Privacy policy
This policy is provided pursuant to Art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (so-called “General Data Protection Regulation” or “GDPR”) and the data protection laws of the Swiss Confederation, in particular the Federal Act on Data Protection of 25 September 2020 and the Data Protection Ordinance (DPO) of 31 August 2022. It is provided by the Data Controller, i.e. the person who, individually or jointly with others, determines the purposes and methods for the processing of personal data.
The Data Controller, aware of the importance of guaranteeing the security of personal information, provides the information necessary to make the user (hereinafter “User” or “Data Subject”) aware of the characteristics and methods used to process his/her personal data.
Data Controller | Who determines the purposes and methods used to process data? |
ECSA Chemicals AG, with registered office in CH-9230 Flawil, Burgauerstrasse, 17, CHE-103.950.878, in the person of the legal representative pro tempore, in the quality of Data controller (hereinafter “Data Controller”). |
Subject of the processing | What personal data are processed? |
The personal data that may be processed are the User’s data collected when the User browses the website and when he/she uses the functions and services of the website. In particular, the Data Controller may process: personal data whose transmission is connected to the use of Internet communication protocols (navigation data, such as page accesses, amount of data transferred, status message after accesses, session ID numbers, IP addresses, URL addresses, location data, display language, coordinated universal time, etc.);ordinary personal data (e.g. registration data, personal data, contact details, e-mail address). |
Storage period | How long are the data kept for? |
The User’s personal data will be stored: for the purpose connected to the provision of the functions and services of the website: the User’s personal data will be stored, in compliance with the provisions of the law, for a period not exceeding that necessary for the pursuit of this purpose. As a rule, personal data are kept for a few days (unless specific requests from the public authority requires data to be stored for longer);for purposes related to registration on the website: the User’s personal data will be stored, in compliance with the provisions of the law, for a period not exceeding that necessary for the pursuit of this purpose. As a rule, personal data are kept for as long as the User is a registered user of the website;for the purpose related to responding to reports, questions and/or requests made by the User:the User’s personal data will be kept, in compliance with the provisions of the law, for a period not exceeding that necessary for the pursuit of this purpose. As a rule, personal data are stored, depending on the subject and type of messages, for the time necessary to respond to reports, questions and/or requests made by the User and in any case no more than 10 years from the time of collection;for purposes related to the protection of rights and the management of website security: in compliance with the provisions of the law, for a period not exceeding that necessary for the pursuit of this purpose. As a rule, personal data are stored for no more than 10 years from the time of collection;for the purpose connected to the sending of newsletters: in compliance with the provisions of the law, for a period not exceeding that necessary for the pursuit of this purpose. As a rule, personal data are kept for as long as the User is subscribed to the newsletter;for the purposes related to the issue of the Fidelity Card and participation in the related loyalty programmes: in compliance with the provisions of the law, for a period not exceeding that necessary for the pursuit of this purpose. As a rule, personal data are kept for as long as the User holds the Fidelity Card and participates in the related loyalty programmes;for the purpose connected to the sending of commercial communications to customers (soft spam): in compliance with the provisions of the law, for a period not exceeding that necessary for the pursuit of this purpose and in any case no longer than 24 months from the time of collection;for the purpose connected to the sending of commercial communications to existing, prospective or potential customers (direct marketing): until consent is withdrawn or in compliance with the provisions of the law, for a period not exceeding that necessary for the pursuit of this purpose and in any case no longer than 24 months from the time of collection;for the purpose connected to the transfer of the User’s personal data to the other companies of the ECSA Group: until consent is withdrawn or in compliance with the provisions of the law, for a period not exceeding that necessary for the pursuit of this purpose and in any case no longer than 24 months from the time of collection; |
Methods of data processing | How are the data processed? |
The processing of personal data will be carried out with the use of electronic tools. The processing of personal data will be based on the principles of lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality and will be carried out with computerised procedures (and residually through manual or paper tools), suitable for guaranteeing data security and confidentiality, also through the use of suitable procedures that avoid the risk of destruction, loss, modification, unauthorised disclosure, unauthorised access to transmitted, stored or, in any case, processed personal data. |
Access, communication and dissemination | Who can access and process the data? |
