Since the General Data Protection Regulation came into force on 25 May 2018 (known as “GDPR” or Regulation 2016/679 – hereinafter the “GDPR”), the European Union has strengthened the rights of individuals resident in the EU in relation to the processing of their personal data. There is currently a broad review of the Ordinance on the federal data protection legislation underway in Switzerland whose full review process was completed at the end of 2020, which is expected to afford data subjects the same rights as GDPR to customers residing in Switzerland.
The new Swiss Data Protection Law and the Swiss Data Protection Law decree are expected to come into force at the end of 2022, start of 2023.
Should the GDPR apply to G&G Production SAGL by virtue of the non-European Union provisions set forth therein, it should be borne in mind that G&G Production SAGL is at all times required to comply with federal law, specifically, but not solely, the Swiss Data Protection Law.
In order to provide our services, we need to obtain some personal data from our customers. This privacy statement – which is provided under Article 13 of GDPR – is aimed at providing you with all the necessary information that protects customer and website user rights.
- Who we are
- Which data we collect and why
- Your rights
- Safety measures (how we protect your data)
- Data retention periods
- Transferring your data to third parties and abroad
- Cookies, analysis and tracing systems, social media plug ins, external links
- General provisions
- Changes to this privacy statement
- Amendments to this privacy statement
A. Who we are
G&G Production SAGL, Via B. Fontana, 8, 6830 – Chiasso (CH), hereinafter referred to as the “Company”, is responsible for managing the website lolivolugano.ch. The Company acts as controller for the processing of personal data via those websites.
B. Which data we collect and why
We need to collect personal data from our Customers and from website users in order to provide our services.
Part of that data is automatically transmitted by the device you use when connecting with our website. If you would like to block that automatic transfer, then you need to disable the transfer of personal data via your browser.
Other data is provided directly by Customers in order to receive information, newsletters or other communications relating to our services, proposals or offers available on the website.
- Data collected via our server when you access our website:
- Date and time of access;
- IP number for your computer;
- The browser you are using via your device;
- The country connecting with our server and information on language, screen, position, etc.;
- Your operating system;
- Your Internet service provider.
- Data that you provide when booking a table using a third-party service (ResDiary) embedded in our website:
- Name and surname;
- E-mail address;
- Telephone number;
- Data processing must be lawful and this implies that it is underpinned by the Data Controller’s right to process the data in question. This right may be exercised with regard to contractual relations (or otherwise in order to perform an agreement between the parties, the Data Controller requires the client’s personal data), or otherwise with regard to a legal obligation (in certain areas, the Data Controller is legally required to obtain certain data, for example for tax purposes) or it may be based on the Data Controller’s legitimate interest. Lastly, data processing may be carried out subject to consent granted by the data subject (see C. below). In our case, except for marketing and advertising campaign communications by means of which we inform our clients of the objects available at any one time, all the other personal data collected is needed primarily for discharging our contractual obligations and hence it is not necessary for the Data Controller to obtain the client’s consent, which is implicit.
- The GDPR defines consent as: “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her“.
Domestic data protection law will specify that: “consent is valid if given freely and unequivocally after being duly informed. Express consent is required for the processing of personal data that requires special protection or for profiling“.
Consent must always be granted expressly with respect to particularly sensitive personal data, such as for example data regarding religious beliefs, ethnicity, political affiliations, etc. Our Company does not collect this type of information given that it is not needed in order to provide our services.
For less sensitive data, consent may be granted freely by any means, for example via mere confirmation, or it can be assumed to have been granted if the data in question is mandatory for the provision of our services. In that case, your request for services from our Company will imply that you agree with the Company using your data in order to provide you with the requested service (for example, payment details, delivery address, etc.).
Other data is required for marketing purposes and is expressly collected for that purpose. Please note that you can deny your consent to data processing for that purpose and you may simply withdraw your consent if you had granted it in the past.
- In so far as our data processing is based solely on consent, should you withdraw your consent, all data processing operations shall be terminated. Bearing in mind that the only data processing operations performed by us on this basis relate to web marketing, in the event that you withdraw your consent to data processing, with immediate effect, all information relating to the mailing list and any personalized choices etc shall be permanently removed from our systems.
- Our personnel is available if you have any doubts or queries regarding the processing of personal data. See Section D below if you wish to make a request.
D. Your rights
If the GDPR applies, you have the right to request that your data is:
- updated, rectified or (in the event data is incomplete) integrated;
- erased, if:
- your data is no longer required for the purpose for which it was collected or processed;
- You have withdrawn your consent or objected to processing;
- Your data was processed unlawfully or has to be erased to comply with law;
- Limited in terms of processing, if:
- Your data is inaccurate or processed unlawfully or if you have objected to its processing;
- Even if the Company no longer needs it for processing, it is necessary for the Company to protect your statutory rights;
- Transferred to another controller (“right to portability”), if the processing is on a consent basis and processed automatically.
We note that in accordance with tax and administrative requirements, the Company must retain part of your personal data; please see the section “Data retention periods” below for more information.
