According to the Federal Data Protection Act (FDPA), Regulation (EU) 2016/679 (GDPR) and Directive 2002/58/CE (eDirective), we provide you with the necessary information regarding the processing of personal data collected and processed during your experience on our website.
1. CATEGORIES OF PERSONAL DATA PROCESSED | DEFINITIONS
Personal data provided by you - or otherwise acquired in compliance with the legislative and contractual provisions in force - inherent in, connected with and/or instrumental to the assessment of your experience on our website, will be processed in compliance with the provisions of the applicable privacy laws and the obligations of confidentiality.
Personal data: all information relating to an identified or identifiable person. In particular, we will process the following personal data:
- Data provided directly by the data subject (e.g. for access to the reserved area and for sending requests via the 'Contact us' form: e-mail address): personal details (name, surname, billing address, shipping address), contact details (email, telephone number), user name.
We specify that the computer systems responsible for the operation of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers and devices used by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer.
Data subjects: natural or legal persons whose data is processed (also referred to as “you”).
Processing: any operation with personal data, irrespective of the means applied and the procedure, and in particular the collection, storage, use, revision, disclosure, archiving or destruction of data.
Disclosure: making personal data accessible, for example by permitting access, transmission or publication.
2. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
The company that determines the purposes and means of this processing of personal data is beyond.luxury Sagl, in the person with the necessary powers, VAT number CHE-482.945.908, with registered office in Via Serafino Balestra 9, 6900 Lugano, Switzerland (also referred to as “beyond.luxury” or the “Data Controller” or the “Company” or “we”). The contact details of the Data Controller are as follows: email@example.com
3. PURPOSE OF THE PROCESSING | DATA RETENTION PERIOD
|PURPOSE OF THE PROCESSING | JUSTIFICATION||JUSTIFYING REASON | LEGAL BASIS||DATA RETENTION PERIOD||TYPE OF PROVISION|
|c) Reply to requests received via the Contact/Support form.||Overriding interest of the Data Controller | Execution of pre-contractual measures||Data will be processed for the time necessary to provide the requested reply and, in any case, no longer than 24 months from the request||Provision of data is optional. Failure to provide them will prevent the Controller from achieving the purpose indicated herein, but will not prevent the user from browsing the website and purchasing our products.|
|d) Processing of on-line purchases made and related administrative-accounting activities (e.g. management of the order and its shipment).||Overriding interest of the Data Controller | Execution of pre-contractual measures||Data will be processed for up to 10 years after purchase||Providing this data is necessary to benefit of the requested service.|
|e) Creation of an account to login to the restricted website area||Overriding interest of the Data Controller | Execution of pre-contractual measures||Data will be processed until the account is deleted||Provision of data is optional. Failure to provide them will prevent the Controller from achieving the purpose indicated herein, but will not prevent the user from browsing the website and purchasing our products|
|f) Direct marketing of the data controller||Consent of the data subject||Data will be processed until consent is revoked | opt out||Provision of data is optional. Failure to provide them will prevent the Controller from achieving the purpose indicated herein, but will not prevent the user from browsing the website and purchasing our products.|
|g) Profiled marketing by the data controller: you will receive promotional communications from us based on your interests (newsletter)||Consent of the data subject||Data will be processed until consent is revoked | opt out||Provision of data is optional. Failure to provide them will prevent the Controller from achieving the purpose indicated herein, but will not prevent the user from browsing the website and purchasing our products|
|h) Transfer of data to third parties, partners of beyond.luxury, for their own promotional activities||Consent of the data subject||Data will be processed until consent is revoked | opt out||Provision of data is optional. Failure to provide them will prevent the Controller from achieving the purpose indicated herein, but will not prevent the user from browsing the website and purchasing our products|
3.1 MEANS OF DATA PROCESSING
The processing will be carried out in automated and/or manual form, using methods and tools designed to ensure maximum security and confidentiality, by subjects specially trained to do so. The personal data collected will be kept in a form that allows the identification of data subjects for a period of time not exceeding that indicated above.
