1. Introduction

1.1 Frederic Fernandez & Associates AG ("FF&A", "Company", "we", "us", or "our") is committed to being transparent about its use of cookies and similar tracking technologies on the FF&A Academy platform, accessible at academy.fredericfernandezassociates.com (the "Platform").

1.2 This Cookie Policy explains what cookies are, which cookies the Company uses on the Platform, why the Company uses them, and how Users can manage their cookie preferences.

1.3 This Cookie Policy applies exclusively to the Platform at academy.fredericfernandezassociates.com and does not apply to any other website, platform, or service operated by or associated with the Company.

1.4 This Cookie Policy should be read alongside the Company's Privacy Policy and Terms and Conditions, both of which are available on the Platform. For further information about how the Company processes personal data more generally, including the legal bases for processing and Users' data subject rights, Users are referred to the Privacy Policy.

1.5 The Company processes personal data collected through cookies in accordance with:

(a) the Swiss Federal Act on Data Protection (nDSG/FADP), as revised and in force since 1 September 2023;

(b) the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), where applicable to Users located in the European Economic Area; and

(c) the UK GDPR and the Data Protection Act 2018, where applicable to Users located in the United Kingdom.

1.6 The identity and contact details of the data controller responsible for cookies placed on the Platform are as follows:

Frederic Fernandez & Associates AG Industriestrasse 24 6300 Zug Switzerland Email: Contact@fredericfernandezassociates.com

1.7 This Cookie Policy is drafted in English. In the event that any translated version is made available in the future, the English version shall prevail in the event of any inconsistency.

1.8 The Company reserves the right to update this Cookie Policy at any time in accordance with Section 9. Users are encouraged to review this Policy periodically.

Section 2 — What Are Cookies

2. What Are Cookies

2.1 Cookies are small text files that are placed on a User's device — including computers, smartphones, and tablets — when the User visits a website or platform. Cookies are widely used by website operators to make their platforms function efficiently, to remember User preferences, and to collect information about how Users interact with their services.

2.2 Cookies are stored on the User's device by their web browser and are sent back to the originating platform each time the User returns to it. This allows the platform to recognise the User's device and remember certain information about their previous interactions.

2.3 In addition to cookies, the Company and its third-party service providers may use similar tracking technologies on the Platform, including:

(a) pixel tags — small transparent image files embedded in web pages or emails that allow the operator to track whether a page has been viewed or an email has been opened;

(b) web beacons — similar to pixel tags, these are used to monitor User behavior and the effectiveness of marketing communications; and

(c) local storage objects — files stored directly in the User's browser that function similarly to cookies but are not automatically deleted when the browser is closed.

All such technologies are collectively referred to in this Cookie Policy as "cookies."

2.4 Cookies can be classified in several ways, including by their origin and their duration:

2.4.1 By Origin:

(a) First-party cookies are set directly by the Company via the Platform and are used primarily to ensure the Platform functions correctly and to collect analytics data about User interactions.

(b) Third-party cookies are set by third-party providers whose services are integrated into the Platform, such as Google Analytics, Hotjar, and LinkedIn. These providers may use the data collected through their cookies for their own purposes, in accordance with their respective privacy policies.

2.4.2 By Duration:

(a) Session cookies are temporary cookies that are stored on the User's device only for the duration of their browsing session and are automatically deleted when the User closes their browser.

(b) Persistent cookies remain on the User's device for a defined period of time after the browser is closed, or until the User manually deletes them. The duration of each persistent cookie used on the Platform is described in Section 6 of this Policy.

2.5 Not all cookies require the User's consent. Cookies that are strictly necessary for the operation of the Platform may be placed without consent, as they are technically essential to provide the service the User has requested. All other cookies require the User's prior, freely given, specific, and informed consent, as described in Section 7 of this Policy.

2.6 Cookies do not typically contain information that directly identifies a User. However, when combined with other information held by the Company or its third-party providers, cookie data may constitute personal data for the purposes of applicable data protection law and is treated accordingly.

Section 3 — How We Use Cookies

3. How We Use Cookies

3.1 The Company uses cookies on the Platform for the following purposes, which are described in further detail in Sections 4 and 5 of this Policy:

3.2 Ensuring Platform Functionality

The Company uses strictly necessary cookies to ensure the Platform operates correctly and to provide Users with access to the services they have requested. Without these cookies, core features of the Platform — including login authentication, session management, and course access — would not function. These cookies are placed on the User's device without consent, as they are technically essential to the provision of the service.

3.3 Analysing Platform Usage

The Company uses analytics cookies to collect information about how Users interact with the Platform, including which pages are visited, how long Users spend on the Platform, which features are used most frequently, and any errors encountered during use. This information is used solely to improve the Platform's performance, structure, and user experience. Analytics cookies are placed only where the User has provided consent.

