INFORMATION ON THE PROCESSING OF PERSONAL DATA


In compliance with the Federal Law on Data Protection (LPD) and EU Regulation 2016/679 (GDPR), we provide you with the necessary information regarding the processing of personal data provided while browsing the Data Controller’s website: https://www.cuervoysobrinos.com/.
In this regard, we specify that depending on your location or the location of the company you represent, your personal data will be processed in accordance with one of the two provisions mentioned above.
Please note that this information does not apply to other websites, pages, or online services accessible via hyperlinks published on the website, including those relating to social media pages. Therefore, we invite you to consult the respective privacy and cookie policies for these websites.

1. Website User

You, i.e., the person accessing our website to whom this information is addressed, are also referred to as the Data Subject.

2. Data Controller.

The Data Controller of your personal data is CUERVO Y SOBRINOS SA (hereinafter “Cys“), with registered office at Rue de la Gruère, 7 – 2350 Saignelégier and administrative headquarters at Via Carlo Maderno 54, 6825 Capolago, CH, tel. +41 919212773, contactable at the following email address: contact@cuervoysobrinos.com

3. Territorial representative in the European Union.

Pursuant to art. 27 of EU Regulation 2016/679, the Data Controller has identified INDO SRLS, Viale Giacomo Mancini, 156 – 87100 Cosenza (Cs) VAT number 03510180783, Tel. +39 02 87366082 Email dpo@indoconsulting.it, as its territorial representative in the European Union.

4. Purpose of processing, justification/legal basis, and retention period of your personal data

4.1. SITE AREAS WHERE CONTACT DETAILS ARE FOUND – Data provided directly by the Data Subject through the contact details indicated in the footer or on the navigation pages.

The explicit and voluntary sending of messages to the contact addresses on the site entails the acquisition of the sender’s contact details, as well as all personal data included in the communications.
This data is processed for the following purposes.

4.1.1. Contacting the User: Your contact details will be used for the purpose of contacting you and responding to your request. Providing this data is necessary to process your requests.
Justification: (for Users in Switzerland) Art. 31, paragraph 2, letter a), GDPR. a) DPA, overriding interest of the Data Controller, specifically, processing of data concerning the Data Subject in direct relation to the conclusion of a contract, the implementation of pre-contractual measures, and to fulfill specific requests from Users.
Legal Basis: (for EU Users) Art. 6, paragraph 1, letter b) GDPR, implementation of pre-contractual measures taken at the request of the Data Subject.
Retention Period: The data collected is processed for the time necessary to fulfill the request or for the validity period of the quote agreed between the parties.

4.2. CONTACT AREAS – Data provided directly by the Data Subject by completing forms to request information.

The explicit and voluntary completion of forms entails the acquisition of the sender’s contact details and identification, to allow them to request information on the Data Controller’s services and products.
This data is processed for the following purposes.

4.2.1. Contacting the User: Your contact information will be used for the purpose of contacting you and responding to your request. Providing the data marked with an asterisk is necessary to process your request.
Justification: (for Users in Switzerland) Art. 31(2)(a) of the FADP, overriding interest of the Data Controller, specifically, processing of data concerning the Data Subject in direct relation to the conclusion of a contract, the implementation of pre-contractual measures, and to respond to specific requests from Users.
Legal Basis: (for Users in the EU) Art. 6(1)(b) of the GDPR, implementation of pre-contractual measures taken at the request of the Data Subject.
Retention Period: The data collected is processed for the time necessary to process the request or for the validity of the quote agreed upon between the parties.

4.2.2. Marketing: Your contact details will be used for the purpose of sending various commercial and informative communications regarding the products and services sold by the Data Controller, for sending newsletters, advertising events, and promotional communications, and therefore to keep you updated on our offers. Providing this data is therefore optional, and consent, and therefore registration, can be given by checking the relevant box on the form. Failure to provide this data will only result in us not sending commercial offers, but will not prevent us from fulfilling your requests.
Justification: (for Users in Switzerland) consent of the Data Subject, Art. 3(1)(o) UCC and Art. 31(1) FADP. Cancellation can be made following the instructions at the bottom of each communication or by writing to the Data Controller.
Legal Basis: (for Users in the EU) consent of the Data Subject, Art. 6(1)(a) GDPR.
Retention period: until consent is revoked.

