Last updated October 22, 2024
Privacy Notice
Website www.planbfund.vc and related resources
Introduction
The purpose of this page (hereinafter, the “Notice”) is to inform the user of the processing of information that concerns them (hereinafter, “Personal Data”) carried out in relation to the use of the website www.planbfund.vc (hereinafter, the “Website”), the social media profiles connected to it, and the contact resources (online forms, email, and phone number), as well as in the case of subscription to the newsletter (hereinafter, collectively, the “Platform”).
Given that the user has a wide range of services and resources available, this Notice is divided into a general section, providing information applicable to the entire Platform, and special sections containing specific information for individual resources. Paragraphs A and B specify the controller of the Platform and the contacts, as well as describe the mechanism for accepting and reviewing the Notice. Information on the processing of Personal Data activities and cookies is detailed in paragraph C. The data subjects’ rights are listed in paragraph D. Lastly, paragraph E regulates the substantive law applicable to the legal relationship between the parties and establishes the competent court in the event of a dispute related to said relationship.
The specific Notice relating to the processing of Personal Data in relation to the provision of products and services to customers and users of the coworking space can be viewed on the page www.planbfund.vc/privacy (to which reference is made and which is considered integrated here). The same Notice is also available in paper format at the Coworking reception.
A. Platform controller and contacts
The Platform’s controller is PLAN B NETWORK SA, (hereinafter, the “Controller”). The Controller has control of the Platform’s content and set forth the purpose and means of Personal Data processing.
Contacts:
- postal address: PLAN B NETWORK SA, Contrada di Sassello 10, 6900 Lugano (Switzerland)
- e-mail address: info@planbfund.vc
Attention: As filters are in place to safeguard the security of the Controller and the users, email communication is considered received only if there is a reply or confirmation of receipt. Otherwise, the user should assume the communication has not been delivered.
B. NOTICE AWARENESS | ACCEPTANCE | REVIEWS
The applicable Notice is the one in effect at the time of accessing the Platform. The most recently updated version can be accessed by clicking on the dedicated link found at the bottom of each Website’s page (www.planbfund.vc). The user is responsible for carefully reviewing the Notice’s status prior to using the Platform, since the Controller reserves the right to update the Notice at any time, particularly in light of the evolution of applicable law, functionalities, as well as services and products made available to the user.
C. PROCESSING OF PERSONAL DATA AND COOKIES
Legal framework and general notions
Applicable law. Personal Data processing through the Platform is regulated, in the context of the private sector, by the Federal Act on Data Protection (hereinafter, “FADP”).
Definition of “Personal Data” according to the FADP. Personal Data includes all information concerning an identified or identifiable natural person, such as name, last name, address, date of birth, email, phone number, IP address (what is it?), personal preferences and interests, purchases made, web pages visited, geolocation and movement data, etc.
Definition of “sensitive Personal Data” according to the FADP. Sensitive Personal Data are particularly confidential data: (i) data regarding religious, philosophical, political or trade union opinion or activity, concerning health, the private sphere, or the belonging to a race or ethnicity, (ii) genetic data, (iii) biometric data that uniquely identify a natural person, (iv) data concerning administrative and criminal prosecutions and sanctions, (v) data concerning social assistance measures.
Definition of “profiling”. It involves the automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements
Definition of “high-risk profiling”. It is profiling that poses a high risk to the data subject’s personality or fundamental rights by matching data that allow an assessment to be made of essential aspects of the personality of a natural person
Obligation to protect login credentials and personal devices. Internet and email use are exposed to security risks. The user has the duty to ensure the security of their own devices and passwords (particularly passwords related to their email) via appropriate technical and organizational measures.
Obligation to provide correct data and communicate any changes to Personal Data. The user is responsible for the accuracy of the Personal Data communicated to the Controller. They must voluntarily and promptly communicate any changes to Personal Data so that records can be constantly updated.
Legal foundation on Personal Data processing. Processing of Personal Data is unlawful when it constitutes a violation of personality rights. This violation can be justified based on the concerned person’s consent, a prevailing public or private interest, or the law. In particular, a prevailing private interest occurs if the processing is necessary for the provision of goods and/or services requested by the customer. Where required by law, for instance in the case of certain marketing or advertising activities that involve user profiling, the adoption of automated decisions or the processing of sensitive Personal Data, the Controller will request informed consent from the user through electronic (online or per email) or analogue (telephone, regular mail, or in-person) channels.
