Imprint and Data Privacy

1. What is the purpose of this privacy policy?

Protecting and guaranteeing the security and confidentiality of the data that Leu Numismatik AG receives in the course of its business activities is extremely important to Leu Numismatik AG (hereinafter also "we", "us"). In the course of our business activities, we obtain and process data relating to you or also other persons (so-called "third parties"). The data we process relates to information about yourself and/or facts and things relating to you ("Data").

The following privacy policy applies to all services, products, websites operated directly and/or indirectly by us ("our website"), apps and other services provided by us, our affiliates and our brands. For our services and our business activities, it is necessary to collect, record, organise, arrange, store, adapt, modify, read out, query, use, transmit, analyse, disseminate, delete and/or destroy data, in each case with or without the aid of automated processes ("processing" or "processing").

We strive to protect the security and confidentiality of data that we receive, obtain from publicly available sources and/or otherwise process in the course of our business.

The processing of data is subject to Swiss law. Foreign law may apply under certain circumstances, in particular the General Data Protection Regulation of the European Union (hereinafter "GDPR").

We undertake, as far as legally possible, to comply with all relevant legal requirements and also oblige our employees and third parties who process data on our behalf (hereinafter "order processors")to do so, without, however, assuming any liability for this.

2. Who is responsible for processing your data?

Leu Numismatik AG, Stadthausstrasse 143, 8400 Winterthur, is responsible for the processing of data, unless otherwise communicated in individual cases. Questions and requests regarding the processing of data should be sent in writing to the following address:

Leu Numismatics AG

Stadthausstrasse 143

CH-8400 Winterthur

info@leunumismatik.com

3. What data do we process?

We process different categories of data about you. The main categories are as follows:

• Contract data: This is data that accrues in connection with the conclusion or processing of a contract, e.g. information about contracts and the services to be provided or provided, data from the run-up to the conclusion of a contract, the information required or used for processing and information about reactions. We generally keep this data for 10 years from the last contract activity, but at least from the end of the contract.
• Technical data: When you use our website or other electronic offers, we automatically collect the IP address of your terminal device and other technical data to ensure the functionality (guaranteeing a smooth connection and the best possible use of the website, continuous improvement and security (evaluation of system security and stability)) of these offers. In this the following data is temporarily stored in log files: IP address of the requesting end device, date and time of access, name and URL of the accessed file, website from which the access is made (so-called referrer URL), name of the access provider and general transmitted information on the device type and operating system of your end device and on the browser type and browser version used (such as the geographical origin, language setting, add-ons used, screen resolution, etc.). We usually keep technical data for 26 months. In order to ensure the functionality of these offers, we can also assign an individual code to you or your end device (e.g. in the form of a cookie, see section ‎12). The technical data in itself does not allow any conclusions to be drawn about your identity. However, in the context of user accounts, registrations, access controls or the processing of contracts, they may be linked to other categories of data (and thus possibly to your person).
• Registration data: Certain offers and services (e.g. login areas of our website, newsletter dispatch, etc.) can only be used with a user account or registration, which can take place directly with us or via our external login service providers. In doing so, you must provide us with certain data (double opt-in procedure) and we collect data on the use of the offer or service. Access controls to certain facilities may generate registration data. We generally retain registration data for 3 months after the end of the use of the service or the termination of the user account.
• Communication data: If you are in contact with us via the contact form, by email, telephone or chat, by letter or by any other means of communication, we collect the data exchanged between you and us, including your contact details and the boundary data of the communication. If we want or need to establish your identity, then we collect further data to identify you (e.g. by electronically recording your passport or a copy of an ID card). We usually keep this data for 3 months from the last exchange with you. This period may be longer insofar as this is necessary for reasons of proof or to comply with legal or contractual requirements or is technically required.
  E-mails in personal mailboxes and written correspondence are generally kept for at least 10 years.
• Master data: Master Data for our purposes consist of the basic data that we require in addition to the contractual data (see above) for the processing of our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details and information e.g. about your role and function, your bank account(s) (particularly relevant for customers who are consignors), your date of birth, customer history, powers of attorney, signature authorisations and declarations of consent. We generally keep this data for 10 years from the last exchange with you, but at least from the end of the contract.
• Other data: We also collect data from you in other situations. In connection with official or judicial proceedings, for example, data is generated (such as files, evidence, etc.) that may also relate to you. The retention period of this data depends on the purpose and is limited to what is necessary.

