At Mitto, we care about your personal data. It is important to us to be transparent about the data we collect, use, and share. We advise you to read our Privacy Policy,  General Service Terms and Conditions, Terms of Use, and Cookie Policy. This will explain how we process your personal data.

1. Name and contact details of the responsible controller.
2. Contact details of the data protection officer.
3. General information about data processing.
4. Provision of the website and creation of log files.
5. Contact form, e-mail contact, telephone contact, social media.
6. Use of cookies.
7. Web analytics by Google Analytics.
8. Transfer of personal data to third parties.
9. LinkedIn button and social widgets.
10. Right to information, deletion and correction as well as complaint.
11. Links to other websites or offers.

1. Name and contact details of the responsible controller

   Mitto AG, represented by its sole managing director, Mr Andrea Giacomini, is the responsible controller within the meaning of EU Regulation 2016/679 of 27 April 2016 (General Data Protection Regulation) (“GDPR”). Our contact details are:
   Mitto AG, Bahnhofstraße 21, 6300 Zug, Switzerland (Phone: +41 41 588 05 49, E-mail: info@mitto.ch)

2. Contact details of the data protection officer

   Our data protection officer can be reached at:
   Mitto, E-mail: dpo@mitto.ch

3. General information about data processing

   We are committed to the responsible handling of your personal data. Consequently, we comply with the requirements of the GDPR, the applicable national data protection laws and other provisions of the applicable data protection regulations.

   In the following we would like to inform you about how we handle your personal data. Unless explicitly stated otherwise, the following information applies to all websites operated by us.
   Please note that the following information may be reviewed and changed from time to time. We therefore recommend that you regularly consult our privacy policy.

4. Provision of the website and creation of log files

   Each time our website is accessed, our system automatically records in a log file data and information from the computer system of the requesting computer or terminal and only data that your browser transmits to our servers. The following data is processed:

   • IP address of the requesting computer or host,
   • Date and time of access as well as the time zone difference to Greenwich Mean Time (GMT),
   • Name and URL of the retrieved data,
   • Transferred amount of data,
   • Website from which our domain was accessed as well as the last opened website,
   • Operating system of your computer and its interface as well as the browser you use, including language and version of your browser,
   • The search term used when accessing via search engine,

   This data is also stored automatically in the log files of our system. There is no storage together with other personal data pertaining to you. The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.

   The processing of this data as well as the storage in log files takes place anonymously without personal reference and only temporarily for the purpose of enabling the use of the website (connection establishment), since this is only possible if the IP address remains stored for the duration of the session. Furthermore, the system security and stability should be thereby permanently guaranteed and our internet offer optimised. Our legitimate interest in the processing of data pursuant to Art. 6 (1) (f) GDPR lies in these purposes.

   The data will be deleted as soon as it is no longer necessary for the purpose of its collection.

   The collection of data for the provision of our website and the storage of the data in log files is essential for the operation of the website. There is therefore no possibility of objecting to such processing.

5. Contact form, e-mail contact, telephone contact, social media

   On our website we offer a contact form, which can be used to contact us. If you used this contact form, the data entered in the input mask will be transmitted to us and saved. This data is:

   • First and Last Name,
   • E-mail address,
   • Request/message,
   • If callback is desired, the telephone number.

   At the time of sending the message, the following data is also stored:

   • IP address of the requesting user,
   • Date and time of sending the contact request.

   For the processing of the data in the context of the sending process your consent is obtained and reference is made to this privacy policy.
   Alternatively, contacting us via various provided e-mail addresses is possible. In this case, the user’s personal data transmitted by e-mail will be stored.
   If you contact us by phone, we will save the following:

   • First and Last Name,
   • Request/message,
   • Your phone number.

   The legal basis for the processing of the data for the use of the contact form is the consent of the user pursuant to Art. 6 (1) (a) GDPR. The legal basis for the processing of the data transmitted in the course of sending an e-mail or making contact by telephone is Art. 6 (1) (f) GDPR. If the e-mail contact or the telephone contact is intended to conclude a contract, then the additional legal basis for the processing is Art. 6 (1) (b) GDPR.

   The processing of personal data from the input mask is solely for processing the contact as well as the processing of your request. In the case of contact via e-mail or telephone, the required legitimate interest in the processing of the data also lies herein. The other personal data processed during the sending process is intended to prevent misuse of the ability to contact us and to ensure the security of our communications and IT systems.
   The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Regarding the personal data from the input form of the contact form and data that has been sent by e-mail or communicated by telephone, it is deleted when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
   As a user, you have the option at any time to revoke your consent to the processing of your personal data. If you contact us by e-mail or telephone, you may object to the storage of your personal data at any time by sending a corresponding request to our contact details stated in the imprint or under section I of this privacy policy. In such a case, the conversation may not continue; your request may not be processed. All personal data stored in the course of contact will be deleted in this case. Please note that due to legal or contractual obligations, a longer storage period may be required.
   In addition, we can also be reached via our pages on social networks, for whose privacy the guidelines of the respective social network apply. If you contact us or communicate with us via such social networks, the data processing will be carried out in accordance with the data protection policies of the social network and this privacy policy as supplement. As part of the contact, the personal data transmitted with your message will be stored and processed.

