Informativa Privacy

Privacy Notice

Privacy Notice on Personal Data Processing

Art. 13 Reg. (UE) 2016/679 – Art. 19 Swiss Federal Act on Data Protection dated 09/25/2020 

In compliance with Article 13 of the European Union Regulation 2016/679 ("GDPR") and Article 19 of the Swiss Federal Act on Data Protection dated September 25, 2020 ("FADP"), we provide users of the websites located at www.metodo-ongaro.com and store.metodo-ongaro.com ("Sites") and the Metodo Ongaro® mobile application ("App"), within the European Union and Swiss Confederation territories, the following information. This notice applies solely to data processing carried out through these Sites and App and does not extend to any other websites that may be accessed through links found on the Sites and App. For those sites, we encourage each visitor to review the privacy notices provided by their respective owners.

DATA CONTROLLER AND CONTACT INFORMATION: METODO ONGARO SWITZERLAND SA, located in Agno, CH-6982, Via Lugano 18, VAT ID CHE 496.146.724 – email supporto@metodo-ongaro.com.

 

CATEGORIES OF PROCESSED DATA, PURPOSES, AND LEGAL BASIS FOR PROCESSING

Processed data includes: first name, last name, email address, and any personal data potentially included in messages.

The purpose of processing is to address user requests sent through interaction methods available on the Sites and App, or to the email addresses listed therein (e.g., support requests; requests for free content delivery).

Legal basis for users located within the European Union territory ("European Users"): performing a contract to which the data subject is party or taking steps at the request of the data subject prior to entering into a contract - Art. 6.1(b) GDPR.

Legal basis for users located within the Swiss Confederation territory ("Swiss Users"): conclusion or performance of a contract to which the data subject is party – Art. 31.2(a) FADP.

------------------------

Data Processed: Navigation and device data (personal data whose transmission is inherent in the use of internet communication protocols, such as IP addresses or domain names of computers used by users, the time of the request, and other parameters related to the user's operating system and computing environment).

The purpose is to enable user navigation on the Sites and usage of the App.

Legal Basis for European Users: Performance of a contract to which the data subject is party/pre-contractual measures taken at the data subject’s request - Art. 6.1.(b) GDPR.

Legal Basis for Swiss Users: Conclusion or performance of a contract to which the data subject is party – Art. 31.2.(a) FADP.

------------------------

Data Processed: First name, last name, email address, password.

The purpose is to facilitate the creation of a personal user account on the Sites and the App ("Reserved Area").

Legal Basis for European Users: Performance of a contract to which the data subject is party/pre-contractual measures taken at the data subject’s request - Art. 6.1.(b) GDPR.

Legal Basis for Swiss Users: Conclusion or performance of a contract to which the data subject is party – Art. 31.2.(a) FADP.

------------------------

Data Processed: First name, last name, email address, phone number, physical address, credit card or other payment details.

The purpose is to finalize and fulfill the sale of products and/or subscription to courses through the Sites and the App.

Legal Basis for European Users: Performance of a contract to which the data subject is party/pre-contractual measures taken at the data subject’s request - Art. 6.1.(b) GDPR.

Legal Basis for Swiss Users: Conclusion or performance of a contract to which the data subject is party – Art. 31.2.(a) FADP.

------------------------

Data Processed: First name, last name, email, any personal data included in the responses to the questionnaire.

The purpose is to enable the compilation of the questionnaire for subscribers to the "Soul Camp" program through the Sites and the App.

Legal Basis for European Users: Performance of a contract to which the data subject is party/pre-contractual measures taken at the data subject’s request - Art. 6.1.(b) GDPR.

Legal Basis for Swiss Users: Conclusion or performance of a contract to which the data subject is party – Art. 31.2.(a) FADP.

------------------------

Data Processed: First name, last name, email address, phone number, job position, personal data potentially included in the description of motivations to participate in the services offered.

The purpose is to allow the sending of applications for course enrollment through the Sites and the App.

Legal Basis for European Users: Performance of a contract to which the data subject is party/pre-contractual measures taken at the data subject’s request - Art. 6.1.(b) GDPR.

Legal Basis for Swiss Users: Conclusion or performance of a contract to which the data subject is party – Art. 31.2.(a) FADP.

------------------------

Data Processed: First name, last name, email address.

The purpose is to conduct direct marketing activities through sending communications or material (e.g., via email, newsletters) regarding products/services similar to those for which the user has subscribed or requested information through the Sites and the App.

Legal Basis for European Users: Legitimate interest of the controller – Art. 6.1.(f) GDPR. The legitimate interest of the controller is identified in the promotion of its activity through direct marketing – see Recital No. 47 GDPR.

Legal Basis for Swiss Users: Preponderant interest of the controller – Art. 31.1 FADP.

------------------------

Data Processed: First name, last name, residential address, contact details, user's transaction history on the Sites and the App.

The purpose is the management of any disputes arising from purchases or reservations through the Reserved Area.

Legal Basis for European Users: Legitimate interest of the controller – Art. 6.1.(f) GDPR. The legitimate interest of the controller is identified in the promotion of its activity through direct marketing – see Recital No. 47 GDPR.

Legal Basis for Swiss Users: Preponderant interest of the controller – Art. 31.1 FADP.

------------------------

Data Processed: First name, last name, email address, phone number.

The purpose is to conduct marketing activities by sending newsletters to the user's email address, possibly including profiled marketing.

