Data Protection Statement

1. Introduction

Below we inform you, among other things, who is the owner of the processing of your data, what data we collect in relation to the visit of our site and the use of our services, for what purposes we process this data and to whom, if any. we forward. We also inform you about the duration of the processing of your data, the legal basis for the processing (if one is required), as well as what rights you have against us regarding the processing of your data. This data protection declaration applies to all your data that we already hold or will hold in the future. Please note that the data protection statement may be changed from time to time. The current updated version, published on our site, applies.

Personal data is any information that relates to a particular or identifiable person (hereinafter "personal data"). This includes, in particular, information such as name, address, telephone number, e-mail address, possibly also IP addresses and device identifiers. In this data protection declaration, the generic term "data" encompasses non-personal data and anonymised data in addition to personal data. Processing means any handling of data, regardless of the procedures and means used, in particular the collection, storage, use, modification, disclosure, archiving or deletion of data (hereinafter "processing") .

If you provide us with personal data of other persons, please ensure that they are aware of this data protection declaration and only disclose their data to us if you are entitled to do so under applicable data protection law.

2. Name and address of the data controller

The data controller in accordance with this data protection information is:

Riva Alta Sagl

Via Ceu 3, 6618 Arcegno, Switzerland

+41 917914296

info.grottolauro@gmail.com

3. Categories of data processed

When you visit our site, use our services and contact us, we collect certain data. We usually collect this data directly from you. The personal data we process may include the following data:

• Data that is identified or communicated while visiting our site or using our services. This includes, among other things, the IP and MAC address or ID of the device used, cookies, pages called up by you and search terms entered, entries in text fields, evaluations, time and duration of visits, clicks, employee URL/ access, information about the time of use, the type of browser and device, the operating system and Internet service provider used, as well as the amount of data transferred. Data that is exchanged during or in connection with contacts with us, e.g. communication by letter, telephone, e-mail, contact form, etc. (in particular name, contact details, gender, marital status, date of birth, job title, photo, employees, language, payment information). Data (in particular, e-mail address and name) which are disclosed at the time of subscription to a newsletter or downloading data (e.g. software). Data that is disclosed when creating a customer account for online shopping and in connection with placed orders (in particular user name, password, selected payment method and delivery address). Data on offers and concluded contracts (e.g. date, type, content, product, parts, duration, value, contract adjustments, payment information, contact details, contact persons, addresses billing and correspondence, customer feedback, cancellations, disputes, etc.). Data that is communicated in the context of the comments function (in particular e-mail address, the username you have chosen if you do not comment anonymously, as well as your IP address ). Data that you communicate while participating in prize games, surveys and the like.

The aforementioned data is not always personal data. As a rule, we are not able to assign the data generated during the use of our services without registration (e.g. to a newsletter or in the online shop) to named individuals. In special cases, this may occur, however, in combination with other data.

We draw your attention to the fact that the information you provide when using the contact form or the comment function may contain sensitive personal data (e.g. health data) which you voluntarily provide to us .

4. Purpose of the treatment

The processing of personal data, to the extent permitted by applicable law, will be carried out in particular for the following purposes:

• initiating, concluding, fulfilling and executing contracts; offering, further developing and improving our offers, developing new services, operating, maintaining, optimizing and ensuring the security of our services and our infrastructure; managing users, our services, identity checks, logins and other authentications; maintenance, administration and development of our customer relationships, communication with customers and third parties, promotions, advertising and marketing, offering personalized services and relevant content; quality control, calculation of statistics compliance with legal and regulatory obligations and internal rules, application of the law, civil, administrative and criminal proceedings, complaints, the fight against abuse, investigations and responses to questions from authorities and administrative services.

5. Legal Basis

We use personal data for the aforementioned purposes on the basis of the following legal bases, insofar as it is necessary under applicable data protection law:

• fulfillment of the contract; fulfillment of legal obligations; consent given to us or to third parties; legitimate interests of us and of third parties, in particular: offer and provision of services; advertising and marketing; contact maintenance and communication with users; user management, identity checks , login; compliance with legal and regulatory obligations, application of the law, civil, administrative and criminal proceedings, complaints, investigations and answering questions from the authorities.

6. Publication and transmission of data

We may publish and transmit data as follows:

Responsible for the treatment

We can commission third parties to perform certain tasks (e.g. in the area of IT, application management, administration, shipping, etc.) and to process and store data (so-called "processors" ). Data processors can access personal data and process it on our behalf. In this respect, we oblige the controllers to comply with data protection law and to only process the data as we treat it ourselves. The data controllers who may receive personal data may be located in any country, in particular in Switzerland, Germany, Israel and the United States.

