Swiss limited company (Aktiengesellschaft)
Seat of the company:
Kirk Watson Barlow
UBS Ltd., CH-8098 Zurich
IBAN: CH74 0020 6206 4391 8201 F
Responsible (or, depending on the context, processor) for the data processing that we provide and describe is:
Our representative in the European Economic Area (EEA) as those responsible in relation to data processing under the DSGVO is:
Agence des medias numerique SASU
Rond-Point des Champs Elysées 12-14
If you have any data protection queries, please contact us on the following contact
Changes to our data protection regulations
We reserve the right to occasionally amend this data protection declaration so that it always complies with current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The data protection declaration as amended applies and is available on our website.
Swizzonic Ltd. (hereinafter (hereinafter “Controller” or “Data Controller” or “Company” or “Swizzonic”), with registered office in Stauffacher, Badenerstrasse 47, CH-8004 Zürich, (Switzerland) undertakes to constantly protect the privacy of its users on-line. This document outlines our policy on privacy, explaining how your personal data are managed when using our services, and to enable you to give express consent to the processing of your personal data while being aware of the website sections requiring the entry of such data. Note that the various sections of the web sites of Swizzonic (hereinafter “Site”) requiring entry of your personal data may contain specific disclosure options in accordance with arts. 13 and 14 of the Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter "GDPR") and art. 4 of the Federal Act on Data Protection (hereinafter “Swiss Data Protection Law” and, together with the GDPR, the “Applicable Data Protection Laws”), which must be viewed by you before providing the requested data. The information and data supplied by you or otherwise acquired when registering for the various services of Swizzonic, (for example to register domain names, to supply an email account, supply web space, supply hosting services, supply other accessory services, hereinafter referred to in general as “Services”), will be processed in observance of the provisions of the Applicable Data Protection Laws and the obligations for confidentiality that form the basis of the work of Swizzonic. In accordance with the provisions of the Applicable Data Protection Laws, the processing operations carried out by Swizzonic will comply with the principles of lawfulness, fairness, transparency, purpose and retention limitation, data minimisation, accuracy, integrity and confidentiality.
The controller of the processing operations carried out through the Site is Swizzonic.
With specific regard to the activities carried out by Swizzonic through the services of Facebook Inc., as described in Section 3 (h) of this policy, Swizzonic acts as a joint controller of the processing together with Facebook Inc.: please refer to Section 3 (h) of this policy for more information.
Swizzonic has designated as its representative in the European Union the company Agence de medias numerique SASU, with registered office in 12-14, Rond-Point des Champs Elysées 75008, Paris, France. The representative may be contacted at the following e-mail address: email@example.com.
Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
We inform you that the personal data undergoing processing - depending also on how you intend to use the Services - may consist of an identifier such as the name, e-mail address, ID number, location data, online identifier, purchases made and other data enabling you to be identified or identifiable, depending on the type of Services requested (hereinafter "Personal Data").
In particular, the Personal Data processed through the Site are the following:
The computer systems and software procedures used for operation of the Swizzonic web site acquire, during routine operation, some personal data, the transmission of which is considered implicit in the use of the Internet communication protocols. This information is not collected to be associated with identified persons, but which in their nature may, through processing and associations with data retained by third parties, enable the identification of users. This category of data includes IP addresses or domain names of the computer used by the users to connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the dimensions of the file obtained in the response, the numerical code indicating the status of the response sent by the server (successful, error, etc.) and other parameters regarding the operating system and IT environment of the user. These data are used exclusively to retrieve anonymous statistical information on use of the present site and the sites of our clients, and to ensure correct operation of the latter, identify faults and/or abuse, and are deleted immediately after processing. The same data may be used to ascertain responsibility in the hypothetical case of computer crime harmful to the site or third parties: with the exception of this case, the data on web contacts are not stored for more than fourteen days, unless specific requests are made by the user (e.g. access to the user's personal pages within Swizzonic summarising services used, information published etc.).
Besides filling out the appropriate registration form, you can register to the Services if you have a Facebook profile by just clicking on the "Login with Facebook" button. In this case, Facebook will automatically send Swizzonic some of your Personal Data, indicated in the pop-up window, which appears upon applying, and you will not need to fill out any other forms. If, instead, you are already a registered user of Swizzonic and also have a Facebook profile, you can choose to associate your Swizzonic account to your Facebook account by clicking on "Login with Facebook" and then on "Associate Account": this way, your Swizzonic identification code will be associated to your Facebook user code, and you can then directly authenticate yourself by just clicking on "Login with Facebook” to your Swizzonic control panel without entering any credentials.
