Data Protection Statement of Tenaci SA of Lugano

Thanking you for your interest in our company, we would like to inform you about how Tenaci SA collects and processes personal data (personal data means any information that identifies or makes identifiable, directly or indirectly, a natural person and that can provide insights into their characteristics, habits, lifestyle, personal relationships, health, financial situation, etc.).
This data protection declaration complies with the Federal Data Protection Act (Bundesdatenschutzgesetz) and the EU General Data Protection Regulation (GDPR). However, the specific application of these laws depends on the specific case.

1. Data Controller and Data Protection Officer

The data controller pursuant to the LPD is the company Tenaci SA in Lugano, with address c/o TENACI SA Piazza Molino Nuovo 6, CH-6900 Lugano . E-mail: info@tenaci.ch, T. +41 (0) 78 805 90 17

2. Personal data, collection and purpose of processing

(1) We collect the data we need primarily from you.

(2) We process different categories of data concerning you as specified below for the purposes also specified below.

• To communicate with you via email and telephone, as well as through social networks or letters.
  For this purpose, we use in particular your personal data (e.g., first and last name) and contact information (e.g., email address, billing address, delivery address).
  We store this data to document our communication with you, to ensure the quality of our services, and to follow up on requests for information.
  We generally communicate with you in relation to other processing purposes, such as providing services or completing a sale.
• For the conclusion, administration and execution of pre-contractual and contractual relationships:
  We enter into various contracts with our commercial and private customers, suppliers, subcontractors, and other parties. To this end, we use, in particular, personal and contact information, as well as data that necessarily arises from the contractual relationship to execute or enforce its performance (e.g., in the context of a purchase, such data may include billing and delivery details; in the context of an employment relationship, such data may include employment-related data such as salary, AHV number, sickness benefit, etc.).
  In the worst case, these reports can lead to legal claims.
• We process data for marketing and relationship management purposes, such as sending our customers and other contractual partners personalized advertising about our products and services, coupons, and information about discount campaigns. This may take the form of newsletters and other regular contact, including through other channels for which we have your contact information, as well as in the context of marketing campaigns (e.g., events, contests, etc.) and following your purchase of our products.
  You may object to such contact at any time or refuse or withdraw your consent to be contacted for marketing purposes.
  To this end, we process in particular personal and contact data, as well as registration data on our website (e.g. username).
• We process data to comply with the law and the directives and recommendations of the authorities.
  This means that we have legal obligations that may arise from Swiss law, but also from foreign regulations to which we are subject, as well as self-regulation, industry standards, instructions, and requests from authorities.
  For example, we process data to process accounting, register an employee with a pension fund, obtain a work permit, and inform our shareholders and other investors.
  For this purpose, we use in particular your personal and contact data, as well as data from contractual relationships.
• We also process your data for market research, to improve our services and business activities, and for product development.
• We may also process your data for security and access control purposes to continuously review and improve the security of our IT infrastructure.
  For these purposes, we process personal data, contract data, registration data, and technical data (e.g., IP addresses), as well as behavioral data (e.g., repeating patterns) and communication data.
  For example, as part of our financial management, we need to monitor our customers' and suppliers' accounts and prevent them from becoming victims of crime and abuse, which may involve analyzing data to identify significant patterns of such activity.
• We may process your data (mainly but not limited to those listed above) for other purposes.
  These other purposes include, for example, administrative purposes (such as managing master data, accounting, and data archiving, as well as the continuous improvement of our IT infrastructure) and the protection of our rights (for example, to assert claims in or out of court, and before authorities in Switzerland and abroad, or to defend ourselves against claims asserted against us, such as by preserving evidence, conducting legal analyses, and participating in judicial or administrative proceedings). These other purposes also include the protection of other legitimate interests that cannot be listed exhaustively and include compliance with legal requirements, unless this is already recognized as a legal basis under applicable data protection legislation.

If we do not ask for consent for processing, the processing of your personal data is based on the necessity of the processing.

