Privacy Statement

Version September 2023


This Privacy Statement is an integral part of the “Terms and Conditions” applicable for “Asmana Vouchers” (Vouchers), to be used exclusively at Asmana Wellness World, Viale Allende 10, 50013 Campi Bisenzio (Fi), Italy. Asmana is a trademark owned by Sonosystem AG, Kriessernstr. 40, 9450 Altstätten, Switzerland. Asmana Wellness World is managed by Floriba srl, Via Michelucci 9, 50013 Campi Bisenzio (Fi), Italy. This Privacy Statement is applicable to any data collected by us as a result of your visits to the website


1. Who collects and processes the data

Sonosystem AG is the Controller of the personal data communicated by the Customers when they register on our website (especially first name, family name, sex, address, postal code and domicile, country, date of birth, e-mail address and password) respectively for submission of purchase orders for Vouchers. The personal data communicated by the Customers, certain information about them and about the users of the Vouchers and the products/services acquired will be collected and processed in order to

  1. better satisfy requests by and services to Customers and take care of relations with them,
  2. manage the Asmana Voucher program, as specified under Art. 11 of the above Terms and Conditions,
  3. handle administration of Customers and users,
  4. fulfil our contract duties,
  5. carry out on-line payment procedures in the quickest and safest manner through our provider of such services,
  6. handle Customer requests and complaints,
  7. send our Customers our Newsletters and information concerning specific events and products,
  8. carry out marketing activity as well as
  9. for any other related purpose.

Especially, we advise you - and you explicitly and irrevocably grant your specific consent (Art. 6 para 7 nLDP) by signing this Confidentiality Declaration as an integral part of the “Terms and Conditions” applicable for “Asmana Vouchers” – that Sonosystem AG collects and processes, as administrative manager and controller, personal data on Customers through its web shop “” (the provider is n-tree solutions schweiz GmbH, Heimberg, Switzerland) and data for payment (especially for controlling risks and to perform the transaction) by means of its providers SIX Payment Services AG, Hardturmstrasse 20, 8005 Zurich, Switzerland (insofar as necessary, especially IP address, e-mail address, delivery address and credit card data), which it then makes available to the company Floriba srl, Via Michelucci 9, 50013 Campi Bisenzio (Fi), Italy, except for the payment data which will stay with the above providers under their responsibility. Please refer any questions concerning payment and related data to:

Global Data Protection Support
Hardturmstrasse 201
8005 Zürich - Schweiz
[email protected]

The disclosure of personal data by the Customer is purely voluntary and constitutes an indispensable condition precedent – as the case may be – for signing in, registering or purchasing Vouchers via the website The aforementioned data are processed both electronically and by telematic means, with procedures and tools aimed at guaranteeing maximum safety and confidentiality and are made accessible only to the personnel responsible for processing at Sonosystem AG and Floriba srl (manager of Asmana Wellness World). These data are also registered on the Floriba srl server. Personal data, communicated by Customers will never be made public, but may be disclosed to third parties belonging to the following categories for the same purposes as those for which they are collected:

  1. any subsidiaries and companies belonging to Sonosystem AG
  2. any persons in charge of the shipment, delivery and return of the purchased products
  3. any commercial partners and those responsible for shipping the purchased items to the Customer or those who need to send receipts and/or invoices to offer the service requested by the Customer
  4. any providers of services for the management of the information system and telecommunications networks of
  5. any companies that supply collection and payment services through credit cards
  6. any individuals responsible for the audit, revision and certification of the activities carried out by also in the interest of the Customers
  7. any trustees, for accounting and tax-related obligations
  8. any consultants or other parties providing related services
  9.  any third-party providers inside or outside your country of residence (especially in Italy), so that they can perform the services for Sonosystem AG and Floriba srl for the above purposes. All the people involved have to fulfill the privacy obligations.

All people involved who receive personal data collected as described above are obliged to respect privacy and data protection pursuant to applicable regulations.


