Privacy Notice

Privacy Notice

Information document on the processing of personal data

In accordance with Federal Data Protection Act (LPD) and the UE General Data Protection Regulation no. 2016/679 (hereinafter “GDPR”); nel seguito anche “GDPR”), if applicable, we provide you with the necessary information regarding the processing of the personal data provided browsing this website. The information is not to be considered valid for other websites (for example, other websites that can be consulted through links on this page), which is not to be considered in any way responsible for the websites of third parties.

ATTENTION: Terms of applicability of GDPR
Please note that, in accordance with art. 3 cpv. 2 GDPR, the EU GDPR applies to Privacy Desk Suisse SA, as a company established in Switzerland, only for processing of personal data related to:
a) supply of goods and services to EU natural persons; or
b) behavior monitoring of EU natural persons.
References to the GDPR are intended only for persons to whom the GDPR confers rights. In no case should these references be understood as voluntary subjection to GDPR by Swiss Privacy Desk AG, since (i) the company intends to actively address exclusively Swiss users and (ii) has given up the implementation of tools for monitoring users behaviour wherever located.

What are the personal data processed? What does processing mean? Who is the data subject?

Personal data: any information concerning a data subject that identifies or makes him/her identifiable. Through the website, Privacy Desk Suisse SA collects various personal data, including but not limited to: name, surname, e-mail address, telephone number, IP address.

Processing is any operation or set of operations, performed with or without the aid of automated processes, applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, deletion or destruction.

Data subject is the identified or identifiable natural person. By way of example (not exhaustive), the interested party is the user who navigates on the platform and sends, through the platform, a request for information.

Who is the Data Controller? How to contact him?

DATA CONTROLLER, in accordance with LPD and pursuant to art. 4 and 24 of the Regulation (EU) 2016/679, is Privacy Desk Suisse SA, head office in Via Luigi Canonica 11, 6900 Lugano, represented by the persons entitled to sign in accordance with the inscriptions of the Cantonal Register of Commerce (link).

Below the contact details of the controller: e-mail: ││ telephone: +41 (0)91 9210038.

Contact details of Data Protection Advisor (natural person in charge for monitoring the privacy matters and or activities carried out by Privacy Desk Suisse Sa)

Below the contact of the Data Protection Advisor of Privacy Desk Suisse SA:

Why does Privacy Desk Suisse SA process your data? What basis does the owner have for processing your data?

Purpose of the processing
a) website browsing
Grounds of justification (LPD)│ Legal basis (GDPR)
Primary interest of the Data Controller – Legitimate Interest

Article 13 cpv. 1 and 2 LPD. Art. 6 par. 1 lett. f) GDPR: Activities strictly necessary for the operation of the site and the provision of navigation service on the platform. The computer systems acquires, performing their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This type of data includes IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment.

Purpose of the processing
b) answer to the information request sent by fill-in the CONTACT FORM


Personal data collected will be name, surname, e-mail address and company name (optional). The request will be forwarded to one of our operators who will contact you with one of our consultants.


Personal data collected will be name, surname, e-mail address, telephone number and company name (optional). The request will be forwarded to one of our operators who will contact you with one of our consultants.


Personal data collected will be name, surname, e-mail address, telephone number and company name (optional). You’ll receive, on your e-mail address, an access link to the Swiss anonymized platform called Meet, platform powered by Infomaniak NETWORK SA. Through the link you can access the meeting with the consultant without the need to download the platform/ system. The activation of the webcam is optional. Communications are encrypted. The supplier stores the personal data in data center located exclusively in Switzerland.

Grounds of justification (LPD)│ Legal basis (GDPR)

Implementation of pre-contractual measures (request of the data subject)
Art. 13 cpv. 1 – 2 LPD
Art. 6 par. 1 lett. b) GDPR: the interest of the Data Controller is carrying out the user/customer/prospect requests.
Purpose of the processing
c) Data Controller direct marketing, newsletters, market research or other sample survey and direct sales to receive (by automated means such as e-mail or SMS or other means, as well as by phone calls through operator and paper mail) information material, for the detection of the degree of satisfaction, promotional, commercial and advertising material or concerning events, initiatives, courses promoted by the Data Controller.
Grounds of justification (LPD)│ Legal basis (GDPR)
Artt. 4 cpv. 5 e 13 LPD
Art. 6 par. 1 lett. a) GDPR

To whom will the data be communicated?

