Privacy Notices

How do we deal with Personal Data from individuals under the age of 13?

Our Services are not directed at children. We do not knowingly collect any Personal Data about children under the age of 13 on our website or for the purposes mentioned in this Privacy Notice.

If Personal Data about children has been mistakenly provided to us and you would like to request that such Personal Data be removed, please refer to our Contact us section.

What Personal Data do we process and for which purposes?

Most of our Services do not require any form of registration or sign-up to access the Services. However, depending on how you interact with us, we may collect and process Personal Data that directly identifies you such as your name, contact details, email address, and job title. We may also collect certain Personal Data that does not directly identify you, but which makes identification possible through the combination of other information or identifiers such as your company name and position. If you submit Personal Data relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Notice.

For inquiries via our contact form, you must provide your name, e-mail address, job title and your message. We process and save the Personal Data provided via our contact form or via e-mail to process and answer your request and to get in touch with you. The legal bases for processing your Personal Data are to perform our obligations under any contract with you, or for our legitimate interests.

We share important information and updates about Oculis via our newsletter, email bulletins and other online communications. You can sign up to receive these via the Investor Relations section of our website or you may be added to our mailing list because of your professional involvement and interactions with Oculis. We process your contact information, such as name, title and email address, to support our legitimate interests, however, if you decide that you no longer wish to receive such communications, you can opt-out by unsubscribing at any time, by clicking the unsubscribe link in the email or by clicking the unsubscribe link in the Investor Relations section of our website.

We may also collect and process information about your visit to this website, such as the pages you visit, the website you came from and the searches you perform. We may use such information to help improve the contents of the website and to compile aggregate statistics about people using our website for our internal usage statistics and market research purposes. In doing this, we may install “cookies” or similar technologies that collect the domain name of the user, your internet service provider, your operating system, and the date and time of access. Cookies are created and stored on the user’s computer, phone or other devices when the user’s browser loads a particular website. Every time the user goes back to the same website, the browser retrieves and sends this “cookie” file to the website. Cookies are useful because they serve key purposes like helping a website remember your preferences and settings, performing analytics to improve services, serving you relevant content or advertisements and authenticating you on the websites. Cookies do not damage your computer. You can set your browser to notify you when you receive a cookie, this will enable you to decide if you want to accept it or not. You can also refuse cookies altogether. However, if you do not accept our cookies, you may not be able to use all functionalities of our website. When you visit our website, you may be presented with a cookie-setting banner that allows you to manage the settings and accept or deny the cookies. It is legally permitted to store cookies on your machine if they are essential to the operation of the website, but for all other types of cookies we need your permission to do so. On our website, you have the option to consent to the use of cookies while visiting the website for the first time when a cookie banner will be shown or manage these settings anytime later by clicking the Cookie Settings link in the footer of the website. These cookie settings give you the option of accepting or denying your consent to every category of cookies (with the exception of the necessary cookies which are always active). Please refer to our Cookie Settings to learn more about what types of cookies we use (the purpose they serve, their lifespan, and their provenance) and how you can manage your preferences.

Certain of our Services, including this website, may use the web analysis service “Google Analytics 4” from Google LLC, of 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) to optimize them. Google Analytics 4 is an analytics service that enables us to measure traffic and engagement across our website. In order to increase the security of your Personal Data, the “IP anonymization” function is activated by default and cannot be adjusted by users which means that Google Analytics 4 will not store IP addresses of users. For more information on how IP anonymization works, click: https://support.google.com/analytics/answer/12017362?hl=en.

Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity for us and to provide us with other services relating to website activity and internet usage. Oculis uses the data received from Google Analytics for business planning, for its own business activities and for marketing measures in order to better understand how the content of our web services and the associated experience can be improved. Certain of our websites also use Cookiebot cookies to enable you to manage the cookies easily and help us to obtain your consent for our placement and use of cookies on your device. We need these cookies to remember the choices that you have made regarding cookie settings.

The legal basis for the processing of your Personal Data when we do website analytics is your consent or our legitimate business interests.

