Data Protection Policy

Premises

SINTETICA SA, Via Penate 5, CH-Mendrisio, (hereinafter referred to as "SINTETICA", "the Company", "the Owner", "we") undertakes to process all personal data (hereinafter referred to as "personal data") collected through the website in accordance in particular with the Swiss Data Protection Act (DPA) and, to the extent that this is applicable, with the GENERAL REGULATION ON DATA PROTECTION, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 ("GDPR"), and to take appropriate security measures to protect it from unauthorized access. In this Data Protection Policy, we inform you specifically about what kind of personal data is collected and processed in connection with your use of the website, for what purposes it is used, to whom it may be disclosed, and what your rights are in relation to the use of your personal data by SINTETICA SA. Personal data means any information that relates to an identified or identifiable natural or legal person, e.g. surname, first name, address, e-mail, date of birth or telephone number.

By accessing the online portal (hereinafter "portal" or "website") and/or using the services and products we offer, you acknowledge that you have carefully read this data protection statement. Any questions in connection with this data protection declaration may be addressed at any time by e-mail to privacy@sintetica.com.

1. Owner

The Owner under the legislation on the protection of personal data is SINTETICA SA, Via Penate 5, CH- Mendrisio. The Owner determines the purposes and means of the processing of personal data and is responsible for the processing and use of personal data in accordance with this Data Protection Policy. If you have any questions or concerns about this policy or the processing of personal data, please contact us at the following address: privacy@sintetica.com

2. Processing of personal data

All personal data collected by the Company in the course of its business and through the website are processed in particular in accordance with the Federal Act on Data Protection (FADP). We collect and process personal data carefully and for the purposes described in this policy. In accordance with applicable law, we may also use your personal data in ways other than those described in this Data Protection Policy. In this case, we will provide you with specific privacy notices or communications at the time of collection and may ask for your consent. Before you give us consent, it is necessary for you to understand in detail the terms of the processing. If you have any doubts, please feel free to contact us through privacy@sintetica.com before giving us consent. To the extent that the processing of your personal data was based on consent, you will always have the right to revoke it. Processing that occurred before revocation will maintain lawfulness. We will always try, as far as is reasonable, to collect the information in anonymous or pseudonymized form so that we cannot identify you.

3. Collection of personal data

3.1 Personal data transmitted automatically through the use of the website
The Company has decided to limit the data collected automatically through the website and so-called cookies (see below) to an absolute minimum. This data will not be merged with other personal data and will be stored separately from any other personal data transmitted by the user. 

  • IP address, access date and time, geographical area connection


3.2 Personal data that the user transmits to us
The Company also collects and processes personal data that you voluntarily transmit via an online form directly on the portal, via our contact email address, via any other application linked to the portal, by phone, in person at our offices, and in any other way.

  • Last name, first name, mailing address, e-mail address, phone number, date of birth

The provision of this personal data is expressly done on a voluntary basis. Without this personal data, however, we will not be able to provide the services you request.

3.3 Third Party Personal Data
To the extent that the Company receives or has access to other categories of personal data through the user, it will be evaluated from time to time whether it is necessary to sign a contract with the user for the processing of personal data, where the Company may also assume the role of Manager, Co-Manager or Co-Owner. In the latter case, the Company also reserves the right to adopt a specific privacy policy.

4. Purpose and legal basis of data processing

4.1 Purpose of data processing
(a) Personal data transmitted automatically through the use of the portal
The Company uses automatically collected personal data to fulfill the following purposes:

  • enable the display, operation and functionality of the portal

  • ensure the stability and security of the system

  • improve and protect our services

  • statistical purposes in case of attacks on the network infrastructure on which the website is hosted

(b) The personal data that you transmit to us
The Company uses the personal data you provide to us to fulfill the following purposes:

  • provide, maintain, protect and optimize the services and information offered;

  • communicate with you and provide you with the best possible and personalized information (e.g., about our products and services);

  • offer you new services and information;

  • comply with legal or other regulatory requirements and internal regulations;

  • the establishment, exercise and/or defense of actual or potential legal claims, investigations or similar proceedings;

  • other legitimate purposes, if this processing arises from the circumstances or was indicated at the time of collection.


