Regulation (EU) 2016/679 («General Data Protection Regulation», hereinafter “GDPR”) provides safeguards for individuals (“data subjects”) with regard to the processing of their personal data. In compliance with the GDPR, B-POSITIVE SAGL strives to ensure that the processing of data attributable to Data Subjects is based on the principles of lawfulness, fairness and transparency, as well as the protection of confidentiality and the rights of the data subject.
In compliance with the GDPR we hereby provide the required information about the processing of the personal data provided by you. As Data Controller, our organization will process your personal data with the utmost care in compliance with the GDPR, implementing effective operational procedures and processes in order to guarantee processing safeguards. For this purpose, using material and operational procedures to safeguard the collected data, we undertake to protect the information provided, in order to avoid unauthorized access and disclosure, maintain the accuracy of the data and guarantee its appropriate use.
Legal basis for data processing
The acceptance of the policy for the collection of personal data (even through cookies) and, therefore, the consent to the processing of such data, is necessary in order to browse the website. Therefore, the Data Controller provides information on categories of Data Subject’s personal data that are collected.
Like all websites, this website also uses log files to retain the information collected during visits by users in an automated manner. The following types of information may be collected:
- Internet protocol (IP) address;
- Type of browser and parameters of the device used to connect to the website;
- Name of the Internet service provider (ISP);
- Date and time of the visit;
- The web page that the visitor arrives from (referral) and leaves for;
- The number of clicks, if any.
The above information is processed automatically and collected in order to ensure the proper functioning of the website, as well as for statistical or security purposes.
For security reasons (anti-spam filters, firewall, virus detection), the data recorded automatically may also include such personal data as the IP address, which may be used in compliance with the relevant current legislation to block attempts to damage the website or other users or, in any case, to block other detrimental activities or crimes. Such data is never used to identify or profile the user, but solely to safeguard the website and its users.
As a consequence of normal use, the IT systems and software procedures dedicated to the functioning of this website acquire certain personal data whose transmission is inherent to the use of Internet communications protocols. This category of data includes:
- The IP addresses or domain names of the computers used to link to the website;
- The addresses of the resources requested in URI (Uniform Resource Identifier) notation;
- The time of the request;
- The method used to submit the request to the server;
- The size of the file obtained in response;
- The numeric code indicating the status of the reply given by the server (success, error, etc.);
- Other parameters relating to the operating system and IT environment of the user.
Except as specified for the browsing data, the user is free to provide additional personal data, with respect to that indicated above, when registering with the website.
Failure to provide such data may make it impossible to obtain the requested information or to provide certain services and the browsing experience on the website might be compromised.
B-POSITIVE SAGL confirms that your “sensitive” data is never collected.
How long your data will be kept / Data Retention
The personal data collected during the browsing session will be retained for the time needed to carry out the specified activities and, in any event, no longer than 26 months from the last visit of the website. Data provided voluntarily by the user will be retained for five (5) years from the last visit or until the Data Subject’s cancellation request.
Methods of processing
Pursuant to articles 12 et seq. of the GDPR, the personal data that you provide to us will be recorded, processed and retained on our hard-copy and electronic files, adopting adequate technical and organizational measures in order to safeguard that data. The processing consists in any operation or series of operations described in art. 4, point 2 of the GDPR. Personal data will be processed using suitable tools and procedures that guarantee security and confidentiality. Such processing may be carried out directly and/or via delegated third parties, using IT equipment or electronic instruments.
Transfer abroad of personal data
The data provided by you will be processed both in Switzerland and within the European Union. If during the contractual relationship your data is transferred to a non EU country (excluding Switzerland) or to an international organization, your rights under EU legislation will be guaranteed and you will be informed on a timely basis.
