Privacy Policy
I. Data Controller
The data controller is SafeWorld Sagl Via Canova 7 6900 Lugano Switzerland e-mail privacy@safeworld.ch
II. Personal data collected
SafeWorld™ requests the following personal data from the interested party: First Name, Last Name, Gender, Date, Country and City of Birth. Citizenship, details of an identity document and e-mail address in order to be able to accurately identify the person concerned. SafeWorld™ also requires the following vaccination information. Type of vaccine, lot number, name of the health facility that administered the vaccination, date and place of the first and any second vaccination.
III Purpose of data processing
The personal data collected are processed for the only purpose of being made available to companies in the travel, hospitality, catering and events industry, which provide facilitations for boarding, transportation, access, accommodation and hospitality to customers who are vaccinated against Covid-19. Through consultation of our database, these third parties are able to instantly verify whether or not a person has been vaccinated (how and when) allowing them to proceed or significantly accelerating the requested service.
IV. Lawful basis for data processing
· The collection and processing of personal data takes place on the basis of the data subject's request to be able to use the services offered by SafeWorld™, in particular those necessary to achieve the purposes of processing described above. There is therefore both the explicit consent of the data subject and the legal and contractual basis, namely that of enabling the provision of the service. In addition, the data are processed lawfully as long as the processing takes place to:
· protect the legitimate interests of the Controller and/or Third Parties:
· participation in proceedings of any nature both of administrative, civil and criminal nature both national and inter-national and related institutions;
· the prevention, detection, mitigation and support of investigations into fraud, security breaches and other prohibited or unlawful activities, including the assessment of related risks;
· monitoring and improving the security of the Services' information;
· to perform identity, creditworthiness and other financial checks, evaluation of applications and comparison of information for accuracy and verification purposes.
· to fulfil a legal obligation of the Data Controller.
· The interested party acknowledges that some of the data provided are, according to various regulations, laws and applicable national and international standards, data worthy of particular protection and therefore sensitive.
V. Data sharing with third-parties
Data collected will only be shared in the event of a specific, personal request (lists of names will never be shared) from:
· SafeWorld™'s Clients, i.e. providers of transportation and/or hotel and/or event and/or catering services that provide access or provide facilitation to persons who are vaccinated against Covid-19.
· Suppliers, consultants and other third parties who provide services for the above purposes;
· Banks and payment system operators that provide functional services for the above purposes;
· Subjects that process data in execution of specific legal obligations;
· Judicial or administrative authorities, for the fulfilment of legal obligations;
· To third parties to the extent that this is necessary and/or functional to the management of the Controller (merger, acquisition, group company and/or any other corporate activity and/or operation).
VI. Transfer of data abroad
Personal data may be disclosed, if necessary and useful for processing purposes, to third parties that are located outside Switzerland and/or have offices and/or establishments in countries where data protection laws may provide a different level of protection than the laws of your country.
VII. Controller of further data processing
If certain types of data are transferred to third parties (e.g., a company operating in the travel, or hospitality, or catering, or events industry) from which the client seeks to obtain the service that requires verification of vaccination or other Third Parties, these Third Parties are under GDPR Controllers of further processing and therefore required to provide their clients with information regarding the processing of personal data.
VIII. Consequences of the missed communication of personal data
Given the purposes of the database, the non-communication of personal data prevents the provision of the service and registration in the database. In the absence of validation of all the necessary data and without completion of the registration process within 72 hours from the receipt of the confirmation e-mail, all the data of the person concerned will be deleted.
Any new registration will be possible by repeating the process from the beginning. Please note that in the event you have provided false data or if the validation processes have been compromised, the data required to prevent further fraud will be stored for 10 years. In this case, the system will prevent re-registration. In this case, the interested party will have the right to verify the situation directly with SafeWorld™ and the case will be processed by a human operator, who will verify whether it is a fraud or a system error. Only in the latter case can the registration process be reactivated.
IX. Data retention and storage location
Your personal data, which is processed for the above purposes, will be retained until six months after the expiration of your vaccination and, thereafter, for as long as the Data Controller is subject to retention obligations for tax or other purposes (e.g., the one described in the previous paragraph), required by applicable regulations.
