privacy policy | studio bsc

Information on the Processing of Personal Data

Pursuant to EU Regulation 2016/679 (GDPR) and the Swiss Federal Act on Data Protection (revDSG/nLPD, in force since 1 September 2023).
Last updated: 07.05.2026

1. Data Controller

The data controller for the personal data collected through the website www.studiobsc.ch is:

studio bsc – Giulia Bisciaio (sole proprietorship under Swiss law, active since June 2026)
Registered office in Switzerland: Rue Orient Ville 2, Lausanne
E-mail: giuliabisciaio@studiobsc.ch

For any request regarding the processing of your personal data, you may contact the e-mail address indicated above.

2. Types of data collected

The website collects the following categories of personal data:

Data voluntarily provided by the user via the contact form: name, e-mail address, and message content.
Automatically collected browsing data: IP address, browser type, operating system, pages visited, date and time of access, referring website. These data are processed in aggregated and anonymous form for statistical purposes.
Cookies and similar technologies: see the dedicated section in the Cookie Policy.

No special categories of personal data (such as ethnic origin, political opinions, health data, etc.) are intentionally collected. Users are advised not to include such information in the contact form.

3. Purposes of processing

Personal data are processed for the following purposes:

Responding to information or contact requests submitted via the form or e-mail.
Managing potential pre-contractual and contractual relationships with clients.
Complying with legal obligations (tax, accounting, anti-money laundering where applicable).
Ensuring website security, proper functioning, and anonymous statistical analysis.
Displaying relevant content and advertisements on third-party platforms (Meta/Facebook/Instagram), only if the user has given prior consent via the cookie banner.

4. Legal basis of processing

Processing is based, depending on the case, on one of the following legal bases:

Consent of the data subject (Art. 6(1)(a) GDPR; Art. 6(6–7) nLPD) for profiling cookies and marketing purposes.
Performance of a contract or pre-contractual measures requested by the user (Art. 6(1)(b) GDPR; Art. 31(2)(a) nLPD) for handling contact requests and professional relationships.
Compliance with legal obligations (Art. 6(1)(c) GDPR; Art. 31(1) nLPD).
Legitimate interest of the controller (Art. 6(1)(f) GDPR; Art. 31(1–2)(d) nLPD) for website security and anonymous statistical analysis.

5. Methods of processing

Data are processed using electronic and automated tools, with appropriate technical and organisational security measures to prevent loss, unauthorised access, disclosure, or unlawful use, in accordance with Art. 32 GDPR and Art. 8 nLPD.

Data are accessible only to the controller and to authorised and trained persons bound by confidentiality.

6. Data retention period

Data are stored only for as long as necessary to achieve the purposes for which they were collected, and in particular:

Contact form data: for the time required to handle the request and up to a maximum of 24 months thereafter, unless a contractual relationship is established.
Client or contractual data: for the duration of the relationship and for 10 years thereafter, for tax, accounting, and legal compliance purposes, in accordance with Swiss law (Swiss Code of Obligations Art. 958f).
Browsing data and cookies: according to the retention periods indicated in the Cookie Policy.

7. Disclosure and categories of recipients

Personal data will not be publicly disclosed but may be communicated to the following categories of recipients solely for the purposes indicated above:

Wix.com Ltd (website hosting and platform services provider)
Meta Platforms Ireland Ltd / Meta Platforms Inc. (Facebook and Instagram), in case of consent to Meta Pixel
Professional advisors of the controller (accountants, fiduciaries, legal advisors), bound by professional secrecy
Competent public authorities, where required by law

These parties act as data processors or independent controllers, depending on their role.

8. International data transfers

Some of the above-mentioned providers (in particular Wix and Meta) may process data outside Switzerland and the European Economic Area, including in the United States.

In such cases, transfers are based on appropriate safeguards provided by applicable law, such as:

Adequacy decisions by the European Commission and the Swiss Federal Council (e.g. EU–US Data Privacy Framework and Swiss–US Data Privacy Framework)
Standard Contractual Clauses approved by the European Commission, supplemented where necessary by additional safeguards

Users may request a copy of these safeguards by contacting the controller at the e-mail address provided.

9. Rights of the data subject

At any time, users may exercise the following rights under the GDPR and nLPD:

Right of access to personal data (Art. 15 GDPR; Art. 25 nLPD)
Right to rectification of inaccurate data (Art. 16 GDPR; Art. 32 nLPD)
Right to erasure (“right to be forgotten”) (Art. 17 GDPR; Art. 32(2) nLPD)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR; Art. 28 nLPD)
Right to object to processing (Art. 21 GDPR)
Right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal
Right to lodge a complaint with the competent supervisory authority:
- In Switzerland: Federal Data Protection and Information Commissioner (FDPIC/IFPDT, www.edoeb.admin.ch)
- In Italy: Italian Data Protection Authority (www.garanteprivacy.it)
- Or with the authority of the user’s EU Member State

To exercise these rights, you may write to giuliabisciaio@studiobsc.ch. A response will be provided within 30 days.

10. Changes to this policy

The controller reserves the right to modify this information at any time by publishing updates on the website. Users are encouraged to review this page regularly, checking the date of the last update at the bottom of the document.