Privacy POLICY

Last updated on the 29th of September 2025

1. What is this Privacy Policy about?

HooRa SA(hereafter also referred to as “we”, “us”, or “the Company”) collects and processes personal data relating to you and other individuals (“third parties”). In this notice, the terms “personal data” and “data”are used interchangeably.

The term “Group” refers to HooRa’s affiliated entities. At present, HooRa SAis the only affiliated entity.

“Personal data” means any information that relates to an identified or identifiable natural person—that is, someone who can be identified directly from the data itself or by combining it with other information.“Sensitive personal data” is a special category of personal data that is subject to enhanced legal protection. This includes, for example, information revealing racial or ethnic origin, health data, religious or philosophical beliefs, biometric data for unique identification, or trade union membership.You will find more details on the types of data we process in Section 3 of thisPrivacy Notice. The term “processing” refers to any operation carried out on personal data, including collecting, storing, using, modifying, disclosing, or deleting it.

This Privacy Policy describes how we handle your data when you use our website https://www.hoora.ch/ (“Website”), access our services, interact with us in a contractual context, communicate with us, or otherwise engage with our company. If we carry out specific data processing activities that are not covered by this notice, we will inform you through a separate statement. We may also provide additional information about our data practices in other formats, such as consent forms, general terms and conditions, supplementary notices, and various communication channels.

If you provide us with personal data relating to other individuals (e.g., family members, colleagues, employees), we assume that you are authorised to do so and that the data is accurate. By sharing such data, you confirm this. Please ensure that those individuals have been informed about this Privacy Notice.

This Privacy Policy complies with both the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection(FADP). However, the specific legal framework applicable to your case may vary depending on the circumstances.

In case of discrepancies between different language versions of this Privacy Notice, the French version shall prevail.

2. Who is responsible for processing your data?

HooRa SA, Avenue de la Gare13, 1950 Sion, is the data controller for the purposes of this PrivacyNotice—unless we specify otherwise in a particular case, such as through a separate privacy statement, a form, or a contract. Unless otherwise stated, this Privacy Notice also applies where a Group company acts as the data controller instead of HooRa SA. This may happen, for example, when your data is processed by another entity within the group as part of service delivery, contractual obligations, or legal duties, or when you share data directly with a group company. In such cases, that company is the sole data controller, and only if it shares your data with other group companies for their own processing purposes (see Section 8) do those other companies also become data controllers.

Every data processing activity involves atleast one entity responsible for ensuring compliance with data protection law.This entity is referred to as the data controller. It is responsible, for example, for handling accessrequests (see Section 11) and ensuring that personal data is processed securelyand not misused.

Other entities may also act as joint controllers under this PrivacyNotice—meaning they jointly determine the purposes and means of processing. AllHooRa Group companies may act as joint controllers where applicable. If you wish to know which entities are responsible for a specific data processing activity, you may exercise your right of access to obtain this information (see Section 11). Even incases of joint responsibility, HooRa SA remains your primary point of contact.

For additional details regarding the third parties we work with and their responsibilities, please refer to Sections 3, 7, and 12. If you have any questions or wish to exercise your rights directly with these third parties, please contact them using their respective contact information.

You may contact us with any questions regarding data protection or to exercise your rights under Section 12, as follows:

HooRa SA
Avenue de la Gare 13
1950 Sion
info@hoora.ch

3. What types of data do we process?

We process different categories of data aboutyou. The main categories include:

  • Technical Data: When you use our website or other online services, we collect the IP address of your device and other technical data to ensure functionality and security. This includes system usage logs. We typically retain technical data for 24 months. To maintain functionality, we may assign you or your device a unique identifier (such as a cookie — see Section 13). On its own, technical data does not allow us to identify you personally. However, it may be linked to other data categories (and potentially to your identity) in connection with user accounts, registrations, access controls, or the performance of a contract.
    • Technical data includes your IP address, device operating system, date and time of access, region, and the browser type you use to access our digital services. We can infer your internet provider (and by extension your general location) from your IP address, but we generally cannot identify you. This changes when you create a user account, for example, as your personal data may then be linked to your technical data. Technical data also includes logs generated by our systems, such as connection records from users accessing our website.
  • Registration Data: Certain services and features (such as newsletters) are only available if you register or create a user account, either directly with us or via a third-party authentication provider. In this context, you are required to provide us with specific data, and we collect data about your use of our services. Some physical access controls may also require registration data. We typically retain registration data for 12 months after the service is no longer used or the user account is closed.
    • Registration data includes the information you provide when creating an account in our systems (e.g.,username, password, name, and email). It also includes data we may request before giving access to certain free services (such as name, email, and phone number). You will also need to register to subscribe to our newsletter. In the context of access control, we may record your data as part of this category or as part of the “Other Data” category.
  • Communication Data: When you contact us via contact form, email, phone, chat, mail, or any other means of communication, we collect the data exchanged with us, including your contact details and the metadata of the communication. If we record or listen to phone calls or video conferences (e.g. for training, minute-taking, or quality assurance purposes), we will inform you in advance. Such recordings are made and used strictly in accordance with our internal policies. You will be notified if and when such recordings take place, for example, through anon-screen message during the video call. If you do not wish to be recorded, please let us know or leave the (video) call. If you simply do not want your image to be recorded, please turn off your camera. If we need to verify your identity (e.g. when responding to an access request), we will collect the data required for identification purposes (such as a copy of an ID document). We generally retain this data for 12 months from our last interaction with you. This period may be extended if necessary for evidence purposes, legal or contractual obligations, or technical reasons. Emails stored in personal inboxes and written correspondence are generally retained for at least 10 years.Recordings of (video) calls are generally stored for 24 months, and chat transcripts are usually kept for 2 years.
    • Communication data includes your name and contact details, the medium, location, and time of the interaction, and typically the content itself (e.g. content of emails, letters, chats, etc.). It may also contain information relating to third parties.For identification purposes, we may process data such as your passport orID card number, or a password you have set.
  • Basic Data: By basic data, we mean the core information we need, in addition to contractual data (see below), to carry out our contractual and other business relationships, or for marketing and promotional purposes. This includes your name and contact details (email, phone number), your preferred language, your CV or equivalent information if you provide it, as well as information such a syour role and function, bank details, date of birth, customer history, powers of attorney, signing authorities, and consent declarations. We process your basic data if you are a client, supplier, or other business contact, or if you work for one of them (e.g. as a point of contact for the business partner), or because we wish to contact you for our own purposes or those of a business partner (e.g. in relation to marketing, event invitations, newsletters, etc.).We receive this data from you (e.g. when you use our services or register),from the people you work for, from third parties such as contractual partners, associations or brokers, or from public sources such as registers or the internet (websites, social media, etc.). As part of this category, we may also process sensitive data and information relating to third parties. We generally retain basic data for 10 years from the date of our last interaction with you or the end of the contract. This period may be longer if necessary for evidence purposes, to comply with legal or contractual obligations, or for technical reasons. For contacts used exclusively for marketing and advertising purposes, the retention period is usually much shorter, typically no more than 2 years from the last contact.
    • Basic data includes information such as your name, address, email address, telephone number and other contact details, gender, date of birth, nationality, information about related persons, websites, social media profiles, photos and videos, ID copies; details of your relationship with us (client, supplier, visitor, service recipient, etc.), status information, classifications, mailing list subscriptions, records of our interactions with you (including history where applicable), media reports (including social media), and official documents concerning you (e.g. commercial register extracts, permits, etc.). In terms of payment information, we collect bank details and account numbers. Consent declarations and unsubscribe preferences are also part of basic data, as well as information about third parties, such as contact persons, service beneficiaries, advertising recipients, or legal representatives.
    • For contact persons and representatives of our clients, suppliers, and partners, basic data may also include name and address, role or function within the company, qualifications, and (if applicable) information about supervisors, colleagues, and subordinates, as well as records of our interactions with them.
    • Basic data is not collected exhaustively for every contact. The actual data we collect depends primarily on the specific purpose of processing.
  • Contractual Data: This refers to the data collected in the context of entering into or performing a contract, such as information about the contract itself and the services provided or to be provided. It also includes data related to the pre-contractual phase, information required or used for the execution of a contract (e.g. videos and photographs), and customer feedback (e.g. complaints, satisfaction data, etc.). This category may include sensitive data and information about third parties. We typically collect this data from you, contractual partners, and third parties involved in the performance of the contract, but also from third-party sources (e.g. credit agencies) and public sources. We generally retain this data for 10 years after the last contractual activity or the end of the contract. This period may be extended if necessary for evidentiary purposes, compliance with legal or contractual obligations, or technical reasons.
    • Contractual data includes information about the contract’s conclusion, such as the type of contract, the signing date, application data (such as service requests), and details of the contract in question (e.g. its duration), as well as the performance and administration of the contract (e.g. billing information, customer service, technical support, and enforcement of contractual claims). This category also includes information about deficiencies, complaints, and contract amendments, as well as customer satisfaction data that we may collect, for instance, through surveys. Contractual data also comprises financial information, such as credit-related data (i.e. information that allows us to assess the likelihood of payment), as well as information about payment reminders and debt collection procedures. We receive such data partly from you(e.g. when you make payments), but also from credit rating agencies, debt collection firms, and public sources (e.g. commercial registers).
  • Behavioral and Preference Data: Depending on our relationship withyou, we aim to better understand your needs and tailor our services and offers accordingly. To do this, we collect and process data related to your behavior and preferences. We evaluate this based on information about how you interact with us and may complement it with data from third parties, including public sources. Based on this information, we may assess the likelihood of you using certain services or behaving in specific ways. Some of this data is already known to us (e.g. when and where you use our services), while other data is collected by tracking your behavior (e.g. how you navigate our website). We anonymize or delete this data once it is no longer relevant for the purposes pursued, typically between a few weeks and 24 months (for service-related preferences), depending on the data type. This period may be extended if needed for evidentiary purposes, legal or contractual compliance, or technical reasons. We explain how online tracking works on our website in Section 13.
    • Behavioral data includes information about specific actions, such as how you respond to electronic communications (e.g. if and when you opened an email), your location, interactions with our social media pages, and your participation in events. For example, we may collect location data when you use our website.
    • Preference data tells us more about your interests and needs, what services might appeal to you, and how and when you are most likely to respond to our communications. We derive this from analyzing existing data, such as behavioral data, to better understand you, personalize our advice and offers, and more generally improve our services. To enhance the quality of this analysis, we may combine your data with additional information from third parties, such as address resellers, government sources, or public websites.
    • Behavioral and preference data may be analyzed on a personally identifiable basis (e.g. for personalized advertising) or on a non-identifiable basis (e.g.for market research or service development). These data types may also be combined with other categories of data.
  • Application Data: We collect and process the data you provide to us directly or indirectly as part of your application, including responses to digital questionnaires you complete after viewing a campaign, audio recordings and transcriptions of voice interviews conducted through our virtual agent (AI), as well as associated evaluations based on objective and predefined criteria, and any additional information voluntarily provided (e.g.,professional experience, diplomas, work permit, availability). This data is used exclusively to assess your suitability for the proposed opportunities, to build a talent database, and to contact you for future campaigns, subject to your consent and in compliance with the GDPR and Swiss data protection law.
  • Other Data: We also collect data about you in other situations. For example, we may process information relating to you (such as records, evidence, etc.) in the context of administrative or legal proceedings. We may also collect data for health protection purposes (for example, within the framework of health and safety protocols). We may obtain or generate photos, videos, or audio recordings in which you may be identifiable(e.g. during events or through security cameras). We may also collect data about individuals who enter certain buildings, when they do so, or who have access rights (including through access controls, based on registration data or visitor lists, etc.), as well as information about people participating in events or campaigns, and those using our infrastructure and systems, and at what times. The retention period for this data depends on the purpose of processing and is limited to what is necessary. This can range from a few days for footage from most security cameras, to a few weeks for contact tracing or visitor tracking data (usually retained for 3 months), to several years or more for event reports containing images.

