1. Legal Basis for processing your personal data.
We only process your personal data if we have a valid legal ground to do so.
1.1. We recognize the importance of your privacy and of transparency in our processing of your personal data. We will only process your personal data if we have valid legal ground to do so. Depending on the purposes pursued, we will therefore only process your personal data if:
we have obtained your prior unambiguous consent;
the processing is necessary to perform our contractual obligations towards you or to take pre-contractual steps at your request;
the processing is necessary to comply with our legal or regulatory obligations; or
the processing is necessary for our legitimate interests except where they are overridden by your interests or fundamental rights and freedoms. Relevant ‘legitimate interests’ include: (i) to benefit from cost-effective services (e.g., we may opt to use certain services offered by suppliers); (ii) to protect the security of our IT systems, architecture and networks; and (iii) to meet our corporate and social responsibility objectives.
2. How and where we collect your personal data
We collect the personal data which you provide.
2.1. We collect, directly or indirectly via our partners, the personal data you provide when you correspond with us and/or our partners, or when you use the Giotto Compliance Platform, for example, when you create and/or manage your account, through webforms you fill or when you upload content.
2.2. Such information may include your name, user name, address, email, telephone numbers, gender, payment information, and any other information which we and/or our partners may request from you, or which may be provided to us by you without request or by other users. Please note that if you provide us with third parties’ personal data, you will act as a data controller, and we will act as data processor with reference to such data. As data processor, we will process such third parties’ personal data exclusively in accordance with the instructions you provided us as data controller.
Certain information is mandatory, some is optional.
2.3. The fields identified by an asterisk are mandatory and require information on your part. Should you not provide an answer for one or more of these fields, we will not be in a position to provide access to the services provided through the Giotto Compliance Platform.
2.4. Should you not provide answers for the optional fields, it will still be possible to access the Giotto Compliance Platform’s services. These fields may be completed at any time through your account settings.
Certain personal data are also collected in an automated manner.
2.5. We may also automatically collect personal data when you access and use the Giotto Compliance Platform, including by means of tools, web forms, cookies and other active elements contained in our emails and/or those of our partners, such as the IP address or other user identification information, visiting date on the Giotto Compliance Platform, your preferences, the links you select within the Giotto Compliance Platform or other information related to your interaction with the Giotto Compliance Platform.
You can define certain authorizations and settings related to the automated collection of your personal data.
2.6. You may define certain authorizations related to data collection, in the settings of your device or of your web browser, according to the available functionalities.
3. Processing methods
We may process your personal data by automated means but take appropriate security measures in this respect.
3.2. Provided that we have obtained your prior and unambiguous consent, we may use your personal data to create a profile about you and provide you with more relevant information and services (profiling). You may have the right to object to such activities, in accordance with applicable data protection laws. We do not use any individual decision-making based solely on automated processing.
4. Purposes of data processing
We process your personal data to operate the Giotto Compliance Platform and to provide the related services.
4.1. Your personal data are collected so that we may operate the Giotto Compliance Platform and provide the services connected therewith in order to perform our contractual obligations and in compliance with legal or regulatory obligations, as well as for client and user management, in particular for contacting you about our services or any modifications thereto.
We may process your personal data for sending our newsletter, or for other marketing and advertising purposes.
4.3. You may withdraw your consent at any time.
We may process your personal data to improve the services and for statistical purposes.
4.4. Unless you object to such processing, we may process your data for statistical purposes, for internal analysis, to ensure the Giotto Compliance Platform’s stability and security and/or for the improvement of the products and services available through the Giotto Compliance Platform, in accordance with data protection laws. You may object to such processing activities at any time.
We may process your personal data if we have a legitimate interest or a legal obligation to do so.
4.5. We may further process your personal data if we have a legitimate interest or a legal obligation to do so. This will for instance be the case if we need to disclose certain information to public authorities or retain such information for tax or accounting purposes, or the establishment, exercise or defense of legal claims.
5. How long do we store your personal data?
6. Communication to third parties
We may disclose your personal data to third parties in case this is necessary for the proper operation of the Giotto Compliance Platform and the provision of the related services, or for promotional services.
6.1. We may communicate your personal data to third parties as part of operating the Giotto Compliance Platform, and to subcontractors such as IT systems providers, cloud service providers, database providers, automated marketing solutions providers and consultants, including Google (hosting and computation) and Zendesk (support).
6.2. We may also enable you to use third-party services directly from the Giotto Compliance Platform, namely through social plug-ins of Google LLC; Facebook, Inc.; LinkedIn Corporation; Twitter; and Microsoft Corporation, in which case you recognize that the third-party operators of these services may access some of your personal data in connection with the Giotto Compliance Platform.
We may also disclose your personal data to third parties when we have a legitimate interest or legal obligation to do so.
