Privacy policy

This privacy policy (hereinafter, “Privacy Policy”) is provided to you (“You”) and relates to the processing of your personal data (“Personal Data”) carried out by:

in accordance with all applicable data protection legislation, including the Swiss Federal Act on Data Protection and the EU GDPR.

1. Identity and contact details of the Data Controller

The Data Controller is Hotel 3 Könige & Post AG.
Since the Data Controller is established in the territory of Switzerland, no representative (“Representative”) has been appointed, pursuant to Article 27 GDPR.

2. DPO contact information

The Data Controller has not appointed a Data Protection Officer (“DPO”) pursuant to Article 37 GDPR. The DPO can be contacted at the following address: info@postbyeliesaab.com

3. Purpose of processing and legal basis for processing

Your personal data will be processed:

1. For contractual purposes and/or related to the execution of pre-contractual measures taken at your specific request, as well as to fulfill any legal obligations related to these purposes, such as      to allow You to be contacted to evaluate the potential real estate purchase.
2. to send direct marketing communications, newsletters, advertising material, by means of traditional contact systems and automated IT systems, including commercial or promotional communications by email or SMS, or for market research and analysis. In this case, the legal basis is consent, expressed in accordance with this Privacy Policy;
3. for profiling purposes and, in particular, to provide You with personalized services. The legal basis for processing is your consent, expressed in accordance with current legislation and this Privacy Policy;
4. for purposes related to related legal obligations when processing is carried out for the purposes referred to in point (a). In this case, the legal basis is the legal obligation of the Data Controller to process such Personal Data in accordance with the applicable national law.

4. How to express Your consent

You may express consent by signing a paper, a computerized document, or by flagging specific flag boxes as made available by the Site.

5. Method and logic of processing

• Personal Data will be processed for the purposes under point a) number 3 of the Privacy Policy (contractual and pre-contractual purposes) by means of automated logic and CRM software, which will allow the best possible management of the contractual execution;
• Personal Data will be processed for the purposes under point b) number 3 of the Privacy Policy (marketing purposes) through software to send commercial information;
• Personal Data will be processed for the purposes under point c) number 3 (profiling) by means of CRM type software to determine your preferences in order to offer You personalized services and communications. For further details, see the next point of the Privacy Policy;
• Personal Data will be processed and stored for the purposes under paragraph d), number 3 (legal obligation) through paper tools, automated logic and CRM software to allow the best management of the fulfillment of legal obligations.

6. Automated decision making and profiling

If You consent to the Processing of your Personal Data to benefit from personalized services through profiling, your Personal Data may be subject to an automated decision-making process, with a specific algorithm that will decide which communications are best suited to your profile or which may be of most interest to You. The processing carried out in this way has, as expected consequences, by way of example, the sending of highly profiled commercial communications, the sending of discounts, the sending of invitations to events considered of interest, etc.

You have the right to:

• obtain human intervention in decision-making by the Data Controller;
• express your opinion;
• obtain an explanation of the decision reached by the Data Controller;
• challenge the decision.

7. Source from of Personal Data

The Data Controller will only process Personal Data in accordance with this Privacy Policy. Personal Data from publicly accessible sources will not be processed.

8. Recipients and possible categories of recipients of Personal Data

The following subjects may receive your Personal Data:

• Companies offering information society services, including, in particular, those offering hosting services;
• accounting firms;
• Data Controller’s partner companies;

9. Categories of Personal Data

The Data Controller may process the following categories of Personal Data:

• biographical data;  
• contact data.

10. Transfer of Personal Data

The Data Controller intends to transfer Personal Data to entities established in a country outside Switzerland, European Union or an international organization. Such entities could be represented, by way of example, by:

• Communications companies that perform communications activities on behalf of the Data Controller;
• Provider of communication society services;
• Controlled and/or controlling organizations;

Your personal data may be transferred outside Switzerland to the following countries: [Italy, U.S.A. and related legal basis for transfer, Italy and adequacy decision].
To obtain a copy of such data or the place where it has been made available, simply send the relevant request to the Data Controller, at the indicated addresses.
Pursuant to applicable law, the transfer of Personal Data to such entities is carried out in the presence of an adequacy decision, which has verified how the third country, the territory or one or more specific sectors within the third country, or the international organization in question guarantee an adequate level of protection of rights. In any case, the Data Controller - should the latter nevertheless deem it appropriate reserves the right to conclude specific separate agreements obliging such entities to adopt adequate security measures, including organizational measures, aimed at providing appropriate guarantees regarding rights.

11. Period of retention of Personal Data

• Period of retention of Personal Data
• The Personal Data processed and stored for the purposes referred to in point a) and d), number 3 (contractual and pre-contractual purposes and fulfillment of legal obligations) are processed and stored by the Data Controller in accordance with all applicable data protection law, however, for a period of time not exceeding 10 years from the cessation of the effects of the contract in case of conclusion of the same, unless otherwise required by law;
• The Personal Data processed for the purposes referred to in point b) number 3 of this statement (marketing purposes) are processed and stored by the Data Controller until You request their cancellation and / or revocation, as a Data Subject;
• Personal Data processed for the purposes set forth in point c) number 3 (preference determination purposes) are processed and stored by the Data Controller for a period of time not exceeding 12 months from collection.