Most of the data described in this Section 3 is provided directly by you (via forms, when you communicate with us, in the context of entering into a contract, when using the website, etc.). You are not obliged to provide us with data, except in certain cases — for example, in connection with mandatory health protection protocols (legal obligations). If you wish to enter into a contract with us or make use of our services, you must provide certain data, such as basic data, contractual data, and registration data, as required to fulfill your contractual obligations under the relevant agreement. It is also not possible to avoid the processing of technical data when using our website.Likewise, if you wish to access certain systems or buildings, you must provide registration data. However, when it comes to behavioral and preference data, you generally have the option to object or withhold your consent.

We only provide certain services if you provide us with registration data, either because we or our contractual partners wish to know who is using our services or has accepted an invitation to an event, because it is a technical requirement, or because we wish to communicate with you. If you or the person you represent (for example, your employer) wish to enter into or execute a contract with us, we must collect basic data, contractual data, and communication data, and we process technical data if you wish to use our website or other digital services for this purpose. If you do not provide us with the data necessary for the conclusion and execution of the contract, you must expect that we may refuse to enter into the contract, that you may be in breach of contract, or that we may not execute the contract. Similarly, we can only respond to a request from you if we process communication data and – if you communicate with us online – potentially also technical data. Moreover, it is not possible to use our website without us receiving technical data.

Where permitted by law, we also collect data from public sources (such as debt collection registers, land registers, commercial registers, media outlets, social networks, or the internet) or receive data from other companies in our group, public authorities, and other third parties (such as credit agencies, address brokers, associations, contractual partners, web analytics providers, etc.).

The categories of personal data that we receive about you from third parties include, in particular, information from public registers; information received in the context of administrative or legal proceedings; details about your roles and professional activities (to allow us, for example, to enter into or perform transactions with your employer with your involvement); information concerning you found in correspondence or meetings with third parties; creditworthiness information (when we engage with you in a personal capacity); and data shared with us by individuals connected to you (such as family members, advisors, legal representatives, etc.), so that we can enter into or perform contracts with or relating to you (such as references, delivery address, powers of attorney, or information related to compliance with legal requirements like anti-fraud, anti-money laundering, and counter-terrorism regulations, or export restrictions). We may also receive information from banks, insurance companies, vendors, and other business partners regarding your use of our services or your service delivery (e.g.payment-related data); from media, social networks, and the internet about your use of our services or the services you provide; and information from the same sources concerning you directly, such as your address, potential interests, and other sociodemographic data (especially for marketing and research purposes),as well as data related to your use of third-party websites and online services, to the extent that such usage can be attributed to you.

4. For what purposes do we process your data?

We process your data for the purposes outlined below. You will find additional details in Sections 13 and 14 with regard to our online services. These purposes and related objectives serve our own interests and, where applicable, the interests of third parties. For more information on the legal basis for our processing activities, please refer to Section 5.

We process your data for the management and maintenance of our candidate database. This includes the centralization, updating, and use of your information within our talent pool to ensure the continuity and consistency of our recruitment processes and, where applicable, to offer you new opportunities matching your profile. You may object to this retention or request the deletion of your data at any time (see section 12).

We process your data for the purpose of communicating with you, in particular to respond to your inquiries and the exercise of your rights (see Section 12), and to contact you if we have any questions.For this purpose, we primarily use communication data, basic data, and registration data in relation to the services and offerings you use. We retain this data to document our communication with you, for training, quality assurance, and request tracking purposes.

The above includes all purposes for which we communicate with you, whether in the context of customer service, consulting services, authentication when using the website, or for training and quality assurance purposes (for example, within the scope of customer service). We also process communication data to enable us to contact you via email and telephone, as well as through messaging services, chats, social media, letters, and fax. Our communication with you is generally linked to other processing purposes — for example, to provide services or respond to an access request. Our processing also serves to document the communication and its content.

We process data in the context of pre-contractual measures and for the initiation, management, and execution of contractual relationships.

We enter into various contracts with professional and private clients, suppliers, subcontractors, and other parties such as project partners or parties involved in legal proceedings. In this context, we primarily process basic data, contractual data, and communication data, and, depending on the circumstances, registration data relating to the client or the individuals for whom the client receives a service.
During the establishment of a business relationship, personal data, especially basic, contractual, and communication data, is collected from prospective clients or other contractual partners (for example, through an order form or contract), or obtained during communications. When entering into a contract, we may process data to assess a person’s creditworthiness and to decide whether to initiate a client relationship. In some cases, this information is reviewed to comply with legal requirements.
In the context of performing contractual relationships, we process data for the management of the client relationship, the delivery and enforcement of contractual services(which may involve third parties such as logistics providers, security service providers, marketing service providers, banks, insurance companies, or credit information providers, who may in turn provide us with data), as well as for consulting services and customer support. The enforcement of legal claims arising from contracts (e.g. debt collection, litigation) is also part of the services, as are accounting, contract termination, and public communication.

We process data for marketing and relationship management purposes, for example to send our clients and other contractual partners personalized advertising for services we offer or that third parties offer (such as advertising partners). This may include newsletters and other regular contact (by electronic means, email, or phone),as well as through other channels for which we have your contact details. It may also include marketing campaigns (such as events) and the provision of free services (such as invitations). You may object to such contact at any time (seethe end of this Section 4), or refuse or withdraw your consent to being contacted for marketing purposes. With your consent, we may also target online advertising more specifically to you (see Section 13). In addition, we may allow our contractual partners to contact our clients and other partners for their own marketing purposes (see Section 8).