In the same way, Swizzonic gives you the possibility of associating your Swizzonic account to any Google, Twitter and LinkedIn accounts. In such cases too, these social media sites will automatically send Swizzonic some of your Personal Data, indicated in the pop-up window, which appears upon applying.
When using specific Services (such as Swizzonic promotions allowing the assignment of domain names to third parties, or as part of the exchange of e-mails or other messages with the operators of our Customer Care), the Personal Data of third parties that you submit to the Service Manager may undergo processing. In such case, you are considered an independent data controller, assuming all the obligations and responsibilities of law. To this effect, you fully indemnify in this regard Swizzonic against any complaints, claims and demands for compensation for damages arising from processing, etc., that may be received by Swizzonic from third parties whose Personal Data have been processed through the use of the Services, in violation of the applicable rules on personal data protection. In any case, if you provide or in other way process Personal Data of third parties in using the Service, you henceforth guarantee - assuming all related responsibilities - that this specific processing is grounded on an appropriate legal basis (for example, the data subject’s consent), which legitimizes the processing of the information in question.
With regard to the processing operations of Personal Data carried out as part of the domain name management service, it should be noted that Swizzonic will only implement the processing operations deemed strictly necessary for providing the service, with the exception of further processing operations grounded on an appropriate legal basis (for instance, your consent). The data collected by Swizzonic as part of an application for domain name registration are solely those strictly necessary for the provision of the service and are listed in the Service Order in section 4.3. The provision of such data is in itself optional, however, failure to provide such data entails that Swizzonic will not be able to provide the requested service. It should be noted that the Personal Data of the domain name holder, for purposes strictly related to the provision of the service, may be disclosed to third parties. Specifically, in order to manage domain names, the Internet Corporation for Assigned Names and Numbers (hereinafter "Icann") requires Swizzonic, as a registrar, to place in escrow to a licensed Escrow Agent a copy of the data needed to register a domain name under the authority of Icann itself.
Such service is provided to Swizzonic by Iron Mountain Intellectual Property Management, Inc., designated by Icann.
Additionally, the data may be disclosed to the national and international Registration Authorities to which Swizzonic is required to send the technical and administrative documentation under the relevant legislation, and to any other subjects accredited for the registration of domain names with regard to extensions for which Swizzonic lacks accreditation. Such data sharing is required in order to use the service; therefore, in accordance with the privacy legislation in force, data sharing is justified under the legitimate/overriding interest of the data controller (Swizzonic) and of yourself as party requesting the service and necessary to provide you with the service. It follows that when you sign up for the service, you agree to the disclosure of some of your Personal Data to the above subjects. If, instead, when applying for domain name registration, you provide Swizzonic with Personal Data of other third parties involved in the processing, you are considered an independent data controller, assuming all the obligations and responsibilities of law. To this effect, you fully indemnify in this regard Swizzonic against any complaints, claims and demands for compensation for damages arising from processing, etc., that may be received by Swizzonic from third parties whose Personal Data have been processed through the use of the Services, in violation of the applicable rules on personal data protection. In any case, if you provide or in other way process Personal Data of third parties in using the Service, you henceforth guarantee - assuming all related responsibilities - that this specific processing is grounded on an appropriate legal basis in accordance with Applicable Data Protection Laws, which legitimizes the processing of the information in question. Additionally, in order to improve the service, the data will be generally published, and therefore disclosed, on the WHOIS public database containing the Personal Data of the domain name assignees. With regard to this processing, note that Icann acts as an autonomous data controller and Swizzonic has no control whatsoever on the personal data processing activities performed by the said subject. Icann policies are currently under review and any development in this regard shall be appropriately notified. Additionally, domain names could be published on the WHOIS database managed by the relevant Authorities which, in their turn, are currently amending their policies on the publishing of personal data. We hereby clarify that these subjects act as autonomous data controllers and that Swizzonic, which in order to perform its domain registration service needs to disclose the registrant data to these subjects (failing which it would not be possible to perform the service), has no control whatsoever on the personal data processing activities performed by these subjects. Swizzonic, insofar as it concerns it and as part of its provision of domain names, shall not publish your Personal Data, but such data may be disclosed to third parties on an individual basis, under express and duly documented request, for purposes of protection of industrial property rights, as better described at paragraph 3.i of this policy.
As part of the e-mail service, Swizzonic processes certain data for the transmission of communications on the electronic communications network. These data are specifically:
- IP address used, e-mail address and any further sender ID;
- IP address and fully qualified domain name of the mail exchanger host for SMTP technology, or any type of host for a different technology used in the transmission of communication;
- e-mail address and any further ID of the recipient of the communication;
- IP address and fully qualified domain name of the mail exchanger host (for SMTP technology), or any type of host (for a different technology used) that delivered the message;
- IP address used by the recipient for receiving and/or browsing e-mail messages, irrespective of the technology or protocol used;
- date and (GMT) time of the log-in and log-off of the user of an Internet-based e-mail service, along with the IP address used, irrespective of the technology and protocol applied;
- Internet service used.
