Privacy Policy

Privacy Policy MBK
Your privacy is of utmost importance to MBK Fincom SA, and to ensure your protection, in accordance with the Federal Data Protection Act (LPD), the Regulation (EU) 2016/679 (GDPR), and the Directive 2002/58/EC (eDirective), we provide you with necessary information regarding the processing of personal data collected during your experience on our website www.supernova-light.com

CATEGORIES OF PERSONAL DATA SUBJECT TO PROCESSING | DEFINITIONS
The personal data provided – or otherwise acquired in accordance with legislative and contractual provisions in force – relating to, connected to, and/or instrumental in assessing your experience on our site, will be processed in compliance with privacy legislation and applicable confidentiality obligations. Below, we provide some definitions useful for understanding this document:

Personal data: all information relating to an identified or identifiable person.

Data subjects: natural or legal persons whose data is processed (hereinafter, also referred to as “You”).

Processing: any operation relating to personal data, regardless of the means and procedures used, and specifically including collection, storage, use, review, communication, archiving, or destruction of data.

Communication: making personal data accessible, for example, by allowing access, transmission, or publication.

Types of Data Processed

The computer systems and software procedures used to operate this website acquire, in their normal operation, some personal data whose transmission is implicit in the communication protocols of the Internet. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment. These data are used only to obtain statistical information on the use of the site and to check its correct functioning. The data could be used, upon request of the competent authorities, for the determination of responsibility in case of hypothetical computer crimes against the site. The optional, explicit, and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. In particular, we will process the following personal data: browsing data (for more information on the data collected with Cookies, please consult the dedicated paragraph within this information); data provided directly by the data subject (for example, to apply for job positions through the site: name, surname, email address, and data present in the CV).

IDENTITY AND CONTACTS OF THE DATA CONTROLLER
The entity that determines the purposes and means of the processing is MBK Fincom SA, CHE-472.557.344, a Swiss company with headquarters at via al Molino 31, 6926 Montagnola – Collina d’Oro. The contact is:[email protected]

IDENTITY AND CONTACTS OF THE DPO
The Data Controller has appointed a Data Protection Officer (DPO): Proliance GmbH / www.datenschutzexperte.de, with headquarters at Leopoldstraße 21 – 80802 Munich The contact is: [email protected]

PROCESSING METHODS
Personal data are processed both manually and with automated tools, for the time strictly necessary to achieve the purposes for which they have been collected. The processing operations of personal data include: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or any other available form, alignment or combination, restriction, erasure or destruction, occurring both manually and electronically with storage in a specially prepared electronic database to fulfill the obligations and for the purposes indicated here. The personal data contained in the aforementioned information system, as well as those stored in the electronic archives of the Data Controller, are processed in compliance with the provisions of the current Federal Legislation on the processing of personal data (LPD) and the European Regulation (GDPR) on security measures, in order to minimize the risks of destruction, loss, alteration, unauthorized disclosure or access, whether accidental or unlawful, or processing not in accordance with the purposes of collection. In accordance with art. 8 LPD and arts. 1, 2, 3 OPDa, as well as art. 32 of the GDPR, specific security measures are observed to prevent data loss, illicit or incorrect uses, and unauthorized access.

3.1 AUTOMATED DECISION-MAKING PROCESS

There are no fully automated decision-making processes, pursuant to art. 21 LPD and art. 22 GDPR.

PURPOSES OF PROCESSING
The processing of data has the following listed purposes. Also specified are the relevant legal bases/justifying reasons, the data retention period, and the necessity or otherwise of providing the data. The retention period for personal data is determined by the legal retention terms. Data is routinely deleted upon the expiration of the respective period. If the data is necessary for the initiation of a contract, or if we have a legitimate interest in further retention, the data will be deleted if no longer necessary for these purposes or if you exercise your right to object. It should be noted that the provision of personal data for the implementation of pre-contractual measures is voluntary. However, we can only make a decision in the context of contractual measures if you provide the necessary personal data.

a) To enable navigation on this site and its proper use

Activities strictly necessary for the user to navigate this website and to ensure its correct functioning. For data processed with technical cookies, please refer to the Cookie section.