We may use your Personal Data for our business purposes, including audits, monitoring and prevention of fraud, and infringement.

Also, we may use your Personal Data:

• if we are required to do so because of an applicable law, requests from public and government authorities (including court order, subpoena, or governmental regulation), even outside your country of residence;
• if we need to enforce our terms and conditions;
• when we believe in good faith that the use of Personal Data is necessary to protect legal rights, the security or integrity of this website;
• to protect your safety or the safety of others;
• as part of any criminal or other legal investigation or proceeding in your country or in other countries; or
• to the extent reasonably necessary for development of or to proceed with the negotiation or completion of a corporate or commercial transaction.

We do not collect sensitive Personal Data. You are requested to not disclose your sensitive Personal Data to us unless we specifically ask for it (e.g., national identification card numbers, information related to racial or ethnic origin, political opinions, religion or philosophical beliefs, health, sex life or sexual orientation, criminal background, or trade union membership, or biometric or genetic data for the purpose of uniquely identifying an individual).

When and to whom do we disclose your Personal Data?

We may share your Personal Data with other Oculis subsidiaries and affiliates worldwide to exchange information and maintain databases in different countries. We also may transfer Personal Data to third parties who act on our behalf, for further processing in accordance with the purpose(s) for which the data were originally collected or may otherwise be lawfully processed, evaluating the usefulness of our Services, data management, or technical support.

We will not sell, share, or otherwise transfer your Personal Data to third parties other than those indicated in this Privacy Notice.

In the course of our activities and for the same purposes as those listed in this Privacy Notice, your Personal Data can be accessed by, or transferred to the following categories of recipients on a need to know basis to achieve such purposes:

• our personnel (including personnel, departments or other companies of the Oculis group);
• our independent agents or brokers (if any);
• our other suppliers and service providers that provide services and products to us; and
• our IT systems providers, cloud service providers, database providers and consultants.

These third parties have contracted with us to only use Personal Data for the agreed upon purpose, and not to sell Personal Data to third parties, and not to disclose it to third parties except as may be permitted by us, as required by law, or as stated in this Privacy Notice.

Also, we may disclose your Personal Data to a third party if we are required to do so because of an applicable law, requests from public and government authorities (including court order, subpoena, or governmental regulation), even outside your country of residence; if we need to enforce our terms and conditions; when we believe in good faith that the disclosure is necessary to protect legal rights, the security or integrity of this website; to protect your safety or the safety of others; as part of any criminal or other legal investigation or proceeding in your country or in other countries; or to third parties, advisors, and other entities to the extent reasonably necessary for development of or to proceed with the negotiation or completion of a corporate or commercial transaction.

Your Personal Data may also be processed, accessed, or stored in countries outside Switzerland. Such countries may offer a different level of protection of Personal Data. If we transfer your Personal Data to external companies in other jurisdictions, we will make sure to protect your Personal Data by applying the level of protection required under applicable data privacy laws by implementing adequate technical and organisational measures. In the event that your Personal Data is transferred to a service provider based in a third country (countries outside the European Union that do not have a level of data protection comparable to the data protection law of the European Union, as determined by a competent data protection authority) and processed there, Oculis ensures the protection of your Personal Data by means of Standard Contractual Clauses or EU Model Clauses or another method in accordance with applicable law. Should these Standard Contractual Clauses in the future be declared null and void and/or be revised by the European Commission, we will adopt other applicable and/or approved instruments to provide for appropriate safeguards required for the third country transfers and enter into such agreed instruments in a written and legally binding form.

How long do we keep your Personal Data?

We keep your Personal Data for as long as you use the Services. We may also keep your Personal Data for a reasonable period following the fulfilment of our Services or termination of your relationship with us or discontinuation of your use of our Services, unless a longer retention period is required or permitted by law.

How do we protect your Personal Data?

We have implemented appropriate technical and organisational measures designed to provide an adequate level of security and confidentiality to your Personal Data. The purpose of these measures is to protect Personal Data against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and against other unlawful forms of processing.

