When we refer to “Ethical” or use the word “we”, “our” or “us”, we mean the Ethical that acts as the ‘controller’ of the information we hold about you or the ‘processor’ of the information that a customer has entrusted to us, as explained in more detail under the “identifying the data controller” part of this Policy.

By “you” we mean the individual reading this text, i.e., you as a natural person (and not any company or other organization that you may be associated with).

Some words and phrases in this Policy are in single quotation marks (e.g., ‘controller’, ‘processor’ and ‘data subject’). These are legal terms, having the same meanings as given to them in the EU General Data Protection Regulation, i.e., Regulation (EU) 2016/679 (“GDPR”).

Application
This Policy applies to the data processing that takes place through or in connection with the following: your visiting, or accessing resources that form part of, any website of Ethical or its subsidiary (we shall use the word “Website” to designate any such site), including, for example, the site at https://www.ethicalclinical.com/; your communication or interaction with Ethical; insofar as the above activities are not subject to another privacy policy or similar document.

The Policy does not apply in relation to other parties products, services, websites, resources or activities.

When we speak of “Personal Data”, we mean any information about a living individual from which that person can be identified (the proper legal definition of ‘personal data’ is “any information relating to an identified or identifiable natural person”, with the person to whom the information relates being referred to as the ‘data subject’). Personal Data do not include information from which no individual can reasonably be identified, that is to say, anonymous information or personal data rendered anonymous in such a manner that the individual is not, or no longer is, identifiable (de-identified or anonymized information). The Policy does not apply to such information.

The Policy supplements our other terms and policies and is not intended to override them.

Identifying the Data Controller
A lot of what we do involves data processing in one way or another. Various data need to be processed in a number of ways in order for us to carry on our business, including provide, maintain and develop the Service and Websites, and to communicate with you. Information is processed both for us as well as our customers, and customers themselves process information through the Service. Not all of this information constitutes Personal Data and much of the processing is controlled by parties other than Ethical.

Ethical is the ‘controller’ of the Personal Data that are collected by us or on our behalf through the activities listed in this Policy, or which are otherwise processed for the purposes of our business. Specifically, it is Ethical that acts as the ‘controller’ of the said Personal Data. The following sections explain the collection and subsequent processing of these data in more detail.

The Information We Collect and Receive
Ethical collects, generates and receives information in a variety of ways. Some of this information constitutes Personal Data and the rest does not. We shall use the word “Information” to designate any and all of the data that are collected, generated or otherwise processed by us or on our behalf. This part of the Policy describes which Information and how is collected or generated through the activities listed previously.

We collect Information about you in the course of negotiating, preparing, concluding and amending agreements between you and Ethical. The Information collected may include the data provided in such agreements and any data that you furnish for the purposes of negotiating, concluding or amending those agreements.

As with most websites, certain data are automatically collected when you visit a Website and this Information is recorded in log files.

It may also include the name of your device and information as to your web browser type and version.

On a more general level, we collect (or have third parties collect for us) anonymous Information about the use of our site.

Accessing resources on Websites may (depending on the site visited, resource accessed, device used and your hardware and software settings), result in the following Information being collected: your IP address, approximate location, Website entry and exit pages, referral sites and keywords, session time and duration, activities on the Website (e.g., pages viewed, links followed, clicks made), web browser type, version and settings (including, e.g., language preferences), device type, name and settings as well as the type and version of its operating system, and your internet service provider or mobile network operator. Some of this Information is collected by the use of cookies, as described in the Cookie policy section.

Purpose of processing
Your personal data are processed for the following purposes:

• to receive and respond to any request for a contact, by sending the information you requested;
• to collect information necessary for the obligations connected with the pre-contractual phase

Processing method
The Controller will process personal data in accordance with the principles of lawfulness, fairness and transparency.

Your personal data are processed by means of the following operations: collection, recording, organisation, structuring, storage, consultation, adaptation or alteration, use, dissemination, disclosure by transmission, retrieval, alignment, combination, restriction, erasure and destruction of the data. Your personal data are subjected to both hard-copy and electronic processing.

The Controller will process the personal data for the time necessary to carry out the purposes indicated above and, in any case, for not more than 2 years from collecting the data.

However, the Controller may store the data for longer than 2 years if erasure of the same may compromise its legitimate right to defence or, in general, to safeguard its company assets. Such storage will take place, limiting access to the same to heads of departments only, in order to guarantee the legitimate exercising of the right of defence of the Controller.