4.3. “REGISTRATION AND AUTHENTICATION” FORM – Data provided directly by the Data Subject by completing and submitting registration forms or by logging in to a reserved area.

The explicit and voluntary completion of the registration form or submission of the authentication form involves the acquisition of the sender’s contact details and their identification to allow access to the services offered in the reserved area.
This data is processed for the following purposes.

4.3.1. Registration and identification: Contact data will be used to identify registered Users and allow them access to the reserved area. Providing the data marked with an asterisk is required to register.
Justification: (for Users in Switzerland) Art. 31(2)(a) of the FADP, overriding interest of the Data Controller, specifically, processing of data concerning the Data Subject in direct relation to the conclusion of a contract to allow the User to use the services offered by the site in the reserved area.
Legal basis: (for Users in the EU) Art. 6(1)(b) of the GDPR, execution of contractual measures to allow the User to use the services offered by the site in the reserved area.
Retention period: Until the User requests deletion from the reserved area.

4.3.2. Marketing: Your contact information may also be used for direct marketing purposes, i.e., to send you commercial offers regarding our products and/or services. These communications may be sent via email or other channels such as telephone calls, regular mail, text messages, and social media. Providing this information is optional and can be done by selecting the appropriate box. Failure to provide it will only prevent us from sending commercial offers, but will not prevent us from fulfilling your requests.
Justification: (for Swiss Users) consent of the Data Subject, Art. 3(1)(o) UCA and Art. 31(1) FADP. Data may be deleted following the instructions at the bottom of each communication or by writing to the Data Controller.
Legal Basis: (for EU Users) consent of the Data Subject, Art. 6(1)(a) GDPR.
Retention Period: Until consent is revoked.

4.4. “E-COMMERCE” FORM – Data provided directly by the Data Subject by completing and submitting forms for the purchase of goods offered on the portal.

The explicit and voluntary completion and submission of the form, with or without registration, for the purchase of goods involves the acquisition of the Data Subject’s contact details and identification, to enable the desired purchases, as well as the selected payment details, information on orders placed, to pre-populate checkout information, and for shipping and invoicing.
This data is processed for the following purposes/purposes of processing.

4.4.1. Contractual purpose: to provide the purchase service of goods or services offered on the website. The provision of data marked with an asterisk is necessary to execute the contract.
Justification: (for Users in Switzerland) Art. 31 para. 2 lett. a) DPA, overriding interest of the Data Controller, specifically, processing of data concerning the Data Subject in direct relation to the conclusion of a contract.
Legal Basis: (for EU Users) Art. 6, paragraph 1, letter b) GDPR, execution of contractual measures adopted at the request of the Data Subject.
Retention Period: for the entire term of the contract and, consequently, for 10 years from the end of the financial year according to the Code of Obligations.

4.4.2. Soft Spam: Following purchases, your contact information will also be used for direct marketing purposes, i.e., to send you commercial offers relating to our products and/or services similar to those previously purchased. These communications may be sent via email. Providing this data is optional but occurs automatically at the time of purchase.
Justification: Processing permitted by law, specifically by Art. 3, paragraph 1, letter o) of the UCL, “in the context of the sale of goods, works, or services, obtains the contact details of its customers, informing them that they have the right to object to the sending of mass advertising via telecommunication; it does not act unfairly if it sends them, without their consent, mass advertising for its own similar goods, works, and services.”
Legal Basis: (for EU Users) Art. 6, paragraph 1, letter f) of the GDPR, legitimate interest of the Data Controller.
Retention period: until the User objects to the processing through the “Opt-out” system or by writing to the Data Controller.
For payment processing, the Company accepts payments by credit card (Mastercard and Visa) or through the PayPal payment platform. The data is acquired directly by the provider of the requested payment service. Processing occurs in the manner specified in the service’s privacy policy.