What are your rights and how can you exercise them?

Whenever we process Personal Data, we take reasonable steps to keep your Personal Data accurate and up-to-date for the purposes for which they were collected. We will provide you with the ability to exercise the following rights under the conditions and within the limits set forth in the law:

• the right to be informed about what Personal Data we have about you and how we process your Personal Data;
• the right to access your Personal Data as processed by us and, if you believe that any information relating to you is incorrect, obsolete or incomplete, to request its correction or updating;
• the right to request the erasure of your Personal Data or the restriction thereof to specific categories of processing;
• the right to withdraw your consent at any time, without affecting the lawfulness of the processing before such withdrawal;
• the right to object, in whole or in part, to the processing of your Personal Data;
• the right to request a data portability, i.e. that the Personal Data you have provided to us be returned to you or transferred to the person of your choice, in a structured, commonly used and machine-readable format without hindrance from us and subject to your confidentiality obligations; and
•  the right to object to automated decision making including profiling resulting in a significant or legal effect, i.e. you can request an human intervention in any automated decision making process related to processing of your data resulting in a significant or legal effect, and where such processing is not based on your consent, authorised by law or necessary for the performance of a contract. However, we don’t currently make decisions using automated processes only that result in significant or legal effects on individual.

If you have a question or want to exercise the above rights, you may send an email to our Data Protection Officer at privacy@oculis.com or a letter to Oculis at the address described in the Contact us section below. If you have a complaint about how your Personal Data is being processed, you also have the right to contact the Data Protection Authority in your country.

How frequently do we update this Privacy Notice?

We keep our Privacy Notice under regular review and update it as and when required. The last version of this Privacy Notice was last updated on March 1, 2024.

Contact us

If you wish to contact us regarding how we use your Personal Data or you wish to exercise your data privacy rights, please email us at privacy@oculis.com or write us to the following address:

Oculis Holding AG
Data Protection Officer
Bahnhofstrasse 7
6300 Zug
Switzerland

What information do we collect?

In connection with your application for work with us, we will collect, store, and use the following categories of personal data about you:

• any information you have provided to us in your resume / CV and cover letter
• the information you have provided to us by way of an application form, including name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications
• any information you provide to us during an interview

We may also collect, store, and use the following “special categories” of sensitive personal data:

• information about your race or ethnicity, religious beliefs, sexual orientation and political opinions
• where appropriate and lawful for us to do so, criminal records, bankruptcy & credit history, and information pertaining to FACIS Level 3 checks

How is your personal data collected

We collect personal data about candidates from the following sources:

• you, the candidate
• third party recruitment agencies who may represent you
• your named referees, from whom we obtain a standard reference
• third parties from a publicly accessible source, e.g., results of social media searches such as LinkedIn
• third-party service providers for employment background checks

How will we use information about you and on what legal basis

We will use the personal data we collect about you to:

• assess your skills, qualifications, and suitability for the role
• carry out reference and background checks
• communicate with you about the recruitment process
• keep records related to the recruitment and hiring process
• comply with legal or regulatory requirements

Following receipt of your resume / CV, cover letter and/or your application form, we will process that information to decide whether you meet the basic requirements to be shortlisted for the role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the role. If we decide to offer you the role, we will then take up references and carry out any other relevant checks before confirming your appointment. We seek information from third parties, such as references supplied by former employers or employment background checks conducted via third-party service providers, with your consent only.

It is in our legitimate interests to process your personal data to decide whether to enter into a contract of employment or engagement with you. In case we decide to offer you the role, the processing of your personal data is necessary to enter into a contract of employment or engagement with you and to comply with legal obligations relevant to recruitment to which we are subject (such as establishing right to work status).

If you do not provide personal data

If you do not provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully.