Access to data
Your data may be made accessible for the purposes indicated in art purpose of processing to the following recipients:

• affiliate companies or subsidiaries of Ethical to the extent to which this is necessary for processing;
• companies or other third parties (professional firms, consultants, insurance companies for providing insurance services, suppliers, entities that provide services for managing the computer system and the telecommunications network for the services, etc.), who act on an outsourcing basis for the Controller, and who have been formally nominated as the data processor;
• public entities/regulatory authorities, for fulfilling legal obligations.

Without requiring your explicit consent, the Controller may communicate your data for the purposes indicated in purpose of processing to supervisory bodies, judicial authorities, insurance companies for providing insurance services, as well as to entities to which communication is mandatory in terms of the law, for carrying out said purposes.

Transfers of data
Personal data are stored on servers located within the European Union. In any case, it is understood that, should this be necessary, the Controller will have the right to move the servers even outside the EU. In such a case, the Controller hereby guarantees that transfers of data outside the EU will be done in accordance with the applicable laws, also by means of including standard contractual clauses provided for by the European Commission, and adopting binding corporate rules for intra-group transfers.

Consent
The provision of data and related processing for the purposes indicated in point purpose of processing is necessary in order to guarantee the Controller’s services you have requested, and for executing the requests made. If refused, you cannot successfully submit requests and cannot receive a response from the Controller.

Rights of the data subject
In your capacity as the data subject in processing of the data in question, you have the rights provided for in the GDPR, including the right to ask the Data Controller, by contacting the Data Protection Officer for: access to the personal data, indication of the means, purposes and logics involved in the processing, the right to object, to request restriction of processing, data portability, rectification and erasure of the same, within the limits and in the ways provided for in the GDPR.

Where processing of data is based on consent, you have the right to withdraw the same at any time.

In addition, you always have the right to object to the sending of newsletters and processing of all or several data for marketing or commercial purposes.

Therefore, in your capacity as the data subject, you have the rights pursuant to Arts. 15 – 21 of GDPR, as well as the right to lodge a complaint with the competent Authority pursuant to art. 77 of GDPR.

Procedure for exercising rights and communications
You may contact Ethical GmbH at any time, using the following procedures:

• sending an e-mail message to info@ethical.ch

We wish to state that you have the right to withdraw the consent given at any time by writing to info@ethical.ch

What is a cookie?
A cookie is a small text file which is recorded in the temporary memory of the browser when a website is entered, for a variable period of time generally lasting between a few hours and some years, with the exception of profiling cookies which last a maximum of 365 calendar days.

The file memorises certain information which the site is able to read when it is consulted again and which may be necessary for the proper functioning of the site and to improve usability. Through cookies, for example, it is possible to determine whether a connection has already been made between the computer and site, to highlight novelties or maintain “login” information.

Cookie types

• Technical cookies: necessary for the proper functioning of the site, they are used for browsing purposes or to provide a service requested by the user; they are not used for other purposes and are usually installed by the website owner.
• Statistical cookies (analytics): they make it possible to know how users use the site, in order to assess and improve its functioning and promote the production of contents which best meet user requirements. All information collected by these cookies is anonymous and unconnected with the user’s personal data.
• Profiling cookies: they make it possible to offer the user advertisements related to him/her and his/her pertinent interests. Moreover, they are used to limit the number of times the same advertisement is shown and to assess the effectiveness of advertising campaigns.
• Third party cookies: they are conveyed, without eAdjudication® control, by third parties (example: Google Maps, Youtube, Linkedin and Twitter) which can intercept the user also while browsing in non-site. These cookies, typically persistent, cannot be controlled directly by eAdjudication® which therefore cannot guarantee how third party owners use the information gathered.

Cookie policy
eAdjudication® website only use technical cookies and the so-called “analytics” cookies which, for the purpose of optimising the site could collect information, in anonymous and aggregate form, about the number of users and how they use the site. eAdjudication® does not use any type of cookie aimed at profiling the user but uses third party services which, in turn, use profiling cookies. List of these services and link to the pertinent privacy information policy:

• Google Analytics is a web analysis service supplied by Google Inc
• Google Maps is a service to find and view maps supplied by Google Inc

Where to find information on how to disable or manage cookies in different browsers:

• Google Chrome
• Mozilla Firefox
• Apple Safari
• Internet Explorer

For any further clarification concerning “cookies”, reference can be made to the following link: https://gdpr.eu/cookies/