Privacy policy

In this document, we will provide you with all necessary information on the processing of personal data that you provide by visiting this website, as provided for by the Federal Data Protection Act (“DPA”), other applicable data protection provisions of Swiss law and European Union legislation, in particular EU Regulation 2016/679 (“GDPR”).
This information refers only to the processing of data provided by browsing this website; it does not concern third-party websites available through links contained in this website.

SUMMARY

Definitions
Who processes your personal data?
Which types of data are processed?
For what purposes do we process your data? What is the legal basis for processing and the nature of the provision of data?
Our data retention policy
How do we process personal data?
To whom may we disclose the personal data collected?
Transfer of data
Rights of the data subject and how to exercise them
Updates of the privacy policy

1. DEFINITIONS

According to the GDPR, “personal data” means any information relating to an identified or identifiable natural person (the data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Data controller” (hereinafter referred to as the “Controller”) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

“Recipient” means a natural or legal person, public authority, agency or other body, to which the personal data are disclosed, whether a third party or not.

2. WHO PROCESSES YOUR PERSONAL DATA?

The data provided by browsing this website are processed by Goldberg Capital Partners, with registered office at Etzelstrasse 31, CH- 8038 Zurich, as Controller.

For further information about the processing of your personal data, you can contact the Controller by sending an e-mail to info@goldberg-capital.ch, or by post, using the Goldberg Capital Partners’ address above.

3. WHICH TYPES OF DATA ARE PROCESSED?

A) Browsing data
When you visit our website, our servers temporarily save each access in a log file. This information is not collected to be associated with identified data subjects, but they could allow the identification of data subjects if processed and associated with data held by third parties. Technical data such as the following are saved until they are automatically deleted:

IP address
Ownership of the range of IP address
Date and time of access to the website
Referrer URL
Name and URL of recovered files
Status code (e.g., error messages)
Operating system of your computer
Browser (type, version, and language)
Transmission protocol used and, if applicable, username for registrations/authentications.

B) Cookies
Cookies are pieces of information that are placed on your browser when you visit a website. For further information please read our cookie policy.

C) Data voluntarily submitted by the user
In addition to what is specified above with respect to browsing data and cookies, you may provide personal data voluntarily when browsing this website.
For example, this may be the case if you contact the Controller via phone, e-mail, or post. This will result in the collection of data and information shared with the Controller.
In all these cases, we ask you not to share special categories of personal data pursuant to article 9 of the GDPR (such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, data concerning health, etc.).

4. FOR WHAT PURPOSES DO WE PROCESS YOUR DATA? WHAT IS THE LEGAL BASIS FOR PROCESSING AND THE NATURE OF THE PROVISION OF DATA?

We collect and process browsing data to obtain anonymous statistical information about the use of the website to provide appropriate content and to check that the website is working correctly. These data may also be used to assess liability in the event of cybercrimes against the website, attacks on the network infrastructure or other unauthorised or abusive use of the website. The provision of these data is necessary and the legal basis for their processing lies in our overriding private interest within the meaning of article 13 par. 1 DPA, i.e., in our legitimate interest according to article 6 par. 1 let. f) of the GDPR.

The purposes of the processing of data carried out through cookies are thoroughly described in the cookie policy. The provision of data collected through technical cookies is necessary, while it is optional in the other cases. The legal basis for the processing of data collected through technical cookies lies in our overriding private interest within the meaning of article 13 par. 1 DPA, i.e., in our legitimate interest according to article 6 par. 1 let. f) of the GDPR to ensure the functionality of our website; in case of installation of other types of cookies, the basis for the processing of your personal data is the consent you provide through the cookie banner.

Data submitted voluntarily by the user are processed to reply to your requests. The Controller will provide you with specific further information if other purposes of the processing were to emerge. The provision of these data is optional, but the refusal to provide your data, in whole or in part, may result in the impossibility for the Controller to process your requests. The legal basis for the processing of data lies in consent, according to article 13 par. 1 DPA and article 6 par. 1 let. a) of the GDPR.

Further information
All data provided when browsing the website may be processed, for example, to exercise legitimate interests of the Controller (e.g., to prevent abuse or fraud, to establish, exercise or defend a legal claim) or to comply with legal obligations, according to article 6 par.1, let. c) and let. f) of the GDPR.

5. OUR DATA RETENTION POLICY

In accordance with the principles of privacy law, we process personal data only for the time strictly necessary to fulfil the purposes for which they are collected. As far as browsing data are concerned, these will be stored for a maximum period of 30 day. All information about data retention periods of cookies is available in the cookie policy.

