Privacy Policy

When you browse the website twww.astes4.ch, communicate with us or subscribe to our Newsletter, Astes4 SA collects and processes information about you (hereinafter, the “personal data”). The purpose of this page is to inform you about the personal data collected, the processing carried out, the purposes pursued, the recipients of the data and their possible transfer abroad.

Considering that you have a wide range of services available, you will find below a general section with the information that applies to all the services and several special sections with specific information for the individual services.

Astes4 SA, Balerna (TI – CH), establishes the purpose and means of processing your personal data. For communications please use the following contact details: (i) postal address: Via Paseggiata 3A, 6828 Balerna (TI – Swiss Confederation); (ii) Tel. +41 91 6829320/321; (iii) e-mail: privacy@astes4.ch.

We only collect and use the personal data necessary to manage the platform in a simple and secure manner. We do not profile you, we do not monitor your behaviour, we do not give your personal data to third parties. To expand and improve our services, we limit ourselves to analysing the use of the services in an aggregate manner, that is, guaranteeing the anonymity of the users concerned. In addition, we carry out the processing required by law.

Where necessary, we endorse the express consent given as the legal basis for processing and we only delegate the processing to carefully selected external suppliers who have assumed strict obligations regarding the protection of personal data.

Finally, we favour the location of processing in Switzerland. Processing carried out abroad is limited to States with legislation that adequately protects personal data according to the instructions provided by the Federal Data Protection Officer (the full list of States can be found here).

Switzerland is not a Member State of the European Union (EU), so European law is not directly applicable. However, Art. 3 par. 2 of the General Regulation on the protection of personal data (EU) 679/2016 (hereinafter “GDPR”) specifies that the GDPR applies to subjects established outside the EU in the case of data processing that depends on: (i) offering goods or services to natural persons in the EU or (ii) monitoring the behaviour of natural persons in the EU.

Astes4 does not direct its activity towards the EU, nor does it monitor the behaviour of those in the EU, so the GDPR is not applicable. However, Swiss law offers adequate protection of personal data, as ascertained by the European Commission on 26 July 2000 (read the adequacy decision here).

In case of subjection to the GDPR, this document is valid as information pursuant to and for the purposes of art. 13 and 14. In addition to benefiting from all the protections provided by the GDPR, you can assert your rights as expressed in articles 15, 16, 17, 18, 19, 20, 21, 22 GDPR, by contacting Astes4. You have the right, at any time, within the limits and under the conditions established by the GDPR, to ask Astes4 to access, amend, or delete your personal data, to limit the processing that concerns you or to oppose processing of your personal data, as well as to exercise the right to portability of such data. Where processing is based on Article 6, paragraph 1, letter a) or article 9, paragraph 2, letter a) GDPR, you have the right to withdraw consent at any time. You have the right to lodge a complaint with the competent Supervisory Authority. In the case of a request for data portability, Astes4 provides you, in a structured format commonly used and readable by automatic device, with the personal data concerning you, without prejudice to paragraphs 3 and 4 of art. 20 GDPR.

Any other administrative and judicial appeal reserved, if you believe that the processing of your data violates the provisions of the GDPR, you have the right to lodge a complaint with the competent Supervisory Authority for the protection of personal data (Switzerland: IFPD │ EU: list of national authorities).

In no case are references to the GDPR to be understood as voluntary subjection to such legislation, respectively to the supervision and/or decision-making power of any foreign Authority (with respect to Switzerland).

Processing based on your consent is only lawful if you are at least 16 years old.

If you are under the age of 16, consent must be given or ratified by your parents (or guardian).

Although we use reasonable efforts and technology to verify that parental consent, where required, is present and effective, you have an obligation to declare your correct age and to refrain from giving consent without the involvement of your parents.

Applicable law. The processing of personal data is governed by federal data protection law (LPD; RS 235.1).

Obligation of consultation. The policy is variable over time as the processing of data evolves depending on the services offered. Given that changes are only posted online, it is your duty to visit this page each time you use the services so as to always be kept up-to-date.

What other rules apply to services? This is the policy on the processing of personal data. The contractual terms and other conditions applicable to your use of the site can be viewed by clicking here.

What is “personal data”? This is all information about an identified or identifiable person, such as name, surname, e-mail, telephone number, IP address, personal interests, purchases made, sites visited, location and movement data, etc.

What is a “data item worthy of particular protection”? This is particularly sensitive personal data: (i) data concerning religious, philosophical, political or trade union views or activities, health, intimacy or membership of a race or ethnic group, (ii) genetic data, (iii) biometric data uniquely identifying a natural person, (iv) data concerning administrative and criminal prosecutions and sanctions, (vi) data concerning social service measures.

