Who we are
Our website address is: https://www.providence-mayer.com.
Your personal data shall be processed in compliance with the EU General Data Protection Regulation no. 679/2016 (“GDPR”), in force since May 25, 2018.
Privacy notice given pursuant to Article 13, GDPR
This Privacy Note is addressed to the data subjects that, in various capacities, have had or have professional, trading or business relationships with one or more of the Switzerland, or foreign, entities of the Providence & Mayer.
Examples: data subjects acting in their own name or as contacts of legal entities qualified as (current or prospective) clients of the Providence & Mayer, who attended a training event or another initiative organised by Providence & Mayer.
SERVIZI AZIENDALI PROVIDENCE & MAYER, with registered office in Lugano, Str. Alberto Giacometti n.1, represented by its pro-tempore legal representative, is a company providing administrative, accounting and organisational services to the Switzerland entities belonging to the Providence & Mayer.
In this context, Providence & Mayer is the joint controller of the personal data the controller of which is originally each of the above-mentioned Switzerland entities, with which it has executed specific and separate joint control agreements pursuant to Article 26 of GDPR2 , the key content of which is available on demand at the premises of P&M or of the relevant legal entity of the P&M involved as the original controller.
In consideration of the above, in parallel with (or in addition to) the privacy notice you have already received from the Joint Controller (which in any case, you can consult at: Privacy Information), P&M, in turn, hereby provides the information required by Article 13 of GDPR (the “Privacy Notice”).
(a) Contact details of the Controller
SERVIZI AZIENDALI PROVIDENCE & MAYER.
Str. Alberto Giacometti n.1
6900, Lugano – Switzerland
CHE: 405.341.999
Tel. +41 22 575 34 37
(b) Contact details of the data protection officer
Data Protection Officer (“DPO”)
Str. Alberto Giacometti n.1
6900, Lugano – Switzerland
CHE: 405.341.999
Tel. +41 22 575 34 37
e-mail: office@providence-mayer.com
(c) Purposes of the processing of personal data and legal grounds
Your personal data shall be processed:
(c.1) without your consent, by the Controller, as well as the Joint Controller, for the following purposes:
(i) Complying with specific pre-contractual or contractual obligations undertaken by us to you and/or to the legal entity for which you work (Article 6, letter b, GDPR);
(ii) Complying with national or EU laws and regulations, or executing orders or instructions given to the Controller and/or the Joint Controller by judicial authorities, oversight authorities or professional bodies (Article 6, letter c, GDPR);
(iii) Exercising the rights of the Controller and/or the Joint Controller, specifically defending themselves in court proceedings (Article 6, letter f, GDPR).
Based on the legitimate interests of the Joint Controllers (and of the other Switzerland and foreign legal entities of the Providence & Mayer) to establish and maintain beneficial and optimal professional relationships with current and prospective clients (Article 6, letter f, GDPR), your personal data shall be processed by the Controller and/or by the Joint Controller for the following purposes:
(iv) Inviting you to events, meetings, workshops, roundtables, congresses (including professional training), identified as of specific interest to you, organised and managed by the Controller, by the Joint Controller and/or one or more of the other Switzerland entities of the Providence & Mayer, independently or in cooperation with other entities identified from time to time in the invitations (brochures and/or presentations) that will be previously mailed or delivered to you to allow you to register for the event (hereinafter, respectively, the “Event(s)” and the “Partner(s) in the Event”); executing complementary activities following your registration for the Event, such as, for example, activities related to the organisation and management of the Event itself; if you attend, using your personal images that may have been collected in the course of the Event for possible publication on different (paper, tape and/or digital) supports, or through other means of communication or media, including websites, portals and social networks present on the internet;
(v) Sending you newsletters, publications, studies, survey results, survey results, market analyses or analyses of specific industries or businesses, and any other type of professional information material, identified as of specific interest to you, prepared or published by the Controller, by the Joint Controller and/or one or more of the Switzerland (and, in certain circumstances, foreign) entities of the Providence & Mayer, independently or in cooperation with other entities identified from time to time in the specific document (hereinafter, the “Publications” and “Publication Partners”, respectively);
Moreover, also on the basis of the legitimate interests of the Joint Controllers and of the other Switzerland and foreign entities of the Providence & Mayer, your personal data shall be processed without your consent by the Switzerland and foreign Providence & Mayer entities for the following purposes:
