Privacy policy on the processing of personal data on the website millionflowers.ch
Pursuant to Article 13 Regulation (EU) 2016/679 (GDPR) and Article 19 of the FDPA.
Pursuant to Article 19 of the Federal Data Protection Act (FDPA) and Article 13 Regulation (EU) 2016/679 (GDPR)We provide you with the necessary information regarding the processing of personal data collected during your experience on our website https://www.millionflowers.ch/index/
1. CATEGORIES OF PERSONAL DATA PROCESSED | DEFINITIONS
The personal data provided by you – or otherwise acquired in compliance with the legislative and contractual provisions in force – inherent in, connected with and/or instrumental to the assessment of your experience on our website, will be processed in compliance with the provisions privacy laws and the obligations of confidentiality applicable to you.
Personal Data: all information relating to an identified or identifiable person.
In particular, we will process the following personal data: browsing data (for information on data collected through cookies, please see our Cookie Policy); data provided voluntarily by the user (when sending the form in the “Contacts” area of our website, such as: name, surname, email address, telephone number).
Data subjects: natural or legal persons whose data is processed (also referred to as “you”).
Processing: any operation with personal data, irrespective of the means applied and the procedure, and in particular the collection, storage, use, revision, disclosure, archiving or destruction of data.
Disclosure: making personal data accessible, for example by permitting access, transmission or publication.
2. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
The company that determines the purposes and means of this processing of personal data is TM MILLION FLOWERS BY CICCONE, a company under Swiss law with registered office in Rigiweg 21 – 8704 Herrliberg, CH- 020.1.081.092 (also referred to as the “Data Controller” or the “Company” or “we”).
The contact details of the Data Controller are as follows: tm@millionflowers.ch
3. PURPOSES OF THE PROCESSING | JUSTIFICATION | DATA RETENTION PERIOD
PURPOSE OF THE PROCESSING | JUSTIFICATION | LEGAL BASIS | DATA RETENTION PERIOD | NATURE OF CONTRIBUTION |
a) Activities strictly necessary for the navigation on this website, and to control website’s correct functioning.
It should be noted that the computer systems responsible for the operation of this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of computers and terminals used by users, addresses in URI/URL (Uniform Resource Identifier / Locator) notation of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. |
Overriding interest | Legitimate interest of the Data Controller. | Data will be retained until the end of the browsing session. For personal data processed with technical cookies, please read our Cookie Policy. | Providing it is necessary to navigate the site. |
b) Ottenere informazioni statistiche anonime sull’uso del sito. | Overriding interest of the data controller | Legitimate interest of the data controller | Please read our Cookie Policy. | Overriding interest of the data controller | Legitimate interest of the data controller |
c) Responding to requests received through the “Contact” area, found on this site. | Overriding interest of the data controller | Legitimate interest of the data controller | Data will be kept as long as necessary to achieve the purpose and may be kept for up to 10 years if a business relationship is established | The provision is necessary to achieve this purpose. |
3.1 MEANS OF DATA PROCESSING
The processing will be carried out in automated and/or manual form, using methods and tools designed to ensure maximum security and confidentiality, by subjects specially trained to do so. The personal data collected will be kept in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed.
4. RECIPIENTS OF PERSONAL DATA
We may share personal information with employees and/or personnel acting under the authority of the Data Controller (duly instructed to do so), as well as third parties bound to the Data Controller by contractual relationship, for the purpose of fulfilling contractual obligations and fulfilling one or more of the aforementioned processing purposes. These third parties will process the data provided as data controllers or independent data controllers. Specifically, we may share personal data collected with the following categories of recipients: a) entities that provide services related to the operation of this website (e.g., hosting providers, webmasters); b) support and consulting companies (e.g., web&digital marketing agencies); c) competent authorities for compliance with legal obligations and/or the provisions of public bodies, upon request.
5. TRANSFERS OF PERSONAL DATA OUTSIDE THE CONFEDERATION
This website is hosted in Switzerland and data transfer outside the Confederation is not envisaged.
6. RIGHTS OF THE DATA SUBJECT
According to the FDPA, you have the following rights (non-exhaustive list):
● to obtain the rectification of inaccurate or obsolete personal data; ● to be informed in writing and free of charge if personal data concerning you are being processed; ● prevent the communication to third parties of sensitive personal data; ● to obtain the portability of personal data or to demand their transmission to a third party; ● to request the restriction or blocking of data processing, the prevention of data disclosure to third parties or rectification or destruction of personal data; ● the right to request that a given processing of personal data be prohibited, that a given communication of personal data to third parties be prohibited, or that certain personal data be deleted or destroyed; ● if neither the correctness nor the inaccuracy of the personal data can be proved, to request that a note be added to the data to indicate its disputed nature; ● to request that the rectification, destruction, blocking, in particular the communication to third parties, as well as the mention of the disputed character or the judgment be communicated to third parties or published; ● to have the unlawfulness of the processing of personal data declared. |
According to the GDPR, you have the following rights:
● to obtain from the controller confirmation as to whether or not personal data concerning you are being processed (Access); ● to obtain from the controller without undue delay the rectification of inaccurate personal data concerning (Rectification); ● to obtain from the controller the erasure of personal data concerning you (Erasure); ● to obtain from the controller restriction of processing (Restriction); ● to receive the personal data concerning you, which you provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (Data portability); ● to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you (Objection). |
With the exemption of any other administrative or jurisdictional remedy, if the user considers that the processing of his or her data breaches the provisions of the FDPA, he or she has the right to file a complaint with the competent supervisory authority (for Switzerland: the Federal Data Protection and Transparency Commissioner; for the European Economic Area, you can visit the website of the European Data Protection Board here https://edpb.europa.eu/about-edpb/about-edpb/members_en).
You may exercise your rights under the FDPA and the GDPR (insofar as they are applicable) by contacting the Data Controller by writing at the above-indicated contacts.
7. ADDITIONAL INFORMATION | MODIFICATIONS | UPDATES
We do not sell any of the personal data we process.
The Data Controller reserves the right to revise, update, add or remove any part of the present privacy policy at its own discretion and at any time. In case of modifications, the date of update will be indicated.
Date of last update: September 15, 2023