When you interact with us through our website (or otherwise) you may provide, or we may collect, certain information from which you are personally identifiable (which is referred to as personal data). For the purposes of the General Data Protection Regulation or “GDPR” (and all other laws relating to the use your personal data), we are the “data controller”, meaning that we are responsible for deciding how your personal data is used and more importantly, for keeping your data safe and only using it for legitimate reasons.
We are committed to protecting your privacy and will take all steps necessary to comply with our legal obligations when using your personal data.
WHAT THIS POLICY TELLS YOU 1. What types of personal data you provide to us (or which we collect from you) when using our website or when you directly interact with us on other occasions; 2. How and why we use this data and the reasons we are legally allowed to do so; 3. Who we share your data with; 4. Your rights over your data and how you can exercise those rights; and 5. How to contact us if you have any issues or want to find out more.
WHAT INFORMATION DO WE COLLECT AND WHAT DO WE USE IT FOR? You may provide us with the following types of personal information when you register with Swiss500 or otherwise when you directly interact with us (when using our website or otherwise): Identity - first name, surname, Swiss500 log-in information (password), country of residence Contact - email address, telephone numbers and address Financial - payment card details, billing address, purchase information, payment history Profile - your preferences for marketing, other website preferences and feedback on your swiss 500 experiences through reviews and surveys Social - if you choose to open a Swiss500 account using your Facebook, Twitter or Google account, we will use your contact information used for the relevant account to help populate your Swiss 500 registration page We may collect the following types of information from you when you use our website (using cookies or other tracking technologies): Usage - information about how you use our website, including time spent on page, click-through s', download errors Technical - IP address, browser type, hardware type, network and software identifiers, device information, operating system and system configuration
below sets out how we use your personal data and our lawful basis for doing so. We may process your personal data for more than one lawful basis depending on the specific purpose for which we are using it. Importantly, we will only use your personal data when the law allows us to.
WHO DO WE SHARE YOUR DATA WITH? Importantly, we do not pass your personal data onto any third parties for them to market their products/services to you. If in the future we decide that we want to, we will only do so if we have your consent. We do however share your personal data with third parties to help us deliver our products and services to you in the most effective way possible.
DO WE SEND ANY OF YOUR DATA OUTSIDE OF THE EEA? The European Economic Area or “EEA” is deemed to have good standards when it comes to data privacy. As such, we consciously limit the occasions when we may need to transfer or handle your data outside of the EEA. Where we do, for example where our service providers are based outside of the EEA, we make sure that your data is still treated fairly and lawfully in all respects (including making sure we have a legal ground for sending your data outside the EEA and putting in place all necessary safeguards for such arrangement). Where relevant, you will have the right to see a copy of any safeguards we put in place for international transfers of your data.
Article 13 – Information to be provided where personal data are collected from the data subject Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information: the identity and the contact details of the controller and, where applicable, of the controller’s representative; the contact details of the data protection officer, where applicable; the purposes of the processing for which the personal data are intended as well as the legal basis for the processing; where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party; the recipients or categories of recipients of the personal data, if any; where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred to in Article 46 or 47, or the second subparagraph of Article 49(1), reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available. In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing: the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period; the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability; where the processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; the right to lodge a complaint with a supervisory authority; whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data; the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2. Paragraphs 1, 2 and 3 shall not apply where and insofar as the data subject already has the information
In certain situations, you are entitled to: access a copy of your personal data; correct or update your personal data, which you can do yourself by logging into your account or if you would prefer, please contact us and we can help you out; erase your personal data; object to the processing of your personal data where we are relying on a legitimate interest (as set out in the above information ); restrict the processing of your personal data; request the transfer of your personal data to a third party; or where you have provided your consent to certain of our processing activities, in certain circumstances, you may withdraw your consent at any time (but please note that we may continue to process such personal data if we have legitimate legal grounds for doing so). If you want to exercise any of these rights, please Contact Us.
You don’t have to pay a fee to exercise your rights, unless your request is clearly unfounded, repetitive or excessive (in which case we can charge a reasonable fee). Alternatively, we may refuse to comply with your request in these circumstances. Where your request is legitimate, we will always respond within one month (unless there is a legal reason to take longer, such as where your request is particularly complex).
We may also need you to confirm your identity before we proceed with your request if it is not clear to us who is making the request. In addition to the above, you may get in touch with our DPO as outlined below.
CONTACT US If you would like to discuss anything in this policy or if you want to exercise your rights, please get in touch: Email: email@example.com
Please write to us at: The Customer Services Manager Swiss 500 130 130 Old Street London EC1V 9BD