Contractors

We may pass on data to contractors (e.g. sales partners, service providers, financial companies, etc.). This is done, for example, to fulfill contractual obligations, to offer certain services, for collection and marketing purposes, to analyze the use and management of our services, our systems and our infrastructure, and to carry out the payments. Possible recipients may also be buyers or persons interested in purchasing business units, companies or parts thereof. The contractors can obtain access to personal data and process them for their own purposes (for example for the fulfillment of the contract or their own legal obligations). In this regard, they are required to comply with the applicable data protection laws. The contractors who may receive personal data may be located in any country, in particular in Switzerland, in EU and EEA countries and in the United States.

Transmission to authority

In certain situations we may disclose data to authorities, services and other third parties. We do this when we are officially or legally required to do so or, in our opinion, are required to do so.

7. Duration of storage

We store personal data, as long as it is necessary for the purposes for which we collected it. Certain personal data is also subject to legally binding retention obligations of ten years or more which we comply with. We may also store personal data for at least the duration of the applicable limitation periods, which in many cases are five or ten years. Personal data (e.g. reports, logs, analyses, etc.) which are generated in connection with the use of our services and which are not subject to such retention or limitation periods are generally deleted before as soon as interest in their treatment fades. The data can be kept even longer in anonymised form. Unless expressly agreed contractually, we are not obligated to store the data for a certain period.

8. Data Security

We take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unlawful access by third parties. Our security measures are constantly improved according to technological evolution.

9. Your rights (rights of the data subject)

Every data subject has a right to information regarding the personal data concerning them. The data subject also has the right to demand that we rectify, delete and contain data relating to him, as well as to object to such processing of personal data. The exercise of these rights generally presupposes that the person concerned can unequivocally prove his identity. In the event that the processing of personal data is based on a consent, this can be revoked at any time by the data subject. The data subject has the right, in certain cases, to receive the data generated during the use of online services in a structured, commonly used and machine-readable format that allows further use and transmission. Requests related to these rights must be sent to the above address. We reserve the right to limit the rights of the data subject within the limits of the currently applicable legislation and, for example, not to release complete information or not to delete data. We also draw your attention to the fact that with the deletion of your personal data, part or all of the services may no longer be usable or available.

[A paragraph should be inserted here if you make automated individual decisions (decisions that are based solely on automated processing).]

Every data subject has the right to lodge a complaint with the competent data protection authority. In case of a controller in Switzerland, it will be the Federal Data Protection and Information Commissioner. In case of a data controller in the Principality of Liechtenstein, it will be the Liechtenstein Data Protection Service.

10. Cookies, web analysis and tracking tools

We use several common technologies to record, store and analyze data when you visit our site and use our services.

These technologies include in particular cookies thanks to which your browser or terminal device can be identified. A cookie is a small file that is sent to your computer or automatically stored by the browser used on your computer or mobile device. If you call up a service again, this service will be able to recognize your browser or your terminal thanks to the cookie. Cookies can store user settings and other information. We use session cookies. These cookies are necessary to perform the basic functions of the services and are automatically deleted again after using our services. In addition to this, we also use temporary and permanent cookies that remain longer stored on your computer or mobile device. The information collected through cookies allows us to improve our site and our services in accordance with the customer's wishes and to offer you personalized offers.

You can block the use of cookies or delete them in your browser settings. Please note that if you do not consent to cookies, it is possible that not all functions of a service can be used to their full extent and that if you delete cookies, any opt-out cookies you may have will also be deleted. set. These opt-out cookies should then be reactivated when you visit the relevant service again. Otherwise, you will be recognized as a new user and it will be necessary to collect your data again.

In addition to cookies, we use web analysis and tracking tools to evaluate and analyze the use of our site and our services, to personalize the services and to show you personalized offers and advertising messages. For data processing using these tools, which are mostly provided by third parties, the conditions of use and data protection of the third parties apply.

[You can report any use of Google Analytics here.]

11. Integration of offers from third parties

We integrate third-party services and content into our sites that may allow you to interact with third parties (e.g. Youtube videos or online payment through a payment service provider). In this regard, any data indicated are transmitted to these third parties for the processing and execution of the corresponding service provision or are processed directly by these third parties.

Please note that the data processing by these third parties is subject to their own data protection and usage regulations.

[Data]