The registered office of Loris Kessel Auto AG is located in Switzerland and is therefore primarily subject to the New Federal Data Protection Act (nFADP) in the processing of personal data, in particular of persons residing in Switzerland. Furthermore, the EU General Data Protection Regulation (GDPR) as a legal basis for the processing of personal data of EU citizens.
In this regard Loris Kessel Auto SA is required to process your personal data collected automatically, or provided by you, through navigation and/or use of the website: www.kessel.ch (hereinafter “Website”)
1. DATA CONTROLLER
The Data Controller is Loris Kessel Auto SA, with registered office in Via Grancia 4, 6916 Grancia (hereinafter "Data Controller").
2. DEFINITION AND TYPE OF PERSONAL DATA PROCESSED
To allow you to use the Website and its services, the Data Controller needs to know and process some of your personal data.
By personal data we mean any information that identifies or makes identifiable, directly or indirectly, any individual, such as name, contact details, IP addresses.
The personal data that is processed in order to respond to requests for information via the contact form are as follows:
The personal data processed for the purpose of subscribing to the newsletter and to be constantly informed about the activities of Loris Kessel Auto SA and to receive discounts and promotions is that relating to your e-mail address.
For the simple navigation of the Website, the types of data processed and the related specific information for "cookies" are specified below.
Navigation data
The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected in order to be associated with identified data subjects, but it should be noted that, by its very nature, it could, through processing and association with other data held by the Data Controller or by third parties, enable users to be identified.
This category of data includes:
This data may be used by the Data Controller for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct operation. Furthermore, the data could also be used, in agreement with the judicial authorities, to ascertain liability in the event of hypothetical cybercrimes against the Data Controller. Apart from this, please note that data on contacts to the website are not stored on the servers for more than seven days.
Data provided voluntarily by the user
No provision of personal data by the user is required in order to consult the website.
The optional, explicit and voluntary sending of messages, by electronic or traditional mail, to the addresses indicated on the website entails the subsequent acquisition of the sender's e-mail address, or even postal address, or the relevant telephone number, necessary to reply to requests, as well as any other personal data included in the relevant communications.
This data will be used for the sole purpose of processing your request and may only be disclosed to third parties if this is necessary for that purpose.
For the processing of data for these purposes, your consent is not required since the processing is necessary for the performance of a contract to which you are a party or the execution of pre-contractual measures taken at your request, as well as, where applicable, to fulfil a legal obligation.
This data is kept for the time strictly necessary to provide you with the requested service and is deleted immediately afterwards, subject to further retention obligations provided for by you’re your data will not be distributed.
Cookie Policy
The following are the types of cookies used by this Website, to understand how personal data will be processed by means of this kind of technology.
Technical cookies
This Website uses so-called "technical cookies", which are small text files containing a certain amount of information exchanged between the Website and your terminal (or rather your terminal's browser), which allow for the correct operation and use of the same.
This website use technical cookies which allow its correct operation.
Cookies are not used to transmit information of a personal nature, nor are so-called persistent cookies of any kind used.
Analytical cookies
This Website uses so-called "analytical cookies" that are realised and made available by third parties, or rather, Google Analytics. This is done by mere internal statistical analysis of access, to improve the Website and simplify its use, as well as to monitor its correct functioning. The Data Controller has in any case adopted the most suitable tools to reduce the power of identification of this type of cookie.
Profiling cookies
This site does not use so-called "profiling cookies", as the Data Controller does not intend to create profiles related to the user in order to send advertising messages in line with the preferences expressed by the same as far as navigation on the Internet is concerned.
Third-party cookies
Third parties can also install cookies on your device. We do not control the use of third-party cookies and, therefore, we are not responsible for their use. Third parties have their own privacy information and data collection methods. The information is available at the following links:
Options regarding the use of cookies by the site via browser settings
The provision of all cookies, both first and third-party, can however be deactivated by changing the settings of your browser. It should be noted, however, that intervening in these settings could make the Website unusable in the event that cookies, which are indispensable for the provision of our services, are blocked. Each browser has different settings for deactivating cookies. Links to instructions for the most common browsers can be found here: Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, Opera.
3. PURPOSE OF THE TREATMENT OF DATA AND LEGAL BASIS
The personal data of which the Data Controller is in possession are exclusively those provided during navigation and/or during the forwarding of any requests for information. Therefore, personal data will be processed to:
In consideration of the choice to use the services provided by the Website, the legal basis on which the processing of personal data is based may be:
- express consent, accepting the Cookie Policy and continuing to browse the Website;
- express consent, by subscribing to the Newsletter and accepting this Privacy Policy;
- the need to fulfil a legal obligation, if this is deemed necessary, and to communicate your personal data if we are asked to do so by the competent authorities;
- the legitimate interest in processing personal data to offer the best service; to allow us to respond where a request is submitted; to prevent fraud; to keep the Website, our services and the IT system secure; to ensure that our processes, procedures and systems are always kept efficient.
You can unsubscribe from the newsletter at any time by simply clicking on the appropriate unsubscribe link in each communication you receive.
4. PERIOD OF CONSERVATION OF PERSONAL DATA
Personal data may be processed by both electronic and paper-based means.