Web Hosting

This website is hosted by an external service provider (host). This website is hosted on GPC Google Cloud Platform, Belgium, Western Europe Zone 1-b. The personal data collected on this website are stored on the host’s servers. This data may include, but is not limited to, IP addresses, contact requests, metadata and communication data, web page accesses, and other data generated by a website. We collect the listed data to ensure a correct connection to the website and an error-free provision of our services. Processing these data is strictly necessary to make the website available. The legal basis for data processing is our legitimate or predominant interest in the correct presentation and functionality of our website, according to art. 31 para 2 LPD and Art. 6 para 1 letter f GDPR. We have entered into a data processing agreement with the provider in compliance with the requirements of art. 28 GDPR and art. 9 LPD, wherein we commit to protecting our customers’ data and not to transfer it to third parties. Furthermore, it is specified that, in accordance with the indications of the LPD and the Federal Data Protection and Transparency Officer, Belgium is a third country that provides adequate guarantees for the transfer of personal data. The list of adequate countries can be verified at the following link: https://www.fedlex.admin.ch/eli/oc/2022/568/it#annex_1/lvl_u1

Server Log Files

Upon visiting our website, it is technically necessary for data to be transmitted to our web server via your internet browser. The following data are recorded during an active connection for communication between your internet browser and our web server: 1) Date and time of the request, 2) Name of the requested file, 3) Page from which the file was requested, 4) Access status, 5) Web browser and operating system used, 6) Full IP address of the requesting computer, 7) Amount of data transmitted. We collect the listed data to ensure a correct connection to the website and an error-free provision of our services. Processing these data is strictly necessary to make the website available. The log files are processed to assess the security and stability of the system and for administrative purposes. The legal basis for data processing is our legitimate or predominant interest in the protection and functionality of our website, according to art. 31 para 2 LPD and art. 6, paragraph 1, letter f GDPR. For technical security reasons, particularly to prevent attempts to attack our web server, we may temporarily store these data. At the latest after 30 days, the data are anonymized by shortening the IP address at the domain level, so that it is no longer possible to establish a reference to the individual user. These data are not evaluated in an anonymous form except for statistical purposes. These data are not combined with data from other sources.

b) To obtain anonymous statistical information about the use of the site.

Please refer to the Cookie section.

c) Institutional purposes in compliance with legal obligations, connected to the activity of MBK Fincom SA and the respect of national and/or community regulations and rules;

d) Receiving and managing contact requests from the Data Subject;

“Become Our Supplier” Form

You can apply as a supplier for the product classes of your interest, using the form on our website. If you submit the form, the information you provide, including contact data (name, company name, email address, telephone number) you enter, will be stored by us for the purpose of processing your request and responding to it. The processing of personal data provided is carried out in accordance with Art. 31 para 2 letter a. and on Art. 6 para. 1 letter b) GDPR, if aimed at concluding a contractual relationship with us. We do not use the data you provide for other purposes. The data will be processed for the time necessary to respond to the request and, in any case, not beyond 1 year from the request.

Contact Form and Email Contact

If you send us requests via our contact form or email, your data from the contact form or email, including the contact data you have provided, will be stored for the purpose of processing your request and any subsequent inquiries. To contact us, an email address is required. The name and telephone number are optional. The legal basis for data processing is our legitimate or predominant interest in responding to your request or the execution of pre-contractual measures. The data will be processed for the time necessary to respond to the request and, in any case, not beyond 2 years from the request. You can object to the processing of your personal data at any time.