3.4 Understanding User Behavior

The Company uses behavioral analytics cookies, provided by Hotjar, to record and analyse User interactions with the Platform, including mouse movements, clicks, scrolling behavior, and navigation patterns. This information helps the Company identify areas of the Platform that may benefit from improvement and to optimise the overall user experience. Behavioral analytics cookies are placed only where the User has provided consent.

3.5 Marketing and Retargeting

The Company uses marketing cookies, including the LinkedIn Insight Tag, to measure the effectiveness of its advertising campaigns and to enable retargeting of Users who have previously visited the Platform. Retargeting allows the Company to display relevant advertising to Users on third-party platforms, including LinkedIn, based on their prior interactions with the Platform. Marketing cookies are placed only where the User has provided consent.

3.6 Cookie Consent Management

The Company uses cookies in connection with the operation of its cookie consent mechanism, built via Framer, to record and store the User's cookie preferences. These cookies ensure that the User's consent choices are respected across sessions and that non-essential cookies are not placed without prior consent. Consent management cookies are strictly necessary for the operation of the consent mechanism and are placed without requiring separate consent.

3.7 Platform Infrastructure and Security

The Company uses technical cookies and similar technologies in connection with the infrastructure services provided by Cloudflare, including content delivery, DDoS protection, and platform security. These cookies are strictly necessary for the secure and efficient delivery of the Platform and are placed without consent.

3.8 The Company does not use cookies for the following purposes:

(a) automated decision-making or profiling that produces legal or similarly significant effects on Users;

(b) building advertising profiles for sale to third parties; or

(c) tracking Users across third-party websites for purposes unrelated to the Company's own marketing activities.

3.9 Where cookies result in the processing of personal data, such processing is carried out in accordance with the Company's Privacy Policy and the legal bases described therein.

Section 4 — Categories of Cookies We Use

4. Categories of Cookies We Use

4.1 The cookies used on the Platform are organised into the following categories based on their purpose. The specific cookies within each category, together with their provider, purpose, type, and duration, are set out in the tables below.

4.2 Category 1 — Strictly Necessary Cookies

These cookies are essential for the Platform to function and cannot be disabled without affecting the User's ability to access and use the Platform. They are placed on the User's device without consent as they are technically required to provide the service. These cookies do not collect personal data for marketing or analytics purposes.

Cookie Name

Provider

Purpose

Type

Duration

Session cookie

Buildable / GoHighLevel

Maintains the User's login session and authenticates access to course content

Session

Until browser is closed

Authentication token

Buildable / GoHighLevel

Stores the User's authentication status to prevent repeated login prompts

Persistent

30 days

CSRF token

Buildable / GoHighLevel

Protects against cross-site request forgery attacks

Session

Until browser is closed

__cf_bm

Cloudflare

Bot management and security — distinguishes between human Users and automated traffic

Persistent

30 minutes

cf_clearance

Cloudflare

Records successful completion of a Cloudflare security challenge

Persistent

1 year

Consent preference cookie

Framer

Stores the User's cookie consent preferences to ensure they are respected across sessions

Persistent

12 months

[INTERNAL NOTE: The cookie names listed for Buildable/GoHighLevel are based on standard GoHighLevel platform cookies. These should be verified against the actual cookies set by the Platform prior to publication by conducting a full cookie audit using a tool such as Cookie Scanner, Cookiebot Scanner, or browser developer tools.]

4.3 Category 2 — Analytics Cookies

These cookies collect information about how Users interact with the Platform and are used solely for the purpose of improving Platform performance and user experience. They do not directly identify individual Users. These cookies are placed only where the User has provided consent.

Cookie Name

Provider

Purpose

Type

Duration

_ga

Google Analytics

Distinguishes unique Users by assigning a randomly generated number as a client identifier

Persistent

2 years

ga<container-id>

Google Analytics

Used to persist session state across page requests

Persistent

2 years

_gid

Google Analytics

Distinguishes Users — stores and updates a unique value for each page visited

Persistent

24 hours

_gat

Google Analytics

Used to throttle request rate to Google Analytics servers

Persistent

1 minute

hjSessionUser<site_id>

Hotjar

Ensures data from subsequent visits to the same site is attributed to the same User ID

Persistent

1 year

hjSession<site_id>

Hotjar

Holds current session data and ensures subsequent requests within the session window are attributed to the same session

Persistent

30 minutes

_hjFirstSeen

Hotjar

Identifies whether the current visit is the User's first session on the Platform

Session

Until browser is closed

_hjAbsoluteSessionInProgress

Hotjar

Detects the first pageview session of a User

Persistent

30 minutes

hjIncludedInSessionSample<site_id>

Hotjar

Determines whether the User is included in the data sampling defined by the daily session limit

Persistent

2 minutes

4.4 Category 3 — Marketing and Tracking Cookies

These cookies are used to measure the effectiveness of the Company's advertising campaigns and to enable retargeting of Users on third-party platforms, including LinkedIn. These cookies are placed only where the User has provided consent.

