The Data Controller collects and processes the Personal Data necessary to make it possible, respectively, to optimize the use of the Site. These data include information concerning the use of the Site (pages visited, duration of stay, links activated), the IP address of the user's device, user's location (through the IP address attribution provider), any unique identifier of the user's mobile device, browser characteristics (type, language, installed plug-ins, etc.) , cookies. These data are processed in an automated manner exclusively to allow navigation on the Site, evaluate the introduction of new features, improve the quality of the services offered, measure the use of the Site and optimize its usability. The Site processes the Personal Data transmitted by the user, in particular through the online forms or e-mail, for the purpose of communication or making available the information requested by the user. The Site does not process, nor transmit content or advertising messages conceived on the basis of the  online behavior, does not profile the user for direct marketing purposes, does not monitor the use of web resources external to the domain (subject to receiving the indication of the online resource from which  the user arrives on the Site) or e-mail. The Site reserves the right to transmit to third parties the personal data entered by users, such as insurance companies, banking companies, investment companies, tax consultancy companies or other types, in order to be able to offer the user the service requested by the same. 5cde-3194-bb3b-136bad5cf58d_ It is recommended not to send information and / or documents containing personal and / or confidential information by e-mail, as this is an insecure means of communication and does not guarantee the protection of confidentiality. The site owner is available to provide, at the user's request, secure electronic communication channels to transmit sensitive data through the site.

 

Obligation to provide data; Alternatives to digital communication

Apart from what is specified for the data necessary to make it possible, respectively to optimize, the use of the Site, the user is free to provide or not the Personal Data. Failure to provide the necessary data, or failure to communicate an e-mail address, will make it impossible to obtain what is requested or to take full advantage of the digital services offered by the Data Controller. In general, the Data Controller emphasizes that the interested party has the right to use the ordinary communication channels, such as telephone, fax and ordinary mail, if he does not intend to use the IT and / or telematic resources.

 

Data transfer to a third country and / or an international organization

Where strictly necessary taking into account the purpose of the processing, Personal Data are transferred abroad, however limited to countries that guarantee adequate protection of personal data as per the List established by the competent Authority. The interested party has the right to obtain a copy of such data, indicating the reason and proving their legitimacy. In case of transfer, personal data may be transferred only to natural persons, entities and companies that have adhered to specific agreements and / or international instruments concerning the protection of personal data. The interested party can obtain information about the safeguards adopted for the transfer of Personal Data by sending a request to the Data Controller by e-mail, indicating the reason and proving their legitimacy.

 

Retention period of personal data

The Site retains Personal Data as long as their conservation is necessary in consideration of the  purposes for which the data were collected, respectively to the extent that there is a legal obligation of conservation (usually 10 years) (see table above). Once the purpose of the collection of Personal Data has lapsed, or the conservation obligation established by law has expired, the Data Controller provides for the definitive and secure deletion of the data or, alternatively, their anonymization. Access to the detailed policy on the retention of personal data can be requested from the Data Controller by e-mail, indicating the reason and proving their legitimacy.

 

Contact forms

The Site provides contact forms and online data collection and management forms, encrypted, also based in part on a third-party plug-in. If the user does not intend to accept the third party service, the user must renounce the online services and send a contact request by referring to the various tools / addresses specified in par. A previous.

 

Newsletter

The Data Controller can offer a free update service on its activities through the Newsletter. The Newsletter is sent exclusively to those who have registered for this purpose by providing their e-mail address. Immediate cancellation from the list of recipients is possible at any time and with immediate effect by activating the “unsubscribe” link at the bottom of each e-mail. Failure to subscribe to the Newsletter or cancellation from the list of recipients does not affect or reduce in any way the usability of the Site and / or related resources. The Owner does not monitor the behavior and does not profile in any way the recipients of the Newsletter. The Owner does not transfer the e-mail addresses of the Users to third parties, with the exception of the newsletter service provider, which receives the e-mail addresses of the recipients functionally for the management of the Newsletter.

 

Data relating to minors

The treatment justified by the consent of the interested party is lawful where the minor who has given consent is at least 16 years old. If the minor is under the age of 16, the processing of personal data is lawful only and to the extent that consent is given or authorized by the legal representative. The Data Controller will make every reasonable effort and in consideration of the technologies available to verify that the consent given by the legal representative is effective. However, it will not be in any way responsible for any false declarations that may be provided by the minor and, in any case, should it ascertain the falsity of the declaration, it will immediately delete any personal data and any material acquired. The Data Controller will facilitate requests relating to the personal data of minors from the legal representative.

