We take the protection of your personal data seriously, meaning that we process your personal data with due care and in accordance with applicable data protection laws.

Definitions

Capitalized terms not defined herein shall have the meanings ascribed to them in the Advitech Terms and Conditions.

Consent

By accepting this Data Protection and Privacy Policy, you explicitly agree to the processing of your personal data for the purposes mentioned hereinafter and be legally bound by and explicitly consent to this Data Protection and Privacy Policy, as it may be amended from time to time. Wherever our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time by contacting us at the contact details below. Withdrawal of your consent does not affect the lawfulness of processing of your personal data based on consent before your withdrawal. Should you withdraw your consent to the processing of your personal data, please note that such withdrawal may prevent us from providing you with all or part of our Services.

Scope

This Data Protection and Privacy Policy describes how we process your personal data that we collected or you submitted, disclosed or made available otherwise (directly or through an intermediary) to us and which rights and options you have in this respect. Additional provisions may supplement this Data Protection and Privacy Policy pursuant to the terms of any other contractual relationship we may have with you or your representative. This Data Protection and Privacy Policy does not apply to privacy practices or services offered by other companies or individuals. In particular, this Data Protection and Privacy Policy does not cover the activities performed by other companies and organizations who advertise our Services or any third party operating any website to which our Website may contain a link. This Data Protection and Privacy Policy is without prejudice of your right to lodge a complaint with a supervisory authority, if necessary.

Data controller and data controller’s representative in the EU

Advitech Advisory and Technologies SA, c/o Lenz & Staehelin, Avenue de Rhodanie 58, 1007 Lausanne, Switzerland is the data controller and can be contacted at T: +41 (0)21 2130270 - e-mail: info@advitechswiss.com. Mr. Daniele Cardoso - Advitech Advisory and Technologies SA, c/o Lenz & Staehelin Avenue de Rhodanie 58, 1007 Lausanne, Switzerland - is the data controller’s representative in the European Union and can be contacted at T: +41 (0)21 2130270 - e-mail: info@advitechswiss.com.

Personal data and technical data

Your personal data we may process consist of first name, last name, email address, telephone number, address, contact details of companies’ representatives. Please also note that your credit card and/or banking details will be disclosed to and processed by our correspondent payment processors and banks when making a payment through our Platform, as further detailed below in the chapter entitled "Disclosure of your personal data to third parties". We may also collect technical data such as the internet domain from which you access the Website, the IP address (a unique number for each computer connected to the internet) from which you access the Website, the type of browser (e.g., Firefox, Chrome, Internet Explorer) used to access the Website, the operating system (Windows, Unix, etc.) used to access the Website, the date and time you access the Website, the URLs of the pages you visit, your username, if it was used to log in to the Website and/or Platform and if you visited our Website from another website, the URL of the forwarding website.

Purposes

We process personal data for the following purposes:

• to run, maintain, develop and enhance our business, our Services and communication with you;
• to respond to contact inquiries;
• to process orders;
• to perform and manage the contracts we signed with you;
• to perform our contractual obligations towards you or to take pre-contractual steps at your request;
• to comply with any of your specific request;
• to comply with our legal and regulatory obligations, including court orders and exercise and/or defend our legal rights, reporting to and/or being audited by regulatory bodies, record keeping obligations;
• because processing is necessary for purposes of our legitimate interest or those of any third party recipients that receive your personal data, provided that such interests are not overridden by your interests or fundamental rights and freedoms;

As for technical data, they are collected to optimize your experience when visiting our Website and render it more user friendly, better understand how our visitors use our Website and analyse their behaviour for statistical purposes. We will ask your consent before using your personal data for a purpose other than those set out above, subject to processing based on other legal grounds (e.g. our legitimate interests overriding your interests as data subjects, compliance with legal obligations, etc.).

Storage period

We do not store personal data for longer than is legally permitted and necessary for the related processing purposes. The storage period depends on the type of personal data and the purposes of the processing and therefore varies per use. Typically, we store your personal data for as long as you use our Services or for as long as we have another purpose to do so. We erase personal data after the above described storage period or when you request us to erase your personal data, to the extent we are not legally required or have a legitimate ground to continue storing your personal data (e.g. to assert or defend against legal claims until the end of the relevant retention period or until the claims in question have been settled).

