Website Privacy Policy SA (CHE‑300.132.471), with registered office at Place de la Gare 4, c/o Fiduconsult Lausanne SA, 1003, Lausanne, Switzerland (“Giotto” or “Controller”)herein provides its website privacy policy (“Privacy Policy”) for the processing of personal data (“Data”) collected and processed on its website (“Website”) and related to individuals (“DataSubjects” or “you”) who:

  • fill-in the B2B contact form (“ContactForm”) available on the Website; and/or

  • surf through the Website, via cookies & other similar tracking technologies (“Cookies”).

1. Processing through Contact Form


Categories of Data. Giotto via the Contact Form collects the following Data: name; surname; corporate email address. No processing of special categories of Data takes place. The Contact Form may be amended from time to time, being understood that only Data specifically there in requested are processed by Giotto.


Purposes, legal basis and modalities of Data processing. Giotto’s processing of Data is carried out both manually and through electronic (also automated) means, by individuals to whom Controller provided proper instructions. Giotto processes Data collected through Contact Form for the following purposes:


Marketing/business partnership. By filing/sending the Contact Form, Data Subjects expressly allow Giotto to send marketing communications (in electronic or non-electronic form) regarding its products and services,as well as shariusiness opportunities. The relevant legal basis is consent(GDPR, Art. 6(1)(a)), which may be freely withdrawn anytime in accordance with par. 6 of this Privacy Policy.


Legal obligation. From time to time, Data are also processed to comply with a legal obligation, e.g. when disclosure is requested by public authorities (GDPR, Art. 6(1)(c)).


Legitimate interest. Data may also be processed to perform tasks related to the transfer of going concerns or other M&A transactions (such as acquisitions, corporate merge or other extraordinary transactions) involving Giotto or its group of undertakings, and related performance; or to protect / defend Giotto’s title sand interests before courts. In these cases, the relevant legal basis is Giotto’s legitimate interest, which will be duly balanced with the fundamental rights and freedoms of the Data Subjects (GDPR, Art. 6(1)(f)).


Mandatory/Voluntary nature of Data provision. Provision of Data for the purposes under par. 1.2.1 is voluntary and, therefore, freely revokable anytime. Provision of Data for the purposes under par. 1.2.2 and 1.2.3 is mandatory, as lacking such provision Giotto could not fulfil its legal obligations or pursue its legitimate interests.

2. Processing via Cookies


What are Cookies?

This Website uses Cookies. A Cookie is a small text file containing tiny amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the same website each time you visit it, or to another website that recognises such Cookies.Cookies are not computer programs and cannot read information saved on your hard drive. Cookies cannot carry viruses, install malware, or record your email address. They only contain and transfer to the Website as much information as the Data Subjects themselves have disclosed to the Website.

By clicking “Accept All Cookies” on the cookie banner on the Website, you are agreeing to our Privacy Policy and consent to the use of Cookies by us and our carefully selected third party partners as described in this Privacy Policy. Cookies are grouped by categories: necessary; preferences and statistics. If you do not agree to such use, please click on Cookie Setting and adjust your settings or remove consent. If you click on “Accept Necessary Cookies only” you will enable basic functions only, like web navigation (more information on the section below).


Why does Giotto use Cookies?

Cookies are useful because they allow the Website to recognise the device you are using, and to provide you with a better surfing experience, by remembering something you have done within the Website, e.g. logging in or which buttons you have clicked. At Giotto, we use Cookies to recognise our customers and also to understand and improve the surfing experience for you.

This is a list of the Cookies set and used by Giotto, including details of the relevant purposes. We will update this list as we make changes to Website’s functionalities. We reserve the right to add, remove or change the Cookies hosted on our Website from time to time.

Necessary Cookies

Necessary Cookies aim at providing basic-functions necessary to enable your surfing through the Website, e.g. activating the webpage and – where applicable – secure access to certain areas of the Website. The Website cannot work properly without the usage of Necessary Cookies.

Preference Cookies

Preference Cookies are technical Cookies allowing the Website to remember information about you, to enhance your user experience, e.g. remembering your preferred language or the region in which you are based. Disabling these Cookies may unpair your proper surfing through the Website.

Analytics Cookies

Analytics Cookies help us to understand how Data Subjects interact with the Website, creating reports/information based on aggregate Data.


How can I manage Cookies?