Personal data may be made accessible to workers or collaborators, who have been expressly trained and authorised to process data and who work for or under the direct authority of the Data Controller. Personal data may also be processed by third parties that, on behalf of the Data Controller, carry out outsourced activities and have proven they have adopted technical and organisational measures that can guarantee data security. These third parties, expressly designated as processors of personal data, will be provided with adequate operating instructions. These subjects are essentially included in the following categories: companies that offer management and maintenance services for IT systems and websites;companies that offer support for market studies;companies that perform management and maintenance services for the database of the Joint Controllers;companies that offer e-mailing services;companies that offer services for the management of the marketing automation platform;companies that provide organisational support and event reception services. The processed personal data cannot be communicated to other specific subjects, with the exception of the cases provided for by current legislation, such as, for example, communication to the Authorities and control and supervisory bodies and, in general, communication to third parties, including private individuals, who can legitimately request and receive data, or to Public Authorities who expressly request data from the Data Controller for administrative or institutional purposes. Furthermore, personal data may be communicated to other specific subjects if the User explicitly consents to transmission. The processed data cannot be disclosed to indeterminate subjects. |
Rights of the data subjects | What are the rights of the data subject? |
The User has the right to: obtain confirmation from the Data Controller as to whether or not personal data concerning him/her are being processed and, in this case, have access to personal data and other related information, also receiving a copy (right of access); obtain from the Data Controller the rectification of inaccurate personal data and/or the integration of incomplete personal data concerning him/her (right to rectification); in the foreseen cases, obtain the cancellation of personal data from the Data Controller (right to erasure); in the foreseen cases, obtain from the Data Controller the restriction of the processing of all or part of the personal data processed by the Data Controller (right to the restriction of processing); in the event that the processing is based on consent or on the execution of a contract the User is party to and is carried out in an automated way, request and receive from the Data Controller, in a commonly used electronic format, the personal data that concern him/her, as well as, if technically feasible, the transmission to another Data Controller (right to data portability); withdraw, at any time, any consent given in relation to the processing of personal data (right to withdraw consent); in the foreseen cases, object, in whole or in part, to the processing of personal data (right to object); in the foreseen cases, not to be subjected to a decision based solely on automated processing. If the User believes that the data processing is in violation of European and Swiss legislation on the protection of personal data, he/she has the right to lodge a complaint with the competent Supervisory Authority or, in the cases provided for, to appeal to the appropriate judicial offices. |
Exercise of rights | How can the data subject exercise his/her rights? |
The User may exercise his/her rights at any time by contacting the Controller: ECSA Chemicals AG Burgauerstrasse 17 CH-9230 Flawil (Switzerland) e-mail: privacy@ecsa.ch |
Data Protection Officer | How can the Data Protection Consultant be contacted? |
The User may exercise his/her rights at any time by contacting the Data Protection Consultant or the Data Protection Officer (DPO) by writing to this e-mail address: studiobarbieri@mywaysec.com |
Cookies | Which cookies are used and what function do they perform? |
The website uses so-called cookies to guarantee the provision of the functions and/or services of the website itself, as well as to improve the way it functions. What are cookies? Cookies are small text fragments, normally made up of letters and/or numbers, which are sent by the visited website and stored by the internet browsing software (browser) installed on the device (personal computer, smartphone, tablet, etc.) used by the User for navigation. The cookies are then transmitted back to the website the next time the User visits the website. The information encoded in cookies may include personal data, such as an IP address, username or e-mail address, but may also contain non-personal data, such as language settings or information about the type of device a person is using to navigate the website. Cookies can therefore perform important and different kinds of actions, including monitoring sessions, storing information on specific configurations related to users accessing the server or facilitating the use of online content. They can, for example, be used to track items in an online shopping cart or information used to fill out a computer form. If, on the one hand, cookies can be used to make web pages load faster, as well as route information on a network (therefore in line with obligations strictly connected to the operation of the websites themselves), it is also through cookies that behavioural advertising can be delivered and the effectiveness of the advertising message can be measured. Cookies can also be used to adapt, to the user’s behaviour, the type and methods of services provided. The same result can also be achieved through the use of other tracking tools, which allow for processing similar to that performed through cookies. These tracking tools include fingerprinting, which allows the device the User is browsing on to be identified (through the collection of all or some of the information relating to the specific configuration of the device adopted by the user). This technique can be used to achieve the same profiling purposes also aimed at displaying personalised behavioural advertising and analysing and monitoring the behaviour of website visitors, or to adjust the type and methods of rendered services to user behaviour. From now on, these tracking tools will also be included in the definition of cookies. How are cookies classified? Cookies can be classified according to: purpose (technical, analytical or profiling cookies);provenance (first-party cookies or third-party cookies);duration (session cookies or persistent cookies). Based on their purpose, cookies are divided into technical cookies, analytical cookies and profiling cookies. Technical cookies are used for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary for the provider of an information society service explicitly requested by the user