Data Privacy Statement
1. Introduction
Protecting your personal data is important to the Swiss Association of Public Transport (APT). This Privacy Statement explains how we process the personal data we receive from you when you visit the Railway Talent Hub website at https://railway-talent-hub.ch/en. It also explains why we need the data and how you can object to it being processed. For the purpose of this Statement, the terms data and personal data are synonymous and refer to data with which we can identify you either alone or when combined with other information (such as your name, email address, etc.). If you provide us with data about other persons, you confirm that you are authorised to do so, and that the data is correct. Please ensure that any third parties involved are made aware of this Data Privacy Statement. Since the target group of the association's activities is located in Switzerland, the data protection declaration is based on Swiss data protection legislation, specifically the Federal Act on Data Protection (Data Protection Act, FADP) of September 25, 2020 (SR 235.1) and the Ordinance on Data Protection (Data Protection Ordinance, FODP) of August 31, 2022 (SR 235.11). Under specific circumstances, however, the provisions of the EU General Data Protection Regulation (GDPR) may apply.
2. Who is responsible for data processing?
The Swiss Association of Public Transport (APT), based at Dählhölzliweg 12, 3005 Bern, Switzerland and registered in the Commercial Register of the Canton of Bern under CHE-107.816.575, is responsible for processing your data, unless stated otherwise in individual cases. If you have any questions or suggestions about data protection, you can contact the APT at any time, either by post (Verband öffentlicher Verkehr, Datenschutz, Dählhölzliweg 12, 3005 Bern) or by email to datenschutz@voev.ch.
3. Scope and purpose of data processing
3.1 General information about visiting the website
By visiting and using this website, you consent to the collection, processing and use of your data as described below. The website is normally accessible without the need for registration. When you visit the website, we store information on the server for statistical purposes, such as the pages you visit, the files you download, and the date and time. This data is collected in a way that does not identify you personally. Personal data, such as your name, address and email address, are obtained on a voluntary basis or when you make use of certain functions. The following sections contain more detailed information about the data we process and what we use it for. Insofar as the GDPR applies, see also the references to the lawfulness of processing according to Art. 6 para. 1a to 1f of the GDPR. Possible reasons include technical necessity, contractual requirements, legal provisions, overriding interest or explicit consent.
3.2 Contacting us by email
If you contact us by email, we will collect your email address and the data contained in your message. We will only process the personal data we need to deal with your request. Insofar as the GDPR is applicable, our legitimate interest forms the legal basis for this processing of personal data (see Art. 6 para. 1f GDPR). You can object to data processing at any time with effect for the future.
3.3 Contacting us via the form on the website
If you send questions or suggestions via the contact form (https://railway-talent-hub.ch/en/partners), we collect your email address, other mandatory fields on the topic related to your message, and the message field itself. You may also optionally enter your first name and surname.
3.4 Participation in events and functions
We collect certain information about participants when they register for events. We collect the surname, first name, email address, phone number, university, field of study and language preference of individuals who register via the website (see also Section 3.6).
A separate backend environment is used to collect the registration data, which stores the registration data directly on the servers of our web partner CodeCrush GmbH. Further information on data processing by CodeCrush can be found here: https://codecrush.ch/datenschutz/
For further information, please refer to the General Terms and Conditions for Participation in Railway Talent Hub Events of the Association of Public Transport (APT) at https://railway-talent-hub.ch/en/general-terms-and-conditions. The legal basis for processing your personal data lies in the processing necessary for the performance of the contract, or the processing necessary prior to entry into the contract, or in our legitimate interest (see Art. 6 para. 1b and f GDPR, in cases where the GDPR applies). If we rely on our legitimate interest for processing, you may object to your data being processed at any time with effect for the future.
