This Policy contains information required pursuant to Article 19 of the Swiss Federal Data Protection Act (hereinafter as “DPA”) relating to the protection of natural persons with regard to the processing of personal data, as well as legislative interventions and measures of SDPC (Swiss Federal Data Protection Commissioner) subsequent to the publication of this Policy.
1. DATA CONTROLLER
The Data Controller is Smartprise Sagl with registered office in Via Cesarea 25 – 6855 STABIO (TI) – Switzerland, Tel. No. +41 – 91 – 208 70 91, E-mail address: email@example.com.
2. DATA PROTECTION CONSULTANT (DPC)
The Data Controller shall inform you in the event that a Data Protection Consultant (DPC) is appointed pursuant to Article 10 of the Federal Act on Data Protection (FADP) and the contact details of the Consultant shall be published on the Company’s website in addition to this Policy.
3. PERSONAL DATA PROCESSED, LEGAL BASIS AND PURPOSE OF THE PROCESSING
Your personal data regarding the processing carried out on the website www.smartprise.com shall be processed for the following purposes:
a) Navigation data acquired by this site during normal navigation, including personal data whose transmission is connected to the use of Internet communication protocols (IP addresses, domain names of computers used by users who connect to the site, the time of request, the method used to submit the request to the server, the file size obtained in response, the numeric code indicating the status of response given by the server, etc.) and other parameters relating to the operating system and the user’s computer environment. These navigation data are used for the sole purpose of obtaining anonymous statistical information on the website usage and to check its correct functioning. The data collected could be used to ascertain responsibility in case of hypothetical computer crimes against the site. The legal basis of the processing is the legitimate interest of the Data Controller.
b) Data relating to users who contact the site through the appropriate information request form on the website www.etika-consulting.com such as identification data and e-mail address shall be processed in order to meet the users’ requests. The legal basis for the processing is the execution of a contract to which the data subject is party or the execution of pre-contractual measures aimed at the sale of products and/or services.
c) Contact details such as identification data and e-mail address may be used only with your explicit consent for sending commercial and also marketing communications through our newsletter. The legal basis of the processing is the consent expressed by the data subject.
d) This site uses the so-called “cookies”, small text files that are stored on the user’s computer and that serve to make the website more user-friendly, effective and secure. The cookies used are of the “session cookies” type which have the characteristic of not being permanently stored on the user’s computer and of disappearing when the browser is closed. In particular, the site uses so-called “technical cookies”, installed by its manager for the sole purpose of enhancing the users’ browsing experience, the current provisions do not require the users’ consent for technical cookies.
The provision of your data for the purposes referred to in letters a) b) d) and e) is mandatory as it is necessary for the purposes pursued, failure to provide the data would therefore make it impossible to fulfil these purposes, while the processing referred to in letter c) requires your express consent. Had we previously acquired your express and specific consent, it can be withdrawn at any time by writing to the e-mail address: firstname.lastname@example.org.
The legal basis for navigation data processing and session cookies is the legitimate interest of the Data Controller to process personal data relating to traffic data, to the extent strictly necessary and proportionate to ensure the system’s security, to perform statistical analysis.
4. DATA PROCESSING METHOD
The processing of your data shall be based on the principles of lawfulness, fairness and transparency and can also be carried out through automated methods for storing, managing and transmitting them accurately and shall take place through appropriate technical and organisational measures to ensure the security and protection from unauthorised or unlawful processing, from loss, destruction or accidental damage. The website users’ data shall be used by the appointed Data Processors and by authorised natural persons adequately trained by the Data Controller. There are no automated decision-making processes including profiling.
In order to pursue the aim described in point 3 above, the personal data processed shall be known by the employees, by persons treated as such and by the collaborators of the Data Controller who shall operate as subjects authorised for personal data processing. Moreover, your personal data shall be processed by third parties belonging to the following categories:
● Subjects who take care of administrative and tax compliance for the Data Controller;
● Companies and Consultants who provide legal advice;
● Insurance companies and credit institutions;
● External companies that offer services relating to the verification of creditworthiness, financial strength, risk profile and regulatory compliance (eg. Anti-money laundering);
● Third party companies that provide logistic services;
● Companies that provide technical coordination, assistance and maintenance of IT systems on our behalf;
In some cases, the subjects belonging to the above categories operate in total autonomy as separate Data Controllers, in other cases, as Data Processors specifically appointed by the Data Controller. The complete and updated list of the subjects to whom your personal data may be disclosed can be requested at the registered office of the Data Controller.
6. DATA RETENTION PERIOD
Your personal data shall be kept for the period of time strictly necessary to achieve the specific purposes of the processing referred to in point 3 of this policy and, specifically:
● For the purposes indicated in letters a) d) and e) of point 3, your personal data shall be kept for the time necessary to carry out existing agreements between the parties and subsequently for the period of time determined by the regulations in force, the data related to billing shall be stored for ten years from the date of invoice, after which they shall be deleted or anonymised.
● For the purposes indicated in letter b) of point 3 up to 10 years after which the data shall be anonymised or deleted.
● For the purposes indicated in letter c) of point 3 (newsletter subscription) up to the request by the user to interrupt the activity (opt-out) and in any case within 24 (twenty-four) months from the last communication of which there is evidence of direct interaction. Each user can withdraw his or her consent at any time by clicking on the specific link in the communication sent electronically or by sending an e-mail to the address email@example.com.
7. RIGHTS OF THE DATA SUBJECT
The interested parties have the right to access their personal data, to request for their correction, update and its deletion. It is also possible to oppose the processing and request its limitation.
The above rights may be exercised against us by writing to the E-mail address firstname.lastname@example.org.