Privacy and cookie

Dear Client,

We wish to inform you that, pursuant to Article 4 and 5 of the Swiss Data Protection Act (DPA) and, where applicable, Articles 13 and 14 of Regulation (UE) 2016/679 (GDPR), the personal data you provide or that we collect within the context of our activities will be processed in accordance with the principles set forth in the aforesaid regulations and with the stringent confidentiality requirements to which our business activities are subject. Please note that the EU Regulation is only applicable to the processing of personal data within the territorial scope asset out in Article 3 of the GDPR, that is to say:

a) the processing of data in the context of the activities of an establishment in the EU;

b) the offering of goods or services to natural persons in the EU;c) the monitoring of the behavior of natural persons within the EU.

Veco Group SA and its subsidiaries do not have a business establishment in the EU. The company may occasionally process personal data of data subjects as part of a general monitoring activity.

1. Definitions
For the purposes of this notice:

a) 'data subject' means an identified or identifiable natural person to whom one or more items of personal data refer;

b) 'personal data' means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

c) 'data requiring particular protection' or' particular data' mean sensitive data such as data concerning a person's private life, social assistance measures, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, biometric data or data concerning health;

d) 'data on criminal convictions and offences or concerning security measures' means personal data revealing criminal convictions or administrative sanctions for offences committed or information about charges pending or a person's status as defendant or as the subject of investigations in criminal proceedings;

e) 'processing' means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

f) «data controller»: the subsidiary of Veco Group SA, Via Lavizzari 4, 6900 Lugano.

2. Categories of personal data processed
In the context of our activities, we process the following categories of personal data:

a) ordinary personal data, with specific reference to: personal and contact details (specifically: name and surname, date of birth, nationality, place of origin, private and business addresses, photocopy of passport or identity card, private and business mobile and land-line telephone/fax numbers, e-mail addresses, video/teleconferencing service identifiers, job, employer, role, academic and professional qualifications, etc.), personal interests, tax data, billing data, accounting data;

b) particular categories of personal data (specifically: information about business activities, the origin of funds, family members, etc.), and information concerning any convictions and offences or related security measures. Such data will only be processed insofar as necessary in relation to the client's requests, and where required by law, in accordance with the applicable legislation governing the protection of personal data, and any binding instructions issued by the competent supervisory authority.

3. Purposes and legal basis for processing personal data and schedule
Your personal data will be processed for the following purposes:

3.1. Compliance with legal obligations
Some of your personal data (specifically: your name, surname, address, date and place of birth, tax code, a photocopy of your identity document) will be collected in order to comply with the law, regulations and sector-specific rules, or instructions issued by supervisory or regulatory authorities or bodies. Such data will be processed in order to:

a) identify the data subject and carry out the appropriate checks in the context of detecting and preventing money laundering, terrorist financing and fraud;

b) comply with all monitoring, reporting and/or recording requirements (specifically: AUI, CRS, FATCA, QI, etc.);

c) fulfil administrative-accounting and fiscal obligations.  Personal data processed for the above purposes may be retained for up to 10 years from the date of termination of the contractual relationship.

3.2. Purposes strictly related and instrumental to the management of contractual relationships
Some personal data - such as data collected prior to signing the contract - are necessary in order to manage business relations with you as a client or for the performance of contractual obligations and to meet your specific requests. There is no obligation to provide the personal data required for such purposes. You may therefore choose not to provide these data. However, that may undermine the management and/or continuation of the contractual relationship with you or the execution of the operations you have requested. Such data will be processed in order to:

a) establish and verify your identity and the suitability thereof in respect of our criteria;

b) establish a contractual relationship with you and ensure the correct execution of the related operations;

c) manage the billing of services provided to you and the related expenses;

d) provide customer support activities. Personal data processed for the above purposes may be retained for 10 years from the date of termination of the contractual relationship (in line with the ordinary limitation period).

