With this Data Protection Statement, Fam. Vidal (hereinafter Vidal, we or us), describes how we collect and further process personal data.
This Data Protection Statement is in line with the EU General Data Protection Regulation (GDPR). Although the GDPR is a European Union (EU) regulation, it may be relevant for us. The Swiss data protection legislation (FADP) is heavily influenced by EU law. In addition, companies outside the European Union or the European Economic Area (EEA) must comply with the GDPR in certain cases.
This Privacy & Cookies Statement describes how the website Madihome.com represented by its owner, Mr Jacopo Vidal, he collects, uses, shares, and otherwise processes Personal Data about:
- Visitors to our websites;
- Any other individuals about whom the Company obtains Personal Data.
This Data Protection Statement is not necessarily a comprehensive description of our data processing.
In this Privacy & Cookies Statement, “Personal Data” means information that enables you to be identified as an individual or recognized directly or indirectly.
Data Controller: Vidal has determined the purposes for which, and the manner in which, your Personal Data is processed. The Data Controller has overall responsibility for compliance with the Data Protection Laws. Any questions about the operation of this Notice or any concerns that the Notice has not been followed should be referred in the first instance to Rickert Rechtsanwaltsgesellschaft mbH / Vidal/ Colmantstraße 15 / 53115 Bonn / Germany / art-27- firstname.lastname@example.org.
Data Processor: Any person or organisation that is not a Data User that processes personal data on our behalf and in accordance with our specific instructions. Our staff will be excluded from this definition but, the definition could include suppliers and distributors who handle personal data on our behalf.
EU Representative: According to Art.27 GDPR, a representative must be appointed in at least one EU country when the company is based outside the European Union as long as the processed data pertains to data subject in the Union.
Our EU-GDPR representative according to Art. 27 GDPR is Rickert Rechtsanwaltsgesellschaft mbH / Vidal / Colmantstraße 15 / 53115 Bonn / Germany /email@example.com.
We primarily use collected data in order to conclude and process contracts with our clients and business partners, in particular in connection with MADI’s promotion, distribution and sale.
The purposes for which we process your data are the following:
– to fulfil our contractual obligations and responsibilities to you.
– to respond to your requests, queries, and problems.
– to provide you with updates on Madihome-related activities and products.
In the context of our business activities and in line with the purposes of the data processing set out in Section 2, we may transfer data to third parties, insofar as such a transfer is permitted and we deem it appropriate, in order for them to process data for us or, as the case may be, their own purposes. In particular, it may be necessary for us to disclose your Personal Data to the following categories of recipients:
- our service providers (such as e.g., banks, insurance companies), including processors (such as e.g., IT providers);
- suppliers, subcontractors (such as surveyors, notaries and MADI experts) and other business partners.
In selecting this service provider, we ensured that data protection standards established by these terms and conditions could be maintained by the service provider; that in the course of processing conducted by the service provider personal data is only transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission (see European Commission: Adequacy of the protection of personal data in non-EU countries); and that the service provider is part of the Privacy Shield which requires them to provide similar
protection to personal data shared between Europe and the US (for further details, see European Commission: EU-US Privacy Shield).
Or in certain situations:
- If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, lawful requests, court orders and legal process.
- To enforce or apply any contract or other agreement with you.
- To protect our rights, property, or safety and that of our employees, members, or others, in the course of investigating and preventing money laundering and fraud.
Certain Recipients may be within Switzerland, but they may be located in any country worldwide. We shall only transfer any Personal Data we hold to a country outside the European Economic Area (“EEA”), if one of the following conditions applies:
- The country to which your Personal Data shall be transferred ensures an adequate level of protection and can ensure your legal rights and freedoms.
- You have given your consent that your Personal Data is transferred.
- The transfer is necessary for one of the reasons set out in the enactments, including the performance of a contract between you and us, or to protect your vital interests.
- The transfer is legally required on important public interest grounds or for the establishment, exercise or defence of legal claims.
- The transfer is authorised by the competent Data Protection Authority and we have received evidence of adequate safeguards being in place regarding the protection of your privacy, your fundamental rights and freedoms, and which allow your rights to be exercised.
The Personal data we hold may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Those Data Users may be engaged in, among other things, the fulfilment of contracts with you, such as the processing of payment details and/or the provision of support services.
We process and retain your personal data as long as required for the performance of our contractual obligations and compliance with legal obligations or other purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, during the performance of the contract until it is terminated) as well as beyond this duration in accordance with legal retention and documentation obligations. Personal data may be retained for the period during which claims can be asserted against our company (i.d. particularly during legal prescription periods) or insofar as we are otherwise legally obliged to do so or if legitimate business interests require further retention (e.g., for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized, as far as possible. In general, shorter retention periods, of no more than twelve months, apply for operational data (e.g., system logs).
We have taken appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse such as internal policies, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymisation, inspections.
In the context of our business relationship, you must provide us with any personal data that is necessary for the conclusion and performance of a business relationship and the performance of our contractual obligations. As a rule, there is no statutory requirement to provide us with data. Without this information, we will usually not be able to enter into or carry out a contract with you (or the entity or person you represent). In addition, the website cannot be used unless certain information is disclosed to enable data traffic (e.g., IP address).
In accordance with and as far as provided by applicable law (as is the case where the GDPR is applicable), you have the following rights.
– To access: You are entitled to request access to your Personal Data unless providing a copy would adversely affect the rights and freedoms of others. You can also request information about the different categories and purposes of data processing; recipients or categories of recipients who receive your Personal Data, details on how long your Personal Data is stored for, information on your Personal Data’s source and whether the Data Controller uses automated decision making. You also have “Data Portability” rights which includes the right to request a copy of your Personal Data be sent to you or transmitted to another Data Controller.
– To rectify: You are entitled to request we correct or complete your inaccurate or incomplete Personal Data without undue delay, and we will update the information and erase or correct any inaccuracies as required.
– To erase: You can exercise your “right to be forgotten” and can request we erase your Personal Data. Once receiving a request, we must erase the Personal Data without delay, unless an exception applies that permits us to continue processing your data.
– To restrict: You may request restrictions be applied to the processing of your Personal Data for some specific reasons such as you contest the accuracy of the data, the processing is unlawful or if we no longer need to process your Personal Data. You can also request restrictions be applied if the processing is being done for public interest or third-party reasons.
– To object: You may also object to your Personal Data being processed under certain circumstances. If we receive such an objection, we will stop processing your Personal Data unless we can show a compelling legitimate ground for processing your Personal Data which overrides your interests and the basis of your request.
Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data, have an overriding interest (insofar as we may invoke such interests) or need the data for asserting claims.
If you feel that your questions or concerns regarding your Personal Data have not been dealt with adequately or that your request has not been fulfilled by us, you can use our complaints procedure, by emailing us at firstname.lastname@example.org
In addition, every data subject has the right to enforce his or her rights in court or to lodge a complaint with the competent data protection authority.
The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
We may amend this Data Protection Statement at any time without prior notice. The current version published on our website shall apply. If the Data Protection Statement is part of an agreement with you, we will notify you by e-mail or other appropriate means if there is an amendment.