PRIVACY POLICY

We inform you that, for the establishment and execution of ongoing contractual relationships with you, our organization holds your data, obtained verbally, directly, or through third parties, classified as personal under Regulation (EU) 2016/679 (GDPR).

According to the mentioned regulation, this processing will be carried out in accordance with the principles of fairness, lawfulness, transparency, and protection of your privacy and rights. As per Article 13 of the GDPR 2016/679, we provide you with the following information:

Nature of the data processed: we process your personal, fiscal, and economic data necessary for carrying out contractual relationships, both ongoing and future, with your company, as well as for an effective management of business relations. The data is processed without your express consent (Article 6, letters b and e, GDPR), solely for the following service purposes: to comply with pre-contractual, contractual, and fiscal obligations arising from existing relations with you; to comply with legal obligations, regulations, EU laws, or orders from the authorities; to exercise the rights of the Data Controller, such as the right to defend in court. We do not hold any data that could be classified as sensitive or judicial (Articles 9 and 10 of the GDPR).

Purpose of processing and duration: your data will be processed for the entire duration of the contractual relationship and also afterwards, for contractual needs and related compliance with legal and fiscal obligations, and for the effective management of financial and business relationships, as outlined in Article 4, section 2) GDPR. The Data Controller will process personal data for the time necessary to fulfill the above purposes and in any case, no longer than 10 years from the termination of the relationship for service purposes.

Methods of processing: the processing will be carried out using both manual and/or IT and telematics tools with organizational and processing logic strictly related to the purposes themselves and in such a way as to ensure the security, integrity, and confidentiality of the data, in compliance with the organizational, physical, and logical measures provided for by current regulations.

Obligation or right to provide data: for the data that we are required to know in order to comply with legal obligations, failure to provide them by you will result in the impossibility of establishing or continuing the relationship, to the extent that such data is necessary for its execution.

Scope of knowledge of your data: the following categories of persons may become aware of your data as data processors or appointed persons for processing, designated by the undersigned company, the Data Controller: executives, directors, and auditors; internal secretarial offices; accounting and billing staff; sales staff; agents and representatives.

Communication and dissemination: your data will not be disseminated by us to undetermined subjects through their availability or consultation. Your data may be communicated by us, to the extent of their respective and specific competence, to entities and in general to any public or private subject to whom we are obliged (or permitted by legal, secondary legislation or EU regulations) to communicate, as well as to our consultants, to the extent necessary to perform their duties at our organization, upon receipt of our formal letter of appointment imposing confidentiality and security duties.

Your rights: as a data subject, you have the rights under Article 15 GDPR, specifically the rights to: i. obtain confirmation of whether or not personal data concerning you exists, even if not yet registered, and to receive them in an intelligible form; ii. obtain information on: a) the origin of personal data; b) the purposes and methods of processing; c) the logic applied in the case of processing carried out with the help of electronic tools; d) the identifying details of the Data Controller, processors, and the representative designated under Article 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom personal data may be communicated or who may become aware of it in the capacity of designated representative within the state, processors, or authorized persons; iii. obtain: a) the updating, correction, or integration of the data; b) the deletion, transformation into anonymous form, or blocking of data processed in violation of the law, including those that are no longer necessary for the purposes for which they were collected or subsequently processed; c) the confirmation that the operations referred to in letters a) and b) have been notified, including their content, to those to whom the data has been communicated or disseminated, except in cases where such compliance is impossible or requires the use of manifestly disproportionate means with respect to the protected right; iv. object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if related to the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for conducting market research or commercial communication, using automated calling systems without the intervention of an operator via email and/or traditional marketing methods via phone and/or postal mail. Where applicable, you also have the rights under Articles 16-21 GDPR (Right to rectification, right to erasure, right to restrict processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority. At any time, you can obtain confirmation of whether or not personal data concerning you exists and receive communication of such data and the purposes on which the processing is based. Additionally, you can obtain the deletion, transformation into anonymous form, or blocking of data processed in violation of the law, as well as the updating, correction, or, if you have an interest, the integration of the data. You can also object, for legitimate reasons, to the processing itself. We kindly ask you to promptly report any changes to your personal data to the relevant office of the company so that we can comply with Article 11, letter (c) of the aforementioned regulation, which requires that the data collected be accurate and, therefore, updated.

Data Controller: the Data Controller is Aviotrace Swiss S.A., based at Via Rime 1, 6850, Mendrisio (Switzerland).

The Data Protection Officer, whom you can contact to exercise your rights and/or for any clarifications regarding the protection of personal data, can be reached by email at: privacy@aviotraceswiss.com.

Mendrisio, May 25, 2018