All personal data provided to SECURITY LAB SA and SECURITY LAB ADVISORY SAGL are processed under theFederal Data Protection Act (FDPA), under the General Data ProtectionRegulation (EU) 2016/679 of the European Parliament, and in compliance with the principles of correctness, lawfulness, transparency, purpose limitation and conservation, minimization and accuracy, and protection of integrity and confidentiality.
This policy is intended for www.sec-lab.com and all of its subdomains (hereinafter “Website”).
Data Controllers are SECURITY LAB SA and SECURITY LAB ADVISORY SAGL (Sec-Lab).
For any further information on the processing of personal data or to exercise your rights, you can contact us:
by sending a written request to:
Security Lab SA o Security Lab Advisory Sagl
Corso Enrico Pestalozzi 21A, 6900 - Lugano Switzerland
01. Personal Data and Processing
Personal data means any information relating to an identified or identifiablenatural person; an identifiable natural person can be identified, directly orindirectly, in particular by reference to an identifier such as, for example, aname, an identification number, location data or an online identifier.
Processing means any operation which is performed on personal data,whether or not by automated means, such as collection, recording, organisation,structuring, storage, consultation, erasure or destruction, etc.
02. Personal Data we collect about you
- Browsing Data
The IT systems and software procedures for the operation of the website acquire, during normal operation, some personal data the transmission of which is implicit in the use of Internet communication protocols. This is information is not collected to be associated with identified parties concerned, but that by its very nature could, through processing and association with data held by third parties, allow identifying users. This category of data includes the IP addresses or domain names of computers used by users connecting to the website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are only used to obtain anonymous, statistical information regarding website use, to verify its correct operation, to identify anomalies and/or abuses, and are deleted immediately after processing. The data could be used to ascertain liability in case of hypothetical computer crimes against the Data Controller or third parties.
- Data provided voluntarily by the User
- The optional, explicit and voluntary sending of e-mails to the addresses indicated on this website involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.
- User data is collected by the Data Controller when filling in a form (hereinafter referred to as "form"). The form requires the entry of the following personal data: name, telephone, email.
- In the event of interest in one of the job positions indicated in the Career section, should the User send the CV via email as an attached file, Sec-Lab reminds theUser that, should the same wish to make known to the company information relating to his/her person falling within the scope of the sensitive personal data, such data may be processed only if the User has indicated his/her explicit consent in the copy of the cv attached to the email. In any case, Sec-Lab invites the User not to indicate any sensitive personal data, except those that are deemed by the same absolutely essential in order to allow an adequate evaluation of your application.
User’s personal data will be processed for the following purposes:
- Respond to a request from theUser providing general information on services offered by Sec-Lab;
- Update and inform the User about the status of the application process for job offering in the Career section;
- Send the user any communication/information about the service;
- Fulfil the obligations established by law, by a regulation, and satisfy requests from the competent authority;
- Exercise by the Controller of the right of defense (extrajudicial, judicial);
- Send to the User who has filled in the Newsletter Form and given his consent, communications relating to services, events, courses of Sec-Lab, as well as commercial, advertising and informative (marketing) communications. In this case, the User may revoke the consent given at any time by clicking on the appropriate "unsubscribe" link at the bottom of the newsletter.
04. Legal basis
Each treatment is justified by one of the following legal bases:
- The processing is necessary to execute the requests from the User. In this case, the provision of data is mandatory;
- The processing is necessary to fulfil a legal obligation. In this case, the provision of data is mandatory;
- The processing is necessary for the purposes of the legitimate interests pursued by the Data Controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the User which require protection of personal data. In this case, the provision of data is optional.
05. Disclosureof User’s personal data to third parties
As part of Sec-Lab’s activity and for the purposes specified above, the User's personal data may be shared with:
- AppointedData Processors who provide specific processing activities or services on behalf of the Data Controller and under its instructions. The User may, at anytime, request the updated list of the Data Processors;
- Companies/AssociationsPartners of the Controller (e.g. AITI, ATED ICT TICINO);
- DataControllers to whom the data could be communicated pursuant to legal provisions or orders of the Authorities, or e.g. to execute payments (banks); to allow theData Controller to exercise its rights (law firm); etc.
- Subjects authorized by the Data Controller to process the personal data necessary to perform activities strictly related to the provision of services and who have assumed an appropriate legal and contractual obligation of confidentiality (e.g.employees and/or collaborators of the Data Controller).
We don’t sell or otherwise disclose User's personal data to third parties.
06. Storing User’s personal data
All personal data are stored electronically on servers located in Switzerland.
However, if it will be necessary, the Data Controller will have the right to transfer the data even outside the Switzerland. In such a case, theData Controller ensures from now on that the data transfer will take place in accordance with the applicable law and regulations.
07. Retention of User’s personal data
The User's personal data are retained in compliance with applicable regulations for the period of time necessary to achieve the purpose for which they were collected; in particular, for the purposes of handling the User's requests for a period not exceeding 12 months after receipt of the request, unless the User purchases a service from Sec-Lab.
The CV and the information related to the application are kept for 24months from the receiving of the CV.
When processing is based on the User's consent, personal data are retained until that consent is revoked.
08. Children and Personal Data
An individual under the age of 16 should not give information or personal data to the Controller in the absence of the consent of the persons exercising parental responsibility over them. In the absence of such consent, it will not be possible for the child to send requests through the website.
Sec-Lab takes children's privacy seriously. It therefore urges all those who exercise parental responsibility over children to inform them about the safe and responsible use of the Internet and the Web
09. Rights of the data subject
The User has the right to obtain the confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, the User can exercise the following rights:
- right to access to the personal data and the following information: the purposes of the processing; the recipients to whom the personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored; the envisaged consequences of the processing based on profiling
- right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal
- the right to obtain the rectification of inaccurate personal data concerning him or her
- right to obtain the erasure of personal data concerning him or her, if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, the User withdrew his or her consent on which the processing is based or the personal data have been unlawfully processed
- right to restrict processing, if provided by applicable law
- right to receive the personal data concerning him or her, which the User has provided in a structured, commonly used and machine-readable format and has the right to transmit those data to another Data Controller without hindrance from Sec-Lab (if provided by applicable law)
- right to object to the processing of personal data concerning him or her. Specifically, the User has the right not to be subject to a decision based solely on automated processing, including profiling
- right to lodge a complaint with a supervisory authority, if the User considers that the processing of personal data relating to him or her infringes the applicable law.
The User may exercise his or her rights freely and at any time using the contact details provided in the paragraph “INTRODUCTION” or contacting the Federal DataProtection and Information Commissioner.
10. Automated decision making
The User is not subject to decisions based solely on automated processing.