Privacy Notice
Website www.pow.space and related resources
Introduction | The purpose of this page (hereinafter, the “Notice”) is to inform the user of the processing of information that concerns them (hereinafter, “Personal Data”) carried out in relation to the use of the website www.pow.space (hereinafter, the “Website”), the social media profiles connected to it, and the contact resources (online forms, email, and phone number), as well as in the case of subscription to the newsletter (hereinafter, collectively, the “Platform”). Given that the user has a wide range of services and resources available, this Notice is divided into a general section, providing information applicable to the entire Platform, and special sections containing specific information for individual resources. Paragraphs A and B specify the controller of the Platform and the contacts, as well as describe the mechanism for accepting and reviewing the Notice. Information on the processing of Personal Data activities and cookies is detailed in paragraph C. The data subjects’ rights are listed in paragraph D. Lastly, paragraph E regulates the substantive law applicable to the legal relationship between the parties and establishes the competent court in the event of a dispute related to said relationship. The specific Notice relating to the processing of Personal Data in relation to the provision of products and services to customers and users of the coworking space can be viewed on the page www.pow.space/privacy (to which reference is made and which is considered integrated here). The same Notice is also available in paper format at the Coworking reception. |
A. Platform controller and contacts | The Platform's controller is PATIO LUGANO SA (hereinafter, the “Controller”). The Controller has control of the Platform’s content and set forth the purpose and means of Personal Data processing. Contacts:
Attention: As filters are in place to safeguard the security of the Controller and the users, email communication is considered received only if there is a reply or confirmation of receipt. Otherwise, the user should assume the communication has not been delivered. |
B. NOTICE AWARENESS | ACCEPTANCE | REVIEWS | The applicable Notice is the one in effect at the time of accessing the Platform. The most recently updated version can be accessed by clicking on the dedicated link found at the bottom of each Website’s page (www.pow.space). The user is responsible for carefully reviewing the Notice’s status prior to using the Platform, since the Controller reserves the right to update the Notice at any time, particularly in light of the evolution of applicable law, functionalities, as well as services and products made available to the user. |
C. PROCESSING OF PERSONAL DATA AND COOKIES |
Legal framework and general notions Applicable law. Personal Data processing through the Platform is regulated, in the context of the private sector, by the Federal Act on Data Protection (hereinafter, “FADP”). Definition of “Personal Data” according to the FADP. Personal Data includes all information concerning an identified or identifiable natural person, such as name, last name, address, date of birth, email, phone number, IP address (what is it?), personal preferences and interests, purchases made, web pages visited, geolocation and movement data, etc. Definition of “sensitive Personal Data” according to the FADP. Sensitive Personal Data are particularly confidential data: (i) data regarding religious, philosophical, political or trade union opinion or activity, concerning health, the private sphere, or the belonging to a race or ethnicity, (ii) genetic data, (iii) biometric data that uniquely identify a natural person, (iv) data concerning administrative and criminal prosecutions and sanctions, (v) data concerning social assistance measures. Definition of “profiling”. It involves the automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements Definition of “high-risk profiling”. It is profiling that poses a high risk to the data subject's personality or fundamental rights by matching data that allow an assessment to be made of essential aspects of the personality of a natural person Obligation to protect login credentials and personal devices. Internet and email use are exposed to security risks. The user has the duty to ensure the security of their own devices and passwords (particularly passwords related to their email) via appropriate technical and organizational measures. Obligation to provide correct data and communicate any changes to Personal Data. The user is responsible for the accuracy of the Personal Data communicated to the Controller. They must voluntarily and promptly communicate any changes to Personal Data so that records can be constantly updated. Legal foundation on Personal Data processing. Processing of Personal Data is unlawful when it constitutes a violation of personality rights. This violation can be justified based on the concerned person’s consent, a prevailing public or private interest, or the law. In particular, a prevailing private interest occurs if the processing is necessary for the provision of goods and/or services requested by the customer. Where required by law, for instance in the case of certain marketing or advertising activities that involve user profiling, the adoption of automated decisions or the processing of sensitive Personal Data, the Controller will request informed consent from the user through electronic (online or per email) or analogue (telephone, regular mail, or in-person) channels. General responsibility disclaimer | User obligations regarding electronic communications Given the Internet's nature as an “open network,” the Controller does not guarantee that data provided or received by the user cannot be falsified, intercepted, or acquired by unauthorized third parties. The user commits to verifying by telephone all communications and electronic documents received from the Controller (including electronic communications and invoices) that are not validly signed with a qualified electronic signature attributable to the Controller or its collaborators, to the extent that they involve the payment of a sum of money, the execution of instructions, or the sending of confidential documents prior to compiling with the request. The user alone is responsible for the choice of their email service provider and for the correct and secure handling of their Personal Data outside the Platform. Approval for email use. Email is not a