DATA PROTECTION AND PRIVACY CHARTER

FOR CLIENTS

Preamble

The purpose of this Charter is to inform clients of MyGift Sàrl (hereinafter also: the Company) of their rights and obligations regarding the protection of personal data.

Chapter 1 – General Provisions

Article 1 – Purpose

This Charter aims to protect the personality and fundamental rights of natural persons whose personal data are processed by the Company.

Article 2 – Definitions

The following terms are defined as:

  • Personal data: all information concerning an identified or identifiable natural person.
  • Data subject: the natural person whose personal data are being processed;
    • Client: any natural person who uses the services of MyGift Sàrl;
  • Client company: any company that uses the services of MyGift Sàrl;
  • Sensitive personal data:
    • data on religious, philosophical, political, or trade union opinions or activities;
    • data on health, private life, or racial or ethnic origin;
    • genetic data;
    • biometric data uniquely identifying a natural person;
    • data on criminal or administrative proceedings or sanctions;
    • data on social assistance measures.

Article 3 – Material and Territorial Scope

This Charter applies to the processing of personal data held by the Company.

The European General Data Protection Regulation (GDPR) applies if the conditions of Article 3 GDPR are met.

Chapter 2 – Consent of Data Subjects

Article 4 – Client Consent

The Client consents to the processing of Personal data concerning them when they place an order for products or services with the Company.

Any Client company that uses the services of MyGift Sàrl and communicates Personal or Sensitive data to it acknowledges that such data have been collected in accordance with its legal obligations. The Client company further confirms that it has obtained the consent of the data subjects for MyGift Sàrl to process such data when an order for products or services is placed with it.

This consent, like that of the Client, is deemed express and voluntary, including for the processing of Sensitive data.

Subject to legal exceptions, the Client may at any time and without justification revoke their consent to the processing of their data.

Chapter 3 – Data Processing

Article 5 – Data Collected

In the context of the contractual relationship with the Data subject, the Company may collect the following data:

  • surname, first name, date of birth, postal or email address, telephone, profession, employer, bank details, and any other such data at the beginning of the contractual relationship (e.g., first contact, opening of Client file, etc.);
  • any information transmitted in the context of fulfilling the order for products or services.

The Company strives at all times to collect only the data necessary for the proper performance of the contract.

Article 6 – Data Processing

The processing of personal or sensitive data has the following objectives:

  • to communicate with the Client or Client company;
  • to ensure the proper fulfillment of the order for products or services as well as working relationships;
  • to fulfill the legal obligations from which the Company cannot be exempted.

Article 7 – Data Sharing

In the performance of its tasks, the Company may share the data of the Data subject, in particular with the following persons:

  • its IT service providers;
  • its external service providers;
  • the various authorities in the performance of its legal or regulatory obligations.

The Client and the Client company hereby accept that the Company uses, in a non-exhaustive manner, any computer program useful to its activity, any communication channel, any invoicing software to transmit personal or sensitive data concerning them to the aforementioned persons.

The Client releases the Company from any liability for problems that may arise due to the use of postal and electronic correspondence.

Article 8 – Transfer Abroad

Personal and Sensitive data are only processed in Switzerland and are not transferred abroad.

Article 9 – Data Retention

The Company retains personal data only for as long as necessary to achieve the purposes for which they were collected, to meet the needs of the Data subjects, or to fulfill its legal obligations.

Chapter 4 – Rights of the Data Subject

Article 10 – Right to Information

The Data subject may, at any time, request information and access to their Personal and Sensitive data by submitting a written request to the Company.

Article 11 – Right to Rectification

The Data subject may, at any time, request the rectification of their inaccurate or incomplete data by writing to the Company. The request may be made by email with read receipt or by mail with acknowledgment of receipt.

Article 12 – Right to Deletion

For all data not subject to a legal retention obligation, the Data subject may, upon written request, require the Company to delete them.

Chapter 5 – Obligations of the Data Controller

Article 13 – Technical and Organizational Measures

The Company undertakes to implement technical and organizational measures to best protect the data of the Data subject.

Article 14 – Audits and Training

The Company conducts audits as necessary to verify that the security of the processed data is not compromised.

If necessary, the Company commissions internal or external reports to detect potential vulnerabilities and propose improvement measures.

The Company makes its Employees aware of data protection issues and the measures to be adopted to improve protection in the processing of such data.

Article 15 – Communications

The Company undertakes to make the necessary communications to the Data subjects as well as to the Federal Data Protection Commissioner if circumstances require it.

Chapter 6 – Final Provisions

Article 16 – Updates

This Charter may be regularly updated by the Company. The Client undertakes to consult it regularly.

Article 17 – Entry into Force

This Charter adopted by the Company enters into force on September 1, 2023.