Updated to the General Data Protection Regulation (“GDPR”) (EU) 2016/679

Q

1) Introduction

Quadrans Foundation considers personal privacy a serious matter and is committed to maintaining the confidentiality, security and integrity of the personal information collected and stored by it in accordance with its obligations under the Federal Act on Data Protection (“LPD”) of 19 June 1992 and, where applicable, under the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons, with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). This Privacy Policy describes the activities of processing of personal data of Quadrans Foundation through the website www.quadrans.io (“Website”) and the commitments made in such sense by Quadrans Foundation. Quadrans Foundation can process personal data of the persons when they access the Website and use its services and functionalities. In the sections of the Website where personal information of the data subject is collected, the data subject is normally informed with a notice published on the Website in compliance with Art.14 of the LPD and where applicable, in compliance with Art.13/15 of the GDPR. 
Where required by LPD and where applicable, by GDPR, consent must be obtained from the data subject before processing his or her personal data. If the data subject provides personal data concerning third parties, the communication of personal data to Quadrans Foundation and its processing for the purposes stated in the applicable privacy disclosure must be compliant with the LPD and where applicable, with the GDPR. 

2) Identification Details

Quadrans Foundation registered in the Commercial Register of the Canton Ticino with the number CHE-432.155.979, Via Alla Torre 2, 6850 Mendrisio, Switzerland.

3) Type of Data Processed

The visit and the consultation of the Website generally do not include collection or processing of personal data other than web data and websites cookies as per specified section 4 of this document. In addition to “web data”, cookies might be used at times to process personal data provided with the consent of the data subject when he or her interacts with the functionalities of the Website or uses the services offered on the Website. In compliance with the LPD and the GDPR, Quadrans Foundation might collect personal data of the data subject from third parties during the course of its activity.

4) Cookies and Web Data

The Websites uses cookies. By using the Website, the data subject acknowledges and allows the uses of cookies in accordance to this Privacy Policy. Cookies are small files that are stored in the computer system’s hard drive. There are two categories of cookies: technical cookies and proliferation cookies. Technical cookies are necessary for the correct functioning of a website and allow the user to navigate the web. Without cookies the user might not be able to view web pages correctly or use some services. Proliferation cookies have the purpose to create profiles of the users to provide user-friendly services based on the preferences shown during the navigation.

Cookies can be classified as follows:
– Session Cookies are erased immediately when the website browser is closed;
– Persistent Cookies remains memorized in the website for a certain period of time. They are used, for example, to recognize the device that connects to a website and help the authentication process of the user;
– Own Cookies are generated and managed directly by the website controller on which the data subject is navigating;
– Third-party Cookies are generated and managed by other parties rather than the website controller.

5) Cookies Used on the Website

The Website uses the following types of cookies:
1) Own cookies, session cookies and persistent cookies, necessary for the operation of the Website, for internal security and administrative purposes within the system;
2) Third party cookies, session cookies and persistent cookies to allow the data subject to use the multimedia elements present on the Website, such as images and videos;
3) hird party cookies and persistent cookies, used by the Website to send statistics to Google Analytics, through which Quadrans Foundation can conduct statistics analysis on accesses/visits to the Website. The cookies are strictly used to serve statistics purposes and collect information in an aggregated form. Through the use of a pair of cookies – one persistent and one session (expires when the browser is closed), Google Analytics fills a registry that contains the length and the time of access to/exit from the Website. it is possible to block Google form collecting and processing data through cookies by downloading and installing the browser plug-in from the following link: http://tools.google.com/dlpage/gaoptout
4) Third party cookies and persistent cookies, used by the Website to include buttons for accessing social networks such as Facebook, Twitter and Google+. By clicking on these buttons, the data subject can publish the content of the Website that is visiting on his or her social network platforms. 