How we will use “special categories” of sensitive personal data

We will use your sensitive personal data in the following ways:

• We will use information about your health and disability status to consider whether we need to provide appropriate adjustments during the recruitment process
• We will use information about your race or national or ethnic origin, religious, philosophical, or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting. Data that Oculis uses for these purposes will be collected on an anonymised basis. Candidates are entirely free to decide whether or not to provide such information and your application will not be affected either way
• We may collect criminal records, bankruptcy & credit history, and/or information pertaining to FACIS Level 3 checks if it is appropriate given the nature of the role and where we are legally able to do so

Automated Decision-Making

Please note that you will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

Who has access to data?

Your information will be managed by HR and shared internally with Oculis authorised staff, for the purposes of recruitment (subject to confidentiality arrangements), and where necessary, with competent public, government, regulatory or fiscal authorities or agencies where it is necessary to comply with a legal or regulatory obligation to which Oculis is subject.

It may be necessary from time to time for us to disclose your personal data to third parties or agents, including without limitation to the following:

• third parties to assist in the administration, processing, and management of certain activities pertaining to prospective employees, e.g. payroll, tax, insurance and pension, and travel and expense management service providers
• individuals or companies engaged by Oculis to carry out specific services, functions or consultancy work
• relatives or legal representatives of prospective employees
• regulatory bodies to whom we are obliged or required to disclose information including courts and court-appointed persons
• relevant government departments and agencies
• other service providers necessary to support Oculis in its business operations

Where we engage third parties to process your personal data on our behalf, we do so on the basis of written instructions, ensuring the relevant third parties have implemented appropriate technical and organisational measures to ensure the security and protection of your personal data.

Any sharing of personal data with third parties is subject to appropriate due diligence assessments and contracts and/or agreements, including data processing agreements.

Transfers of Personal Data outside the European Economic Area (“EEA”)

Due to the global nature of our business, your personal data may be disclosed outside of the EEA, including in particular in the US, for the purposes described above. It may also be processed by HR and other staff operating outside of the EEA who work for us or for one of our service providers or third parties who act on our behalf. Additionally, your data may be shared outside of the EEA in connection with travel or visa arrangements.

We ensure appropriate safeguards, such as European Commission approved standard contractual clauses, are in place to ensure the privacy and integrity of such personal data. Further details regarding these safeguards are available on request via privacy@oculis.com.

How do we protect your data?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorised way. In addition, we limit access to your personal data to those employees, agents, contractors, and third parties who have a business need-to-know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

How long will your data be used for

Successful applicants

If your application for employment or engagement is successful, personal data gathered during the recruitment process will be transferred to our HR systems and retained during your employment in accordance with our Employee Privacy Notice.

Unsuccessful applicants

If your application for employment or engagement is unsuccessful, we will hold your personal data on file for twelve (12) months after the end of the relevant recruitment process to the extent necessary to enable Oculis to comply with any legal obligations or for the exercise or defence of legal claims (subject to any applicable legal or regulatory obligations to retain such information for a longer period).

At the end of that period, we will securely destroy your personal data in accordance with applicable laws and regulations.

In the event that any court actions or other legal proceedings are pending or impending, personal data will be deleted after termination of the court action or legal proceeding as appropriate.

Your rights

As a data subject, you have a number of rights, as follows:

• to access and obtain a copy of your personal data on request
• to change incorrect or incomplete personal data
• to delete or stop processing your personal data in certain circumstances
• to object to the processing of your personal data in certain circumstances
• to stop processing personal data for a period if data is inaccurate or there is a dispute about whether or not your interests override our legitimate grounds for processing data

If you would like to exercise any of these rights or if you have any questions regarding how Oculis process your personal data, please contact our Data Protection Officer (DPO) via privacy@oculis.com.

If you believe that we have not complied with your data protection rights, you have the right to raise the matter with the relevant data protection authority.

Changes to this Privacy Notice

We reserve the right to update this Privacy Notice at any time. Any substantial changes will be published via the Oculis website. The last version of this Privacy Notice was last updated on September 1, 2024.

Contact us

If you wish to contact us regarding how we use your personal data or you wish to exercise your data privacy rights, please email us at privacy@oculis.com or write us to the following address:

Oculis Holding AG
Data Protection Officer
Bahnhofstrasse 7
6300 Zug
Switzerland