Help us protect you: it’s your duty. The use of the Internet and e-mail is exposed to risks. Protect your devices and manage your passwords correctly. Follow specialist safety recommendations (link). Only send information by e-mail that you would be willing to make public. Given the nature of the Internet as an “open network”, we cannot guarantee that your data will not be intercepted or acquired by unauthorised third parties.

Permission to use e-mail. By providing us with your email address, unless expressly instructed otherwise, you authorize us to mail you by uncertified and unencrypted email, assuming the related risks, documents and information requested, including any personal data or confidential information.

Duration of retention of personal data. When the purposes for which the data was collected are achieved, we destroy your data or render it anonymous. Any legal retention obligations are reserved (for example: 10 years if the information is significant for accounting purposes). You can request detailed information on the personal data retention policy in the context of a specific processing by writing to privacy@astes4.ch.

Legal bases for the processing of personal data. A processing of personal data is lawful if it is based on the consent of the data subject, on an overriding public or private interest or on the law. An overriding private interest exists, in particular, if the processing is necessary in view of the supply of goods and/or services requested by the user. Where required by law, for example in the case of analysis and marketing or advertising activities involving user profiling or automated decisions or even data processing activities worthy of particular protection, Astes4 will submit a request for consent together with the policy through electronic channels (online or by e-mail) or analogue channels (ordinary mail).

External service providers in contact with personal data. We involve external suppliers in order to provide the services requested in the best possible way. External suppliers shall have access to the data only to the extent strictly necessary to carry out their tasks, subject to the assumption, by agreement, of strict confidentiality and non-use obligations in relation to personal data. We only use service providers established in Switzerland or in States that adequately protect personal data.

Without prejudice to the transmission of data required by law, the data may be disclosed to recipients belonging to the following categories: (a) entities that provide services for the management of information and telecommunications systems that are functional to the provision of the platform (in particular, these are currently the following services: hosting and cloud computing, e-mail and Newsletter management service); (b) entities that provide services in the legal, accounting, administrative, tax and auditing fields.

The complete and updated list of external suppliers is available for viewing at the Aste4 head office. For security reasons, some information may be made anonymous or partially masked.

Showcase on products and services, events, exhibitions and promotions. When you visit our website to look for information on products and services, events, exhibitions and promotions, the processing of personal data can be summarised as follows:

• Data collected: IP address; technical and analytic-statistical cookies (see dedicated section ); characteristics of the browsing program (name, language, installed plug-ins); pages visited, duration of visit, page of origin (e.g. google search, previous site); approximate location based on the IP address (usually corresponding to the location of your Internet access provider); unique identifier of the mobile device used.
• Aims pursued: (i) allow navigation on the site; (ii) perform analyses and statistics on the use of the site in order to optimise security, usability and quality of services and content, as well as the introduction of new services and content.
• Recipients: Astes4 and its service providers on the basis of strict necessity.
• Transfers abroad: none.

Newsletter subscription. See dedicated section .

Online form. See dedicated section .

Sending candidacy for a job application. See dedicated section .

Marketing and advertising. See dedicated section .

Social media plug-in. See dedicated section .

The newsletter is a free and optional service made available to all interested parties. To receive it, you must subscribe by providing your email address and specifying the areas of interest. Deletion from the list of recipients is possible at any time and with immediate effect by activating the dedicated link at the bottom of each email.

The Newsletter does not track you and does not profile you based on the content or links activated. However we carry out statistical analyses in an aggregate manner (guaranteeing anonymity) to assess the general interest in the content and events proposed.

Your email address is not given to third parties. For technical reasons, we delegate the management of the Newsletter to an external provider, which must be established in Switzerland or in a State that adequately protects personal data according to the instructions provided by the Federal Data Protection Officer (the complete list of States can be consulted here).

The processing of personal data can be summarised as follows:

• Data collected: first / last name; full address; email; message; IP address.
• Purposes pursued: provision of the requested information.
• Mode of communication: e-mail.
• Recipients: Astes4.
• Transfers abroad: none; for cookies, see dedicated section

The relevant information and processing of personal data can be summarised as follows:

• Tool used: plug-in for WordPress environment.
• Data collected: name and surname; e-mail address; uploaded files (curriculum vitae and supporting documents); IP address.
• Aims pursued: (i) participation in the selection for a job; (ii) in the case of recruitment: permanent retention in the personnel file; (iii) in the case of non-recruitment: destruction or retention for a period of 12 months (maximum) with a view to the opening of new selections (with the express consent of the candidate), destruction on expiry.
• Recipients: Astes4; for cookies, see dedicated section.
• Transfers abroad: none; for cookies, see dedicated section .

