Aequitum attributes great importance to the privacy of its customers. At the same time, Aequitum considers it a priority to offer a high level of protection to the website users' privacy. Aequitum intends to provide users of the website with clear, transparent and complete information about the type of data collected and the use that is made of it by Aequitum. If one or more parts of this information are not clear, please contact us for more details. You can contact us at firstname.lastname@example.org.
Below, it will be explained the legal basis regarding the processing of data, the subject and methods of processing and the rights of the user concerning such processing.
Aequitum does not offer financial services through its website, nor does it collect sensitive data, as the website main aim is to provide users with general information about the world of finance, and to offer timely information about the activity of Aequitum itself. Therefore, this information is to be understood exclusively in the context of the use of the website www.aequitum.com or www.aequitum.ch.
At the international level, in recent years, there has been significant development of legislation to protect the privacy of individuals. Particularly in Europe, in May 2018, the European Regulation for data protection came into force. This Regulation extends the protection conferred by the European legislator to the private sector, even in cases where its data are processed outside the borders of the European Union.
The provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data (GDPR) apply only to citizens residing in the European Union, if all the necessary conditions have been met (except in the cases provided for in Art. 2 GDPR).
For all other users, only Swiss data protection law (Federal Data Protection Act - DPA) is applicable. Aequitum reserves the right to amend this information at any time, in particular at the time of the adoption of the DPA, which is currently undergoing a total revision, as well as to assert any of its rights as owner.
The preceding constitutes an integral part of this document.
- from 25 May 2018, the GDPR applies compulsorily in each Member State of the European Union;
- In Switzerland, if the requirements of Art. 3 GDPR are met, the processing of personal data may be subject to the GDPR (see also the Federal Data Protection and Information Commissioner's statement on this subject, FDPIC at the following link: www.edoeb.admin.ch);
- that, in accordance with Art. 5 GDPR ('Principles applicable to the processing of personal data'), the personal data of the concerned subject are processed under the principles of:
- of lawfulness, i.e., compliance with the rules; of correctness, i.e., compliance with unencoded ethical and deontological regulations; and of transparency, i.e., the guarantee of awareness of the concerned subject, data traceability and disclosure, at all times, at the request of the data subject (letter a);
- of 'purpose limitation' or collected for specific, explicit and legitimate purposes and subsequently processed in a manner not incompatible with those purposes (letter b);
- of 'data minimisation', i.e. collecting adequate and relevant data, limited to what is necessary to the purposes for which the data is processed (letter c);
- of 'accuracy', i.e. collected precisely and, where required, updated and erased/rectified if they are found to be inaccurate (letter d);
- 'storage limitation', i.e. kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the data are processed (letter e);
- 'integrity and confidentiality', i.e. processed in such a way as to ensure adequate security of personal data, including their protection by appropriate technical and organisational measures, against unauthorised or unlawful processing or accidental loss, destruction or damage (letter f);
- that, in particular, treatment is 'lawful' if, and in so far as, at least one of the following conditions is met, see Article 6 of the GDPR ('Processing Lawfulness'):
- the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes (letter a);
- processing is necessary for the execution of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject (letter b);
- processing is necessary to fulfil a legal obligation to which the controller is subject (letter c);
- processing is required for the protection of the vital interests of the data subject or of another individual (letter d);
- processing is necessary for the execution of a task carried out in the public interest or connected to the exercise of official authority vested in the data controller (letter e);
- processing is necessary for the legitimate interest of the controller or of a third party, provided that the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, in particular where the data subject is a minor, do not prevail (letter f).
All the above, in compliance with the provisions of Art. 13 ('Information to be provided if personal data are collected from the person concerned') - Section 2 ('Information and access to personal data') of the GDPR, we inform you as follows:
1. Identification of the 'Data Controller'
see definition of 'Processing Controller' point 7 - Article 4 GDPR 'Definitions': 'natural or legal person, public authority, service or another body, which alone or jointly with others determines the purposes and means of the processing of personal data'.
2. Object and Modalities of the treatment:
see definition ‘Processing’ - art. 4 'Definitions' GDPR: 'any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, deletion or destruction'.
see definition of 'Personal data' point 1 - Article 4 GDPR 'Definitions': 'any information relating to an identified or identifiable person ('data subject'), which can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more elements characteristic of his physical, physiological, general, mental, economic, cultural or social identity'.