3.5 Subscribing to the newsletter
If you would like to receive the newsletter offered on this website, we need an email address from you. When you register, we send a message to the address you have provided, asking you to confirm your registration by clicking on a link. No other data is collected. We use this information exclusively for sending out the newsletter (see also Section 3.6) and do not share the data with third parties. You can at any time withdraw your consent to the storage and use of your data, including your email address for newsletter purposes, by clicking the "unsubscribe" link provided in the newsletter.
3.6 SwissNewsletter
We use the SwissNewsletter program (see Section 3.5) for the purpose of sending newsletters and emails relating to event participation and storing contact/participant data associated with events (see Section 3.4). The data is processed exclusively for its intended purposes.
3.7 Server log files
Our website provider systematically collects and stores the information that your browser automatically sends us in "server log files". The following information is collected: browser type and version, operating system, referrer URL, host name of the accessing computer and time of the server request. This data cannot be assigned to specific persons. None of this data is ever associated with other data sources. We reserve the right to examine this data at a later time if we have compelling grounds to suspect unlawful use.
3.8 YouTube
The website uses YouTube to embed videos. YouTube integration is carried out in a manner that minimises the collection of personal data as far as possible ("YouTube Nocookie"). For more information on data processing by YouTube or Google, please visit the following links: https://policies.google.com/privacy?hl=en / https://www.youtube.com/static?gl=en&template=terms&hl=en
3.9 Google Fonts
We use Google Fonts to enhance the visual appeal of our website. The required fonts (in particular "Space Grotesk") are not obtained from an external service but are loaded directly from our web host. This means that the fonts can be used without the need to provide additional data for this purpose.
3.10 Fathom
This website uses Fathom Analytics to analyse website traffic in a privacy-friendly manner and to process as little personal data as possible. Fathom does not use cookies. This privacy-friendly website analysis software briefly processes your IP address without invading your privacy or identifying individual visitors. All personal data is anonymised. For more information, please visit the Fathom Analytics website: https://usefathom.com/privacy. Where the GDPR is applicable, our legitimate interest in the further development of our website and our offers form the legal basis for the processing of personal data (see Art. 6 para. 1f GDPR).
3.11 Storyblok
This website uses the Storyblok content management system (CMS) to administer all of our content. The following data is stored in the Storyblok CMS: email addresses (such as the ones collected when registering for the newsletter as per Section 3.5), data from events registration forms (see Section 3.4), contact form data (see Section 3.3) and other website content. You can find out more about Storyblok's data processing here: https://www.storyblok.com/legal/privacy-policy-storyblok
3.12 SSL/TLS encryption
This website uses SSL/TLS encryption for security reasons and to protect communication on the internet, such as the inquiries you send to us. You can recognise an encrypted connection by the fact that the browser's address line changes from "http://" to "https://" and by the padlock icon next to the site name. When SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties.
4. Storage location
Our data is stored on servers within the European Union or Switzerland.
5. Links to our social media accounts
Our website contains direct links to our social media accounts. These links will take you to our profiles on LinkedIn (see https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy) and Instagram (see https://privacycenter.instagram.com/policy). If you click on one of the social network icons, you will be automatically redirected to our profile. A direct connection will then be established between your browser and the server of the relevant social network. This informs the network that you have visited our website with your IP address and clicked on the link. If, when you click on the link, you are already logged into your account on the social network concerned or if you log in after clicking on the link, the network can link your visit to our website directly to your account. You can learn more about why and how the social network provider collects, processes, and uses your data, along with information about your rights and privacy protection settings, by referring to the terms of use and privacy statement provided by the service. By clicking on one of the links mentioned, you give your consent to your data being processed in this way (see Art. 6 para. 1a GDPR where applicable).
6. Sharing personal data with third parties
We will only share your personal data with selected service providers and only to the extent necessary to provide our service. These providers include, for example, IT support service providers, shipping service providers and providers of other resources. Your data may also be shared if we are legally obliged to do so or if it is necessary to protect our rights, in particular, to enforce claims arising from a legal relationship with you.
