Privacy Statement

Article 13 of the Swiss Federal Constitution and the provisions of the Swiss Confederation’s data protection act (DSG) grant individuals the right to safeguard their privacy and prevent the unauthorised use of their personal data. 

We process personal data in accordance with Swiss data protection law, in particular, the Federal Act on Data Protection (DSG) and the Ordinance to the Federal Act on Data Protection (VDSG). We process personal information in a safe, reliable and user-friendly manner to ensure the uninterrupted provision of our services. The personal data we process may encompass inventory, contact, browser, device, content, meta, usage, location, sales, contractual and payment data. Personal data is treated as strictly confidential and is not shared with or sold to third parties. We employ appropriate technical and organisational measures to protect and secure your data. Access to our online services is managed using data encryption (SSL/TLS and HTTPS).

This privacy statement explains what personal data Swissrail collects about you, and how, where and why we process it when you visit our websites www.swissrail.com and www.swissrail.app (SwissrailNet) or use any of our other services.

Data controller

The person responsible for processing your personal data pursuant to Art. 2 nDSG is

Swissrail Industry Association
Taubenstrasse 32
3011 Bern
Phone: +41 31 398 50 50
Email: swissrail@swissrail.com

Data subject rights

Data subjects whose personal data we process have rights under Swiss data protection law. These include the right of access and the right to rectification, deletion or blocking of the processed personal data. 

Data subjects whose personal data we process have the right to lodge a complaint with a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (EDÖB). 

Deletion and blocking of data

We adhere to the principles of data avoidance and data minimisation. We therefore retain your personal data only for as long as we need it to fulfil the purposes outlined in this data privacy statement or as required by law. 

Cookies

We may use cookies on our website. Cookies are data files sent to and stored in your browser. They include both first-party cookies, set by us, and third-party cookies, set by services we use. These data files may include, but are not limited to, traditional text-based cookies. You can disable or delete cookies via your browser settings at any time. Please be aware, however, that blocking or deleting cookies may impact the functionality of our website.

Access data/server log files

We may record the following information each time you visit our website, provided that it is transmitted from your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including version, browser including language and version, the individual pages of our website accessed including the amount of data transferred, the address of the web page the user was on before visiting the current page (referrer).

Email: contact and newsletter 

If you contact us (by email for example), we will process your details so that we can deal with your message and any subsequent issues that may arise. 

Members may request a login for the internal site. By logging in, you consent to receiving regular association information and SwissrailNet updates via email at the address you have provided. A valid email address is required to complete your registration. If you no longer wish to receive association information, please let us know. Every SwissrailNet update contains a link to your user profile, where you can customise your preferences. Transactional emails from SwissrailNet are sent via Postmarkapp. The newsletter on current industry topics (Eurospider) is sent via Mailgun.

Notifications and messages may contain web links or tracking pixels that record whether an individual message has been opened and which web links have been clicked. These web links and tracking pixels can also record how the recipient interacts with notifications and messages. 

We use MailerLite to send and manage our newsletters. MailerLite is a service provided by UAB MailerLite in Lithuania. MailerLite's privacy policy explains the types of data we collect, how it is used, and why. 

Integration of third-party services and content

Our website may include third-party content, such as videos hosted by Vimeo, maps provided by map.search.ch, RSS feeds or graphics from external websites. To deliver this content, the third-party providers need to determine the users' locations based on their IP addresses. 

Sharing personal data with third parties

As a rule, we only use your personal data within our company. When we share data with third parties (such as logistics or IT service providers) for the purpose of fulfilling our contractual obligations, the data provided is limited to what is essential for the service.