and system logs,
• usage data relating to the use of the website and, within the protected data room, security-relevant access events and usage events,
• log and evidence data where required for system security, integrity, access control, traceability and prevention of misuse.

4. Sources of Personal Data

We generally receive personal data:

• directly from you,
• through your use of our website and systems,
• from investor profiles and access processes created by us,
• from technical systems and security logs,
• where applicable, from prior business or investor-related contacts.

5. Purposes of Processing

We process personal data in particular for the following purposes:

• to provide and operate the website,
• to handle contact requests,
• to provide the investor access model,
• to manage, activate and secure access for authorized investors,
• to display documents and structured content within the protected data room,
• to ensure confidentiality, traceability, IT security, misuse detection and system protection,
• to conduct statistical analysis and measure reach where consent has been given,
• to comply with legal obligations,
• to safeguard our legitimate interests in the secure and controlled operation of our platform.

6. Hosting and Technical Infrastructure

Our website is hosted on server infrastructure provided by IONOS. As part of hosting, technically necessary connection and log data may be processed, in particular:

• IP address,
• date and time of access,
• accessed content,
• browser and device information,
• system and error logs.

These data are processed to the extent necessary for technical delivery, stability, security, error analysis and the prevention of misuse.

7. Contact Form

If you use our contact form, we process the information you submit, in particular:

• name,
• email address,
• company or other voluntary details,
• the content of your message.

We use these data solely to process your request, communicate with you and, where relevant, initiate or maintain a business relationship.

8. Investor Access and Authentication

Access to the protected investor area or data room is not openly self-registrable. Accounts are created only by Speechless AG or by parties authorized by Speechless for specifically identified investors.

We use Supabase for the technical management of access credentials, authentication processes and platform data. In this context, the following data may in particular be processed:

• name,
• email address,
• internal access and user identifiers,
• role-based authorization information,
• login and security-related logs.

This processing is carried out for access control, permission management, platform security and the controlled provision of investor access.

9. Data Room and Mandatory Security Tracking

Within the protected data room, we use our own security-related tracking and logging system. This tracking is used independently of general analytics or marketing consent because it serves to protect confidential information, preserve the integrity of the data room, ensure traceability of access and prevent unauthorized use.

The following data may in particular be processed:

• login and access timestamps,
• IP addresses and technical identifiers,
• session and security events,
• accessed sections and document views,
• system-side indications of unusual or security-relevant usage patterns.

This security-related tracking forms part of the protected investor environment and is not used for marketing purposes. It is carried out to protect our legitimate interests in confidentiality, access protection, evidence preservation, misuse prevention and IT security and, where applicable, to satisfy corresponding security and compliance requirements.

10. SharePoint and Microsoft Services

For certain content, and in particular for the display of Excel-based content within the protected environment, we use SharePoint and Microsoft viewer functionality. In this context, technical connection and display data may be transmitted to Microsoft or SharePoint services to the extent required for embedding, display and protected provision of such content.

11. Google Analytics

We use Google Analytics only where you have given consent to the relevant analytics or statistics functionality.

Google Analytics helps us understand how our website is used, which areas are accessed and how we can improve structure, content and user guidance. In this context, cookie information, IP-related technical data, usage data and interaction data may in particular be processed.

Google Analytics is not activated on this website for analytics purposes before the relevant consent has been given.

12. Cookies and Similar Technologies

We use cookies and similar technologies in order to provide the website technically, maintain security and, following consent, collect usage statistics.

12.1 Technically Necessary Technologies

Technically necessary cookies or comparable technologies may be used in particular for:

• page display,
• session management,
• security functions,
• access control,
• language settings,
• technical stability.

These technologies are necessary for the operation of the website or the protected data room.

12.2 Security Logging in the Data Room

Within the protected data room, security-related tracking and logging mechanisms are always active. They serve confidentiality, integrity and traceability of investor access and are not operated as optional marketing or convenience features.

12.3 Analytics Cookies

Analytics or statistics technologies, including those related to Google Analytics, are activated only after your consent.

13. Recipients and Service Providers

Where required, we may disclose personal data in particular to the following categories of recipients:

• hosting and infrastructure providers,
• authentication and database service providers,
• Microsoft and SharePoint services,
• analytics providers,
• IT, security and support service providers,
• advisers where legally or operationally necessary,
• authorities or courts where a legal obligation exists or where required to enforce legal claims.

14. International Disclosure

In connection with hosting, authentication, integrated platform services, analytics and support services, personal data may also be processed or disclosed in countries outside Switzerland, in particular in countries within the European Economic Area or, depending on the relevant service, in other third countries.

Where legally required, we implement appropriate contractual, organizational or technical safeguards to ensure an adequate level of data protection.

15. Retention Period

We retain personal data for as long as necessary for the respective purposes or for as long as legal, regulatory, documentation-related or security-related reasons require.

Relevant criteria include in particular:

• the duration of the business or investor-related relationship,
• the duration of an active access authorization,
• legitimate interests in evidence, security and misuse prevention,
• statutory retention and documentation obligations,
• ongoing or potential legal disputes.

Security and log data from the data room may be retained for a longer period where this is necessary to protect confidential information, preserve traceability of access or enforce legal claims.

16. Obligation to Provide Data

The provision of certain personal data is necessary for us to:

• process contact requests,
• set up or manage access,
• provide the protected data room,
• meet security and control requirements.

Without the necessary information, we may be unable to process a request or grant access.

17. Rights of Data Subjects

Subject to applicable law, you may in particular have the right to:

• request information about the processing of your personal data,
• have inaccurate personal data corrected,
• object to certain processing activities,
• request deletion of personal data where no overriding obligations or interests apply,
• withdraw consent with effect for the future,
• request restriction of certain processing activities,
• lodge a complaint with a competent supervisory authority.

Please direct such requests to: info@speechlessag.com

18. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, manipulation and unauthorized disclosure. This applies in particular to the protected investor area and the data room.

19. Changes to this Privacy Policy

We may amend this Privacy Policy at any time with effect for the future, in particular if our website, our services, the technologies used or the legal requirements change.

The version published on speechlessag.com shall apply in each case.