WHO WE ARE

BackBone Ventures AG, Lutherstrasse 2, CH-8004 Zurich, Switzerland, is responsible for your personal data. (The external data protection officer is Dr. Jan Claudio Muñoz, Backbone Ventures GmbH, TechQuartier, c/o Backbone Ventures GmbH, Platz der Einheit 2, D-60327 Frankfurt).

BackBone Ventures AG

Lutherstrasse 2, CH-8004 Zurich

Registernummer: CHE-384.697.508

Backbone Ventures GmbH

TechQuartier, c/o Backbone Ventures GmbH, Platz der Einheit 2, D-60327 Frankfurt, Germany

Registration number: HRB 127266

Commercial register: Frankfurt am Main Local Court, Germany

hello@backbone.vc

References in this Data Protection Statement (the Statement) to "BackBone Ventures", "we" or "us" are references to BackBone Ventures AG are committed to protecting the privacy and security of personal data provided to us or collected by us on our website and in the course of our business. We store and process personal data in accordance with the Swiss Data Protection Act (DSG) and (where applicable) the EU General Data Protection Regulation (DSGVO).

This Privacy Policy sets out how we collect and process personal data, personal data we receive about you and what rights you have in relation to this data.

HOW WE STORE YOUR PERSONAL DATA

We store your personal data for as long as it is necessary for the purpose for which it was collected and for as long as we have a legitimate interest in retaining personal data, for example for the implementation or defence of legal claims or for archiving purposes and IT security. We also store your personal data if and as long as this is required in accordance with a statutory retention obligation.

WHICH PERSONAL DATA WE COLLECT

Personal data we process about you includes:

Your name and contact details (for example, name, address, telephone number or email address), information about the company you work for, your position or title and/or your relationship with a person and other basic information);

Identification and background information that you provide to us or that is collected from you as part of our onboarding process, particularly in relation to MLA obligations;

Financial information, such as payment information;

Information disclosed to us by or on behalf of our clients or generated by us in the course of providing our services to clients.

Information disclosed to us for the purpose of attending meetings, seminars or events;

Information relating to documents and communications that we send to you electronically.

Any other information relating to you that you provide to us.

We collect and record this information when you interact with us, for example when you communicate with our employees, register to receive information by e-mail, or when you attend a meeting, seminar or other events. We will only send you e-mails if we have a business relationship with you or if you have consented to receive such e-mails in accordance with (Art. 6 para. 1 lit, a) DSGVO. We also collect or compile personal data as part of our services and when we obtain personal data from other sources, for example by consulting publicly available sources to update your details.

The legal basis for processing your personal data for these purposes is our legitimate interest in managing and developing our business (Art. 6 para. 1 lit. f) DSGVO) or our contractual obligations (Art. 6 para. 1 lit. b) DSGVO).

WHY WE PROCESS YOU PERSONAL DATA

In the course of our business, we collect and process personal data about customers, related parties and others, as well as their respective representatives and employees.

We process your personal data:

to communicate with you;

to carry out money laundering, conflict and reputational checks;

to provide and improve our services to you and our clients, including personal data of third parties disclosed to us or collected by us on behalf of our clients, such as the processing of identification and background information as part of our onboarding process, financial data and data relating to our administrative processes/operations;

to manage the business relationship with you and our clients;

to maintain, provide and improve our websites, including monitoring and evaluating their use;

to promote our services, including sending publications, alerts, updates, invitations to events, etc.; and

to comply with our legal, regulatory and risk management obligations, including the assertion, enforcement and defense of legal claims.

We process personal data for these purposes on the following basis: when it is necessary for us to perform a contract, such as contacting an individual, to provide legal or other services, to assert, enforce or defend legal claims or (in) legal proceedings; to comply with legal and regulatory obligations, to protect legitimate interests including those mentioned and listed above; and/or based on consent. We may use this data to conduct the business of our company (e.g. administrative or operational processes), to monitor and analyse our business or to improve our services and products. Our main legal basis for these processing purposes is the conclusion or performance of a contract pursuant to Art. 6(1)(b) of the DSGVO.

We use various technical and organisational measures to help protect your personal data from unauthorised access, use, disclosure, alteration or destruction.

USE OF WEBSITE, COMMUNICATION

When you access and use our website (https://www.backbone.vc), we automatically collect and store corresponding log data and device-specific information for a limited period of time. This information includes, but is not limited to, specific information such as IP address, access dates and times, hardware and software information as well as device-specific and other similar information. We process this information on the basis that it is necessary for us to operate, maintain and improve our website.

You can refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that this may affect your ability to use our websites. For more information about cookies, including how to manage, refuse or delete them, please visit (www.allaboutcookies.org).

Communications

We may use your name and email address(es) to send you publications, alerts, updates, invitations to events and other information by email and will ask for your prior consent to do so unless we have received your contact details as part of our services and you have not opted out of receiving such promotional communications. If you do not wish to receive promotional communications from us, you may unsubscribe at any time by clicking on the unsubscribe link in the relevant email. Please note that we use personal data to track whether you read our emails or whether you click on links contained in them.

