Data protection declaration in accordance with the Swiss Data Protection Act (LPD)

In this data protection declaration we describe how For Fun SA (hereinafter For Fun), acquire and process personal data. This data protection declaration does not constitute an exhaustive description and, where appropriate, other data protection declarations regulate specific cases. For the purposes of this data protection declaration, personal data means all information that relates to a specific or identifiable person.

1. Responsible body and contact
For Fun is responsible for processing the data described here, unless otherwise indicated in the specific case. Requests for information regarding data protection can be sent to us by letter, attaching a copy of the identity card or passport for identification of the user to the following address: in via Luigi Lavizzari 6 – CH – 6830 Chiasso, telephone no. + 41 91 6862623, or by email to [email protected].

2. Acquisition and processing of personal data
Our processing of personal data concerns, in particular, the following categories:
• data of customers, to whom we provide or have provided services;
• personal data, which we have received indirectly from our customers in the context of providing services;
• data obtained from viewing our website;
• data deriving from our newsletter;
• data obtained by participating in one of our events;
• data obtained when we communicate or have a visit;
• in the context of other contractual relationships, e.g. e.g. as a supplier of goods or services or as a consultant
• data received during applications;
• data that we are obliged to process for legal or administrative reasons;
• where we protect our duties of care or other legitimate interests, e.g. e.g. to avoid conflicts of interest, money laundering or other risks, or to ensure data accuracy, check creditworthiness, protect security or exercise our rights;
Detailed information can be found in the description of the respective categories of treatments in point 4.

3. Categories of personal data
The personal data we process depends on your relationship with us and the purpose for which we process it. In addition to your contact data, we also process other information about you or people who are associated with you. Sometimes, this information may also include personal data worthy of particular protection.

We acquire the following categories of personal data, depending on the purpose for which we process them:

• contact information (e.g. name, surname, address, telephone number, e-mail);
• information concerning the customer (e.g. date of birth, nationality, marital status, profession, title, function designation, passport / identity card number, AVS number);
• data for risk assessment (e.g. credit information, commercial register data);
• financial information (e.g. banking relationship data);
• data relating to the mandate, depending on the type of mandate (e.g. tax information, statutes, minutes, projects, contracts, employee data (e.g. salary, social insurance), accounting data, beneficial owners, employee relationships property);
• data relating to the web pages (e.g. IP addresses, device information (UID), browser information, use of the web pages (use and analysis of plug-ins, etc.);
• application data (e.g. curriculum vitae, employment certificates);
• marketing information (e.g. subscription to a newsletter);
• security and network data (e.g. visitor lists, access controls, email network scanners, phone call lists);

To the extent permitted, we also obtain information about you from publicly available sources from the media and the Internet (provided this is appropriate in the specific case, e.g. in the context of an application, etc.), your addresses and possibly interests, as well as other socio-demographic data (for marketing), data relating to the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and its settings, cookies, date and time of visit, pages and content accessed, functions used, referring websites, location information).

4. Purposes of data processing and legal bases

4.1. Supply of services
We process personal data necessary to provide our services in a permanent, user-friendly, secure and reliable manner.
In the case of personal data of our customers, this concerns in particular the following information:
• contact information (e.g. first name, last name, address, telephone number, e-mail, other contact information);
• personal information (e.g. date of birth, nationality, marital status, profession, title, job description, passport/identity card number, AVS number, family situation, etc.);
• data for risk assessment (e.g. creditworthiness information, commercial register data, sanctions lists, specialized databases, data obtained from the internet);
• financial information (e.g. data concerning banking relationships, investments or shareholdings);
• data relating to the mandate, according to the type of mandate.

4.2. Indirect processing of data from the provision of services
When we provide services to our customers, it may happen that we also process personal data that we have not acquired directly from the data subjects or personal data of third parties. As a rule, these third parties are employees, contact persons, family members or people who for other reasons have a relationship with customers or interested parties. We need this personal data to honor contracts with our customers. We receive this personal data from our customers or third parties commissioned by them. Third parties, whose information we process for this purpose, are informed of this processing by our customers. To this end, our customers can refer to this data protection declaration.

