Privacy Policy
This Privacy Policy explains to you how companies in the Stadler Group (hereinafter referred to jointly as “Stadler”, “we” or “us”) process personal data.
This Privacy Policy is governed by Swiss law. It has also been designed to be compliant with the European General Data Protection Regulation (GDPR) since, in respect of certain forms of data processing, compliance with the GDPR might be required.
1) Controller and data protection officer
The controller responsible for data processing is:
Stadler Rail AG
Ernst-Stadler-Strasse 1
9565 Bussnang
Tel: +41 71 626 21 20
stadler.rail@stadlerrail.ch
The data protection officer for the Stadler Group is:
Maja Krapf
maja.krapf@stadlerrail.com
For the following locations in Germany: Berlin, Chemnitz, Mannheim:
Kedua GmbH, Frank Jander, fjander@kedua.de
2) Data processed
a) Website:
We process personal data that you provide to us voluntarily. Certain data is also collected automatically when you visit our website.
If you contact us via the contact form, we process the data you enter into the input mask, so in particular salutation, first name, last name, address, postcode and city, country and telephone number as well as your email address and your individual message.
When you visit our website, our system automatically collects certain technical information, including your IP address, details of your browser and operating system, the date and time of your visit, the name and URL of the page accessed.
b) Business card submission:
When we submit your business card to our global address database, we process certain personal data from you which you have provided to us on the business card as well as in the personal interview itself. This includes your name, employer, position and business email address. We may also ask you about your product interests.
c) Video surveillance on the company premises
The company premises may be under video surveillance. The video surveillance is expressly indicated on boards. If you enter or drive into a video-monitored area, video recordings of you and possibly your vehicle will be saved.
3) Purpose of data processing and its legal basis
In principle, we only process personal data insofar as we require the data for the purposes of our business relationships, in particular for entering into and performing contracts with customers, suppliers, etc.. We also process your personal data when you contact us directly so that we can process your enquiry and, if appropriate, to carry out pre-contractual measures.
Furthermore we process personal data to comply with our legal obligations at home and abroad, to protect legal claims and to defend ourselves in legal disputes or official proceedings, to comply with compliance and other internal guidelines, to conduct internal investigations and for internal administrative purposes..
In certain cases, we also process personal data if we can demonstrate that we have a legitimate interest in doing so.
In particular, the following data processing purposes should be mentioned:
a) Website:
-
To provide our website
-
To improve our online offer
-
To analyse and evaluate website activities
-
To monitor and improve system security
b) Business card submission:
-
The global address database is used by Stadler and its affiliated companies to build and maintain customer relationships (invitations to trade fairs/events, Christmas cards, thank you notes, etc.).
c) Video surveillance on the company premises
-
For the prevention and investigation of possible criminal offences
-
For the protection of company premises, assets, employees and visitors
If you have given us your consent to use your data, we will use your data for the purpose stated when obtaining it and to the extent of that consent. In this case, you can revoke your consent to data processing at any time. However, this revocation has no influence on any data processing that has already taken place.
4) Cookies and analysis services
We use cookies and similar technologies on our website. Cookies are small text files, which are sent to your computer and then saved by your browser. They are designed to make our offerings more user-friendly, effective and secure. Most of the cookies used are only used for the respective session and are then automatically deleted when you leave our website (session cookies). Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser when you revisit our website (permanent cookies). You can configure your browser so that you are notified when a cookie is received and so that it accepts cookies only in selected cases, or so that it blocks cookies in certain or in all cases, or so that it automatically deletes cookies when it is closed. If you deactivate cookies, some of the functions of our website may not be available.
We use permanent cookies to make our website more user-friendly. This results, in particular, in the storage and transfer of language settings and login information. In addition, we use cookies to analyze your behaviour on our website. In this process, we use information such as which search terms you enter, how often you access the website and which functions you use.
Certain cookies are placed by us, while others are placed by the contractual partners with whom we work.
By following the links set out below, you can find out how to manage the cookies of the most important browsers (including how to deactivate them):
Chrome Browser
Internet Explorer
Mozilla Firefox
Safari
5) Tracking Services / Google Analytics
Our website currently does not use any tracking services such as e.g. Google Analytics. Therefore, there is neither the need nor the possibility to block or prevent these services.
6) Use of YouTube
We have integrated YouTube videos in our online offerings. These are saved at www.YouTube.com and can be played directly from our website. These are all in the "expanded data protection" mode, i.e. no data about you as a user will be transferred to YouTube if you do not play the videos. Only if you play the videos, the data listed in the next paragraph will be transferred. We have no influence on this data transfer.
Through your visit to the website, YouTube will be informed that you have opened on the corresponding subpage of our website. This will happen regardless of whether you are logged in to a YouTube user account, or if there is no user account at all. If you are logged into Google, your data will be assigned directly to your account. If you do not want your data to be immediately assigned to your account, you must log out before activating the button. YouTube will store the data as a user profile and use it for promotional purposes, market research and/or the user-friendly design of its website. Such assessments are primarily made to provide tailored advertisements (even for users who are not logged in) and to inform other users in the social network about your activities on our website. You have the right to object to the creation of a user profile, however, you must address these objections to YouTube.