The following table shows in details the types of cookies used on the Website:

PurposeSourceReferencesExpirationType
Navigation sessionswww.quadrans.ioSessionOwn
Information Acceptance and user’s decisionwww.quadrans.ioPersistentOwn
Social MediaFacebook ButtonPersistentThird parties
Social MediaTwitter ButtonPersistentThird parties
Social MediaTelegram ButtonPersistentThird parties
Social MediaLinkedin ButtonPersistentThird parties
RemarketingGoogle Analyticshttps://www.google.it/policies/privacy/partners/PersistentThird parties

The Website might contain third party’s links (i.e. third party’s websites). Quadrans Foundation does not have access to or control cookies, web beacons and other tracking technologies that might be used by third parties when the data subject access the Website. Quadrans Foundation does not control content and material that is published on or obtained from third party websites, nor is controlling the methods in which personal data is processed by them, and accepts no responsibility for such actions. The data subject is responsible to verify the privacy policy of third party websites accessed via the Website and obtain information concerning applicable conditions to personal data processing. This Privacy policy applies only to the Website as defined in this document.

6) How to Disable Cookies in Browsers

The data subject may, at any time, prevent the setting of cookies by means of a corresponding setting of the Internet browser used.
Denying the setting of third party cookies does not interfere in any way with the navigability of the Website.
The setting can be customized specifically for different websites and web applications. Furthermore, all popular browsers allow the data subject to choose different settings for “own cookies” and “third party cookies”. 
For example, in Firefox it is possible to access a control panel where the user can choose whether to accept different types of cookies or disable and clear them (Tools ->Options -> Privacy). 

IT (versione italiana):
• Chrome: https://support.google.com/chrome/answer/95647?hl=it
• Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
• Internet Explorer: https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies
• Microsoft Edge: https://privacy.microsoft.com/it-IT/windows-10-microsoft-edge-and-privacy
• Safari (Desktop): https://support.apple.com/kb/PH21411?locale=en_US&viewlocale=it_IT
• Safari (Mobile): http://support.apple.com/kb/HT1677?viewlocale=it_IT
• Browser Android: https://support.google.com/nexus/answer/54068?visit_id=1-636621611971251156-3373218149&hl=it&rd=1
• Opera: http://help.opera.com/opera/Mac/2393/it/controlPages.html#manageCookies

UK (per versione inglese):
• Google Chrome
• Mozilla Firefox
• Internet Explorer
• Microsoft Edge
• Safari (Desktop)
• Safari (Mobile)
• Browser Android
• Opera
For other browsers, the consultation of the product’s official documentation is recommended.

7) Storing Personal Data

Personal data is stored and processed by Quadrans Foundation’s informative systems and managed by Quadrans Foundation or third party technical services; for further details it is recommended to refer to the section 10 of this document “Communication and Data Access”. Data is processed exclusively by authorized personnel, including personnel in charge of the operations of extra maintenance.

8) Purposes and Data Processing Methods

Quadrans Foundation can process personal data concerning the data subject, including sensitive data, for the following purposes: use of the functionality and services of the website by authorized persons, management of requests made by the data subject, newsletters, management of application via Website, etc.
Furthermore, with the specific consent of the data subject, Quadrans Foundation can process personal data for marketing purposes, such as sending promotional material to the data subject and/or commercial communications concerning Quadrans Foundation to the recipient’s details provided, either via traditional means such as post, telephone calls etc., and via automated communication such Internet, fax, emails, SMS, applications for devices such as smartphones and tablets, cd, Apps, social network accounts (i.e. Facebook, Twitter, etc.). automated operator telephone calls etc. 
Personal data are processed either in paper and electronic form and is entered in the organization’s informative system according to the LPD and the GDPR, in line with the security and confidentiality profiles and according to the principles of correctness and lawfulness of processing.
Data is stored for the period of time strictly necessary for the fulfillment of the objectives for which data is collected in compliance with the current regulations and obligations. Rules are accurately followed to prevent the storage and/or use of data for an indefinite period of time, therefore restricting the duration of storage of data, in compliance with the principle of restriction of processing.

