GENERAL
- Name and contact details of the responsible controller
- Contact details of the data protection officer
- General information about data processing
- Provision of the website and creation of log files
- Contact form, e-mail contact, telephone contact, social media
- Use of cookies
- Web analytics by Google Analytics
- Transfer of personal data to third parties
- LinkedIn button and social widgets (LinkedIn Corporation)
- Right to information, deletion and correction as well as complaint
INFORMATION FOR CALIFORNIAN CONSUMERS
- Categories of personal information collected, disclosed or sold
- Information we collect: the categories of personal information we collect
- How we collect information: what are the sources of the personal information we collect?
- How we use the information we collect: sharing and disclosing of your personal information with third parties for a business purpose
- No sale of your personal information
- What are the purposes for which we use your personal information?
- our California privacy rights and how to exercise them
LINKS TO OTHER WEBSITES OR OFFERS
Privacy Policy
1. Name and contact details of the responsible controller
Mitto AG, represented by its sole managing director, Mr. Andrea Giacomini, is the responsible controller within the meaning of EU Regulation 2016/679 of 27 April 2016 (General Data Protection Regulation) (“GDPR”). Our contact details are:
Mitto AG, Bahnhofstraße 21, 6300 Zug, Switzerland (Phone: +41 41 588 05 49, E-mail: info@mitto.ch)
2. Contact details of the data protection officer
Our data protection officer can be reached at: Mitto, E-mail: dpo@mitto.ch
3. General information about data processing
We are committed to the responsible handling of your personal data. Consequently, we comply with the requirements of the GDPR, the applicable national data protection laws and other provisions of the applicable data protection regulations.
In the following we would like to inform you about how we handle your personal data. Unless explicitly stated otherwise, the following information applies to all websites operated by us.
Please note that the following information may be reviewed and changed from time to time. We therefore recommend that you regularly consult our privacy policy.
4. Provision of the website and creation of log files
Each time our website is accessed, our system automatically records in a log file data and information from the computer system of the requesting computer or terminal and only data that your browser transmits to our servers. The following data is processed:
- IP address of the requesting computer or host
- Date and time of access as well as the time zone difference to Greenwich Mean Time (GMT)
- Name and URL of the retrieved data
- Transferred amount of data
- Website from which our domain was accessed as well as the last opened website
- Operating system of your computer and its interface as well as the browser you use, including language and version of your browser
- The search term used when accessing via search engine
This data is also stored automatically in the log files of our system. There is no storage together with other personal data pertaining to you. The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.
The processing of this data as well as the storage in log files takes place anonymously without personal reference and only temporarily for the purpose of enabling the use of the website (connection establishment), since this is only possible if the IP address remains stored for the duration of the session. Furthermore, the system security and stability should be thereby permanently guaranteed, and our internet offer optimised. Our legitimate interest in the processing of data pursuant to Art. 6 (1) (f) GDPR lies in these purposes.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection.
The collection of data for the provision of our website and the storage of the data in log files is essential for the operation of the website. There is therefore no possibility of objecting to such processing.
5. Contact form, e-mail contact, telephone contact, social media
On our website we offer a contact form, which can be used to contact us. If you used this contact form, the data entered in the input mask will be transmitted to us and saved. This data is:
- First and Last Name
- E-mail address
- Request/message
- If callback is desired, the telephone number
At the time of sending the message, the following data is also stored:
- IP address of the requesting user
- Date and time of sending the contact request
For the processing of the data in the context of the sending process your consent is obtained, and reference is made to this privacy policy.
Alternatively, contacting us via various provided e-mail addresses is possible. In this case, the user’s personal data transmitted by e-mail will be stored.
If you contact us by phone, we will save the following:
- First and Last Name
- Request/message
- Your phone number
The legal basis for the processing of the data for the use of the contact form is the consent of the user pursuant to Art. 6 (1) (a) GDPR. The legal basis for the processing of the data transmitted in the course of sending an e-mail or making contact by telephone is Art. 6 (1) (f) GDPR. If the e-mail contact or the telephone contact is intended to conclude a contract, then the additional legal basis for the processing is Art. 6 (1) (b) GDPR.
The processing of personal data from the input mask is solely for processing the contact as well as the processing of your request. In the case of contact via e-mail or telephone, the required legitimate interest in the processing of the data also lies herein. The other personal data processed during the sending process is intended to prevent misuse of the ability to contact us and to ensure the security of our communications and IT systems.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Regarding the personal data from the input form of the contact form and data that has been sent by e-mail or communicated by telephone, it is deleted when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
As a user, you have the option at any time to revoke your consent to the processing of your personal data. If you contact us by e-mail or telephone, you may object to the storage of your personal data at any time by sending a corresponding request to our contact details stated in the imprint or under section I of this privacy policy. In such a case, the conversation may not continue; your request may not be processed. All personal data stored in the course of contact will be deleted in this case. Please note that due to legal or contractual obligations, a longer storage period may be required.