For example, if you consent, we may send you information, advertising, and service offers on our behalf or on behalf of third parties within or outside our group (such as advertising partners), in printed form, electronically, or by phone. To do this, we process communication data and registration data. Like most companies, we personalize communications to provide you with information and offers that are relevant to your needs and interests. To achieve this, we combine the data we process about you, collect preference data, and use it as a basis for personalization (see Section 3).
Relationship management also includes reaching out to existing clients and their contacts, potentially in a personalized way based on behavioral and preference data. Aspart of this, we may use a Customer Relationship Management (CRM) system in which we store client, supplier, and other business partner data required for relationship management. This may include contact information, relationship history (such as purchased or provided services, interactions), interests, marketing activities (newsletters, event invitations), and other relevant details.
All of these processing activities are important to us not only to promote our services as effectively as possible, but also to make our relationships with clients and other third parties more personal and positive, to focus on the most important relationships, and to use our resources as efficiently as possible.

We also process your data for market research, to improve our services and business operations, and for service development.

We aim to continuously improve our services (including our website) and respond quickly to evolving needs. To this end, we analyze, for example, how users navigate our website, which services are used by which groups of people and how, and how new services could be designed (see Section 12 for more details). This helps us understand the market acceptance of existing services and the potential of new ones. To achieve this, we process in particular basic data, behavioral data, and preference data, but also communication data and information from surveys, questionnaires, and customer feedback, as well as data from media, social networks, the internet, and other public sources.Wherever possible, we use pseudonymized or anonymized data for these purposes.We may also rely on media and social media monitoring services (or perform such monitoring ourselves) and process personal data to monitor these channels, understand current trends, and respond appropriately.

We may also process your data for security and access control purposes.

We continuously review and improve the security of our IT and physical infrastructures (such as buildings). Like any organization, we cannot completely rule out data security incidents, but we do our best to minimize such risks. For this reason, we process data for the purpose of monitoring, inspecting, analyzing, and testing our IT systems and infrastructure, troubleshooting system issues, documentation, and data backups. Access controls include both electronic access controls (such as user account login activity)and physical access controls (such as building entry). For security purposes(for example, to prevent or investigate incidents), we also retain access logs and visitor lists and use surveillance systems (e.g. security cameras). When using surveillance, we inform you at the relevant locations with appropriate signage.

We process personal data to comply with laws, regulations, and official guidelines or recommendations, as well as internal policies (“legal compliance”).

This includes, for example, the implementation of health and safety protocols or legally mandated anti-money laundering and counter-terrorism measures. In some cases, we may be required to carry out due diligence checks on clients (“Know Your Customer”) or report information to authorities. Legal disclosure and reporting obligations, for example related to supervision or taxation, may also require or involve the processing of data.This includes archiving obligations, as well as the prevention, detection, and investigation of criminal offenses and other violations. It also includes receiving and handling complaints and other reports, monitoring communications, conducting internal investigations, or sharing documents with an authority if we have sufficient reason to do so or are legally obliged to do so. We may also process your personal data as part of external investigations, for example bylaw enforcement agencies, regulatory authorities, or third parties acting on their behalf. For these purposes, we process in particular basic data, contractual data, and communication data, and, in some cases, behavioral data and other data. Legal obligations may arise from Swiss law, but also from foreign regulations that apply to us, as well as from self-regulation, industry standards, our own corporate governance, or from instructions and requests issued by authorities.

We also process data aspart of our risk management and corporate governance, including business planning and development.

For these purposes, we process in particular basic data, contractual data, registration data, and technical data, as well as behavioral data and communication data. For example, as part of our financial management, we must monitor our customer and supplier accounts and avoid becoming victims of fraud or abuse. This may involve analyzing data to detect relevant patterns. We may also conduct profiling and create or process profiles for these purposes and to protect ourselves and you against criminal or abusive activities (see also Section 6). For the planning of our resources and organization of our business activities, we may evaluate and process data related to the use of our services, or share such data with third parties (such as subcontractors), which may include your personal data. The same applies to services provided to us by third parties. In the context of business development, we may sell or acquire companies, parts of companies, or business units, or enter into partnerships. This may also involve the exchange and processing of data, including data relating to you, for example if you are a client, supplier, or representative of a supplier.

We process your data if you apply for a job with us.

We process your data to review and evaluate your application, to conduct the recruitment process, and, for successful candidates, to prepare and enter into an employment contract. In addition to your contact details and the information contained in your communication with us, we also process the data included in your application documents and shared during interviews, as well as data we may obtain from other sources about you, such as from social media, the internet, the press, or through references (provided you have given your consent to obtain such references).

We may process your data for other purposes, such as for internal processes, administration, quality assurance, or training.

These other purposes include, for example, training and educational objectives, administrative functions (such as managing master data, accounting and data archiving, as well as testing, managing, and continuously improving our IT infrastructure), and the protection of our rights (for example, to assert claims in or out of court and before Swiss or foreign authorities, or to defend ourselves against claims brought against us, by preserving evidence, conducting legal assessments, or participating in legal or administrative proceedings). We may use (video) call recordings for quality assurance and training purposes. These additional purposes also include the safeguarding of other legitimate interests that cannot be exhaustively listed.