Personal data voluntarily submitted by the user will be stored for the time strictly necessary to process the request, unless a subsequent, further purpose for processing emerges. In the event that the processing should become necessary to exercise further legitimate interests of the Controller (e.g., to prevent abuse or fraud, to establish, exercise or defend a legal claim) or to comply with legal obligations, the retention might have a different duration, depending on the applicable law.

Once the aforementioned reasons for processing have ceased to apply, the data will be deleted, destroyed or stored anonymously.

6. HOW DO WE PROCESS PERSONAL DATA?

We process personal data mainly electronically, with the adoption of appropriate security measures, to prevent any violation of personal data. However, we recommend that you periodically check that you are equipped with adequate software devices, to protect incoming and outbound network data transfer (such as updated antivirus systems) and that your Internet service provider has adopted adequate measures for the security of network data transfer (such as firewalls and spam filters).

7. TO WHOM MAY WE DISCLOSE THE PERSONAL DATA COLLECTED?

Your data will not be disclosed to third parties, unless it is essential and only to the extent strictly necessary to achieve the purposes of the processing, as specified above. Thus, your personal data may be shared with: (i) Goldberg’s internal staff, duly authorised to process personal data; (ii) contractors, such as third-party technical service providers, hosting providers, IT technicians and consultants, from time to time appointed, if necessary, as processors according to articles 28 et seq. of the GDPR; (iii) persons to whom the right to access the data is granted by law, regulations, or orders.

8. TRANSFER OF DATA

Your personal data will be processed in Switzerland, or in any case within the territory of the European Union. Otherwise, the transfer will be carried out in accordance with article 6 DPA and with Chapter V of the GDPR, e.g., according to standard data protection clauses adopted by the European Commission or by carrying out the transfer in countries that have adopted adequate data protection standards.

9. RIGHTS OF THE DATA SUBJECT AND HOW TO EXERCISE THEM

The GDPR sets forth important rights for data subjects. For a better understanding of your rights under the data protection law, we invite you to read articles 15 et seq. of the GDPR in full. For your convenience, an excerpt of these provisions is provided below.

Right of access (article 15 of the GDPR): the data subject shall have the right to obtain confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, access to the personal data and further information regarding the processing.
Right to rectification (article 16 of the GDPR): the data subject shall have the right to obtain the rectification or the completion of inaccurate or incomplete personal data.
Right to erasure (“right to be forgotten”) (article 17 of the GDPR): the data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay, if (i) the data are no longer necessary in relation to the purposes for which they were collected, (ii) consent has been withdrawn and there is no other legal ground for the processing, (iii) the data subject has objected to the processing, (iv) the data have been unlawfully processed, or (v) the data have to be erased for compliance with a legal obligation.
Right to restriction of processing (article 18 of the GDPR): the data subject shall have the right to obtain restriction of processing of personal data where one of the following applies: (i) the data subject contests the accuracy of the personal data, for a period enabling the Controller to verify the accuracy of the data; (ii) the processing is unlawful and the data subject opposes the erasure of the data, requesting the restriction of their use instead; (iii) although the Controller no longer needs the personal data for the purposes of the processing, they are required by the data subject for the establishment, exercise or defence of legal claims; (iv) the data subject has objected to processing pursuant to article 21(1) of the GDPR, pending the verification whether the legitimate grounds of the Controller override those of the data subject.
Right to data portability (article 20 of the GDPR): the data subject shall have the right (i) to receive the personal data in a structured, commonly used, and machine-readable format, (ii) to have the personal data transmitted directly from the Controller to another controller, where technically feasible and (iii) to transmit the personal data to another controller without hindrance from the Controller.
Right to object (article 21 of the GDPR): the data subject shall have the right to object, on grounds relating to his or her particular situation, at any moment to processing of personal data concerning him or her which is based on the legitimate interest of the Controller, including profiling, or on the performance of a task carried out in the public interest or in the exercise of official authority, unless there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Right not to be subject to automated decision-making, including profiling (article 22 of the GDPR): the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, when the decision is not based on the data subject’s prior and explicit consent, as provided for in article 22 of the GDPR.
Right to withdraw consent (article 7(3) of the GDPR): the data subject shall have the right to withdraw his or her consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

In order to exercise these rights, you may address a request to the Controller, via e-mail or regular mail, to the contact details indicated above in this privacy policy.

Lasty, the data subject has the right to lodge a complaint with the supervisory authority, which in Italy is the Data Protection Authority (Garante per la Protezione dei Dati Personali) and in Switzerland is the Federal Data Protection and Information Commissioner (Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter | Preposé federal à la protection des données et à la transparence | Incaricato federale della protezione dei dati e della trasparenza).

10. UPDATES OF THE PRIVACY POLICY

This privacy policy may be subject to periodic updates. The Controller will highlight the updates through publication on the website.

Last edit: 29 September 2021