PRIVACY INFORMATION ON PERSONAL DATA
Dear User, in accordance with Article 19 of the Data Protection Act (hereinafter "DPA"), Article 13 of the Ordinance on the Federal Data Protection Act (hereinafter "OFDPA"), and Article 13 of EU Regulation 679/2016 (hereinafter "EU Regulation 679/2016"), BS4 SA, as further identified below, in its capacity as the "Data Owner," provides you with some information regarding the use of personal data provided by users who consult and/or interact with the web services accessible online at the address www.bs4corp.com, corresponding to the homepage of the official website of BS4 SA.
This notice is provided only for the website in question and not for other websites that may be accessible to users via links, and it is intended for users of this website. The Site may contain links to websites, services, and other Internet resources provided by third parties.
In this case, the Data Owner is in no way responsible for the content, security, and usability of such sites and resources. In particular, the Data Owner does not verify the policy or provide guarantees regarding the protection of privacy and personal data by these third parties.
In compliance with the obligations imposed in the field of personal data protection, this site respects and protects the privacy of users.
1. Owner of personal data
The Owner of personal data is: BS4 SA, located in CHIASSO, Switzerland, CORSO SAN GOTTARDO 54/A, with a nominal capital of CHF 100,000.00, VAT number CHE-325.177.863, and registration number in the Commercial Register: CH-501.3.017.619-5, represented by individuals with signing authority in accordance with the entries in the cantonal trade register (email address: amministrazione@bs4corp.com or call the following telephone number: tel. +41(0)916493780). The list of data processors and authorized individuals is kept at the registered office of the data Owner and is made available upon request by the data subject.
2. Personal data subject to processing
Personal data refers to information or data that directly or indirectly allows the identification of an individual, whether they are a natural or legal person. Personal data deserving of special protection includes information about opinions or religious, philosophical, or political activities, the intimate sphere, mental or physical health, as well as information about committed offenses, the related penalties, and measures taken. The Data Owner may collect, for the purposes described in this notice, the following categories of common personal data:
• Identifying information such as name and surname, company name, email, type of request, and message (and any other personal data mentioned in the message) voluntarily provided by the user when sending optional, explicit, and voluntary email through the contact form on the Data Owner's website;
• User's device IP address, user's location, unique identifiers of the user's mobile device, duration of stay on the Website, services used, links and messages activated, browser characteristics (type, language, installed plug-ins, cookies, etc.);
• Information about the browser, network, and device; The Website does not request/collect/process personal data deserving of special protection, given its purely informative nature. Therefore, users are advised not to transmit unsolicited information of this kind through the Website and related resources.
3. Purposes
The user's personal data will be processed for the following purposes:
a) Browsing on this website: Activities aimed at the functioning of the website. During the normal operation, the system acquires certain personal data, the transmission of which is implicit in the use of Internet communication. This category of data includes IP addresses or domain names of the computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user's operating system and computer environment;
b) Responding to contact requests received through the website via the contact form;
c) Investigating responsibility in the event of hypothetical computer crimes against the website;
d) To assert or defend a right in a judicial, extrajudicial, or administrative proceeding;
e) For legal, administrative, and auditing purposes.
4. Legal basis for processing
In accordance with Article 6 of EU Regulation 679/2016 and Article 6 of the DPA, the Data Owner processes your personal data within the applicable legal framework. Where required and depending on the purpose of the processing activity, the processing of your personal data may be based on one of the following reasons:
• For browsing on this website: legitimate interest of the Data Owner/predominant interest of the Data Owner (Article 6, letter f), EU Regulation 679/2016, and Article 31 of the DPA, paragraph 2;
• For the fulfillment of activities related to responding to information requests: consent of the website user (Article 6, paragraph 1, letter a), EU Regulation 679/2016, and Article 31 of the DPA, paragraph 1;
• To investigate liability in the event of hypothetical computer crimes against the website: legitimate interest of the Data Owner/predominant interest of the Data Owner (Article 6, letter f), EU Regulation 679/2016, and Article 31 of the DPA, paragraph 2;
• To assert or defend a right in a judicial, extrajudicial, or administrative proceeding: legitimate interest of the Data Owner/predominant interest of the Data Owner (Article 6, letter f), EU Regulation 679/2016, and Article 31 of the DPA, paragraph 2;
• For legal, administrative, and auditing purposes: legitimate interest of the Data Owner/predominant interest of the Data Owner (Article 6, letter f), EU Regulation 679/2016, and Article 31 of the DPA, paragraph 2. The provision of such personal data is optional, but failure to provide it may result in the inability to obtain what is requested. It should be understood that the legitimate interest of the Data Owner will be considered, provided that it is not overridden by your legitimate interests in privacy and data protection.