6. Use of cookies

   Our website use cookies. Cookies are text files that are stored by your internet browser on the computer system. If you visit our website or Nimbow, a cookie may be stored on your computer’s operating system. This cookie contains a characteristic string that allows unique identification of your browser when you visit our website or Nimbow again.
   We use cookies to make our website and Nimbow more user-friendly. Some elements require that the retrieving browser be identified even after a page break. This mainly affects language settings and log-in information. On the other hand, we use cookies to analyse the usage behaviour on our website and Nimbow, in particular the frequency of page views and the input of search terms. The data of the users collected via cookies is anonymised and will not be stored together with other personal data.
   The legal basis for the processing of personal data using cookies is Art. 6 (1) (f) GDPR.
   The purpose of using technically necessary cookies is to simplify the use of our websites and Nimbow for the users. Some features of our website and Nimbow cannot be offered without the use of cookies. For these features, it is necessary that the browser is recognised even after a page break. The use of analysis cookies is done to improve the quality of our website, Nimbow and their content on the basis of user behaviour. These purposes constitute our legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
   Cookies are stored on your computer and transmitted by it to our system. Therefore, as a user, you have control over the use of stored cookies. By changing the settings in your browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. However, if cookies are disabled for our website and Nimbow, it may not be possible to fully use all functions of the website and Nimbow.

7. Web analytics by Google Analytics

   We use the web analytics service Google Analytics of Google LLC, Amphitheater Parkway, Mountain View, CA 94043, USA, on our website and Nimbow.
   Google Analytics uses cookies (for cookies, see X). The information generated by the cookie about your use of the website such as

   • Browser type/version,
   • Operating system used,
   • Referrer URL (the previously visited page),
   • Host name of the accessing computer (IP address),
   • Time of server request,

   are usually transferred to a Google LLC server in the US and processed there. The IP address is shortened by the activation of IP anonymisation (“anonymizeIP”) on our website before the transmission. This guarantees an anonymisation of your IP address so that all data is only processed anonymously. Only in exceptional cases will the full IP address be sent to a server of Google LLC in the USA and shortened there. In these cases, we provide contractual guarantees to ensure that Google LLC maintains a reasonable level of data protection. According to Google LLC, the IP address will in no case be associated with any other data related to the user.
   The legal basis for processing users’ personal data is Article 6 (1) (f) GDPR.
   Google will on our behalf use the transmitted information to evaluate your use of our website and Nimbow. By analysing the data obtained, we are able to compile information about the use of the individual components of our website and Nimbow. This helps us to constantly improve our website, Nimbow and their user-friendliness. Our legitimate interest in the processing of data pursuant to Art. 6 (1) (f) GDPR lies in these purposes. The anonymisation of the IP address sufficiently takes into account the interests of users in their protection of personal data.
   The data will be deleted as soon as it is no longer needed for our recording purposes.
   Since Google Analytics works with cookies, you as the user also have control over the use of stored cookies (see section VIII).
   In addition, you may prevent the collection and transmission to Google of the data generated by the cookie and related to your use of our website and Nimbow (including the IP address) and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
   As an alternative to the browser plug-in, you can click on this link to prevent data collection by Google Analytics on the website or Nimbow in the future. An opt-out cookie is stored on your used device. If you delete your cookies, the link must be clicked again.
   For more information about privacy related to Google Analytics, see the Google Analytics Help Center(https://support.google.com/analytics/answer/6004245?hl=de.

8. Transfer of personal data to third parties

   We only pass on your personal data if you have expressly consented, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to assert claims arising from the contractual relationship, as well as to fulfil our obligations.
   In addition, we pass on your data to third parties, as far as it is required in the context of the use of the website and the contract, namely for the processing of your orders, the processing of your purchases, the delivery of your ordered products and their payment, and for the provision of the services you request, for the analysis of your user behaviour as well as for the service providers supporting us.
   Our service providers are always carefully selected, commissioned and bound by our instructions. They are checked regularly by us.
   The transfer of the data to third parties and the processing of the data passed on by third parties is strictly limited to the stated purposes. In addition, these third parties are obliged to treat their data in accordance with this privacy policy and the relevant data protection laws, in particular the GDPR.

9. LinkedIn button and social widgets (LinkedIn Corporation)

   The LinkedIn button and social widgets are services allowing interaction with the LinkedIn social network provided by LinkedIn Corporation.
   Personal Data collected: Cookies and Usage Data.
   Place of processing: US – Privacy Policy.

10. Right to information, deletion and correction as well as complaint

    You can always ask for information about your personal data stored by us. Likewise, you are fundamentally entitled to demand the deletion or correction of your stored data at any time, as long as legal obligations do not conflict. Please note that by law certain data must be kept for a certain period of time. Such data must therefore be stored by us until the expiration of these deadlines. We block this data in our system and only use it to fulfil legal requirements.
    You may exercise your aforementioned rights by sending us a request to our contact details stated in the imprint or in section I of this privacy policy.
    Please note that we reserve the right to require submission of proof of identity, and that in the event of deletion of your data use of our services is not or is no longer fully possible.
    Consents to certain data processing can be revoked at any time with effect for the future.
    You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence or the place of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR.
    Our website and are open to people only from the age of 16 years. Personal data of persons who have not yet reached the age of 16 is therefore not collected by us. If you think your child is sharing data with us, you can contact us at the contact details provided.

11. Links to other websites or offers

    The website may contain links to the pages of other providers. Since we have no influence on these websites and offers, we recommend that you inquire about information regarding data protection that may be provided there. We assume no responsibility for the contents of the linked pages.

Version date: 17 December 2018