to provide this service. Technical cookies are essential for a website to function correctly and are used to manage various services related to the website itself (e.g. logging in or access to reserved functions on the sites). The duration of cookies is strictly limited to the work session or they can remain for longer in order to remember the user’s choices. Disabling strictly necessary cookies can compromise the user experience and navigation of the website. The prior acquisition of the user’s consent is not required for the use of technical cookies. Analytical cookies are cookies used to collect information on the use of the website. In particular, they are useful for statistically analysing accesses or visits to the site itself and for improving its structure, navigation logics and contents. The information collected is used to carry out statistical analyses in order to improve the use of the website and possibly to make the contents more interesting and relevant to the User’s wishes. Since they are not necessary for the website to function, analytical cookies can be used only after acquiring the user’s consent. However, analytical cookies that adopt minimisation measures that reduce the identifying power of data (e.g. anonymised by masking portions of the IP address of the User browsing the website) can be compared to technical cookies, so the prior acquisition of the user’s consent is not required for their use. Profiling cookies are used to trace the User’s navigation, analyse his/her behaviour and create profiles regarding user tastes, habits or choices, etc. In this way it is possible, for example, to transmit targeted advertising messages in relation to the user’s interests and in line with the preferences expressed by the user when browsing online. The prior acquisition of the user’s consent is required for the use of profiling cookies. Based on their origin, cookies are divided into first-party cookies and third-party cookies. First party cookies are installed directly by the website that the user is visiting, while third-party cookies are installed by a domain that is not the one the user is visiting. This may occur if the visited website incorporates elements from other sites, such as images, plug-ins from social media and social networks or advertisements, or if there are widgets and other tools for interconnection with external sites and features. In the case of third-party cookies installed through the website, the obligations regarding the protection of personal data (e.g. providing the privacy policy and acquiring consent for the use of cookies) involve the third parties and it is possible to object to cookie use directly on the third-party website. Based on the duration, cookies are divided into session cookies and persistent cookies. Cookies that expire at the end of a browser session (normally when a user closes their browser) are defined session cookies and are used, for example, to memorise a user’s purchase order, or for security purposes, such as when logging into personal internet banking or webmail account. Cookies which, on the other hand, are stored for a longer period of time (between one session and another, even after closing the browser) are called persistent cookies and are useful, for example, to remember user preferences or to offer targeted advertising. What are the cookies used by the Data Controller’s website? The cookies used by the Data Controller’s website are only technical cookies or analytical cookies with minimisation measures that reduce the identifying power of the data (equivalent to technical cookies), to guarantee the provision of the functions and/or services of the website as well as to improve the way it functions. The prior consent of the User is not required for the installation of these cookies. The website uses “Google Analytics”, a Google web analysis service, which allows the collection of information useful for analysing how visitors use the website, with the aim of improving the way the website functions. When using Google Analytics, parts of the IP address are masked, so it is not possible to directly identify the User browsing the website. For more information on the Google Analytics privacy policy, click here. To deactivate Google Analytics, click here. The user can express his/her preferences on cookies also through the settings of the browser used. By default, almost all browsers are set to automatically accept cookies, but users can change the default configuration through the settings of the browser they use, which allow users to cancel/remove all or some cookies, block the sending of cookies or limit them to certain sites. Disabling / blocking cookies or deleting them could cause some areas of the website to not function optimally or prevent some features from working. The configuration of cookie management depends on the browser used. Below are the main browsers’ instructions and links to the guides for managing cookies: Google Chrome: click on the icon with the three dots at the top right and then on “Settings”. Select “Advanced” and in the “Privacy and security” section click on “Site Settings”. Adjust the cookie settings by selecting “Cookies and site data”. Click here for more information. Mozilla Firefox: click on the icon with the three horizontal bars at the top right and select “Options”. In the window, select “Privacy and security” to adjust cookie settings. Click here for more information. Microsoft Edge: click on the icon with the three horizontal dots at the top right and select “Settings”. In the window, select “Privacy and security” to adjust cookie settings. Click here for more information. Microsoft Internet Explorer: click on the gear icon at the top right and select “Internet Options”. In the window, select “Privacy”, “Advanced” and adjust the cookie settings. Click here for more information. Apple Safari: select “Preferences” and then “Privacy” to adjust cookie settings. Click here for more information. Opera: select the icon with the three horizontal bars at the top right and then select “Advanced”. Select “Privacy & Security” and then “Site Settings”. From the “Cookies and site data” section, adjust the cookie settings. Click here for more information. For browsers other than those listed above, read the relevant guide to identify how to manage cookies. |