PRIVACY POLICY

1        INTRODUCTION

This privacy notice applies to personal data processed by Rata Services SA and its contractors (“Rata Services” or “Company””) including e.g. any information provided when you exchange emails with Rata Services or other storage of data.

2        WHO IS RESPONSIBLE: CONTACT DETAILS

Rata Services SA is not intending to be the “controller” as pursuant to the General Data Protection Regulations (GDPR) and the Swiss Federal Data Protection Act (nLPD), with respect to the processing of personal data undertaken on behalf of any individual legal entity.  However Rata Services is committed to ensure compliance with all applicable laws relating to data privacy. If you have any questions or requests related to our processing of your personal data please contact us.

3        PURPOSE OF PROCESSING -WHAT DATA ARE USED FOR

3.1 General We only process personal data as necessary for the administration of the relationship with the contracting entity. Specifically, this may involve processing personal data such as name, address, telephone number and other contact information, national identity number, position and role, employer, account number, customer/supplier history (what was purchased when, etc.), information about meetings, communication and correspondence, cloud services, logins and activity on website and information required for audit purposes. In some case we will have to conduct due diligence reviews, and data from such reviews will be processed. In general, the Company does not process special categories (sensitive) personal data.

3.2  The use of cookies We use cookies on our Website and we may receive information about you from the use of cookies when you access our Website. The Company may use cookies for the purposes of facilitating basic website functionality, enhancing the user experience or supporting the contracting entity’s IP address, operating system and the browser used. This information does generally not include data that allows for individual identification of the information to a specific user.

4        LEGAL BASIS

Personal data may be processed where the processing is necessary for the performance of a contract with the principal contracting entity or in order to take steps at the request of a contracting entity prior to entering into a contract. Legal basis for the processing may also be Rata Services’ legal or regulatory requirement to process the data or where it is required to protect a person’s vital interests or where such processing is necessary for the performance of a task carried out in the public interest.

5        PERSONAL DATA RELATING TO OTHER INDIVIDUALS

We might receive personal data relating to third parties from the contracting entity. Before processing any personal data on third parties, the contracting entity must ensure that they have provided the relevant third parties with any necessary privacy notices in connection with Rata Services processing of their personal data.

6        RECIPIENTS – TRANSFER

Rata Services will restrict access as instructed by the contracting entity but the Company may share such data with sub-suppliers and other partners and, when specifically required, with advisers, auditors, lawyers, IT consultants and others. The Company may also transfer personal customer data abroad, including to non-EU/EEA countries whose data privacy laws do not offer the same level of protection as under the GDPR. The typical reasons for such transfers include the use of external data storage services. The transfer of personal data abroad will only take place if there is a legal basis for such transfer.

7        USE OF THIRD PARTY LINKS

Rata Service Website may include links or forms to third party websites. Clicking on those links and/or providing information in forms related to third parties may allow third parties to collect and/or share data about you. Data processed under this section are not controlled or accessible by Rata Services and we encourage you to read the privacy notice on each third party website you visit or access from our website.

8        FOR HOW LONG IS DATA STORED?

Personal data related to you will only be stored for as long as necessary for the purpose of the processing, and will then be erased.

9        HOW IS PERSONAL DATA PROTECTED?

The Company has implemented the technical and organisational security measures to ensure that personal data is processed in a secure manner. The security measures are considered adequate however the need for additional security measures shall be evaluated on an on-going basis based on the contracting entity’s requirements.