 

Data processors, recipients or categories of recipients, access to data

The Personal Data provided by the user may be disclosed to recipients who will process the data as data processors and / or as natural persons acting under the authority of the owner or manager. Where they operate in full autonomy, the subjects assume the position of distinct Data Controllers. Subject to the transmission of data required by law, the data may be disclosed to recipients belonging to the following categories: subjects who provide services for the management of information and telecommunication systems used by the Data Controller for the provision of the Site and for the organization, planning, implementation and execution of activities related to the Site; companies and freelancers who provide services to the Data Controller, for example in the legal, accounting, administrative and tax fields. As part of the management of the Site and related resources (in particular: e-mail, marketing, back-up, web-design, graphics, maintenance, translation, hosting and Internet access), mysbc.ch makes use of external suppliers of goods and / or services, such as insurance companies, banking companies, investment companies or tax consultants, etc. External suppliers have access to data only to the extent strictly necessary for the correct and efficient performance of their duties, subject to the assumption, by agreement, of an obligation of confidentiality and non-use in relation to Personal Data. The complete and updated list of the Data Processors is available for viewing at the registered office to interested parties who have indicated in writing the reason for the request and proved their legitimacy. For IT security reasons, some information may be anonymized or masked.

 

E-mail communications, risks

The user is aware that (i) the use of e-mail does not ensure the confidentiality and integrity of data in transit, (ii) numerous e-mail service providers are located or hold their data in countries which do not guarantee adequate protection of personal data, (iii) the use of such an e-mail service determines the transfer and storage of data in a country that does not guarantee adequate protection of such data. The user authorizes the Data Controller (including bodies, auxiliaries, agents and delegates) to transmit by ordinary e-mail (not certified and / or encrypted) documents and / or information, including those containing personal and / or confidential data, using the address e-mail provided by the user in response to user requests received by post, telephone, fax or e-mail. The user, in full awareness of the risks mentioned above, exonerates the Data Controller from any liability in the event of unauthorized access by third parties to documents and / or personal and / or confidential information transmitted or received by e-mail from the Data Controller and / or by its organs and auxiliaries.

 

Links to Third Party Resources

The Site contains links to sites, services, products (including plug-ins; in particular, see the previous paragraph called "contact form" and chapter sub letter D. following relating to cookies and social media plug-ins) and other resources of the Internet referable to third parties. The Owner is in no way responsible for the content, safety and usability of such sites and resources; in particular, the Data Controller does not verify the policy, nor does it issue guarantees regarding the protection of privacy and personal data by said third parties.

 

Safety

The Site implements the security measures reasonably imposed by the circumstances and proportionate to the risks against unauthorized access, use, transmission, alteration, loss or destruction of Personal Data. These measures include measures of a technical, physical and organizational nature. However, given the nature of the Internet as an "open network", the Data Controller cannot guarantee, nor does it guarantee, that the data will not be intercepted or acquired by unauthorized third parties.

 

User rights

For users resident in Switzerland, within the limits established by the LPD, the interested party can, in particular: obtain the correction of inaccurate personal data (art. 5 2 LPD); ask free of charge and with a written reply if data concerning him is processed (art. 8 para. 1 LPD) to interrupt or revoke the consent to the processing of personal data (art. 12 2 letter b) LPD); to interrupt the unlawful processing of personal data (Article 12 2 letter a) LPD); prevent, in the absence of justification, the communication to third parties of personal data worthy of particular protection or personality profiles (Article 12 2 letter c) LPD); request that data processing be blocked, that their communication to third parties be prevented or that personal data be rectified or destroyed (art.15 1 LPD); if neither the accuracy nor the inaccuracy of the personal data can be demonstrated, ask for a mention to be added to the data that detects its disputed nature (art. 15 1 LPD); request that the rectification, destruction, blocking, in particular that of communication to third parties, as well as the mention of the disputed character or the sentence be communicated to third parties or published (art. 15 3 LPD); have personal data collected, stored or used illegally destroyed; have the illegality of data processing established.

 

If the data processing falls within the territorial scope referred to in art. 3 GDPR, the interested party can assert the rights as expressed by the articles. 15, 16, 17, 18, 19, 20, 21, 22 GDPR, by contacting the Data Controller or the data processor. The text of the GDPR can be consulted by activating this link. The user has the right, at any time, within the limits and under the conditions established by the GDPR, to ask the Data Controller for access to his personal data, the rectification, cancellation of the same, the limitation of the processing concerning him or to oppose their treatment and to exercise the right to the portability of such data. If the processing is based on article 6, paragraph 1, letter a) or on article 9, paragraph 2, letter a) GDPR, the user has the right to withdraw consent at any time without prejudice to the lawfulness of the processing based on on the consent given before the revocation. The user has the right to lodge a complaint with the competent supervisory authority. In the case of a request for data portability, the Data Controller provides the user, in a structured format of common use and readable by an automatic device, the personal data concerning him, without prejudice to paragraphs 3 and 4 of art. 20 GDPR.

 

D. COOKIES AND SOCIAL MEDIA PLUG-IN

 

Introduction

This chapter describes the Site's policy in relation to the processing of users' personal data in relation to the so-called “cookies” and “widgets”.