General responsibility disclaimer | User obligations regarding electronic communications
Given the Internet’s nature as an “open network,” the Controller does not guarantee that data provided or received by the user cannot be falsified, intercepted, or acquired by unauthorized third parties. The user commits to verifying by telephone all communications and electronic documents received from the Controller (including electronic communications and invoices) that are not validly signed with a qualified electronic signature attributable to the Controller or its collaborators, to the extent that they involve the payment of a sum of money, the execution of instructions, or the sending of confidential documents prior to compiling with the request. The user alone is responsible for the choice of their email service provider and for the correct and secure handling of their Personal Data outside the Platform.
Approval for email use. Email is not a means of communication that ensures the confidentiality, authenticity, and integrity of transmissions; thus, unauthorized third parties may access the information and potentially modify or otherwise manipulate its content. Therefore, it is recommended that the user does not send confidential information and data via email. Still, unless expressly instructed otherwise, by providing their email address the user authorizes the Controller to transmit via uncertified and unencrypted email, documents and information including any Personal Data or confidential information, assuming all related risks.
Retention period of Personal Data. When the purposes for which Personal Data are collected are achieved, they are destroyed or anonymized. Any legal retention obligations (for example; 10 (ten) years if the information holds accounting relevance) are reserved. The user can request detailed information about their Personal Data retention policy for a specific processing by contacting info@planbfund.vc.
Specialized service providers in contact with Personal Data. The Controller employs external service providers in the field of information technology to ensure the proper functioning of the Platform. These providers have access to data only to the extent strictly necessary for the performance of their tasks, subject to the assumption, through agreement, of strict confidentiality and non-use obligations regarding Personal Data. They must also be established in Switzerland or in foreign countries with legislation that adequately protects Personal Data according to the findings of the Federal Council as set out in Annex 1 of the Federal Council Ordinance on Data Protection (DPO).
Subject to the data processing provided for by law, the data collected within the Platform are made accessible or communicated to suppliers belonging to the following categories: (i) entities providing IT and telecommunication services, specifically, hosting / management / maintenance of the Platform, data analysis, and Cloud computing (word and data processing, storage, backup, management / sending of Newsletters, IT management, and email); (ii) credit institutions; (iii) entities providing services in the fields of marketing, legal, technical, accounting, administrative, fiscal, and auditing.
The complete and up-to-date list of service providers. is available for review at the Controller’s headquarters. For data and IT system security reasons, certain information may be anonymized or redacted.
Responsibility disclaimer for third-party online resources. We hold no control over the processing of Personal Data carried out independently by third parties (relative to the Controller), therefore we do not verify nor assume any responsibility in this regard. It is the user’s obligation to inquire about the processing carried out by these third parties before purchasing goods or services, visiting websites, using applications, or devices. For example, the user leaves the Platform whenever: (i) sending emails; (ii) visiting social media profiles; (iii) visiting web pages outside the domain www.planbfund.vc.
Relation with European Data Protection Law
Switzerland is not a member state of the European Union (EU), therefore European law is not directly applicable. Art. 3, para. 2 of the General Data Protection Regulation (EU) 679/2016 (hereinafter, “GDPR”) specifies that the regulation applies to entities established outside the EU in the case of data processing related to: (i) offering goods or services to natural persons in the EU or (ii) monitoring the behavior of natural persons in the EU.
The Controller does not target activities towards the EU, nor does it monitor the behavior of those in the EU, making the GDPR inapplicable. Swiss law provides adequate protection for Personal Data, as confirmed by the European Commission on July 26, 2000 (the adequacy decision can be downloaded here).
In the (exceptional) case of being subject to the GDPR, this document serves as information pursuant to arts. 13 and 14. In addition to benefiting from all protections provided by the GDPR, the user can assert rights as expressed in arts. 15, 16, 17, 18, 19, 20, 21, and 22 GDPR, by contacting the Controller. The user has the right, at any time, within the limits and conditions established by the GDPR, to request access to their Personal Data, rectification, erasure, limitation of processing concerning them, or to object to processing, as well as to exercise the right to data portability. If the processing is based on art. 6, para. 1, litt. a) or art. 9, para. 2, litt. a) GDPR, the user has the right to withdraw consent at any time. They also have the right to lodge a complaint with the competent supervisory authority. In the case of a data portability request, the Controller provides, in a commonly used structured format readable by an automatic device, the Personal Data concerning the user, subject to paragraphs 3 and 4 of Article 20 GDPR.
Without prejudice to any other administrative or judicial remedies, if the user believes that the processing of Personal Data concerning them violates the GDPR, they have the right to lodge a complaint with the competent supervisory authority for data protection (EU: list of national authorities).