The Data Controller processes the personal identification data provided by the interested party.
The processing of personal data is carried out based on the operations indicated in Article 4, no. 2), GDPR and precisely: collection, also, through the use of electronic and automated tools; recording for specific, explicit and legitimate purposes and use in further processing operations, however, compatible with those purposes; organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.
The data will be processed in compliance with the necessary security and confidentiality and will be subject to processing both paper and electronic and/or automated.
The Data Controller will process personal data for the time necessary to fulfil the above purposes, taking care to keep them, however, within the limits of what is specified below.
In particular, based on the circumstances mentioned above, Aequitum collects the following personal data:
- name and surname
- telephone numbers
- e-mail addresses
- IP addresses
3. Purpose of the processing for which the personal data are intended:
The data are collected and processed here:
- without express consent (see Art. 6 GDPR), for the following purposes:
- conclude contracts for the services of the owner;
- fulfil the pre-contractual, contractual and fiscal obligations deriving from the relations in place with the person concerned;
- satisfy the requirements provided for by law, Regulation, Community legislation or an order of the authority;
- prevent or detect fraudulent activities or abuses harmful to the website;
- exercise the rights of the owner, for example, the right of defence in court.
- only with specific and distinct consent (see Art. 7 GDPR), for the following marketing purposes:
- send by e-mail, post and/or text message and/or telephone contact, newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller and survey the degree of satisfaction with the quality of the services provided, indicating that, if the interested party is already our customer, we may send commercial communications relating to services and products of the Data Controller similar to those from which the interested party has already benefited, unless there is opposition (see Art. 21 GDPR);
- send by e-mail, post and/or text message and/or telephone contact, commercial and/or promotional communications of third parties (e.g. business partners, insurance companies, etc.);
Precise information regarding processing for 'Marketing Purposes' and 'Profiling'
For the benefit of the party concerned, the following should be noted
- The personal data collected will also be processed for purposes of commercial promotion, advertising, solicitation to purchase behaviour, market research, surveys (including telephone, online or through forms), statistical processing (in identifying structure), other sample marketing research in the broad sense of products and / or services referable to the Company (hereinafter, in total, 'Treatment for Marketing Purposes') through both 'generic' and 'profiled' marketing as a result of 'profiling activities' (see 'Profiling' - art. 4 'Definitions': 'any form of automated processing of personal data consisting in the use of such personal data to assess certain personal aspects relating to a natural person [...]');
- In any case, even if the interested party has given his consent, he will still be free at any time to revoke it, changing the settings of the consents in the 'Communication and Privacy' of the website. Following receipt of this opt-out request, the Data Controller will promptly remove and delete the data from the databases used for the 'Processing for Marketing Purposes' and 'Profiling' and will inform any third parties to whom the data have been communicated for the same purposes of cancellation.
- If - for the objectives illustrated above - the indication of the telephone number of the interested party is required, and the interested party has given optional and specific consent (which also covers the processing of such personal data) for the purposes of commercial promotion, marketing and profiling illustrated above, the Data Controller informs the data subject that he or she may legally process telephone users for marketing and profiling purposes even if they are entered in the Public Register of Oppositions, as they are taken from a source other than public telephone directories and covered by specific consent, without prejudice to the right to object subsequent to processing if consent is formally revoked.
- As required by Art. 21 of the GDPR, the data subject has the right to object at any time to the processing of personal data concerning him/her carried out for such purposes and that if the data subject objects to the processing for purposes of direct marketing and profiling, the personal data may no longer be processed for such purposes.
4. Transmission of your data to third parties
In order to be able to provide its services, the Owner must, in certain circumstances, provide to the third party the access to Its data (outsourcing). This applies particularly in the context of website management, as well as for sending newsletters or for profiling and marketing purposes. In any case, any transmissions take place only to the extent of Its consent and/or to the extent that this is provided for and/or complies with applicable law. In any case, the Owner's Partners commit themselves contractually to ensure adequate protection of personal data. The transmission of data abroad is carried out in accordance with the criteria laid down by the federal and European authorities according to the principle of adequacy. To the extent that the processing involves the transfer of data in the United States, this will only happen if the conditions recognised by the competent authorities are met and respects of the Privacy Shield program. To the extent that the conditions exist, the interested party may ask the Owner for the list of third parties that have access or to which his data is transmitted.