Your rights

Your are entitled to submit us a request in order to:

• have access to your personal data and obtain information in relation to their processing (i.e. purposes of the processing, categories of personal data concerned, recipients to whom personal data have been or will be disclosed, etc.);
• request the completion or correction of any personal data that is incomplete or inaccurate;
• restrict or object to the processing of your personal data;
• erase your personal data;
• receive, or request us to transmit to another designated person or entity, your personal data in a structured, commonly used and machine-readable format;
• withdraw your consent to the processing of your personal data.

Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above or that you may not be able to make use of the Services offered by us. Please note that the above rights can be limited – for example, where we need your personal data to comply with the law or assert or defend against legal claims or have other compelling legitimate grounds for the processing that override your interests, rights and freedoms. We may therefore be able to continue processing your personal data even after you have chosen to withdraw your consent to the extent required or otherwise permitted by law. To exercise any of the abovementioned rights, please contact us at the contact details below. If requests are manifestly unfounded or excessive, in particular because of their repetitive character, we reserve our right to either charge a reasonable fee taking into account the request or refuse to act on the request. We may request the provision of additional information to confirm your identity if we have reasonable doubts concerning the identity of the person making the request.

Security

We implement and maintain reasonable and appropriate technical and organizational security measures in particular to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction or damage and ensure the ongoing confidentiality, integrity, availability of personal data and resilience of the systems and services used for processing of personal data. We regularly audit the application of our security measures and we ask third party experts to review our security controls against recognized standards. These audits help us to further improve our security level. If, despite our security measures, a security breach would occur that is likely to result in a risk for your personal data, we will inform you, as well as relevant authorities when required by applicable data protection laws, about the security breach as soon as reasonably possible.

Staff

Your personal data will be made available only to the members of our staff who need to have access to such personal data for the purposes specified in this Data Protection and Privacy Policy. Such members of our staff have been instructed with respect to the contractual and legal data protection obligations and are bound to confidentiality.

Disclosure of your personal data to third parties

In order to process your payment made through our Platform, you will be redirected to the payment processor website. While it will not be possible for us to have access to your credit card details and/or banking details, such data will be disclosed to and processed by our correspondent payment processors and banks located in Switzerland. We concluded written agreements with them imposing data protection obligations that are no less protective than our commitments described in this Data Protection and Privacy Policy. They must in particular comply with our instructions and the applicable legal data protection requirements. We may also disclose your personal data where this is necessary to meet any applicable law or court order or to protect your or our interests in accordance with the law.

Your obligations

You must ensure that personal data you provide us with are correct, accurate, current, truthful and compliant with any applicable laws. In particular, since we will mainly use email communications with you, you are required to notify us of any modification of your email address. Insofar as you provide us with personal data about third parties, you represent and warrant that you have the right to share such personal data and, where necessary, have obtained sufficient informed consent from the concerned data subjects and provided them with all necessary information, as may be required by applicable law or agreement, in order for us to process, store and disclose any such personal data without taking any further steps. In particular, you must ensure the concerned data subject is aware of the various matters detailed in this Data Protection and Privacy Policy, including without limitation our identity, how to contact us, our purposes of processing, our personal data disclosure practices and the data subjects’ rights.

Children’s Privacy Protection

We do not knowingly collect any information from children under 16 years of age. If a child under the age of 16 has provided personal data without the consent of the holder of parental responsability, please contact us at the contact details below so that we can delete such data. Youth under the age of 16 are encouraged to use our Website only with the involvement of a parent or guardian.

Changes

This Data Protection and Privacy Policy is dated 29 October 2018. We may update this Data Protection and Privacy Policy at any time if required in order to reflect changes in our data processing practices, in personal data protection laws or otherwise. If the changes are significant (e.g. your personal data will be processed for new purposes), we will require your consent during your next login on the Platform. We may not be able to provide you with all or part of our Services as long as you have not accepted the amended terms.

Contact

For any question or request, please contact us at T: +41 (0)21 2130270 - e-mail: mailto:info@advitechswiss.com.