In no case shall references to the GDPR be construed as a voluntary submission such regulation, nor to the supervision and/or decision-making power of any foreign authority (with respect to Switzerland).
Detailed information on data processing activities
1. Website Browsing
Without prejudice to mandatory data processing required by law and exceptions, derogations, and restrictions to the information requirement, when the user visits the Website seeking information about products and services, events, exhibitions, and promotions, Personal Data processing can be summarized as follows:
- Identity of the controller; refer back to paragraph A above.
- Purpose of processing: (i) to enable Website navigation; (ii) to perform analyses and statistics on Website usage based on aggregated, depersonalized, and/or anonymized data for the purposes of optimizing security, usability, and the quality of services and content, as well as introducing new content, products, services, functions, and interfaces.
- Categories of Personal Data processed: user’s device IP address (what is it?); browser settings and characteristics (name, language, installed plug-ins); approximate location based on IP address (generally corresponding to the location of the internet service provider); unique identifier for mobile devices (tablets, cell phones).
- Categories of Personal Data recipients: (i) website hosting service provider; (ii) technical and website management service provider; (iii) graphic, marketing, and communication service provider.
- Data transfers abroad (relative to Switzerland): none.
- Rights of the data subject: refer to paragraph D below.
- Support measures for the principle of transparency: the protocol data generated by the server hosting the Website concerning its use are managed in such a way that it is not possible or allowed (where technically possible) to trace back to the user’s identity; IP addresses are permanently deleted within 1 months from the date of navigation on the website.
2. Email (Contacts on the Website)
Without prejudice to mandatory data processing required by law and exceptions, derogations, and restrictions to the information requirement, Personal Data processing can be summarized as follows:
- Identity and contact details of the controller: refer to paragraph A above.
- Purpose of processing: (i) correspondence with the sender; (ii) filing/archiving in the event a contractual relationship is established; (iii) supporting accounting activities in the event a contractual relationship is established and the correspondence has accounting relevance.
- Categories of Personal Data processed: (i) sender’s identity; (ii) communication’s content; (iii) IP Address of the user’s device (what is it?); (iv) telecommunication data and metadata.
- Categories of Personal Data recipients: (i) entities providing IT and telecommunication services to the Controller in the field of email and telecommunications (including cloud computing services).
- Data transfers abroad and protection guarantees (relative to Switzerland): none
- Rights of the data subject : refer to paragraph D below.
- Support measures for the principle of Transparency: incoming and outgoing communications (including attachments) are permanently deleted with the customer’s file. In the event of a failure to establish a contract, communications (like all other information) are spontaneously and permanently deleted within 365 days (unless the user requests immediate deletion).
3. Telephone logs (contacts on the Website)
Without prejudice to mandatory data processing required by law and exceptions, derogations, and restrictions to the information requirement, Personal Data processing can be summarized as follows:
- Identity and contact details of the controller: refer to paragraph A above.
- Purpose of processing: (i) communication with the user interested in availing themselves of products and services (including the Controller’s right to call back the user, revealing their identity / caller number to the interlocutor); (ii) acquisition of the customer’s file if a contractual relationship is established and the information is relevant within the context of the contract or for proof of its correct fulfillment (reference to point 1 above).
- Categories of Personal Data processed: (i) mobile or landline phone number; (ii) call duration; (iii) caller location (area code/roaming); (iv) telecommunication data and metadata.
- Categories of Personal Data recipients: Partner entities (Altkey SA, Lugano; PoW SA, Lugano; Fondazione Plan B, Lugano;).
- Data transfers abroad and protection guarantees (relative to Switzerland): none.
- Rights of the data subject: refer to paragraph D below.
- Support measures for the principle of transparency: The logs (if not acquired to the customer file) are destroyed within 365 days of receipt, as only the general invoice from the telephone company is generally retained. In the case of collection of orders and contractual and/or commercial instructions, the recording is retained as justification and proof for 10 (ten) years.
4. Contact form on the Website
Without prejudice to mandatory data processing required by law and exceptions, derogations, and restrictions to the information requirement, Personal Data processing can be summarized as follows:
- Identity and contact details of the controller: refer to paragraph A above.
- Purpose of processing: (i) allow the use of online forms; (ii) identify the user; (iii) verify the legitimacy of the user’s request; (iv) correspond with the user; (v) follow up on the user’s requests; (vi) store transaction-related data for contractual, commercial, fiscal, accounting, and administrative purposes; (vii) send newsletters to customers (for similar products and services) and to non-customer users (given consent for subscription to the mailing list).
