Internal data protection policy

Introduction

This Data Protection Policy (the “Policy”) is adopted by the Management of InsideZen Sàrl on 1 September 2023.

This Data Protection Policy explains how the Company collects data from data subjects. In addition, this policy describes what the company does with this data when people are in contact with our company as part of a contract or when they communicate with us in any other way.

Collection of data

In the course of its business, the company collects and processes the personal data of its customers and prospective customers, as well as of persons linked to them. Personal data is defined as information relating to an identified or identifiable natural person.

There are several types of data that may be processed by the company, in particular:

– Identification data (e.g. surname, first name, date of birth, gender, region of residence, identifier, access data, contract number, identity card/passport number, telephone number, e-mail address), authentication data (e.g. specimen signature, password).

– Contractual data (e.g. data relating to a product, service or request), data relating to family status.

– Professional data (professional contact details, professional activity, employers).

Source, consent, legitimate grounds

The personal data processed by the company comes directly from the person concerned and within the framework of the contractual relationship with the person (Consent of the declaring person).

The data held by us may also come from authorised third parties or by searching for information in public databases (e.g. commercial register, land register, research database, etc.).

Purpose of processing

The company processes your data for the conclusion, administration and performance of contractual relations. It may also process your data for security and statistical purposes.

Communication of personal data
Disclosure to third parties

Within the framework of its mandates and the performance of contracts, the company may communicate and exchange data with third parties, namely :

– third parties involved in the relationship or acting on behalf of the customer, such as an operator, service provider, supplier, craftsman or trader.

In order to guarantee a level of security that complies with the law, the company places its service providers under a contractual obligation to guarantee the confidentiality of the personal data they process and ensures that this obligation is respected.

Communication to the authorities

At the request of public, judicial or administrative authorities or regulatory or government bodies, personal data may be transferred to them. A legal basis or decision will always justify such a transfer.

Data security and confidentiality

The company collects and processes personal data in accordance with the Data Protection Act and is subject to confidentiality obligations arising from its field of activity.

Data retention

The period for which personal data is retained depends on the applicable legal and regulatory retention period, as well as the purpose for which the personal data is processed. As a general rule, the company retains personal data for a period of 10 years from the end of the business relationship. A longer retention period may be justified in certain situations.

Individual rights

All data subjects have the following rights in relation to their personal data, within the limits of the applicable regulations, in particular in the event of legal restrictions, overriding interests of third parties or abusive requests:

– the right to access personal data;

– the right to rectify inaccurate or incomplete personal data;

– the right to object to the processing of personal data and/or to request that the processing of personal data be restricted;

– right to request their deletion. However, the right to deletion is not absolute and may be restricted on the basis of overriding interests that require the continued processing of personal data.

Any person concerned may exercise the aforementioned rights by writing to the company at the address below. The request must be signed and accompanied by a copy of the data subject’s identity document.

Contact

The company is responsible for processing data in accordance with this Data Protection Policy, unless otherwise required by law.

You can contact InsideZen for data protection questions and to exercise your rights at the following address (postal and e-mail address):

InsideZen Sàrl Ms Laura Eleini Rue de Rive 6 1204 Geneva Tel: +41 79 755 55 11 Mail: laura@insidezen.ch

*********************************

Entry into force / amendments This Directive enters into force on 01.09.2023

This Directive was approved by Management on the date shown below. All amendments to the Directive are subject to the decision of the Management.

Geneva, 01.09.2023

InsideZen Sàrl