4.2 Legal basis for data processing
The processing of personal data is based on the following legal bases: 

  • for the execution of a contract with you or the intention to enter into a contract with you (e.g., for the purchase of a product) 

  • to fulfill a legal obligation (e.g., for tax purposes or for the purpose of investigation or prosecution) or 

  • to protect our legitimate interests (e.g., protecting and securing our services, systems, assets; complying with legal, regulatory, and contractual obligations; asserting, exercising, or defending legal claims; maintaining and efficiently organizing business operations; improving and developing our services; selling and marketing our services);

  • your consent, only if it can be revoked at any time (e.g., when you sign up for our newsletter and other marketing communications). 

As noted above, if the processing is based on your consent or our legitimate interests, you may withdraw your consent or object to this processing at any time by contacting us directly at privacy@sintetica.com. Please note: withdrawal of your consent does not affect the lawfulness of processing based on consent prior to withdrawal.

5. Disclosure of personal data to third parties

The Company has the right, in accordance with applicable law and within the scope of this Data Protection Policy, to transfer processed personal data to the following recipients for our processing purposes or their processing purposes, or to have such data transferred by third parties:

  • consultants and suppliers of the Company;

  • service providers who process personal data on behalf of and at the instruction of the Company;

  • service providers, other business partners and auxiliary persons (e.g., trustees, lawyers);

  • authorities, official agencies, courts or other state institutions;

  • social media;

  • other parties in potential or actual legal proceedings.

We select our partners and data processors carefully and only with sufficient assurance that they have appropriate technical and organizational measures in place. Our partners and data processors are obliged to comply with the Federal Act on Data Protection at all times. Our partners and data processors are subject to confidentiality requirements and may use personal data only to the extent necessary to fulfill the purpose for which it was collected, unless otherwise required by law.

6. Transfer of personal data outside the EU and EEA

Personal data collected is primarily stored in Switzerland. In addition, we may transfer, store and process your personal data in locations around the world, such as where our third-party suppliers or partners are located. Therefore, we may transfer personal data outside the European Economic Area (EEA) if this is necessary for the data processing described in this policy, in accordance with applicable law.

If data is transferred to countries that do not provide an adequate level of protection, we ensure adequate data protection by adopting appropriate safeguards, such as contractual guarantees (e.g. based on the EU standard clauses called "SCC", which are amended with the addendum for Switzerland, aimed in particular at ensuring that Swiss citizens are also adequately protected and that the application of European law alone is not prejudicial to them), the transfer of data on the basis of explicit consent, for the conclusion or execution of a contract with you or in connection with the establishment, exercise or enforcement of legal claims. For more information about our reasonable security measures, please contact us by e-mail at privacy@sintetica.com.

7. Length of retention of personal data

In principle, personal data are deleted as soon as they are no longer needed to achieve the purpose for which they were collected, unless a longer retention is necessary to fulfill legal obligations (e.g., retention and documentation requirements), contractual or pre-contractual obligations, or justified business interests of us (e.g., to assert, exercise, or defend legal claims).

On this basis, we generally process personal data in accordance with the following rules and obligations:

  • Personal data automatically transmitted by you through the use of our portal (see Section 3.1.) for the purpose of viewing, operating and ensuring the functionality of the portal will be deleted within six months.

  • Personal data that you provide to us in connection with the use of our services and products offered on our site or that you otherwise provide to us through your contact e-mail address (see Section 3.2.) will generally be retained by us until you ask us to delete it, you revoke your consent to its retention, or the purpose for retaining the data no longer applies (e.g., upon completion of the processing of your request).