3. Data sharing

In connection with corporate management, our contracts, the website, our products and services, our legal obligations, the protection of our legitimate interests, and the other purposes set out above, we may disclose your personal data to third parties, in particular to the following categories of recipients:

Service providers – To provide our products and services efficiently and focus on our core competencies, we engage third-party services in various areas. These services include, for example, IT, information transmission, logistics, marketing, sales, communications, and printing services, facilities management, security and cleaning services, event and reception organization and management, debt collection, credit agencies, address verification providers (e.g., to update address lists in the event of a move), and other services.
Consulting firms, lawyers, banks, insurance companies, and telecommunications companies. These entities may view some of your data (e.g., our trustee will see who has made deposits in the bank) and process it on our behalf, either as joint controllers or as recipients of data from us, or as independent processors (e.g., logistics services, banks, insurance companies, debt collection agencies, credit reference agencies, or address verification providers, lawyers).
The main service providers in the IT field are Microsoft, Google, Zoom, Whatsapp (Meta) and Wordpress.

In any case, we provide these service providers with the data they need for their services, which may also concern you. These service providers may also use this data for their own purposes, such as information about outstanding debts and your payment history in the case of credit reference agencies, or anonymized data to improve their services.
Where possible and where protection is not provided by law, we enter into contracts with these service providers that include data protection provisions. In some cases, our service providers may also process data relating to the use of their services and other data generated during the use of their services as independent data processors for their own legitimate interests (e.g., for statistical analysis or billing purposes).
These service providers disclose their independent data processing activities in their data protection declarations.

Authorities – It may also be necessary to transmit certain data to the authorities (e.g., in the context of an employment contract with a cross-border commuter, personal data must be transmitted to the competent cantonal office for obtaining a permit).

Other people – these are other cases where interactions with third parties fall within the scope of the purposes stated above (e.g. shareholders).

We may restrict processing by some third parties (e.g., IT service providers), but not by others (e.g., authorities, banks, etc.).

4. Data transmission abroad

As explained in Section 3, we share data with other parties. Not all of these parties are based in Switzerland.
If the recipient is located in a country without adequate legal data protection, we require the recipient to comply with applicable data protection legislation (for this purpose, we use the European Commission's revised standard contractual clauses), unless the recipient is already subject to a legally accepted set of rules designed to ensure data protection or we can invoke an exception.
An exception applies, for example, in the case of legal proceedings abroad, in cases of overriding public interest, or when the performance of a contract requires the disclosure of data, as well as if you have consented to the data transfer or if the data was generally provided directly by you and you have not objected to the processing. Please note that data exchanged via the Internet often passes through third countries. Your data may therefore be sent abroad even if the sender and recipient are located in the same country.

5. Retention period

In principle, we retain your personal data for as long as necessary for the purposes of processing, the retention periods required by law, our legitimate interests in documenting and preserving evidence, or if retention is a technical requirement.
Generally speaking, this means that to comply with corporate regulations, we keep your data for at least 10 years.
Regarding data collected for advertising and marketing purposes, as well as any other data collected based on consent (e.g., CVs you have sent us), we process them for the necessary time.
In this context, if you have withdrawn your consent, the related personal data will also be destroyed, unless there is an overriding legitimate interest.

6. Data protection

We adopt appropriate technical and organizational measures tailored to the company's needs to ensure data security, including risk-based protection, ensuring the necessary security of your personal data and guaranteeing the confidentiality, integrity, and availability of your data, protecting it from unauthorized or unlawful processing, and minimizing the risk of loss, accidental alteration, unauthorized disclosure, or access. However, we cannot guarantee absolute data security.
Access to our website is via transport encryption (SSL/TLS, specifically Hypertext Transfer Protocol Secure, or HTTPS for short). Most browsers indicate transport encryption with a padlock icon in the address bar.
Our digital communications are subject—like all digital communications in principle—to mass surveillance without cause or suspicion and other controls by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the corresponding processing of personal data by intelligence services, police agencies, and other security authorities.

7. Your rights

Applicable data protection laws give you the right to object to the processing of your data in certain circumstances, including processing for direct marketing purposes, profiling for direct marketing purposes, and other legitimate interests in the processing.
To help you control the processing of your personal data, you have the following rights in relation to our processing of your data, in accordance with applicable data protection legislation:

• The right to ask us for information on whether we are processing your data and, if so, which data;
• The right to request the correction of inaccurate data;
• The right to request the deletion of data;
• The right to request the provision of certain personal data in a commonly used electronic format or their transfer to another data controller;
• The right to withdraw your consent, where our processing is based on your consent;
• The right to receive, upon request, other information relevant to the exercise of these rights;

If you wish to exercise any of the above rights, you can contact us in writing at our address. To prevent abuse, we require you to identify yourself (for example, via a copy of your ID card, if identification is not possible otherwise).

