1. Identity and contact information of the data controller

The entity that determines the purposes and means of the processing of personal data is Bancadati.ch SA, a company under Swiss law with registered office at Centro Galleria 2, Via Cantonale 6928 Manno - Switzerland (hereinafter also referred to as "Data Controller" or "Company").

You can contact the Data Controller at the following e-mail: privacy@bancadati.ch

2. Categories of personal data being processed

Personal data provided - or otherwise acquired in accordance with applicable legislative and contractual provisions - will be processed in accordance with Art. 5 of the nLPD and confidentiality obligations. In particular, we will process personal data and sensitive data as indicated below:

• Personal data: any information about an identified or identifiable person.
• Personal data worthy of special attention:
  - opinions or activities of a religious, ideological, political or trade union nature;
  - physical health, intimate sphere or ethnic origin;
  - social welfare measures;
  - criminal or administrative proceedings and penalties.
  In addition, the Data Controller may become aware of data concerning:
  - health status (e.g., absence due to illness, maternity, accident, etc.);
  - membership in trade unions and political parties;
  -the performance of public office (use of leave, expectations, etc.)
  - religious beliefs (holidays allowed by law).
• Personal data of third parties: in addition to your own personal data, you may also provide the Company with personal data of third parties, particularly other family members, for the purposes of human resources management and administration, including benefits and emergency contacts. Before providing such data, you must inform the persons concerned about the contents of this Privacy Policy.
• Data subjects: natural or legal persons whose data are being processed.
• Processing: means any operation concerning personal data, regardless of the means and procedures adopted, namely the collection, storage, use, review, communication, archiving or destruction of data.
• Communication: i.e., making personal data accessible, such as by allowing access, transmission or publication.

3. Data Protection - recipients of personal data

According to Art. 6 of the nLPD to ensure that your data are processed as fairly and transparently as possible, you should be aware that:

• Your personal data are processed and stored by the Data Controller or by the Data Processors on behalf of the Data Controller; the processing and storage of the processed data are carried out either in paper form or in electronic form with archives located at the company's headquarters and in some cases, at the offices of the Data Processors as identified and appointed.
• At the Data Controller, your personal data may be processed by individuals expressly authorized by the Data Controller according to the organizational needs of the Data Controller and in full compliance with the principles of the nLPD.
• All processing shall be carried out in accordance with the procedures set forth in Articles 6 and 8 of the nLPD and through the adoption of the appropriate security and organizational measures of OPDa Chapter 1.
• The duration of processing, in accordance with the principles of lawfulness, purpose limitation, and data minimization, is determined for a period of time not exceeding the achievement of the purposes for which the data are collected and processed, in compliance with the mandatory time limits prescribed by law.

Specifically, we may share personal data collected with the following categories of recipients (non-exhaustive list):

• Subjects that provide services for the maintenance of the infrastructure and information and application system in use and telecommunications networks (including tools and e-mail); hosting, web agency, webmaster;
• Consulting and support firms or companies;
• Competent authorities for compliance with legal obligations and/or provisions of public bodies;
• Group companies for organizational, administrative and accounting needs.

4. Processing purposes and data retention period

	PURPOSE OF PROCESSING | JUSTIFYING REASON	DATA RETENTION PERIOD
A	Activities strictly necessary for the user's navigation on this Internet site and to control its proper functioning.	Data will be retained until the end of the browsing session. For data processed with technical cookies, please see our Cookie Policy.
B	Obtain anonymous statistical information on site usage, marketing information, advertising.	Please see our Cookie Policy.
C	Contact forms and correspondence with the purpose of following up on the data subject's requests for products and services.	Data will be kept for as long as necessary to achieve the purpose and may be kept for up to 10 years if a business relationship is established.
E	Profiling activities. To carry out automated processing aimed at analyzing certain personal aspects such as your preferences, consumption habits, purchases, behavior also in order to be able to send you informative material and personalized offers selected on your interests.	The data will be kept until the consent given is revoked.
F	Collection of information for possible spontaneous or timely applications through the dedicated area on the site: ad hoc form or through a simple email submission; or through social media links (LinkedIn, Facebook).	Please request and review our Privacy Policy for applications.
L	Video image recording (no audio) Video Surveillance for property protection management of corporate movable and immovable assets.	Please see our Video Surveillance Privacy Policy.

5. Transfer of personal data outside the federal government

Personal data are not disclosed outside the territory of the federal government.

It should be noted that if data is to be disclosed outside Switzerland, it will be done in accordance with the provisions of the nLPD, particularly on the following bases:

• in the presence of appropriate safeguards, in this case contractual measures, designed to ensure adequate protection abroad;
• the processing is directly related to the conclusion or performance of a contract and the data being processed concern the other party;
• the communication takes place within the same legal entity or company or between legal entities or companies under one management, provided that the issuer and the recipient comply with rules to ensure adequate data protection.

6. Rights of the data subject

The data subject is guaranteed the following rights (non-exhaustive list), which can be exercised at any time by means of a request made in writing to the Data Controller's contacts listed above:

• you can at any time and free of charge be informed about your personal data that we are processing as well as receive from us, in a readable format, the personal data provided;
• if we process your incomplete or inaccurate personal data, you can at any time have it rectified and be informed about the rectification process if necessary. If it does not involve disproportionate effort, recipients will also be informed of the rectification of personal data;
• you have the right to ask the Data Controller for the deletion of the personal data processed, as well as to ask for its limitation to what is necessary for the purpose of processing.

For processing using cookies and other similar technologies, see our Cookie Policy.

You may exercise your rights under the LPD by contacting the Data Controller at privacy@bancadati.ch

7. Current version, changes and updates

In order to ensure that our Policy always complies with applicable legal requirements, we reserve the right to make changes at any time.

Date of last update: 19/12/2023