This privacy policy refers to the processing of all forms of personal data pursuant to the General Data Protection Regulation (GDPR) of the European Union and to the Swiss Law on Data Protection (LPD).

Please read our privacy policy.

The terms not defined in our privacy policy are set out in the terms and conditions of the website.

By using the website, you accept the following practices:

1. Personal data and sensitive data concerning health

The term “Data” means the data defined by Art. 4.1 of the GDPR, namely any information relating to an identified or identifiable natural person, as well as those defined as “data concerning health” by Art. 4.15 of the GDPR.

2. Data controller

The controller of your personal data (i.e. the legally responsible party) is Cedic (via Liberazione, 63/9, 20068, Peschiera Borromeo, MI, Italy).

3. Purpose of the privacy policy

The privacy policy defines the type of personal data collected through the website and its procedures for collection, processing, storage, transfer, use and disclosure of your personal data.

The policy shall apply to all use of the website, regardless of how it is used. It sets out the conditions under which your personal data are collected when you use the website.

4. Consent

While using the website as a user (hereinafter: “You”), you accept that your personal data, including data concerning your health, will be collected and processed in accordance with this privacy policy.

By accessing, browsing or using the website, you acknowledge that you have read and understood this privacy policy and accept to be bound by it as well as to comply with all applicable laws and regulations.

5. Changes to the privacy policy

We reserve the right to make changes to the privacy policy. Where applicable, you will be informed of this by email or by notification, and your consent will be required for these changes. If you do not agree with these changes, you are free to close your account. In this case, we guarantee the portability of your personal data.

6. Data which may be collected

The website collects the data described in the following sections:

6.1 Data you provide to us directly

When you contact us directly to obtain information about the services, we collect personal information, which may include your name and details (for example, your email address), the equipment used as well as any other content included in the contact form.

When you contact us on behalf of someone else, you provide us with personal information about other people, if other people give us your information, or if you authorise someone else to share or send your personal information to our third-party service provider(s) with the purpose of requesting the service or actions as part of your data protection rights, we will only ever use this information for the purpose for which it was provided.

When you sign up to our distribution list or to our newsletter, we collect personal information, particularly your name and details (for example, your email address), as well as any other content included in the email.

When you contact us or send us correspondence about our service, we collect information in order to follow up on your request and respond to it, investigate any breach of our terms of service, our privacy policy or the applicable laws or regulations, and analyse and improve our services.

6.2 Data collected in connection with using the website or by email/SMS

We may use cookies and similar technology on our websites (such as web beacons, tags, scripts and device identifiers). Cookies are small data files stored on your hard drive by a website. When you visit our websites, certain information is collected automatically (for example, the computer’s operating system, the IP (Internet Protocol) address, access times, the browser type and language and the website that you visited previously). Cookies help us to:

• personalise and improve our sites and your experience;
• characterise site user activity. We use cookies to know which areas and functions are the most popular and to count the number of visits to our sites;
• ensure security;
• collect demographic information about our user base;
• offer you our services;
• monitor the success of marketing programmes;
• distribute targeted advertising on our website and on other websites.

If you reject cookies, you can still use our sites, but your ability to use certain functions or areas of our sites may be limited. We may use the following types of cookies:

• Essential cookies: this type of cookie is necessary so that we can configure certain parts of the sites without major changes and disruptions.

• Advertising cookies: we work with third-party advertising networks that collect information with the help of cookies in order to help make the ads that you see on our sites and elsewhere on the internet more relevant to you and to measure the effectiveness of the advertising on our sites. We do not decide which cookies are installed or how your data are used by these third parties, so you should refer to their privacy policy for more information about the cookies installed and their privacy practices and how they use information.

7. Use of data

Your personal information will only be used in the manner described in this policy.

7.1 To provide, analyse and improve our services

We process your personal data for the following purposes:

• to process your requests;
• to respond better to your requests;
• to monitor maintenance cases;
• to store information required by law and for archiving purposes;
• to improve the services offered such as safety and functionality;
• to carry out studies and gather statistics about user habits;
• to prepare anonymous provisional reports for internal use or for external partners;
• to send you communications;
• to send you the Cedic newsletter, if you are a subscriber;
• to prevent any illicit or illegal activities;
• to enforce the website terms and conditions of use;
• to access third-party services if you connect to your account via third-party services.

7.2 Allowing your personal data to be shared with others

In accordance with the applicable law, you may have the right to request that the Cedic share information with others, including personal information, through the services. The option to share your information will be coordinated with you and our third-party service providers.

7.3 Sharing and communicating data to processors

Data may be made accessible to individuals responsible for operating the platform (administration, commercial, marketing, legal, system administration) or to third parties (such as providers of technical services, electronic messaging, hosting, computer maintenance or communications agencies) appointed by Cedic to process these personal data. The updated list of these external parties involved can be requested at any time from the data controller.

We may share your data with processors that work on behalf of Cedic. This transfer is carried out to help or to participate in the functioning of the website, in particular by managing, hosting or storing the platform, to carry out advertising, to carry out research, to monitor and analyse the network status. It may also be used to help to execute commercial transactions, such as the provision of services to customers.

When we share your data with our providers to perform the aforementioned actions, we require that the processing of your personal data by these third parties be limited and carried out in accordance with this privacy policy.

7.4 Sharing and communicating data to third parties with your consent

Your personal data may be shared exclusively with your consent to the third parties involved in signing the contract.