5. What is the legal basis for processing your data?

When we request your consent for certain processing activities(for example, the processing of sensitive personal data, marketing activities, or managing advertising and behavior analysis on the website), we inform you separately of the specific processing purposes. You may withdraw your consent at any time, with effect for the future, by providing written notice (by post)or, unless otherwise specified or agreed, by sending us an email. Our contact details are provided in Section 1. To withdraw your consent to online tracking, please refer to Section 13. If you have a user account, you may also withdraw your consent or contact us directly through the corresponding service. As soon as we receive notice of your withdrawal, we will no longer process your data for the purpose(s) covered by that consent, unless we have another legal basis to do so. However, withdrawing consent does not affect the lawfulness of any processing based on your consent prior to its withdrawal.

When we do not request your consent, the processing of your personal data is based on the necessity of the processing for initiating or performing a contract with you (or the entity you represent), or on our legitimate interests or those of a third party, particularly in pursuing the purposesand objectives set out in Section 4 and in implementing related measures. Our legitimate interests also include compliance with legal regulations, to the extent that this is not already recognized as a separate legal basis under applicable data protection law. This also includes the promotion of our services, gaining better insight into our markets, and managing and developing our business and operations in a safe and efficient manner.

When we process sensitive personal data (for example, health-related data or data revealing political opinions, religious or philosophical beliefs),we may rely on other legal grounds, such as in the context of a dispute, for the purposes of potential litigation, or for the establishment, exercise, or defense of legal claims. In some cases, other legal bases may apply, and if so, we will inform you separately.

6. What rules apply to profiling and automated individual decisions?

We may automatically evaluate personal aspects about you ("profiling") based on your data (see Section 3) for the purposes described in Section 4. This includes determining preferences, detecting abuse and security risks, conducting statistical analysis, and planning business activities. To do this, we may also create profiles, which means we may combine behavioral and preference data with basic data, contractual data, and technical data in order to better understand you as a person — including your interests and other characteristics.

If you are a client, we may, for example, use profiling to determine which other services might interest you based on the services you already use. Automated analysis may also assess the likelihood that a transaction is fraudulent, in which case the transaction may be temporarily suspended to clarify the situation. Profiles are distinct from profiling. The term "profiles" refers to linking different datapoints in order to draw conclusions about key aspects of your personality (such as your preferences or how you behave in certain situations). Profiles may alsobe used for marketing or security purposes.

In both cases,we ensure that results are proportionate and reliable, and we implementsafeguards to prevent misuse of profiling or profiles. If such profiling orprofiling-based decisions could have legal effects on you or otherwisesignificantly affect you, we ensure that the decision is reviewed by a humanbeing.

In certain situations, for the sake of efficiency and consistency, it may be necessary to automate individual decisions that have legal consequences or other significant effects on you. In such cases, we will inform you accordingly and comply with applicable legal requirements.

Automated individual decisions refer to discretionary decisions, such as whether to enter into a contract. Simple rule-based actions (like gaining access to your user account after a successful password check) are not considered automated decisions in this sense. We will inform you in every case where an automated decision has legal or otherwise significant negative effects on you. If you disagree with the outcome of such a decision, you will have the opportunity to request human review of the decision.

7. What tools are used in our candidate recruitment processes and how do they work?

We use two distinct technologies in our candidate pre-screening process:

  • Eligibility Tool (funnel): This is a structured questionnaire designed to quickly assess the initial match between the candidate’s profile and the open position. This tool follows a deterministic, condition-based logic(a branching question tree) and does not involve behavioral analysis or automated evaluation.
  • AI-Assisted Interview Tool: After completing the questionnaire, eligible candidates may be invited to participate in an audio interview conducted by a conversational agent. The interview is automatically transcribed, and an evaluation is generated based on professional criteria pre definedby HooRa. These results may be used to automatically rank or filter applications.

Collected Data and Use

The data processed includes

  • The answers provided in the eligibility questionnaire
  • The audio recording (where applicable) and transcript of the interview
  • The evaluation generated based on the predefined HR criteria
  • Identification and contact details voluntarily submitted

The datais securely stored on servers located in Switzerland and the European Union, with protection measures in line with the GDPR and the Swiss Federal Act on Data Protection(FADP). If, in exceptional cases, data were to be transferred to a third country that does not provide an adequate level of protection, HooRa would ensure its security by implementing standard contractual clauses approved by the European Commission (see section 9). This data is never used for purposes other than recruitment without your explicit consent. HooRa does not collect or analyze sensitive personal data (e.g. health status, ethnicity, beliefs, sexual orientation), nor any emotional or behavioral elements.

Your Rights

Because we use artificial intelligence technologies to support our recruitment processes, you have the right at anytime to request a clear explanation of the criteria applied to your evaluation, under Article 22(3) of the GDPR. This is intended to ensure you receive transparent information about how the tools operate and to confirm that no discrimination occurred during the review of your application.

For full details about your rights in connection with the processing of your personal data, please refer to Section12 of this Privacy Policy.

Guarantees ofProportionality, Fairness, and Non-Discrimination

HooRa is committed to respecting the core principles of data protection and personality rights in its use of recruitment technologies:

  • Limit data collection to what is strictly necessary to assess your application
  • Use the data only for recruitment purposes
  • Refrain from using private or sensitive data
  • Ensure there is no discriminatory bias (e.g. based on age, gender, origin, disability) in the selection criteria

8. Who do we share your data with?

In the context of our contracts, website, services, legal obligations, protection of our legitimate interests, and for the other purposes outlined in Section 4, we may share your personal data with third parties, including the following categories of recipients:

  • Group companies: These companies may use the data in accordance with this Privacy Notice and for the same purposes as we do (see Section 4). We may also share potentially sensitive data with other entities in our group.
    • Group companies may have access to your basic data, contractual data, registration data, as well as behavioral and preference data, in order to offer their own services to you or to advertise them. If you wish to object to the sharing and use of your data for marketing purposes, you may do so through us (see Section1), even if the processing is carried out by another group company and the data has already been transferred. We may also share your data with other group companies for service delivery purposes, for example when services are provided by another company in the group and our role is solely to coordinate the execution.
  • Service Providers: We work with service providers in Switzerland and abroad who process your data either on our behalf, as joint controllers, or as independent controllers who receive data from us (for example: IT providers, transport companies, advertising service providers, agencies, social networks, connectivity providers, cleaning companies, security firms, banks, insurance companies, debt collection agencies, credit information bureaus, or address verification services). In some exceptional cases, this may include sensitive personal data. For service providers related to the website, see Section 13.
    • To deliver our services efficiently and focus on our core competencies, we rely on third parties across a variety of domains. These include IT services, data transmission, digital marketing, sales, communications and printing, facilities management, security and cleaning, event planning and hosting, debt collection, credit agencies, address verification, fraud prevention, and services from law firms, consulting firms, banks, insurers, and telecommunications companies. In each case, we share with these providers the data they need to perform their services, which may include your personal data. These providers may also use the data for their own purposes, for example, credit agencies may use overdue debt information and your payment history, or anonymized data to improve their services. We enter into contracts with these providers containing appropriate data protection clauses, where such protections are not already required bylaw. In some cases, our service providers may also process data about how their services are used and other data generated during service usage, as independent controllers pursuing their own legitimate interests (such as for statistical analysis or billing). These providers inform users about their own independent data processing activities in their respective privacy notices.
  • Contractual partners, including clients: These include clients (such as service beneficiaries) and other contractual partners, insofar as data sharing arisesfrom the contract. For example, they may receive registration data related to invitations or event access. If you work for one of these contractual partners ,we may also share personal data about you with them. This may include sensitive data. This group of recipients also includes partners we collaborate with or who advertise on our behalf, and with whom we may share data for analysis and marketing purposes. These may include service recipients as well as online advertising providers. We require such partners to send or display ads based on your data only with your consent (for online advertising, see Section 13). We may also present profiles from our database to former or new clients in order to introduce suitable candidates for their open positions. In all cases, when HooRa shares data with its clients (potential employers), such sharing is carried out under HooRa’s responsibility as the data controller, and we ensure that your rights are fully respected
    • If you act as an employee of a company with which we have a contract, the performance of that contract may require us to inform your employer about how you use our services. We may share with our commercial partners and advertising partners basic data, contractual data, behavioral data, and selected preference data, so that they can, on the one hand, conduct non-personal analysis in their own domains (such as the number of our users who viewed their ads), and on the other hand, use the data for advertising purposes, including targeted advertising. Advertising partners may, for instance, need to be able to contact certain clients or send them advertisements.
  • Authorities: We may share personal data with agencies, courts, and other authorities in Switzerland and abroad if we are legally obligated or entitled to do so, or if doing so appears necessary to protect our interests. This may occasionally include sensitive data. These authorities act as independent data controllers.
    • This may apply, for example, in cases of criminal investigations, police measures(such as health protection strategies or anti-violence measures), regulatory requirements and investigations, judicial proceedings, reporting obligations, and both formal and informal legal procedures. We may also disclose data when we request information from public bodies, for instance, to support an information request or to identify individuals about whom we need information(such as from a public register).
  • Other parties: These are other cases in which we interact with third parties as part of the purposes described in Section 4, such as service beneficiaries, media outlets, social networks, or associations we are affiliated with, or when your data appears in our publications.
    • Other recipients may include, for example, delivery recipients or third-party debtors you have designated, other third parties involved in a mandate relationship(such as if we share your data with your lawyer or bank), or individuals involved in administrative or legal proceedings. If we collaborate with media organizations, including social media platforms, and share content with them(such as photos), this may also involve your personal data. The same applies if we publish content (such as photos, interviews, or quotes) on our website o rother communication channels. In the context of business development, we may sell or acquire companies, parts of companies, or business units, or enter into partnerships. These activities may involve the transfer of data (including your data, for example, as a client, supplier, or supplier representative) to the relevant parties involved in the transactions. We may also exchange data concerning you in the context of communication with competitors, industry associations, sector organizations, or other entities we work with.

All of the above categories of recipients may involve third parties, meaning your data may also be disclosed to them. We may restrict how some third parties process your data (for example, IT service providers), but not others (such as authorities, banks, etc.).

We reserve the right to share such data, including confidential data, unless we have explicitly agreed with you not to disclose certain data to specific third parties (except where required by law). Notwithstanding the above, your data will continue to be subject to adequate data protection in Switzerland and the rest of Europe, even after being shared. For transfers to other countries, the provisions in Section 9 apply. If you do not wish certain data to be disclosed, please inform us (see Section 1) so we can assess whether and to what extent we can accommodate your request.

In many cases, the disclosure of confidential data is necessary to fulfill contracts or provide other services. Similarly, confidentiality agreements generally do not prevent such disclosures or the communication of data to service providers.However, depending on the sensitivity of the data and other circumstances, we ensure that these third parties handle your data appropriately. We cannot accommodate your objection to the disclosure of data where such disclosure is necessary for our operations.

In addition, we allow certain third parties to collect personal data on our website or during events we organize (for example, press photographers, providers of tools on our website, etc.). Where we have no control over such data collection, these third parties act as independent data controllers. If you have questions or wish to exercise your data protection rights, we encourage you to contact these third parties directly. For website-related tools, see Section 13.

9. Are your personal data transferred abroad?

As explained in Section 8, we share data with other parties.Not all of them are located in Switzerland. Your data may therefore be processed in Switzerland, Europe, the United States, and, in exceptional cases, in any country worldwide.

If a recipient is located in a country without adequate legal data protection, we require them to commit to complying with the applicable data protection legislation. To this end, we use the revised StandardContractual Clauses of the European Commission, available here, supplemented where necessary by adaptations for Switzerland. This requirement does not apply where the recipient is already subject to a legally accepted framework that ensures data protection or where we can rely on a legal exception. Such exceptions may include situations where data is disclosed for the purposes of foreign legal proceedings, in the public interest, for the performance of a contract, or where you have consented to the transfer or made the data generally accessible and have not objected to its processing.