You provide us with much of the data mentioned in this section ‎3 yourself. You are not obliged to do so, subject to individual cases. If you wish to enter into contracts with us or claim services, you must also provide us with data, in particular master data, contract data and registration data, as part of your contractual obligation under the relevant contract. The processing of technical data is unavoidable when using our web site. If you wish to gain access to certain systems, you will need to provide us with registration details.

To the extent permitted by law, we also take data from publicly accessible sources (e.g. debt collection registers, land registers, trade registers, the media or the internet incl. social media) or receive data from authorities and other third parties (such as credit agencies, address traders, associations, contractual partners, internet analysis services etc.).

4. For what purposes do we process your data?

The processing of data by us is carried out for the establishment, administration and processing of contractual relationships and in order to be able to offer and carry out our services for you in a high quality. Furthermore, data is processed for the development, offering, further development and design of our services and products, for internal training purposes and quality control, for the maintenance and development of customer relationships, for expansion into other business areas, for obtaining quotes from insurance companies and other service providers, for advertising and marketing purposes, for the prevention, detection and combating of abuse, for responding to justified official enquiries, for contract processing in general for the purpose of other commercial interests of us and/or in connection with credit checks and collection activities, as well as in connection with the processing of data, and in connection with the enforcement of claims or other legal proceedings relating to us or in which we have a legitimate interest or in which we are involved.

We may also process your data for security and access control purposes. In addition, we process your data to comply with laws, directives and recommendations from authorities and internal regulations ("Compliance").

We also process data for the purposes of our risk management and as part of prudent corporate governance, including business organisation and development.

Furthermore, we process your data for purposes related to communication with you, in particular to respond to enquiries and assert your rights (section ‎11) and to contact you in the event of queries.

Further purposes of use of the data may arise from the circumstances or from legal obligations or may be indicated at the time of collection of the data concerned.

5. On what basis do we process your data?

Insofar as we ask you for your consent for certain processing, we will inform you separately about the corresponding purposes of the processing. You can revoke your consent at any time by written notification with effect for the future; our contact details can be found in section ‎2. If you have a user account, a revocation or contact with us can also be carried out via the relevant website or other service, if applicable. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Where we do not ask for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation or performance of a contract with you (or the entity you represent) or that we or third parties have a legitimate interest in doing so, so in particular in order to pursue the purposes and related objectives described above under point ‎4 and to be able to implement appropriate measures. Our legitimate interests also include compliance with statutory regulations, insofar as this is not already recognised as a legal basis by the respective applicable data protection law. This also includes the marketing of our products and services, the interest in better understanding our markets and in managing and developing our business, including operations, safely and efficiently.

6. What applies to profiling?

We may automatically evaluate certain of your personal characteristics for the purposes specified in Section 4 using your data (Section 3) ("profiling") if we want to determine preference data, but also to determine risks of misuse and security risks, to carry out statistical evaluations or for operational planning purposes. For the same purposes, we can also create so-called "profiles", i.e. we can combine behavioral and preference data, but also master and contract data and technical data assigned to you in order to better understand you as a person with your different interests and other characteristics. You hereby expressly authorize us to operate profiling accordingly.

7. Who do we disclose your data to?

We may transfer the processing of data to a contract processor, including abroad. We take reasonable steps to ensure that these data processors only process the data in the same way as we are permitted to do. You hereby expressly authorise us to pass on the data to order processors and third parties, including abroad.

In exceptional individual cases (e.g. misuse), data may also be disclosed to third parties for purposes other than those listed in this data protection declaration or those provided for by law, provided that applicable law is not violated. We cannot control, guarantee or vouch that these third parties comply with the data protection provisions applicable to us; they process the data for their own purposes and may also process the data abroad, where there may be no legal data protection as in Switzerland.

The transfer of data abroad may also occur when data is passed on to third parties, in particular when our services and products are used via and/or linked to social networks or other third-party offers.