We use your personal data for direct marketing purposes but only after obtaining your express consent, unless you have already used our services and similar new services or promotions are available regarding similar services. In any case, we do not transfer your data to third parties, we do not analyse your online behaviour and we do not cross-reference the data with information from external sources in order to propose tailored offers to you. The processing of personal data can be summarised as follows:

• Data collected: name / surname; telephone number; home address; e-mail; information on the products and/or services purchased; preference sectors indicated when subscribing to the newsletter; cookies.
• Purposes pursued: direct manual and automated marketing through (i) sending informative – advertising material, surveys, events and initiatives concerning products and/or services purchased previously or according to the interests communicated by the user; (ii) carrying out analyses and statistics for the purpose of optimising the usability and quality of services and content, as well as introducing new services and content (in particular through the newsletter and cookies; see dedicated sections).
• Method of communication: SMS, phone calls with operator, paper mail and e-mail.
• Recipients: Astes4; Google as an analytical – statistical cookie provider limited to the use of the site (see section dedicated to cookies); Newsletter Manager, limited to the relative data (see section dedicated to the Newsletter).
• Transfers abroad: none; for cookies, see dedicated section .

• What are cookies? Cookies are text files stored in your system by sites or servers when you browse the web or use the Apps. Thanks to cookies, these sites or servers are able to recognize your browser while browsing or later in case of return. Cookies help improve your online experience, for example by preserving the preferences you have expressed over time or avoiding you having to log-in every time you change pages. Cookies can also be used to monitor and track your online behaviour in order to offer you tailored advertising.

  The types of cookies. Cookies are divided into various types. When the subject who stores the cookie on your system coincides with the site visited, the cookie is called “first party”. Otherwise, it’s called a “third party” cookie. “Session” cookies are automatically deleted when you close your browser, while “persistent” cookies remain stored until their expiration date. “Technical” cookies make it possible to browse the web and provide the services requested by the user. “Analytical-statistical” cookies are similar to technical cookies when they are used directly by the site to collect information, in aggregate form, on the number of users and how they interact with the site. “Profiling” cookies are third-party cookies used to profile you based on your online behaviour for the purpose of presenting you with advertisements that are more relevant to you.

  What cookies does the platform implement? The platform first implements first-party technical cookies in order to customize the configuration of the platform, keep navigation active, manage electronic transactions, ensure security, as well as for the purposes of system administration. Secondly, it implements a third-party analytic-statistical cookie (Google Analytics) in order to analyse the use of the platform by users and the flow of traffic, both for the purpose of optimizing the offer of products and services, and to improve the usability of the site. Google’s analytical – statistical cookie is managed in “masked” mode, in the sense that the last octet of your IP address (v4), respectively the last 80 bits of the IP address (v6), is set to “zero”. Your IP address is masked as soon as the data is received by the Analytics collection network, before any storage or processing takes place.

  List of active cookies, purpose and duration.

  The platform implements the following cookies.

  1. First-party cookies:
  • wp_wpfileupload_0

  Type: Technician

  Purposes: Contains a unique ID that allows the user to be identified.

  Duration: 48 hours

  Necessity for the use of the Site: necessary for uploading files via the website (C.V.)

   

  • cookieconsent_status

  Type: Technician

  Purposes: Record privacy consent options

  Duration: 365 hiotni

  Necessity for the use of the Site: It allows you to store the options for consent to the use of necessary cookies or statistics

   

  1. Third party:

   

  Third-party analytical cookies (pseudonymised)

  • Provider: Google Inc.
  • Product: Google Analytics
  • Names: _ga
  • Type: Analytical – statistical
  • Purpose: Distinguish users by assigning them a random number
  • Duration: 2 years
  • IP Masking: YES
  • Opting-out: link
  • Needed in order to be able to use the Site: NO

  Provider’s terms and privacy policy: link

• Possibility of deactivation or deletion, technical consequences. The platform offers you the possibility, through the cookie management plug-in on the “home-page” of the Site, to freely choose which cookies to authorize and which to refuse. You also have the option to deny consent to unnecessary cookies (in particular, Google’s analytic-statistical cookie), keeping technical cookies active.

  You also have the option of setting your browser to inform you about the receipt of cookies or to refuse cookies (generally or by type of cookie or even by site of origin). The general refusing of cookies, since it also applies to technical cookies, can result in serious limitations in the use of the platform (in particular the site). You can manually delete cookies from your browser’s memory, as well as set your browser to automatically delete cookies when you close the program (recommended option).

