PRIVACY POLICY

1.INTRODUCTION

This privacy policy (hereinafter the “Privacy Policy“) describes the Processing (as hereinafter defined) of Personal Data (as hereinafter defined) by MBC Management Business Consultants, Switzerland (the “Company“) in its capacity as data controller (the “Data Controller“), as well as any other information required by law, including information on the rights of Data Subjects (as hereinafter defined) and on their exercise.

The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of Personal Data (the “Regulation“) lays down a set of rules on the protection of natural persons with regard to the Processing of Personal Data and to the free movement of the latter, safeguarding the fundamental rights and freedoms of the Data Subjects.

Art. 4 para. 1 of the Regulation sets forth that “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject“).

Pursuant to art. 4 para. 2 of the Regulation, the term “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Furthermore, according to art. 12 et seq. of the Regulation, the Data Subject has to be appropriately informed concerning (i) the Processing activities performed by the Company and (ii) the rights of Data Subjects.

2. DATA CONTROLLER 

The Data Controller pursuant to arts. 4 and 24 of the Regulation is the Company. The Data Controller may be contacted in writing at the above address of the Company or by sending an e-mail to: mbc@mbc-sa.com.

3.COLLECTION OF PERSONAL DATA

The Company collects Personal Data in many ways and, in particular by (a) direct interaction: information on Personal Data may be received directly from the Data Subject or when the Data Subject contacts the Company by ordinary or electronic mail and/or by (b) automated systems: technical data on operating systems, research parameters and browsing patterns concerning the Data Subject may be automatically collected if the latter visits the Company’s website. Such Personal Data are collected through cookies and similar devices. The Company’s cookie policy is available under the following link: cookie policy.

4.PROCESSING OF PERSONAL DATA

4.1    Without the consent by the Data Subject

The Personal Data provided by the Data Subject to the Company will be treated solely for the purposes regarding the performance of a prospective or existing professional assignment entrusted to the Company. Within the scope of these purposes, the Processing of Personal Data is also performed to comply with specific legal requirements concerning the contractual relationship and the fulfilment of the assignment. Finally, Personal Data will be processed in the presence of a Company’s legitimate interest to perform and manage the activity, with the intent to deliver enhanced services, after considering and balancing any potential impact on the Data Subject’s rights.

4.2    With the consent by the Data Subject

Upon express consent provided by the Data Subject, the Company will process Personal Data (name, surname, e-mail address, telephone number etc.) to convey communications containing information concerning the Company and its activities, which may include, among others: (i) events and meetings; (ii) various marketing activities and (iii) analysis of the Data Subject’s preferences and areas of interest, to enhance the services provided by the Company and meet their specific requirements/needs (the so called “profiling activity“).

5. CONSEQUENCES OF DENIED DATA DISCLOSURE

If the communication of Personal Data by the Data Subject and the consequent Processing by the Data Controller are required to establish or continue and appropriately carry out a pending relationship, such communication is mandatory. Refusal by the Data Subject to provide the Personal Data requested by the Data Controller may lead to the impossibility to execute and direct any contractual relationship with the Data Subject.

The disclosure of Personal Data for marketing purposes and profiling activities is optional but, if the Data Subject declines, the Company will be prevented from sending communications containing information about itself or about marketing or other promotional activities.

6. PROCESSING MODALITIES

In accordance with art. 5 of the Regulation, Personal Data concerned by Processing are:

(i)        processed lawfully, fairly and in a transparent manner in relation to the Data Subject;

(ii)       collected and recorded for specified, explicit and legitimate purposes and subsequently processed in ways that are compatible with such purposes;

(iii)     adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

(iv)     accurate and, where necessary, updated;

(v)       kept in a form which allows identification of the Data Subject for no longer than is necessary for the purposes for which the Personal Data are processed; and

(vi)     processed in a manner that ensures appropriate security.

In relation with the purposes listed above, Personal Data may be processed using paper and electronic means and, in particular, by ordinary mail or e-mail, telephone (e.g. automated calls, text messages), fax and any other IT instruments (e.g. websites, mobile apps) merely in connection with such purposes and, in any case, ensuring data security and confidentiality, in compliance with what is envisaged by the Regulation.

