GENERAL
INFORMATION FOR CALIFORNIAN CONSUMERS
- Information for Californian Consumers
- Categories of personal information collected, disclosed, or sold
- Information we collect: the categories of personal information
- How we collect information: sources of personal information
- How we use the information we collect: sharing and disclosing personal information
- No sale of your personal information
- What are the purposes for which we use your personal information?
- Your California privacy rights and how to exercise them
LINKS TO OTHER WEBSITES OR OFFERS
Privacy Policy
Privacy Policy
We are committed to the responsible handling of your personal data. Consequently, we comply with the requirements of the GDPR, the applicable national data protection laws and other provisions of the applicable data protection regulations.
In the following we would like to inform you about how we handle your personal data. Unless explicitly stated otherwise, the following information applies to all websites operated by us.
Please note that the following information may be reviewed and changed from time to time. We therefore recommend that you regularly consult our privacy policy.
1. Name and contact details of the data controller and of the controller’s representative
The data controller is Mitto AG, with its headquarters at 6300 Zug, Switzerland, Bahnhofstraße 21. For information about data processing, you can contact us to the following addresses:
- Phone: +41 41 588 05 49;
- E-mail: info@mitto.ch
The controller’s representative in the European Union is Karmasec S.r.l., with its headquarters at 33100 Udine, Italy, Via Antonio Marangoni 49. Contact details: info@karmasec.com.
2. Contact details of the data protection officer
We have appointed a Data Protection Officer (DPO). If you wish, for any request regarding the protection of your personal data and the exercise of your rights, you may contact our Data Protection Officer (DPO) by writing to “Data Protection Officer” at the Controller’s address or at the following email address: dpo@mitto.ch.
3. Processed Data, Purpose, Legal Basis and Data Retention Period
3.1 Provision of the website and creation of log files
Each time our website is accessed, our system automatically records in a log file data and information from the computer system of the requesting computer or terminal and only data that your browser transmits to our servers. The following data is processed:
- IP address of the requesting computer or host;
- Date and time of access as well as the time zone difference to Greenwich Mean Time (GMT);
- Name and URL of the retrieved data;
- Transferred amount of data;
- Website from which our domain was accessed as well as the last opened website;
- Operating system of your computer and its interface as well as the browser you use, including language and version of your browser;
- The search term used when accessing via search engine.
This data is also stored automatically in the log files of our system. There is no storage together with other personal data pertaining to you.
The legal basis for this data processing is the legitimate interest of the data controller in preserving the security of the website and its functionalities (Art. 6 (1) (f) GDPR).
The provision of these information is necessary. Failure to provide them, would prevent us from browsing our website.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection.
3.2 Contact form, e-mail contact, telephone contact, social media
Through the contact channels on the site, you can communicate with us and request information through the contact form, by email or by phone. The acquired data, such as contact details and the content of communications, will be used exclusively to respond to the requests received. When you contact us, we collect and process the following personal data:
- First and Last Name;
- E-mail address;
- Request/message;
- Telephone number.
At the time of sending the messagFirst and Last Name:
- E-mail address;
- Request/message;
- Telephone number.
the following data is also stored:
- IP address of the requesting user;
- Date and time of sending the contact request;
The legal basis for this processing is the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 (1) (b) GDPR).
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Regarding the personal data from the input form of the contact form and data that has been sent by e-mail or communicated by telephone, it is deleted when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
The provision of these information is necessary. Failure to provide them, would prevent us from responding to your requests.
In addition, we can also be reached via our pages on social networks, for whose privacy the guidelines of the respective social network apply. If you contact us or communicate with us via such social networks, the data processing will be carried out in accordance with the data protection policies of the social network and this privacy policy as supplement. As part of the contact, the personal data transmitted with your message will be stored and processed.
3.3 Sign in and sign up to our website
When you register on our website or log in to your profile, we process the data necessary to allow you to create and/or access your account, such as your e-mail address and password.