In addition, we can also be reached via our pages on social networks, for whose privacy the guidelines of the respective social network apply. If you contact us or communicate with us via such social networks, the data processing will be carried out in accordance with the data protection policies of the social network and this privacy policy as supplement. As part of the contact, the personal data transmitted with your message will be stored and processed.
6. Use of cookies
Our website use cookies. Cookies are text files that are stored by your internet browser on the computer system. If you visit our website, a cookie may be stored on your computer’s operating system. This cookie contains a characteristic string that allows unique identification of your browser when you visit our websiteagain.
We use cookies to make our website more user-friendly. Some elements require that the retrieving browser be identified even after a page break. This mainly affects language settings and log-in information. On the other hand, we use cookies to analyse the usage behaviour on our website, in particular the frequency of page views and the input of search terms. The data of the users collected via cookies is anonymised and will not be stored together with other personal data.
The legal basis for the processing of personal data using cookies is Art. 6 (1) (f) GDPR.
The purpose of using technically necessary cookies is to simplify the use of our websites for the users. Some features of our website cannot be offered without the use of cookies. For these features, it is necessary that the browser is recognised even after a page break. The use of analysis cookies is done to improve the quality of our website content on the basis of user behaviour. These purposes constitute our legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
Cookies are stored on your computer and transmitted by it to our system. Therefore, as a user, you have control over the use of stored cookies. By changing the settings in your browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. However, if cookies are disabled for our website, it may not be possible to fully use all functions of the website.
7. Web analytics by Google Analytics
We use the web analytics service Google Analytics of Google LLC, Amphitheater Parkway, Mountain View, CA 94043, USA, on our website and Nimbow.
Google Analytics uses cookies (for cookies, see 6). The information generated by the cookie about your use of the website such as:
- Browser type/version
- Operating system used
- Referrer URL (the previously visited page)
- Host name of the accessing computer (IP address)
- Time of server request
The IP address is shortened by the activation of IP anonymisation (“anonymizeIP”) on our website before the transmission. This guarantees an anonymisation of your IP address so that all data is only processed anonymously. Only in exceptional cases will the full IP address be sent to a server of Google LLC in the USA and shortened there. In these cases, we provide contractual guarantees to ensure that Google LLC maintains a reasonable level of data protection. According to Google LLC, the IP address will in no case be associated with any other data related to the user.
The legal basis for processing users’ personal data is Article 6 (1) (f) GDPR.
Google will on our behalf use the transmitted information to evaluate your use of our website. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website, Nimbow and their user-friendliness. Our legitimate interest in the processing of data pursuant to Art. 6 (1) (f) GDPR lies in these purposes. The anonymisation of the IP address sufficiently takes into account the interests of users in their protection of personal data.
The data will be deleted as soon as it is no longer needed for our recording purposes.
Since Google Analytics works with cookies, you as the user also have control over the use of stored cookies (see section VIII).
In addition, you may prevent the collection and transmission to Google of the data generated by the cookie and related to your use of our website (including the IP address) and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plug-in, you can click on this link to prevent data collection by Google Analytics on the website in the future. An opt-out cookie is stored on your used device. If you delete your cookies, the link must be clicked again.
For more information about privacy related to Google Analytics, see the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=de.
8. Transfer of personal data to third parties
We only pass on your personal data if you have expressly consented, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to assert claims arising from the contractual relationship, as well as to fulfil our obligations.
In addition, we pass on your data to third parties, as far as it is required in the context of the use of the website and the contract, namely for the processing of your orders, the processing of your purchases, the delivery of your ordered products and their payment, and for the provision of the services you request, for the analysis of your user behaviour as well as for the service providers supporting us.
Our service providers are always carefully selected, commissioned and bound by our instructions. They are checked regularly by us.
The transfer of the data to third parties and the processing of the data passed on by third parties is strictly limited to the stated purposes. In addition, these third parties are obliged to treat their data in accordance with this privacy policy and the relevant data protection laws, in particular the GDPR.
9. LinkedIn button and social widgets (LinkedIn Corporation)
The LinkedIn button and social widgets are services allowing interaction with the LinkedIn social network provided by LinkedIn Corporation.
Personal Data collected: Cookies and Usage Data.
Place of processing: US – Privacy Policy.
10. Right to information, deletion and correction as well as complaint
You can always ask for information about your personal data stored by us. Likewise, you are fundamentally entitled to demand the deletion or correction of your stored data at any time, as long as legal obligations do not conflict. Please note that by law certain data must be kept for a certain period of time. Such data must therefore be stored by us until the expiration of these deadlines. We block this data in our system and only use it to fulfil legal requirements.
You may exercise your aforementioned rights by sending us a request to our contact details stated in the imprint or in section I of this privacy policy.
Please note that we reserve the right to require submission of proof of identity, and that in the event of deletion of your data use of our services is not or is no longer fully possible.
Consents to certain data processing can be revoked at any time with effect for the future.