5. Processing Methods and Security Measures
With regard to the purposes described above, the processing of personal data takes place using manual, computer, and telematic tools, in any case, in such a way as to guarantee the security and confidentiality of the data. This includes data collection, recording, storage, organization, processing, profiling for organizational purposes, selection, extraction, comparison, interconnection, communication, blocking, deletion, and destruction. Your data is processed lawfully and fairly, adopting appropriate security measures to prevent unauthorized access, disclosure, or unauthorized alteration of the data.
6. Data Retention Period
In compliance with Article 6, paragraph 4 of the DPA and EU Regulation 679/2016, the personal data of the user will be processed as follows:
• Regarding browsing data on this website: they are stored until the end of the browsing session and are then deleted immediately;
• Regarding identification and contact data: for the period necessary to fulfill the forwarded request, and in any case, no later than 1 month from the contact request or, if earlier, until the revocation of consent by the data subject.
In any case, the data may be processed for the entire duration of any extrajudicial and/or judicial proceedings and until the expiration of the terms for judicial protection and/or appeal actions. Periodic checks on the obsolescence of the stored data in relation to the purposes for which they were collected are carried out, and the data is deleted after the specified retention periods have elapsed.
7. Entities to Which Data May Be Disclosed
The Data Owner will use your data solely within the company without transferring, sharing, or assigning them to third parties. Therefore, they may only be communicated to authorized personnel, data processors, service providers offering services on behalf of the Data Owner, freelance professionals providing services to the Data Owner, financial administrations, public authorities, judicial authorities, law enforcement agencies, and third parties exclusively for accounting, tax, legal, and insurance needs, or in case of police checks or if required by law.
These data will not be disseminated and will be processed by duly authorized individuals for the fulfillment of these tasks, constantly identified and/or appointed, appropriately trained and informed of the legal constraints, as well as through the use of security measures to ensure the protection of your confidentiality and to prevent the risks of loss or destruction, unauthorized access, or processing not allowed or not in conformity with the purposes described above.
8. Where Data are stored
The Data Owner exclusively stores your personal data in Switzerland, and they will not be transferred to third countries that do not adopt the same data protection laws as the country where the information was initially provided. Your personal data will also not be subject to dissemination or any entirely automated decision-making process, including profiling.
9. Rights of the Data Subject
As the data subject, you have the rights recognized by the nLPD, as expressed in Articles 24, 25, 26, 27, 28, and 29 of the nLPD, as well as Articles 15 and following of the Ordinance on the Federal Data Protection Act (OLPD). These rights include the right to access, the right to information, the right to correction, deletion, blocking, and the portability of processed personal data.
If data processing falls within the territorial scope of Article 3 of Regulation (EU) 679/2016, you can exercise your rights as expressed in Articles 15, 16, 17, 18, 19, 20, 21, 22 of Regulation (EU) 679/2016 by contacting the Data Owner or the data processor. In any case, you have the right to request access to your personal data, rectification, deletion, limitation of processing, or to object to its processing, as well as the right to data portability, at any time. If the processing is based on Article 6(1)(a) or Article 9(2)(a) of Regulation (EU) 679/2016, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal. You also have the right to lodge a complaint with the supervisory authority, following the procedures and instructions published on the official website if you believe that there is an issue with the handling of personal data. The supervisory authority for data protection in Switzerland is the Federal Data and Information Protection Commissioner (FDPIC).
In the case of a request for data portability, the Data Owner provides the user with personal data concerning them in a structured, commonly used, and machine-readable format, subject to paragraphs 3 and 4 of Article 20 of Regulation (EU) 679/2016.
To exercise these rights, you can send the MODULO PER L'ESERCIZIO DEI DIRITTI IN MATERIA DI PROTEZIONE DEI DATI PERSONALI form to the email address privacy@bs4corp.com. When contacting the Data Owner, please ensure to include your name, email address, postal address, and/or phone number(s), along with a copy of a valid identification document for recognition purposes, so that the Data Owner can properly handle your request. The company is required to provide a response within one month of the request, with the possibility of extending it to three months in case of particular complexity of the request.
10. Data Protection Officer
The Data Protection Officer is lawyer Francesco Tagliabue, with a practice located at Piazzale Gerbetto No. 6, 22100 Como, Italy. You can contact the Data Protection Officer quickly and directly using the following contact information: email francesco.tagliabue@legaliassociati.it, certified email (PEC) francesco.tagliabue@como.pecavvocati.it, phone +39.031.262591, and fax +39.031.279179.
You can make any reports regarding personal data protection issues using the MODULO PER LA SEGNALAZIONE DI QUESTIONI IN MATERIA DI PROTEZIONE DI DATI PERSONALI form.
11. Additional Information: Amendment/Entry into Force
The Data Owner reserves the right to amend, update, add, or remove parts of this privacy notice at its discretion and at any time. Before using the Website or related resources (email, etc.), it is the user's responsibility to verify the content of the current privacy notice. To facilitate this verification, the notice will include the date of the last update.
Effective Date: September 12, 2023.