4.5. “CUSTOMER SERVICE – WARRANTY Activation” AREA
Through the platform, the Data Controller allows customers to activate the warranty for the purchased product.

This data is processed for the following purposes.

4.5.1. Product Warranty: allows customers to activate the warranty for the purchased product.
Justification: (for Users in Switzerland) Art. 31(2)(a) of the FADP, overriding interest of the Data Controller, specifically, processing of data concerning the Data Subject in direct relation to the conclusion of a contract.
Legal Basis: (for Users in the EU) Art. 6(1)(b) of the GDPR, execution of contractual obligations.
Retention Period: The data collected is processed for the duration of the warranty.

4.5.2. Marketing: Your contact information may also be used for direct marketing purposes, i.e., to send you commercial offers regarding our products and/or services. These communications may be sent via email or other channels such as telephone calls, regular mail, text messages, and social media. Providing this information is optional and can be done by selecting the appropriate box. Failure to provide it will only prevent us from sending commercial offers, but will not prevent us from fulfilling your requests.
Justification: (for Swiss Users) consent of the Data Subject, Art. 3(1)(o) UCA and Art. 31(1) FADP. Cancellation may be made following the instructions at the bottom of each communication or by writing to the Data Controller.
Legal basis: (for EU Users) consent of the Data Subject, Art. 6(1)(a) GDPR.
Retention period: Until consent is revoked.

4.6. NEWSLETTER SUBSCRIPTION AREA – Data provided directly by the data subject by completing and submitting the newsletter subscription form.

The optional, explicit and voluntary subscription to the newsletter on this site involves the acquisition of the sender’s contact information.

This data is processed for the following purposes:

4.6.1. Marketing: Your contact information will be used to send various commercial and informational communications regarding the products and services sold by the Data Controller, to send newsletters, to notify you of advertising events, to send promotional communications, and to keep you updated on our offers. Providing this data is therefore optional, and consent, and therefore subscription, can be given by checking the relevant box on the form.
Justification: Consent of the Data Subject, Art. 3, paragraph 1, letter o) of the LCSI and Art. 31, paragraph 1) of the LPD, expressed through the double opt-in procedure.
Basis Legal: (for EU Users) Data Subject’s consent, Art. 6, paragraph 1, letter a) GDPR, expressed through the double opt-in procedure.
Retention period: Until consent is withdrawn using the opt-out procedure indicated in each newsletter communication or by writing to the Data Controller.

4.7. “CUSTOMER SERVICE – instruction manuals” AREA.
Through the platform, the Data Controller allows Users to download product manuals free of charge by saving the document to their hard drive or computer.

4.8. “FIND A STORE” AREA – Geolocation data provided by the data subject.

Through the platform, the Data Controller allows Users to activate geolocation to find the sellers closest to their location.

This data is processed for the following purpose/purpose of processing:

4.8.1. Find a store: Your contact details will be used to receive information on the stores closest to your location. Providing this data is therefore optional, and consent can be given by clicking on the “Activate Location” button.
Justification: Consent of the Data Subject, Art. 3, paragraph 1, letter a) of the GDPR. o) LCSI and Art. 31, paragraph 1) LPD, expressed with the spontaneous activation of the location.
Legal basis: (for EU Users) consent of the Data Subject, Art. 6, paragraph 1, letter a) GDPR, expressed with the spontaneous activation of the location.
Retention period: until the location is deactivated from the User’s device or, in any case, for the duration of the browsing session.
Failure to provide this data will make it impossible to receive information on the stores closest to your location.

4.9. WEBSITE BROWSING DATA
This website, for its proper functioning, acquires certain personal data during normal navigation, including the IP addresses or domain names of the computers used by Users connecting to the site, the URI (Uniform Resource Identifier) ​​addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), and other parameters relating to the User’s operating system and IT environment. For further information, please refer to the Cookie Policy.