Purposes of processing of your personal data
The personal data of all users of the website may be used to:
- allow browsing of the public web pages on our website;
- respond to requests received via e-mail addresses published on the website;
- collect anonymous statistical information about the use of the website (e.g. analysis of the most visited web pages);
- collect anonymous statistical information about the geographical areas of arrival;
- check the proper functioning of the website;
- determine responsibilities for any illegal activity carried out to the detriment of the website.
In addition to the purposes described above, the personal data of users who register with the website will also be used for purposes connected with the services requested and, in particular, to:
- request information about the solutions offered by B-POSITIVE SAGL ;
- examine information about and demos of B-POSITIVE SAGL products and services;
- browse the private web pages on our website;
- register users for the requested service;
- fulfil the contractual obligations associated with the requested service, where applicable;
- carry out marketing activities;
- send advertising, technical and promotional information by e-mail;
- make direct sales via the website.
Extent of knowledge of your data
The following categories of data processors or persons tasked with processing by our organization may become aware of your data:
Employees or consultants in general working in B-POSITIVE SAGL offices and/or the marketing department
“What are cookies?” – Cookies are small text strings that the visited websites send to devices. They are stored and relayed once the user visits the website again. Cookies may perform different functions and have different features. Cookies can be used by the Data Controller as well as by Third Parties. Here below you will find all the information related to cookies used by the present website, together with the instructions that will help you manage your cookie
- For further information about cookies, please visit www.allaboutcookies.org or www.youronlinechoices.eu .
- Technical cookies not requiring consent – Our website is using technical cookies to perform activities strictly necessary for the functioning of the website and for the provision of the service; to optimize website functions; to collect aggregate and anonymized information (without any storage or IP address identification, i.e. Google Analytics) to enhance the user experience and the performances of our website. In particular:
- wordpress functional cookies;
Technical cookies do not require the consent of the user and are installed automatically following the user’s access to the website.
In addition, when browsing B-POSITIVE SAGL website, users may be redirected to functions on other websites that also use their specific cookies, such as:
- Statistical cookies: Used to manage statistics and to collect personal information in aggregate and anonymous form, without storing / collecting IP address; personal data collected are shared with the Third Party (Google), in relation to the following services:
- Google products and services;
- Technical support;
- Account management;
- Google Analytics.
- Other cookies that require consent – All cookies different from the technical cookies are installed/activated only after the user’s express consent, to be given upon first access to the website. The consent may be expressed in a general manner, by interacting with cookie banners. Your consent will be registered for future website accesses. Users have the right to revoke their consent at any time by changing the cookies preferences on this web page.
Through this website we also install “Third-Party” cookies. Here below we supply you with some instructions and a link to Third Parties’ privacy policies together with consent forms. By continuing to visit this website or by closing the pop-up you automatically give your consent to the use of technical cookies
- Social network cookies, used to share contents on social media, such as:
- Facebook cookies: https://www.facebook.com/full_data_use_policy
- Twitter cookies: https://twitter.com/privacy?lang=en
- Linkedin cookies: https://www.linkedin.com/legal/privacy-policy
- Google+ cookies: https://www.google.com/intl/en/policies/privacy
Despite your cookie preferences, when you access our social media pages while logged in with your Account, you will be subject to the Terms and Conditions of use of the social media platform you are accessing. This means that B-POSITIVE SAGL cannot exercise any control over how those platforms manage your data. Despite this, B-POSITIVE SAGL does however benefit from statistical and marketing services offered by such platforms. For instance, if you access our social media pages while logged in with your account, the social media will share some of your profile information with our website. If you do not wish to have your information processed by the platform and/or shared with us, please log out of your Account before accessing B-POSITIVE SAGL ’ page.
- Retargeting & Advertising cookies:
Used to send to the user advertising messages in line with the user’s online navigation preferences (OBA).