You can accept, disable and reject Cookies easily by adjusting your browser settings. You can also personalise your browser settings for different websites and web applications, and most mainstream browsers allow you to select different settings for proprietary and third-party cookies.

For your convenience, below are links to the web pages of the main browsers that contain instructions on how to delete cookies:

Internet Explorer | Firefox | Chrome | Safari

For more information about Cookies and how to limit their use, please visit: All About Cookies.

Please note that Cookies are device-specific, so if you log on to any website from a different computer or from your mobile, the Cookie settings on that computer/mobile will apply.

3. Sharing of Data

Data may be shared with the following categories of recipients:


Giotto’s personnel, to whom Controller has provided suitable instructions concerning the fulfilments and measures to be adopted while processing Data;


Public bodies in charge with audits, controls or law-enforcement related to the proper fulfilment of the above mentioned purposes;


Third parties to whom the transfer is necessary to the performance of Giotto’s business activities, with specific reference to entities, individuals, associations having administrative, accountant, information technology, tax and legal purposes, in their capacity as controllers or processors;


Other third parties, who are entitled to receive Data in accordance with legal provisions and regulations.

Personal data are not subject to dissemination.


Extra-EEA transfers. Data may be stored and processed in your region, or transferred to, stored at or otherwise processed outside your country of residence, including, in respect of residents of a country within the European Economic Area (the “EEA”) or Switzerland, in a country outside the EEA or Switzerland, including without limitation the USA, or any other country which does not necessarily offer an adequate level of data protection as recognized by the European Commission or Switzerland. Data Subjects acknowledge that processing in/transfer to Switzerland is fully permitted under GDPR, as approved by the EU Commission decision of adequacy no. 2000/518/EC. Your Data may also be processed by staff operating inside or outside your country of residence, including staff located outside of the EEA or Switzerland, who work for us or our service providers. That said, Data Subjects further acknowledge that, for certain specific tasks, and based on Data Subjects’ consent or other suitable safeguard/legal basis, Data may be processed outside the EEA. Such transfer, in any event, will be performed through one of the suitable safeguards/measures listed under GDPR (Art. 44 and ff.). Data Subjects are also granted with the right to obtain copy of Data transferred extra-EEA and to receive information on the relevant third countries where Data are stored, in accordance with par. 5 of this Privacy Policy.

4. Data retention

Without prejudice to specific legal obligations, Data are stored for different time periods, depending also on the relevant purpose of the processing. Specifically, and unless a further retention period is required by potential judicial claims, requests from public bodies or law provisions and regulations, Data are stored:


for the purposes under par. 1.2.1, upon withdrawal of consent or 24 months from the collection, whichever is earlier;


for the purpose under par. 1.2.2, for the period set forth under applicable laws and regulations;


for the purposes under par. 1.2.3, for the period necessary to achieve the corporate transaction and/or defend Giotto’s rights before courts;


for the period indicated for each category of Cookie in par. 2 above.

Once the above retention periods expire, Data will be anonymized or erased (as the case may be).

5. Rights of Data Subjects

Data Subjects, in accordance with GDPR, are granted with the following Data-related rights:


right to be informed about purposes and modalities of the processing;


right to access;


right to obtain a copy of Data, where such Data are stored extra-EEA, as well as to obtain information on the relevant third country of storage;


right to rectification, update or integration;


right to request erasure, anonymization or block of the processing;


right to object, in whole or in part, to any processing through automated means, including profiling;


right to revoke their consent, freely and anytime;


right to Data portability, i.e. the right to receive their Data in a structured, machine-readable format, commonly used and readable through automated devices, as well as the possibility to transfer such data to another controller;


right to request the limitation of the processing;


right to contact Controller’s data protection officer (where appointed);


right to lodge a complaint with the relevant supervisory authority.

6. Controller’s contact details

Controller’s registered office is at Place de la Gare 4, c/o Fiduconsult Lausanne SA, 1003, Lausanne, Switzerland. If you believe your personal data has been used in a way that is not consistent with this Privacy Policy, or if you have any questions or a request in relation to the processing of your Data, please contact us at

7. Final provisions

Controller may amend / modify, in whole or in part, this Privacy Policy, in case of amendments to the processing activities herein detailed or existing law provisions and regulations. Please refer to the last version of this Privacy Policy available on the Website from time to time.

Last update: [April 2024]