Information on the processing of personal data and cookies on the website
In compliance with the obligations deriving from Regulation (EU) no. 2016/679 of the European Parliament and Council of 27 April 2016 (hereinafter, the “Regulations” or “GDPR”) and of the current national legislation, GALM Sagl respects and protects the personal data of visitors and users (hereinafter, the “Interested parties”) of the website www.galmtrade.ch (hereinafter, the “Website”).
This document provides information on the processing of personal data collected by GALM Sagl through the Website and therefore constitutes a disclosure to the Interested parties pursuant to the aforementioned legislation and does not apply to personal data collected by GALM Sagl through channels other than the Website.
According to the provisions of the Regulation, the processing of personal data of interested parties is carried out in compliance with the principles of correctness, lawfulness, transparency and protection of confidentiality.
The Internet site contains links to other websites: this information does not apply to other websites, which may be consulted by interested parties through appropriate links. These websites may contain information on the processing of personal data that are not fully or partially disclosed in this statement. GALM Sagl therefore invites interested parties to read carefully the privacy policies of each other site they connect to, especially before entering any personal information.
2. Data controller
The data controller is GALM Sagl (hereinafter, “GALM Sagl” or the “Data Controller”), P.IVA CHE-279.365.129, registered office Via Ronco Nuovo 40 6949 Comano Switzerland (tel: +41 797065995; email firstname.lastname@example.org).
3. Categories of personal data processed through the Website
The Data Controller, through the Website, may process the following data:
The information systems and software procedures relied upon to operate this Website acquire personal data as part of their standard functioning; the trasmission of such data is an inherent feature of Intenet communication protocols.
This data category includes the IP addresses and/or domain names of the computers and terminal equipment used by any user, the type of browser, the name of the Internet Service Provider, the URI / URL (Uniform Resource Identifier / Locator) addresses of the resources requested, the data and time of visit of the website, the method used for submitting ta given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), the web page of the user’s origin and that one of the exit and other parameters related to the user’s operating system and computer environment.
Data communicated by users
Sending messages, on the basis of the user’s free, voluntary, explicit choice, to the data Controller’s contact addresses and filling in and sending the forms made available on the website entail the acquisition of the sender’s contact information as necessary to provide a reply as well as of any and all the personal data communicated in that manner (such as name, surname, email address …).
In any case, the Interested parties have to provide true and accurate data and to promptly inform the Data Controller of any subsequent changes.
4. Cookies and other tracking systems
The Website uses the following cookie categories:
Cookies in this category include both persistent cookies and session cookies. They allow us to distinguish between the connected users, preventing a service from being supplied to the wrong user and therefore resulting from an express request from the user. These cookies are also used for website security purposes and of the users themselves. In the absence of such cookies, the site or some parts of it may not work properly.
Cookies in this category are always sent from our domain, and for them there is no need for consent of the interested parties.
Cookies in this category are used to collect information on the proper use of the site and on the users’ behavior for statistical analysis purposes, to improve the site and simplify its use. This type of cookie collects anonymous information on the activity of users on the site and the way in which they arrived at the site and the pages visited. Cookies in this category are sent from the site itself or from third-party domains.
The Website also acts as an intermediary for third-party cookies, used to provide additional services and functionality to visitors and to improve the use of the site, such as buttons for social media. Some of these cookies are profiling, ie used by third parties to collect information on the behavior and interests of users in order to provide personalized advertising.
THE DISABILITY OF COOKIES COULD PREVENT THE CORRECT USE OF SOME FUNCTIONS OF THE SAME SITE, in particular the services provided by third parties may not be accessible, and therefore may not be viewable, by way of example, YouTube videos or other video sharing services; social button social networks; Google maps.
5. Purpose and legal basis of the processing
The Data Controller processes traffic and navigation data for the following purposes:
(a) manage, administer and improve the Website; check the correct functioning of the services offered;
(b) fulfill the obligations established by law and / or regulations and / or orders of the judicial authority;
(c) prevent and / or detect fraudulent and / or malicious activities for the Website;
(d) carry out analyzes with technical and / or commercial purposes; obtain statistical information on the use of the services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.).
The processing of such data is necessary to be able to browse the Website.
The Data Controller processes the data communicated by the Interested parties for the following purposes:
(e) respond to requests for assistance and, in general, to any request and / or request made by users;
(f) send users administrative and / or technical support e-mails (purely by way of example, technical notes, reminders, updates ..);
(g) send by e-mail and / or by e-mail newsletter, commercial communications and / or advertising material on products and / or services offered by the Data Controller.