6.4. We may also disclose your personal data when we have a legitimate interest to do so, for instance to (i) any third party to whom we assign or transfer any of our rights or obligations; (ii) to competent courts or supervisory or regulatory bodies, when we must compellingly disclose your personal data, pursuant to any applicable law, regulation or order.
7. International transfers
Your personal data may be disclosed outside of your country of residence, including to countries that do not guarantee the same level of data protection and privacy as Switzerland and the European Union.
7.1. The personal data that we collect from you may be stored and processed in your region, or transferred to, stored at or otherwise processed outside your country of residence, including, in respect of residents of a country within the European Economic Area (the “EEA”) or Switzerland, in a country outside the EEA or Switzerland, including without limitation the USA, or any other country which does not necessarily offer an adequate level of data protection as recognized by the European Commission or Switzerland. Your personal data may also be processed by staff operating inside or outside your country of residence, including staff located outside of the EEA or Switzerland, who work for us or our service providers
7.2. Where we transfer your personal data outside the EEA or Switzerland, we will ensure that suitable safeguards are in place to help ensure that our third-party service providers provide an adequate level of protection to your personal data, for instance by relying on the Swiss-U.S. Privacy Shield Framework, or on standard contractual clauses adopted by the European Commission.
7.3. You may request additional information in this respect and obtain a copy of the relevant safeguards upon request by sending a request to the contact indicated Section 11 below.
We maintain physical, technical and procedural safeguards to keep secure your personal data.
8.2. Although we take appropriate steps to protect your personal data, no website is completely secure. Therefore, we cannot guarantee that data you provide to us is safe and protected from all unauthorized third-party access and theft. We waive any liability in this respect.
8.4. If we have reasonable reasons to believe that your personal data have been acquired by an unauthorized person, and applicable law requires notification, we will promptly notify you of the breach by email (if we have it) and/or by any other channel of communication (including by posting a notice on the Giotto Compliance Platform).
9.1. A cookie is a small data file that we transfer to and is stored on your electronic device. Cookies may be used to measure the traffic to and usage of websites and their distinctive features, and other miscellaneous uses.
9.2. Some cookies are likely to automatically process data directly on your devices and/or to transfer personal data concerning you to us.
You may manage the cookies via the settings of your browser and/or your devices.
9.3. If you do not want cookies to be stored on your device, you can configure your browser or your device to refuse and/or restrict the cookies. Certain cookies are however essential to the functioning of the Giotto Compliance Platform itself and its use may be altered or prevented by refusing these cookies.
9.4. For more information, please visit http://www.allaboutcookies.org. Please check the user help sections of your internet browser or electronic devices for specific instructions on the management of cookies.
9.5. Cookies may be used for different purposes, including to ensure the stability and security of a website, to improve the website and its functionalities, namely through personalization according to your interactions, and/or to monitor and analyze interactions with the website.
9.6. In relation with the Giotto Compliance Platform, we use the following cookies:
9.7. Some cookies we place on your electronic device ensure that the Giotto Compliance Platform delivers to you without limitation information securely and optimally. The Service/website cannot function properly without these cookies.
We use the following essential cookie:
9.8. Some cookies aim at remembering choices persons make, for example, user name, and language or text size. These cookies are known as “functionality cookies” and help to improve a person’s experience of the website by providing a more personalized service.
We do not use performance cookies.
9.9. These cookies are used to better understand customer interests and to display more relevant advertisements. We do not use advertising cookies.
10. Your Rights
You have the right to access your personal data processed by us and may request without limitation that they be removed, updated, or rectified.
10.1. Except as otherwise required by law, you are entitled at all times to know if we are processing personal data concerning you. You may contact us to know the content of such personal data, verify their accuracy and request that they be supplemented, removed, updated, or rectified. You also have the right to ask us to cease processing any personal data that may have been obtained in breach of applicable law, and to object to the processing of your personal data for any other legitimate reason.
10.2. By accessing your user account (if any), you can review, update, correct or delete the personal data available within your user account. If you would like us to delete your personal data from our system, please send a corresponding request to the contact details below and your request will be accommodated unless we have a legal obligation to retain the record. Please note that any information that we have copied may remain in back-up storage for some period of time after your deletion request.
10.3. Where we rely on your consent to process your personal data, we will seek your freely given and specific consent by providing you with informed and unambiguous indications relating to your personal data. You may revoke at any time such consent.
10.4. You may also have the right to request your personal data’s portability, i.e., that the personal data you have provided be returned to you or transferred to the person of your choice, in a structured, commonly used and machine-readable format without hindrance from us and subject to our confidentiality obligations, subject to applicable data protection laws.
You have the right to lodge a complaint.
10.5. If you are not satisfied with how we process your personal data, you may file a complaint with the competent supervisory authority, in addition to your rights outlined above.
11. Name and contact details of the controller.
11. 1. If you believe your personal data has been used in a way that is not consistent with this policy, or if you have any questions or a request in relation to the processing of your personal data by us, please contact us at [email protected].