1. Who Are We?
Ferrovia Monte Generoso SA
Via Lüera 1 – 6825 Capolago
email@example.com +41 91 630 51 11
For further information please contact us at:
firstname.lastname@example.org +41(0) 91 630 51 11
2. Which Personal Data Do We Process and for What Purposes?
We process a wide range of personal data for different reasons and purposes. Further information is provided in this section, in possible declarations of consent and, in many instances, in the applicable general terms and conditions, conditions of participation, and additional privacy policies. We generally collect personal data directly from you, e.g. when you transfer data to us or communicate with us. However, personal data may also be collected from other sources, especially in the case of the following data:
The purposes for which we process personal data concerning you in particular include the following:
3. To Whom Do We Disclose Personal Data?
Our employees have access to your personal data to the extent required for the purposes defined and for the performance of the activities of the employees in question. These include employees in other departments and in support roles, e.g. [IT]. Our employees act in accordance with our instructions and are bound by confidentiality and non-disclosure obligations in handling your personal data. We may transfer your personal data to any third parties that supply services to us (e.g. IT service providers) both within and outside the Migros Group.
Furthermore, personal data may be transferred to other companies which may (also) use such data for their own purposes. In such cases, the data recipient is legally responsible as the controller of the data. This would apply in the following circumstances, for example:
4. When Do We Transfer Your Personal Data Abroad?
The recipients of your personal data may be located abroad – including outside of the EU or EEA. The countries in question may not have laws in place that afford your personal data the same level of protection as provided in Switzerland or in the EU or the EEA. In transferring your personal data to such a country, we are required to ensure the protection of your personal data in a suitable manner. One means of doing so is to conclude data transfer agreements with the recipients of your personal data that ensure the required level of data protection. Please contact us if you would like a copy of our data transfer agreements.
5. How Do We Process Personal Data in relation to websites and email newsletters?
If we distribute newsletters by email, we may be able to establish whether or when you opened the email, allowing us to assess your use of the email and provide offers that better match your interests. You can stop the processing of such data in your email program.
Our websites also incorporate functions from social networks such as Facebook, Twitter, YouTube, Google+, Pinterest and Instagram. These functions are disabled by default. Enabling such functions may allow social network providers to log your visit to our website. Such providers may use this information for their own purposes, under their own responsibility and in accordance with their own data protection rules.
6. For How Long Do We Store Your Personal Data?
We store your personal data in a personalized form for as long as it is required for the specific purpose for which it was collected. In the case of contracts, personal data is stored for at least the duration of the contractual relationship. We also store personal data if we have a legitimate interest in doing so, e.g. for documentation and evidential purposes or to safeguard and defend legal rights. We also store your personal data if it is subject to a statutory retention requirement.
7. How Do We Protect Your Personal Data?
We take appropriate technical measures (e.g. encryption, pseudonymization, record keeping, access restrictions, data backups) and organizational measures (e.g. instructions issued to employees, confidentiality agreements, audits) in order to safeguard your personal data, protect you against unauthorized or unlawful processing activities, and to address the risk of loss, unintentional changes, inadvertent disclosure, or unauthorized access. In general, however, security risks cannot be completely ruled out; certain residual risks are unavoidable in most cases.
8. What Rights Do You Have in Connection with the Processing of Your Personal Data?
You may object to the processing of your personal data at any time, especially to data processing related to direct advertising (e.g. advertising emails).
Under the law applying to you, you also have the right of access, the right to rectification, the right to erasure, the right to restriction of processing, the right to object to the processing of data, and the right to receive personal data that you have provided to us in a readable format and free of charge. You also have the right to withdraw your consent, which will not affect the lawfulness of processing based on consent before its withdrawal. You can also lodge a complaint with the competent data protection authority.
9. What Else Do You Need to Bear in Mind?
We process your personal data in particular on the basis of the following principles:
Incidentally, there is no general obligation to disclose personal data to us unless you have entered into a contractual relationship with us that establishes such an obligation. We will, however, be required to collect and process any personal data that is necessary or legally prescribed for the purposes of commencing and performing a contractual relationship and meeting related obligations. Otherwise, it will not be possible for us to conclude or continue the contract in question. It is also necessary, in practice, to process log data and certain other types of data in connection with website use. In relation to any communications with us, it is also necessary for us, as a minimum, to process personal data that you transfer to us or that we transfer to you.