In connection with our contracts, the website, our services and products, our legal obligations or otherwise to protect our legitimate interests and the other purposes listed in section ‎4, we also transfer your data to third parties, in particular to the following categories of recipients:

• Group companies: Our group companies may use the data according to this data protection declaration for the same purposes as we do (see section ‎4).
• Service providers: We work with service providers locally and abroad who process data about you on our behalf or in joint responsibility with us or who receive data about you from us in their own responsibility.
• Contractual partners including customers: Primarily, this refers to our customers and other contractual partners, because this data transfer results from these contracts. If you work for such a contractual partner yourself, we may also transmit data about you to them in this context. The recipients also include contractual partners with whom we cooperate.
• Authorities: We may pass on data to offices, courts and other authorities at home and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. The authorities process data about you that they receive from us on their own responsibility.
• Other persons: This refers to other cases where the inclusion of third parties results from the purposes according to item ‎4.

All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).

8. Does your personal data also end up abroad?

As explained in section ‎6, we also disclose data to other bodies. These are not only located in Switzerland. Your data can therefore be processed in Europe as well as in the USA; in exceptional cases, however, in any country in the world.

If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection law, unless it is already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have consented or if it concerns data that you have made generally accessible and you have not objected to its processing.

You hereby expressly authorize us to disclose your data abroad, namely to Europe and the USA, but in exceptional cases to any country in the world.

9. How long do we process your data?

We process your data for as long as our processing purposes, the statutory retention periods and our legitimate interests in processing for documentation and evidence purposes require or storage is technically necessary. Further information on the respective storage and processing periods can be found in section ‎3 for the individual data categories. If there are no legal or contractual obligations to the contrary, then we delete or anonymise your data after the storage or processing period has expired as part of our normal processes.

10. How do we protect your data?

We take reasonable security measures to maintain the confidentiality, integrity and availability of your personal data, to protect it against unauthorised or unlawful processing and to protect against the risks of loss, accidental alteration, unauthorised disclosure or access. We also oblige our order processors to take appropriate security measures.

11. What rights do you have?

Applicable data protection law grants you the right to object to the processing of your data in certain circumstances, in particular for direct marketing, direct marketing profiling and other legitimate processing interests.

To help you control the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection law:

• The right to request information from us as to whether and which of your data we are processing;
• the right to have us correct data if it is inaccurate;
• the right to request the deletion of data;
• the right to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller;
• the right to withdraw consent insofar as our processing is based on your consent;
• the right to obtain, on request, further information necessary for the exercise of these rights.

If you wish to exercise any of the above rights against us, please contact us in writing; our contact details can be found in section ‎2. In order for us to be able to rule out misuse, we must identify you (e.g. with a copy of your identity card, if this is not possible in any other way).

Please note that these rights are subject to conditions, exceptions or limitations under applicable data protection law (e.g. to protect third parties or trade secrets). We will inform you accordingly if necessary.

Please let us know if you do not agree with our handling of your rights or data protection. In particular, if you are in the EEA, the UK or Switzerland, you also have the right to complain to the data protection supervisory authority in your country.

12. Do we use online tracking?

We use various technologies on our website that allow us and third parties we engage to recognise you when you use our website and, in some circumstances, to track you across multiple visits. This section provides information on this.

Cookies", Facebook plugins (Like button), Twitter, Google Adsense, Google Analytics and Google +1 are applied on our website.

Cookies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone or similar) when you visit our site.

Information is stored in the cookie that is related to the specific end device used. However, this does not mean that we gain direct knowledge of your identity.

The use of cookies serves, on the one hand, to make the use of our offer more pleasant for you. We use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognised that you have already been with us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you.

Facebook plugins (Like button)

Plugins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated on our pages. You can recognise the Facebook plugins by the Facebook logo or the "Like" button on our site. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/.

When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited our site with your IP address. If you click on the Facebook "Like" button while you are logged into your Facebook account, you can link the content of our pages on your Facebook profile. This enables Facebook to assign the visit to our pages to your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please see Facebook's privacy policy at https://www.facebook.com/about/privacy/.

If you do not want Facebook to be able to assign your visit to our pages to your Facebook user account, please log out of your Facebook user account.

