Privacy Policy

Please read this privacy policy carefully. According to European Data Protection Regulation no. 679/2016 ("Regulation"),  it describes the way of processing the personal data of the users ("Users") that access WEBSITE www.ginsanaproducts.com (the “Site”) and use the respective services (including require information or apply for a job position) made available by Ginsana SA ("Company") through the Site. The Company recognises the importance of offering Users of the Site services that are underpinned by a concern to protect their data and such as to enable each User to control their privacy throughout all the processing stages of their data.

This privacy policy applies exclusively to the processing of personal data carried out through the Site; any third party internet sites that can be consulted by the User via links are subject to the privacy policy issued by the operators of those respective third-party sites. It is recommended that Users inspect these documents before browsing on third-party sites. 
 

1. Data controller

The data controller of the personal data of Users that visit and browse at the Site or use the services available at the Site, is Ginsana SA , with registered office in Via Mulini, 6934 Bioggio (CH), telephone: +41 91 610 31 11, email: bioggio-info@sfihealth.com


2. Type of data

Browsing data and data providing directly by the User

For Users to consult the public pages of the Site they are not requested to provide personal data.   However, any contact with the Company, any optional, explicit, and spontaneous dispatch of messages, of electronic or traditional mail, to their addresses shall entail the subsequent acquisition of the address, including the e-mail address, of the sender or of the respective telephone number, if applicable, needed to reply to the requests, as well as of any other personal data included in the respective communications.  Such data, provided directly by the User, shall be used for the sole purpose of giving effect to the request of the User and can be notified to third parties only in the case where this is necessary for that purpose.  The data will be held for the time strictly necessary for providing the User with the service requested and shall not be disseminated.

In addition, the information systems and the computer programs used for operating the Site gather certain personal data the transmission of which is implicit in the use of internet communication protocols (for example, IP addresses or dominion names of the computers used by the Users that connect to the Site, URI -Uniform Resource Identifier- addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in reply, the numerical code for the status of the reply given by the server - successful, error etc., and other parameters relating to the User’s operating system and computer environment). Though the information is not gathered to be matched with the identified data subjects it could, by its nature, through processing and matching with data held by third parties, enable Users to be identified. 

This information is used solely to obtain statistical information - unmatched with an identifying  data item of the User - on the use of the Site and to check on its proper operation and is immediately cancelled after the being processed. 


3. The purposes of processing personal data 

Personal data is gathered and is processed for the purposes and in the ways listed below:

(1) for providing the services requested by Users (for example: to respond to an User query). In relation to these purposes Company may process the personal data without the consent of Users in accordance with letter b) article 6 of the Regulation;

(2) for fulfilling any obligations in law and/or in regulations (for example: duties to report safety accidents).  In relation to these purposes the data may be processed by the Company without the consent of Users in accordance with letter a), article 6 of the Regulation;

(3) for defending our rights both in court proceedings and out of court.  In relation to these purposes Company can process the personal data without the consent of Users in accordance with point f), article 6 of the Regulation;

(4) to conduct internal statistical analyses, subject to the data being anonymised, in order to improve the quality of the services.  In relation to these purposes Company may use the information freely in that it is anonymous and in aggregated form;


4. Users’ provision of data – obligatory or optional

Regarding the data processing purposes listed above, the provision of data marked as obligatory within the specific form (or in other circumstances where Users are requested to provide data) is necessary in order to use the services and any refusal makes it materially impossible to use the services.  For these data processing purposes the consent of Users need not be obtained.


5. Cookies

The Site gathers and uses technical and profiling cookies, including those of third parties. For details, or to deactivate all or some of the cookies used,click here 


6. Disclosure and release of the data 

The personal data of the User may be accessed by employee staff, as well as by non-employee personnel appointed by the Company, that need to process the data to carry out their duties (for example, digital function, administration) duly trained.  In addition, the personal data can be made available to third party companies that, on behalf of the Company, perform specific services in the role as Data Processors  (for example, IT services providers or hosting providers) or notified to third parties (a list of them is available on request following the procedures under article 10) that process the data independently and in accordance with the law as independent data controllers. 

The data may be notified to police forces or to the judicial authorities in accordance with the law and subject to a formal request from them. 

The personal data shall not be released or transferred to third parties so that they can use them for their own purposes.  In the event of extraordinary corporate operations (for example, the assignment or renting of a business, mergers, etc.), the data may be assigned or transferred to the third party buyers/leaseholders or title holders.


7. Transfer of data abroad

As a rule, personal data shall not be transferred abroad. If, in order to run the Site in a better and more efficient way, the data were to be transferred abroad, the Company undertakes to guarantee proper levels of protection and safeguard including of a contractual nature in accordance with the applicable rules, including making standard contract clauses. 


8. Security

Company in so far as it has competence, acknowledge the importance of protecting the personal data of the Users of the Site.  For this reason Company adopts policies and security measures of a technical and organisational nature to protect, having regard for the rules in force, the personal data of the Users and the information systems used in the operation of the Site.  In particular, Company has implemented measures to protect personal data against accidental or intentional tampering, loss, destruction, dissemination, or unauthorized access to data gathered online.

However, though Company continues to implement and improve security measures in line with the development of technology and of industry standards, for the very nature of the Internet these measures cannot restrict or totally exclude the risk of unauthorised access or the dissemination of data.  Accordingly, Users are advised to periodically update their software for protecting data transmission over networks (for example, antivirus software) and to check that their provider of electronic communication services has adopted suitable means for the security of data transmission over networks (for example, firewalls and ant spamming filters). 


9. Retention of data

Personal data shall be held for the time needed to achieve the purposes described above. In particular, the data shall be held for the entire duration of the relationship (for example to respond to Users' queries), as well as for the time necessary for fulfilling legal obligations.

Apart from such cases, personal data shall be held only to fulfil the legal and regulatory obligations on Company, or for evidential purposes connected with conducting a legal defence.


10. Rights of the data subject

According to articles 15-21 of the Regulation, Users can exercise the following rights: 

receive confirmation of the existence of his or her personal data, access its content and obtain a copy (rights of access);

  • update, rectify and/or correct his or her personal data (right to rectification);
  • request its erasure or restriction of processing of data processed in violation of the law, including that whose storage is not necessary in relation to the purposes for which the data was collected or otherwise processed (right to erasure and right to restriction);
  • refuse consent or withdraw consent, where provided, without detriment nor prejudice to the lawfulness of the processing based upon the consent provided before the withdrawal;
  • within the limit set forth in the Regulation, receive a copy of personal data in a structured, commonly used and machine-readable format and request that that personal data is sent to another data controller (right to data portability);
  • You also have the right to object to the processing of your data by Company in some circumstances, in particular where we don’t have to process the data to meet a contractual or other legal requirement and in compliance with the Regulation(right to object). 

For exercise your right, you can address your request to e-mail address: emea-dataprotection@sfihealth.com  or to the other contact details indicated above.

You also have the right to make a complaint to the data protection supervisory authority if User believes that its rights have been breached. 


11. Amendments

Company may amend or update this privacy policy, inter alia to comply with new duties imposed by laws in force or for technical needs.  The amendments and the updates will be notified to Users and shall be operative from the time of their publication on the Site. (Where, under the applicable rules, the amendments require Users’ consent, Users will be allowed to freely express their choice).  Accordingly, Users are invited to consult this page regularly to check on the most recently updated version of the privacy policy at the Site.

Last update:  June 2018