The Data Controller intends to keep personal data for a period of time no longer than it is necessary to achieve the purposes for which it was collected and processed. It should be noted that the Data Controller has taken all the necessary security measures to prevent the loss of data, unlawful or incorrect use and unauthorised access.
The contact data on the Website will not be kept for more than seven days, unless these are necessary to verify responsibility in case of hypothetical computer crimes against the Data Controller. Data relating to requests sent that contain personal data are deleted after 6 months from receipt.
As far as any additional personal data are concerned, since the Data Controller cannot accurately determine the period of conservation, from now on the Data Controller undertakes to inspire the processing of personal data in accordance with the principles of adequacy, relevance and minimization of data, as required by the European Regulation and Federal Legislation, and constantly checking the need for their conservation. Therefore, once the purposes for which they were collected and processed are fulfilled, they will be removed from the systems or made completely anonymous.
5. CATEGORIES OF ADDRESSED PERSONS OF DATA
Processed data will not be disclosed to third parties. They can, however, acquire the data, in relation to the aforementioned purposes of treatment:
• individuals that can access data in accordance with the provisions of the law that are provided for by European Union law, or by that of the Member State to which the Data Controller is subjected;
• our employees, provided that they are assigned System Administrators or individuals acting under the authority of the Data Controller or the Data Manager, in accordance with European Regulations;
• individuals that perform, within the borders of the European Union, in complete autonomy, as separate Data Controllers, or as Data Processors appointed for this purpose by the Data Controller, purposes auxiliary to the activities and services referred to in paragraph 3 ., including companies that offer advertising, marketing and communication services, IT and information technology services, the design and creation of websites, companies that offer services which are useful for analysing and developing data and developing and conducting market research.
Any communication of personal data will take place in full compliance with the provisions of the law, which are provided for by the European Regulation and Federal Legislation and the technical and organisational measures prepared by the Data Controller, in order to ensure an adequate level of security.
6. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
The data will mainly be processed within Switzerland, but may also be transferred to other countries within the EU.
Any transfer will always be subject to adequate safeguards, as the country of destination has obtained an adequacy decision of the Commission pursuant to Article 45 of the European Regulation, or the standard contractual clauses provided for in Article 46(2)(c) of the European Regulation have been adopted.
Any transfer of the Data Subject's data to countries outside the European Union will only take place in accordance with adequate safeguards for the purposes of such transfer, i.e. that the Swiss Confederation has confirmed that the non-EU country has an adequate level of data protection or that there are other data protection guarantees in place, such as binding corporate regulations or the signing of EU standard contractual clauses.
7. POSSIBLE AUTOMATED DECISION-MAKING PROCESSES
The Data Controller does not use automated decision-making processes, including the aforementioned profiling referred to in Article 22, paragraphs 1 and 4, of the European Regulation. Therefore, the Data Controller deems it does not have to provide information on the type of logic used, or even the importance and the consequences for the person concerned regarding this type of treatment.
8. RIGHTS OF THE INTERESTED PARTY
The persons to whom the personal data refers have the right, at any time, to obtain confirmation of the existence or non-existence of such data and to be informed of its content, to verify its accuracy or to request that it be supplemented, updated or corrected.
It should also be noted that the Data Subject has the right to:
• revoke consent to processing at any time. It should be noted, however, that the withdrawal of consent does not affect the lawfulness of the treatment based on consent before revocation
• ask the Data Controller to access personal data
• obtain from the data controller the correction and supplementation of personal data deemed inaccurate, including by providing a simple supplementary declaration
• obtain the cancellation of personal data from the Data Controller
• obtain the limitation of the processing of personal data from the Data Controller if one of the hypotheses provided for by the relevant legislation
• receive personal data concerning you in a structured format from the Data Controller, commonly used and readable by automatic devices, as well as the right to transmit such data to another data controller without impediments, as provided for by the relevant legislation
• object at any time, for reasons connected to your particular situation, to the processing of personal data carried out, including profiling
• not be subjected to decisions based solely on automated processing, including profiling, that produce legal consequences that affect you, if you previously did not give explicit consent to, as required by art. 22 of the European Regulation. By way of example and by no means exhaustive, this category includes any form of automated processing of personal data aimed at analysing or predicting aspects concerning consumption and purchase choices, one's economic situation, interests, reliability and behaviour;
• file a complaint to a supervisory authority, if you consider the treatment of data that concern you to be in violation of the European Regulation. The complaint may be lodged in the Member State in which you reside or work, or in the place where the alleged violation occurred
To exercise each of your rights, you can contact the Data Controller, as a legal representative, addressing a communication at the registered office in Via Grancia, 4 6916 Grancia, or by sending an email to privacy@kessel.ch, by providing the following data:
• Name, surname and postal address
• Details of the request
• Photocopy of a valid identity document.
9. CONSENT OF MINORS IN RELATION TO THE INFORMATION SOCIETY SERVICES
To be able to use the services provided through the Website it is necessary to be at least sixteen years of age: consent to the processing of personal data of those who are under 16 years of age is permissible provided that it is exercised by those who exercise parental responsibility.
10. DOWNLOAD INFORMATION
In order to better protect its users, Loris Kessel Auto SA invites you to download the policy and ensure that it is the latest version available.