  By default, browsers generally accept cookies. Instructions for disabling or deleting cookies can be found on the website of your browser’s developer: Microsoft Internet Explorer and Edge; Google Chrome; Apple Safari; Mozilla Firefox and Opera.

  There are other ways to reduce the risk of online tracking (to be used cumulatively):

  • activate the option DoNotTrack on your browser (if available);
  • use the “private” or “anonymous” browsing feature of your browser (if available), which prevents cookies from being stored after browsing;
  • install “privacy plug-ins” on your browser such as, for example, uBlock Origin, Privacy Badger or Ghostery;
  • exercise your right to be excluded from interest-based advertising schemes (for example: DAA Consumer Opt-Out Page; NAI Consumer Opt-Out Page).
    

•  What are social media “plug-ins” and “widgets”? Social plug-ins are small optional software that connect sites to social media to allow you to easily interact with content you find online (for example: “Like” or “Share” on Facebook). Social plug-ins include so-called “widgets”, graphical command elements that are inserted into the corresponding sections of the site to allow you to access the features of the social plug-in. With a simple click on the widget, you are able, for example, to spread content on your favourite social media. If you enable the social plug-in, your browser makes a direct connection to the social plug-in provider’s servers (for example Facebook). For this reason, certain personal information, such as your IP address and the pages you visited, is transmitted to the social plug-in provider. This occurs even if you are not a registered social media user. If you are a registered user, social media is able to associate the content visited with your personal profile. The information published on social media is shown to your contacts or made public (in the case of a public profile).

  List of active social media plug-ins, provider, policy on the processing of personal data: the platform currently DOES NOT implement social media plug-ins.

  In fact, we have included simple graphic elements / links that refer to our social profiles, and better (the links below refer to available English versions of the documents (either US or GB): for the policy relevant to you, please select at destination your language and country of residency):

  • Facebook; data protection and privacy policy: privacy policy; cookies
  • LinkedIN; data protection and privacy policy: privacy policy; cookie policy
  • YouTube: data protection and privacy policy: link; Questions and Answers
  • Instagram: data protection and privacy policy: privacy policy; cooki

We have no control over the processing of personal data carried out independently by third parties (in relation to Astes4), so we do not carry out any verification, nor do we assume any responsibility in this regard. It is your duty to inquire about the processing carried out by such third parties before purchasing goods or services, visiting sites, using applications or devices.

As an example, you leave the Astes4 digital platform whenever:

1. you email us or connect to the internet;
2. you visit web pages outside the “ch” domain.

Under the conditions established by law, we grant you in particular the following rights (this is not an exhaustive list):

• to obtain the correction of inaccurate or obsolete personal data:
• to be informed in writing and free of charge if personal data concerning you is processed;
• to withdraw the consent to the processing of data that you have previously given;
• to prevent the communication of personal data worthy of particular protection to third parties;
• to express your opinion on an automated individual decision or request that it be reviewed by a natural person;
• to obtain the delivery of your personal data or require its transmission to third parties;
• to request that the processing of data be blocked, that it be prevented from being communicated to third parties or that personal data be corrected or destroyed;
• to request that a certain processing of personal data be prohibited, that a certain communication of personal data to third parties be prohibited or that personal data be deleted or destroyed;
• if neither the accuracy nor the inaccuracy of the personal data can be proved, to request that a note be added to the data that observes its disputed nature;
• to request that the correction, destruction, blocking, in particular of communication to third parties, as well as the mention of the disputed nature or ruling, be communicated to third parties or published;
• to establish the illegality of a processing of personal data.

Legitimacy and exercise. If you intend to exercise your rights, you must do so in writing by means of a reasoned request to be sent by ordinary mail or e-mail, attaching the necessary supporting documents, in addition to proof of your identity. It is in fact our duty to strictly verify that requests for access to data come from right-holders and not from unauthorised third parties.

Execution time. We comply with your request without delay but, in any case, except in exceptional circumstances, within 30 days of receipt of the request complete with all the information necessary for making judgement.

In order to promote transparency and a trusting relationship with users, we have appointed an internal contact person for data protection, whose task is to advise astes4 on the regime applicable to data, to conduct regular checks, respond to requests for information and follow up on the exercise of users’ rights.

You can contact the internal contact person for data protection by ordinary mail at the following address: Internal Data Protection Officer, c/o Astes4 SA, Via Passeggiata 3A, 6828 Balerna.

Alternatively, you can send a message via email to privacy@astes4.ch or telephone +41 91 6829320.