(vi) Carrying out customer relationship management, consisting mainly in tracing and managing the relationships and interactions that Switzerland and foreign legal entities of the Providence & Mayer, through the professionals belonging to it, develop with the ‘contacts’ of current and prospective clients, and any other persons/entities with whom/which Providence & Mayer professionals have developed business relationships, for the purpose of understanding their needs and expectations, improving services offered, developing new services based on the market’s requirements, as well as growing the business. For those purposes the personal information of ‘contacts’, including your personal information, will be entered into special data bases owned by or available to the Controllers and will thus be made accessible to the other Switzerland and foreign entities of the Providence & Mayer. Where specific obligations of confidentiality or professional secrecy exist, as well as when there are particular reasons of expediency, your personal information will be made available, depending on the circumstances, solely to professionals of the Switzerland legal entities of the Providence & Mayer (excluding foreign entities), or solely to the Controllers, i.e. solely to the members of the team of the Joint Controller assigned to the specific professional engagement. In any case, it is agreed that you may be contacted, for customer relationship management purposes, only through the professionals who operate within the Switzerland legal entity (Controller or Joint Controller) with which you have established the main relationship;
(vii) Complying with the policies and procedures adopted by the Controllers and/or by other Switzerland and foreign legal entities by virtue of their belonging to the Providence & Mayer, also designed suitably to manage shared verification processes preliminary to the acceptance and correct performance of possible assignments and quality control processes as well as specific cooperation relationships between legal entities belonging to the Network.
(c.2) with your consent (Article 6, letter a, GDPR), for the following purposes:
(i) Inviting you to take part in surveys or to complete questionnaires (also relating to customer satisfaction) in the interests or for the benefit of the Controller, the Joint Controller and/or one or more of the other Switzerland entities of the Providence & Mayer and conducting other activities consisting in the direct promotion of specific professional services by one or more of such entities;
(ii) Allowing one or more of the foreign entities of the Providence & Mayer to conduct the same activities listed above in item (i) of paragraph (c.2) and in items (iv) and (v) of paragraph (c.1).
Consent to the use of the data for the purposes listed in paragraph (c.2) above is optional, therefore you may decide not to give your consent, or to withdraw it at any time, using the following link.
(d) Categories of personal data processed
For the purposes of processing listed in paragraph (c) above, only ‘common’ personal data shall be processed, such as for instance: given name and family name, fiscal code, VAT registration number, residence, domicile, place of work, email or certified email address, telephone and telefax number, employer, company role and/or grade, etc..
(e) Categories of recipients of the personal data
For the purposes of processing listed in paragraph (c.1) above, access to the personal data that you provide may be given to:
1. Employees and freelancers of the Joint Controllers, in their capacity as persons entrusted with processing the data (“Persons authorised to process the personal data”);
2. Judicial or supervisory authorities, public sector (domestic and foreign) administrations, bodies and organisations, and professional bodies;
3. Professionals and advisors, also not belonging to the Providence & Mayer, engaged by the Controller and/or by the Joint Controller to carry out activities related to the administrative management of the relevant corporate structure, the management of professional engagements or defence in court proceedings;
4. Employees and freelancers of other Switzerland and foreign3 entities of the Providence & Mayer in relation to customer relationship management, or to comply with shared policies and procedures, as mentioned in paragraph (c.1), items (vi) and (vii);
5. Partner(s) in the Event or Publication Partners (as defined above), as well as third party outsourcers of activities for the benefit of the Controller and/or of the Joint Controller, including any subjects engaged to provide services necessary for organising the Events or transmitting the Publications, in their capacity as data processors.
For the purposes of processing listed in paragraph (c.2) above, access to the personal data that you provide may be given to:
1. If you consent to the use of your personal data in connection with paragraph (c.2), item (i), your personal information may be processed, for the purposes listed therein, by employees and freelancers of the Joint Controllers and/or of other Switzerland entities of the Providence & Mayer, in their capacity as persons entrusted with processing the data (“Persons authorised to process the personal data”);
2. If you consent to the use of your personal data in connection with paragraph (c.2), item (ii), your personal information may be processed, for the purposes listed in paragraph (c.2), item (i), and in paragraph (c.1), items (iv) and (v) of this Privacy Notice, also by foreign3 legal entities of the Providence & Mayer.