5. Rights of the data subject:
In accordance with the provisions of the GDPR, the data subject may exercise the following rights, provided that all the conditions for the subjection of the data subject to the GDPR are met and that the exercise of the data subject's rights does not conflict with the data subject's legal obligations as a company under Swiss law with its registered office in Switzerland:
- to ask the data controller for access to personal data in order to be able to confirm whether or not personal data concerning him are being processed and, in this case, to obtain all the necessary information in accordance with the best provisions and governed by Article 15 'Right of access of the data subject' GDPR;
- request the data controller to rectify inaccurate personal data concerning him as well as to supplement incomplete data as best provided for and regulated by Article 16 'Right of rectification' GDPR and Article 7, paragraph 3, letter a);
- request the data controller to delete personal data concerning him/her in the event that the data are no longer necessary for the purposes for which they were collected or otherwise processed (letter a); the data subject has revoked his or her consent, or there is no legal basis for the processing (letter b); the data subject has objected to the processing pursuant to Article 16 'Right to rectify' GDPR and Article 7, paragraph 3, letter a); the data subject has objected to the processing in accordance with Article 16 'Right to rectify' GDPR and Article 7, letter b); the data subject has objected to the processing pursuant to Article 16 'Right to rectify' GDPR and Article 7, paragraph 3, letter a); the data subject has not objected to the processing pursuant to Article 16 'Right to rectify' GDPR and Article 7, paragraph 3, letter b). 21, paragraphs 1 or 2, and, however, there are no overriding reasons to proceed with the processing (letter c); the processing is unlawful (letter d); the deletion of data is the fulfilment of a legal obligation to which the holder of the treatment is subject (letter e); where there is the hypothesis provided for in Article 8, paragraph 1 (letter f), all - in any case - as best provided for and governed by Article 17 'Right to erasure ('right to oblivion')' GDPR and Article 7, paragraph 3, letter b);
- obtain from the data controller the limitation of the processing itself when: the data subject contests the accuracy of the personal data (in this case within the time necessary to verify the accuracy of such data - point a); in the event of unlawful processing, the data subject objects - however - to the deletion of the data, requesting instead that its use be limited (point b); regardless of whether the data controller no longer needs it for the purposes of the processing itself, the data subject needs to keep the data for purposes of ascertainment, exercise or defence in court (point c); the data subject has opposed the processing pursuant to Art. 21(1), pending verification of whether the legitimate reasons of the data subject take precedence over those of the data subject (point (d)), all - in any event - in accordance with the best provisions and rules laid down in Article 18 'Right to restrict processing';
- at any time, for reasons related to his particular situation, oppose the processing of personal data concerning him, pursuant to Article 6, paragraph 1, points e) or f), including profiling on the basis of these provisions, as well as in the case of processing of data for marketing purposes including, in this case, profiling in so far as it is related to such direct marketing. All this, in any case, as better provided for and regulated in Article 21 'Right to object' GDPR and Article 7, paragraph 4, points (a) and (b);
- to obtain the portability of data according to what is best provided for and regulated in Article 20 'Right to data portability';
- at any time, revoke its consent to the processing of data without prejudice to the lawfulness of the processing based on consent before revocation. All this, in any case, in accordance with the best provisions and rules laid down in Article 7 'Conditions for consent';
- lodge a complaint with a supervisory authority responsible for monitoring the application of the GDPR in order to protect the fundamental rights and freedoms of natural persons with regard to the processing of personal data. All this, in any case, according to what is best provided for and regulated by articles 51 et seq. of the 'Control Authority';
CAUTION: In Switzerland, the supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC, https://www.edoeb.admin.ch ). However, on the basis of the current DPA of 19 June 1992, it does not have the special features conferred by the GDPR on the privacy authorities of individual European countries.
Irrespective of whether the GDPR is applicable or not, Aequitum is committed, in order to offer its customers the best possible guarantees, to ensuring the rights provided for in the DPA in accordance with the applicable DPA to customers who are not resident in Europe as well.