Logo Dark

Privacy Policy

Last updated on 09 Aug 2023

  1. INTRODUCTION

    Data protection is a key concern for us. This privacy statement is intended to help you understand our general privacy policy. You will find any information concerning the data processing of your personal data as a user of our website www.exys.swiss in our “Cookie Policy” (LINK).

  2. LEGAL BASIS

    This privacy statement is based on the Federal Data Protection Act (FDA) and the European General Data Protection Regulation (GDPR).

  3. CONTROLLER

    The Controller is the company EXYS SA, having its registered office in Via dell’Inglese 6; 6826 Riva San Vitale; Switzerland.

  4. DEFINITIONS

    Personal data Any information relating to an identified or identifiable natural person (data subject). In particular by reference to an identifier such as the name, the first name or the address, the email, the telephone number, etc.

    Consent Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

    Privacy Impact Assessment (PIA) A PIA is a detailed study to establish the risk to privacy that a personal data processing could have on the privacy of the data subject should an incident occur.

    Purpose of processing The purpose of processing is the reason why the data is collected.

    Data subject Any natural person subject to a processing of personal data.

    Controller The controller is the natural person or legal person on whose behalf the treatment is carried out. It determines alone or jointly the purposes of the treatment.

    Processor The processor is any natural or legal person, public authority, service or other body that processes personal data on behalf of the controller. For example, a web host or an online service provider.

    Processing Any transaction or set of transactions involving personal data, whether or not performed using automated processes, including the collection, recording, organization, retention, adaptation, modification extraction, consultation, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection and limitation, erasure or destruction.

  5. PROCESSING YOUR DATA

    We only process data that you choose to transmit to us and for which you explicitly consent to the treatment.

    CONTACT FORM Through our website, you can fill out a contact form. The following personal data will be requested:

    • Full Name
    • E-mail

    You have the opportunity to write a message related to your contact request. We recommend that you remain concise in your message and not provide us with any personal information.

    NEWSLETTER You can also choose to receive our newsletter by ticking the option provided for this purpose. You will then receive a request for consent by email which will clearly indicate the purposes of processing your personal data that you can accept or refuse selectively.

    If you have subscribed to our newsletter and do not wish to receive it anymore, you can unsubscribe by clicking on the “unsubscribe” link at the bottom of the newsletter. By doing so, you will receive an automatic confirmation of un-subscription and your data will be automatically deleted from the file provided for this purpose.

  6. PURPOSES OF TREATMENT

    We treat your data only in order to best meet your expectations. By collecting some of your personal data, two purposes stand out:

    1. Operational purposes:
      • Respond to requests for contacts or information
      • Establishment of an offer(s)
    2. Marketing purposes:
      • Sending newsletters
      • Sending commercial offers
  7. TRANSFER OF YOUR DATA

    As part of the implementation of this privacy policy, we use subcontractors, processors based in Switzerland and in other countries to execute our various data processing.

    We draw your attention to the fact that the servers of our subcontractors, processors may be located in states whose legislation does not include data protection rules appropriate or equivalent to the LPD or the GDPR.

    If this is the case, we ensure that our subcontractors, processors, provide data protection safeguards and that they apply equivalent or GDPR-compliant standards, regardless of the geo-location of their servers.

  8. DATA PROTECTION MEASURES

    We strive to maintain a high level of security in the collection, processing and retention of data by relying on organizational and technical measures and taking the necessary precautions regarding the nature of the personal data that you are likely to communicate to us and the risks presented by their treatment in order to preserve its security and prevent such that they are altered, damaged, destroyed or that unauthorized third parties have access to it.

    However, we draw your attention to the fact that it is impossible to guarantee absolute protection and invite you to apply good practices in order to contribute to the security of your data, in particular not to communicate your identifiers and passwords to other users. third parties, to disconnect systematically from your profiles and customer accounts, to close your browser window after your session, to clean the browsing history, especially if you access the Internet from a public post to which other people have access and not to save your credentials and passwords in the browser.

    We supervise the processing of data by technical and organizational measures specific to the processing of personal data. All of our staff, agents and partners are required to adhere to these measures.

    Encryption We use Secure Socket Layer (SSL) encryption to protect our website from the loss, destruction, access, modification and dissemination of your data by unauthorized third parties. SSL encryption encrypts content when you provide data on our site. We use the TLS standard.

    Sensitization We make our employees and partners aware of the risks associated with the processing of personal data.

    Limitation of processing We limit the collection and processing of personal data to the strict minimum necessary to fulfil the intended purpose.

    Access control We control and limit access to the processing of personal data to a limited number of people.

    Keeping your data Your data is stored in our systems for the time necessary for the intended processing. After processing, the data is archived and anonymized or destroyed.

    PIA We carry out a Privacy Impact Assessment before implementing any personal data processing that may involve a risk for the data subjects privacy.

    Selection of subcontractors, processors We endeavour to select mainly subcontractors, processors, established in Switzerland or the European Union who contractually undertake to respect the confidentiality of personal data and who are guaranteed by the adoption of organizational and technical measures consistent with the LPD and GDPR.

  9. YOUR RIGHTS

    The Federal Data Protection Act and the EU General Data Protection Regulation grant the following rights to the data subjects.

    • Right of information
    • Right to access your data
    • Right to rectification of your data (complete, updated)
    • Right to oppose the processing of your data
    • Right to limit the processing of your data (Purpose & duration of treatment)
    • Right to the portability of your data (transmitted to a third party on your instruction)
    • Right to erase your data (Right to be forgotten)
  10. EXERCISE YOUR RIGHTS & INFORMATION

    You can exercise your rights or request information by contacting us via the email address privacy@exys.swiss. We will do what is necessary to answer you as soon as possible.

    Our privacy policy may require periodic updates, including as part of the evolving regulatory framework for data protection. We invite you to check this page regularly to make sure you have read the latest version.