The processing of data communicated by the interested parties for the purposes indicated above requires the consent of the data subjects. This consent is always optional but, failing that, GALM Sagl can not process the data collected for the aforementioned purposes.
6. Data communication
Personal data collected may be communicated to supervisory bodies, judicial authorities as well as to all subjects to whom the communication is mandatory by law and / or necessary for the accomplishment of the purposes described above.
7. Methods of processing personal data collected and storage period
The collected data can be submitted to both paper and electronic and / or automated processing.
In any case, the Data Controller will process the personal data collected for the time necessary to fulfill the purposes set out in this information and, in any case, for a period not exceeding what is required by law (including the relevant legislation tax).
8. Transfer of personal data to Switzerland
The management and storage of data will take place on the data controller’s server, and / or third-party companies duly appointed as Data Processors, located in Switzerland, a country which, as recognized by the European Commission in accordance with the provisions of art. 45 GDPR, guarantees an adequate level of protection of personal data.
In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers in Italy and / or within the European Union.
9. Security measures
The Data Controller processes the data of the Interested parties in a lawful and correct manner, adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data, as well as illicit use of data.
The processing is carried out through IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated, and the data are stored and stored in secure facilities with access and personnel verification limits.
Access to information is strictly limited to authorized personnel.
The Website is constantly monitored to check for security breaches.
In addition to the Data Controller, in some cases, they may have access to the data categories of persons involved in organizing the Website (administrative, commercial, marketing, legal, system administrators) or external subjects (as suppliers of third party technical services, couriers, hosting providers, IT companies, communication agencies), who will act on the basis of the specific instructions provided by the Data Controller.
In any case, the Data Controller invites interested parties to adopt suitable protections and / or precautions against unauthorized access to their private area and / or their computer.
10. Data subjects’ rights
In compliance with the provisions of Chapter III of the GDPR, the Interested parties may at any time exercise the rights therein provided for and in particular:
Right of access: obtain from the Owner confirms that Personal Data is being processed or not, and in this case, receive information about the purposes of the processing, the categories of Data involved, the recipients or categories of recipients to whom Personal Data are or will be disclosed, the retention period of Personal Data or the criteria for determining such period (Article 15, GDPR);
Right of rectification: obtain from the Owner, without unjustified delay, the correction of incorrect Personal Data and the integration of incomplete Personal Data also providing an additional declaration (Article 16, GDPR);
Right to cancel: obtain from the Owner, without undue delay, the cancellation of Personal Data, in the cases provided for by the GDPR (c.d. “right to be forgotten” – Article 17, GDPR);
Right of limitation: obtain from the Data Controller the limitation of processing, in the cases provided for by the GDPR (Article 18, GDPR);
Right to portability: receive from the Owner in a structured format, commonly used and readable by automatic device, the Personal Data concerning them provided to the data controller and request to transmit them directly, or through the holder if technically feasible, to another data controller (so-called “data portability right” – Article 20 of the GDPR);
Opposition right: to object to the processing of personal data and to the processing of personal data for direct marketing purposes (Article 21 of the GDPR).
The appropriate application can be submitted by contacting GALM Sagl at any time by post at: GALM Sagl Via Ronco Nuovo 40 6949 Comano Switzerland; by e-mail at the address email@example.com.
With the same procedures, the consent expressed in reference to this information can be revoked at any time without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation.
Any communications and actions undertaken by GALM Sagl for the exercise of the rights listed below, will be made free of charge, except for the cases provided for by art. 12, paragraph 5, of the GDPR.
Interested parties may also contact GALM Sagl at the telephone number +41 797065995 for the case in which they need information and / or clarifications regarding the processing of personal data carried out through the Website.
11. Right to lodge a complaint
Interested parties who believe that the processing of their personal data carried out through the Internet Site is in violation of the provisions of the Regulations have the right to lodge a complaint with the Guarantor, as required by art. 77 of the Regulations, or to take appropriate judicial offices (Article 79 of the Rules).
12. Protection of minors
The Data Controller does not allow persons under the age of 16 to use its services and therefore does not intentionally collect information about them. Should you notice that you have collected data relating to persons under the age of 16, in the absence of demonstrable parental consent, we will delete such data as soon as possible.
13. Periodic updates of this privacy statement
This privacy statement is valid and effective with effect from 25 May 2018 and may be subject to changes over time, also due to changes or additions to the current legislation.
Should the Data Controller make any significant change to this document, the Data Controller will inform the Interested parties through the means which it considers most suitable for the purpose (such as, but not limited to, the publication on the home page of the Website and / or sending a newsletter to the email address provided by the Interested parties).
This information was updated on 25 May 2018.