These data are processed and retained by Swizzonic to provide the service and by legal obligation, if applicable. Additionally, the data are processed by Swizzonic for the typical activities following from the provision of the service (for instance, for documentation purposes in the event of billing disputes or payment claims, for fraud detection, and to carry out analysis on behalf of the customers), in accordance with the law. In such case, the personal data are retained, meanwhile adopting stringent security measures for six months from their collection, and subsequently deleted.
- Definitions, characteristics, and application of standards
Cookies are small text files that the sites visited send to You and store on Your computer or mobile device, and which will be returned to these same sites on each new visit. Thanks to these cookies, the site remembers Your actions and preferences (for example connection data, preferred language, font dimensions, other display settings, etc.) so that You do not have to need to specify them again when You return to the site or consult another page on the same site.
There are different types of cookies and similar tracking tools (such as, but not limited to, pixels, fingerprinting, etc.), also depending on their characteristics and functions, the duration of storage on Your computer or mobile device varies.
The Site also makes use of fingerprinting, that is the technique that allows you to identify the device you use by collecting all or some of the information relating to the specific configuration of the device adopted by you. In particular, the Company adopts a fingerprint for security and anti-fraud purposes, the data of which are deleted two hours after their collection. Taking into account the purpose for which it is used, this tracking tool is considered a "technical cookie".
Please find below the list of cookies served by this Site:
The purposes of the processing we intend to carry out, following your express consent where necessary, are the following:
a. to allow us to provide the Services you requested and the subsequent, independent management of your control panel, which you will access by registering and creating your user profile on providing the Services, including the collection, retention and processing of data for the establishment and subsequent operational, technical and administrative management of the relationship arising from the provision of the Services, and the exchange of messages during the course of the relationship;
b. to allow you to browse and explore Swizzonic’s websites;
c. to answer requests for assistance or information, which we will receive via e-mail or telephone through the “Contact us” section of our Site, through the appropriate “Privacy Notices” form. For answers to telephone requests for assistance received by Swizzonic, we inform you that the calls are going to be recorded so that Swizzonic can prove it has properly handled requests received. With regards to requests received by Swizzonic by e-mail, they too will be retained, together with the appropriate replies, for the time necessary to assure the correct processing of the requests, as well as, subsequently, to allow Swizzonic to defend itself in court, where necessary. The legal basis for the processing of Personal Data for the purposes referred to in letters (a), (b) and (c) above is the necessity to provide contractual services to you. The provision of Personal Data for these purposes is optional, but failure to provide it entails the impossibility to activate the requested Services. On the other hand, with specific regard to the recording of telephone calls, the processing is based on Swizzonic’s legitimate/overriding interest in ensuring effective and consistent service, as well as in pursuing the improvement of the service itself. This interest, according to the balancing assessment carried out by the Data Controller, prevails over data subjects’ fundamental rights and freedoms, also taking into account the security measures applied to the recordings. If you do not wish for this processing to take place, we invite you to submit only written requests to our customer service and to avoid the use of the telephone. With regard to the data which is necessary to demonstrate that the Company has correctly provided services and answered requests, the relevant data retention is based on the Company’s legitimate/overriding interest of being able to exercise its right of defense in court where necessary;
d. to fulfil legal, accounting and tax obligations: this processing is legitimate/overriding in light of the obligation for Swizzonic to fulfil legal obligations to which it is subject. Once the Personal Data has been provided, the processing may indeed be necessary to comply with legal obligations to which Swizzonic is subject; and in those cases, it is not possible for the users to object to this processing, since it is a processing operation deriving from legal obligations;
e. to carry out direct marketing activities via e-mail for services similar to those you have subscribed to, unless you objected to such processing initially or in subsequent communications, in order to pursue Swizzonic’s legitimate/overriding interests to promote products and services which you may be reasonably interested in;
f. to conduct studies, research, market statistics; to send you advertising and information material, commercial information, or surveys to improve the service (“customer satisfaction”) via e-mail or SMS, and/or over the telephone through operator and/or through the official pages of Swizzonic on social media as well as through your control panel, if you are a Swizzonic customer; furthermore, if you are a Facebook user, you may see Swizzonic advertising banners on your Facebook profile (hereinafter reference will be made to the activities listed herein as "Marketing"): the processing of your data for Marketing purposes is based on your consent. You may object to the processing of your data for Marketing purposes through your control panel, or by sending a request from the Site or through the mechanism specified in the footer of commercial e-mails, or by writing to legal(at)swizzonic.com. Objections to this processing have no impact on the use of services;