Cookie Name

Provider

Purpose

Type

Duration

li_fat_id

LinkedIn

Member indirect identifier for conversion tracking, retargeting, and analytics

Persistent

30 days

bcookie

LinkedIn

Browser identifier cookie used for LinkedIn advertising features

Persistent

1 year

lidc

LinkedIn

Facilitates data centre selection for LinkedIn services

Persistent

24 hours

UserMatchHistory

LinkedIn

LinkedIn Insight Tag — used for retargeting and to sync the LinkedIn member ID for ad targeting

Persistent

30 days

AnalyticsSyncHistory

LinkedIn

Used to store information about the time a sync with the LinkedIn lms_analytics cookie took place

Persistent

30 days

li_sugr

LinkedIn

Used to make a probabilistic match of a User's identity outside the LinkedIn platform

Persistent

90 days

[INTERNAL NOTE: Confirm that the LinkedIn Insight Tag is active on the Platform prior to publication. If the tag has not yet been activated, the cookies listed in Category 3 should be removed from this table and re-added at the time of activation, with a corresponding update to this Policy in accordance with Section 9.]

4.5 Category 4 — Framer Platform Cookies

In connection with the hosting and delivery of the Platform and the operation of the cookie consent banner, Framer may set certain technical cookies. These cookies are strictly necessary for the rendering and delivery of the Platform interface.

Cookie Name

Provider

Purpose

Type

Duration

Framer session cookie

Framer

Supports platform rendering and session continuity

Session

Until browser is closed

Framer consent cookie

Framer

Records and stores the User's cookie consent choices

Persistent

12 months

[INTERNAL NOTE: Framer's cookie implementation should be verified by conducting a technical cookie audit of the Platform prior to publication. Framer's documentation and cookie disclosure should be reviewed to confirm the exact names, purposes, and durations of cookies set in connection with both the platform hosting and the consent banner functionality.]

4.6 The Company commits to maintaining this cookie table as accurate and up to date. In the event that new cookies are introduced or existing cookies are modified or removed, this Policy will be updated in accordance with Section 9.

4.7 Users who wish to understand more about the cookies set on their device when visiting the Platform may use browser developer tools or a third-party cookie scanning tool to inspect active cookies at any time.

Section 5 — Third-Party Cookies and Trackers

5. Third-Party Cookies and Trackers

5.1 In addition to cookies set directly by the Company, certain third-party service providers whose technologies are integrated into the Platform may place cookies on the User's device. These are referred to as third-party cookies. The Company has no direct control over the cookies set by third-party providers beyond the consent mechanisms implemented on the Platform.

5.2 Each third-party provider acts as an independent data controller in respect of the data collected through their cookies, and processes such data in accordance with their own privacy and cookie policies. The Company is not responsible for the content or accuracy of third-party privacy policies or for the data practices of third-party providers.

5.3 The third-party providers whose cookies and trackers are currently active or may be active on the Platform are as follows:

5.3.1 Google Analytics — Google Ireland Limited

Google Analytics uses cookies to collect anonymized and aggregated data about how Users interact with the Platform. This data is used by the Company solely for the purpose of improving Platform performance and user experience. Google Ireland Limited acts as a data processor on behalf of the Company in respect of analytics data, and as an independent data controller in respect of data processed for Google's own purposes.

Data collected through Google Analytics cookies may be transferred to Google LLC in the United States. Such transfers are carried out pursuant to Standard Contractual Clauses and Google's participation in the EU–U.S. Data Privacy Framework.

Users may opt out of Google Analytics tracking at any time using the Google Analytics Opt-out Browser Add-on, available at: tools.google.com/dlpage/gaoptout

Google's privacy policy is available at: policies.google.com/privacy

5.3.2 Hotjar — Hotjar Ltd

Hotjar uses cookies and session recording technologies to collect behavioral data about how Users interact with the Platform, including mouse movements, clicks, scroll depth, and navigation patterns. Hotjar processes this data on behalf of the Company subject to a data processing agreement. Hotjar Ltd is headquartered in Malta and operates within the EU.

Session recordings collected by Hotjar are anonymized where technically possible and are not used to identify individual Users. Hotjar may transfer data to sub-processors located outside the EEA, subject to Standard Contractual Clauses or equivalent safeguards.