You can find out more about the purpose and scope of the data collection and its processing by YouTube in the data protection declaration. You will find more information about your rights and possible settings to protect your privacy: http://www.google.de/intl/en/policies/privacy.
7) Other third-party software
We do not use other third-party software or tools such as Google’s remarketing or similar audience functions. Nor do we use Google AdWords conversion tracking or Google AdSense and the like. Furthermore, we do not use any social media plug-ins such as, for example, Facebook, Instagram or Twitter.
8) Transfer of data to third parties
We will only disclose your data to a third party if this is necessary to achieve the purposes mentioned or to protect our legitimate interests or to comply with the law. We disclose data, in particular to the following third parties:
-
Companies in the Stadler Group (including Group companies outside of the EEA); a list of these companies can be accessed by clicking on the following link: www.stadlerrail.com/en/about-us/locations/
-
Service providers, in particular providers of IT services, hosting, support and logistics providers, and CRM system providers
-
Date processors
-
Domestic and foreign authorities, administrative bodies, courts and arbitration tribunals
-
Opposing parties in litigation
In particular, the following data transfers should be mentioned:
a) Website:
-
Data processor, service provider
b) Business card submission:
-
Event agency in the EEA area
-
Trade fair service providers (invitation tools, etc.) in Switzerland or the EU
c) Video surveillance on the company premises:
-
Upon request, the data is passed on to the police and law enforcement agencies
If a Stadler company or a division of it is transferred to a third party or integrated into another enterprise, your data may be disclosed to our own consultants and also to external consultants.
If and insofar as we use a third party for the performance of a contract with you, your personal data will only be disclosed to the third party to the extent that this is necessary for the corresponding performance.
If data is transferred to a country without an appropriate level of data protection, data security measures will be taken, for example, through the use of standard contractual clauses approved by the EU, binding corporate rules or other appropriate measures to safeguard your data.
9) Retention period
We retain your data only for as long as it is necessary to achieve the purpose for which it was obtained. Data which is collected for the purposes of the performance of a contract or in order to take steps prior to entering into a contract will be erased or anonymized when it is no longer required for the performance of the contract. After entering into a contract, we may retain data in order to fulfil contractual or legal obligations or to safeguard our legitimate interests, in particular in exercise or defense of legal claims.
a) Website:
-
Session cookies are generally deleted as soon as the session ends. Permanent cookies are stored for a maximum of 10 days. However, you can delete already stored cookies in your browser at any time.
b) Business card submission:
-
We will retain your data for as long as is necessary to achieve the purpose for which it was obtained.
c) Video surveillance on company premises:
-
The data will be stored for 2 (two) weeks and then be deleted.
10) Your rights
Where we process your personal data, you have the right to request access to your personal data, to require that your data be rectified or completed, to have processing restricted or data erased, and to receive your data in a structured, commonly used and machine-readable format in order to transmit this data to another location (data portability).
Furthermore, you may object to the processing of your personal data if we are not obliged to process it for the performance of a contractual or legal obligation. If processing of your data is based on your consent, you may, at any time, withdraw it. Please note that the withdrawal of your consent will not affect the lawfulness of previous processing.
Your rights may be restricted, in particular if the exercise of your rights conflicts with the performance of our legal or contractual obligations, or where we can demonstrate an legitimate interest in processing, or the rights of third parties would be infringed.
If you would like to exercise your rights, please use the address in clause 1 to contact us.
If you believe your rights have been infringed, you may, at any time, lodge a complaint with the competent supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner
(https://www.edoeb.admin.ch/edoeb/en/home.html).
11) Online Dispute Resolution (ODR platform)
The European Commission provides an out-of-court Online Dispute Resolution platform (ODR platform) for certain forms of data processing. The platform can be accessed at: http://ec.europa.eu/odr
12) Data security
We would like to point out that, in spite of our use of licensed SSL encryption on our website (see the SSL certificate in the top left-hand corner of your browser), where data is transferred via the Internet security gaps may exist outside our web server, for example, at nodes in international networks.
13) Data belonging to third parties
If you transfer personal data belonging to a third party to us, please ensure that you are authorized to do so, that the data subject knows about the transfer and is familiar with this Privacy Policy, and that the data transferred is correct.
14) Changes
We reserve the right to amend this Privacy Policy at any time. The current version of this Privacy Policy is published on our website.
15) Disclaimer
Our website provides general information about the Stadler Group companies and their products and services. This information is to serve as an introduction for interested persons. However, all information on this website is provided without guarantee. A guarantee or liability in any form, e.g. for the correctness, reliability, completeness and validity of the information, is expressly excluded. Please do not hesitate to contact us directly using the details provided in clause 1 should you require further and, in particular, binding information.
16) Links to other websites
This website contains links to other websites. We have no influence over the design or content of linked websites and assume no liability for their content. The respective providers are responsible for the content of the information made available on such websites.
17) Copyright
Stadler permits users of this website to duplicate or print out its content for their own personal use. Only content in the News section of the website may be duplicated or printed for the purposes of publication. Stadler must be specified as the copyright holder in all published materials containing this content. Stadler retains all other copyrights and intellectual property rights to all content on the website.
18) Place of jurisdiction
The place of jurisdiction for legal disputes arising in connection with the use of our websites is Bussnang, Switzerland.
Version 20 December 2022