9) Security and Accuracy of Personal Data

Quadrans Foundation is committed to protect the security of the data subjects’ data with respect to all the liabilities concerning the security of data required by the applicable regulation, with the purpose of avoiding data loss, unlawful or illegal use of data and non-authorized accesses, with particular reference to the minimal requirements applicable for data protection. Quadrans Foundation is committed to protect personal data handled against every non-authorized processing, through suitable technical and organizational measures. Furthermore, informative systems and informative programs used by Quadrans Foundation are configured to reduce the use of personal and identification data to the minimum. This data is processed only to pursue the specific objectives set during the course of the activities. Quadrans Foundation uses multiple advanced security technologies and procedures in order to protect the data subjects’ information. For example, personal data is stored in secured servers located in sites where access is protected and controlled. The data subject can help Quadrans Foundation to keep up to date and correct the data concerning the data subject by communicating any changes such as the data subject’s address, qualification, contact details, etc.

10) Communication and Data Access

The data subject’s information may be communicated to:
– All the persons whose access is acknowledged and enabled for the fulfillment of the statutory task;
– All collaborators and/or employees of Quadrans Foundation, when concerning their tasks;
– All the natural and legal persons, public and/or private, when the communication is necessary or functional for the conduction of the Quadrans Foundation’s activities, and for the above mentioned purposes.

11) Communication of Personal Data

The communication of personal data by the data subject is necessary to allow Quadrans Foundation to manage the communications and requests made by the data subject or to contact the data subject to follow up on his or her request. This type of data is marked with the asterisk symbol [*] and in this case the communication of data is required to allow Quadrans Foundation to follow up on the request. On the contrary, data that is not marked with the asterisk is optional – non-communication of this data will not incur into any consequence for the data subject. 
The communication of personal data by the data subject for marketing purposes, as explained in this Privacy Policy is optional and the denial will not cause any consequence. The consent given for marketing purposes allows sending communications via methods and/or means of contact both automated and traditional, as explained above.

12) Rights of the Data Subject

12.1 Art. 15 (Right of access), 16 (Right to rectification) of Regulation (EU) 2016/679

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; 
f) the right to lodge a complaint with a supervisory authority;
h) the existence of automated decision-making, including profiling, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

12.2 Art. 17 of Regulation EU 2016/679 – Right to erasure (“right to be forgotten”)

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay or make it unusable and inaccessible, where one of the following grounds applies:

a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing for purposes of direct marketing, including profiling in connected to activities of direct marketing;
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation as per the LPD;
f) the personal data have been collected in relation to the offer of information society services, where applicable, referred to in Article 8(1) of the GDPR.

12.3 Art. 18 – Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; 
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; 
d) the data subject has objected to processing pursuant to Article 21(1) of the GDPR, where applicable, pending the verification whether the legitimate grounds of the controller override those of the data subject.

12.4 Art. 20 – Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

13) Withdrawal of the Consent of Processing

The data subject shall have the right to withdraw his or her consent of data processing. To this purpose, the data subject shall send a written request via email to the following address fondazione@quadrans.io, or via certified post to the following recipient: Quadrans Foundation, Via Alla Torre 2, 6850 Mendrisio, Switzerland, accompanied with a copy of his or her ID. Upon completion of this operation personal data of the data subject will be erased or made unusable from the archives without undue delay.
To obtain more information concerning data processing with the purpose to exercise his or her rights listed in this Privacy Policy, the data subject shall make a request via email to the following address: fondazione@quadrans.io, or via certified post to the following recipient Quadrans Foundation, Via Alla Torre 2, 6850 Mendrisio, Switzerland.
Before providing or modifying any information concerning the data subject, it is necessary to complete the identification process to verify the data subject identity and fulfill the necessary requirements by answering some questions. A response will be provided as soon as possible.
Where the data subject considers the response provided by Quadrans Foundation not satisfactory, the data subject may contact the Federal Data Protection and Information Commissioner (FDPIC).
Quadrans Foundation has the right to update or modify, at times, this Privacy Policy should there be changes of the modalities of data processing by Quadrans Foundation or changes to the law. The updated Privacy Policy will be published on the Website. The data subject is invited to verify changes and/or updates of this Privacy Policy on the Website. 


Network

Via alla Torre n.2, 6850 Mendrisio – Switzerland | CHE 432.155.979 | e-mail: fondazione@quadrans.io