4.3. Use of our website
To use our website, you do not need to disclose any personal data. However, when the site is accessed, the server collects a whole series of information about the user, which is temporarily saved in the server logfiles.
The use of this generic information does not imply any attribution to a specific person. The acquisition of such information or data is necessary for technical reasons, to be able to view our site and guarantee its stability and security. This information is also acquired to improve the site and analyze its use.
More precisely, this is the following information:
• contact information (e.g. name, surname, address, telephone number, e-mail);
• other information you transmit to us via the site;
• technical information, information on user behavior or site settings (e.g. IP address, UDI, device type, number of page clicks, newsletter opening, link clicks, etc.) which are transmitted directly to us or our service providers.
We process this personal data for the purposes described, based on the following legal bases:
• protection of legitimate interests (e.g. for administrative purposes, to improve our quality, analyze data or make our services known)
• consent (e.g. for the use of cookies or for the newsletter).

4.4. Use of the newsletter
If you subscribe to our newsletter, we use your email address and other contact details to send it to you. With your consent, you can subscribe to our newsletter. Mandatory information for sending the newsletter is your full name and your email address, which we save after your registration. The legal bases for the processing of your data, in relation to our newsletter, are constituted by your consent to the sending of the same. This consent can be revoked at any time by unsubscribing from the newsletter.

4.5. Participation in events
If you participate in an event organized by us, we acquire the personal data necessary to organize and carry out the event and, possibly, subsequently provide you with additional information. We also use your information to notify you of additional events. It may happen that during such events, you are photographed or filmed and that the images are then published by us internally or externally.

More precisely, this is the following information:
• contact information (e.g. name, surname, address, telephone number, e-mail);
• personal information (e.g. profession, function, title, employer’s company, eating habits);
• images or videos;
• payment information (e.g. banking relationship).
We process this personal data for the purposes described, based on the following legal bases:
• fulfillment of a contractual obligation with the interested party or in favor of him, including pre-contractual negotiations and the possible realization (possibility of participating in the event);
• protection of legitimate interests (e.g. organization of events, dissemination of information about our event, provision of services, efficient organisation);
• consent (e.g. to send you marketing information or create artwork).

4.6. Direct communication and visits
If you contact us (by telephone, email or chat) or we contact you, we process your personal data as necessary, depending on the purpose. Furthermore, we process this data when you visit us. In this case, you may have to leave us your contact details before your visit or when you show up at reception. We retain this personal data for a certain period of time in order to protect our infrastructure and information.
To organize telephone conferences, online meetings, video conferences and/or teleseminars, we use the “Zoom” or “Microsoft Teams” service [[if applicable or indicate the video conferencing provider you use]].

In particular, we process the following information:
• contact information (e.g. name, surname, address, telephone number, e-mail);
• marginal information on the communication (e.g. IP address, duration and channel of the communication);
• recording of interviews, e.g. e.g. in the framework of video conferences;
• other information, which the user uploads, makes available or creates during the use of the videoconferencing service, as well as metadata used for the maintenance of the provided service, as well as additional information on the processing of personal data by «Zoom» or Microsoft Teams can be found in their data protection policies;
• personal information (e.g. profession, function, title, employer’s company);
• time and time of the visit.

We process this personal data for the purposes described, based on the following legal bases:
• fulfillment of a contractual obligation with the interested party or in favor of him, including pre-contractual negotiations and the possible implementation (provision of a service);
• protection of legitimate interests (e.g. security, traceability, as well as care and administration of customer relationships).

4.7. Nominations
You can send us your application for a job in our company by letter or to the e-mail address indicated on our website. The documents and all personal data communicated with the application are treated with the utmost confidentiality and only for the purpose of processing your application, to be hired by us. In the absence of your objection, at the end of the application procedure, your file will be returned to you or cancelled/destroyed, if there is no legal obligation to keep it. The legal bases for processing your data are your consent, the performance of the contract with you and our legitimate interests.
In particular, we process the following information:
• contact information (e.g. name, surname, address, telephone number, e-mail);
• personal information (e.g. profession, function, title, employer’s company);
• application documents (e.g. motivation letter, certificates, diplomas, curriculum vitae);
• evaluation information (e.g. evaluation of the personnel consultant, references, assessment).
We process this personal data for the purposes described, based on the following legal bases:
• protection of legitimate interests (e.g. hiring new collaborators);
• consent.

4.8. Suppliers of goods and services, other contractual partners
When we enter into a contract with you to provide us with a service, we process personal data relating to you or your collaborators. We need this data to communicate with you to request your services.