3.3. Data processed on the basis of the data subject's consent
Subject to your consent and until you object, the Company could process your personal data for the purposes of direct marketing and profiling, especially in relation to newsletters, meetings, promotional offers, market research, informative material, satisfaction surveys, commercial and advertising material or in connection with events and initiatives, especially conferences and meetings open to the public. The Company does not carry out such activities for relations to Interested parties, possibly subject to profiling following behavior monitoring, whose data, if collected, are used only for general analysis of the origin of contacts and the type of services object of interest. Processing will be carried out by automated means, e-mail, operator telephone calls, text messages, chat rooms and paper-based mail, on the following personal data: name, surname, private address, telephone number, fax 3 number, e-mail address, social media profile, cookies, technical identifiers (IP, unique mobile device identifiers, etc.). Data processed for the above purposes may be retained for the entire period of the mandate and for up to 3 years from the date of termination of the main contractual relationship or of the service requested (e.g., newsletter). Providing such data is optional albeit necessary for the above purpose. If you do not provide such data, we will be unable to contact you for direct marketing initiatives based on your interests. This will, however, not have any negative consequences for the purposes set forth under points 3.1 – 3.3 above.

4. Recipients to whom your personal data may be disclosed
For the above purposes, your data may be disclosed to the following categories of subjects, in Switzerland or abroad, including outside the European Union, in their capacity as controllers in respect of such data (the list is not exhaustive):

a) company bodies;

b) companies that provide banking, financial and/or fiduciary services;

c) service companies for the collection, registration and processing of data from documents or media sent to you and concerning payments, bills, cheques and other securities;

d) auditors;

e) lawyers and notary publics;

f) government, supervisory and tax authorities;

g) national and international system management companies for audits and controls in the framework of the prevention and detection of money laundering, terrorist financing and fraud;

For the above purposes, your data may be made available to the following categories of subjects, in Switzerland or abroad, including outside the European Union, in their capacity as processors:

a) service companies for the collection, registration and processing of data from documents or media sent to you and concerning payments, bills, cheques and other securities;

b) companies involved in sending, enveloping and sorting correspondence to clients;

c) subjects involved in filing documentation concerning relations with you as a client;

d) subjects who provide consultancy services on our behalf;

e) companies that provide operational services, especially IT and back-office/operations;

f) companies that provide security and facility management services at our premises.

Please also note the following:

a) we will not transfer your personal data to other countries outside Switzerland, except by virtue of a legal obligation or when necessary in the performance of the contract with you, as duly instructed by you;

b) activities in connection with the corporate IT system (specifically: servers, firewalls, e-mail, website, back-up) have been outsourced to a leading Swiss provider in the sector; data are stored in Switzerland and can only be accessed by authorized personnel; c) your personal data will not be disclosed to unspecified subjects.

5. Data processing methods used
The data you provide may be processed by automated means, in writing or using electronic or telematic tools, including tape recordings and the use of other equivalent storage media, based on procedures and systems completely in line with the purposes referred to above and such as to guarantee security and confidentiality as required by the applicable regulations. The data in question may also be stored and retained in printed or electronic form, recorded on tape or other equivalent storage media, in the case of recorded telephone calls. Personal data may be stored on servers located in Switzerland in accordance with the laws in force and with full assurance of compliance with security and confidentiality requirements. You may obtain a copy of your personal data by sending a written request addressed to the controller, at the e-mail address compliance@vecogroup.ch, or the postal address of our registered office.

6. Transfer of personal data to countries outside the European Union or to the European economic area.
It is assumed that the data are transferred abroad exclusively by virtue of a legal obligation or if this is necessary to fulfil the contract with the Customer, respectively on his instruction. In particular, data may be transferred where necessary to the execution of a contract concluded between the data subject and the data controller, or the execution of pre-contractual measures taken at the request of the data subject; or where the transfer is necessary for the conclusion or execution of a contract between the data controller and another natural or legal person in favor of the data subject; or the transfer is necessary for important reasons of public interest; or the transfer is necessary to ascertain, exercise or defend a right in court; or the transfer is necessary to protect the vital interests of the person concerned or of other persons, if the person concerned finds himself in the physical or legal incapacity to give his consent; or the transfer is made from a register which, under Union or Member States law, aims to provide information to the public and can be consulted by both the general public and anyone able to demonstrate a legitimate interest ,only on condition that the requirements for consultation provided for by Union or Member State law are met.