7.5 Sharing and communicating data in order to meet a legal obligation or to defend our rights

Your personal data may also be shared in order to respond to requests from legitimate government authorities or when required by the applicable laws, a court decision or a government regulation, as well as when deemed appropriate for audits or to investigate or to respond to a complaint or a security threat, or any other method to defend our interests.

8. Storing data

Your data will be hosted in Switzerland according to the ISO 27001 standard information system security.

We store your personal data for as long as we need to achieve the objectives for which we collected them and to comply with the applicable legal obligations and regulations. In particular, to determine the duration of personal data storage, we take into account the time we require them in order to:

• Store business records for analysis and/or auditing purposes;
• Comply with the record storage requirements envisaged by the law;
• Defend or take any existing or potential legal action;
• Process any complaint concerning our sites or any service provided on our sites.

We will delete your personal data when they are no longer needed for these purposes. If there are data we cannot entirely delete from our systems for technical reasons, we will implement appropriate measures to prevent any further processing or use of the data.

We may destroy or delete the personal data that we have collected from you at any time, at our discretion.

9. Transfer abroad

The data processed by the website will be kept in Switzerland and may be transferred to other countries with an adequate level of protection. In this case, we will follow all the applicable rules and regulations and will adopt all required and necessary measures before sending data abroad.

10. Security

The security of your data is very important to us. We undertake to process your data in an adequate manner and we will take all technical and organisational measures in terms of security to prevent fraudulent access, disclosure, modification or unauthorised destruction of your data.

We follow the strictest rules and recommendations as well as technical standards in terms of security. We use advanced technology and security measures, rules and other procedures to protect your personal information from any unauthorised access, misuse, disclosure, loss or destruction. Security barriers (firewalls) as well as password protection means that meet industry standards are also used to protect your identifying information.

You acknowledge that using the internet is not always safe and that it involves risks for your data. We will do all we can to protect your personal data as well as your information, but we can neither guarantee nor ensure that the data you provide are shielded and protected from theft and unauthorised access by third parties, damage for which we accept no responsibility.

It is your responsibility to ensure that your computer is properly secure and protected against malware such as Trojan horses, computer viruses and worms. You are aware of the fact that, without adequate security measures (including a secure browser configuration and an updated anti-virus software), there is a risk that the data and passwords you use to protect access to your data could be communicated to unauthorised third parties.

In the event that your personal data have been unduly seen by an unauthorised individual or if there are reasons to believe this has occurred, current law requires us to notify you. We undertake to report any breach to you via email or notification.

11. Rights of access and right to portability

You may ask us whether we process data concerning you, receive a copy of the data processed (in this case, we will require a copy of an official form of identification) and correct any incorrect and/or missing personal data.

You have the right, at any time, to request access to your collected data, the modification of any incorrect information or the deletion of all your collected data.

Likewise, you may withdraw your consent to data processing at any time.

We guarantee the portability of your data, and we undertake to transfer your data to any third-party service upon your written request.

If you wish to exercise one or more of these rights, please contact us via our contact form or by letter at the following address: Cedic srl, via Via Liberazione, 63/9, 20068 Peschiera Borromeo (MI), Italy. You may be requested to attach a copy of official identification (identity card, driving licence or passport).

Note that any information copied by us may still remain in our backup system for some time after your deletion request. Even in this case, none of your account data will appear in our active user database. Please remember that personal data sent to third-party services, such as social networks, are not stored on our servers, and therefore we cannot delete them from the internet.

12. Deletion of data and backup systems

In principle, any personal data that have been collected through the website will be deleted on request or by closing the website, except in the case of a legal obligation to store these data.

All data that have been collected through the website may be stored and saved even after cancelling the account or closing the platform, at least temporarily, in particular (especially) in the case of backup systems. Anonymous information may be stored without restriction.

13. Links

If certain website pages contain links to platforms or pages belonging to third parties, these platforms or pages do not apply the same privacy policy.

If you choose to visit one of these third-party platforms or pages, you will be redirected to these third-party platforms or pages. We do not have any control over the platforms or pages belonging to third parties, and we recommend as a result that you read the privacy notices of these platforms or pages for information about their procedures for personal data collection, use and transmission.

14. Compliance with laws and enforcing laws

Under legal obligation, we collaborate with representatives from the government, the justice system and private parties to apply and respect the law. In this case, we will send all your personal data to government representatives, justice system and private parties if we consider it useful and necessary in order to comply with our legal obligations of responding to legal actions or proceedings (especially including summons accompanied with a fine), to defend the property and rights of Cedic, to protect public and individual safety, to predict or stop any activity that may be considered or is at risk of being illicit or subject to criminal prosecution. Regarding compliance, please contact us.

15. Transfer of assets

We may sell, dispose of, transfer or exchange all or part of our assets, including your data, as part of a merger or acquisition, reorganisation, sale of assets or in the case of bankruptcy or insolvency. Your acceptance of this privacy policy and the collection of your data constitute your explicit agreement to such transfers.

16. Governing law and jurisdiction

Though this policy and our practices aim to comply with the GDPR, any matters arising from or in relation to them (including disputes or non-contractual claims and their interpretation) will be subject to Swiss law, with the exception of the rules on conflict of laws.

All litigations, claims or disputes on any matter relating to this policy will be subject exclusively to the competent courts, under reserve of recourse to the Federal Supreme Court of Switzerland.

Peschiera Borromeo, 2022