- Categories of Personal Data processed:
- Mandatory Personal Data processed: (i) IP address of the user’s device (what is it?); (ii) Personal Data requested by the online form (marked by an asterisk*) and provided by the user; (iii) services and products provided to the user.
- Optional processed Personal Data: Personal Data without an asterisk (*) obtained through the form.
- Categories of Personal Data recipients: Partner entities (Altkey SA, Lugano; PoW SA, Lugano; Fondazione Plan B, Lugano;).
- Data transfers abroad and protection guarantees (relative to Switzerland): None.
- Rights of the data subject : refer to paragraph D below.
5. Newsletter
Without prejudice to mandatory data processing required by law and exceptions, derogations, and restrictions to the information requirement, Personal Data processing can be summarized as follows:
- Identity and contact details of the controller: refer to paragraph A above.
- Purpose of processing: (i) sending the newsletter to the requester or the customer (for similar products and services); (ii) identifying the user; (iii) performing analyses and statistics on the use of the newsletter to optimize security, usability, and the quality of services and content, as well as to introduce new content, products, services, functions, and interfaces.
- Categories of Personal Data processed: (i) email address; (ii) IP address of the user’s device (what is it?); (iii) recipients first and last name; (iv) language; (v) interests and activities; (vi) Personal Data requested by the online form and provided by the user.
- Categories of Personal Data recipients: none.
- Data transfers abroad and protection guarantees (relative to Switzerland): none.
- Rights of the data subject: refer to paragraph D below.
- Support measures fo the principle of transparency: The newsletter is a free and optional service providing updates on the Controller’s activities. Unsubscribing from the mailing list is possible at any time and with immediate effect by clicking the “Unsubscribe” link at the bottom of each email. The newsletter is set up to track recipient behavior, collecting information on email opening, reading time or duration, and activated links.
6. Marketing
Within the limits permitted by current regulations, we use Personal Data for marketing purposes if the user has given their consent, reserving the right of the controller to send advertising communications and offers within the scope of existing or pre-existing contractual relationships involving similar goods, works, and services in compliance with legal requirements.
The users’ Personal Data are not divulged to third parties and their browsing habits through the Platform (and connected online resources) or consumption habits are not analyzed. Data is not cross-referenced with information from third parties to propose personalized offers without the user’s prior, informed, and specific consent.
Which Cookies does the Website implement?
Use of cookies and their management
What are cookies? Cookies are small text files placed on the user’s system by servers during web browsing. Thanks to cookies, servers can recognize the user’s browser and the device used during the current navigation and in case of a subsequent visit.
Types of cookies. Cookies are divided into various types:
- When the entity placing the cookie on the user’s system is the same as the visited site, the cookie is called a “first-party” cookie. Otherwise, it is called a “third-party” cookie.
- “Session” cookies are automatically deleted when the user closes the browser, while “persistent” cookies remain stored until their expiration date.
- “Technical” cookies aim solely to enable safe and easy web navigation as well as the provision of services and content requested by the user.
- “Analytical-statistical” cookies (strictly speaking) are used exclusively to collect information, in anonymous or depersonalized form, about the number of users, their profile, and how they interact with the Website.
- “Tracking”/”profiling”/”advertising”/”marketing” cookies are used to detect and analyze the user’s online behavior (e.g., sites and pages visited, source and destination sites, browsing duration, activated links, language and characteristics of the online browsing software, user location, etc.) particularly for the purpose of profiling and presenting personalized advertisements.
Disabling or deleting options and technical consequences. The user has the option, through the cookie management plug-in on the homepage of the Website, to freely choose which cookies to authorize and which to refuse (including the possibility of blanket refusal). The user can set the browser to inform them upon receiving cookies or to block cookies (generally, by type of cookie, or by the originating site). The generalized blocking of cookies, as it also applies to technical cookies, may result in limitations in the use of the Website. The user can manually delete cookies from the browser’s memory, as well as set the browser to automatically delete cookies upon closing the program (recommended choice).
By default, browsers generally accept cookies. Instructions for deactivating or deleting cookies can be found on the website of the browser developer used by the user (to which reference is made).
There are other ways to reduce the risk of online tracking (which should be used cumulatively):
- activation of the “DoNotTrack” option on the browser (when available) (https://www.eff.org/issues/do-not-track)
- using private or anonymous browsing modes (when available), which prevent cookies from being stored after browsing (as a result, they remain active during browsing);
- installing privacy plug-ins on the browser, such as uBlock Origin, Privacy Badger, or Ghostery;
exercise the user’s right to be excluded from specific behavioral advertising schemes (for example: DAA Consumer Opt-Out Page, NAI Consumer Opt-Out Page).
