As of July 2025

1. SCOPE AND DEFINITIONS

1.1 Scope

The provider of the application is Mirus Software AG, Tobelmühlestrasse 11, 7270 Davos Platz (hereinafter referred to as the “Provider”). These Terms of Use govern the use of the Mirus NEO application by employees of the Provider’s customers (hereinafter referred to as “Users”) in relation to the Provider. The terms apply to all functions and services that Mirus NEO makes available to users.

1.2 Contracting Parties

By registering for or using Mirus NEO as a user, a user relationship is established between the user and the Provider. The user’s employer (customer of the Provider) may play a role in the context of use, but is not the central focus of these Terms of Use.

1.3 Definitions

Mirus NEO refers to the Provider’s digital employee portal (app/web application). A user is any natural person who gains access to Mirus NEO as an employee of a customer. Employer refers to the company by which the user is employed and which has concluded a contract with the Provider for Mirus NEO.

2. SCOPE OF SERVICES AND APPLICATION FUNCTIONS

2.1 Description of Services

Mirus NEO is a digital platform for managing work-related information and for interaction between employees and employers. The application enables users to easily access relevant content and functions related to their employment relationship, regardless of location. The app offers the following main functions in particular:

• View work schedule

• Time tracking

• Access pay slips

• Absence management

• Master data management

• Employee chat

• Notifications and supplementary functions

2.2 Free of Charge for Users

The use of Mirus NEO is generally free of charge for the user. Any connection or data transfer costs (e.g., due to mobile use or internet connection) must be borne by the user themselves.

2.3 No Contract with Consumers

Mirus NEO is exclusively aimed at employers (customers of the Provider) and their employees within the scope of an employment relationship. It is not an offer to consumers within the meaning of consumer protection law. A contractual relationship with private end-users outside this context will not be established.

3. ACCESS AUTHORIZATION AND USAGE REQUIREMENTS

3.1 Authorized Users

Only employees whose access has been set up either by the employer or directly by the Provider are authorized to use Mirus NEO. The use of the application is restricted to official purposes within the scope of the existing employment relationship. Private use, whether of the entire application or individual functions, is not permitted unless expressly approved in writing by the employer or the Provider.

In particular, the use of Mirus NEO is prohibited:

• for private communication or data storage,

• for activities outside of officially relevant purposes,

• for sharing access data with third parties, including family members,

• for processing or storing non-work-related content.

A violation of this purpose limitation may lead to immediate access suspension, deletion of content, and employment law consequences. The Provider expressly reserves the right to take appropriate measures in case of misuse.

3.2 Registration and Access Data

Access data (e.g., username and password) must be treated as strictly confidential. Disclosure to third parties is not permitted. The user is responsible for all activities carried out under their user account, unless a technical compromise can be proven.

3.3 Required Equipment

A suitable internet-enabled device (e.g., smartphone, tablet, PC) is required for using Mirus NEO. The user is solely responsible for the security, protection, and up-to-dateness of the device used. This includes, in particular, measures such as a secure operating system, current software versions, and adequate access protection.

3.4 Provider’s Technical Requirements

The Provider makes Mirus NEO available in accordance with common technical standards. However, there is no entitlement to specific functions, platform support, or permanent compatibility with all conceivable system configurations. The establishment and maintenance of a functioning access is the responsibility of the user.

4. USER OBLIGATIONS

The user undertakes to use Mirus NEO properly. This includes:

• Truthful and up-to-date data maintenance: The user ensures that all entered personal and work-related information is complete, correct, and up-to-date. Changes – e.g., to contact details, address, or bank details – must be updated promptly, provided the application allows for this.

• Confidential handling of access data: Access data (e.g., username, password, two-factor codes) must be treated confidentially and may not be disclosed to third parties. The user is obliged to take appropriate measures to prevent unauthorized access to the user account.
• Securing one’s own devices: The user is responsible for secure access to Mirus NEO, in particular by implementing appropriate technical protective measures (e.g., password protection, up-to-date software, virus protection) on the devices used.
• Confidential treatment of official information: Information that becomes accessible during the use of the application (e.g., duty rosters, absences, personal data of third parties) must be treated confidentially and may not be disclosed or used otherwise without authorization.

• Data backup (if necessary): Insofar as documents or information are provided exclusively via Mirus NEO and are permanently required for personal or professional purposes, it is recommended to perform a data backup independently (e.g., by local download of pay slips).

• Reporting malfunctions or irregularities: Technical problems, malfunctions, or security-relevant anomalies in connection with the use of the application must be reported immediately to the responsible Provider or – depending on company regulations – to the employer.

