PRIVACY INFORMATION NOTICE ACCORDING TO ARTICLE 19 SWISS FEDERAL DATA PROTECTION ACT (FADP) AND ARTICLE 13 EU REGULATION 2016/679 (GDPR)

In compliance with article 19 of Federal Data Protection Act (hereinafter “FADP”) and article 13 of Regulation (EU) 2016/679 (hereinafter “Regulation” or “GDPR”), this information notice provides information about the processing of personal data of users who navigate in the web site of AKONI S.A.(hereinafter “Website”).

The information here provided does not concern other websites or external online services which could be accessed through links from this Website.

 

DATA CONTROLLER

The Controller of personal data processing is AKONI S.A. located at LUGANO, Via G. Marconi 4, SWITZERLAND, (hereinafter referred to as the “Company” o “Data Controller

For any request of information about this Privacy Policy and exercise the privacy rights, please contact the Company by using the following email address: privacy@akonigroup.com

 

TYPOLOGY OF DATA PROCESSED AND PURPOSES OF PROCESSING

Navigation Data

IT systems and the software installed for the functioning of this Website collect, in the course of their normal use, some personal data which transmission is implicit in the usage of Internet communication protocols.

In this category of data are comprised the IP addresses, domain name system, Uniform Resource Identifier/Locator of the requested resources, the hour of the request, the method used to submit the request to the server, the size of file obtained as reply, the numbering code which indicates the status of the reply given by the server (success, error, etc.) and other information relating to the operating system and the IT environment of the user.

Such data are processed to ensure the navigation on the Webpage and the usage of services possibly provided through the Webpage.

 

Data provided directly by the user

The optional and voluntary sending of messages to the contact addresses of the Company and the filling of online forms and their subsequent submission entail the processing of contact data of the sender and all data contained in the message, which are essential in order for the Controller to reply.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

 

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.


Cookies and other tracking systems

This webpage hereby affirms, in accordance with applicable laws and regulations, that it does not employ any tracking mechanisms for the purpose of monitoring user activity or gathering personal data without explicit consent.

 


LEGAL BASE OF THE PROCESSING

Navigation data collected through the Website is processed by the Controller according to article 31 paragraph 1 letter a) FDPA and article 6 paragraph 1 letter b) GDPR, to provide the user with the service of navigation on the Website.

Data provided on a voluntary basis by sending messages to the contact addresses of the Company will be processed by the Controller according to article 31 paragraph 1 letter a) FDPA and to article 6 paragraph 1, letter b) GDPR to provide the user with the service of answering his/her request.

 

RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Personal data will be processed by the individuals expressly authorized by the Controller, who pertain to the business units: information technology, business development, and any other Company unit which acts on the basis of the Controller’s instructions regarding purposes and means of processing strictly connected to the information presented in the Website.

Finally, if necessary for the mentioned purposes, personal data could be communicated to and/or shared with third parties such as providers of goods and services, including technical services, hosting providers, information technology companies, commercial partners, and public authorities.

 

TRANSFER OF PERSONAL DATA TOWARDS THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS

The Controller does not intend to transfer personal data towards international organizations and/or countries, outside Switzerland and not part of the European Economic Area, where an adequate level of protection is not ensured, according to the Swiss European Union laws; if a transfer is made, it shall be made for the implementation of contractual or pre-contractual measures taken following a users’ request, or as long as the transfer is necessary to ascertain, exercise or defend a right before judiciary authorities or if you have explicitly provided your consent to the transfer.

In case of additional transfers of your personal data, the Company will carry out such transfers only in accordance with the FADP, the related Ordinance of 31 august 2022 and the GDPR. In particular the Company will carry out such transfers:

•      towards Third Countries, one or more specific sectors within a Third Country or international organizations for which the European Commission and the Federal Council (Article 16 FADP) deem that an adequate level of protection of personal data is in place; or

•      if the recipient of the data obtained an appropriate certification or adhered to a specific code of conduct ensuring that the processing of personal data is carried out with safeguards which are appropriate under EU law and the FADP; or

•      if the Company implemented appropriate safeguards to protect your personal data, by concluding contracts including the Standard Contractual Clauses, as prepared by the European Commission and according to the applicable Swiss law or prepared by the national Data Protection Authority.

Further information about the safeguards adopted by the Company for such transfers can be requested by email at privacy@akonigroup.com

 

DATA RETENTION PERIOD

The Controller will process personal data collected to allow navigation on the Website until the end of the connection session, and for the time necessary to comply with the legal obligation and/or to defend or exercise a right in court. Personal data provided on a voluntary basis by the user through sending messages to the contract addresses of the Company shall be retained by the Controller for the time necessary to reply to such messages and for the additional time to comply with legal obligations and/or to defend a right in court.