The legal basis for this data processing is the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 (1) (b) GDPR).
The provision of these information is necessary. Failure to provide them, you will not be able to create and/or access a profile in our website.
The data related to your website registration will be retained until you request the deletion of your profile.
3.4 Careers area
Through the dedicated area, you can send us your application for open positions at our company. In this case, we will process the following personal data:
- First and Last Name;
- E-mail address;
- Telephone number;
- Address, city and country;
- Curriculum;
- Other information indicated in the application form.
We will process the information contained in the CV and the information you provide us to evaluate your application. The legal basis for this data processing is the execution of pre-contractual measures adopted at the request of the data subject (Art. 6 (1) (b) GDPR).
Providing such information is optional. You are free to provide us with the information requested by the application form and to send us your CV, but in their absence, we will not be able to evaluate your application for a job position at our Company.
Your CV and the personal data you provide to us when you send us your application for a job position will be stored for 12 months after the recruitment process, unless you request its deletion earlier. This is to allow us to consider you for future opportunities and to address any potential disputes related to the recruitment process.
3.5 Cookie
We use cookies, which are small text files that the website places on the devices in use, whether computers or mobile devices, and are saved in the directories used by the user’s web browser. There are various types of cookies, some to make the use of the website more efficient, others to enable certain functionalities. For more details, we invite you to consult the site’s Cookie Policy.
4. Communication of personal data to third parties
Some of the information might be communicated, exclusively for the purposes specified above, to the following subjects:
- Companies assisting and maintaining IT systems or suppliers of IT storage systems;
- Other subjects or Companies performing activities instrumental to the above purposes on behalf of the Controller;
- Providers of cookie services and similar systems (see Cookie Policy).
A detailed list of all recipients is available at the headquarters of the Data Controller and will be provided upon request.
5. Your rights
You have several rights that can be exercised to maintain control over your data. To exercise your rights, you can write to the data controller at info@mitto.ch or to the DPO at dpo@mitto.ch.
We are required to respond within 30 days of receiving your request and will strive to do so as quickly as possible.
Right of access: You have the right to obtain information regarding the processing of your personal data and to access and receive a copy of it, including through commonly used electronic means. We are committed to providing a report of the data we hold, such as personal details, contact information, or requests we have received via contact forms or e-mail.
Right to rectification: You have the right to obtain the update, integration, or rectification of data. If you believe the data is incorrect or outdated, we will do our best to resolve the issue.
Right to data portability: You can request the portability of data processed in the context of contract performance or based on your consent, even directly to other data controllers.
Right to erasure: You have the right to request the deletion of stored data. In some cases, you can request direct deletion, and we will act as quickly as possible. However, not all data can be deleted upon request, as it may be necessary to fulfill legal obligations or because it is still in use.
Right to restriction and objection: You have the right to request the restriction of processing or to object, in whole or in part, to the processing of personal data. In the case of a request for restriction, we are required to suspend all data operations for a defined period.
If you believe that one or more of our processing activities may be in violation of the law, or if you believe that your rights have not been protected, you can file a complaint with the Supervisory Authority in the place where you usually reside or where the alleged violation occurred.
Information for Californian Consumers
This part of the document integrates with and supplements the information contained in the rest of the privacy policy and is provided by the business running this website and, if the case may be, its parent, subsidiaries and affiliates (for the purposes of this section referred to collectively as “we”, “us”, “our”, “our website”).
The provisions contained in this section apply to all Users who are consumers residing in the state of California, United States of America, according to “The California Consumer Privacy Act of 2018” (Users are referred to below, simply as “you”, “your”, “yours”), and, for such consumers, these provisions supersede any other possibly divergent or conflicting provisions contained in the privacy policy.
This part of the document uses the term “personal information” as it is defined in The California Consumer Privacy Act (CCPA).