Twitter

Functions of the Twitter service are integrated on our pages. These functions are offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. In the process, data such as IP address, browser type, domains called up, pages visited, mobile phone provider, device and app IDs and search terms, among other things, are transmitted to Twitter. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter. Due to ongoing updates of Twitter's privacy policy, we refer to the latest version at (http://twitter.com/privacy). You can change your Twitter privacy settings in your account settings at http://twitter.com/account/settings. If you have any questions, please contact privacy@twitter.com.

Google Adsense

This website uses Google AdSense, an advertising integration service provided by Google Inc ("Google"). Google AdSense uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. Google AdSense also uses so-called web beacons (invisible graphics). These web beacons can be used to analyse information such as visitor traffic on these pages.

The information generated by cookies and web beacons about the use of this website (including your IP address) and the delivery of advertising formats is transmitted to a Google server in the USA and stored there. This information may be shared by Google with Google's contractors. However, Google will not merge your IP address with other data stored by it.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Google Analytics

This website uses Google Analytics, a web analytics service of Google, Inc ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google will also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Google +1

With the help of the Google +1 button, you can publish information worldwide. Via the Google +1 button, you and other users receive personalised content from Google and its partners. Google stores both the information that you gave +1 for a content and information about the page you viewed when you clicked +1. Your +1s may be displayed as notices along with your profile name and photo in Google services, such as search results or your Google profile, or elsewhere on websites and ads on the internet.

Google records information about your +1 activities in order to improve Google services for you and others.

In order to use the Google +1 button, you need a globally visible, public Google profile, which must at least contain the name chosen for the profile. This name is used in all Google services. In some cases, this name may also replace another name you used when sharing content through your Google Account. The identity of your Google profile may be displayed to users who know your email address or have other identifying information about you.

In addition to the uses explained above, the information you provide will be used in accordance with the applicable Google Privacy Policy http://www.google.com/intl/de/policies/privacy/. Google may publish aggregate statistics about users' +1 activities or share these statistics with our users and partners, such as publishers, advertisers or affiliated websites.

13. Can this privacy policy be changed?

This privacy policy may be amended at any time and without prior notice. The current version published on our website shall apply. We reserve the right to supplement this privacy statement with additional privacy statements in individual cases.

Last updated: 14 December 2023

14. Newsletter, commercial communication

We may send newsletters or other (including commercial) content relating to our services and products ("News") to all customers whose data we process to their address, number or app from time to time. When sending the newsletter, we may use services from mailchimp, bexio, zoho and other software providers.

You hereby agree to the sending or display of news but can stop this at any time and free of charge.

Under certain circumstances, the receipt of the news takes place through registration in a so-called double opt-in procedure. You will then receive an email, SMS or other message asking for confirmation of the registration. This confirmation is necessary so that no one can register with other people's e-mail addresses. Sign-ups to receive the News are logged in order to be able to prove the sign-up process in accordance with legal requirements. This includes the storage of the login and confirmation time as well as the IP address.

You can unsubscribe from the News at any time and withdraw your consent to receive it. The consent to send them via mail software providers and the statistical analyses expire at the same time. A separate revocation of the dispatch via mailchimp, bexio, zoho and other software providers or the statistical evaluation is not possible.

15. Consent

You explicitly and expressly consent to us processing the data as specified in this privacy policy.

You have the right to revoke this consent at any time. The revocation of consent shall not affect the lawfulness of the processing of the data carried out on the basis of the consent until the revocation.

The revocation of consent authorises us to immediately terminate the business relationship or to discontinue the provision of certain services, irrespective of other contractual agreements. You acknowledge that the discontinuance of certain services by us does not constitute a breach of contract by us and/or relieve you of your financial and other contractual obligations.

16. Severability clause

If a provision of this data protection declaration or the contents of an enclosure integrated into this data protection declaration is or becomes invalid, the validity of the rest of this data protection declaration shall not be affected.

The invalid provision shall be replaced by a valid provision which comes as close as possible to the intended economic purpose of the invalid provision.

17. Applicable law and place of jurisdiction

For disputes arising from this Privacy Policy or for disputes concerning the Data, Swiss law shall apply to the extent legally possible, excluding conflict of law rules.

Jurisdiction for disputes arising from this privacy policy or for disputes concerning the data shall, as far as legally possible, lie with the courts - unless otherwise required by law - at our registered office.