 

NATURE OF THE COMMUNICATION OF PERSONAL DATA AND CONSEQUENCES OF THE FAILURE TO COMMUNICATE DATA

Communication of personal data provided by the user on a voluntary basis through messages to contact addresses of the Company is an essential requirement to allow the Controller to reply to the users’ requests. If data is not provided, the Controller could not be in the position to reply to the user. With reference to the consequences of the withdrawal of consent or removal of cookies, please see the Cookie Policy.

 

RIGHTS OF THE USERS

As a data subject of the processing of your personal data carried out by the Company, you have, and you are entitled to exercise in any moment, the following rights under the GDPR, if applicable, and the FADP:

–      Right of access (Article 15 of GDPR; Articles 25-26-27 FADP), consisting of the right to obtain confirmation as to whether or not your personal data is being processed, and, if it is the case, have access to it and to obtain a copy of such personal data.

–      Right to rectification (Article 16 of GDPR; Article32, par. 1 FADP), consisting of the right to obtain the rectification of inaccurate personal data concerning you. Where necessary, you have also the right to have incomplete personal data completed, including by means of providing a supplementary statement.

–      Right to erasure (Article 17 of GDPR; Article 30 par. 2, lett. b, and Article 32 par. 2 lett. c FADP), consisting of the right to obtain from the Company the erasure of personal data concerning you in the cases under Article 17 of GDPR, from the Swiss Civil Court in the cases under Article 32 FADP. In such cases your personal data will be erased and, if made public, taking account of available technology and the cost of implementation, reasonable steps will be taken to inform controllers which are processing the personal data of your request of erasure.

–      Right to restriction of the processing (Article 18 of GDPR Article 30, par. 2, lett. b, and Article 32 FADP), which provides that your personal data is marked, in specific cases, with the aim of limiting its processing in the future. In case of restriction of the processing your personal data will be processed, with the exception of storage, only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

–      Right to obtain the communication of the recipients made aware of a possible rectification, erasure of personal data or restriction of the processing (Article 19 of GDPR; Article 32, par. 4 FADP), consisting of the possibility to ask and obtain the indication of the recipients made aware of the possible rectification, erasure of personal data or restriction of the processing.

–      Right to data portability (Article 20 of GDPR) consisting of the right to receive, where permitted by the law, personal data concerning you, which you have provided to the Company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance, in cases and conditions established under Article 20 GDPR. Right to data portability (Article 28-29 FADP), consisting of the right to deliver the personal data that you have provided to the Company in a conventional electronic format if (i) the Company is carrying out the automated processing of the data and (ii) the data are being processed with your consent or in direct connection with the conclusion or the performance of a contract between you and the Company. You may also request us to transfer your personal data to another controller if the requirements in paragraph 1 are met and no disproportionate effort is required.

–         Right to object to the processing (Article 21 of GDPR; Article 30, par. 2, lett. b, and Article 32 FADP) consisting of the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller or is necessary for the purposes of the legitimate interests pursued by the Company or by a third party, including profiling based on those provisions. Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data for such purpose concerning you, which includes profiling.

–      Right to withdraw your consent (Article 7, par. 3 and 13, par. 2, letter c) and 14, par. 2 letter d) of GDPR; Article 30, par. 2, lett. b, Article 32 and Article 6, par. 6-7 FADP), consisting of the right to withdraw your consent at any time, when it is the legal basis of the processing of your personal data, without affecting the lawfulness of processing based on consent before its withdrawal.

–      Right to lodge a complaint with the supervisory authority (Article 13, par. 2, letter d), Article 14, par. 2, letter e) and Article 77 of GDPR consisting of the right to lodge a complaint with a supervisory data protection authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. You may lodge a complaint with the competent Swiss authorities in accordance with Article 49, par. 4 FADP.

In case of your request to exercise your rights, the Company could have the necessity to verify your identity and, therefore, it will be necessary that you provide your identifying data and the contact data essential to identify and contact you with reference to your request.

Possible limitations to the exercise of your rights, and to the consequent obligations of the Company, can be provided by the applicable law.

The Controller makes sure that the user can exercise at any time his/her rights provided by the FDPA and GDPR by writing to the Company at the following address at privacy@akonigroup.com

 

Last revised: September 1, 2023