The personal data provided will be communicated to subjects who will process personal data as data processor (Art. 10a LPD | Art. 28 GDPR), as persons acting under the authority of the Data Controller or of the Data Processor (art. 29 GDPR)
in order to follow up on the purposes of the processing indicated above.
Specifically, personal data will be communicated to recipients belonging to the following categories:
a) subjects that provide services for the management of the information system used by Privacy Desk Suisse SA and of the telecommunications networks (including e-mail);
b) subjects supporting the Data Controller in the management of web platforms;
c) studies or companies in the context of assistance and consultancy relationships;
d) competent authorities to fulfil legal obligations and/or provisions of public bodies, upon request;
e) companies that provide services for sending newsletters.
The list of data processors is constantly updated and available at the headquarters of the Data Controller.

Reception of data from abroad Communication of data abroad

Privacy Desk Suisse SA is a company with registered office in Switzerland, State whose legal system is considered adequate (adequacy decision of the Commission of the European Union (link) since 26 July 2000. Switzerland therefore ensures an adequate level of protection of personal data (Article 45 of the GDPR “transfer on the basis of an adequacy decision”).
Privacy Desk Suisse SA makes use of certified and safe suppliers who (i) are established in Switzerland or (exceptionally) in the European Union and (ii) process personal data in Switzerland or (exceptionally) in the European Union. This excludes communications of personal data to third countries that do not provide adequate data protection in accordance with Swiss and European law, with the exception of communications based on the prior and express consent of the data subject or on his or her express instructions or made pursuant to a legal obligation.

How long are personal data stored?

The processing will be carried out automatically and/or manually, with methods and tools aimed at ensuring maximum security and confidentiality, by trained persons.
In accordance with art. 4 paragraph 2 LPD and art. 5 paragraph 1 letter e) GDPR, the personal data collected will be stored in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed.
The data will be stored:
a) browsing website: for the duration of navigation session;
b) contact request: maximum 1 year;
c) marketing: 5 years;
d) newsletter: until withdrawal of consent.

Is the provision of personal data mandatory? Or is it necessary? Or is it optional?

The provision of browsing data for purpose a) is compulsory to browse the website. The provision of name, surname, e-mail address, telephone number is necessary to send a request information by fill-in the CONTACT form (purpose b). The provision of the company name is optional.
Failure to provide name, surname, e-mail address and telephone number will result the impossibility to send the request. Failure to provide the company name won’t have negative consequences or prejudice the sending of the contact request. Data provided for purpose b) will be used for purpose c), for direct marketing, exclusively with your prior consent as indicate in the above mentioned purpose. Failure to provide data for purpose c) will result in the impossibility of receiving marketing communications from the Data Controller.

What are your rights? How can you exercise them?

You will be able to exercise your rights as expressed in Articles. 5 cpv. 2, 8, 12 cpv. 2 lett. b. e 15 LPD │ Articles 15 e ss. GDPR, if applicable, addressing to Data controller at the following email or the Data Protection Advisor at the following email
You have the right, at any time, to obtain access to personal data and the rectification or erasure personal data, or the restriction of processing that concerns them. Furthermore, you have the right to object, at any time, to the processing of their data and, the right to the portability of your data.
Without prejudice to any other administrative and judicial appeal, if you believe that the processing of your personal data violates what LPD and GDPR provides, you have the right to lodge a complaint with the competent supervisory authority for the protection of personal data (Switzerland:
 IFPD│ Italy: Garante).
In case of portability request the Data Controller will provide you with your personal data in a structured, commonly used and machine-readable format, without prejudice to
paragraph 3 e 4 of Article 20 GDPR.

To stop receiving automated direct marketing communications (e.g. e-mails), simply write an e-mail at any time to with the subject line “unsubscribe from automated marketing” or use our automated unsubscribe systems for e-mails. To stop receiving traditional direct marketing communications (e.g. operator calls), simply write an e-mail at any time to with the subject line “unsubscribe from traditional marketing”.

Privacy information modification | effective data

Data controller has the right to change, update, add or remove portions of this privacy policy at its sole discretion and at any time. Therefore, before using the Site or related resources (e-mail, telephone, social account, etc.), it is your responsibility to verify the content of the current information. In order to facilitate such verification, this policy will contain an indication of the date of update.

Update and effective data: June 17, 2020