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence or the place of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR.
Our website and are open to people only from the age of 16 years. Personal data of persons who have not yet reached the age of 16 is therefore not collected by us. If you think your child is sharing data with us, you can contact us at the contact details provided.
11. Information for Californian consumers
This part of the document integrates with and supplements the information contained in the rest of the privacy policy and is provided by the business running this website and, if the case may be, its parent, subsidiaries and affiliates (for the purposes of this section referred to collectively as “we”, “us”, “our”, “our website”).
The provisions contained in this section apply to all Users who are consumers residing in the state of California, United States of America, according to “The California Consumer Privacy Act of 2018” (Users are referred to below, simply as “you”, “your”, “yours”), and, for such consumers, these provisions supersede any other possibly divergent or conflicting provisions contained in the privacy policy.
This part of the document uses the term “personal information” as it is defined in The California Consumer Privacy Act (CCPA).
11.1 Categories of personal information collected, disclosed or sold
In this section we summarize the categories of personal information that we’ve collected, disclosed or sold and the purposes thereof. You can read about these activities in detail in the section 4 and 5.
11.2 Information we collect: the categories of personal information we collect
We have collected only the categories of personal information about you related on what express in the above mentioned sections 4 and 5.
We will not collect additional categories of personal information without notifying you.
11.3 How we collect information: what are the sources of the personal information we collect?
We collect the above mentioned categories of personal information, either directly or indirectly, from you when you use this website.
For example, you directly provide your personal information when you submit requests via any forms on this website. You also provide personal information indirectly when you navigate this Application, as personal information about you is automatically observed and collected. Finally, we may collect your personal information from third parties that work with us in connection with the Service or with the functioning of this website and features thereof.
11.4 How we use the information we collect: sharing and disclosing of your personal information with third parties for a business purpose
We may disclose the personal information we collect about you to a third party only in relation to what express in the previous section 8.
11.5 No sale of your personal information
In the past 12 months we have not sold any of your personal information
11.6 What are the purposes for which we use your personal information?
We may use your personal information to allow the operational functioning of this website and features thereof (“business purposes”). In such cases, your personal information will be processed in a fashion necessary and proportionate to the business purpose for which it was collected, and strictly within the limits of compatible operational purposes.
We may also use your personal information for other reasons (as indicated in the section 5 within this document), as well as for complying with the law and defending our rights before the competent authorities where our rights and interests are threatened, or we suffer an actual damage.
We will not use your personal information for different, unrelated, or incompatible purposes without notifying you.
11.7 Your California privacy rights and how to exercise them
The right to know and to portability
You have the right to request that we disclose to you:
- The categories and sources of the personal information that we collect about you, the purposes for which we use your information and with whom such information is shared
- In case of sale of personal information or disclosure for a business purpose, two separate lists where we disclose:
- For sales, the personal information categories purchased by each category of recipient; and for disclosures
- For a business purpose, the personal information categories obtained by each category of recipient
The disclosure described above will be limited to the personal information collected or used over the past 12 months.
If we deliver our response electronically, the information enclosed will be “portable”, i.e. delivered in an easily usable format to enable you to transmit the information to another entity without hindrance – provided that this is technically feasible.
The right to request the deletion of your personal information
You have the right to request that we delete any of your personal information, subject to exceptions set forth by the law (such as, including but not limited to, where the information is used to identify and repair errors on this Application, to detect security incidents and protect against fraudulent or illegal activities, to exercise certain rights etc.).
If no legal exception applies, as a result of exercising your right, we will delete your personal information and direct any of our service providers to do so.
How to exercise your rights
To exercise the rights described above, you need to submit your verifiable request to us by contacting us via the details provided in this document (see sections 2 and 5).
For us to respond to your request, it’s necessary that we know who you are. Therefore, you can only exercise the above rights by making a verifiable request which must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it
We will not respond to any request if we are unable to verify your identity and therefore confirm the personal information in our possession actually relates to you.
If you cannot personally submit a verifiable request, you can authorize a person registered with the California Secretary of State to act on your behalf.
You can submit a maximum number of 2 requests over a period of 12 months.
How and when we are expected to handle your request
We will confirm receipt of your verifiable request within 10 days and provide information about how we will process your request.
We will respond to your request within 45 days of its receipt. Should we need more time, we will explain to you the reasons why, and how much more time we need. In this regard, please note that we may take up to 90 days to fulfil your request.
Our disclosure(s) will cover the preceding 12 month period.
Should we deny your request, we will explain you the reasons behind our denial.
We do not charge a fee to process or respond to your verifiable request unless such request is manifestly unfounded or excessive. In such cases, we may charge a reasonable fee, or refuse to act on the request. In either case, we will communicate our choices and explain the reasons behind it.
12. Links to other websites or offers
The website may contain links to the pages of other providers. Since we have no influence on these websites and offers, we recommend that you inquire about information regarding data protection that may be provided there. We assume no responsibility for the contents of the linked pages.