means of communication that ensures the confidentiality, authenticity, and integrity of transmissions; thus, unauthorized third parties may access the information and potentially modify or otherwise manipulate its content. Therefore, it is recommended that the user does not send confidential information and data via email. Still, unless expressly instructed otherwise, by providing their email address the user authorizes the Controller to transmit via uncertified and unencrypted email, documents and information including any Personal Data or confidential information, assuming all related risks. Retention period of Personal Data. When the purposes for which Personal Data are collected are achieved, they are destroyed or anonymized. Any legal retention obligations (for example; 10 (ten) years if the information holds accounting relevance) are reserved. The user can request detailed information about their Personal Data retention policy for a specific processing by contacting info@pow.space. Specialized service providers in contact with Personal Data. The Controller employs external service providers in the field of information technology to ensure the proper functioning of the Platform. These providers have access to data only to the extent strictly necessary for the performance of their tasks, subject to the assumption, through agreement, of strict confidentiality and non-use obligations regarding Personal Data. They must also be established in Switzerland or in foreign countries with legislation that adequately protects Personal Data according to the findings of the Federal Council as set out in Annex 1 of the Federal Council Ordinance on Data Protection (DPO). Subject to the data processing provided for by law, the data collected within the Platform are made accessible or communicated to suppliers belonging to the following categories: (i) entities providing IT and telecommunication services, specifically, hosting / management / maintenance of the Platform, data analysis, and Cloud computing (word and data processing, storage, backup, management / sending of Newsletters, IT management, and email); (ii) credit institutions; (iii) entities providing services in the fields of marketing, legal, technical, accounting, administrative, fiscal, and auditing. The complete and up-to-date list of service providers. is available for review at the Controller's headquarters. For data and IT system security reasons, certain information may be anonymized or redacted. Responsibility disclaimer for third-party online resources. We hold no control over the processing of Personal Data carried out independently by third parties (relative to the Controller), therefore we do not verify nor assume any responsibility in this regard. It is the user's obligation to inquire about the processing carried out by these third parties before purchasing goods or services, visiting websites, using applications, or devices. For example, the user leaves the Platform whenever: (i) sending emails; (ii) visiting social media profiles; (iii) visiting web pages outside the domain www.pow.space. Relation with European Data Protection Law Switzerland is not a member state of the European Union (EU), therefore European law is not directly applicable. Art. 3, para. 2 of the General Data Protection Regulation (EU) 679/2016 (hereinafter, "GDPR") specifies that the regulation applies to entities established outside the EU in the case of data processing related to: (i) offering goods or services to natural persons in the EU or (ii) monitoring the behavior of natural persons in the EU. The Controller does not target activities towards the EU, nor does it monitor the behavior of those in the EU, making the GDPR inapplicable. Swiss law provides adequate protection for Personal Data, as confirmed by the European Commission on July 26, 2000 (the adequacy decision can be downloaded here). In the (exceptional) case of being subject to the GDPR, this document serves as information pursuant to arts. 13 and 14. In addition to benefiting from all protections provided by the GDPR, the user can assert rights as expressed in arts. 15, 16, 17, 18, 19, 20, 21, and 22 GDPR, by contacting the Controller. The user has the right, at any time, within the limits and conditions established by the GDPR, to request access to their Personal Data, rectification, erasure, limitation of processing concerning them, or to object to processing, as well as to exercise the right to data portability. If the processing is based on art. 6, para. 1, litt. a) or art. 9, para. 2, litt. a) GDPR, the user has the right to withdraw consent at any time. They also have the right to lodge a complaint with the competent supervisory authority. In the case of a data portability request, the Controller provides, in a commonly used structured format readable by an automatic device, the Personal Data concerning the user, subject to paragraphs 3 and 4 of Article 20 GDPR. Without prejudice to any other administrative or judicial remedies, if the user believes that the processing of Personal Data concerning them violates the GDPR, they have the right to lodge a complaint with the competent supervisory authority for data protection (EU: list of national authorities). In no case shall references to the GDPR be construed as a voluntary submission such regulation, nor to the supervision and/or decision-making power of any foreign authority (with respect to Switzerland). Detailed information on data processing activities 1. Website Browsing Without prejudice to mandatory data processing required by law and exceptions, derogations, and restrictions to the information requirement, when the user visits the Website seeking information about products and services, events, exhibitions, and promotions, Personal Data processing can be summarized as follows:
2. Email (Contacts on the Website) Without prejudice to mandatory data processing required by law and exceptions, derogations, and restrictions to the information requirement, Personal Data processing can be summarized as follows:
3. Telephone logs (contacts on the Website) Without prejudice to mandatory data processing required by law and exceptions, derogations, and restrictions to the information requirement, Personal Data processing can be summarized as follows:
4. Contact form on the Website Without prejudice to mandatory data processing required by law and exceptions, derogations, and restrictions to the information requirement, Personal Data processing can be summarized as follows:
5. Newsletter Without prejudice to mandatory data processing required by law and exceptions, derogations, and restrictions to the information requirement, Personal Data processing can be summarized as follows:
6. Marketing Within the limits permitted by current regulations, we use Personal Data for marketing purposes if the user has given their consent, reserving the right of the controller to send advertising communications and offers within the scope of existing or pre-existing contractual relationships involving similar goods, works, and services in compliance with legal requirements. The users’ Personal Data are not divulged to third parties and their browsing habits through the Platform (and connected online resources) or consumption habits are not analyzed. Data is not cross-referenced with information from third parties to propose personalized offers without the user’s prior, informed, and specific consent. Which Cookies does the Website implement? Use of cookies and their management What are cookies? Cookies are small text files placed on the user’s system by servers during web browsing. Thanks to cookies, servers can recognize the user’s browser and the device used during the current navigation and in case of a subsequent visit. Types of cookies. Cookies are divided into various types:
Disabling or deleting options and technical consequences. The user has the option, through the cookie management plug-in on the homepage of the Website, to freely choose which cookies to authorize and which to refuse (including the possibility of blanket refusal). The user can set the browser to inform them upon receiving cookies or to block cookies (generally, by type of cookie, or by the originating site). The generalized blocking of cookies, as it also applies to technical cookies, may result in limitations in the use of the Website. The user can manually delete cookies from the browser’s memory, as well as set the browser to automatically delete cookies upon closing the program (recommended choice). By default, browsers generally accept cookies. Instructions for deactivating or deleting cookies can be found on the website of the browser developer used by the user (to which reference is made). There are other ways to reduce the risk of online tracking (which should be used cumulatively):
exercise the user’s right to be excluded from specific behavioral advertising schemes (for example: DAA Consumer Opt-Out Page, NAI Consumer Opt-Out Page). Technical Cookies
Use of Social Media “Plug-ins” and “Widgets” What are social media “plug-ins” and “widgets”? Social media plug-ins are optional software that connect websites to social media, allowing users to easily interact with online content (e.g., “Like” or “Share”). Plug-ins include the so-called “widgets,” graphical control elements inserted into corresponding sections of the website to enable users to access the plug-in’s functionalities. With a simple click on the widget, the user can, for example, share content within their favorite social media platform. If the user activates the plug-in, the browser makes a direct connection to the plug-in provider’s servers (e.g., LinkedIn, Meta, or Instagram). As a result, certain personal information, such as the IP address and visited pages, are transmitted to the plug-in provider. This occurs even if the user is not registered with the social media platform. If the user is registered, the social media platform can associate the visited content with the user’s personal profile. The information published on the social media platform is shown to the user’s contacts or made public (in the case of a public profile). List of active social media plug-ins / widgets, with corresponding provider and link to the specific provider’s privacy notice The Website implements plug-ins / widgets or alternative tracking technologies in relation to the following social media platforms: NONE The Website implements “double-click” technology, whereby the plug-in must be activated by the user (with the first click, the plug-in is made available, and with the second click, the corresponding functionality is activated). The previously detailed privacy policies are hereby reproduced and integrated. The user who activates the plug-ins / widgets is solely responsible for reading and accepting these policies, as the Controller has no control over the Personal Data processing activities related to the user’s use of social media. |
D. RIGHTS OF DATA SUBJECTS |
Legitimation and Exercise. The data subject can exercise their rights in writing by sending a motivated request via ordinary mail or email to the Controller (for contacts, refer to paragraph A above), attaching the necessary supporting documents, along with proof of identity and authorization. Response Time. The Controller undertakes to respond to the request without delay and, in any case, barring exceptional circumstances, within 30 days from receipt of the request complete with all necessary information. Rights. In the event of being subject to the provision of the Federal Act on Data Protection (FADP), under the conditions established by the law, data subjects have the following rights concerning their Personal Data:
Consultation and information requests To promote transparency and build a trusting relationship with users, the Controller has appointed an internal contact person for responding to information requests and facilitating the exercise of data subjects’ rights. The internal contact person can be contacted via email at info@pow.space. Any questions regarding the rights of data subjects in relation to the processing of Personal Data and their exercise in the private sector can be directed to the Federal Data Protection and Information Commissioner (FDPIC), who can be contacted through the online form (link). |
E. APPLICABLE LAW AND JURISDICTION |
The legal relationship between the user and PATIO LUGANO SA, Lugano, regarding access to and use of the Platform (and related resources) is governed by SWISS SUBSTANTIVE LAW, excluding the rules of private international law. The parties herby designate THE COURT OF THE SUBJECT-MATTER JURISDICTION FOR THE DISTRICT OF LUGANO AS THE EXCLUSIVE FORUM FOR ANY DISPUTE arising from or related to the use of the Platform (and related resources), subject to any mandatory legal provisions that may require a different jurisdiction. PATIO LUGANO SA, Lugano, reserves the right to bring proceedings before the competent court at the user’s place of residence, branch, or domicile. |