Photographic and Video Material

With some of our specific applications for services, the user can share photos and/or videos with us to communicate with us or customize services (for example, the use of photographic and video material for assistance purposes, the use of the photo and video capture device of the VR system). All materials will be stored by us for the purpose of processing the request and responding to it. The processing of personal data provided is carried out in accordance with Art. 31 para 2 letter a and Art. 6 para. 1 letter b) GDPR. We do not use the data you provide for other purposes.

e) Receiving and managing applications for job positions;

“Work with Us” Form

If you apply for a job at our company through the dedicated contact form (https://mbkfincom.com/it/lavora-con-noi/ or via email, we collect and process your personal data. These include, in particular, your contact data (such as name and surname, telephone number, and user email address), as well as other data provided regarding your professional background (e.g., curriculum vitae, qualifications, educational titles, and work experiences) and about your person (e.g., cover letter, personal interests). Your personal data are communicated to us directly by you and are encrypted during electronic transmission. During the personnel selection process, we may collect additional data, asking you directly, and we may reprocess the information we have received for internal management of the application. Within our company, only dedicated persons and functions involved in personnel selection (for example, human resources) have access to your personal data that are absolutely necessary to carry out the application procedure or to fulfill our legal obligations. Your applications will be forwarded to the responsible person for review. Under no circumstances will your personal data be transmitted to third parties without authorization or in the absence of a suitable justifying reason (e.g., legal basis). Your data for an application to a specific job advertisement will be stored and processed by us during the ongoing application process. Once the application process is completed (for example, in the form of acceptance or rejection), the application process and all personal data will be deleted from the system within six months of the conclusion of the application process. The data of selected candidates will be securely stored for a maximum period of 2 years. The processing of personal data provided is carried out in accordance with Art. 31 para 2 letter a) and Art. 6 para. 1 letter b) GDPR. In case of acceptance, the application documents will be stored in the company, together with the employee’s documentation, which will form the respective dossier, for ten years after the end of the employment relationship.

COOKIES
Our website uses so-called “cookies”. Cookies are small text files that are temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on the user’s terminal until they are deleted by the user themselves or until the web browser provides an automatic solution. Many cookies are technically necessary, as certain functions of the website would not work without them (for example, the shopping cart function or language settings). Other cookies are used to evaluate user behavior or display advertisements.

The processing of personal data through other cookies is based on consent according to art. 31 para 1 LPD and Art. 6 para. 1 let. a) GDPR. Consent can be revoked at any time with effect for the future. If such cookies are used for analysis and optimization purposes, we will inform you separately in this privacy policy and request your specific consent.

You can set your browser to be informed about the setting of cookies, to allow cookies only in certain cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. Cookie settings can be managed at the following links for each browser:

Mozilla Firefox

https://support.mozilla.org/it/kb/Gestione%20dei%20cookie

Google Chrome

https://support.google.com/chrome/answer/95647?hl=it

Internet Explorer/Microsoft Edge

http://windows.microsoft.com/it-it/windows-vista/block-or-allow-cookies

Safari

https://support.apple.com/it-it/guide/safari/sfri11471/mac

Safari on iPhone, iPad, o iPod touch

https://support.apple.com/it-it/HT201265

It is also possible to individually manage cookies from many companies and features used for advertising. To do this, use the appropriate user tools available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices. Many browsers also offer the so-called “Do Not Track” function. By activating this function, the browser communicates to advertising networks, websites, and applications that you do not wish to be “tracked” for behavioral advertising and similar purposes. Furthermore, the loading of so-called scripts can be prevented by default. “NoScript” allows the execution of JavaScript, Java, and other plugins only on trusted domains of your choice. Information and instructions on how to modify this function can be obtained from the browser provider (for example, for Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/noscript/). Please note that if you disable cookies, the functionality of our website may be limited.

Cookie Settings Modification

You can revoke or modify cookie settings at any time. To do so, you can access the cookie settings again via the integrated digital fingerprint. You can find this at the bottom left on our website.