SafeWorld™ manages data on servers that operate in the Swiss Confederation or the European Union. However, once shared with Third Parties, these Controllers of further processing may operate in locations or in ways that do not ensure adequate protection of personal data.
X. Data profiling and disclosure
Personal data are not subject to profiling (unless expressly stated otherwise), but are managed using automated systems. However, the recipient only receives confirmation of whether or not the data subject has been vaccinated and when the vaccination expires.
XI. Rights of the data subject
Among the rights acknowledged to you by the applicable regulations are (to the extent and only insofar as this is provided for by the regulations applicable to the data subject) the possibility of requesting from the Data Controller and obtaining:
· access to your personal data and the information related to them; the rectification of inaccurate data or the integration of incomplete data;
· the cancellation of your personal data or the revocation of consent
· the limitation of the processing of your personal data;
· the sharing of your personal data in a structured and machine-readable format, also for the purpose of communicating such data to another data controller.
The data subject also has the right to:
· to oppose at any time the processing of your personal data
· request a restriction to the processing if
· he disputes the accuracy of the data;
· the treatment is unlawful, but opposes the deletion of personal data;
· the Controller no longer needs the data, but you need it to make or exercise legal claims or to defend against legal claims;
· the Data Subject had opposed the processing.
You may lodge a complaint with the supervisory authority (competent authority for the protection of personal data)
XII. Exercise of data subject rights and questions
To exercise your rights and for any questions in relation to this policy, please contact us via privacy@safeworld.ch. We will generally reply within five working days (according to the calendar of official holidays in use in the Republic of the Canton of Ticino).
XIII. Cookie
If you interface with SafeWorld™ via web and app, please note that we use a technology known as "Cookies". As is well known, cookies and related technologies allow us to provide more integrated services and a better browsing experience. However, these technologies imply the collection of data and information, among other things, related to the user, the device in use and the use of the same. At the following LINK you will find the cookies and other technologies active on the Portal. In any case you have the right to choose which of them to enable or not. In some cases, without cookies, the services will be only partially usable.
XIV. Risks and minimization measures
There is a risk that the data collected in the database of SafeWorld™ are accessed, altered, deleted or disclosed by unauthorized third parties as a result of hacking operations. If this happened, the damage for the interested party would be relative as the information that would be spread does not concern the presence of a pathology but simply a preventive measure taken by the interested party.
The Controller and the person responsible have taken every reasonable hardware and software measure to reduce these risks to a minimum.
XV. Privacy of Minors
The SafeWorld™ Services are not intended for use by minors. We do not knowingly collect personal data from users who are considered minors under applicable national laws. If you believe that a child under your legal guardianship has transmitted data to us or in any case data of a child under your legal guardianship has come into our possession, please contact us without delay via the following email: privacy@safeworld.ch
XIV. Personal data relating to third parties
If you provide us with the personal data of another person, you must first obtain their explicit consent and this must be in accordance with applicable law, be lawful, legal and provided for by the rules that protect the third party. In any case, you must adequately inform the other person of how we process personal data in accordance with this Privacy Policy.
Controller, Representative, Dpo and Data Processor
SafeWorld Sagl has its head office in Lugano (Switzerland) in via Canova 7. Email: privacy@safeworld.ch
Since SafeWorld does not have any permanent establishment in the EU, SafeWorld appoints its Representative in Italy, pursuant to Article 27 of the GDPR, the lawyer Chiara Belluzzi, via Adige 7, Milan Email dpo@safeworld.ch.
Managing personal data on a large scale, pursuant to Article 28 of the GDPR, SafeWorld has appointed Lawyer Belluzzi as its Data Protection Officer (dpo@safeworld.ch).
The data is physically stored in Chiasso by DHH Switzerland SA in Via degli Agustoni 3, which is the Data Processor.
The Health Professionals who enter the data are temporarily (in the time between entry and confirmation by the person concerned) Data Controllers.
Any complaints may be reported by you:
A) to the Federal Data Protection and Information Commissioner, Feldeggweg 1 CH-3003 Bern, Tel: +41 (0)58 462 43 95 (Monday to Friday 10 a.m. to 12 p.m.) Fax: +41 (0)58 465 99 96, or via contact form (https://www.edoeb.admin.ch/edoeb/it/home/l-ifpdt/contatto/formulario-di-contatto.html).