7. Sources from which personal data originate
In line with the provisions of Article 14 of the Swiss DPA and point (f) of Article 14.2 of the GDPR, we will not only process personal data provided directly by you but also other data obtained in other ways, for example from public and/or private databases. More specifically we use, for our clients, databases to gather the information we need in order to comply with legal requirements in the context of prevention and detection of money laundering, terrorist financing and fraud (e.g. the World-Check database). All information and personal data obtained through such databases will be processed and retained exclusively by our company.

8. Rights of the data subject
Pursuant to Article 8 of the Swiss DPA, data subjects have the right to verify the correctness of their personal data, and to request the modification, rectification and/or updating of such data. Upon written request, the data subject has the right to be informed as to whether and how any personal data concerning him or her are being processed. Data subjects are also entitled to withdraw their consent to the processing of their personal data. In some specific cases, where prescribed by law, access to data may be denied. Data subjects have the right to obtain advice on the protection of personal data from the Federal Data Protection and Information Commissioner ("Federal Commissioner"), and to report illegal data processing activities when:

a) the processing methods used could adversely affect the personal status of a considerable number of people (system error);

b) records of data collection activities must be kept (Article 11(a) of the Swiss DPA);

c) there is an obligation to notify in accordance with Article6 (3) of the Swiss DPA. The Federal Commissioner can be contacted at the addresses shown on www.edoeb.admin.ch/edoeb/it/home/l-ifpdt/contatto.html. In case of subjecting the processing of personal data to the GDPR following profiling created on monitoring pursuant to art. 3para. 2 lit. b GDPR, you may exercise your rights as envisaged under Articles 15, 16, 17, 18, 19, 20, 21, 22 of said GDPR.

The data subject has the right to obtain from the controller, within the limits established by the Regulation, free access to the personal data concerning him or her, erasure of such data, the rectification of inaccurate data, the completion of incomplete data, the restriction of processing to storage only, and the right to object to processing, the cancellation (right to be forgotten) and the portability of your data. Where the data subject provided the personal data on the basis of his or her consent or the processing is necessary for the performance of a contract and data processing is carried out by automated means, the data subject is entitled to receive such personal data in a free structured, commonly used, machine-readable format and, where technically feasible, to transmit the personal data to another controller. The data subject has the right to withdraw his or her consent at 5 any time in accordance with point (a) of Article6(1) or point (a) of Article 9(2) of the GDPR without affecting the lawfulness of processing based on said consent before its withdrawal. The data subject has the right to lodge a complaint with the competent supervisory authority in the Member State of his or her habitual residence or place of work or place of the alleged infringement. In any case, whichever regulation is applicable, rights must be exercised in writing by notifying the controller at the e-mail address compliance@vecogroup.ch, or the postal address of our registered office.

9. Controller / Data Protection Officer / Persons authorized to process data
The Data Controller is the subsidiary of Veco Group SA (based in Lugano, Via Lavizzari 4). E-mail address: compliance@vecogroup.ch. Telephone number: +41 91 911 71 11

The persons authorized to process data pursuant to Article 29 of the GDPR (General Data Protection Regulation - Regulation (EU) 2016/679) are the employees and collaborators of the Company who will process the data in compliance with the principles of confidentiality and security required by the applicable regulations.

10. Cookies
Cookies are text files that are stored on the user's terminal or that allow access to information on the user's terminal. Cookies allow us to store information on visitors’ preferences. They are used to check that the website is functioning correctly and to improve functionality by personalizing page content based on the type of browser used, or to simplify navigation by automating procedures (e.g., login, website language), and finally to analyze visitors’ use of the website. There are different types of cookies (technical, analysis, profiling and marketing etc.) but our website uses only analysis cookies. These are therefore used directly by the website operator to collect information, in aggregate form, on the number of users and about their interaction with the website itself.

By clicking "Accept the use of cookies" on the banner on first accessing to the website, the visitor expressly consents to the use of cookies and similar technologies, and in particular to the storing of these cookies on their terminal for the purposes indicated above, or the using of those cookies to access information on their terminal.