g. only with regard to certain services, the data may be processed for disclosing to third parties for their marketing purposes, namely to provide you with information and/or to propose offers on products, services or initiatives offered or promoted by other companies of the Swizzonic Group and/or its affiliates and/or subsidiaries and/or other business partners and outsourcers who act as independent data controllers: this processing is also based on your consent, which may be given specifically; any refusal to grant consent has no effect on the use of the services;
i. solely for purposes of security and prevention of fraudulent conduct, on the basis of a legitimate/overriding interest of Swizzonic in preventing fraud and deception to its own detriment or to the detriment of its customers, as well as on the basis of various legitimate/overriding interest assessments carried out by the Controller which do not show that the processing operations in question are detrimental to the Data Subject’s fundamental rights and freedoms. In particular, such activities shall include:
ii. anti-spam: Swizzonic reserves the right to refuse activation or to block email accounts or hosting of its customers from which spamming or phishing activities originate. Where possible, Swizzonic will proceed to verify the identity of the customer in order to carry out the necessary investigations and, only in the event of no response or where false documents are set, will put in place the block. This activity involves the processing of personal data such as e-mail addresses, copy of ID documents, photos and traffic data and has its legal basis in the legitimate/overriding interest of the Controller to combat frauds and other malicious activities;
iii. checks on the usage of hosting: if there is an exceptional increase in the disk space used by the customer, the Company – limiting itself to external checks that neither have an impact on the Personal Data of the customer, nor include the identification of the content that has been uploaded – attempts to determine whether there are unlawful uses of the service (both in terms of contractual or regulatory provisions), in order to notify the customer, to protect its rights and to ensure the security of its systems.
v. profiling aimed at obscuring some Swizzonic’s offers to customers who connect from and / or pay from non-EU countries, in particular from countries included in a "Black List" drafted by Swizzonic on the basis of anti-fraud analyses. If you cannot access the offers for these reasons, you can always contact Swizzonic's support in order to overcome this block.
vi. verification of the identity of Swizzonic’s customers by requesting photos or other documents suitable for this assessment. This activity is carried out in the following cases: i) where you purchase one or more servers (dedicated or virtual) for the first time, ii) in the event that the Company receives reports relating to violation of industrial or intellectual property rights by third parties, or where such violations are independently detected by Swizzonic, iii) the customer is identified as fraudulent by the automatic control system referred to in section 3 (i) (i) above.
l. for the purpose of communication to third parties on the basis of the third party’s own legitimate/overriding interest, typically (albeit not exclusively) in the field of domain names, for the purpose of protecting the industrial property rights of the third party or in the case of reports of abuses allegedly committed to the detriment of third parties.
a.i) persons, companies or professional firms which typically acts as data processors providing Swizzonic with advice and consulting in accounting, administrative, legal, tax, financial and debt collection matters related to the provision of the Services; ii) subjects to engage with in order to provide the Services and which typically act as autonomous data controllers (for instance, the national and international Registration Authorities to send the technical and administrative documentation and Maintainer forms to, the authorities that manage the WHOIS database containing the personal data of the domain name assignees or the company Iron Mountain Intellectual Property Management Inc., designated by Icann as escrow agent, credit card payment service providers (Mercury Payments and Banca Sella), etc.) iii) persons or companies authorised to perform technical maintenance (including maintenance of network equipment and electronic communications networks) and which typically act as data processors; iv) Italian or foreign Swizzonic Group companies, for administrative and statistical purposes, and which typically act as autonomous data controllers; v) MaxMind Inc., a company specialized in anti-fraud services that acts both as data controller and as data processor on behalf of the Company (collectively "Recipients");
b. subjects, bodies or authorities to disclose your Personal Data to in accordance with the provisions of law or under the orders of the authorities (for example, during the course of criminal investigations, Swizzonic may receive requests from the judicial authority to provide traffic logs);
c. persons authorized by Swizzonic to process the Personal Data required for carrying out activities strictly related to the provision of the Services, who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality, for example Swizzonic's employees;
d. business partners for their own autonomous and separate purposes, only if you have given your specific consent;
e. auditing firms;
f. third parties who request access to domain name registration data on the basis of their own legitimate/overriding interest, as better described under paragraph 3.l of this policy.
The full list of data processors is available by sending a written request to legal(at)swizzonic.com.
