Caratti Costruzioni SA (hereinafter “Caratti” or “the Company”) secures and manages personal data with the same commitment and care with which they build. This policy explains the criteria for data processing, as well as the rights guaranteed to Users.
Please read this document carefully. Should you have any questions or concerns, we would be happy to address your queries submitted using the details listed in the Impressum or the address firstname.lastname@example.org.
In recent years, regulations to protect the privacy of natural persons have seen significant development at international level. Most notably in Europe, the European General Data Protection Regulation (GDPR) came into force in May 2018. Under certain conditions, the GDPR is also applicable outside the borders of EU member states.
The provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (GDPR) are once again applicable only to citizens in the European Union, provided all the necessary conditions have been met (except in the cases provided for in article 2 of the GDPR).
Caratti is a company with strong ties to the national territory, where they are providing their own services, and, as such, the possibility that the GDPR applies is very limited. However, in view of the imminent adoption of the Federal Law on Data Protection (LPD) (currently in its last stages of full revision), and the Company's commitment to ensure adequate data protection for their website users, as well as for their Clients, each website user is invited to carefully read this information notice, which provides important information on the methods and purposes of processing, as well as on the rights that may arise in relation to such processing.
Caratti reserves the right to modify this information notice at any time, in particular at the time of the adoption of the LPD (that is currently undergoing a complete revision), as well as to assert any and all of their rights as owner.
The foregoing forms an integral part of this document.
1. Who we are
Caratti Costruzioni SA, a limited company incorporated under Swiss law, UID:- CHE-110.109.308, hereinafter referred to as Caratti, is responsible, among other things, for the management of Caratti, including their web presence. In this capacity, Caratti therefore acts as Data Controller in relation to the data collected, also through this website. The processing is carried out in compliance with the applicable federal regulations, as well as the GDPR (regardless of whether the latter applies or not).
2. Which data do we collect and why
For the purpose of providing our services, we need to collect some personal data of our Clients and Users of our website. Some of this data is automatically transmitted by the device with which you visit our website. If you wish to restrict this automatic transmission, you must access the settings of your browser or device and deactivate the transmission of personal data. Further data is required when you request an offer or specific consultancy. Some of this information is absolutely necessary for us to provide you with the service you require and some of it is necessary for us to be able to offer you a tailor-made service in accordance with your wishes. Finally, some data is necessary to enable us to maintain contact with you, to the extent that you so wish. This way, we will be able to keep you up to date with our business and our offers (marketing).
a. Data collected when accessing our website, received through our servers:
c. Data provided by you for the purpose of communicating with Caratti, including:
The GDPR defines consent in the following terms: “any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.
The future LPD will indicate that “consent is valid only if given freely and unequivocally after due information. Express consent is required for the processing of sensitive personal data and for profiling”.
Consent must always be given explicitly if it concerns particularly sensitive personal data, such as information concerning your religion, ethnic origin, political view etc. In any case, Caratti does NOT collect such data.
For less sensitive data, consent may also be given with any expression of free will, such as for conclusive acts or when the data in question is indispensable to enable us to provide our services. In this case, your request to obtain a Caratti service will imply that you agree that Caratti may use your data to provide the requested service.
Other data is instead intended for our marketing communication activities and is explicitly collected for this purpose. Of course you may not give your consent for the processing of your data for this purpose and you may always revoke your consent.
4. What are your rights?
Insofar as the regulations in force and applicable at the time of the request so provide, you have the right to request that your data be:
We emphasize on the fact that, in compliance with tax obligations, Caratti is required to retain some of your personal data; for more information, please consult the chapter “Duration of data retention” below.
If applicable regulations so provide, you have the right to file a complaint with a supervisory authority (in Switzerland, the Federal Data Protection and Transparency Commissioner at https://www.edoeb.admin.ch/edoeb/it/home/l-ifpdt/mandato.html and in other European countries, the authorities designated by the applicable national law).
5. Safety measures (how we protect your data)
Caratti ensures the protection of your personal data against unauthorised processing and/ or loss through appropriate technical and organisational measures. Our technical systems are maintained taking into account - in an appropriate manner - the continuous technological developments.
In order to avoid unauthorised processing or loss of data, we recommend our Users to always use up-to-date systems - and not to share sensitive personal data with third parties.
6. Duration of data retention
The personal data of our Clients is processed and stored, in principle, for as long as it is necessary for the provision of the services requested by the Client (contractual basis) or in compliance with legal requirements (legal basis). In particular, the data is kept for the entire duration of the contractual relationship for accounting and legal purposes (such as for legal proceedings initiated by or against Caratti). In any case, to the extent that the legitimate interest of Caratti in relation to data retention ceases to exist, the data shall be anonymised or deleted.
7. Communication of your data to third parties
In order to be able to provide their services, Caratti must in some circumstances provide access to your data to third parties (outsourcing). This is particularly in the context of website management, as well as for sending newsletters or for profiling and marketing purposes. In any case, any such transmission shall only take place to the extent that you have given your consent (see point 3. above) and/or to the extent that this is provided for and/or in accordance with applicable law. In any case, our agreements with Partners commit them to guarantee the same security standards as Caratti to our guests and to us.
8. Communication of your data abroad
In order to be able to provide their services, Caratti must in certain circumstances provide access to your data to third parties (outsourcing) abroad to the extent that the processing in accordance with this statement is necessary. Third parties are also required to respect your personal data. In principle, all data is processed exclusively in Switzerland or at our company. Insofar as such third parties are located in countries where the level of protection does not correspond to Swiss or European standards, we are committed to ensuring the adequate protection of your data by concluding specific binding agreements or by taking other legal measures. As a rule, this circumstance is limited exclusively to newsletter management systems, bearing in mind that, in order to ensure the high quality of these services, our company relies on leading companies in the sector with their headquarters and part of their infrastructure in the United States. These companies have adhered to the so-called Privacy Shield, a program recognised by both European and Swiss authorities as adequate to guarantee the privacy of the subjects concerned. If you need further information, do not hesitate to contact us or visit https://www.privacyshield.gov/individuals-in-europe.
9. Cookies, social media management, analysis and tracking systems and plug-ins, external links
Unless the data of minors (as defined by applicable regulations) is transmitted to us by the respective holders of parental authority (parents, guardians etc.), Caratti does not collect such data. However, as we do not systematically collect any personal data except as required by this document and applicable law, we are unable to identify, for example, the age of visitors to our website. If you believe a child in your custody has provided us with personal data without your consent, please let us know without delay to prevent the child from receiving, for example, our promotions. Our staff will take appropriate measures.
11. General provisions
Irrespective of the applicable legislation, Caratti encourages their website Users, as well as their Clients, to keep their devices constantly updated, to carefully store personal information, and to provide only the data necessary to enable us to provide the requested services. With regard to the possible transmission of banking documentation, land registry extracts or other, it is recommended to take all necessary precautions and to keep in mind that e-mail does not guarantee the secure transmission of information, regardless of the measures implemented by Caratti to ensure the security of their infrastructure.
12. Amendments to this policy
Caratti reserves the right to update this policy in order to ensure adequate protection in accordance with applicable law. For this reason, in particular in the event of significant legislative or jurisprudential changes, this policy may be subject to updates and/or amendments.
Should you have any questions or concerns regarding the scope of this policy, please do not hesitate to contact us.
Version February 2020