- our prospective, current and former partners, who are natural persons (such as self-employed persons) or the representatives or contact persons of such partners who are legal entities, including our shareholders, suppliers, agents, partners, consultants and competent authorities;
- our website’s visitors and any third parties following our company, such as analysts and individuals having registered for our newsletter, events or other information mailings;
- our prospective members of personnel.
1. What type of personal data do we collect?
We collect basic identification information about all individuals with whom we interact, such as your name, title, position, company name, address (incl. city, country, zip code), phone number, email address, signature, and digital signature.
The information may either be directly provided by you, communicated to us by the legal entity whom you work for (e.g. if you are the contact person designated by your employer to interact with us), supplied to us by one of our service providers (e.g. financial institutions) or obtained from publicly available sources (e.g. social media profiles).
1.1.(Representatives of) our partners
For (the representatives of) our partners, including our shareholders, suppliers, agents, partners, consultants and any competent authorities, we may also collect the following information:
- for partners who are natural persons (such as self-employed persons) or the representatives or contact persons of such suppliers who are legal entities, additional identification information (e.g. copy of ID card), financial information (e.g. bank account details, bills and invoices) and information relating to the contract (e.g. type of agreement, parties and duration);
- notes about our meetings (if any); and
- if legally required for compliance purposes, or in the course of our services provided to you, information about relevant and significant litigation or other legal proceedings against you or any third party related to you and interaction with you which may be relevant for antitrust purposes.
1.2.Website visitors and any third parties following our company such as analysts and individuals having signed up for our newsletters
For website visitors and any third parties following our company such as analysts, contractual partner and individuals having signed up for our newsletter, if any, events or other information mailings, we may also collect the following information:
- electronic identification data (http header fields, IP address, browser identification information, information on hardware and software location data if available);
- information regarding your browser and device (e.g. internet service provider’s domain, browser’s type and version, operating system and platform, screen resolution, device manufacturer and model);
- information provided by you during registration to receive one or more newsletters (e.g. address, type of profile and interest in one or several newsletters); and
- data collected through cookies, code on the website and our newsletter delivery provider’s web beacons (e.g. language preferences and analytics of the use of the website, such as the pages visited, in which order these pages were visited and the duration of the visit).
1.3.Prospective members of personnel
For our prospective employees (whether internal or external staff), we may also collect the following information:
- additional identification information (e.g. date and place of birth, nationality, ID card or passport numbers and copy of ID card or passport);
- sickness certificates, accidents and family information (e.g. marital status, number of children, date of birth and household composition, working status of spouse);
- education and experience (e.g. employment and education history, other details included in CVs, professional qualifications and experience);
- previous employment records (e.g. nature of position held, title of position and type of contractual relationship, supervisor and subordinates, employment dates such as dates of hiring/promotion/position change, work schedule, performance evaluations), which may allow us, with your prior consent, to contact the former employer and the persons mentioned as references;
- other information relating to your recruitment (e.g. information you provided during your interview, conversations, correspondence, notes and comments made during the recruitment process);
- your social security information (such as tax/social security status, insurance details, disabilities);
- your picture for internal/security purposes;
- any information you may need to provide depending on our screening control (such as extract of criminal record and/or of debt enforcement register); and
- any other information relating to you which you may provide to us.
2. How do we collect your personal data?
We collect your personal information as part of our contractual relationship, or when you provide it to us, or interact with us directly, for instance engaging with our staff, using our on-line services (such as Transport Operator Portal and TransFollow Portal) or registering on one of our digital platforms or applications;
We collect your personal information while monitoring our technology tools and services, including our websites and email communications sent to and from Viaservice; and
We may collect or receive information about you from other sources, such as keeping the contact details we already hold for you accurate and up to date using publically available sources.
3. Personal data about other people which you provide to us
4. How do we protect your personal information?
We will take appropriate technical and organisational measures to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection laws.
Whom do we share your personal data with?
