Bromatech Suisse, with regards to data acquired through its website www.bromatech.ch, respects privacy of all website visitors and ensures that any personal data will be treated as confidential.
Bromatech Suisse does not market nor sales to third parties all data acquired through its website. Bromatech Suisse takes data protection of its websites visitors very seriously. Employees or collaborators involved in the treatment of said data are obligated to follow the same confidentiality obligations.
Processed data are used to optimize interaction with our website and to facilitate its use by the visitors, in order to evaluate system security and its stability and for other administrative purposes. The webpage www.bromatech.ch is subject to Suisse law on data protection and particularly to the Federal Act on Data Protection (DSG) or other possibly applicable regulations such as the European General Data Protection Regulation (GDPR) of EU.
We provide the mandatory information with regards to the treatment of personal data supplied. The policy must not be considered as valid for other websites that can be possibly visited through links found on the websites under the controller’s domain, which will not be held accountable under any circumstances for third-party websites.
Processable personal data: “personal data”: any information regarding a physical person identified or identifiable (“prospect”); a physical person will be considered identifiable if he/she can be identified, either directly or indirectly, in particular with reference to an identification item such as name, and identification number, location data, an online identification or one or more characteristic elements of his/her physical identity, physiology, genetics, psychic, economic, cultural or social identity.
Data Controller: Bromatech Suisse SA.
Controller’s email address to submit any requests: firstname.lastname@example.org
Gathered Personal Data
On this website, we acquire personal data using the behavioral data insertion forms during the normal use of contents. Data are treated according to the following purposes and using the following services, including the related storage and treatment locations:
-Contacting the using/processing orders and requests.
-Mailing List or Newsletter. Personal data acquired: first names, last name, e-mail, language. Processing location, Switzerland.
-Personal data acquired: first names, last name, e-mail, address, postal code, country, province, phone number. Processing location, Switzerland.
-Interaction with social networks and external platforms.
-Social share buttons, add-this plugin, other plug-ins. Personal data acquired: anonymous data, cookies and use data. Processing location, Switzerland.
-Registration and authentication.
-Direct registration. Personal data acquired: first names, last name, e-mail, address, postal code, country, province, phone number and mission land is data, even in multiple form (billing, shipping data, option). Processing location, Switzerland.
-Remarketing and behavioral targeting.
-AdWords Remarketing, Facebook Remarketing and Remarketing with Google Analytics for displaying advertisement. Personal data acquired: cookies and anonymous usage data. Processing location, USA.
-Google Analytics and Google Analytics con IP anonimizzato Personal data acquired: cookies and anonymous usage data. Processing location, USA.
-Newsletter Stats. Personal data acquired: behavioral usage data, both anonymous and not identifiable. Processing location, Switzerland.
-Content viewing from external platforms.
-Widget and embed content such as: Vimeo, Youtube, TripAdvisor, Trust You, Google Map, Personal data acquired: cookies and usage data. Processing location, USA.
-Webservices automatically imported contents from external data sources. Personal data acquired: none.
The users can exercise specific rights in reference to data processes by the controller. In particular, the user has the right to:
• Withdraw his/her right in any moment. The user can withdraw the consent to the treatment of his/her personal data he/she previously expressed.
• Object to the treatment of his/her data. The user can’t object to the treatment of his/her data when current on a juridical base different than consent. More details about the objection right are indicated in the section below.
• Access his/her data. The user has the right to obtain information regarding the data processing by the controller, about specific aspects of the processing and the user has the right to receive a copy of processed data.
• Verifying and asking for correction. The user can verify the correctness of his/her data and ask for them to be updated or corrected.
• Obtaining a limitation of processing. Under certain circumstances, the user can request the limitation of processing of his/her data. In this case, the controller will not process the data for any other purposes other than their storage.
• Obtaining deletion or removal of his/her personal data. Under certain circumstances, the user can request cancellation of his/her data by the controller.
• Receive his/her data or have them transferred to another controller. The user has to right to receive his/her data in a structured, commonly used formats and readable from an automatic device and, when technically feasible, to obtain their unobstructed transfer to another controller. This disposition is applicable when data are processed using automated instruments and their treatment is based on the user’s consent, on an agreement of which the user is a party or on contractual measures related to it.
• Make a complaint. The user can make a complaint to the applicable supervisory authority for data protection or take action in court.