Users may opt out of Hotjar data collection at any time at: optout.hotjar.com

Hotjar's privacy policy is available at: hotjar.com/legal/privacy-policy

5.3.3 LinkedIn — LinkedIn Ireland Unlimited Company

The LinkedIn Insight Tag is integrated into the Platform to enable the Company to measure the effectiveness of its LinkedIn advertising campaigns and to conduct retargeting activities. The LinkedIn Insight Tag may collect data including IP address, device and browser characteristics, page URL, and referrer URL, as well as LinkedIn member data where the User is logged into LinkedIn at the time of visiting the Platform.

LinkedIn Ireland Unlimited Company acts as an independent data controller in respect of data collected through the LinkedIn Insight Tag for LinkedIn's own purposes, including the delivery of targeted advertising on the LinkedIn platform. Where data is transferred to LinkedIn Corporation in the United States, such transfers are carried out pursuant to Standard Contractual Clauses and LinkedIn's participation in the EU–U.S. Data Privacy Framework where applicable.

Users may opt out of LinkedIn retargeting at any time by:

(a) adjusting their LinkedIn account settings under "Data privacy preferences" at linkedin.com/psettings/guest-controls; or

(b) withdrawing consent via the cookie settings available on the Platform.

LinkedIn's privacy policy is available at: linkedin.com/legal/privacy-policy

[INTERNAL NOTE: Confirm that the LinkedIn Insight Tag is currently active on the Platform prior to publication. If not yet active, this clause should be retained but marked as forthcoming, or removed and reintroduced at the time of activation with a corresponding Policy update under Section 9.]

5.3.4 Cloudflare — Cloudflare, Inc.

Cloudflare provides content delivery network (CDN) services, DDoS protection, and infrastructure security for the Platform. Cloudflare may set strictly necessary cookies on the User's device in connection with these services, including bot management and security challenge cookies. These cookies are technically essential and are placed without consent.

Cloudflare, Inc. is headquartered in the United States. Data transfers are carried out pursuant to Standard Contractual Clauses and Cloudflare's participation in applicable data transfer frameworks.

Cloudflare's privacy policy is available at: cloudflare.com/privacypolicy

5.3.5 Framer — Framer B.V.

Framer provides the hosting infrastructure for the Platform and the technical functionality underlying the cookie consent banner. Framer may set certain technical cookies in connection with platform rendering, session continuity, and the storage of consent preferences. These cookies are strictly necessary for the delivery of the Platform interface and the operation of the consent mechanism.

Framer B.V. is headquartered in the Netherlands and operates within the EU.

[INTERNAL NOTE: A technical review of Framer's cookie implementation should be completed prior to publication to confirm the exact cookies set by Framer in connection with both platform hosting and the consent banner, and to verify that Framer's data processing practices are consistent with the Company's obligations under the nDSG and GDPR. A Data Processing Agreement with Framer should be confirmed as being in place.]

Framer's privacy policy is available at: framer.com/privacy

5.3.6 Stripe — Stripe, Inc.

Where a User proceeds to checkout on the Platform, Stripe may set cookies in connection with the payment process for the purpose of fraud prevention, security, and payment session management. These cookies are strictly necessary for the processing of payments and are placed without consent.

Stripe, Inc. is headquartered in the United States and is certified under the EU–U.S. Data Privacy Framework. Stripe acts as an independent data controller in respect of certain data it processes for its own fraud prevention and compliance purposes.

Stripe's privacy policy is available at: stripe.com/privacy

5.4 The Company reviews its third-party integrations periodically to ensure that all active trackers and cookies are accurately reflected in this Policy. Where new third-party cookies are introduced, this Policy will be updated in accordance with Section 9.

5.5 Users who wish to obtain further information regarding the third-party cookies used on the Platform, or who have concerns about third-party data processing, may contact the Company at Contact@fredericfernandezassociates.com. For matters relating specifically to a third-party provider's own data practices, Users are encouraged to contact that provider directly.

Section 6 — Cookie Duration

6. Cookie Duration

6.1 Cookies used on the Platform vary in their duration depending on their purpose and the provider that sets them. This Section provides a consolidated reference of cookie durations across all categories described in Section 4 of this Policy.

6.2 Session Cookies

Session cookies are temporary and are automatically deleted from the User's device when the User closes their browser. The following cookies used on the Platform are session cookies:

Cookie Name

Provider

Category

Session cookie

Buildable / GoHighLevel

Strictly Necessary

CSRF token

Buildable / GoHighLevel

Strictly Necessary

_hjFirstSeen

Hotjar

Analytics

_hjAbsoluteSessionInProgress

Hotjar

Analytics

Framer session cookie

Framer

Strictly Necessary

6.3 Persistent Cookies — Short Duration (up to 30 minutes)

The following persistent cookies expire within a short period following the User's visit to the Platform:

Cookie Name

Provider

Category

Duration

__cf_bm

Cloudflare

Strictly Necessary

30 minutes

_gat

Google Analytics

Analytics

1 minute

hjSession<site_id>

Hotjar

Analytics

30 minutes

_hjAbsoluteSessionInProgress

Hotjar

Analytics

30 minutes

hjIncludedInSessionSample<site_id>

Hotjar

Analytics

2 minutes

6.4 Persistent Cookies — Medium Duration (24 hours to 90 days)

The following persistent cookies remain on the User's device for a period ranging from twenty-four (24) hours to ninety (90) days:

Cookie Name

Provider

Category

Duration

_gid

Google Analytics

Analytics

24 hours

lidc

LinkedIn

Marketing

24 hours

li_fat_id

LinkedIn

Marketing

30 days

UserMatchHistory

LinkedIn

Marketing

30 days

AnalyticsSyncHistory

LinkedIn

Marketing

30 days

Authentication token

Buildable / GoHighLevel

Strictly Necessary

30 days

li_sugr

LinkedIn

Marketing

90 days

6.5 Persistent Cookies — Long Duration (1 year or more)

The following persistent cookies remain on the User's device for a period of one (1) year or longer:

Cookie Name

Provider

Category

Duration

_ga

Google Analytics

Analytics

2 years

ga<container-id>

Google Analytics

Analytics

2 years

hjSessionUser<site_id>

Hotjar

Analytics

1 year

bcookie

LinkedIn

Marketing

1 year

cf_clearance

Cloudflare

Strictly Necessary

1 year

Consent preference cookie

Framer

Strictly Necessary

12 months

Framer consent cookie

Framer

Strictly Necessary

12 months

6.6 General Notes on Cookie Duration

6.6.1 The durations listed in this Section reflect the standard published defaults for each cookie as provided by the respective third-party provider at the time of drafting. Actual durations may vary depending on browser settings, platform updates, or changes made by the relevant third-party provider.

6.6.2 Session cookies are deleted automatically when the User closes their browser, regardless of any stated duration. Persistent cookies remain on the User's device until they expire naturally, until the User deletes them manually via their browser settings, or until the User withdraws consent, in which case the Company will take reasonable technical steps to prevent further data collection through those cookies.

6.6.3 The Company will update the cookie duration information set out in this Section in the event of any material changes to the cookies used on the Platform, in accordance with Section 9 of this Policy.

6.6.4 Users may verify the duration of cookies currently active on their device at any time using their browser's developer tools or a third-party cookie scanning tool.

[INTERNAL NOTE: A full technical cookie audit of the Platform should be conducted prior to publication to verify the accuracy of all cookie names, categories, and durations listed in this Section and in Section 4. Cookie durations may differ from published defaults depending on the specific configuration applied within each tool's dashboard settings, including Google Analytics data retention settings and Hotjar session sampling configuration.]

Section 7 — Your Cookie Choices and Consent

7. Your Cookie Choices and Consent

7.1 The Company respects the User's right to control the use of cookies on their device. This Section explains how consent is obtained, how Users can manage their cookie preferences, and the effect of refusing or withdrawing consent in respect of certain categories of cookies.

7.2 Cookie Consent Mechanism

7.2.1 Upon the User's first visit to the Platform, a cookie consent banner is displayed, built and operated via Framer. The banner presents the User with clear information about the categories of cookies used on the Platform and invites the User to make an informed choice regarding their cookie preferences.

7.2.2 The cookie consent banner is structured to allow the User to:

(a) accept all cookies, including strictly necessary, analytics, and marketing cookies;

(b) reject all non-essential cookies, including analytics and marketing cookies, while permitting strictly necessary cookies to remain active; or

(c) customise their preferences on a category-by-category basis, accepting or rejecting each category of non-essential cookies independently.

7.2.3 Strictly necessary cookies are activated without consent, as they are technically essential for the operation of the Platform. The User cannot disable strictly necessary cookies via the consent banner.

7.2.4 No non-essential cookies are placed on the User's device prior to the User making an active, affirmative consent choice via the banner.

[INTERNAL NOTE: Verify prior to publication that the Framer-based consent banner is technically configured to block all non-essential cookies until affirmative consent is given. This is a hard legal requirement under both the GDPR and nDSG. Pre-ticked boxes or implied consent through continued browsing do not satisfy the consent standard under either framework. A full compliance review of the banner implementation is required before go-live.]

7.3 Recording of Consent

7.3.1 The Company records each User's consent choices, including the date and time consent was given or refused, the version of the Cookie Policy in force at the time, and the categories of cookies accepted or rejected.

7.3.2 These consent records are retained by the Company for the purpose of demonstrating compliance with applicable data protection law and are available upon request.

[INTERNAL NOTE: Confirm that the Framer consent banner solution is technically capable of logging and timestamping individual consent records per User session. If this functionality is not currently implemented, it must be added prior to go-live to satisfy the accountability requirements of the GDPR and nDSG.]