Google Ads

On our website, we use “Google Ads,” a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter “Google”). We use Google Ads for marketing and optimization purposes, specifically to display relevant and interesting ads to the user. If you have given us your consent according to art. 31 para. 1 LPD and art. 6 para. 1 let. a GDPR, we can use Google Ads to draw attention to our interesting offers with advertising material on external websites. These advertising materials are provided by Google through so-called “AdServers.” For this purpose, we use AdServer cookies, through which certain parameters for measuring success, such as the display of ads or user clicks, can be measured. If you reach our website via a Google ad, Google Ads will store a cookie on your PC. These cookies usually expire after 30 days and are not intended to identify you personally. The following information is typically stored as analysis values for this cookie: Unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (indication that the user no longer wishes to be contacted). These cookies enable Google to recognize the user’s web browser. If a user visits certain pages of an advertiser’s website and the cookie stored on their computer has not expired, Google and the advertiser can tell that the user clicked on the ad and was redirected to that page. Each advertising client is assigned a different cookie. Therefore, cookies cannot be tracked through the websites of advertising clients. We ourselves do not collect and process any personal data in the context of the aforementioned advertising measures. We only receive statistical evaluations from Google. Through these evaluations, we can recognize which of the advertising measures used are particularly effective. We do not receive further data from the use of the advertising material, in particular, we cannot identify users based on this information. Through the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. To our knowledge, Google receives information that you have accessed the relevant part of our website or clicked on one of our advertisements. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, it is possible that Google may discover and save your IP address. As personal data is transferred to the United States, additional adequate safeguards are required to ensure the level of data protection provided by the GDPR. To ensure this, we have concluded standard contractual clauses with the provider according to art. 46 Paragraph 2 letter c GDPR. These oblige the data recipient in the United States to process the data according to the European level of protection. In cases where this cannot be guaranteed even by this contractual extension, we seek to obtain additional provisions and commitments from the recipient in the United States. Further information on the use of data by Google, setting and objection possibilities, and data protection can be found on the following Google websites:

Privacy policy: https://policies.google.com/privacy
Google website statistics: https://services.google.com/sitestats/en.html
You can prevent the installation of cookies by deleting existing ones and deactivating the storage of cookies in the settings of your web browser. Please note that in this case, you may not be able to use all the functions of our website in full. It is also possible to prevent the storage of cookies by setting your web browser to block cookies from the domain “www.googleadservices.com” (https://www.google.de/settings/ads). We would like to point out that this setting will be deleted if you delete the cookies. Furthermore, you can deactivate interest-based ads by clicking on the link http://optout.aboutads.info. Please note that this setting will also be deleted if you delete the cookies.

Google Analytics

Our website uses Google Analytics, an internet analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies” and web beacons. Google will use this information on behalf of the operator of this website to evaluate users’ use of the website and to compile reports on website activity. Google will also use this information to provide the website operator with additional services related to the use of the website and the internet. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. The processing is based on your consent. We use Google Analytics only with IP anonymization activated. This means that your IP address will be further processed by Google only in a shortened form. We have entered into a data processing agreement with the service provider, in which we obligate them to protect our customers’ data and not to transmit it to third parties. As personal data is transferred to the United States, additional adequate safeguards are required to ensure the level of data protection provided by the GDPR. To ensure this, we have concluded standard contractual clauses with the provider according to art. 46 paragraph 2 lit. c. GDPR. These clauses oblige the data recipient in the United States to process the data according to the European level of protection. In cases where this cannot be guaranteed even by this contractual extension, we seek to obtain additional provisions and commitments from the recipient in the United States. The terms of use for Google Analytics and information on data protection are available at the following links: http://www.google.com/analytics/terms/https://policies.google.com/privacy The data will be deleted as soon as they are no longer needed for the purpose for which they were collected. Data related to users and events associated with cookies, user IDs (e.g., user ID), and advertising IDs (e.g., DoubleClick cookies, Android advertising ID, IDFA) will be deleted within 14 months of collection. Please note, however, that in this case, it may not be possible to use all the functions of this website without limitations. It is also possible to prevent Google from collecting the data generated by the cookie and analyzing your use of the website (including your IP address) and processing this data by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout.

RECIPIENTS OF PERSONAL DATA
We may share personal information with employees and/or personnel acting under the authority of the Data Controller (duly instructed for this purpose), as well as third parties bound to the Data Controller by a contractual relationship, for the purpose of fulfilling contractual obligations and satisfying one or more of the aforementioned processing purposes. Such third parties will process the data provided either as data processors or as independent data controllers. Specifically, we may share the personal data collected with the following categories of recipients: a) entities that provide services related to the operation of this website, the Data Controller’s computer system, and telecommunications networks (e.g., hosting providers, webmasters); b) competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request.

