Privacy Policy

Privacy policy regarding the processing of personal data

Pursuant to the Federal Data Protection Act (DPA), we provide the necessary information regarding the processing of personal data of our customers (individuals/employees of customers legal entities) collected during the contractual/pre-contractual relationship with Exeris SA

1. CATEGORIES OF PERSONAL DATA SUBJECT TO PROCESSING | DEFINITIONS

Personal data provided – or otherwise acquired in accordance with applicable legislative and contractual provisions – inherent, related and/or instrumental to the evaluation of your career at Exeris SA, will be processed in accordance with the DPA and confidentiality obligations. In particular, we will process your personal data (including: first name, last name, e-mail).

Personal data: any information related to an identified or identifiable person.
Personal Data of third parties: in addition to Personal Data about you, you may also provide the Company with Personal Data of third parties, particularly other family members, for the purposes of human resources management and administration, including benefits and emergency contacts. Before providing such data, you must inform data subjects about the contents of this privacy policy.
Data Subjects: individuals whose data is being processed.
Processing: any operation concerning personal data, regardless of the means and procedures adopted, namely the collection, storage, use, review, communication, archiving or destruction of data.
Communication: i.e., making personal data accessible, such as by allowing access, transmission or publication.

2. IDENTITY AND CONTACT INFORMATION OF THE DATA CONTROLLER

The entity that determines the purposes and means of this processing of personal data is EXERIS SA, a company incorporated under Swiss law with registered office at Via Marconi 4 – 6900 Lugano – CHE-171.663.060 (hereinafter also referred to as “Exeris” or “Controller” or “Company” or “we”). The Data Controller can be contacted at the following address: michele.jermini@exeris.com

3. PURPOSE OF PROCESSING | DATA RETENTION PERIOD

PURPOSE OF PROCESSING

DATA RETENTION PERIOD

a) customer relationship management | fulfillment of pre-contractual and contractual obligations: personal data will be used to establish and/or execute the contractual relationship with the customer (including related communication)

After the conclusion of the contractual relationship, the data will be kept for 10 years.

b) judicial and extrajudicial debt collection | management of possible litigation

After the conclusion of the contractual relationship, the data will be kept for 10 years. In case of litigation, data will be kept until the conclusion of the litigation.

3.1 DATA PROCESSING METHODS

The processing will be carried out in automated and/or manual form, using methods and tools designed to ensure maximum security and confidentiality, by individuals specially trained to do so. The personal data collected will be stored in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed.

4. RECIPIENTS OF PERSONAL DATA

We may share personal information with employees and/or personnel acting under the authority of the Data Controller (duly instructed to do so), as well as third parties bound to Exeris by contractual relationship, for the purpose of fulfilling contractual obligations and fulfilling one or more of the aforementioned processing purposes. These third parties will process the data provided as independent data controllers or Data Controllers. Specifically, we may share the personal data collected with the following categories of recipients: a) entities that provide services for the maintenance of the computer system used by Exeris and telecommunications networks (including tools and e-mail); b) consulting and support firms or companies (e.g., trustees); c) authorities responsible for compliance with legal obligations and/or provisions of public bodies, upon request.

5. TRANSFER OF PERSONAL DATA OUTSIDE THE CONFEDERATION

Personal data are processed in Switzerland, but may be communicated abroad, particularly to European Union countries, in accordance with the provisions of the DPA. It is specified that, in accordance with the DPA and the Federal Data Protection and Transparency Commissioner, countries within the European Economic Area are third countries with adequate safeguards for the transfer of personal data. The list of adequate countries can be checked at:

https://www.edoeb.admin.ch/dam/edoeb/fr/dokumente/2021/20211115_Staatenliste_f.pdf.download.pdf/20211115_Staatenliste_f.pdf

In addition, by virtue of our relationships with companies related to us, we may transfer data to the U.S. and China, subject to the signing of appropriate Data Transfer Agreements and subject to specific guarantees for the transfer of data abroad (in particular: Standard Contractual Clauses as defined by the European Commission and approved for their application in Switzerland under the DPA by the Federal Data Protection and Transparency Commissioner.

6. RIGHTS OF THE DATA SUBJECT

Pursuant to the FDPA, the Data Controller recognizes the following rights as a data subject (nonexhaustive list):

  • To obtain rectification of inaccurate or outdated personal data;
  • To be informed in writing and free of charge whether personal data concerning you are being processed;
  • Obtain portability of personal data or request that they be transferred to third parties;
  • Request the restriction or blocking of data processing, prevention of the disclosure of data to third parties or the rectification or destruction of personal data;
  • Request the prohibition of specific processing of personal data and specific disclosure of personal data to third parties or the deletion or destruction of specific personal data;
  • Where neither the correctness nor inaccuracy of personal data can be proven, request that a note be added to indicate the objection;
  • Request that the rectification, destruction, blocking, especially disclosure to third parties, in addition to the note on the challenge or ruling be communicated to third parties or published;
  • Have the processing of personal data declared unlawful.

Subject to any other administrative and jurisdictional remedies, if you believe that the processing of your data violates the provisions of the FDPA, you have the right to file a complaint with the Federal Data Protection and Transparency Commissioner. It is understood that you may exercise your rights by contacting the Data Controller.

7. ADDITIONAL INFORMATION | CHANGES | UPDATES

The Controller reserves the right to revise, update, add or remove any part of this privacy policy at its discretion at any time. If changes are made, the date of the update will be indicated.