Privacy Policy on Personal Data Processing
INTRODUCTION
This privacy policy on personal data processing (“Policy”) complies with the provisions of the New Federal Data Protection Act (“nFDPA”). This Policy provides adequate and transparent information about the processing of user data carried out by the Data Controller (defined below) who, specifically, communicates with us through our website or, in any way, interacts with us.
DEFINITIONS:
Data subject: the natural person whose personal data is being processed;
Personal data: all information concerning an identified or identifiable natural person;
Personal data requiring special protection:
(i) data concerning religious, philosophical, political or trade union opinions or activities;
(ii) data concerning health, intimate sphere or “racial or ethnic” origin,
(iii) genetic data,
(iv) biometric data that uniquely identifies a natural person,
(v) data concerning administrative and criminal prosecutions and sanctions,
(vi) data concerning social welfare measures.
Processing: any operation relating to personal data, regardless of the means and procedures used, particularly the collection, recording, storage, “use, modification, disclosure,” archiving, deletion or making them accessible;
Disclosure: the transmission of personal data or making them accessible;
Data Controller: the private entity that, individually or jointly with others, determines the purpose and means of processing;
Data Processor: the private entity that processes personal data on behalf of the Data Controller.
DATA CONTROLLER:
The entity that processes the personal data of users (or also “Data subject”) is SwissXpat, Viale Franscini 16 – 6900 Lugano TI.
The Data Controller operates the website swissxpat.ch (“Website”).
The contact details of the Data Controller are as follows:
SECURITY OF PERSONAL DATA
The Data Controller undertakes to adopt appropriate technical and organizational security measures in accordance with its legal and contractual obligations to protect the Personal Data of the Data subject. As Data Controller, we commit to regularly monitor the security measures implemented in order to keep them up to date with changing times and evolving technology. However, transmitting information through an open network such as the Internet or other electronic communication means carries certain security risks, and it is not possible to absolutely guarantee the security of information transmitted in this way; in other words, “zero risk” cannot be ensured.
PURPOSE OF PROCESSING AND CATEGORIES OF PERSONAL DATA
The user’s Personal Data, communicated by the user through the forms on the Website and through various and common means of communication, are processed for the purpose of responding to information requests from the Data subject regarding products and services.
The data processed may include the following: (i) first and last name, (ii) address, (iii) email address, (iv) phone number, (v) nationality. The Data Controller retains the user’s data until the purpose of the processing is achieved or can no longer be achieved, subject to the rights of the Data subject mentioned below.
COOKIES AND BROWSING DATA
This website uses cookies to improve “users’ browsing experience. Cookies are minimal text files that, installed on our Site, are stored for subsequent visits and allow us to obtain information about” activities that “users perform on a specific webpage, profiling of” users, “traffic analysis on the Site;” offering personalized advertising or content based on “user preferences.” Users can consent to our use of all installed cookies via the “accept all” button, as well as refuse via the “deny” button or choose consent preferences through the “View preferences” button.
More information is provided in the cookie management panel.
GOOGLE ANALYTICS (GOOGLE INC.)
Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses the Personal Data collected to track and examine the use of this Application, compile reports and share them with other services developed by Google.
Google may use Personal Data to contextualize and personalize ads in its advertising network.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA
– Privacy Policy: https://policies.google.com/privacy?hl=it
– Opt Out: https://tools.google.com/dlpage/gaoptout?hl=it
GOOGLE MAPS WIDGET (GOOGLE INC.)
Google Maps is a map visualization service managed by Google Inc. that allows this Application to integrate such content within its pages.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA
– Privacy Policy: https://policies.google.com/privacy?hl=it&gl=it
CATEGORIES OF PROCESSING RECIPIENTS
To achieve the processing purposes mentioned above, the Data Controller may transmit the user’s personal data to certain categories of processing recipients, which can be listed as follows:
– Business Partners
– Legal entities responsible for consulting and managing the Website;
– Entities that provide telecommunications services (including email service)
– The competent authorities to whom data must be transmitted by virtue of legal and contractual obligations.
INTERNATIONAL DATA TRANSFER
In principle, the Personal Data of the data subject is processed by the Data Controller and its auxiliaries, respectively by the aforementioned processing recipients.
However, “user data may be transferred abroad, where necessary depending on the purpose of the processing, after verification by the Data Controller of the existence of an adequate protection regime in the country of communication (with reference to” Annex 1 of “the Federal Ordinance on Data Protection). The Data Controller undertakes to regularly verify the content of the aforementioned Annex.
Regarding countries that are not considered suitable to offer a protection regime adequate to the FDPA, the Data Controller undertakes to take reasonable measures to ensure the security of personal data.”“”
RIGHTS OF THE DATA SUBJECT
The Data subject is guaranteed the following rights (non-exhaustive list), which can be exercised at any time by making a request in writing to the contact details of the Data Controller indicated above:
– You can at any time and free of charge be informed about your personal data that we are processing, as well as receive from us, in a readable format, the personal data provided.
– If we process incomplete or inaccurate personal data about you, you can have it rectified at any time and possibly be informed about the rectification process. If it does not involve disproportionate effort, recipients will also be informed of the rectification of personal data.
– You have the right to request the Data Controller to delete the personal data processed, as well as to request its limitation to what is necessary for the purpose of processing.
We undertake to respond to any request from the Data subject without delay but, in any case, within a period of 30 days from the receipt of any documentation necessary for the completion of such request.
CURRENT VERSION, CHANGES AND UPDATES
In order to ensure that our Policy is always in compliance with current legal provisions, we reserve the right to make changes at any time.
Last update: July 11, 2025