7.4 Updating Cookie Preferences

7.4.1 Users may update or change their cookie preferences at any time by accessing the cookie settings available on the Platform. The cookie settings panel can be accessed via the cookie preferences link located in the footer of the Platform.

[INTERNAL NOTE: Confirm that a persistent cookie settings link is available in the Platform footer or an equivalent accessible location, allowing Users to revisit and update their consent choices at any time without needing to clear their browser cookies.]

7.4.2 Where a User updates their preferences to withdraw consent for a category of cookies that was previously accepted, the Company will take reasonable technical steps to cease placing those cookies on the User's device from the point of withdrawal. Withdrawal of consent does not affect any data already collected prior to the withdrawal.

7.5 Withdrawing Consent

7.5.1 Users may withdraw their consent to non-essential cookies at any time, free of charge and without providing any reason, by:

(a) updating their cookie preferences via the cookie settings panel on the Platform, as described in clause 7.4 above;

(b) clearing cookies from their browser settings, as described in Section 8 of this Policy; or

(c) contacting the Company directly at Contact@fredericfernandezassociates.com to request assistance with withdrawing cookie consent.

7.5.2 Withdrawal of consent to non-essential cookies will not affect the User's ability to access the Platform or the ZBG Sprint course, provided that strictly necessary cookies remain active. However, certain features of the Platform may be affected where analytics or functional cookies are disabled.

7.5.3 Withdrawal of consent does not affect the lawfulness of any cookie-based processing carried out prior to such withdrawal.

7.6 Consent for Returning Users

7.6.1 The User's consent preferences are stored via the consent preference cookie placed by Framer, which has a duration of twelve (12) months. During this period, the User will not be presented with the cookie consent banner again unless:

(a) the User clears their browser cookies;

(b) the User accesses the Platform from a different device or browser;

(c) the Company updates its Cookie Policy in a manner that requires fresh consent to be obtained; or

(d) the consent preference cookie expires, in which case the User's preferences will be requested again upon their next visit.

7.6.2 Where the Company updates this Cookie Policy in a manner that introduces new categories of cookies or new processing activities requiring consent, the Company will reset consent records and present the updated banner to existing Users in order to obtain fresh, informed consent.

7.7 Effect of Refusing Non-Essential Cookies

7.7.1 Users are not required to accept non-essential cookies in order to access the Platform or the ZBG Sprint course. The refusal of analytics or marketing cookies will not restrict the User's ability to purchase or access course content.

7.7.2 Where a User refuses analytics cookies, the Company will be unable to collect data about that User's interactions with the Platform through Google Analytics or Hotjar. This does not affect the User's course experience but may limit the Company's ability to identify and address technical issues affecting that User's session.

7.7.3 Where a User refuses marketing cookies, the Company will be unable to conduct LinkedIn retargeting in respect of that User, and the LinkedIn Insight Tag will not be activated on their device.

7.8 Consent from Users in the EU, EEA, and United Kingdom

For Users located in the EU, EEA, or United Kingdom, the Company's consent practices comply with the requirements of the GDPR and UK GDPR respectively, including the requirement that consent be freely given, specific, informed, and unambiguous, and that withdrawal of consent be as easy as giving it. The Company does not rely on implied consent, pre-ticked boxes, or consent bundled with acceptance of terms and conditions for the placement of non-essential cookies.

7.9 Consent from Users in Switzerland

For Users located in Switzerland, the Company's consent practices comply with the requirements of the nDSG and its implementing ordinance (DSV). The Company applies the same standard of consent for Swiss Users as for EU and UK Users, in line with the principle of equivalent protection and the Company's commitment to maintaining a consistent and high standard of data protection across all jurisdictions in which it operates.

Section 8 — Managing Cookies via Your Browser

8. Managing Cookies via Your Browser

8.1 In addition to the cookie consent mechanism available on the Platform, Users may manage, restrict, block, or delete cookies at any time through their web browser settings. This Section provides guidance on how to manage cookies via the most commonly used browsers and through third-party opt-out tools.

8.2 Browser-Level Cookie Controls

Most modern web browsers provide Users with the ability to:

(a) view the cookies currently stored on their device;

(b) delete individual cookies or all cookies stored by a specific website;

(c) block the placement of cookies from specific websites or from all websites;

(d) configure the browser to notify the User before a cookie is placed; and

(e) block third-party cookies while permitting first-party cookies.

