PRIVACY NOTICE

This data protection notice ("Notice") sets out how EIZO AG ("we", "us", "our", etc.) as data controller processes your personal data and the measures and procedures we use to protect your personal data. The provision of this information is mandatory under the EU General Data Protection Regulation.

This notice does not constitute a contractual agreement between you and us and may be amended by us as necessary.

We process your personal data exclusively in the following cases:

(a) when you have given us your consent;
(b) to provide you/your employer with our products or services;
(c) to respond to an inquiry from you or your employer;
(d) to maintain a business relationship with you or your employer;
(e) to comply with our legal and regulatory obligations. If subparagraph (a) applies, you may withdraw your consent at any time by making a request in accordance with Section 12.

3.1 We process the following personal data about you:

(a) Name, email address and other contact details;
(b) details of your professional role, position and/or post;
(c) Details of your preferences for marketing events or marketing materials;
(d) details of your access to our premises and access to our systems and websites; and
(e) your messages, feedback or participation in studies and surveys.

3.2 In some cases, we may need your personal data for business or operational reasons, to maintain our business relationship with you/your employer, to provide our products or services to you/your employer, or to comply with our legal and regulatory obligations. If you do not provide us with your personal data, we may not be able to maintain our business relationship with you/your employer or provide our products or services to you/your employer.

3.3 We make every effort to ensure the accuracy and completeness of the personal data we hold and to ensure that your personal data is kept up to date. You can make an important contribution to this by notifying us immediately if your personal data changes or if you discover that we have incorrect personal data about you (see Section 9). We are not responsible for any loss resulting from incorrect, inaccurate, deficient or incomplete personal data that you have provided to us.

We usually collect your personal data based on the information you/your employer provide in the course of our business relationship with you/your employer. This usually occurs in the following instances: You/your employer sends us emails and other correspondence, business cards, forms and documents that you/your employer use to subscribe to our marketing or market data newsletters or as part of your appointment as a representative of your employer; you/your employer provides us with login credentials that you/your employer uses to access our products or services on your behalf or on behalf of your employer.

We may also collect personal information from other sources, such as affiliates, credit reporting agencies and fraud prevention organizations, and government records.

As part of our business relationship with you/your employer and to provide our products and services to you/your employer, we process your personal data for the following purposes:

(a) Providing required products or services to you/your employer;
(b) Responding to messages or posts from you/your employer;
(c) Providing promotional and marketing materials about our products and services that may be of interest to you/your employer;
(d) Managing, developing and improving our products, services, outlets, IT systems and websites;
(e) Monitoring and auditing compliance with legal requirements and our own policies and standards;
(f) Compliance with our legal and regulatory obligations and related filings on a global basis, including audits and reporting requirements to governmental and international regulatory authorities;
(g) Detection of money laundering activities, financial and credit audits, and prevention and detection of fraud and crime;
(h) Administrative purposes relating to security and access to our systems, premises, and platforms, websites and applications;
(i) Enforcement of court orders and exercise and/or defense of our rights;
(j) Other lawful business purposes;
(k) Other purposes permitted or required by applicable law;

We use cookies on our site. These are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our website. Cookies do not cause any damage to your terminal device, do not contain viruses, Trojans or other malware.

In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we thereby obtain direct knowledge of your identity.

The cookies are managed in a Consent Management Platform (CMP for short). By means of this application, we enable website visitors to view the cookies used. In addition, this is used to log which cookies the user has given permission to be set (opt-in management).

The use of cookies serves on the one hand to make the use of our offer more pleasant for you. Thus, we use so-called session cookies to recognize that you have already visited individual pages of our website during the current session. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize the user experience, which are stored on your terminal device for a certain specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and what entries and settings you have made, so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you (see section 7). These cookies allow us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined time in each case.

The data processed by cookies are necessary for the aforementioned purposes to protect our legitimate interests and those of third parties.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you can not use all the features of our website.

The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 p. 1 lit. f DSGVO. With the tracking measures used, we want to ensure a needs-based design and continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.