Our website collects some of this data, and in some cases, also through cookies, for the following purposes:

4.9.1. Security: for security purposes or to comply with legal obligations, in the event of access to the systems. The data may be disclosed to the competent authorities, upon their request, for security reasons and in the public interest. Providing the data is necessary.
Justification: (for Users in Switzerland) Art. 31(1) FADP, processing justified by law.
Legal Basis: (for Users in the EU) Art. 6(1)(c) GDPR, legal obligation.
Retention Period: The data collected is processed in accordance with the law, and in any case for a period no longer than that required by law; please refer to the Cookie Policy for this point.

4.9.2. Website Usability: The processing is carried out for the purpose of making the website usable, enabling basic functions if the website is unable to function properly. The provision of data is strictly necessary for the operation of the website and the provision of the navigation service on the platform. The provision of data is necessary.
Justification: (for Users in Switzerland) Art. 31(2)(a) FADP, overriding interest of the Data Controller.
Legal Basis: (for EU Users) Art. 6, paragraph 1, letter f) GDPR, legitimate interest of the Data Controller
Retention Period: Until the duration of the browsing session or according to the retention periods for Cookies; see the Cookie Policy for details.

4.9.3. Statistics: Processing is carried out for statistical purposes to help the Data Controller understand how visitors interact with the site by collecting and transmitting information anonymously. Providing data is optional and is done via the cookie banner.
Justification: (for Swiss Users) Art. 31(1) FADP, consent of the data subject.
Legal basis: (for EU Users) Art. 6(1)(a) GDPR, consent of the data subject.
Retention period: according to the retention periods for Cookies; please refer to the relevant cookie policy for this point.

4.9.4. Marketing: Processing is carried out for the purpose of providing personalized ads or marketing content and to measure performance.
Justification: (for Swiss Users) Art. 31(1) FADP, consent of the data subject.
Legal basis: (for EU Users) Art. 6, paragraph 1, letter a) GDPR, consent of the data subject.
Retention period: according to the retention periods for Cookies, see the relevant cookie policy for details.

4.10. SOCIAL MEDIA
If the User decides to share certain content from the Site via one or more social networks (Facebook, Twitter, Google+, Pinterest, LinkedIn, Instagram, WhatsApp) and if the User has enabled the sharing of their account data with third-party applications, this Site may collect and communicate certain information from their account to the social networks with which the sharing is performed. The User can disable the sharing of their account data with third-party applications by accessing their account settings. For more information, please visit the website of the social network(s) to which they are registered (www.facebook.com, www.twitter.com, www.google.com, www.pinterest.com, www.linkedin.com, www.instagram.com).
Please note that this information does not apply to pages or online services accessible via hyperlinks published on the Site; therefore, we encourage you to consult their respective privacy and cookie policies.

5. Categories of recipients of personal data, communication and dissemination.

Your data will not be disclosed to unspecified parties by making it available or consulting it.

We communicate your data to the following categories of parties:

5.1. Collaborators or other personnel authorized to process data (for example, administrative, sales, accounting, and system administrators) to the extent necessary to carry out their duties at the Data Controller, subject to a prior letter of appointment imposing the duty of confidentiality and security.

5.2. Consultants or suppliers acting as data processors (for example, hosting providers, IT companies, communications agencies, or other parties performing outsourced activities on behalf of the Data Controller) to the extent necessary to carry out their duties at the Data Controller, subject to a prior contract imposing the duty of confidentiality and security.
– The website is hosted by OVHcloud, located in France.
– To send commercial information, we use Mailchimp, located in the United States.
– To manage consent to site cookies, we use Axeptio, located in France.
– To manage online payments, we use PayPal, located in the United States, and Skrill, operated by Paysafe Holdings UK Limited, located in the United Kingdom.
– For statistics via cookies, we use Google Analytics, located in Ireland and the United States.