2. Why do we process your data (purpose of the processing) and on what legal grounds?

All data acquired by Sonosystem AG will be processed in compliance with Swiss regulations on data protection (Federal Law on Data Protection, LDP – in the version which came into effect on September 1, 2023 - nLDP) and, insofar as applicable, with the new EU Regulation on data protection 2016/679 (General Data Protection Regulation, GDPR), which came into effect on May 25, 2018.

The data are processed:

  1. to fulfil contract obligations (Art. 6 nLDP in addition to Art. 6 [1b] GDPR), especially in order to provide services to the Customer in the context of processing and supplying Asmana Vouchers (Vouchers) as indicated above or pre-contract measures following a request. Further details on the purpose of data processing are available in the documents and in the “Terms and Conditions”.
  2. taking into account the interests of the data subjects (Art. 6 nLDP in addition to Art. 6 [1f] GDPR) and when requested, we process your data beyond mere fulfilment of the contract in order to pursue legitimate interests of our own or of third parties.
  3. following your consent (Art. 6 nLDP in addition to Art. 6 [1a] GDPR): if you have consented to your personal data being processed for the purposes above, processing is legal on the basis of your consent. Consent may be recalled at any time. This also applies to declarations of consent provided to us before GDPR came into force (if applicable), that is before May 25, 2018. Recall of consent will not invalidate legitimacy of data processing during the period previous to the recall.
  4. As may be provided for by law (Art. 6 nLDP in addition to Art. 6 [1c] GDPR) or in public interest (Art. 6 nLDP in addition to Art. 6 [1e] GDPR): During internal transfer of personal data, we make sure that the procedure complies with laws and regulations current in Switzerland and in the foreign countries where such data are transferred (especially in Italy), in order to ensure as far as possible that those receiving your data keep a suitable level of protection of the data. Please note, however, that even if the sender and the recipient reside in the same country, the data transferred via the Internet can be transmitted beyond the international borders and sent to a country with a lower level of data protection than the one in the country of residence. We may also disclose your information to agencies or government agencies, administrative authorities or other persons, in accordance with any applicable laws, regulations, court orders or official requests or pursuant to and for the purposes of any directive issued by an administrative authority or any other competent authority in Switzerland and/or abroad, or any similar procedures as required or authorized by the applicable legislation in force.


3. Customers’ requests and rights

Customers can contact [email protected] to assert the rights recognized in favor of those concerned with the laws and regulations in force regarding the use of personal data.

In particular, each Customer may:

  1. obtain confirmation of the existence (if any) of personal data concerning them and be notified in an intelligible form
  2. be informed of the origin of the data, the purposes of their processing and related methods, as well as the logic applied to the processing, carried out through electronic means
  3. request the updating, correction or - if interested - integration of any data concerning them;
  4. obtain the deletion, anonymization or block of any data that may be processed in breach of the law, as well as oppose - for legitimate reasons - the processing; Erasure of the data however will be possible only after any contract, legal and or tax and/other obligations imposed on us have been fulfilled
  5. oppose any processing aimed at sending advertising material, direct selling, carrying out market research and commercial communication

 Among the rights GDPR and nLDP (Art. 25-29) acknowledges to the Customer, there are also the following:

  1. To ask Sonosystem AG for access to his personal data and to information about them; rectification of inaccurate data or integration of incomplete data; erasure of personal data concerning them (when one of the conditions arises specified in Art. 17 [1] GDPR and in compliance with the exceptions laid down in paragraph 3 of the same article); limitation of processing of his personal data (when one of the conditions arises specified in Art. 18 [1] GDPR arises)
  2. Asking for and obtaining from Sonosystem AG - should the legal basis for processing be the contract or the consent, and should this be performed using automatic means - his personal data in a structured format which can be read from an automatic device, also in order to communicate such data to another data controller (so-called right to data portability)
  3. Object at any time to processing of his personal data in particular situations that concern him
  4. Revoke consent at any time, limited to the case in which the processing is based on his consent for one or more specific purposes and involves common personal data or special categories of data. Processing based on consent and carried out before recall of such consent however remains legitimate
  5. Submit a complaint to a competent controlling authority


4. Transfer of data to a third country

As said above, data transfer takes place by principle in Switzerland and in the European Union. Data may be transferred to entities or countries outside Switzerland and the European Union (so-called third countries) insofar

  1. as this may be needed to fulfil your orders
  2. is required by law (e.g. Information obligations under tax laws) or
  3. you have granted your consent.