7. Transfer of personal data to third countries
We may transfer your data to third parties based abroad for the purposes of processing data as described in this Privacy Statement. These third parties are required to uphold the same level of privacy protection for individuals as we do. If any of these third parties is located in a country lacking acceptable statutory data protection, we ensure through contractual obligations that they adhere to the relevant data privacy requirements. We use the European Commission's revised standard contractual clauses for this purpose, which can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en), unless the service provider already complies with a legally recognised set of data privacy rules and we cannot rely on an exception clause. An exception may apply in the case of legal proceedings abroad, but also in cases of overriding public interests or if the execution of a contract requires such disclosure, if you have given your consent or if you have made the data in question generally available and have not objected to its processing.
8. Your rights over your personal data
The applicable data protection laws give you specific rights that make it easier for you to control how we process your personal data. These rights include:
- Right of access: You can ask us to inform you free of charge whether we process your data and, if so, what data we process.
- Right to rectification: You have the right to have inaccurate or incomplete personal data rectified.
- Right to erasure: You have the right to have your personal data erased under certain circumstances.
- Right to restrict processing: In certain circumstances, you have the right to request that the processing of your personal data be restricted.
- Right to data portability: Under certain conditions, you have the right to receive a copy of your personal data free of charge in a readable format or to request that it be sent to another controller.
- Right to withdraw consent: You can withdraw your consent at any time with effect for the future, provided that our processing was based on your consent.
- Right to lodge a complaint: You can lodge a complaint with the competent data protection authority at any time.
Please note that these rights under the applicable data protection law may be subject to conditions, exceptions or restrictions (e.g. due to statutory retention obligations or similar). We will inform you accordingly if necessary. You can assert your rights by post (Verband öffentlicher Verkehr, Datenschutz, Dählhölzliweg 12, 3005 Bern) or by email to datenschutz@voev.ch.
9. Safekeeping
We will process and retain your personal data only for as long as is necessary for the fulfilment of our contractual and legal obligations, or for the purpose it was collected, or to comply with documentation requirements. Personal data may be retained for the duration in which claims can be made against our company or as long as legal obligations or legitimate business interests necessitate it, such as for evidential and documentation purposes. Shorter retention periods normally apply to corporate data.
10. Data security
In partnership with our IT service providers, we use appropriate technical and organisational security measures to maximise the protection against manipulation, partial or complete loss and unauthorised access by third parties of the personal data processed and stored by us. We continuously improve our security measures in line with technological developments. Sending information via the internet and other electronic means, however, always involves a degree of risk and we cannot therefore guarantee the security of information sent in this way.
11. Copyright
Copyright and all other rights to the content, images, photos, or other files on the website are the exclusive property of the website operator and/or any specifically named copyright holders. No content may be reproduced in any manner without the express, written consent of the copyright holder. Anyone who reproduces content without permission may be held liable under civil or criminal law.
12. General disclaimer
While we strive to provide the most accurate and up-to-date information possible, we acknowledge that occasional errors may occur. We cannot therefore guarantee the completeness, accuracy and timeliness of all the information we provide. We will not be liable for any material or indirect loss or damage arising from the use of the information provided unless there is evidence of intent or gross negligence. The publisher reserves the right to change or delete texts without notice and is not obliged to update the contents of this website. By using this website, you acknowledge that your use of the site is at your sole risk. The publisher, its clients and partners accept no liability for any loss or damage that may arise from visiting this website. The publisher also accepts no responsibility for the content of third-party websites that may be accessed via any external links provided on this website. The operators of the linked pages are solely responsible for the content of those pages. The publisher therefore expressly distances itself from all third-party content that may be relevant under criminal or liability law or offends common decency.
13. Applicable law/place of jurisdiction
To the extent permitted by law, all legal relationships between users and the APT are subject to substantive Swiss law. The exclusive place of jurisdiction shall be Bern.
14. Changes to this Privacy Statement.
This Privacy Statement may be amended at any time without prior notice. The current version is the one published on our website.
Last updated: 18 January 2024