Information Document on the Processing of Personal Data

Pursuant to Art. 19 of the Data Protection Act (hereinafter also only "nLPD"), Art. 13 of the Ordinance on the Federal Data Protection Act (hereinafter also only "OLPD") as well as Art.13 of the EU Regulation 679/2016 (hereinafter also only "EU Reg. 679/2016"), Amgest SA, as better identified below, in its capacity as "Data Controller", provides some information about the use of personal data provided by users who consult and/or interact with the web services accessible by electronic means starting from the address: www.amgest.ch corresponding to the home page of the Official Website of Amgest SA hosted by "Squarespace. The information is given only for the site in question and not also for other websites that may be consulted by the user through links and is addressed to the users of this site. The Site may contain links to sites, services and other Internet resources referable to third parties. In this case, the Owner is not in any way responsible for the content, security and usability of such sites and resources; in particular, the Owner does not verify the policy, nor does it issue guarantees regarding the protection of privacy and personal data by said third parties. In compliance with the obligations dictated on the protection of personal data, this site respects and protects the privacy of users.

Personal Data

Any information about a data subject that identifies him or her or makes him or her identifiable. Amgest SA, through its website, collects various personal data, including but not limited to: first name, last name, e-mail address, telephone number, IP address.

Processing

Is any operation or set of operations, performed with or without the aid of automated processes, and applied to personal data or set of personal data, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction.

Data Subject

Is the identified or identifiable natural person. By way of example (not exhaustive), interested party is the user who browses the platform and sends, through it, a request for information.

1. Owner of Personal Data

The owner of the personal data is: AMGEST SA, with registered office in Lugano (CH) Via Pretorio 9, represented by the persons entitled to sign in accordance with the entries in the Cantonal Commercial Register https://ti.chregister.ch/cr-portal/auszug/auszug.xhtml?uid=CHE-112.771.398#

To contact the data controller: e-mail privacy@amgest.ch - telephone contact: +41(0)918271154 

The list of data processors and any authorized persons is kept at the holder's office and made available upon request of the data subject.

2. Personal Data Subject to Processing

Personal data means indications or information that directly or indirectly allow the identification of a person, whether natural or legal. In particular, information on religious, philosophical or political opinions or activities, the intimate sphere, mental, mental or physical state, as well as information on crimes committed, their penalties imposed and measures taken are considered personal data deserving special protection.

The Data Controller may collect for the purposes described in this policy the following categories of common personal data:
or IP address of the user's device, location of the user, unique identifiers of the user's mobile device, length of stay on the Website, services used, links and messages activated, browser characteristics (type, language, plug-ins installed etc., cookies etc.);
or browser, network, and device information; web pages visited before accessing this website; IP address as well as any website usage details such as clicks, internal links, pages visited, scrolling, searches, and timestamps, relative to Squarespace Analytics features;
or e-mail address (and any other personal data indicated in the missive) voluntarily provided by the user in connection with the optional, explicit and voluntary sending of e-mails to the contact addresses indicated on the Controller's website;
o information made known or published by the user on the Holder's social pages or website;
or The Website does not request/collect/process personal data deserving special protection, given the merely informative nature of the same. Therefore, the user is advised not to transmit such unsolicited information via the Site and related resources.

3. Purposes of Processing

The user's personal data will be processed for the following purposes:

(a) Browsing on this website. Activities aimed at the operation of the site and the delivery of the service on the platform. The system acquires in the normal course of operation certain personal data whose transmission is implicit in the use of Internet communication. This category of data includes IP addresses or domain names of the computers and terminals used by users, addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.

or Justificatory Reason: Overriding interest of the owner. Legitimate interest of the holder

or Retention Period: navigation on this website: browsing session.

b) Contacting you again. As per your request sent by email to: info@amgest.ch  

or Justification Reason: execution of pre-contractual - contractual measures.

or Retention period: data collected for the fulfillment of requests sent by you will be retained for 1 month.

c) Offenses. To ascertain liability in case of hypothetical computer crimes against the site;

or Justificatory Reason: Overriding interest of the holder. Legitimate interest of the holder

or Retention Period: until the exhaustion of the time limit for judicial protections and/or appeal actions.

d) For legal, administrative and audit purposes. 

or Justificatory Reason: Overriding interest of the holder. Legitimate interest of the holder

or Retention Period: until the exhaustion of the time limit for judicial protections and/or appeal actions.

e) To assert or defend a right in judicial, extrajudicial or administrative proceedings.

o Justificatory Reason: Overriding interest of the owner. Legitimate interest of the holder

o Retention Period: until the exhaustion of the time limit for judicial protections and/or appeal actions.

4. Methods of personal Data Processing

In relation to the purposes described above, the processing of personal data is carried out using manual, computer and telematic tools, however, in such a way as to ensure the security and confidentiality of such data. Its collection, recording, storage, organization, processing, profiling for organizational purposes, selection, extraction, comparison, interconnection, communication, blocking, deletion, destruction is allowed.