12. Optionality of consent and consequences of non-consent

• In relation to Personal Data processed for the purposes set out in point a) number 3 of this policy (contractual and pre-contractual purposes), the communication of Personal Data is an obligation. If You do not communicate such Personal Data, no contract can be concluded.
• In relation to Personal Data processed for the purposes set out in point b) number 3 of this policy (marketing purposes), the disclosure of Personal Data is not a contractual obligation. You have the option to provide Personal Data. If You do not provide such Personal Data, the Data Controller will not be able to carry out any marketing activities.
• With respect to Personal Data processed for the purposes set forth in point c) number 3 of this Privacy Policy (profiling purposes), the disclosure of Personal Data is not a contractual obligation. You have the option to provide Personal Data. If You do not disclose such Personal Data, the Data Controller may not perform any profiling activities.
• In relation to Personal Data processed for the purposes set out in point d) number 3 of this policy (legal obligations), the disclosure of Personal Data is a legal obligation.

13. Data Subject’s rights: right to object

You, in the quality of “Data Subject”, have the right to object in the following terms:

• the right to object at any time, on grounds relating to your particular situation, to the processing of Personal Data concerning You in accordance with all applicable data protection law. The Data Controller will refrain from further processing your Personal Data, unless the Data Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims;
• when Personal Data is processed for direct marketing purposes, You have the right to object at any time to the processing of Personal Data relating to You carried out for such purposes, including profiling insofar as it is related to direct marketing;
• if You object to the processing of your Personal Data for direct marketing purposes, your Personal Data will no longer be processed for such purposes. You may object to the processing of your Personal Data for direct marketing purposes, even if only in part, for example by objecting to the sending of promotional communications by automated and/or digital means, or to the sending of paper communications and/or the receiving of telephone communications;
• where your Personal Data is processed for scientific or historical research purposes or for statistical purposes in accordance with all applicable data protection law, You have the right, on grounds relating to your particular situation, to object to the processing of Personal Data, unless the processing is necessary for the performance of a task carried out in the public interest.

14. Your other rights under all applicable data protection law

The Data Controller would also like to inform You of the existence of the following rights:

• Right of access: You have the right to obtain confirmation from the Data Controller that Personal Data concerning You is or is not being processed, and to access your Personal Data and specific information, in accordance with all applicable data protection law;
• Right of rectification: You have the right to obtain from the Data Controller the rectification of inaccurate Personal Data concerning You without undue delay. Taking into account the purposes of the processing, You have the right to obtain the integration of incomplete Personal Data, including by providing a supplementary declaration, in accordance with all applicable data protection law;
• Right to data erasure, including the right to withdraw consent: You have the right to obtain from the Data Controller the erasure of your Personal Data without undue delay or to withdraw your consent to the processing, in accordance with all applicable data protection law. You have the right to revoke your consent at any time, without affecting the lawfulness of the processing based on the consent You gave before revocation;
• Right to restriction of processing: You have the right to obtain from the Data Controller the restriction of processing, in accordance with all applicable data protection law;
• Right to data portability: You have the right to receive in a structured, commonly used and machine-readable format, your Personal Data provided to the Data Controller and You have the right to transmit it to another data controller without hindrance from the Data Controller, in accordance with all applicable data protection law;
• Contractor’s right to object to commercial communications: as a contracting party, You have the right to object at any time, free of charge, to receiving commercial communications from the Data Controller;
• Right to lodge a complaint with the Data Protection Authority: You have the right to lodge a complaint with the competent Data Protection Authority, to complain about a violation of the rules on the protection of Personal Data, in accordance with all applicable data protection law

15. How to exercise your rights

You may exercise the rights indicated in the Privacy Policy by addressing your requests directly to the Data Controller at the email address dpo@a2plus.green, or by sending the relative communication by registered mail with return receipt to the address Via San Gottardo, 53 – 6900 -Massagno - Switzerland.

You may lodge a complaint with your competent Data Protection Authority, in accordance with the terms of its official websites.

16. Accessibility of Privacy Policy

The information is accessible at the Data Controller's offices. If expressly requested, the information may also be provided orally, provided the identity of the requester is proven, by a telephone request addressed to the addresses of the Data Controller.

17. Changes 

The Data Controller may modify the Privacy Policy, also to comply with changes in national and/or European Union regulations, or technological innovations. Any new versions of the Privacy Policy will be posted on the Site. We encourage You to periodically check the Privacy Policy. Any changes will be communicated to You through a pop-up on the Site or by other means and/or computer tools.

If the Data Controller substantially modifies the Privacy Policy, providing for new processing purposes and/or categories of processed Personal Data, the Data Controller will inform You, requesting the necessary consents, by means of a pop-up on the Site or other methods and/or IT tools.