5.3. Entities and, in general, any public or private entity to which we have an obligation (or right recognized by law or secondary or EU legislation) or need to communicate, within their respective and specific areas of expertise, such as:
i) cantonal and federal authorities (e.g., for accounting or tax reasons, etc.) if there is a legal notification requirement;
ii) other recipients (e.g., banks);
iii) offices responsible for collecting outstanding debts.
The Data Controller uses exclusively certified and secure service providers that:
(i) are established in Switzerland;
(ii) are established in the EEA, particularly in France through the services provided by OVHcloud and Agilitation (Axeptio), and in Ireland through Google Analytics tracking systems (cookies).
(iii) are established outside the EEA, specifically:
– in the United Kingdom, through Skrill payment methods. This occurs only after verification of the implementation of the guarantees required by Federal-European laws, as a country recognized as adequate.
– in the United States, through Google Analytics tracking systems (cookies), the office packages provided by Microsoft Corporation, the MailChimp marketing communications tool, and through the payment services provided by PayPal. This occurs only after verification of the implementation of the guarantees required by Federal-European laws, to eligible third parties who have adhered to the Data Privacy Framework protocol through the self-certification procedure: for EU Users, according to the EU-US DPF; for Swiss Users, according to the Swiss-US DPF; therefore, the transfer is authorized.
Therefore, personal data will not be disclosed to suppliers who do not adequately protect data in accordance with Swiss law.
The interested party may request further information by writing to the following email address: contact@cuervoysobrinos.com or to our territorial representative at the following email address: dpo@indoconsulting.it

6. Processing Methods
Data is processed using appropriate technical and organizational measures to ensure that the security of personal data is adequate to the risk. Processing may be carried out both on paper and with the aid of automated IT tools for storing, managing, and transmitting the data.
This site uses SSL encryption for security reasons and to protect data transmission. You can recognize a secure connection by the browser address bar. If SSL security is enabled, the data transmitted cannot be read by third parties.

7. Rights of Data Subjects

7.1. If you are domiciled in Switzerland

Articles 25 to 32 of the FADP grant you the following rights and claims, within the prescribed legal framework:
• right of access to request information on the processing of your personal data;
• right to request the updating and rectification of your personal data;
• right to request the restriction of processing and disclosure to third parties;
• right to request erasure or destruction;
• right to request a ban on processing or disclosure to third parties;
• right to request disclosure of the contested nature or a judgment.
If you have a complaint about how we handle your data, we would like to hear from you, but you also have the right to lodge a complaint with the Federal Data Protection and Information Commissioner.

7.2. If you are domiciled in the EU
Articles Articles 15 to 21 of the GDPR grant you the following rights, within the prescribed legal framework:
• Right of Access pursuant to Art. 15 of the GDPR and Right to Rectification (to modify them) pursuant to Art. 16 of the GDPR
• Right to erasure pursuant to Art. 17 of the GDPR and Right to restriction of processing (i.e., to not subject such data to further processing and to no longer be modified) pursuant to Art. 18 of the GDPR
• Right to data portability (i.e., to receive personal data concerning you, processed by automated means, in a structured, commonly used, and machine-readable format and to transmit that data to another Data Controller or to directly transfer it) pursuant to Art. 20 of the GDPR
• Right to object to processing (i.e., to object to the processing of your data, as well as to the sending of advertising materials, direct sales, and market research). pursuant to Art. 21 of the GDPR
If you have a complaint about how we handle your data, we would like to hear from you. However, you also have the right to lodge a complaint with the supervisory authority competent for the country in which you habitually reside, without prejudice to any other administrative or judicial remedy.

8. How to Exercise Your Rights

To exercise your rights and claims, in the manner and within the timeframes prescribed by the LPD or GDPR, we invite you to contact the Data Controller directly at the following email address: contact@cuervoysobrinos.com or our Local Representative at the following email address: dpo@indoconsulting.it.
Please note that the collection of website navigation data, so-called technical or functional cookies (limited to those collected to make the website usable, enabling only basic functions), are essential for the functioning of the site itself. Users, therefore, have no right to limit such processing.
We kindly ask you to promptly notify the Data Controller or its Local Representative in the European Union designated by us of any changes to your personal data in order to comply with Article 6 of the LPD and/or Article 13 of the GDPR. 16 of the GDPR which requires that the data collected be accurate and, therefore, up to date.