Association Enso (a company incorporated in Switzerland, under license number CH-020-6002818-7, with registered office and principal place of business at Badenerstrasse 549, 8048 Zurich) is the operator of the website www.enso.finance and is therefore responsible for the collection, processing and use of your personal data and the compatibility of the data processing with applicable data protection laws.

Your trust is important to us, which is why we take the issue of data protection seriously and ensure appropriate safeguards. We are committed to handling your personal data responsibly. It goes without saying that we comply with the legal provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (OFADP), the Telecommunications Act (TCA) and, where applicable, other provisions of data protection law.

To help you understand what personal data we collect from you and for what purposes we use it, please read the information below.

1. Scope and purpose of the collection, processing, and use of personal data

A. When visiting www.enso.finance

B. When registering for our newsletter

2. Disclosure of data to third parties

We only pass on your personal data if you have expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the relationship between you and Association Enso.

In addition, we pass on your data to third parties insofar as this is necessary in the context of the use of the website for the provision of the services you have requested and for the analysis of your user behaviour. The use of the data passed on for this purpose by the third parties is strictly limited to the aforementioned purposes. If the website contains links to third-party websites, Association Enso no longer has any influence on the collection, processing, storage, or use of personal data by the third party after clicking on these links and accepts no responsibility for this.

A service provider, to whom the personal data collected via the website is transferred or who has or may have access to it is our web host Vercel. Vercel Inc. is located at 340 S Lemon Ave #4133, Walnut, California 91789. The website is hosted on servers in the USA. The data is transferred for the purpose of providing and maintaining the functionalities of our website. You can find more information on Vercel's Privacy Policy here

We use the "HEROKU" service of the service provider Salesforce.com Inc, Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, California 94105, USA (hereinafter "HEROKU") to host your data, including the wallet-address, Twitter-account, if linked. Your data may be transferred to the USA. We have concluded a contract with HEROKU that includes the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 8 on data transfer to the USA). Further information can be found in the HEROKU data protection declaration: https://www.salesforce.com/company/privacy/

3. Cookies

Cookies help in many ways to make your visit to our website easier, more enjoyable, and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our website.

Most Internet browsers automatically accept cookies. However, you can configure your browser such that no cookies are stored on your computer or a message always appears when you receive a new cookie. On the following pages, you will find explanations of how you can configure the processing of cookies in the most common browsers:

Deactivating cookies may mean that you cannot use all the functions of our website.

4. Tracking tools (Google Analytics)

On our website, we use Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses methods that enable an analysis of the use of the website, such as cookies. The information generated by the cookie about your use of our website, such as

• navigation path that a visitor follows on the website,

• time spent on the website or a sub-page,

• the subpage, on which the website is left,

• the country, region or city, from where access is made,

• end device (type, version, colour depth, resolution, width and height of the browser window),

• returning or new visitor,

• browser type/version,

• operating system used,

• referrer URL (i.e. the previously visited website),

• host name of the accessing computer (IP address) and

• time of the server request,

is usually transferred to a Google server in the USA and stored there. In doing so, the IP address is shortened by activating IP anonymisation ("anonymizeIP") on this website before transmission. The masked IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data, according to Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In these cases, we ensure through contractual guarantees that Google complies with a sufficient level of data protection.

The information is mainly used for location tracking purposes. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.

Users can prevent the collection of the data generated by the cookie and related to the website use by the user concerned (incl. the IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout

You can find more information about Google and how Google processes data here

LogRocket

Our website uses the LogRocket analysis service. The data processing is carried out by: LogRocket Inc, 87 Summer St, Boston, Massachusetts 02110, US, USA. When you visit our Website, LogRocket collects information about your use of our Website, such as pages visited, links clicked, non-sensitive text and mouse movements, as well as information that is collected more frequently, such as the referring URL, browser, operating system and information about your Internet service provider.

LogRocket allows us to see what users are doing on our Website, which helps us reproduce errors and resolve problems with the operation of our Website more quickly.

All data is stored anonymously on the servers of LogRocket Inc. in the USA. No conclusions about your person can be drawn from the collected data. inferred.

You can find more information about the handling of user data in the LockRocket privacy policy: https://logrocket.com/privacy

We have concluded a contract with LogRocket that includes the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 8 on data transfer to the USA).

You can oppose the data collection by the LogRocket service by deactivating the respective cookies (see Section 3 above regarding Cookies).

Posthog

We use functions of the Posthog service on our Website to analyse and optimise user behaviour and the user-friendliness of our Website. These features are provided by Posthog Inc, 965 Mission Street, San Francisco, CA 94103 USA.