Please note that the exercise of these rights may be subject to conditions, exceptions, and restrictions in accordance with applicable data protection legislation (for example, to protect third parties or trade secrets). In these cases, we will inform you.

8. Website and Social Media

We use various techniques on our website that allow us—and third parties we engage—to recognize you (not your identity) when you use our website and, if necessary, track you across multiple visits. This section provides information on this.

Essentially, we want to distinguish between your access (through your system) and that of other users, in order to ensure the functionality of the website and to perform analytics and personalization. We do not intend to determine the identity of the user, although it may be possible for us or third parties we engage to identify you by linking your registration data. However, even without registration data, the technologies we use are designed to recognize you as an individual visitor each time you access the website. For example, our server (or third-party servers) assigns a unique identification number to you or your browser (called a "cookie").

We use these technologies on our website and may authorize certain third parties to do so. Depending on the purpose of these technologies, we may request your consent before using them. You can also configure your browser to block or exclude certain types of cookies or alternative technologies, or delete existing cookies. You can also add software to your browser to block certain types of third-party tracking.

You can find more information in your browser's help pages (usually with the keyword “data protection”) or on the websites of the third parties listed below.

We distinguish the following categories of “cookies” (including technologies that function in the same way, such as fingerprints):

• Necessary cookies : Some cookies are necessary for the website to function or for certain features. For example, they allow you to move from one page to another without losing information entered into a form. They also ensure that the user remains logged in. These cookies only exist temporarily ("session cookies"). If you block them, the website may not function properly. Other cookies are necessary for the server to remember options or information (entered by the user) beyond a session (i.e., a website visit) if the user uses this feature (e.g., language settings, consent, automatic login functionality, etc.).
  These cookies have a maximum expiration date of 24 months.
• We may also include additional third-party offers on our website, particularly those from social media providers. These offers are deactivated by default. As soon as you activate them (for example, by clicking a button), these providers can determine that you are using our website. If you have an account with the social media provider, they can assign this information to you and thus track your use of their online offerings. These social media providers process this data as independent processors.
  We currently use the offerings of the following service providers and advertising partners (where they use your data or cookies placed on your computer for advertising purposes):
  Google Analytics : Google Analytics is a web analytics service provided by Google LLC ("Google"). Google uses the Personal Data collected to track and examine the use of this Website, compile reports, and share them with other Google services. Google may use the Personal Data to contextualize and personalize the ads of its own advertising network. This Google Analytics integration anonymizes your IP address. Anonymization works by shortening within the borders of member states.
  Users' IP addresses are stored within the European Union or in other countries participating in the Agreement on the European Economic Area. Only in exceptional cases will the IP address be sent to Google's servers and shortened within the United States. These cookies have a maximum storage life of 24 months, but most expire after a few minutes. Personal Data processed: Usage data and Tracking Tool. Place of processing: United States or Ireland.
  Facebook Pixel : Meta ads conversion tracking (Meta pixel) is a statistics service provided by Meta Platforms Ireland Limited that connects data from the Meta advertising network with actions performed on this website. The Meta pixel tracks conversions that can be attributed to Facebook, Instagram, and Audience Network ads. These cookies have a maximum retention period of 3 months. Personal Data processed: Usage Data and Tracking Tools. Place of processing: United States or Ireland.
  When cookies are not necessary, you are given the choice whether to enable them or not.

We maintain a presence on social media and other online platforms to communicate with interested parties and to provide information about our activities and operations. In connection with these platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).
In any case, the General Terms and Conditions (GTC) and Terms of Use, as well as the data protection declarations and other provisions of the individual operators of these platforms, apply . These provisions inform in particular about the rights of data subjects directly vis-à-vis the respective platform, including, for example, the right to information.

9. Changes

We may modify this privacy policy at any time. The version published on our website is the current version.