8.3 Browser-Specific Instructions

Instructions for managing cookies in the most commonly used browsers are available at the following links:

(a) Google Chrome: support.google.com/chrome/answer/95647

(b) Mozilla Firefox: support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop

(c) Apple Safari (desktop): support.apple.com/en-gb/guide/safari/sfri11471/mac

(d) Apple Safari (iOS/mobile): support.apple.com/en-gb/HT201265

(e) Microsoft Edge: support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge

(f) Opera: help.opera.com/en/latest/web-preferences/#cookies

For browsers not listed above, Users are directed to the help documentation provided by their browser developer.

8.4 Effect of Browser-Level Cookie Blocking

8.4.1 Users should be aware that managing cookies at the browser level may have a broader effect than managing preferences through the Platform's consent mechanism. In particular:

(a) blocking all cookies at the browser level, including strictly necessary cookies, may prevent the User from logging into the Platform, maintaining an authenticated session, or accessing course content;

(b) deleting cookies after consenting to their use via the Platform's consent banner will result in the consent preference cookie being deleted, meaning the User will be presented with the consent banner again on their next visit; and

(c) browser-level cookie settings apply across all websites visited using that browser and are not specific to the Platform.

8.4.2 The Company recommends that Users who wish to manage their cookie preferences specifically in relation to the Platform use the cookie settings panel available on the Platform, as described in Section 7 of this Policy, rather than relying solely on browser-level controls.

8.5 Third-Party Opt-Out Tools

In addition to browser controls and the Platform's consent mechanism, Users may opt out of specific third-party tracking tools using the dedicated opt-out mechanisms provided by each provider:

8.5.1 Google Analytics

Users may opt out of Google Analytics tracking across all websites by installing the Google Analytics Opt-out Browser Add-on, available at: tools.google.com/dlpage/gaoptout

This add-on prevents Google Analytics JavaScript from sharing information about visit activity with Google Analytics.

8.5.2 Hotjar

Users may opt out of Hotjar data collection, including session recordings, at any time by visiting: optout.hotjar.com

Once opted out, Hotjar will not collect any data about that User's interactions with websites using Hotjar, including the Platform.

8.5.3 LinkedIn Insight Tag

Users may opt out of LinkedIn retargeting and the LinkedIn Insight Tag by:

(a) adjusting their LinkedIn account settings under "Data privacy preferences" at: linkedin.com/psettings/guest-controls; or

(b) visiting the LinkedIn opt-out page at: linkedin.com/psettings/guest-controls/retargeting-opt-out

Users who are not logged into LinkedIn may opt out via their browser cookie settings or by withdrawing consent through the Platform's cookie consent mechanism.

8.5.4 Your Online Choices (EU/EEA Users)

EU and EEA-based Users may manage preferences for interest-based advertising from participating companies via the Your Online Choices platform, available at: youronlinechoices.eu

8.5.5 Network Advertising Initiative (US-based Users)

Users based in the United States may manage preferences for interest-based advertising from participating companies via the Network Advertising Initiative opt-out tool, available at: optout.networkadvertising.org

8.6 Mobile Device Settings

Users accessing the Platform via a mobile device may also manage cookie and tracking preferences through their device's operating system settings. In particular:

(a) iOS devices: Users may limit ad tracking via Settings > Privacy & Security > Tracking; and

(b) Android devices: Users may opt out of personalized advertising via Settings > Google > Ads.

8.7 Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) feature that sends a signal to websites requesting that the User's browsing activity not be tracked. The Company notes that there is currently no universally accepted standard for responding to DNT signals, and the Platform does not alter its data collection practices in response to DNT signals at this time. Users who wish to limit tracking on the Platform are encouraged to use the cookie consent mechanism described in Section 7 or the opt-out tools described in this Section.

8.8 Users who require assistance managing their cookie preferences on the Platform, or who have questions about the effect of blocking or deleting cookies, may contact the Company at Contact@fredericfernandezassociates.com.

Section 9 — Updates to this Cookie Policy

9. Updates to this Cookie Policy

9.1 The Company reserves the right to update, amend, or revise this Cookie Policy at any time, in order to reflect changes in applicable law, regulatory guidance, the introduction of new cookies or tracking technologies on the Platform, the removal of existing cookies, or changes to the data practices of third-party providers.

9.2 Circumstances Triggering an Update

The Company will update this Cookie Policy where, among other circumstances:

(a) new cookies or tracking technologies are introduced on the Platform, including the activation of any tools referenced in this Policy as forthcoming or subject to confirmation;

(b) existing cookies are removed, replaced, or materially changed in terms of their purpose, duration, or provider;

(c) a new third-party service provider whose technologies set cookies on the Platform is engaged by the Company;

(d) changes in applicable law or regulatory guidance require amendments to the Company's cookie consent practices or disclosures; or

(e) the cookie consent mechanism implemented on the Platform is updated, replaced, or materially modified.