Posthog may record and reflect your behaviour on our Website. For this purpose, Posthog collects and processes information, such as your IP address, wallet address, your browser, visited pages, clicked links etc.) to simulate your behaviour. The storage of this data is limited in time and is only used to improve our service according to your needs.

For more information, please see Posthog's privacy policy: https://posthog.com/privacy.

We have concluded a contract with Posthog that includes the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 8 on data transfer to the USA).

You can oppose to the data collection by the Posthog service by deactivating the respective cookies (see Section 3 above regarding Cookies).

5. Cloudflare

We use the functions of CloudFlare. The provider is CloudFlare, Inc. 665 3rd St. 200, San Francisco, CA 94107, USA. CloudFlare offers a so-called worldwide distributed content delivery network with DNS. Technically, the information transfer between your browser and our web pages is routed through CloudFlare's network. CloudFlare is thus able to analyze the data traffic between users and our websites, for example, to detect and prevent attacks on our services. In addition, CloudFlare may store cookies on your computer for optimization and analysis.

Cloudflare generally forwards only that data which is controlled by us as the website operator. The content is therefore not determined by Cloudflare, but always by the website operator itself. In addition, Cloudflare may collect certain information about the use of our website and process data that is sent by us or for which Cloudflare has received appropriate instructions. In most cases, Cloudflare receives data such as contact information, IP addresses, security fingerprints, DNS log data, and website performance data derived from browser activity. Log data helps Cloudflare detect new threats, for example. This allows Cloudflare to ensure a high level of security protection for our website. Cloudflare processes this data as part of the services in compliance with applicable laws.

For security reasons, Cloudflare also uses a cookie. The cookie (__cfduid) is used to identify individual users behind a shared IP address and to apply security settings for each individual user. This cookie becomes very useful, for example, when you use our website from a location where there are a number of infected computers. However, if your computer is trustworthy, we can recognize this from the cookie. Thus, despite infected PCs in the vicinity, you can surf our website unhindered. It is also important to know that this cookie does not store any personal data. This cookie is absolutely necessary for the Cloudflare security features and cannot be disabled.

We have concluded a contract with Cloudflare that includes the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 8 on data transfer to the USA).

Cloudflare addresses in their privacy policy that they are not responsible for the content they receive. For example, when you ask Cloudflare to update or delete your content, Cloudflare basically refers you to us as the website operator. You can also completely prevent Cloudflare from collecting and processing all of your data by disabling the execution of script code in your browser or by installing a script blocker in your browser (see section 3 above regarding Cookies).

Please find further information about the data processing by Cloudflare on:

6. Transfer of personal data abroad

Association Enso is also entitled to transfer your personal data to third companies (commissioned service providers) abroad, insofar as this is necessary for the data processing described in this privacy policy. These are obliged to data protection to the same extent as we are. If the level of data protection in a country does not correspond to that in Switzerland, we will ensure by contract that the protection of your personal data always corresponds to that in Switzerland.

7. Data security

We use appropriate technical and organisational security measures to protect personal data against manipulation, partial or complete loss and against unauthorised access by third parties.

8. Note on data transmissions to the USA

Some of the third-party service providers mentioned in this privacy policy are based in the USA. For the sake of completeness, we would like to point out that there are surveillance measures in place in the USA by US authorities, which generally allow the storage of all personal data of all persons, whose data has been transmitted to the USA. This is done without any differentiation, limitation or exception based on the objective pursued and without any objective criterion that would make it possible to limit the access of the US authorities to the data and its subsequent use to very specific, strictly limited purposes that are capable of justifying the intrusion associated with both the access to and the use of this data. Furthermore, we would like to point out that in the USA, foreign data subjects do not have any legal remedies that allow them to obtain access to the data concerning them and to obtain its correction or deletion, or that there is no effective judicial legal protection against general access rights of US authorities. We explicitly draw the attention of data subjects to this legal and factual situation so that they can make an appropriately informed decision to consent to the use of their data.

We would like to point out that the USA does not have a sufficient level of data protection from the perspective of Switzerland – among other things, due to the issues mentioned in this section. Insofar as we have explained in this privacy policy that recipients of data (such as Google, Mailchimp) are based in the USA, we will ensure that your data is protected at an appropriate level with our partners through contractual arrangements with these companies as well as any additional appropriate guarantees required, which protect the rights of individuals, whose personal data is transmitted to a third country.

9. Your rights

You can object to data processing at any time. You also have the following rights:

A. Right of access:

B. Right to rectification:

C. Right to erasure:

D. Right to restriction of processing:

E. Right to data portability:

F. Right to complain:

G. Right of revocation:

10. Contact

If you have any questions about data protection on our website, would like information or would like to have your data deleted, please contact us by sending an e-mail to privacy@enso.finance.