A. Categories of personal information collected, disclosed, or sold
In this section we summarize the categories of personal information that we’ve collected, disclosed or sold and the purposes thereof. You can read about these activities in detail in the section 3.
B. Information we collect: the categories of personal information
We have collected only the categories of personal information about you related on what express in the above mentioned section 3.
We will not collect additional categories of personal information without notifying you.
C. How we collect information: sources of personal information
We collect the above mentioned categories of personal information, either directly or indirectly, from you when you use this website.
For example, you directly provide your personal information when you submit requests via any forms on this website. You also provide personal information indirectly when you navigate this Application, as personal information about you is automatically observed and collected. Finally, we may collect your personal information from third parties that work with us in connection with the Service or with the functioning of this website and features thereof.
D. How we use the information we collect: sharing and disclosing personal information
We may disclose the personal information we collect about you to a third party only in relation to what express in the previous section 4.
E. No sale of your personal information
In the past 12 months we have not sold any of your personal information
F. What are the purposes for which we use your personal information?
We may use your personal information to allow the operational functioning of this website and features thereof (“business purposes”). In such cases, your personal information will be processed in a fashion necessary and proportionate to the business purpose for which it was collected, and strictly within the limits of compatible operational purposes.
We may also use your personal information for other reasons (as indicated in the section 3 within this document), as well as for complying with the law and defending our rights before the competent authorities where our rights and interests are threatened, or we suffer an actual damage.
We will not use your personal information for different, unrelated, or incompatible purposes without notifying you.
G. Your California privacy rights and how to exercise them
The right to know and to portability
You have the right to request that we disclose to you:
- The categories and sources of the personal information that we collect about you, the purposes for which we use your information and with whom such information is shared
- In case of sale of personal information or disclosure for a business purpose, two separate lists where we disclose:
- For sales, the personal information categories purchased by each category of recipient; and for disclosures
- For a business purpose, the personal information categories obtained by each category of recipient
The disclosure described above will be limited to the personal information collected or used over the past 12 months.
If we deliver our response electronically, the information enclosed will be “portable”, i.e. delivered in an easily usable format to enable you to transmit the information to another entity without hindrance – provided that this is technically feasible.
The right to request the deletion of your personal information
You have the right to request that we delete any of your personal information, subject to exceptions set forth by the law (such as, including but not limited to, where the information is used to identify and repair errors on this Application, to detect security incidents and protect against fraudulent or illegal activities, to exercise certain rights etc.).
If no legal exception applies, as a result of exercising your right, we will delete your personal information and direct any of our service providers to do so.
How to exercise your rights
To exercise the rights described above, you need to submit your verifiable request to us by contacting us via the details provided in this document (see sections 1 and 2).
For us to respond to your request, it’s necessary that we know who you are. Therefore, you can only exercise the above rights by making a verifiable request which must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it
We will not respond to any request if we are unable to verify your identity and therefore confirm the personal information in our possession actually relates to you.
If you cannot personally submit a verifiable request, you can authorize a person registered with the California Secretary of State to act on your behalf.
You can submit a maximum number of 2 requests over a period of 12 months.
How and when we are expected to handle your request
We will confirm receipt of your verifiable request within 10 days and provide information about how we will process your request.
We will respond to your request within 45 days of its receipt. Should we need more time, we will explain to you the reasons why, and how much more time we need. In this regard, please note that we may take up to 90 days to fullfil your request. Our disclosure(s) will cover the preceding 12 month period.
Should we deny your request, we will explain you the reasons behind our denial.
We do not charge a fee to process or respond to your verifiable request unless such request is manifestly unfounded or excessive. In such cases, we may charge a reasonable fee, or refuse to act on the request. In either case, we will communicate our choices and explain the reasons behind it.
Links to other websites or offers
The website may contain links to the pages of other providers. Since we have no influence on these websites and offers, we recommend that you inquire about information regarding data protection that may be provided there. We assume no responsibility for the contents of the linked pages.
Last update: september 2024