Technical Cookies
- Name: cookie_banner_data, cookie_banner_timestamp, pow_space_lang
- Provider: planbfund.vc
- Type: https
- Purpose: It stores accepted cookie groups, it stores accept cookies timestamp, it stores selected language of the website representation
- Duration: 30 days
- Required for the use of the Website: Yes
- Possibility of Refusal: No, these are necessary cookies
- Provider’s Website: planbfund.vc
Use of Social Media “Plug-ins” and “Widgets”
What are social media “plug-ins” and “widgets”?Social media plug-ins are optional software that connect websites to social media, allowing users to easily interact with online content (e.g., “Like” or “Share”). Plug-ins include the so-called “widgets,” graphical control elements inserted into corresponding sections of the website to enable users to access the plug-in’s functionalities. With a simple click on the widget, the user can, for example, share content within their favorite social media platform.
If the user activates the plug-in, the browser makes a direct connection to the plug-in provider’s servers (e.g., LinkedIn, Meta, or Instagram). As a result, certain personal information, such as the IP address and visited pages, are transmitted to the plug-in provider. This occurs even if the user is not registered with the social media platform. If the user is registered, the social media platform can associate the visited content with the user’s personal profile. The information published on the social media platform is shown to the user’s contacts or made public (in the case of a public profile).
List of active social media plug-ins / widgets, with corresponding provider and link to the specific provider’s privacy notice
The Website implements plug-ins / widgets or alternative tracking technologies in relation to the following social media platforms:
NONE
The Website implements “double-click” technology, whereby the plug-in must be activated by the user (with the first click, the plug-in is made available, and with the second click, the corresponding functionality is activated).
The previously detailed privacy policies are hereby reproduced and integrated. The user who activates the plug-ins / widgets is solely responsible for reading and accepting these policies, as the Controller has no control over the Personal Data processing activities related to the user’s use of social media.
D. RIGHTS OF DATA SUBJECTS
Legitimation and Exercise. The data subject can exercise their rights in writing by sending a motivated request via ordinary mail or email to the Controller (for contacts, refer to paragraph A above), attaching the necessary supporting documents, along with proof of identity and authorization.
Response Time. The Controller undertakes to respond to the request without delay and, in any case, barring exceptional circumstances, within 30 days from receipt of the request complete with all necessary information.
Rights. In the event of being subject to the provision of the Federal Act on Data Protection (FADP), under the conditions established by the law, data subjects have the following rights concerning their Personal Data:
- obtain the correction of inaccurate or outdated Personal Data.
- be informed in writing and free of charge if Personal Data concerning them are being processed.
- revoke previously given consent for data processing.
- prevent the communication of sensitive Personal Data to third parties.
- express their opinion on an automated individual decision or request that it be reviewed by a human.
- obtain the delivery of their Personal Data or demand their transmission to third parties.
- request that data processing be blocked, that communication to third parties be prevented, or that Personal Data be rectified or destroyed.
- request that a specific data processing be prohibited, that certain Personal Data communication to third parties be prohibited, or that Personal Data be deleted or destroyed.
- if neither the accuracy nor the inaccuracy of Personal Data can be proven, request that a note indicating the contested nature of the data be added.
- request that the correction, destruction, blocking, particularly of communication to third parties, as well as the note of the contested nature or the judgment, be communicated to third parties or published.
- ascertain the illegality of Personal Data processing.
Consultation and information requests
To promote transparency and build a trusting relationship with users, the Controller has appointed an internal contact person for responding to information requests and facilitating the exercise of data subjects’ rights.
The internal contact person can be contacted via email at info@planbfund.vc..
Any questions regarding the rights of data subjects in relation to the processing of Personal Data and their exercise in the private sector can be directed to the Federal Data Protection and Information Commissioner (FDPIC), who can be contacted through the online form (link).
E. APPLICABLE LAW AND JURISDICTION
The legal relationship between the user and PLAN B NETWORK SA, Lugano, regarding access to and use of the Platform (and related resources) is governed by SWISS SUBSTANTIVE LAW, excluding the rules of private international law.
The parties hereby designate THE COURT OF THE SUBJECT-MATTER JURISDICTION FOR THE DISTRICT OF LUGANO AS THE EXCLUSIVE FORUM FOR ANY DISPUTE arising from or related to the use of the Platform (and related resources), subject to any mandatory legal provisions that may require a different jurisdiction. PLAN B NETWORK SA,, Lugano, reserves the right to bring proceedings before the competent court at the user’s place of residence, branch, or domicile.