5.1.Transfer to third parties
We may transfer or give access to personal data to third parties outside Viaservice such as Viaservice’s third party contractual parties or Viaservice’s affiliated companies to complete the purposes listed below, to the extent they need it to carry out the instructions we have given to them. Such third parties may include:
- third parties who process personal data, such as our payroll providers, (IT) system providers, website designers and hosting providers, payment service providers, banks, insurance companies, social security bodies, email delivery service providers, database and cloud providers and consultants;
- any third party to whom we assign or novate any of our rights or obligations under a relevant agreement;
- our advisors and external lawyers in the context of the sale or transfer of any part of our business or its assets; and
- any national and/or international regulatory, enforcement or exchange body or court where we are required to do so by applicable law or regulation or at their request.
The above third parties are contractually obliged to protect the confidentiality and security of your personal data in compliance with all applicable laws and regulations.
5.2.Transfers outside the European Economic Area
The personal data transferred by Viaservice may also be processed in a country outside the European Economic Area (“EEA”), being the EU Member States, Iceland, Liechtenstein and Norway. Such non-EEA countries may be in particular the United States, Australia and countries where Viaservice’s affiliated companies are located. Non-EEA countries may not offer the same level of personal data protection as EEA countries.
If your personal data is transferred outside the EEA, we will put in place suitable safeguards, in particular standard or ad hoc contractual clauses, to ensure such transfer is carried out in compliance with the applicable data protection rules. You may request additional information in this respect and obtain a copy of the relevant safeguard by exercising your rights as set out below.
6. For which purposes do we process personal data?
We may use your personal data for the following purposes only:
- providing products or services you may have requested, including on-line services (e.g. via the Transport Portal or the TransFollow Portal) or solutions as instructed or requested by you or your organisation;
- managing and administering your or your organisation’s business relationship with Viaservice, including processing payments, accounting, auditing, billing, collection, and support services;
- to comply with our legal and regulatory obligations including our compliance with court orders and exercises, to defend our legal rights, to provide reporting to and/or collaborate during audits conducted by regulatory bodies, and to comply with record keeping obligations (for example to keep records for tax purposes);
- to analyse and improve our services and communications to you;
- to protect the security of and manage access to our premises, IT and communication systems, online platforms, websites and other systems, and to prevent and detect security threats, fraud or other criminal or malicious activities;
- for any purpose related and/or ancillary to any of the above or any other purpose for which your personal data was provided to us;
- because the processing is necessary to perform our contractual obligations towards you or to take pre-contractual steps at your request; and
- because processing is necessary for purposes of our legitimate interest or those of any third party recipients that receive your personal data, provided that such interests are not overridden by your interests or fundamental rights and freedoms.
Where you have expressly given us your consent, we may process your personal data also for the following purposes:
- communicating with you through the channels you have approved to keep you up to date on the latest legal developments, announcements and other information about Viaservice’s services, products, technologies, events and projects;
- conducting surveys, marketing campaigns, market analysis or other promotional activities or events; and/or
- collecting information about your preferences to create a user profile to personalise and foster the quality of our communication and interaction with you (for example, by way of newsletter tracking or website analytics).
In relation to prospective members of the personnel, we may also process personal data for any recruitment activities (for example, performing employment and background checks) and any other purposes imposed by law and authorities.
A cookie is a package of data containing a string of text that identifies you as it travels between your computer and ours. This helps to ensure that the right information is delivered to the right destination.
8. For how long do we retain your personal data?
Your personal data will be deleted when it is no longer reasonably required for the permitted purposes defined above or you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data. We will, in particular, retain your personal data where required for Viaservice to assert or defend against legal claims until the end of the relevant retention period or until the claims in question have been settled.
9. What are your rights regarding your personal data?
Subject to certain legal conditions, you have the right to request a copy of the personal data about you which we hold, to have any inaccurate personal data corrected, to request that your personal data be deleted and to object to or restrict our using of your personal data by sending an email to GDPR@viaservice.ch.
If you object to the processing of your personal information or withdraw your consent previously given we will respect that choice in accordance with our legal obligations.
Your objection or withdrawal of any previously given consent could mean that we are unable to perform the actions necessary to achieve the purposes set out above or that you may not be able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal data to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
We must ensure that your personal data is accurate and up to date. Therefore, please advise us of any changes to your information by sending an email to GDPR@viaservice.ch.
11. How to get in touch with Viaservice?
* * *
Copyright © 2018 Viaservice. All rights reserved.