11. How to disable cookies
The user can refuse the use of cookies and can revoke any consent they may already have provided, at any time. Since cookies are connected to the browser being used, they can be disabled directly from the browser, thus refusing/revoking consent to the use of cookies. This can also be done through the banner at the bottom of the page. Disabling cookies could prevent the correct use of some functions of the website itself. Services provided by third parties may not be accessible, and therefore may not be viewable. Such services may include YouTube videos or other video sharing services, the buttons used by social networks or Google Maps.

The instructions for disabling cookies can be found on the following web pages: Mozilla Firefox - Microsoft Internet Explorer - Microsoft Edge - Google Chrome - Opera - Apple Safari.

12. Third-party cookies
This website also acts as an intermediary for third-party cookies (like social network buttons), used to provide further services and functionality to visitors and to simplify use of the website, or to provide personalized advertising. This website has no control over cookies managed entirely by third parties and has no access to the information collected by these cookies. Therefore, information on the use of these cookies and their purpose, as well as how to disable them, is provided directly by the third parties on the pages indicated below.In general, the tracking of users does not involve their identification, unless the user is already registered for the service and is already logged in, in which case it is understood that the user has already expressed their consent directly to the third party at the time of registering with the relevant service (e.g., Facebook).

This website uses the following third-party cookies.

- Google Ireland Ltd
For information on the use of data and its processing by Google Ireland Ltd, users are recommended to read Google's Privacy Policy, as well as 'How Google uses information from websites or apps that use our services' and 'Google Ads Data Processing Terms'.

- Google Analytics: is a web analysis tool used in order to examine the interaction with the website by users, compile reports on-site activities and user behavior. It is also used to monitor how often users visit the website, how the website was reached, and which pages are visited more frequently. The information is combined by Google with the information collected from other websites in order to create a picture of the use of the website compared to other websites of the same kind.

Data collected: browser ID, date and time of interaction with the website, source webpage, IP address.

Place of data processing: European Union, since the service is anonymized.

The data collected do not allow personal identification of users and are not combined with other information relating to the same person. They are treated in an aggregate and anonymized form (truncated to the last octet). Based on a specific agreement (DPA - data processing agreement), Google Inc. (the data controller) is prohibited from combining these data with those obtained from other services.

Further information on Google Analytics cookies can be found on the page ‘Google Analytics Cookie Usage on Websites’.

The user can selectively disable (opt out) the collection of data by Google Analytics by installing the appropriate add-in provided by Google in their browser (opt out).

Data collected: number and behavior of service users, IP address, information that connects website visits to the Google account of users already logged in, video viewing preferences. Place where data is processed: USA.

13. Cookie Duration
Session cookies remain active only until you close the browser or until the logout command is executed. Other cookies "survive" the closure of the browser and continue to be available in subsequent future visits to the website. These are “persistent” cookies and their duration is set by the server at the time they are created. In some cases, they have an expiry date, in others their duration is unlimited.

14. Social Network Plug-ins
This website also incorporates plug-ins and/or buttons to allow easy sharing of content on your preferred social media networks. When you visit a page on our website that contains a plug-in, your browser connects directly to the social media network server from where the plug-in is loaded. This server may track your visit to our website and, if appropriate, associate it with your social media account, particularly, if you are connected at the time of your visit or if you have recently navigated from a website containing social media plug-ins. If you do not want social media networks to record data relating to your visit to our website, you must exit your social media account and, probably, also erase the cookies that the social media network has installed on your browser.

Plug-ins with advanced functions to protect user privacy are installed on this website. These do not send cookies or access the cookies present on a user’s browser when opening a page, but only do so after a plug-in is clicked.

Collection and use of information by these third parties are governed by their respective privacy policies, to which we would ask you to refer.

- LinkedIn - (cookie policy link)

15. Disclaimer
This notice was drawn up on February 10, 2021. It is intended to outline our data protection measures but it is not to be considered an exhaustive or binding document. Veco Group SA reserves the right to make amendments to this document whenever deems it app