5. IMPERMISSIBLE USE AND CONTENT

The user is strictly prohibited from using Mirus NEO in a manner that violates applicable law, operational guidelines, or the integrity of the platform. In particular, the following are prohibited:

• publishing, uploading, or distributing illegal, discriminatory, offensive, defamatory, or glorifying violence content,

• any form of offensive, degrading, or inappropriate communication towards other users, superiors, or third parties via integrated communication functions (e.g., chat, comments),

• uploading or distributing malware, harmful programs, executable files, or files with destructive or security-critical behavior,

• misuse of file transfer or storage functions, e.g., for private archiving of non-business-related or copyrighted content without authorization,

• any attempted or actual circumvention of security measures or technical protective provisions of the application (e.g., authentication mechanisms, access controls),

• spying on, intercepting, or unauthorized disclosure of personal or operational data of third parties,

• as well as any other action that could jeopardize the secure operation of the application or undermine trust in the platform.

Violations of these provisions may lead to immediate exclusion from the system, employment law measures, as well as civil or criminal law consequences. The Provider reserves the right to take technical measures (e.g., blocking access) and inform the relevant authorities in case of suspected misuse.

6. RESPONSIBILITY FOR CONTENT

6.1 Content Provided by the User

The user is solely responsible for all content that they enter, upload, or transmit via Mirus NEO (e.g., messages, comments, notes, files). They must ensure that this content does not violate any legal provisions, third-party rights (in particular, copyright, data protection, or personal rights), or operational regulations.

In the event of violations of legal provisions or these Terms of Use, the user shall indemnify the Provider upon first request from all third-party claims resulting from the unlawful use of the content. This also includes the costs of necessary legal defense.

6.2 Content Provided by the Employer

For all content provided or maintained by the respective employer – such as duty rosters, working time specifications, documents, or communications – the sole responsibility lies with the respective employer. In this context, the Provider acts merely as a technical service provider and does not undertake any content-related or legal review of this content.

6.3 Monitoring by the Provider

A systematic or automated prior review of the posted content by the Provider generally does not take place. However, the Provider reserves the right to take appropriate measures in case of concrete suspicion of unlawful, abusive, or security-endangering use of the platform – especially in case of a violation of Section 5 “Impermissible Use”. This may include, among other things, the temporary blocking of functions, visual inspection of individual content, logging of certain actions, or – in individual cases – the deletion of content.

All measures are taken with due regard to proportionality and in compliance with applicable data protection laws (GDPR, DPA). The Provider is also entitled to inform the affected employer about detected rule violations in justified cases.

7. SERVICE AVAILABILITY AND MAINTENANCE

7.1 Uptime and Availability

The Provider strives to keep Mirus NEO continuously available within what is technically and economically reasonable. However, continuous and uninterrupted availability of the platform cannot be guaranteed at all times. Technical malfunctions, force majeure, network interruptions, or other events beyond the Provider’s control may temporarily restrict use.

7.2 Maintenance Work

Regular maintenance work is required to maintain system stability, security, and functionality. This may lead to temporary restrictions or interruptions in availability. The Provider will – as far as foreseeable – inform about planned maintenance windows in a timely and appropriate manner. However, necessary immediate measures, such as security-relevant interventions, may also be carried out at short notice and without prior announcement.

7.3 Disclaimer of Liability for Outages and Data Loss

The use of Mirus NEO is at the user’s own risk. The Provider assumes no liability for temporary unavailability, data loss, or impairment of usability, particularly as a result of technical malfunctions, maintenance measures, or force majeure. In such cases, there is no claim for damages, compensation for working hours, or other compensatory services, unless gross negligence or intent on the part of the Provider is proven.

8. LIABILITY OF THE PROVIDER

8.1 Principles of Liability

The Provider is liable without limitation for damages caused by intentional or grossly negligent conduct. In cases of simple negligence, the Provider is only liable for the breach of essential contractual obligations (“cardinal obligations”), i.e., such obligations whose fulfillment is essential for the proper use of Mirus NEO and on whose observance the user may regularly rely. In these cases, liability is limited to the foreseeable damage typically occurring.

8.2 Exclusions of Liability

Liability for indirect damages (e.g., lost profits, production losses) as well as for consequential damages, data loss, or the loss of personal settings or entries is excluded, unless these are based on gross negligence or intent. The same applies to third-party content accessed via the platform or provided by employers or users themselves.

8.3 Changes to Products and Functions

The Provider reserves the right to adapt or further develop functions, displays, or technical processes of the platform, provided that the core functionality of Mirus NEO is not significantly impaired thereby. Such changes may be necessary, for example, to improve user-friendliness, implement legal requirements, or further develop the product.

