DATA PROTECTION AND PRIVACY POLICY FOR CLIENTS
Preamble
This Policy aims to inform clients of MyGift Sàrl (hereinafter also: the Company) about their rights and obligations regarding the protection of personal data.
Chapter 1 – General Provisions
Article 1 – Purpose
This Policy aims to protect the personality and fundamental rights of natural persons whose personal data is processed by the Company.
Article 2 – Definitions
The following definitions apply:
- Personal data: all information concerning an identified or identifiable natural person.
- Data subject: the natural person whose personal data is being processed.
- Client: any natural person using the services of MyGift Sàrl.
- Client company: any company using the services of MyGift Sàrl.
- Sensitive personal data:
- Data on religious, philosophical, political, or union opinions or activities.
- Data on health, intimate sphere, or racial or ethnic origin.
- Genetic data.
- Biometric data uniquely identifying a natural person.
- Data on criminal or administrative prosecutions or sanctions.
- Data on social assistance measures.
Article 3 – Scope of Application
This Policy applies to the processing of personal data held by the Company.
The European General Data Protection Regulation (GDPR) applies if the conditions of Art. 3 GDPR are met.
Chapter 2 – Consent of Data Subjects
Article 4 – Client Consent
The Client consents to the processing of their personal data when placing an order for products or services with the Company.
Any client company using the services of MyGift Sàrl and providing personal or sensitive data acknowledges that this data was collected in compliance with its legal obligations. The client company also confirms that it has obtained the consent of the data subjects for MyGift Sàrl to process this data when an order for products or services is placed.
This consent, as well as that of the Client, is deemed express and voluntary, including for the processing of sensitive data.
Subject to legal exceptions, the Client may revoke their consent to the processing of their data at any time without justification.
Chapter 3 – Data Processing
Article 5 – Data Collected
In the context of the contractual relationship with the data subject, the Company may collect the following data:
- Name, first name, date of birth, postal or email address, phone number, profession, employer, bank details, and any other such data at the beginning of the contractual relationship (e.g., first contact, client file opening, etc.).
- Any information transmitted in the course of executing the order for products or services.
The Company strives to collect only the data necessary for the proper execution of the contract.
Article 6 – Data Processing Purposes
The processing of personal or sensitive data aims to:
- Communicate with the Client or the client company.
- Ensure the proper execution of the order for products or services and work relationships.
- Fulfill the legal obligations to which the Company cannot be exempt.
Article 7 – Data Sharing
In performing its duties, the Company may need to share the data of the data subject with:
- Its IT service providers.
- Its external service providers.
- Various authorities in fulfilling its legal or regulatory obligations.
The Client and the client company already agree that the Company may use any necessary software, communication channels, or billing software to transmit personal or sensitive data to the aforementioned parties.
The Client releases the Company from any liability for issues that may arise from the use of postal and electronic correspondence.
Article 8 – International Data Transfer
Personal and sensitive data is only processed in Switzerland and is not transferred abroad.
Article 9 – Data Retention
The Company retains personal data only as long as necessary to achieve the purposes for which it was collected, to meet the needs of the data subjects, or to fulfill its legal obligations.
Chapter 4 – Rights of the Data Subject
Article 10 – Right to Information
The data subject may, at any time, request information and access to their personal and sensitive data by sending a written request to the Company.
Article 11 – Right to Rectification
The data subject may, at any time, request the correction of their inaccurate or incomplete data by writing to the Company. The request can be made by email with a read receipt or by mail with a return receipt.
Article 12 – Right to Deletion
For data not subject to a legal retention obligation, the data subject may request in writing that the Company delete it.
Chapter 5 – Data Controller Obligations
Article 13 – Technical and Organizational Measures
The Company commits to taking technical and organizational measures to best protect the data of the data subject.
Article 14 – Controls and Training
The Company conducts checks as necessary to ensure data security is not compromised.
If necessary, the Company establishes internal or external reports to detect potential breaches and propose improvement measures.
The Company makes its employees aware of data protection issues and the measures to adopt to enhance protection in data processing.
Article 15 – Communications
The Company commits to making necessary communications to the data subjects and the Federal Data Protection and Information Commissioner if circumstances require.
Chapter 6 – Final Provisions
Article 16 – Updates
This Policy may be regularly updated by the Company. The Client agrees to consult it regularly.
Article 17 – Effective Date
This Policy, adopted by the Company, takes effect on 01.09.2023.