The respective data processing purposes and data categories can be found in the corresponding tracking tools.

7.1 Google Analytics

For the purpose of demand-oriented design and ongoing optimization of our pages, we use Google Analytics, a web analytics service provided by Google Inc (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymized usage profiles are created and cookies (see under item 6) are used. The information generated by the cookie about your use of this website such as

• browser type/version,
• operating system used,
• referrer URL (the previously visited page),
• host name of the accessing computer (IP address),
• Time of the server request,

are transmitted to a Google server in the USA and stored there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. Our legitimate interest in data processing also lies in these purposes. The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month. For more information on terms of use and data protection, please visit www.google.com/analytics/terms/de.html

This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. In no case will your IP address be merged with other data from Google. The IP addresses are anonymized so that an assignment is not possible (IP masking).

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

Alternatively to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on the aforementioned link. An opt-out cookie will be set, which prevents the future collection of your data when visiting our website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again.

For more information on privacy related to Google Analytics, please see the following link in the Google Analytics Help: https://support.google.com/analytics/answer/6004245?hl=de

7.2 Google Adwords Conversion Tracking

To statistically record the use of our website and evaluate it for the purpose of optimizing our website for you, we also use Google Conversion Tracking. In this process, Google Adwords sets a cookie (see item 5) on your computer, provided that you have reached our website via a Google ad.

These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.

Each Adwords customer receives a different cookie. Cookies can therefore not be tracked across Adwords customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for Adwords customers who have opted in to conversion tracking. The Adwords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive information that personally identifies users.

If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this - for example, via browser settings that generally disable the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com". Google's privacy policy on conversion tracking can be found at the link below: https://services.google.com/sitestats/de.html

We use social plugins of social networks (e.g. Facebook, Twitter) on our website to make our company better known. The underlying promotional purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for data protection-compliant operation is to be ensured by their respective providers. The integration of these plugins by us is done by way of the so-called two-click method to protect visitors to our website as best as possible.

a) Facebook

Social media plugins from Facebook are used on our website to make their use more personal. For this purpose, we use the "LIKE" or "SHARE" button. This is an offer from Facebook.

When you call up a page of our website that contains such a plugin, your browser establishes a direct connection with Facebook's servers. The content of the plugin is transmitted by Facebook directly to your browser, which then integrates it into the website.

By integrating the plugins, Facebook receives the information that your browser has called up the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted from your browser directly to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook account. If you interact with the plugins, for example by clicking the "LIKE" or "SHARE" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook for everyone to see.

Facebook may use this information for the purposes of advertising, market research and customization of the Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.

If you do not want Facebook to associate the data collected through our website with your Facebook account, you must log out of Facebook before visiting my website.

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and settings options for protecting your privacy, can be found in the privacy policy, in particular the data policy of Facebook, which you can view at the following link: www.facebook.com/about/privacy/

b) Twitter

On our website, plugins of the short message network of Twitter Inc (Twitter) are integrated. You can recognize the Twitter plugins (tweet button) by the Twitter logo on our site. An overview of tweet buttons can be found under this link at Twitter: dev.twitter.com/web/tweet-button

When you call up a page of our website that contains such a plugin, a direct connection is established between your browser and the Twitter server. Twitter thereby receives the information that you have visited our site with your IP address. If you click the Twitter "tweet button" while logged into your Twitter account, you can link the content of our pages on your Twitter profile. This allows Twitter to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter.

If you do not want Twitter to be able to associate the visit to our pages, please log out of your Twitter user account.

For more information on this, please see Twitter's privacy policy, which you can view here:twitter.com/en/privacy

c) YouTube

This website contains plug-ins from YouTube, belonging to Google Inc, based in San Bruno/California, USA. As soon as you visit pages of our website equipped with a YouTube plug-in, a connection to the YouTube servers is established. In doing so, the YouTube server is informed which specific page of our website you have visited. If, on top of this, you are logged into your YouTube account, you would enable YouTube to assign your surfing behavior directly to your personal profile. You can negate this possibility of association if you log out of your account beforehand. For more information on the collection and use of your data by YouTube, please refer to the privacy notices there at www.youtube.com.

d) Instagram

On our pages, functions of the service Instagram are integrated. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA integrated. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.