- How to deactivate cookies – Most browsers (Internet Explorer, Firefox, Chrome, etc.) are configured to accept cookies. The cookies stored on the hard disk of your device can however be deleted and, in addition, it is possible to deactivate cookies by following the instructions provided by the browsers at the links below:
Communication and transfer
Our organization may communicate externally the data provided by you upon registration, making it known to one or more specific parties, in order to fulfil all required legal and/or contractual obligations. In particular, your data may be communicated to:
- other B-POSITIVE SAGL Group companies, including parent companies, subsidiaries and associates;
- public offices or bodies or supervisory bodies, in accordance with legal and/or contractual obligations; We may communicate your data in the following terms:
- to parties able to access it pursuant to laws, regulations or EU legislation, within the limits envisaged in those rules;
- to parties that need to access your data for purposes ancillary to the relationship that exists between you and us, within the limits strictly necessary to carry out the ancillary tasks;
- to our consultants and/or professionals, within the limits required for them to carry out their work at our or their organization, following our appointment letter that imposes duties of confidentiality and security.
We will not transfer your data except for the purposes for which you provided your consent, i.e. we will not make it known to unspecified subjects, or make it available for use or consultation.
Trust and confidentiality
We recognize the importance of the trust shown by data subjects who consent to the processing of their personal data and, therefore, we undertake not to sell, hire or rent such personal information to others.
Rights pursuant to arts. 15 et seq. GDPR
Pursuant to art. 15 et seq. GDPR, you are entitled to obtain confirmation of whether or not your personal data has been processed, even if the results have not yet been recorded. You are entitled to access your personal data and to request its correction, deletion or restriction, as well as to object, in whole or in part, to the processing carried out.
You are entitled to obtain access to the following information from the Data Controller:
- The purposes of processing;
- The categories of personal data concerned;
- The recipients or categories of recipients to which the personal data has been or will be communicated, especially if they are resident in another country or are international organizations;
- When possible, the expected period of time that the personal data will be retained for or, if not possible, the criteria used to determine that period;
- If the data was not collected from the data subject, all the information available about its origin;
- The existence of an automated decision-making process, including the profiling referred to in art. 22, paras. 1 and 4, and, at least in such cases, meaningful information about the logic used, as well as the importance of such processing and its consequences for the data subject.
If the data is transferred to another country or to an international organization, you are entitled to be informed about the existence of adequate guarantees pursuant to art. 46 GDPR.
To exercise these rights please contact:
- The Data Controller, which will respond within 30 days of receiving your formal request.
- The Data Protection Officer (DPO).
In case of any infringement of your rights you can appeal to the competent Data Protection Authority.
Processing without the need for consent from the data subject
Even without your consent, this organization is entitled to process your personal data should it be necessary in order to:
- fulfil an obligation required by law, by a regulation or by EU legislation;
- fulfil obligations deriving from a contract to which you are a party or to fulfil specific requests received from you prior to the termination of the contract.
Furthermore, your express consent is not required when the processing:
- concerns data obtained from public registers, lists, deeds or documents that can be read by anyone, without prejudice to the limits and procedures that laws, regulations or EU legislation establish with regard to obtaining knowledge about and the publishing of data, or to data on the performance of economic activities, processed in compliance with current regulations governing business and industrial secrets;
- is necessary in order to safeguard the life or physical safety of a third party (in this case, the Controller must inform the data subject about the processing of that personal data, even subsequently, but as soon as possible. In such circumstances, therefore, consent is given following presentation of that information);
- is necessary, with the exclusion of dissemination, in order to uphold or defend a right in court, provided that the data is processed solely for those purposes and for the period strictly necessary for their pursuit, in compliance with current regulations governing business and industrial secrets;
- is necessary, with the exclusion of dissemination, in cases identified by the national Data Protection Authority on the basis of legal principles, in pursuit of the legitimate interests of the Controller or another recipient of the data, including with reference to the activities of banking groups and subsidiaries or associates, should the fundamental rights and liberties, dignity or legitimate interests of the data subject not prevail.
We will make sure this policy is always up-to-date so we strongly encourage you to review our Policy Updates and familiarize yourself with all the changes that are being made.
Last Update: 01.09.2018