We may also invoke an exception when transferring data from a register that is legally accessible(e.g., the commercial register).

Many countries outside Switzerland or the EEA currently lack legislation ensuring an adequate level of data protection under the Swiss FADP or the GDPR. The aforementioned contractual safeguards partly compensate for this lack of legal protection. However, they cannot eliminate all risks — particularly the risk of access by foreign authorities. You should be aware of these residual risks, even if they are low in the given context. To minimize them, we implement additional measures (such as pseudonymization or anonymization).

Please also note that data exchanged via the internet often transit through third countries. Your data may therefore be transferred abroad even if both sender and recipient are locate din the same country.

10. How long do we process your data?

We process your data for as long as required by our processing purposes, legal retention periods, and our legitimate interests in documentation and evidence preservation, or where technical retention requirements apply. You can find more detailed information on the applicable retention and processing periods for the various categories of data in Section 3, and for cookies in Section 13. Unless otherwise required by legal or contractual obligations, we delete or anonymize your data once the retention period has expired or processing is no longer necessary, in line with our standard procedures, unless the data is retained for archiving purposes.

We retain your data in our centralized database(dashboard) for the duration of the ongoing recruitment process. After that, your data may be kept in our central talent pool for a maximum period of 12 months from your last interaction with HooRa, unless you withdraw your consent or request its deletion before that time. At the end of this period, your data will be automatically deleted or anonymized, without the need for a renewed consent request.

Our documentation and evidence-related objectives include our interest in recording processes, interactions, and other facts in anticipation of legal claims, inconsistencies, cybersecurity and infrastructure requirements, and to demonstrate good corporate governance and legal compliance. Data retention may also be technically required where certain data cannot be separated from others and must therefore be retained jointly — for instance, in backup systems or document management systems.

11. How do we protect your data?

We implement appropriate security measures to ensure the necessary protection of your personal data and to guarantee its confidentiality, integrity, and availability. These measures aim to prevent unauthorized or unlawful processing, and to minimize the risk of loss, accidental alteration, disclosure, or unauthorized access.

Our technical and organizational security measures may include data encryption and pseudonymization, logging, access restrictions, backup retention, staff instructions, confidentiality agreements, and monitoring. We protect data sent through our website during transmission by using appropriate encryption.However, we can only secure the areas under our control. We also require our processors and service providers to apply appropriate security measures.Despite all these efforts, data security risks can never be completely eliminated; residual risks always remain.

12. What are your rights?

Applicable data protection laws give you the right to object to the processing of your data in certain situations, particularly for direct marketing purposes, profiling related to such marketing, and other legitimate interest-based processing.

To help you control the processing of your personal data, you have the following rights under applicable data protection law regarding how we process your data:

  • The right to request information on whether and what data we process about you;
  • The right to request correction of inaccurate data; the right to request deletion of your data;
  • The right to request that we provide you with certain personal data in a commonly used electronic format or transfer it to another controller;
  • The right to withdraw your consent if the processing is based on it;
  • The right to receive additional information to facilitate the exercise of your rights;
  • The right to express your point of view in the case of automated individual decisions (see sections 6 and 7) and to request that such decisions be reviewed by a human.
  • The right to object to the reuse of your data for other recruitment campaigns

If you wish to exercise these rights with us (or with any of our group companies), you can contact us in writing at our address or, unless otherwise specified or agreed, by email. You can find our contact details in section 1. To prevent abuse, we must be able to identify you (e.g. by providing a copy of your ID if identification is not otherwise possible).

You also have these rights with regard to other entities that act as independent data controllers in cooperation with us – you can contact them directly to exercise your rights regarding their processing of your data.

Please note that conditions, exceptions, and restrictions may apply when exercising these rights under applicable data protection laws (e.g. to protect third parties or trade secrets). Where applicable, we will inform you accordingly.

In certain cases, we may need to continue processing your personal data to perform a contract with you, to protect our own legitimate interests – such as asserting or defending legal claims or complying with legal obligations. To the extent permitted by law, especially to protect the rights and freedoms of other individuals and to safeguard legitimate interests, we may also fully or partially reject a data subject’s request (e.g.by redacting information related to third parties or business secrets).

If you disagree with how we respond to your rights or with our data protection practices, you can contact us (section 1). If you are located in the EEA,t he UK, or Switzerland, you also have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en. The UK authority can be contacted at: https://ico.org.uk/global/contact-us/. The Swiss authority can be contacted at: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.

13. Do we use online tracking and advertising technologies?

We use various technologies on our website that allow us – and third parties we engage – to recognize you when you use our website and potentially track you across multiple visits. This section provides information on that.

Essentially, our aim is to distinguish your access (via your system) from that of other users, so we can ensure website functionality, perform analysis, and enable personalization. We do not intend to identify you personally, although it may be possible for us or the third parties we use to do so by linking this data with registration details. Even without registration data, the technologies we use are designed to recognize you as an individual visitor each time you access the website – for example, our server (or the servers of third parties) assigns a specific identification number to you or your browser (called a “cookie”).

Cookies are individual codes (such as a serial number) that our server or a third-party server (e.g. one of our service providers or advertising partners) sends to your system when you connect to our website. Your system (browser, mobile device) accepts and stores these codes until the specified expiration time.Upon each visit, your system transmits the code back to the server, making it possible to recognize you even if your identity is unknown.
Other technologies may also be used to recognize you with a certain probability (i.e., to distinguish you from other users), such as "digital fingerprinting." These digital fingerprints correlate data such as your IP address, the browser you use, screen resolution, language settings, and other information your system shares with each server, creating a more or less unique fingerprint. This makes it possible to track without cookies.
Each time you access a server (for instance, by using a website or an app, or when an email contains a visible or invisible image), your visit can be “tracked.” If we integrate advertising partner offers or analytics tools on our website, they may also track you in this way, even if you are not identifiable in a particular case.