For more information on this, please see Instagram's privacy policy: instagram.com/about/legal/privacy/.

e) Other plug-ins from Pinterest, Vimeo and others

In order to make the Internet offering more attractive and user-friendly for our users, we temporarily integrate social plug-ins from other selected platforms (e.g. Pinterest, possibly Dailymotion, possibly Vimeo) on our portal. These plugins are usually identified by a logo of the cooperation partner and a written addendum.

As soon as you call up a page of our offer with such a plugin, your browser establishes a direct, short connection with its servers. This serves primarily to display the content of the plugin. In this case, the cooperation partner learns your IP address. In practice, this IP address cannot be easily assigned to you by name. Under certain circumstances, the platform provider may save a cookie on your computer (see the "Cookies" section above). Whether you want to allow these cookies, you decide via the settings of your Internet browser.

f) Partner programs of Hatch and others

Furthermore, EIZO cooperates as a partner with online retailers in order to be able to present you, the user, with online stores where EIZO products can be purchased. These include the retailers visible on the product detail pages after clicking on the "Buy" button. As a user, you will be routed to the website of the online retailer after clicking on the logo of the retailer. This is done either via a direct redirect or via the provider HATCH B.V. based in the Netherlands (Weerdestein 117-II, 1083 GH Amsterdam, NL). In this context, data is transmitted to the partner Hatch for the provision of this service. For more information, please see the provider's privacy policy: www.gethatch.com/en/privacy-policy/

Your personal data may be transferred to, and subsequently stored and accessed in, a country or territory outside the European Economic Area ("EEA"). This includes countries whose laws do not protect personal data to the same extent as within the EEA. In particular, we may transfer your personal data to our affiliates outside the EEA including Japan. We will ensure that appropriate safeguards are in place in accordance with the GDPR when transferring personal data abroad. You may request a copy of the relevant security documents by submitting a request in accordance with Section 12.

Under no circumstances will we sell, rent or trade your personal information. We will only disclose your personal information to the following recipients:

(a) our affiliates;

(b) companies approved or designated by you;

(c) third parties that process your personal data on our behalf (e.g., our system providers including cloud providers);

(d) Third parties who process your personal data on their own behalf to provide a service to you or your employer on our behalf (e.g., our suppliers);

(e) Companies that provide services to detect money laundering, mitigate credit risk, prevent fraud and crime, or for similar purposes, including financial institutions, credit bureaus and regulators, to whom such information is disclosed;

(f) Third parties to whom we transfer or assign our rights or obligations;

(g) Potential purchasers to whom we sell any part of our business or assets; and

(h) Governments, regulators, law enforcement agencies, securities regulators or courts, if we are required or requested to do so under applicable law.

We are committed to the secure storage and protection of your personal data. To this end, we take appropriate technical and organizational precautions to effectively protect your personal data from accidental or unauthorized destruction, loss, alteration, disclosure, or access.

12.1 If you:

(a) update, amend or delete your personal information or obtain a copy of your personal information that we retain; or

(b) restrict or terminate our use of your personal data held by us, you may contact us as set out in Section 12 and make a request to do so.

12.2 In the situations listed above, we may request proof of identity from you. To do so, please send us a copy of a valid identification document so that we can comply with our security obligations and prevent unauthorized disclosure of data.

We retain your personal information only as long as necessary to fulfill the purpose for which it was collected or to comply with legal or regulatory requirements or internal policies.

We may change or update portions of this notice to comply with applicable law or to reflect revised internal practices. You will not necessarily be notified immediately of any such change. Therefore, please be sure to periodically review this notice to be informed of any changes or updates.

If you have any questions about the content of this notice or your personal information, or if you would like to make a request regarding your personal information, you may contact us as follows: Email: info.ch (at) eizo.com

You have the right to file a complaint with our data protection authority if you believe we have violated your data protection rights. A list and contact information for local data protection authorities can be found here.