5. Recipients of Personal Data 

The user's personal data may be disclosed to:
or data processors ex art. 9 nLPD and art. 28 EU Reg. 679/2016 as well as authorized persons of the processing;
or service providers offering services on behalf of the Data Controller;
or freelancers providing services to the Controller;
or financial administrations, public bodies judicial authorities, law enforcement agencies;
or third parties exclusively for accounting, tax, legal, insurance needs, or in case of controls by police bodies or if required by law;

Such data will not be disseminated and will be subject to processing by persons duly entrusted with the performance of such tasks, constantly identified and/or appointed, appropriately instructed and made aware of the constraints imposed by law, as well as through the use of security measures to ensure the protection of its confidentiality and to avoid the risks of loss or destruction, unauthorized access, unauthorized processing or processing that does not comply with the above purposes.

6. Possibility of Transfer of Personal Data to Third Countries and/or an International Organization

The user's personal data, collected as a result of the user's voluntary browsing of this website, may be transferred abroad to third countries that do not have the same data protection laws as the country where the information was initially provided, as this website is hosted by "Squarespace" which uses servers located in the United States and the Data Controller has enabled Squarespace Analytics. Squarespace's privacy policy can be found at the following link:

(https://www.squarespace.com/privacy?_ga=2.204801682.342446125.1690796781-452108700.1690572781&_gac=1.217784932.1690574947.CjwKCAjwzo2mBhAUEiwAf7wjkszE_4Qrf_T5yTTlTU6jlClmM2gx4fR8-TGcc4bKfzgIjGfPppMKrhoCBzkQAvD_BwE).

In detail, Squarespace relies on a number of means to transfer personal information that are subject to: (a) the European General Data Protection Regulation ("GDPR") in accordance with Chapter V of the GDPR; or (b) applicable UK data privacy laws in accordance therewith. These include:

- Standard data protection clauses. Squarespace transfers, in accordance with Article 46 of the GDPR, personal information to recipients who have entered into the agreement approved by the European Commission for the transfer of personal information outside the European Economic Area. Squarespace transfers, in accordance with U.K. law, personal information to recipients who have entered into the international data transfer agreement approved by the U.K. Information Commissioner's Office and the U.K. addendum to that contract approved by the European Commission. 

- Other Means . Squarespace may, in accordance with Articles 45 and 46 of the GDPR, transfer personal information to recipients that are located in a country that the European Commission or a European data protection supervisory authority has confirmed, by decision, offers an adequate level of data protection, pursuant to an approved certification mechanism or code of conduct, together with binding and enforceable commitments by the recipient to apply appropriate safeguards, including with regard to the rights of data subjects, or to data controllers that have committed to binding corporate standards.

Archived data may also be accessible to law enforcement and national security authorities under certain circumstances.

7. Security of Personal Data

The Controller shall take, both at the technical and organizational level, appropriate security measures to protect the user's personal data from manipulation, loss, destruction or access by unauthorized persons as well as to ensure the user's rights and compliance with applicable data protection provisions.

8. Rights of the Data Subject

As a data subject, the user is accorded the rights recognized by the nLPD as expressed in Articles 24, 25, 26, 27, 28 and 29 thereof as well as in Articles 15 et seq. of the Ordinance on the Federal Law on Data Protection (OLPD), which include the right to access, the right to information, the right to correction, deletion, blocking and portability of processed personal data. If the processing of data falls within the territorial scope of Article 3 EU Reg. 679/2016, the data subject may assert the rights as expressed in Articles 15, 16, 17, 18, 19, 20, 21, 22 EU Reg. 679/2016, by contacting the Data Controller or the Data Processor. You have the right, at any time, to request from the Data Controller access to your personal data, rectification, erasure, or restriction of processing concerning you or to object to its processing as well as to exercise your right to the portability of such data. Where the processing is based on Article 6(1)(a) or Article 9(2)(a) EU Reg. 679/2016, the user has the right to withdraw consent at any time without affecting the lawfulness of the processing based on the consent given before the withdrawal. The user has the right to lodge a complaint with the Supervisory Authority. The Data Protection Supervisory Authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC). In the case of a request for data portability, the data controller shall provide you, in a structured, commonly used and machine-readable format, with the personal data concerning you, subject to paragraphs 3 and 4 of Article 20 EU Reg. 679/2016. To exercise these rights, you may send a request by contacting the Data Controller by email at privacy@amgest.ch.  When contacting the Data Controller, you should be sure to include your name, e-mail address, mailing address and/or telephone number(s) as well as a copy of a valid document for recognition purposes, to be sure that the Data Controller can properly handle your forwarded request. The Holder is required to provide a response within one month of the request; a deadline that can be extended up to three months if the request is particularly complex.

9. Additional Information: Modification/Entry into Force

The Holder reserves the right to change, update, add or remove portions of this privacy policy at its discretion and at any time. Before using the Site or related resources (e-mail, telephone, social accounts, etc.), it is therefore incumbent upon you to verify the tenor of the current policy. In order to facilitate such verification, the notice will contain the date of update.

Effective date: 01.08.2023.