2. LEGAL BASIS
This privacy statement is based on the Federal Data Protection Act (FDA) and the European General Data Protection Regulation (GDPR).
The Controller is the company ECLEXYS SAGL, having its registered office in Via dell’Inglese 6; 6826 Riva San Vitale; Switzerland.
Any information relating to an identified or identifiable natural person (data subject). In particular by reference to an identifier such as the name, the first name or the address, the email, the telephone number, etc.
Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Privacy Impact Assessment (PIA)
A PIA is a detailed study to establish the risk to privacy that a personal data processing could have on the privacy of the data subject should an incident occur.
Purpose of processing
The purpose of processing is the reason why the data is collected.
Any natural person subject to a processing of personal data.
The controller is the natural person or legal person on whose behalf the treatment is carried out. It determines alone or jointly the purposes of the treatment.
The processor is any natural or legal person, public authority, service or other body that processes personal data on behalf of the controller. For example, a web host or an online service provider.
Any transaction or set of transactions involving personal data, whether or not performed using automated processes, including the collection, recording, organisation, retention, adaptation, modification extraction, consultation, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection and limitation, erasure or destruction.
5. PROCESSING YOUR DATA
We only process data that you choose to transmit to us and for which you explicitly consent to the treatment.
Through our website, you can fill out a contact form. The following personal data will be requested:
- Job title
You have the opportunity to write a message related to your contact request. We recommend that you remain concise in your message and not provide us with any personal information.
You can also choose to receive our newsletter by ticking the option provided for this purpose. You will then receive a request for consent by email which will clearly indicate the purposes of processing your personal data that you can accept or refuse selectively.
If you have subscribed to our newsletter and do not wish to receive it anymore, you can unsubscribe by clicking on the “unsubscribe” link at the bottom of the newsletter. By doing so, you will receive an automatic confirmation of unsubscription and your data will be automatically deleted from the file provided for this purpose.
6. PURPOSES OF TREATMENT
We treat your data only in order to best meet your expectations. By collecting some of your personal data, two purposes stand out:
- Operational purposes:
- Respond to requests for contacts or information
- Establishment of an offer(s)
- Marketing purposes:
- Sending newsletters
- Sending commercial offers
7. TRANSFER OF YOUR DATA
We draw your attention to the fact that the servers of our subcontractors, processors may be located in states whose legislation does not include data protection rules appropriate or equivalent to the LPD or the GDPR.
If this is the case, we ensure that our subcontractors, processors, provide data protection safeguards and that they apply equivalent or GDPR-compliant standards, regardless of the geolocation of their servers.
8. DATA PROTECTION MEASURES
We strive to maintain a high level of security in the collection, processing and retention of data by relying on organisational and technical measures and taking the necessary precautions regarding the nature of the personal data that you are likely to communicate to us and the risks presented by their treatment in order to preserve its security and prevent such that they are altered, damaged, destroyed or that unauthorised third parties have access to it.
However, we draw your attention to the fact that it is impossible to guarantee absolute protection and invite you to apply good practices in order to contribute to the security of your data, in particular not to communicate your identifiers and passwords to other users. third parties, to disconnect systematically from your profiles and customer accounts, to close your browser window after your session, to clean the browsing history, especially if you access the Internet from a public post to which others people have access and not to save your credentials and passwords in the browser.
We supervise the processing of data by technical and organisational measures specific to the processing of personal data. All of our staff, agents and partners are required to adhere to these measures.
We use Secure Socket Layer (SSL) encryption to protect our website from the loss, destruction, access, modification and dissemination of your data by unauthorised third parties. SSL encryption encrypts content when you provide data on our site. We use the TLSstandard.
We make our employees and partners aware of the risks associated with the processing of personal data.
Limitation of processing
We limit the collection and processing of personal data to the strict minimum necessary to fulfil the intended purpose.
We control and limit access to the processing of personal data to a limited number of people.
Keeping your data
Your data is stored in our systems for the time necessary for the intended processing. After processing, the data is archived and anonymised or destroyed.
We carry out a Privacy Impact Assessment before implementing any personal data processing that may involve a risk for the data subjects privacy.
Selection of subcontractors, processors
We endeavour to select mainly subcontractors, processors, established in Switzerland or the European Union who contractually undertake to respect the confidentiality of personal data and who are guaranteed by the adoption of organisational and technical measures consistent with the LPD and GDPR.
9. YOUR RIGHTS
The Federal Data Protection Act and the EU General Data Protection Regulation grant the following rights to the data subjects.
- Right of information
- Right to access your data
- Right to rectification of your data (complete, updated)
- Right to oppose the processing of your data
- Right to limit the processing of your data (Purpose & duration of treatment)
- Right to the portability of your data (transmitted to a third party on your instruction)
- Right to erase your data (Right to be forgotten)
10. EXERCISE YOUR RIGHTS &INFORMATION
You can exercise your rights or request information by contacting us via the email address firstname.lastname@example.org. We will do what is necessary to answer you as soon as possible.