Privacy Notice
Clients
Third party service providers Website users
Contacts
La Taranta
Telephone: +41 772255128
Avenue Pictet de Rochemont 31, 1207 Genève Suisse
LA TARANTA
PRIVACY NOTICE
CLIENTS, THIRD PARTIES, WEBSITE USERS AND CONTACTS
- Privacy Notice
La Taranta is committed to protecting the security and privacy of EU and Swiss data subjects’ (“you”) personal data when processing the same. La Taranta endeavours to ensure that any personal data we collect about you will, where relevant, be held and processed in accordance with the European General Data Protection Regulation (“GDPR”) and the Data Protection and Information Commissioner of Switzerland. The terms ‘personal data’, ‘data controller’ and ‘processing’ have the meanings given to them in GDPR (which can be accessed here), unless otherwise indicated.
-
Scope
This Privacy Notice demonstrates how we handle the personal data you provide to us, or which we collect about you, in the following ways (your “Data”):
a. by you submitting Data to us through our website www.lataranta.ch or from what we learn about you from your visit to our website;
b. by you or a third party (such as a ticket shop or event location) that submits information to us when you purchase tickets to one of our events;
c. by you or a third party (such as a ticket shop or an event location) submitting Data to us in the course of us providing services to you;
d. by you, a third party (such as your employer) who submits Data to us where it is intended to obtain services from you or a third party provider/service provider;
e. as a result of using your Data (whether obtained from you, a third party or the public domain) to contact you about possible activities related to our services; and
f. as a result of collecting data about you from third party sources such as event organisers, sponsors or other publicly available sources such as websites.
-
Identity and contact details of data controller
For the purposes of GDPR, La Taranta is acting as a data processor and controller of your Data.
If you have any questions regarding this policy or complaints about our use of your data, please contact us at info@lataranta.ch or feel free to contact any of our staff directly.
-
What we use your Data for
The table in Annex 1 to this Privacy Notice sets out the categories of your Data that we hold, the purposes for which we may process your Data and the lawful basis for processing.
-
Data security
We have implemented appropriate security measures to prevent your Data from being lost, used or accidentally accessed in an unauthorised, altered or disclosed manner. In addition, we limit access to your data to those who have a business need to know.
We have put in place procedures to deal with any suspected Data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
-
Who we share your Data with
In exceptional cases, we may be required to share your Data:
a. where we are required to do so by law or enforceable request by a regulatory body;
b. where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights; or
c. if we sell our business, go out of business, or merge with another business.
-
Retention Period
We will only retain your Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, tax, regulatory or reporting requirements. To determine the appropriate retention period for your Data, we consider the amount, nature, and sensitivity of your Data, the potential risk of harm from unauthorised use or disclosure of your Data, the purposes for which we process your Data and whether we can achieve those purposes through other means, and the applicable legal requirements
As a general rule, this means that your Data will be stored for a maximum period of 6 years from the date on which our relationship with you ends, after which time it will be deleted if it is no longer required for the lawful purpose(s) for which it was obtained.
-
Your rights in relation to your Data
Under the GDPR, you have the following rights in relation to how we process your Data:
a. right to request access: you may obtain confirmation from us as to whether or not your Data is being processed and, where that is the case, access to your Data;
b. right to rectification and erasure: you have the right to obtain rectification of inaccurate personal Data we hold concerning you and to obtain the erasure of your Data without undue delay in certain circumstances;
c. right to restriction of processing: you may require us to restrict the processing we carry out on your Data in certain circumstances;
d. right to data portability: you have the right to receive your Data in a structured, commonly used and machine-readable format;
e. right to withdraw consent and object to processing: where you have provided your consent to us processing your Data, you have the right to withdraw your consent at any time. Additionally, where we are relying on legitimate interests to process your Data you have the right to object to such processing. You also have the right to object to direct marketing which uses your Data. This can be done by emailing info@lataranta.ch at any time; and
f. right to lodge a complaint: you may lodge a complaint with any supervisory authority in the EU. The supervisory authority for Switzerland is the Data Protection and Information Commissioner of Switzerland. A list of the EU data protection authorities can be found here.