  • For contract-related personal data (including records and business communications), we will retain personal data for as long as the contractual relationship exists and thereafter for an additional ten years after the termination of the contractual relationship, unless (i) a shorter or longer legal retention requirement applies in the individual case, (ii) retention is required for evidence or another valid reason under applicable law, or (iii) deletion of the data is required earlier (e.g., because the data is no longer needed or we need to delete relevant data).

  • Any data related to job applications, will be deleted within the time it takes to screen the applications (without a different indication this period is 3 months). After that period the data are destroyed unless the candidate is hired. In that case the retention periods stipulated in the personnel regulations apply. 

  • Any personal data that were on backups (static and inactive data), are retained for the retention period of the backup in which they are contained. Normally, backups are deleted by overwriting as soon as the scheduled cycle has ended.

8. Cookies

The Company has decided to limit cookies to the minimum necessary for operation. In any case for consent management and transparency, SINTETICA uses Cookiebot CMP, a consent management platform that helps companies make their websites privacy compliant.

9. Pharmacovigilance

In case you use emails or other unencrypted Internet channels to communicate adverse reactions or other circumstances subject to mandatory reporting, please note that data transmissions over the Internet without adequate security measures pose increased risks to privacy. For inquiries in relation to privacy and processing of personal data, please feel free to contact us at privacy@sintetica.com

For reporting adverse events or any other circumstance subject to mandatory reporting, we invite you to use the contact details found at https://sintetica.com/pharmacovigilance

In any case, we recommend that you absolutely avoid the transmission of personal data that is not indispensable or mandatory. Through data minimization and other technical organizational measures, Sintetica constantly strives for the protection of personal data.

10. Applications and recruiting

For SINTETICA, employees are not only a valuable resource, but first and foremost people. The protection of SINTETICA employees begins at the recruiting stage. Applications are managed through third-party vendor systems, selected with the privacy of candidates in mind. In principle, spontaneous applications transmitted to SINTETICA are reviewed by human resources. The assessment, depending on business needs, may take from 6 to 12 months. To the extent that candidates, in addition to asserting other rights (see Article 12 below) wish to withdraw their applications, have detailed information about data protection measures, they may contact us at: privacy@sintetica.com.

11. Security

The Company implements and regularly updates organizational and technical measures to maintain the security of personal data and to protect it from unauthorized or unlawful processing, accidental loss, alteration, disclosure, or unauthorized access.

The Company may use third parties as data processors to collect and process your personal data. The data processors we engage will process your personal data only in accordance with our instructions and are required by law to take strict security precautions when processing personal data. 

The transmission of information over the Internet is not completely secure. Despite our efforts to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission takes place without the Company assuming any responsibility. For this reason, you may send us your personal data by other means, such as by telephone. Once we receive your data, we apply strict procedures and strict security measures to prevent unauthorized access.

12. Privacy statements of third-party suppliers

Please note that if you click on a link to a third-party website, you will be redirected to a website that we do not control and our privacy policy will no longer apply. Your browsing and interaction on another website is subject to the terms of use, privacy statements and notices of those third-party websites. We encourage you to carefully read the terms of use, privacy statements and notices of other websites before submitting personal information through this site. We are not responsible for the informational content and data processing of such third-party websites.

13. Your Rights

You have the right to assert your data protection rights at any time and, with proof of identity, to obtain information about your stored personal data, to correct or supplement it, to object to the processing of your personal data, or to request the deletion of your personal data. 

Any request in the above terms should be sent to privacy@sintetica.com

Please note that even after a possible request for deletion of your personal data, we may not be able to follow up on it in view of legal and contractual storage obligations or if it is necessary to enforce a right of ours. 

If in doubt, you can contact us at privacy@sintetica.com. Keep in mind that the processing of requests in connection with this article, may take at least 60 days.

14. Changes 

SINTETICA SA reserves the right to adapt, supplement or otherwise change this Data Protection Policy at any time and without stating reasons. The updated version of this declaration is available upon request at privacy@sintetica.com

Version 1.1, September 2023