Social Plugins

We use the following social plugins on our website: LinkedIn, Instagram and YouTube, which you can recognize by the respective icon placed on our website. When you interact with this social network, e.g. when you click on the icon on our website, the information collected by the social plugin is forwarded and your visit is recognized by e.g. LinkedIn. These social plugins are not automatically activated. For more information on how our social media partners process the personal data they collect about you, please refer to the corresponding data protection declarations and the related notices.

Application process

When you apply for a job or recruitment event with us, you may be required to provide personal data, including specific categories of personal data. By submitting your application, you expressly consent to our use of this data to the extent necessary. This personal data includes: CVs (including diplomas, work experience), assessments and reports, criminal records. We will use this data to check your application, We may also use this data to check the information you have provided (including references, background, identity, eligibility, extracts from debtors' register and criminal records). The legal basis for these processing purposes is our legitimate interest in recruiting new staff in accordance with Article 6(1)(f) of the DSGVO and, in the case of a successful application, the conclusion and performance of a contract in accordance with Article 6(1)(b) of the DSGVO. If we need to collect data that is necessary for your employment and you do not provide us with this data despite being requested to do so, we may not be able to consider employing you further.

Former employees

If you are a former employee of ours, we collect personal data such as your name, contact details (e.g. your address, e-mail address and telephone numbers), data about your employment with us and any other data we have received from you. This data is used to keep in contact with you and is in our legitimate interest according to Art. 6 (1) (f) of the DSGVO.

Profiling and automated decisions

With regard to profiling and automated decisions, we do not (currently) process your data in a way that enables us to create a profile of you in our data bank (e.g. a customer profile) or to infer certain aspects of your life such as interests, hobbies, financial situation, health, etc. We do not use automated decision-making in this respect. We do not (currently) use automated decision-making to decide how to handle your data. If we decide to use a computer program to analyze your data and make automated decisions that have legal or similar implications for you, we will inform you in full transparency.

TO WHOM WE DISCLOSE YOUR PERSONAL DATA

To the extent necessary or useful for the provision of our services or for other purposes defined in this Privacy Policy, we may share your personal information collected in the course of our business with trusted third parties in Switzerland, the EU (Germany and the Netherlands), or other countries (Israel and USA), including if:

Providers to whom we outsource certain support services such as compliance issues;

Authorities if we are required to do so by law, regulation or profession (e.g., to comply with anti-money laundering or sanctions regulations);

IT service providers and Websitehosting;

Third parties acting in connection with services we provide to our clients, such as technology service providers for onboarding, data room, reporting and monitoring services or service providers;

Appointed auditors;

Third parties who are also involved in the implementation or organization of events and seminars.

For the purposes set out in this statement and as deemed necessary, we may disclose personal data to courts, law enforcement agencies, regulatory and governmental authorities, and law enforcement and enforcement agencies. We may also be required to disclose your personal information to comply with legal and regulatory requirements.

COUNTRIES TO WHICH WE TRANSFER YOUR PERSONAL DATA

Within the scope of our business activities and for the purposes described in this data protection declaration, we may also transfer your personal data to third parties outside Switzerland, insofar as this is legally permissible and necessary. Personal data will only be transferred abroad if the relevant legal requirements are met. Third parties abroad are obliged to maintain the same level of data protection as we do.

You may request a copy of the contractual guarantees, although in individual cases we may have to black out parts that are relevant to the privacy of others or to confidentiality obligations. In exceptional cases, we may rely on your consent or transfer your personal data abroad if this is necessary for the performance of the contract, for the establishment, assertion or enforcement of legal claims or for the protection of overriding public interests.

PROTECTION OF YOUR PERSONAL DATA

We have implemented technical and organizational security measures to keep your personal data secure in electronic and physical form and to protect it from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss. Our premises are access controlled and our electronic databases require login and password authentication. We use encryption technologies for the transmission of your data. This does not apply to email communications, which are not encrypted.

Our employees and third-party service providers who have access to confidential information (including personal data) are subject to a duty of confidentiality.

YOUR RIGHTS

You have the right to request detailed information about what personal data we hold about you and how we process it, and to request a copy of your personal data. You can also have your data corrected or deleted, restrict our processing activities concerning this information and object to the processing of your personal data. If you wish to exercise these rights, please contact us in writing by e-mail or letter (contact information can be found, for example, in the imprint). You may also decide to withdraw your consent. Please note that even if you choose to withdraw your consent, we may continue to process your personal data to the extent required or permitted by law. You can also lodge a complaint with a local supervisory authority, in Switzerland with the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch).

Generally, you do not have to pay a fee to exercise your individual rights, but we may charge a fee for access to your personal data if permitted by the relevant data protection laws, in which case we will inform you in accordance with the law.

ACTUALITY AND AMENDMENT OF THIS DATA PROTECTION DECLARATION

We reserve the right to update and amend this privacy policy from time to time to reflect changes in the way we process your personal data or changes in legal requirements. Please check this page regularly for any updates or changes to our privacy policy.

Status: Aug .2023, in relation to (revDSG)