TRANSFER OF PERSONAL DATA OUTSIDE THE CONFEDERATION
The site is based in Belgium (hosting) and, therefore, the personal data processed will be stored both in Switzerland and transferred outside the Swiss Confederation, to a country considered adequate by the Federal Council for the communication of personal data (see Annex 1 of the OPDa https://www.fedlex.admin.ch/eli/oc/2022/568/it). In the event of communication of personal data to other foreign countries, not included in Annex 1 of the OPDa, the transfer will be carried out in accordance with the provisions of the LPD and the OPDa and, in particular, on the following bases:

• with adequate guarantees, namely contractual measures, aimed at ensuring adequate protection abroad;

• the processing is directly connected to the conclusion or execution of a contract and the data subject to processing concern the other party;

• the communication takes place within the same legal entity or company or between legal entities or companies under a single management, provided that the sender and the receiver comply with rules aimed at ensuring adequate data protection.

YOUR RIGHTS
Under the LPD, you are granted the following rights (non-exhaustive list):

Obtain the rectification of inaccurate or outdated personal data;

Be informed in writing and free of charge if personal data concerning you are subject to processing;

Prevent the communication of any sensitive personal data to third parties;

Obtain the portability of personal data or request their transfer to third parties;

Request the limitation or blocking of data processing, the prevention of data communication to third parties, or the rectification or destruction of personal data;

Request the prohibition of a specific processing of personal data and of a specific communication of personal data to third parties, or the deletion or destruction of certain personal data;

Where neither the correctness nor the inaccuracy of personal data can be proven, request the addition of a note to indicate the dispute;

Request that the rectification, destruction, blocking, especially the communication to third parties, as well as the note on the dispute or judgment, be communicated to third parties or published;

Have the illegitimacy of the processing of personal data declared.

Under the GDPR, you are recognized the following rights:

Obtain from the data controller confirmation as to whether or not personal data concerning you are being processed, and if so, access to the personal data (Access);

Obtain from the data controller the rectification of inaccurate personal data concerning you (Rectification);

Obtain from the data controller the erasure of personal data concerning you (Erasure);

Obtain from the data controller the restriction of processing (Restriction);

Receive in a structured, commonly used, and machine-readable format the personal data concerning you which you have provided to a data controller, and have the right to transmit those data to another data controller without hindrance from the data controller to which you have provided them (Portability);

Object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you (Opposition).

Without prejudice to any other administrative and judicial remedy, if the user believes that the processing of data concerning them violates the provisions of the LPD and the GDPR, they have the right to lodge a complaint with the competent Supervisory Authority (For Switzerland: the Federal Data Protection and Information Commissioner; for the European Economic Area, the European Data Protection Board’s website can be consulted herehttps://edpb.europa.eu/about-edpb/about-edpb/members_it). You may exercise your rights under the LPD and GDPR (where applicable) by contacting the Data Controller at: [email protected]

ADDITIONAL INFORMATION
Data Security

We adopt appropriate technical and organizational measures to ensure a level of protection commensurate with the risk in accordance with art. 8 LPD and arts. 1, 2, 3 OPDa in conjunction with art. 32 of the GDPR, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

Minors

No minor under the age of 16 may submit information to this Site without the prior consent of their parents or guardians, nor make purchases or enter into legal contracts through this site without such consent, unless this is permitted by applicable laws.

External Links to Social Media

On our website, social media (e.g., LinkedIn, Facebook, Instagram) are incorporated exclusively as links to the respective service. After clicking on the embedded text/image link, you will be redirected to the website of the respective provider. User data will only be transferred after redirection to the respective provider. Information on the use of the user’s personal data through the use of the website can be found in the privacy policies of the visited websites.

Communication with the DPO

When contacting our data protection officer, please specify the company to which the request relates. Unless expressly requested by the DPO or our internal privacy team, please do not attach a copy of identity documents to the request.

Changes and Updates

We reserve the right to modify this privacy policy, if necessary, in accordance with current data protection regulations. In this way, we can adapt it to current legal requirements and take into account changes to our services, such as the introduction of new services. The most recent version applies to your visit.

Last updated: December 12, 2023

© All rights Reserved SUPERNOVA