In particular, we process the following information:
• contact information (e.g. name, surname, address, telephone number, e-mail);
• personal information (e.g. profession, function, title, employer’s company);
• financial information (e.g. banking relationship data).
We process this personal data for the purposes described, based on the following legal bases:
• stipulation or execution of a contract with the interested party or in favor of him, including pre-contractual negotiations and possible implementation;
• protection of legitimate interests (e.g. avoidance of conflicts of interest, protection of the company, exercise of legal rights).

5. Tracking Technologies
We use cookies on our site. These are small files that your browser automatically creates and saves on your terminal (laptop, tablet, smartphone, etc.) when you visit our site.
Information obtained from the specific terminal used is inserted into the cookie. However, this does not mean that we immediately learn your identity. The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to know whether you have already visited certain pages of our website. When you leave our page, these cookies are automatically deleted.
Furthermore, to optimize ease of use, we use temporary cookies, which are saved on your terminal for a pre-established period of time. If you then visit our page again to use our services, the system automatically recognizes that you have already visited us, which data you have entered and which settings you have activated, so that you do not have to enter/activate them again. We use cookies to statistically record the use of our website and to analyze our offer in order to optimize it for you. When you revisit our page, these cookies automatically let us know that you have been to us before. These cookies are automatically deleted after a pre-established time.
The data processed via cookies are necessary for the purposes mentioned. Most cookies are automatically accepted by browsers. However, you can configure your browser so that it does not save any cookies on your computer or that a warning appears before a new cookie is inserted. Furthermore, completely deactivating cookies may prevent you from using all the functions of our site.

6. Web and newsletter analysis
To be informed about the use of our website, to improve our internet offering or to be able to draw your attention with our advertising also on third-party websites or on social media, we use the following web analysis tools and the following retargeting technologies : Google Analytics-

These tools are made available by third-party providers. As a rule, the information acquired for this purpose on the use of a site is transmitted to the third-party provider’s server via cookies or similar technologies. Depending on the third-party provider, these servers may be located abroad.

Normally, data transmission occurs by shortening IP addresses, which prevents individual terminals from being able to be identified. The transmission of this information by third-party providers takes place exclusively on the basis of legal requirements or in the context of mandated data processing.

6.1. Google Analytics
On the pages of our website we use Google Analytics [[if applicable]], the web analysis service of Google LLC, Mountain View, California, USA; responsible for Europe is Google Limited Ireland («Google»). To deactivate Google Analytics, Google provides a browser plug-in at https://tools.google.com/dlpage/gaoptout?hl=it. Google Analytics uses cookies. These are small text files, which allow specific information concerning the user to be saved on the user’s terminal. These cookies allow Google to analyze the use of our website offerings. Generally, the information acquired by the cookie and concerning the use of our pages (including your IP address) is transmitted to a Google server in the USA, where it is stored. We would like to point out that on this site Google Analytics has been integrated with «gat._anonymizeIp();», in order to guarantee anonymized acquisition of IP addresses (so-called IP-masking). If anonymization is active, within the member states of the European Union and in other member states of the European Economic Area, Google shortens IP addresses, so as to make it impossible to trace your identity. Only in exceptional cases will the entire IP address be transmitted to a Google server in the USA and shortened there. In special circumstances, Google may connect your IP address with other Google data. For data transmission to the USA, Google has undertaken to sign up to and comply with the EU Standard Contractual Clauses.

6.2. Google Maps
On our website we use Google Maps (API) from Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; responsible for Europe is Google Limited Ireland, «Google»). Google Maps is a web service for representing interactive (geographical) maps, in order to display geographical information. Through this service, we can show you where we are and make any itinerary easier for you. By calling up the pages below, in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there. This occurs regardless of whether Google provides a user account to which you are logged in or whether no such account exists. If you are logged into Google, your data is assigned directly to your account. If you want to avoid this assignment to your Google profile, you must log out before activating the button. Google stores your data (even if you are not logged in as a user) as user profiles and analyzes them.

For data transmission to the USA, Google has undertaken to sign and comply with the EU standard contractual clauses.

6.3. Social media plug-ins
Our website uses so-called social media plug-ins (“plug-ins”) from third-party providers. The plug-ins are recognizable by the logo of the respective social network. Through plug-ins, we offer you the possibility to interact with social networks and other users. We use the following plug-ins on our website: Facebook, Twitter, LinkedIn, YouTube. When you call up our website, your browser establishes a direct connection to the servers of the third-party provider. The content of the plug-in (e.g. YouTube videos) is transmitted directly by the third-party provider in question to your browser and integrated into the page.

