With this Privacy Policy, we explain which personal data we process in connection with our activities and operations, including our https://desalvatoreconsulting.ch/ website. In particular, we explain for what purposes, how, and where we process which personal data. We also explain the rights of individuals whose data we process.
For individual or additional activities and operations, further privacy policies and other legal documents such as General Terms and Conditions (GTC), Terms of Use, or Participation Conditions may apply.
1. Contact addresses
Responsibility for the processing of personal data:
De Salvatore Consulting GmbH
Bahnhofplatz 1
8001 Zurich
Switzerland
We will point out if, in individual cases, there are other controllers responsible for the processing of personal data.
2. Terms and legal bases
2.1 Terms
Personal data comprises all information that relates to an identified or identifiable natural person. A data subject is a person about whom we process personal data.
Processing includes any handling of personal data, regardless of the means and procedures applied, for example querying, matching, adapting, archiving, retaining, reading, disclosing, procuring, recording, collecting, deleting, unveiling, arranging, organizing, storing, altering, distributing, linking, destroying, and using personal data.
2.2 Legal bases
We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (Datenschutzgesetz, DSG) and the Ordinance to the Federal Act on Data Protection (Datenschutzverordnung, DSV).
3. Type, scope, and purpose
We process those personal data that are necessary to be able to carry out our activities and operations on an ongoing, user-friendly, secure, and reliable basis. Such personal data may in particular fall into the categories of master and contact data, browser and device data, content data, metadata and usage data, location data, sales data, as well as contract and payment data.
We process personal data for the duration required for the respective purpose(s) or as required by law. Personal data that are no longer necessary will be anonymized or deleted.
We may have personal data processed by third parties. We may process personal data jointly with third parties or transfer them to third parties. Such third parties are in particular specialized providers whose services we use. We ensure data protection with such third parties as well.
We process personal data only with the consent of the data subject, unless processing is permissible for other legal reasons. Processing without consent may be permissible, for example, to perform a contract with the data subject and for corresponding pre-contractual measures, to safeguard our overriding legitimate interests, because the processing is apparent from the circumstances, or after prior information.
In this context, we particularly process information that a data subject voluntarily provides to us when making contact—e.g., by postal mail, email, instant messaging, contact form, social media, or telephone—or when registering for a user account. We may store such information, for example, in an address book, in a customer relationship management system (CRM), or with comparable tools. If we receive data about other persons, the persons transmitting such data are obliged to ensure data protection for those persons and to guarantee the accuracy of such personal data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, insofar as such processing is permissible for legal reasons.
4. Personal data abroad
As a rule, we process personal data in Switzerland. However, we may also disclose or export personal data to other countries, in particular to process them there or have them processed.
We may disclose personal data to all countries and territories on Earth as well as elsewhere in the universe, provided that the law applicable there ensures adequate data protection according to a decision of the Swiss Federal Council.
We may disclose personal data to states whose law does not ensure adequate data protection, provided that suitable data protection is guaranteed for other reasons. Suitable protection may be ensured, for example, through appropriate contractual agreements, on the basis of standard data protection clauses, or with other suitable safeguards. In exceptional cases, we may export personal data to countries without adequate or appropriate protection if the specific data protection requirements are met, for example the express consent of the data subjects or a direct connection with the conclusion or performance of a contract. Upon request, we will gladly provide information about any safeguards or furnish a copy of such safeguards.
5. Rights of data subjects
5.1 Data protection rights
We grant data subjects all rights in accordance with the applicable data protection law. In particular, data subjects have the following rights:
- Access: Data subjects may request information on whether we process personal data about them and, if so, which personal data are involved. Data subjects also receive the information required to assert their data protection rights and to ensure transparency. This includes the personal data processed as such and, among other things, details about the purpose of processing, the retention period, any disclosure or export of data to other countries, and the origin of the personal data.
- Rectification and restriction: Data subjects may have inaccurate personal data corrected, incomplete data completed, and the processing of their data restricted.
- Erasure and objection: Data subjects may have personal data erased (“right to be forgotten”) and object to the processing of their data with effect for the future.
- Data provision and portability: Data subjects may request the provision of personal data or the transfer of their data to another controller.
We may defer, restrict, or refuse the exercise of data subjects’ rights to the extent permitted by law. We may point out any prerequisites that must be met to exercise data protection rights. For example, we may refuse to provide information in whole or in part with reference to trade secrets or the protection of other persons. We may also refuse the erasure of personal data in whole or in part with reference to statutory retention obligations.
We may exceptionally provide for costs associated with the exercise of rights. We will inform data subjects in advance of any such costs.
We are obliged to identify data subjects who request information or assert other rights by appropriate measures. Data subjects are obliged to cooperate.
5.2 Right to lodge a complaint
Data subjects have the right to enforce their data protection claims through the courts or to lodge a complaint with a competent data protection supervisory authority.
The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
6. Data security
We take appropriate technical and organizational measures to ensure a level of data security appropriate to the respective risk. However, we cannot guarantee absolute data security.
Access to our website is secured by transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.
Our digital communications—like any digital communication—are subject to mass surveillance without cause or suspicion and other monitoring by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence on the related processing of personal data by intelligence services, police, and other security authorities.
7. Use of the website
7.1 Cookies
We may use cookies. Cookies—our own (first-party cookies) as well as cookies from third parties whose services we use (third-party cookies)—are data stored in the browser. Such stored data need not be limited to traditional text-form cookies.
Cookies may be stored in the browser temporarily as “session cookies” or for a specified period as so-called permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a defined storage period. Cookies make it possible, in particular, to recognize a browser upon a subsequent visit to our website and thereby, for example, to measure the reach of our website. Permanent cookies may also be used, for instance, for online marketing.
Cookies can be disabled and deleted