 

Technical notions

What are cookies? Cookies are text files placed in the user's browser by sites / apps or servers while browsing the web. Thanks to cookies, these sites or servers are able to recognize the browser during navigation and subsequently. Cookies help improve the user's online experience, for example by keeping the preferences expressed by the user over time or by avoiding the user having to log in at each page change. Cookies can also be used to monitor the user's behavior online, with a consequent impact on the user's privacy. What are social media plug-ins and widgets? Social plug-ins consist of optional software modules that connect websites to social media, in order to allow users to easily interact with the contents of the sites (for example: "Like" or sharing of interesting site content through Facebook). Social plug-ins include so-called "widgets", graphic control elements that are inserted in the corresponding sections of the website, in order to allow the user to access the plug-in functions. By clicking on the widget, the user promotes it on the corresponding social media with a simple click. If the User activates the plug-in, his browser makes a direct connection to the servers of the plug-in provider (for example Facebook). The content of the plug-in is transmitted directly from the respective provider to the User's browser and inserted into the page. With the use of social plug-ins, certain personal information is transmitted to and processed by the plug-in provider. Even if the user is not a registered social media user, there is a possibility that he or she will collect the IP address via the social media plug-in. If the user is registered, the social media can link the visit of the web pages to the personal profile in the social media. If the user interacts with a plug-in, the relevant information will be transmitted directly to the servers of the plug-in provider. The information is also published on social media and therefore shown to the user's contacts or made public (in the case of a public profile).

 

The types of cookies

Cookies can be divided into various types. Considering the person who deposits the cookie on the user's terminal, if it coincides with the owner of the site visited, the cookie is called "first party", while if it is a third party site / server, the cookie is called " Part Three". Considering the duration of the cookie, "session" cookies are deposited as a function of access to the site and are therefore deleted when the browser is closed. "Persistent" cookies, on the other hand, remain stored in the device after the browser is closed (and until the expiry date set by the cookie). Considering the purpose of the cookie, it is necessary to distinguish "technical" cookies from "profiling" cookies. Technical cookies make it possible to browse the web, respectively, to provide the service requested by the user. They are not used for other purposes and are generally managed by the owner of the site visited. The "analytics" or "statistical" cookies are similar to technical cookies when used directly by the site owner to collect information, in aggregate form, on the number of users and how they interact with the site. Profiling cookies are generally third-party cookies used to set up a user profile based on his online behavior and habits in order to submit personalized advertising messages.

 

Statements of the owner regarding cookies

In general, the Site implements technical or analytical session cookies and, if strictly necessary to guarantee the best usability to the User, persistent technical or analytical cookies, in particular for the purpose of customizing the configuration of the Site, keeping browsing active, analyzing the traffic flow, as well as for system administration purposes. The collected data are treated anonymously and are not disclosed to third parties. Except when expressly stated, the Site does not implement user profiling and / or tracking cookies for marketing purposes.

 

Possibility of deactivation or cancellation, technical consequences

Cookies

The user has the possibility to set his browser to inform him of the receipt of a cookie or to block cookies (generally or by type of cookie or by site of origin). The generalized blocking of cookies, since the same also applies to technical cookies, can cause serious limitations in the use of the Site. The user has the possibility to delete cookies from the browser's memory, as well as to set the browser to delete automatically cookies when the program is closed (recommended). By default, browsers automatically accept cookies. Instructions for deactivating or deleting cookies can be found on the website of the developer of your browser. There are further methods to reduce the risk of online tracking, including: activate the DoNotTrack option on your browser (if available); use the "private" or "anonymous" browsing functionality of the browser (if available), which prevents cookies from being kept on the device after browsing; install on the browser privacy plug-ins such as, for example, Privacy Badger or Ghostery; exercise the right to be excluded from specific behavioral advertising schemes (for example: DAA Consumer Opt-Out Page; NAI Consumer Opt-Out Page). Social media plug-in If the user intends to prevent social media from assigning the data collected on the Site to the personal profile in the respective social media, before visiting our web pages it is necessary to log-out from the respective social media and delete all browsing data from the browser. The user can completely prevent the plug-ins from loading even with specialized browser add-ons (recommended), such as, for example, NoScript or Ghostery.

 

E. APPLICABLE LAW AND JURISDICTION

The legal relationship between the user and mysbc.ch SA with reference to the access and use of the Site (and related resources) is governed by Swiss material law, excluding the rules of private international law. The parties choose the ordinary Judge at the headquarters of the Data Controller as the exclusive competent Court in the event of a dispute arising or simply connected with the use of the Site (and related resources), reserving any mandatory rules that impose a different forum. The Data Controller reserves the right to appeal to the competent Judge at the headquarters, branch or home of the user.

 

Effective date: 28.03.2020

​

mysbc.ch SA, via alla Monda 1, CH-6528 Camorino