Some of your Personal Data are shared with Recipients who may be located outside the European Economic Area and/or Switzerland. Swizzonic ensures that your Personal Data are processed by these Recipients in accordance with Applicable Data Protection Laws. Indeed, transfers can be based on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission or acknowledged by the Federal Data Protection and Information Commissioner. For further information please send a written request to legal(at)swizzonic.com. In the domain name registration services, data are communicated to the subjects listed in section 2 (d) of this policy: in some cases, such processing involves the transfer of data at stake outside the European Economic Area and/or Switzerland. In these cases the data are transferred in accordance with Applicable Data Protection Laws.
The Personal Data processed for the purposes referred to in Section 3 (a-b-c) will be retained for the period deemed strictly necessary to fulfil the stated purposes. In any case, since the Personal Data are processed for the provision of the Services, Swizzonic will retain the Personal Data for the period allowed by Swiss law to protect its interests. In particular, in order for the Company to be able to demonstrate that it has correctly fulfilled its contractual obligations, Swizzonic will retain the data necessary for this purpose for the period of time pursuant to Swiss law establishing limitations for bringing actions for breaches of contract.
Personal Data processed for the purposes referred to in Section 3 (d) will be retained for the period required by the specific obligation or by applicable law.
For the purposes referred to in Section 3 (e) (f) (Marketing), your Personal Data may, instead, be processed until you withdraw your consent or until three years after you have ceased to be a Swizzonic customer, or if you have only registered to the Site and have not purchased any products or services. For the purposes referred to in section 3 (h) (Profiling), the retention criteria of your Personal Data are those that govern the processing of data for Marketing purposes. For the purposes referred to in section 3(i)(i) (anti-fraud), the data are kept for the time necessary for the Company to be able to prevent and combat fraudulent conduct carried out through the Site, such as, for example, benefiting from the same promotion several times without being entitled to it. For the purposes referred to in section 3(i)(ii) (anti-spam), the data will be retained for the entire duration of your contractual relationship with the Company.
With regard to traffic data, as already mentioned, such data are retained for a maximum of six months after its generation for the purpose of providing the service; for the purposes referred to in section 3(i)(iii) (audits on hosting usage), the data will be retained for the period of time that the customer uses the service. For the purposes referred to in section 3 (i) (vi) (identity verification), Swizzonic will process Personal Data up to the time allowed by Swiss law to protect its interests.
For the purposes referred to in section 3(m), your Personal Data will be processed for 25 months from the gathering.
Further information on the data retention periods and the criteria adopted in determining these periods may be requested in writing from the Data Controller.
Notwithstanding the obligations or faculties to retain the Data described in paragraph 6 above, you are entitled at any time to the following: request access your Personal Data, to correct, erase or object, under the conditions provided for by the Applicable Data Protection Laws, to their processing; request the restriction of their processing in the cases provided for by the Applicable Data Protection Laws; and to obtain, in a structured and commonly used and machine-readable format, the data provided by you to Swizzonic (data portability), in the cases where such data are processed on the basis of your consent or for the performance of a contract with you.
Requests are sent in writing from here or by sending a written request to legal(at)swizzonic.com. To exercise the right to portability and obtain further information on its content, please open the following link: data portability.
It should be noted that, if you request erasure of your Personal Data but you have not withdrawn your consent for the purposes set out in paragraph 3(g), you may continue to receive any promotional e-mails previously scheduled for the time frame between the deletion of your Personal Data and the technical time of a few hours necessary to update the systems for sending promotional e-mails.
Furthermore, in the case of requests from data subjects regarding the reporting of abuse in the use of the Services or of spamming - activities already prohibited by contract as set out in the General Conditions of Service - carried out by a Swizzonic Customer (it should be noted that such customer typically acts as a data controller pursuant to the Applicable Data Protection Laws), and in the case of any further requests for the exercise of the rights, Swizzonic, without going into the details of the request, will, on the one hand, promptly inform the customer/data controller and, on the other, provide the data subjects with the details of the customer/data controller.
In any case, you are entitled to file a complaint with the competent Swiss supervisory authority, i.e., the Swiss Data Protection Authority (Federal Data Protection and Information Officer (FDPIC)) if you believe that the processing of your data violates Swiss Data Protection Law.
You are moreover entitled to file a complaint with the competent EU Member State supervisory authority of the country where you are resident, e.g., the French Data Protection Authority (Commission Nationale de l'Informatique et des Libertés or CNIL) if you reside in France and believe that the processing of your data violates the GDPR.
You are also entitled to seek judicial redress through the competent courts.
If the changes to this policy concern substantial changes in processing activities or may have a significant impact on the data subjects, Swizzonic will notify them appropriately and in due time to the data subjects.