B) to the Guarantor Authority for the protection of personal data, Piazza di Monte Citorio, 121 - 00186 Rome, tel.: +39 (0)6.696771, e-mail: garante@gpdp.it.
General Terms and Conditions
I. Scope of application
These General Terms and Conditions (GTC) apply to all relations between the individual (the data subject) who signs up to the SafeWorld™ system (SW) and the company SafeWorld. These GTC also apply to the sign-up phase.
II. Purpose, scope and cost of service
The data subject acknowledges that SW's service is offered on a voluntary basis. SafeWorld is a private company under Swiss law and it is not a member of or controlled by national and/or international bodies.
A contractual relationship between the data subject and SW occurs when the data subject asks SW to certify data relating to his or her Covid-19 vaccination to third parties who request it on the basis of a contract or the willingness to enter into a contract with the data subject, in order to allow third parties to verify the presence or absence of such vaccination.
The data processing by SW is limited, once acquired the data of the person concerned, to make available to third parties, in particular suppliers of transport services, hotels, catering, and / or events, the confirmation or not of the vaccination and the expiry of the same. SW can transmit the data of the data subject on the basis of this contract, while the third party is authorized to request the data on the basis of the contract, or according to the request to enter into a contract, which has been submitted to the third party by the data subject (directly or through third parties, such as tourist agencies, ticketing agencies, etc.). Apart from the administrative costs, there are no additional costs for the data subject. SW charges the third parties who use the database directly for the services offered.
III. Responsibility of SW
SW is exclusively liable for the collection and storage of the data - in accordance with the applicable data protection regulations - and the provision of such data for the purposes described above (II). SW is not responsible for the accuracy of the data and is not liable in the event that the third party is not able to access the data, unless this is caused by gross negligence or wilful misconduct on the part of SW. In any case, the liability of SW is limited to the value of the registration to SW. SW will not pay any damages for any failure to use the services of third parties.
IV. Data Subject Responsibility
The data subject is both civilly and criminally liable for the statements, documents, and information provided to SW and its certifying partners. The data subject acknowledges that the service is intended to facilitate access to third party services requiring covid-19 vaccination to ensure and safeguard the public health and that of other users and employees. To the extent that, by providing false information, you expose any third party to the risk of covid-19 infection, you will be held fully responsible and liable.
The person concerned acknowledges that SW is obliged to cooperate with third party service providers and the appropriate authorities to verify any abuse of the certification system. SW reserves the right to take civil and/or criminal action against the person concerned in the event of a violation of these General Terms and Conditions. The person concerned is also jointly and severally liable for the data and information that he/she has entered on behalf of a third party.
IV. Duration and termination of the contract
The data will be kept for the duration of the vaccination and up to six months after that. In case of a booster vaccination, the data subject will be able to update his data. Once the six-month period of validity of the vaccination has expired, the person concerned must re-register.
SW reserves the right to suspend and/or delete the access and the data of the data subject should SW believe that the data provided are not trustworthy. Under no circumstances may the data subject make any claims against SW arising from the suspension or deletion of the data. Please note: In the event that false data has been provided or if the validation processes have been compromised, the necessary data for the prevention of further fraud will be stored for 10 years. In this case, the system will prevent re-registration. In this case, the data subject will have the right to verify the situation directly with SW and the case will be processed by a human operator, who will verify whether it is a fraud or a system error. Only in this second case the registration process can be reactivated.
The data subject may at any time request the cancellation of his data. No refund of administrative costs charged with the registration will be made.
V. Final Provisions
Insofar as one or more of the clauses of these GTC are partially or fully invalid or void, the remaining clauses shall remain in force and the GTC shall continue to apply.
VI. Applicable law and jurisdiction
Subject to any mandatory provisions to the contrary, any and all relations and/or relationships arising between the data subject and SW are governed exclusively by Swiss substantive law, to the exclusion not only of international law but also of any international agreements.
Always with the same exceptions as above, the exclusive place of jurisdiction is the District Court of Lugano.
In case of doubts or differences of interpretation, the Italian version shall prevail over the English, French and German translations.