(f) Storage and transfer abroad of personal data
Personal data are managed and stored in the cloud and on servers located within and outside the European Union that are owned by and/or available to the Joint Controllers and/or third parties duly appointed as data processors.
Personal data may be transferred abroad to countries outside the EU in accordance with the provisions of Chapter V of GDPR (Article 46), through the adoption of standard clauses drawn up on the basis of Decisions 2004/915/EC and 2010/87/EU of the European Commission.
Your personal data shall not be disseminated except as specified in paragraph (c.1), item (vi).
(g) Period of storage of personal data
The personal data collected for the purposes listed in paragraph (c.1) above shall be processed and stored for the following lengths of time:
(i) In connection with complying with specific pre-contractual or contractual obligations to you by the Controller and/or by the Joint Controller: for a period of 10 years, increased by 12 months;
(ii) In connection with complying with national or EU laws and regulations, or the execution of orders or instructions from judicial or supervisory authorities, or professional bodies, as well as to enable the Controller and/or the Joint Controller to exercise its/their rights, specifically defending itself/themselves in court proceedings: for the statutory time limit established by the specific legislation applicable in the circumstances, increased by 12 months;
(iii) In connection with inviting you to Events, meetings, workshops, roundtables, congresses: for a period of 2 years after the organisation of the Event or other activities;
(iv) In connection with sending you newsletters, publications, studies, survey results, survey results, market analyses or analyses of specific industries or businesses, and any other type of professional information material: for no longer than 2 years after the last mailing date;
(v) In connection with customer relationship management: for a period of 6 months after the last interaction (e.g. exchange of e-mails, telephone call or meeting) attesting that an active relationship with the data subject is in place;
(vi) In connection with complying with the policies and procedures adopted by virtue of belonging to the Providence & Mayer: for a period of 3 years after compliance with the requirements set out in those documents.
In connection with data processing for the purpose of the activities described in paragraph (c.2), such as inviting you to take part in surveys or to complete questionnaires as well as conducting other activities consisting in the direct promotion of specific professional services: your personal data shall be stored for no longer than 2 years from the date of your consent.
(h) Rights of the data subject:
● Right of access – The right to obtain confirmation as to whether or not personal data concerning yourself are being processed and, where that is the case, to obtain information, in particular about: the purposes of the processing, the categories of personal data processed and the period of storage, the recipients to whom the personal data may be disclosed (Article 15 of GDPR);
● Right to rectification – The right to obtain, without undue delay, the rectification of inaccurate personal data concerning yourself and to have incomplete personal data completed (Article 16 of GDPR);
● Right to erasure – The right to obtain, without undue delay, the erasure of your personal data, in the circumstances envisaged by GDPR (Article 17 of GDPR);
● Right to restriction of processing – The right to obtain from the Joint Controllers the restriction of processing in the circumstances envisaged by GDPR (Article 18 of GDPR);
● Right to data portability – The right to receive the personal data concerning yourself which you have provided to the Controller or the Joint Controller in a structured, commonly used and machine-readable format, and to have those data transmitted to another controller without hindrance, in the circumstances envisaged by GDPR (Article 20 of GDPR);
● Right to object – The right to object to processing of personal data concerning yourself, unless legitimate grounds for the Controller or the Joint Controller continuing the processing exist (Article 21 of GDPR);
● Right to file a complaint with the Authority – The right to file a complaint with the Switzerland data protection authority.
You may exercise the above rights simply by sending an e-mail to the address of the Data Protection Officer reported above, as well as by using the additional IT systems, adopted by the Joint Controllers and indicated in the cover letters related to the Privacy Notice, which will allow you to independently modify or revoke the consents previously expressed and, where possible, to re-evaluate your preferences regarding the data processing carried out by the Joint Controllers (e.g. mail-in and preference centers managed on IT platforms).
(i) Method of processing
Processing of your personal data takes place through the operations listed in Article 4, item (2) of GDPR – whether or not with the help of information systems – specifically: collection, recording, organisation, structuring, updating, storage, adaptation or alteration, retrieval and analysis, consultation, use, disclosure by transmission, comparison, interconnection, restriction, erasure or destruction.
In any case, the logic security and physical safety and, in general, the confidentiality of the personal data processed shall be ensured, through all necessary, appropriate technical and organizational measures.
