Data Protection Policy for Clients

Scope and purpose

This Data Protection and Privacy Policy (’’Policy’’) applies to Mauro Sportelli, Stradung 38, 7452 Cunter (’’Company’’) and Mauro Sportelli when it processes personal data of clients and business partners (’’Clients).

This Policy sets out the obligations of the Company regarding data protection and the rights of the Clients in respect of their personal data under the Swiss Data Protection Act (’’DPA’’) and General Data Protection Regulation (’’GDPR’’), as amended from time to time (collective ’’Regulation’’).

The Regulation defines ’’personal data’’ as any information relating to an identified or identifiable natural person: an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic,cultural, or social identity of that natural person.

This Policy sets out the procedures that are to be followed by the Company when dealing with personal data of Clients.

Company’s contact

Since the company does not:

• process data on a large scale

• process data systematically

• process special categories of data (data on ethnic origins, sex, religion, etc.) or criminal data

Ways of collecting personal data

Generally, the Company may collect personal data in the following ways:

1. when the Client submits forms or applications to the Company;

1. when the Client submits requests to the Company;

1. when the Client uses the Company’s IT infrastructure;

1. when the Client asks to be included in an email or other mailing list;

1. when the Client responds to our initiatives; and

1. when the Client submits personal data to the Company for any other reason.

 The data protection principle

This Policy aims to ensure compliance with the Regulation. The Regulation sets out the following principles with which any party handling personal data must comply. All personal data must be:

1. processes lawfully, fairly, and in a transparent manner in relation to the Client;

1. collected for specified, explicit, and legimate purpose and not further processed in a manner that is incompatible with those purposes;

1. adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;

1. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purpose for which they are processed, is erased or rectified without delay;

1. kept in a form which permits identification of the Client for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by the Regulation in order to safeguard the rights and freedoms of the Client;

1. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

Privacy Impact Assessments

The Company shall carry out Privacy Impact Assessments when and as required under the Regulation.

Data protection measures

 The Company shall ensure that all its Employees, agents, freelancers, contractors, or other parties working on its behalf when processing data, will apply and implement the appropriate technical (e.g use of passwords; encryption of sensitive personal data; regular back-ups of secure networks, etc.) and organizational (e.g. access only on on a need to know basis; signing of NDAs by Employees where necessary, etc.) measures.

Transferring personal data to a country outside the EEA

The Company does not transfer any personal data to countries outside of Switzerland.

Specific stipulations regarding the use of our website

At chelton.ch, one of our main priorities is the privacy of our visitors. This paragraph contains types of information that are collected and recorded by chelton.ch and how we use it.

• We are a Data Controller of your information

• Log Files

chelton.ch follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services’ analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users’ movement on the website, and gathering demographic information.

• Cookies and Web Beacons

Like any other website, Mauro Sportelli uses ‘cookies’. These cookies are used to store information including visitors’ preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users’ experience by customizing our web page content based on visitors’ browser type and/or other information. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Implementation of policy

This Policy shall form part of the respective contract concluded between the Company and the Client.