Legal Basis for European Users: Consent given by the user – Art. 6.1.(a) GDPR.

Legal Basis for Swiss Users: Consent given by the user – Art. 31.1 FADP.

------------------------

Data Processed: First name, last name, residential address, tax information.

The aim is to manage the financial transactions for purchases or course enrollments completed through the Sites and the App.

Legal Basis for European Users: Legal obligation to which the data controller is subject – Art. 6.1.(c) GDPR.

Legal Basis for Swiss Users: Legal obligation to which the data controller is subject – Art. 31.1 FADP.

------------------------

Through the Private Area, sensitive data (including health-related information, religious beliefs, union membership, sexual preferences, and other categories as outlined by Article 9 of the GDPR and Article 5.1.(c) of the LPD) are processed. These are shared voluntarily by the user for the purpose of engaging in interactive coaching activities during streaming events. Such processing hinges on the explicit consent given by the individual to access the subscription content within the Private Area.

***

PROVISION REQUIREMENT: Providing data for marketing purposes is optional, and thus, withholding consent or withdrawing it will not affect your ability to browse the Sites and/or use the App, place orders and/or subscribe and/or submit applications. The provision of other data is essential for navigation and/or message sending and/or for the completion of orders and/or subscriptions and/or the submission of applications through the Sites and/or the App. Failure to transmit such data may result in the inability to browse the Sites and/or use the App and/or to proceed with such messages and/or orders and/or subscriptions and/or applications.

PROCESSING METHODS: Personal data is processed using both paper and electronic methods, in compliance with data protection regulations, specifically the technical and organizational measures appropriate as per Article 32.1 of the GDPR and Article 8 of the LPD. This is done while observing all precautionary measures to ensure its integrity, confidentiality, and availability.

POSSIBLE RECIPIENTS OF PERSONAL DATA: Data may be shared with (i) third parties acting on behalf of the Data Controller, including for the fulfillment of services related to the purposes outlined in this notice, especially regarding the management and maintenance of the Sites, promotional activities, sharing information about the Data Controller's products and/or services, etc.; (ii) other companies related to the Data Controller, (iii) consultants of the Data Controller; (iv) authorities and public bodies where disclosure is legally required.

Personal data is also processed outside the European Economic Area (EEA), as well as outside the Swiss Confederation. The Data Controller commits to selecting suppliers of renowned reputation and verifying their commitment to comply with the provisions of the GDPR and the LPD regarding the transfer of personal data outside the EEA and the Swiss Confederation.

CONSERVATION PERIOD: Data is stored for a maximum of 10 (ten) years from the last interaction with the user, considering the statute of limitations for any claims arising from the relationship between the Data Controller and the user, as prescribed by law. Navigation data will be kept for the technical time necessary to fulfill the functions for which it was collected. Sensitive data will be stored for the duration of one year from the end of the contractual relationship between the Data Controller and the user, unless the right to withdraw consent is exercised at any time.

PROFILING: The user's name, surname, email address, telephone number, and other personal data may be used to create a user profile and send targeted marketing that may be of greater interest to the user. This profiling does not produce legal effects for the user.

RIGHTS OF THE DATA SUBJECT: At any time, each European User may exercise their rights as provided by Articles 15 to 22 of the GDPR, namely the right to request:

  1. access to personal data, i.e., to know their personal data held by the Data Controller, the purposes for which it is processed, its origin, and other information as specified by Article 15 of the GDPR;
  2. the rectification of personal data in case of inaccuracies;
  3. the deletion of personal data (the 'right to be forgotten');
  4. the restriction of processing of personal data, i.e., the right to obtain the suspension of processing of personal data for the time necessary to verify a request for correction of personal data, or in other cases as provided by Article 18 of the GDPR.
  5. data portability, that is, to receive in a structured, commonly used, and machine-readable format, the personal data – even requesting their direct transfer to another data controller (for those data processed by automated means);
  6. the right to request the data controller to refrain from processing data pursuant to Article 6, paragraph 1, letters e) or f) of the GDPR (right to object);
  7. the right to lodge a complaint under Articles 77 and following of the GDPR with a supervisory authority, which for Italy is identified in the Guarantor for the protection of personal data. The complaint procedures are indicated at this link: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.

At any time, each Swiss User can assert their rights against the Data Controller as provided by Articles 25, 28, and 32 of the LPD, specifically the right to:

- Request access to personal data, meaning to learn about the personal data held by the Data Controller, the purposes for which it is processed, its source, and other information as outlined in Article 25 of the LPD;

- Obtain the delivery of personal data concerning them that they have provided to the Data Controller, or have it transmitted to another data controller, in accordance with Article 28 of the LPD;

- Request the correction of inaccurate personal data, its deletion or destruction in line with Article 32 of the LPD;

- The right to file a complaint under Article 49 of the LPD with the supervisory authority if there are sufficient indications to assume that data processing might violate data protection provisions. The supervisory authority for the Swiss Confederation is identified as the Federal Data Protection and Information Commissioner (FDPIC).

CHANGES TO THIS NOTICE: This privacy policy may undergo changes over time due to the possible enactment of new industry regulations, the update or provision of new services, or due to technological innovations. Changes to the policy become effective at the time of their publication on the Sites, provided that the Data Controller will not use the data collected previously for purposes other than those described here without informing the user.

Last updated: September 18, 2023