8.4 No Warranty

Mirus NEO is provided in its current version – without express or implied warranty for specific properties, availabilities, or suitability for a particular purpose. In particular, no guarantee is given for error-free operation at all times, completeness, or compatibility with individual system environments.

8.5 Mandatory Law

The foregoing provisions remain unaffected by mandatory legal claims, in particular under product liability law, data protection law, and in the event of injury to life, body, or health.

9. DATA PROTECTION AND USER DATA SOVEREIGNTY

9.1 Processing of Personal Data

Personal data of users is processed in accordance with applicable data protection regulations, in particular pursuant to the EU General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (DPA). Processing is purpose-bound, transparent, and takes into account the principle of data minimization. Detailed information on the type, scope, and purposes of data processing can be found in our Privacy Policy.

9.2 User Data Sovereignty

The user retains full control over their personal data, even in the event of an employer change or after leaving the company. Access to one’s own data and documents remains possible via the personal user account as long as the account is not deleted.

9.3 User Rights

Every user has the right to receive information about the data stored about them, as well as – if the legal requirements are met – the right to rectification, erasure, restriction of processing, data portability, and, if applicable, objection to certain processing operations. To exercise these rights, the data subject can contact the Provider at any time or – in the case of employer-related data – the responsible employer.

9.4 Data Security

The Provider commits to the confidentiality and security of the processed personal data and takes appropriate technical and organizational measures (TOM) in accordance with Art. 32 GDPR or Art. 8 DPA. These include, among other things, access restrictions, encryption, logging, and regular security audits.

9.5 Disclosure to Third Parties

Personal data will only be disclosed to third parties if there is a legal obligation, if the disclosure is necessary for the fulfillment of contractual obligations, or if the user has expressly consented. In all cases, the Provider ensures that third parties – especially processors – are contractually obliged to comply with data protection.

10. TERM, TERMINATION OF USE

10.1 Term of Usage Rights

The right to use Mirus NEO generally exists for the duration of the existing employment relationship with an employer connected to the platform. During this time, the user may fully use the provided functions within the scope of these Terms of Use.

10.2 Termination and Deactivation by the User

The user can voluntarily terminate the use of Mirus NEO at any time. Upon request, the deletion of the personal user account or individual linked employer profiles can be requested via the application. In this case, the remaining personal data will be processed in compliance with data protection regulations according to Section

10.3 Termination and Blocking by the Provider

The Provider reserves the right to block access to the platform or terminate the user relationship if the user violates essential obligations of these Terms of Use (in particular according to Section 5 “Impermissible Use”) or endangers the security or integrity of the platform through its use. In particularly severe cases, immediate termination may occur. Before final deactivation, a notification will be sent to the affected person – as far as possible.

10.4 Consequences of Termination

Upon termination of the user relationship, the personal data of the user will be deleted or anonymized in accordance with statutory retention periods, unless there are legal or contractual obligations for further storage. The data subject will receive information upon request regarding the extent of deletion or anonymization. Data to which the user should retain access even after leaving (e.g., payroll slips) will remain available within the scope of the user’s data sovereignty.

11. FINAL PROVISIONS

11.1 Changes to the Terms of Use

The provider reserves the right to amend these Terms of Use at any time with future effect, provided there is a valid reason for doing so (e.g., in case of legal, technical, or functional changes). Users will be informed of planned changes in a timely manner and in an appropriate form.

11.2 No Ancillary Agreements

No further oral or implied agreements apply in addition to these Terms of Use. Individual arrangements or additions require written confirmation by the provider to be effective.

11.3 Severability Clause

Should any provision of these Terms of Use be or become wholly or partially invalid or unenforceable, the validity of the remaining provisions shall remain unaffected. An effective provision that comes as close as possible to the economic purpose of the original provision shall replace the invalid provision.

11.4 Applicable Law

The substantive law at the provider’s registered office shall apply, excluding the conflict of laws provisions and the UN Convention on Contracts for the International Sale of Goods (CISG), unless mandatory statutory provisions dictate otherwise.

11.5 Place of Jurisdiction

To the extent legally permissible, the place of jurisdiction is the provider’s registered office. Mandatory statutory provisions regarding jurisdiction – especially in favor of consumers – remain unaffected.

11.6 Contact

Controller:
Fabian Fingerhuth

Mirus Software AG
Tobelmühlestrasse 11
7270 Davos Platz
Switzerland
fabian.fingerhuth(at)mirus.ch

Data Protection Officer:

Marcel Schwizer
Mirus Software AG
Tobelmühlestrasse 11
7270 Davos Platz
Switzerland
datenschutzbeauftragter(at)mirus.ch