5. Data which we collect from use of our services by the user

We collect information on services used by the user and how he uses them, for example when a video is watched on YouTube, a website is visited which uses our advertising services or when the user sees and interacts with our announcements and contents. This information includes:

Plugins and Widgets – The website owned by Sonosystem AG may use Plugins supplied by third parties. Whenever you visit a page of our site that contains one or more of these elements, your browser will display contents (text and/or images) sent and/or selected by the owner of the Plugin. These plugins may also install cookies (third-party cookies). Therefore, our website is not responsible for such contents and, therefore, please refer to the privacy policy of the owner of the Plugin. Our site may use social plugins from social networks, including but not limited to Facebook, Instagram, Google+, Twitter, etc. More Plugins from other sites and/or Social Network may be added to the pages of our site in the future.

Use of Cookies - The website owned by Sonosystem AG uses cookies (and/or similar technologies) - i.e., small text strings that the sites visited by any users send to their terminals (usually to the browser), where they are stored before being sent back to the same sites upon the next visit to the same terminal. Only technical cookies, such as session cookies and analytics Cookies, are used. These cookies do not allow for the acquisition of personal identification data of the user.

Tracking and statistics software – To help us analyze how you use our website, we may employ “tracking software”, ours and/or of third parties. Any “tracking software” tools we may use, could use cookies allowing collection of some information and data on you and your visits to the website, for example the time and length of your visit, pages viewed, the place where you visited the website, your IP address, the kind of browser you are using, the screen resolution, the number of pages viewed, the path you followed and other information coming from the “clickstream” and its analysis.

Profiling data - We process some of your data automatically, in order to evaluate certain personal aspects (profiling). For example, we use profiling and assessment tools to inform you specifically and provide advice on products. This allows us to tailor communications and marketing as needed, including market research and opinion polls.

Log Files – Each time our websites are used, certain data is automatically accumulated for technical reasons and temporarily stored in so-called log files. Examples include the following technical data:

  • IP address of the requesting and device
  • Information about your Internet service provider
  • Information about the operating system of your end device (tablet, PC, smartphone, etc.)
  • Information about the referring URL
  • Information about the browser used
  • Date and time of access and
  • Contents accessed when visiting the website.

This data is processed for the purpose of facilitating the use of our websites (connection establishment) and ensuring their smooth operation, guaranteeing system security and stability, facilitating the enhancement of our websites and for statistical purposes.

The IP address is also analyzed together with other log files and further data available to us, if applicable, in the event of attacks on IT infrastructure or other potential unlawful or improper use of the websites for solution and aversion purposes and may be used during criminal proceedings for the identification of persons concerned and for action taken under civil and criminal law against these persons.

Thanks to this information, we may be able to customize our services for you and make the use of the website easier and more efficient. Please remember that the refusal of cookies or tracking software could lead to a reduction in the level of functionality of the site or even to the total non-functioning of the same.


6. Duration of data preservation

We process and file all your personal data for the time needed to fulfil our contract and legal obligations in principle for a period of 10 years. Personal Data are destroyed or anonymized as soon as they are no longer necessary for the purpose of processing (Art. 6 para 4 nLPD). Concerning this, it should be remembered that our business relationship is a long-term obligation, measurable in years.


7. Modifications

Our Privacy Regulations may be modified from time to time. We engage not to diminish the rights of users provided for in this Declaration on privacy without their explicit consent. We will publish changes to this privacy declaration and, should such changes be significant, we will point them out with a more visible notice (for some services, we will send an e-mail notifying changes made to the privacy regulations).


8. In-house privacy unit and rights of the data subjects

The unit responsible in our company is the data protection officer, who may be contacted for any explanation concerning processing, rectification or erasure of the personal data at the following addresses:

Sonosystem AG,

Kriessernstr. 40

9450 Altstätten, Switzerland

E-mail: [email protected]



Latest update Septembre 2023