9.3 Material and Non-Material Changes

9.3.1 Where a change to this Cookie Policy is material — meaning it significantly affects the categories of cookies used, the purposes for which cookies are placed, or the rights available to Users in respect of cookies — the Company will notify affected Users by:

(a) sending an email notification to the email address associated with the User's account on the Platform; and

(b) displaying a prominent notice on the Platform prior to the changes taking effect.

9.3.2 Where a material change involves the introduction of new categories of non-essential cookies or new processing activities requiring consent, the Company will reset existing consent records and present the updated cookie consent banner to all Users in order to obtain fresh, specific, and informed consent prior to placing any new cookies.

9.3.3 Where changes are non-material — such as minor clarifications, corrections of typographical errors, updates to third-party opt-out links, or administrative amendments that do not affect the substance of the Policy — the Company may update this Cookie Policy without prior individual notification, provided that the updated version is published on the Platform with a revised effective date.

9.4 Effective Date

9.4.1 Each version of this Cookie Policy will carry a clearly indicated effective date at the top of the document. The version of the Cookie Policy in force at the time of processing shall apply to the relevant cookie activity.

9.4.2 Where a material change is notified to the User in advance, the updated Cookie Policy will take effect on the date specified in the notification, which will be no earlier than fourteen (14) days following the date of notification, unless a shorter period is required by applicable law or regulatory obligation.

9.5 Continued Use

9.5.1 Where the User continues to access or use the Platform following the effective date of an updated Cookie Policy, such continued use shall constitute acknowledgment of the updated Policy in respect of strictly necessary cookies and other processing activities that do not require consent.

9.5.2 Where an update to this Cookie Policy introduces new categories of non-essential cookies or new processing activities requiring consent, continued use of the Platform alone shall not constitute consent to such new activities. Fresh consent will be sought through the cookie consent mechanism in accordance with clause 9.3.2 above.

9.6 Previous Versions

The Company will maintain a record of previous versions of this Cookie Policy. Users who wish to review a previous version may request a copy by contacting the Company at Contact@fredericfernandezassociates.com.

9.7 Users are encouraged to review this Cookie Policy periodically to remain informed of the cookies used on the Platform and of any changes that may affect them.

Section 10 — Contact

10. Contact

10.1 The Company welcomes questions, comments, and requests regarding this Cookie Policy and the use of cookies on the Platform. Users who have concerns about the Company's cookie practices, who wish to exercise their rights in connection with cookie-related data processing, or who require assistance managing their cookie preferences are encouraged to contact the Company directly.

10.2 Primary Contact

All cookie-related enquiries should be directed to the Company at:

Frederic Fernandez & Associates AG Industriestrasse 24 6300 Zug Switzerland Email: Contact@fredericfernandezassociates.com

10.3 Scope of Cookie-Related Enquiries

Users may contact the Company in connection with, among other matters:

(a) questions about the specific cookies used on the Platform and their purposes;

(b) requests for further information about the third-party providers whose cookies are active on the Platform;

(c) assistance withdrawing or updating cookie consent where the Platform's consent mechanism cannot be accessed;

(d) concerns about the Company's compliance with applicable cookie and data protection law; and

(e) requests for previous versions of this Cookie Policy in accordance with clause 9.6.

10.4 Response Timeframes

The Company will acknowledge receipt of all cookie-related enquiries promptly and will endeavour to provide a substantive response within thirty (30) days of receipt. Where an enquiry is complex or requires additional time to investigate, the Company will notify the User within the initial thirty (30) day period and provide an updated expected response timeframe.

10.5 Data Subject Rights

Where a User's cookie-related enquiry involves the exercise of data subject rights — including the right of access, erasure, restriction, or objection in respect of personal data collected through cookies — the User is referred to Section 12 of the Company's Privacy Policy, which sets out the full scope of data subject rights available and the procedure for exercising them. Such requests may be submitted to the same contact address set out in clause 10.2 above.

10.6 Supervisory Authorities

Without prejudice to the User's right to contact the Company directly, Users retain the right to lodge a complaint with the relevant data protection supervisory authority in respect of cookie-related data processing at any time:

(a) Switzerland — Swiss Federal Data Protection and Information Commissioner (FDPIC): Feldeggweg 1 3003 Bern Switzerland Website: edoeb.admin.ch

(b) European Union: The supervisory authority of the EU member state in which the User habitually resides, works, or in which the alleged infringement took place. A full list of EU supervisory authorities is available at: edpb.europa.eu

(c) United Kingdom — Information Commissioner's Office (ICO): Wycliffe House, Water Lane Wilmslow, Cheshire SK9 5AF United Kingdom Website: ico.org.uk

10.7 The Company encourages Users to contact it directly in the first instance to resolve any cookie-related concerns before escalating to a supervisory authority, and commits to investigating and responding to all enquiries in good faith and without undue delay.