In accordance with applicable law, you are entitled to contact the competent authorities (in Switzerland the Federal Data Protection and Information Commissioner and in other countries, the national Data Protection Authorities).
E. Safety measures (how we protect your data)
The Company implements appropriate technical and organizational measures to protect your personal data from unauthorized processing and data loss. The technical systems are maintained adequately taking into account the constant developments in technology.
In order to avoid unlawful processing or data loss, we advise our customers and our users to use updated systems and not to share sensitive information with third parties, such as credit card details, usernames or passwords.
In order to guarantee a high quality service, excellent products and the discretion that we are known for, the Company has strengthened its corporate policies so that your personal data is accessible solely by the personnel effectively needed to process your requests.
F. Data retention periods
Customer personal data is processed and retained in accordance with the principle of the time strictly required to provide the services requested by the Customer (contractual basis) or in accordance with law (legal basis). In particular, the data is stored for the entire duration of the contractual relationship between the Customer and the Company for accounting and legal purposes (for example, in the event of litigation brought by or against the Company). In any event, in the event the Company no longer has legal grounds for storing the data, they will be anonymized or respectively erased.
G. Transfer of your data to third parties and abroad
- In order to provide the services, in some circumstances the Company has to provide your personal data to third parties (outsourcing), in particular in relation to the management of the website, sending out newsletters and for profiling or marketing purposes. Moreover, the data must be sent to our partners with respect to leased and sold items.
- In general, the Company mainly carries out its business in Switzerland and Europe. The information is therefore exchanged with partners subject to GDPR, the FADP and guarantee the protection of personal data.
- Under the GDPR, users resident in Europe are guaranteed the protection of their personal data as the GDPR applies outside resident states.
- With respect to the communication of personal data in the United States of America, note that the transfer is managed in accordance with GDPR provisions and FADP respectively. We wish to inform Customers that the United States of America, as with other countries in the world, do not offer adequate protection of personal data.
In order to offer sufficient protection, recipients of the data must be obliged either by contract or by specific programmes (such as privacy shield) to offer an adequate protection of personal data.
CDL SWISS has contracts in place with US partners aimed at protecting personal data and complying with GDPR requirements. If in order to perform a contract with you, we need to send your data to the US, we will ask you for your express consent and if you deny said consent, we will not be able to perform the request and/or the contract.
- In any event, only the personal data that is strictly required to provide the requested services is processed.
H. Cookies, analysis and tracing systems, social media plug ins, external links and the use of videos on YouTube
- Cookies are small bundles of data, a kind of ID tag, which your device exchanges with our server when you surf our website. The information stored in cookies makes it easier and more efficient to use the website. Cookies are saved automatically on your device via your internet browser and make it possible to trace your choices and your settings, so that each time you visit the website again in the future, the experience is more efficient. Your browser settings control cookies and can even be set to block them. You can also partially or totally delete cookies and be informed when a system is trying to exchange cookies. Please note that your navigation experience will be adversely affected without cookies and some services might not work properly or not at all.
- Our website has a tracing system, which allows us to collect all the necessary information for the management and implementation of the website. Cookies are used in this case as well, including for the tracing offered by third parties, such as for example Google Analytics (see comprehensive list below).
- In order to allow our Customers a choice in how to stay in contact with the Company, we also communicate via social media. Our website is fitted with plug ins, which allow users to activate communications with their chosen social media. Only then, at the express request of the Customer, will there be an exchange of data to use the relevant social media outlet.
- Our website offers links to external websites that are of help in the provision of our services. The Company does not constantly monitor said websites, hence we invite you to read their terms and conditions relating to personal data protection before using them. The Company will not be held liable for the content of said website or for their implementation of personal data protection. In any event, unless expressly instructed otherwise, the Company shall not provide said websites with personal data.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
|Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the “Advertisement” category .
|This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Analytics”.
|This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category “Necessary”.
|The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
|Set by Google to distinguish users.
|Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website’s performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
Our Company does not collect or process the personal data of minors. However, given that we do not systematically collect personal data other than on the terms set out in this privacy statement and in accordance with law, we are not able to identify for example, the effective age of website visitors. If you believe that a minor in your care has provided us with their personal data without your consent, please inform us without delay in order to avoid that said minor receives our promotional messages, for example. Our personnel will then take the necessary action.
L. General provisions
- Please note that the transmission of communications, documents and other information via e-mail is considered to be less reliable, safe and confidential than via letter or fax. We use modern technology to combat viruses and spam. We however recommend that customers use adequate antivirus protection and we cannot be held liable for any damage incurred via e-mail or the loss of e-mails. We reserve the right to reject e-mails with potentially dangerous attachments.
M. Amendments to this privacy statement
The Company is entitled to update this privacy statement in order to provide adequate protection and compliance with law. For that reason, in particular in the event of changes to legislations, this privacy statement may be subject to review and amended.
Please do not hesitate to contact us if you have any doubts or queries regarding the scope of this privacy statement.
N. Misunderstanding and discrepancies in interpretation
In the event of any miscomprehension or discrepancy between the Italian version of this privacy statement and versions in other languages, the Italian version shall prevail.
Revised August 2022