For further information on your rights, please see the European Commission’s website here.
Please note that, in circumstances where you are seeking to exercise your rights as a data subject, we may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that your Data is not disclosed to any person who does not have a right to receive it.
-
Additional Information
We do not undertake automated decision-making or profiling of your Data.
Wekeepourdataprotectionpolicy(includingthisPrivacyNotice)underconstantreviewandmaychangeitfromtimetotimetoreflectourpractices or to remain compliant with relevant legislation. We will notify you of any material changes to our Privacy Notice at which pointyouwillbegiventheoptiontorequestthatweceaseprocessingyourData.
Schedule 1
Categories of data processed, purposes for processing and legal basis
Data subject
|
Categories of data
|
Purpose
|
Legal basis for processing
|
Website users
|
Personal details
|
Direct marketing
Responding to queries
|
Legitimate interests
Consent
|
Third party service providers
|
Personal details
Goods and services provided
|
Direct marketing
Discharging contractual obligations
|
Legitimate interests Legal compliance
|
Contacts
|
Personal details
|
Direct marketing
Responding to queries Surveys
|
Legitimate interests
Consent
|
Clients
|
Personal details Financial details
Goods and services provided
|
Direct marketing Client activities Surveys
|
Performance of contract Legitimate interests Legal compliance
Consent
|
Interpretation
Consent: in the context of the table above, should be construed as follows:
a. Website users: to the extent relevant consent given by the relevant user clicking on an ‘I consent’ button embedded on the website covering the processing of Data;
b. Contacts: may cover consent to process Data under GDPR but is also aimed at consent to receive marketing communications under relevant marketing laws. Consent here will be by way of soft opt in which means that we will contact contacts and give them the opportunity to opt out of receiving further communications from us; and
c. Clients: consent given by our clients in our terms of business for us to process Data provided by our clients about data subjects in our capacity as data processor;
Contacts: any data subject entered in our relationship management database that is not a client;
Direct marketing: keeping data subjects informed of any activities undertaken by us which we believe may be of interest to the data subjects and this may include sending data subjects email and postal marketing from time to time, calling data subjects up or sending them requests to respond to a survey;
Discharging contractual obligations: covers our activities in connection with the discharge of our obligations under a contract with a third-party supplier or service provider. This will principally cover the processing of any Data provided by the counterparty;
Client activities: covers the day-to-day activities associated with our business;
Legitimate interests: in the context of the La Taranta business means the day to day activities that we undertake to service client work (i.e. conducting dance classes) together with any associated middle and back office support activities as are more particularly set out in Schedule 2 to this Privacy Notice;
Personal details: this is information about you that you give to us by providing your business card to us or filling in forms on our website (or other forms that we ask you to complete), or corresponding with us by telephone, post, email or otherwise; it may include, for example, your name, company, business and/or private address,
emailaddressandtelephonenumbers,dateofbirth;informationaboutyourbusinessrelationshipwithLa Taranta;andinformationthatourwebsiteandothersystemscollectaboutyou.
Responding to queries: covers the processing of your Data (name, telephone number and email address) for the purposes of responding to any questions sent to us using the info@lataranta.ch email address, which is presented on the website. In responding to your query, your contact details will be stored; and
Surveys: from time to time we may use client and contact details (name and contact details) to send individual data subjects survey requests; such requests are entirely optional and will contain further details of any processing activities that we will undertake in connection with the Data provided.
Schedule 2
Legitimate interests
1. Preventing fraud
2. Direct marketing
3. Ensuring network and information security
4. Reporting possible criminal acts to a competent authority
5. Enforcement of legal claims (out of court)
6. Whistleblowing and prevention of money laundering
7. Physical, IT and network security
8. Processing for (market) research purposes
9. Processing in order to provide services
10. Compliance
11. Internal risk management
12. Creating employment relationships
13. Recordkeeping and disclosure
14. General financial and regulatory reporting to authorities