We use these technologies on our website and may allow certain third parties to do so as well. Depending on the purpose of these technologies, we may request your consent before using them. You can access your current settings at www.hoora.ch. You can also configure your browser to block or mislead certain types of cookies or alternative technologies, or to delete existing cookies. You may also add software to your browser to block specific third-party tracking tools. For more information, consult your browser’s help pages (usually under the keyword "privacy") or the websites of the third parties mentioned below.

We distinguish the following categories of "cookies" (including technologies that function similarly, such as digital fingerprinting):

  • Necessary cookies: Some cookies are required for the website to function or for specific features. For instance, they ensure that you can move from page to page without losing the information you’ve entered in a form. They also ensure that you remain logged in. These cookies only exist temporarily (“session cookies”). If you block them, the website may not function correctly.
    Other cookies are required by the server to store your options or information (that you have entered) beyond a single session (i.e., a visit to the website) if you use such features (for example, language settings, consent preferences, auto-login functionality, etc.). These cookies have an expiration period of up to 24 months.
  • Performance cookies: In order to optimize our website and related offerings and better tailor them to users’ needs, we use cookies to record and analyze the usage of our website, potentially across multiple sessions. For this purpose, we use third-party analytics services, which are listed below. We request your consent before using these cookies. You may withdraw your consent at any time via the cookie settings here [link]. These performance cookies have an expiration period of up to 24 months.For details, please refer to the third-party providers’ websites.
  • Marketing cookies: We and our advertising partners have an interest in displaying advertising as precisely as possible – that is, only to individuals we want to reach. We have listed our advertising partners below. To this end, if you consent, we and our partners use cookies that may record content you have viewed or contracts you have concluded. This allows us and our advertising partners to display ads that we believe may interest you, both on our website and on other websites that show ads on our behalf or on behalf of our partners. These cookies have an expiration period ranging from a few days to 12 months, depending on the context. If you consent to the use of these cookies, you will see relevant ads; if you do not consent, you will still see ads, but they will be unrelated to your interests.

In addition to marketing cookies, we use other technologies to generate statistics, monitor online advertising on other websites, and thereby reduce advertising waste. For example, we may transmit the email addresses of our users, customers, and other individuals to whom we want to display ads to advertising platform operators(such as social media networks). If those individuals are registered with the platforms using the same email address (determined through a matching process),the providers will show our ads specifically to those individuals. These providers do not receive personal email addresses of individuals they don’t already know. However, if they do recognize the email addresses, they will learn that these individuals have interacted with us and which content they have viewed.

We may also integrate third-party features on our website, particularly from social media providers. These features are disabled by default. As soon as you activate them(for example, by clicking a button), these providers may recognize that you are using our website. If you have an account with the social media provider, they may associate this activity with your account and track your usage of online content. These social media providers process the data as independent data controllers.

Currently, we use the services of the following providers and advertising partners on our website and other digital services. Their contact details and further information on their individual data processing practices can be found in their respective privacy policies:

These third-party providers may act as our processors (for example,Google Analytics) or as independent data controllers. You can find more detailed information on this in the privacy policies of the respective service providers.

Since some of these third-party providers may be located outside Switzerland, information on cross-border data transfers is available in section 9.

14. What data do we process on our social media pages?

We may operate pages and other online presences(“fan pages”, “channels”, “profiles”, etc.) on social networks and other platforms operated by third parties, and collect data as described in section 3 and below. We receive this data from you and from the platforms when you interact with us through our online presence (for example, when you communicate with us, comment on our content, or visit our online presence). These platforms also analyse your use of our online presence and combine this data with other information they already have about you (e.g., behavioural and preference data). They also process this data for their own purposes, notably for marketing and market research (e.g., to personalise advertising) and for managing their platforms(e.g., deciding what content to show you), and for these purposes, they act as independent data controllers.

We receive information about you when you communicate with us via online platforms, view our content on these platforms, visit or engage with our online presence (e.g., by posting content or submitting comments). These platforms collect technical data, registration data, communication data, behavioural data, and preference data from or about you(see section 3 for definitions of these terms). They typically perform statistical analyses of how you interact with us, how you use our online presence and content, or other parts of the platform (what you view, comment on, like, follow, etc.), and correlate this with other information they hold about you (e.g., demographic data like your age and gender). They use these data and profiles to show you our or others’ ads and other personalised content on the platform, to manage platform content, and for market research and usage statistics. They may also provide us and other parties with insights about you and your use of our online presence. In some cases, we may have limited control over the analytics these platforms generate regarding our presence.

We process this data for the purposes set out in section 4, particularly for communication, marketing purposes (including advertising on these platforms – see section 13), and for market research, or if you apply for a job with us. You will find the applicable legal basis in section 5. We may share content published by you (e.g., comments on a post), for example in the context of advertising on the platform or elsewhere. We or the platform operators may also delete or restrict content from or about you, in accordance with their terms of use(e.g., inappropriate comments).

For more information on how platform operators process data, please refer to the relevant privacy policies. These policies also provide information on the countries in which your data is processed, your rights to access and delete your data, and other data subject rights, as well as how you can exercise these rights or obtain further information. We currently use the following platforms:

We have the right, but not the obligation, to review content before or after it is published on our online presences, to delete it without notice, and, if necessary, to report it to the respective platform provider.

15. Can we update this Privacy Policy?

This privacy policy is not part of any contract with you. We may amend this privacy policy at any time. The version published on this website is the current version.

Last update: 29.09.2025

© 2025 Website: Botte Secrète