The retransmission of data for the display of content (e.g. publications on Twitter) occurs regardless of whether or not you have an account with the third-party provider and are logged in. Furthermore, if you have connected to the third-party provider, the data collected by us is assigned directly to the account you have with that provider. Finally, if you activate the plug-ins, the information is published on the social network and shown to your contacts. To find out about the purpose and scope of the data collection, as well as the further processing and use of the data by third-party providers as well as your rights in this regard and possible settings to protect your privacy, please Please consult the third party provider’s data protection notices. The third-party provider stores the data collected about you in the form of a user profile and uses it for the purposes of advertising, market research and/or needs-based configuration of its website. Such an analysis is also carried out for users who are not logged in, in order to present need-based advertising and to inform other users of the social network about your activities on our website. If you want to prevent third-party providers from assigning the data acquired on our site to your personal profile in the respective social network, disconnect from the social network in question before visiting our site. You can also completely prevent the loading of plug-ins with specialized add-ons for your browser, such as “Ghostery” (https://www.ghostery.com/) or “NoScript” (http://noscript.net /).

7. Retransmission and transmission of data
We only pass on your data to third parties if this is necessary to provide our service, if such third parties provide us with a service, if there is a legal or administrative obligation in this regard or if we have an overriding interest in the forwarding of the personal data. We also transmit personal data to third parties when you have given us your consent or asked us to do so.
Personal data is not always transmitted encrypted. Unless otherwise expressly agreed with the customer, accounting data, salary administration data, salary statements and certificates are not transmitted in encrypted form.

The following categories of recipients may receive personal data from us:
• service providers (e.g. IT service providers, hosting providers, suppliers, consultants, lawyers, insurance companies)
• third parties in the framework of our legal or contractual obligations, such as authorities, state institutions, courts.
We conclude contracts with service providers who process personal data on our behalf in which they undertake to ensure data protection. Our service providers are predominantly located in Switzerland or in the EU/EEA. Certain personal data may also be sent to the USA (e.g. Google Analytics data) or, in exceptional cases, also to other countries around the world. If it is necessary to send data to other countries, which do not have a sufficient level of data protection, this is done on the basis of EU standard contractual clauses (e.g. in the case of Google) or other suitable instruments.

8. Duration of retention of personal data
We process and store your personal data as long as necessary for the fulfillment of our contractual or legal obligations or the achievement of the objectives pursued by the processing, i.e. for example for the duration of the entire business relationship (from pre-contractual negotiations, to the execution and upon termination of a contract), as well as in accordance with legal archiving and documentation obligations. Furthermore, personal data may be stored for as long as claims could be asserted against our company (in particular until the statutory limitation period expires), and insofar as we are, for other legal reasons, obliged to do so or legitimate commercial interests require it (e.g. for evidence and documentation purposes). As soon as your personal data is no longer necessary, in principle and as far as possible, it will be deleted or anonymized. Basically, retention periods of twelve months or shorter apply to operational data (e.g. system protocols, logs).

9. Data security
We take appropriate technical and organizational security measures to protect your personal data from misuse and illicit access, such as the dissemination of guidelines, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and data transmissions, pseudonymisation and controls.

10. Obligation to communicate personal data
In the framework of our business relationship, you must communicate the personal data necessary for the establishment and execution of this relationship, as well as for the fulfillment of the contractual obligations relating to it (as a rule, you do not have a legal obligation which requires us to provide data layout). Without this data we will be unable to enter into a contract with you (or the service or person you represent) or perform it. Our website cannot also be used if certain information (such as the IP address) is not provided to ensure data transmission.

11. Your rights
In relation to our processing of personal data, you have the following rights:
• right to be informed about the personal data concerning you and stored by us, the purpose of the processing, the origin and the recipients or categories of recipients to whom the personal data is forwarded;
• right to rectification, if your data is incorrect or incomplete;
• right to limit the processing of your personal data;
• right to request the deletion of personal data processed;
• right to data portability;
• right to object to data processing, or to withdraw consent to the processing of personal data, at any time without giving reasons;
• right to submit a complaint to a competent supervisory authority, if legally required.
To assert these rights, please contact the address indicated in point 1.
Please note, however, that we reserve the right to assert statutory restrictions if we are, for example, obliged to store or process certain data, if we have an overriding interest in this regard (to the extent we can rely on it) or if we need them to assert rights. If this will incur costs for you, we will inform you in advance.

12. Amendment of the data protection declaration
We expressly reserve the right to change this data protection declaration at any time.
Last modified: February 2024