3.2 SOURCE OF DATA
We usually collect personal data directly from users, who sign up on our platform. In some cases, however, we receive such data from our Ambassadors who, in accordance with our terms and conditions, enter information from people they know and think might be interested in our products and services. We carefully approve our Ambassadors and always make sure that the users referred by them are aware of this.
4. RECIPIENTS OF PERSONAL DATA
We may share your personal information with employees and/or staff acting under the Data Controller’s authority (duly instructed for the former purposes), as well as third parties contractually linked to us, in order to fulfill contractual obligations and achieve one or more of the aforesaid purposes of processing. Such third parties will process your data in their capacity as data processors, or as independent data controllers. More in detail, we may share your personal information to the following categories of recipients: a) subjects who provide services related to the functioning of this website, our information system and the telecommunications networks (e.g., hosting provider, webmaster); b) firms or companies within the scope of assistance and consultancy relations (e.g. web&digital marketing agencies); c) competent Authorities for the fulfilment of legal obligations and/or provisions of public bodies, upon request; d) providers of electronic payment services; e) couriers and shippers.
5. TRANSFERS OF PERSONAL DATA OUTSIDE THE CONFEDERATION
The website is hosted in the European Economic Area and, therefore, the personal data processed will be stored not only in Switzerland, but also in countries considered appropriate by the Federal Council for the transmission of personal data (See Annex 1 OFDPA: https://www.fedlex.admin.ch/eli/oc/2022/568/fr ). In order to benefit from the services provided by some of our suppliers, we will also transfer data to countries not included in Annex 1 of the DPA, it being understood that such transfer will be carried out in accordance with the provisions of the DPA and the DPA and, in particular, on the following bases:
- the presence of adequate safeguards, in this case contractual measures, to ensure adequate protection abroad;
- the processing is directly related to the conclusion or performance of a contract and the data undergoing processing concern the other party
6. RIGHTS OF THE DATA SUBJECT
According to the conditions established by the FDPA, the Data Controller acknowledges the following rights to you as a Data Subject (non-exhaustive list):
- to obtain the rectification of inaccurate or obsolete personal data;
- to be informed in writing and free of charge if personal data concerning you are being processed
- to revoke the consent to the processing of data that you have previously given;
- prevent the communication to third parties of sensitive personal data;
- to obtain the portability of personal data or to demand their transmission to a third party;
- to request the restriction or blocking of data processing, the prevention of data disclosure to third parties or rectification or destruction of personal data;
- the right to request that a given processing of personal data be prohibited, that a given communication of personal data to third parties be prohibited, or that certain personal data be deleted or destroyed;
- if neither the correctness nor the inaccuracy of the personal data can be proved, to request that a note be added to the data to indicate its disputed nature;
- to request that the rectification, destruction, blocking, in particular the communication to third parties, as well as the mention of the disputed character or the judgment be communicated to third parties or published;
- to have the unlawfulness of the processing of personal data declared.
Under the GDPR, you are granted the following rights:
- Obtain from the data controller confirmation as to whether or not personal data concerning you are being processed and if so, to obtain access to the personal data (Access);
- Obtain from the data controller rectification of inaccurate personal data concerning you (Rectification);
- Obtain from the data controller the erasure of personal data concerning you (Erasure);
- Obtain from the data controller the restriction of processing (Limitation);
- Receive in a structured, commonly used and machine-readable format personal data concerning him or her provided to a data controller and have the right to transmit such data to another data controller without hindrance from the data controller to whom you provided it (Portability);
- Object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you (Objection).
With the exemption of any other administrative or jurisdictional remedy, if the user considers that the processing of his or her data breaches the provisions of the FDPA and the GDPR, he or she has the right to file a complaint with the competent supervisory authority (i.e. the Federal Data Protection and Transparency Commissioner; For the European Economic Area, you can consult the website of the European Data Protection Board here https://edpb.europa.eu/about-edpb/about-edpb/members_en).
You may exercise your rights under the FDPA and GDPR (to the extent they are applicable) by contacting the Data Controller by writing at the above-indicated contacts.
7. ADDITIONAL INFORMATION | AMENDMENTS | UPDATES
Date of last update: July 4, 2023