7. STORAGE OF PERSONAL DATA

Personal Data are processed and stored in cloud and on servers both within and outside the European Union, belonging or otherwise available to the Data Controller and/or to third-party companies in charge of the Processing, duly appointed as Data Processors.

The Personal Data concerned by Processing will be stored in compliance with the provisions set forth in art. 5 para. 1 lett. e of the Regulation in a form allowing the identification of the Data Subjects concerned for no longer than the time required to achieve the purposes indicated above, for which the Personal Data were originally collected and processed.

8. DISCLOSURE OF PERSONAL DATA

The Processing of Personal Data provided by the Data Subject will be performed by the professionals involved in the performance of the services, as well as by their supporting staff, through persons expressly and specifically appointed by the Data Controller, operating at the latter’s office in their capacity as Data Processors (art. 28 of the Regulation) or as persons acting under the authority of the controller or of the processor (art. 29 of the Regulation) or even as officials  expressly appointed for the Processing of Personal Data in accordance with the terms envisaged by the Regulation.

Personal Data may also be directly processed by the Data Controller and disclosed to third parties whenever such Processing serves legal or contractual obligations. For these purposes, Personal Data may be disclosed to external companies or professionals that may be collaborating with the Company for the purposes indicated in this Privacy Policy. The Company will always request to any such third party to respect the security of Personal Data and to treat them in compliance with the law.

In order to enable the fulfilment of legal and contractual obligations Personal Data may be communicated to service providers with Data Processor functions providing IT and system administrator services, to post offices, to shipping agents and couriers when sending documents, as well as to banking institutions carrying out accounting aspects deriving from the execution of the assignment, as well as to the Public Administration pursuant to the laws in force, as well as to any third parties providing IT or filing services.

The Personal Data of the Data Subject will not be publicised by the Data Controller, which will never disclose them or make them otherwise available to undetermined parties.

9. TRANSFER OF PERSONAL DATA

Personal Data may be transferred to countries of the European Union or to other countries within the Processing purposes described in this Privacy Policy. In case Personal Data are transferred outside the European Union, and in the absence of an adequacy decision by the European Commission, the Company will comply with the provisions envisaged by applicable rules and regulations on the transfer of Personal Data towards countries not belonging to the European Union.

10. RIGHTS OF DATA SUBJECTS

In compliance with the provisions of the Regulation, the Data Subject may exercise the rights indicated therein and in particular:

(i)        Right of access: the right to obtain confirmation as to whether or not Personal Data regarding the Data Subject are being processed, and, where that is the case, receive information, in particular on the purposes of the Processing, the categories of Personal Data being treated and the recipients to whom these may be disclosed,

(ii)       Right to rectification: the right to obtain the rectification of any inaccurate Personal Data regarding the Data Subject or the right to obtain the completion of any incomplete Personal Data,

(iii)     Right to be forgotten: the right to obtain the erasure of Personal Data regarding the Data Subject, in the cases envisaged by the Regulation,

(iv)     Right to restriction of Processing: the right to obtain from the Data Controller restriction of Processing, in the cases envisaged by the Regulation,

(v)       Right to data portability: the right to receive Personal Data concerning the Data Subject, which the latter has provided to the Data Controller,

(vi)     Right to object: the right to object to the Processing of one’s own Personal Data, unless legitimate grounds exist for the Data Controller to continue in their Processing.

Without prejudice for any other administrative or judicial remedy, the Data Subject who deems that the Processing concerning him- or herself is breaching the Regulation has the right to lodge a complaint with a supervisory authority, based in the Member State of his or her habitual residence, place of work or place of the alleged infringement, pursuant to art. 77 of the Regulation.

In order to exercise the above rights, the Data Subject may contact the Data Controller at the contact details referred to in Paragraph 1 of this Privacy Policy.

The exercise, at any time, of the right to withdraw his or her consent to the Processing of Personal Data is without prejudice for the lawfulness of the Processing performed by the Data Controller which is based upon the consent granted before the revocation.

11. CONTACT DETAILS

If you have any other questions about our Privacy Policy, please contact us at:

Management Business Consultants

Via Campagnora 9

6967 Dino-CH

Switzerland

e-mail: mbc@mbc-sa.com.