Details regarding the right of objection
When personal data are treated for the public interest, under the exercise of public powers of which the controller is vested or in order to pursue a legitimate interest of the controller, the users have the right to object to the treatment for reasons related to their particular situation.
The users must know that, if their data are treated for direct marketing purposes, they can object to the treatment without providing any motivation. In order to find out if the controller processes data for direct marketing purposes, the users must reference to the respective sections of this document.
How to exercise rights
In order to exercise their rights, users must submit a request using the contact info of the controller indicated in this document. The requests are free of charge and processed by the controller in the shortest possible time, and always within a month. Some modification features can be exercised by the user autonomously, as mentioned in the following section.
Recipients and data shared with third parties
We will never sell personal information to third parties. We do not exchange, share nor transfer personal data to third parties, except under the following limited circumstances.
Personal data provided may be communicated to recipients who will process data as managers and/or physical people acting under the authority of the controller and the manager, in order to comply with the contracts or the related purposes.
Specifically, personal information may be communicated to recipients belonging to the following categories:
• our parent, controlled and affiliate companies;
• third-party service providers in order to allow these people to provide services which help us in our business activities, which may include marketing assistance, customer support, data analysis, advertising of offers/services of products or supply, maintaining and improving characteristics and features of products and services. For instance, we may provide personal data to our service providers for the direct sending of emails for our newsletters or notification for our products/services offers;
• general third parties when we believe in good faith that access, usage, storing or disclosure of said data would be reasonably necessary in order to (a) comply with any law, regulation, legal proceeding or applicable government request, (b) enforce an agreement with the customer, including the evaluation of potential breaches of agreement, or (c) protect from damages to our rights, property or safety, or to the rights, property or safety of our users or the public, as requested or allowed by the law;
• third parties (including our service providers and government agencies) in order to detect, prevent and otherwise handle frauds or technical issues or safety issues;
• our commercial partners providing service in partnership with us, for instance during a cross promotion;
• online and off-line bank institutions to process the payment of services or goods (booking, e-commerce, services);
furthermore, we may share and/or transfer personal data in the event of merging, acquisition, bankruptcy or any other form of corporate transformation.
Furthermore, we may share personal data with third parties (other than the above-mentioned categories) if we have the explicit consent to do so.
Furthermore, we may share aggregated data or anonymized data with third parties for other purposes. Said data do not identify the user individually, but could include data regarding usage, visualization and behavior of the users.
Safety of personal data
We use a variety of technologies and safety procedures in order to protect personal data from unauthorized accesses, uses or disclosures. We protect personal data provided on the cloud and locally on a server under a controlled and safe environment, protected by unauthorized access, usage or disclosure. When personal data is sensible (such as credit card number and/or geolocalization data) they are gathered on our apps and/or transmitted to other websites, they are protected by cryptography technology, such as the Secure Socket Layer (SSL) protocol.
This website is equipped with a https certificate making it more secure, especially for inserting personal information.
Data control by the user
If you no longer wish to receive our newsletter and promotional communications, you can choose not to receive them by following the instruction included in such communications or offers. In order to block cookies; you can remove or block specific cookies by using your browser’s settings, however, some features may cease to work correctly in this case.
Access to personal area
Access and update of personal data
Newsletter: in every newsletter you can find the link to access your personal area where you can modify, correct or delete said data.
Reserved areas after registration: you can access, review, correct, update, edit data anytime, autonomously. In order to do that, please contact us using the controller’s address indicated and the data you wish to access, correct or remove, or you can directly access your account and make the changes you want. We may refuse to process requests if they are unreasonably repetitive or habitual.
Storage of personal data
We keep personal data gathered following the expiration dates below and until we think they will be useful in order to contact you regarding the requested service, commercial information, subscription services, e-commerce and, when necessary, in order to comply to our legal obligations, solve controversies and enforce our agreements; then we will delete the data.
Storage time for data varies according to the kind of data as follows:
• to request contact, information and booking purposes (no expiration);
• newsletter or general email promotional communications (no expiration);
• acomplying with contractual obligations, laws and administrative – accounting purposes (Max 10 years, with the exception of longer or shorter duration as established by law).
Once storage time is collapsed, personal data will be canceled. Therefore, the right of access, the right of cancellation, the right of rectification and the right to portability for such data can be exercised and enforced at the end of this storage period.
Lugano, December 7, 2018.