RE: Privacy Notice in compliance with the duty to inform set forth under articles 2.4 and 14 of the Swiss Federal Data Protection Act (DPA) dated 19 June 1992, and under article 13 of the EU General Data Protection Regulation 2016/679.
Articles 2.4 and 14 of the Swiss Federal Data Protection Act dated 19 June 1992 (henceforth “DPA”), and article 13 of the EU General Data Protection Regulation 2016/679, (henceforth “GDPR 2016/679”) specify the regulations concerning the protection of natural persons and other subjects with regard to the processing of personal Data. This Privacy Notice has the purpose to inform you that your personal information is collected and processed in compliance with the above mentioned regulations and with the obligations of confidentiality GO Swiss Power SA, Paradiso, is subject to.
1. Data Controller
The data controller in respect of your personal information is GO Swiss Power SA, a company subject to Swiss Law, with legal headquarters in via delle Scuole 8, 6900 Paradiso, represented by Sole Administrator Mrs Vanessa Bandini.
2. Data Protection Officer (DPO)
The data protection officer (DPO) is Mr Niccolò Pasquale, Trader, resident in Via delle Scuole 8, 6900 Paradiso (tel. +41 91 980 45 64, email@example.com), acting for GO Swiss Power SA, Via delle Scuole 8, 6900 Paradiso.
3. Categories of personal data we may collect and hold
The data processed pertain to two main categories:
- Accounting and administrative data (including, but not limited to, invoices, signed contracts or contract templates, proof of payments or of bank deposits, etc.);
- technical and operational data (including, but not limited to, orders for certain amounts of energy and gas based on pre-set models, energy audits requested by a client, etc.).
Use of your information
We are legally required to collect your data in accordance with the requirements of the current legislation. Specifically, all energy transactions carried out in Europe must be reported to the national TSOs (entities entrusted with the management and maintenance of power lines) and to the national or European energy markets. The technical-operational documentation collected is therefore necessary to implement the aforementioned reporting, also known as “REMIT reporting”. All energy audits requested by a client may be shared with external providers or consumers to find the most suitable conditions and advantages in terms of rates and service. The accounting and administrative data contribute to a smooth exchange of information and to reveal a client’s potential credit or debt exposure. The latter applies especially in those cases where a flexible daily trading system is used, so that the settlement activities are continuous. Administrative data are mandatorily shared with a number of institutional bodies, including Swiss cantonal tax offices, national authorities and national energy markets.
5. Data storage and processing
Your data will be processed in manual and/or automated form, in compliance with article 32 of GDPR 2016/679, by officers specially appointed, and in compliance with article 29 of GDPR 2016/679.
Please notice that, in compliance with the principles of lawfulness, purpose limitation, and data minimization, and with article 5 of GDPR 2016/679, subject to your free and explicit consent expressed at the bottom of the present notice, your information will be kept for no longer than is necessary for the purposes for which the personal data are collected and processed: specifically, your data will be kept on the portal for 1 (one) year, and will be stored in the company’s archives for at least 5 (five) years.
6. Disclosure to and use by third parties
We will never disclose or share your personal data without your explicit consent, unless required to do so by law. We may be legally required to share your personal information with government authorities, law enforcement, public bodies, consultants, or other subjects. In compliance with the current regulation, your Data may (and in some cases must) be shared with the following recipients:
- Swiss or European authorities
- Swiss or European energy markets
- Swiss or European TSOs
- Potential suppliers (other traders, wholesalers, and owners of energy plants)
- Potential clients (Power sales companies and businesses, other resellers).
7. Data storage and transfers to third countries
Your personal data will be stored on servers located within Switzerland and the European Union (EU), and will never be transferred to third countries outside the EU.
8. Special Categories of Data
In accordance with Articles 26 and 27 of Legislative Decree 196/2003 and with Articles 9 and 10 of GDPR 2016/679, you might provide the data controller with “special category data”, meaning data that reveal “racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation”. Special category data will be processed subject to Your free and explicit consent, expressed in written form at the bottom of the present notice.
9. Automated decision making and profiling.
GO Swiss Powe SA, Paradiso, does not use automated decision making and profiling, in compliance with article 22.1 and 22.4 of GDPR 679/2016. We use authentication Cookies and Google Analytics tools.
10. Your rights
In accordance with Articles 5 and 8 of DPA, and Articles 15-22 of GDPR 2016/679, you have a number of rights you may exercise at any time, including:
- the right to obtain confirmation as to whether or not personal data concerning you exist
- the right to obtain information about: the purposes for processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed and, where possible, the envisaged period for which the personal data will be stored;
- the right to correct your data or withdraw your consent;
- the right to obtain restriction of processing, with the sole exception being the exchange of information with public bodies, in that the latter is mandatory and necessary to the correct functioning of the electric system;
- the right to data portability, that is the right to obtain from the Data Controller a copy of the personal data undergoing processing, in a structured, commonly used and machine-readable format and to transmit those data to a third party;
- the right to object to the processing of your personal data, with the sole exception being the exchange of information with public bodies, in that the latter is mandatory and necessary to the functioning of the electric system;
- the right to request from the controller access to, rectification of, or erasure of your personal data, or restriction of processing of personal data concerning you, or to object to such processing, in addition to the right to data portability, with the sole limitations being those referred to in paragraphs d. and f.;
- the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing of data carried out before you withdrew your consent.
- The right to lodge a complaint with a supervisory authority.