Privacy Policy of vs | verkehrssysteme ag

Version dated 29 August 2023

In this Privacy Policy, we, vs | verkehrssysteme ag (vsag), explain how we collect and process personal data. This is not an exhaustive description; other privacy policies, general terms and conditions, participation terms and similar documents of clients may govern specific matters. Personal data means any information relating to an identified or identifiable person.

No consent by customers, their employees or other affected persons to this Privacy Policy is required. This Privacy Policy merely provides information about the nature, scope and purpose of the use of personal data by vsag.

If you provide us with personal data of other persons (e.g. family members, data of colleagues, clients or suppliers), please ensure that these persons are aware of this Privacy Policy and only share their personal data with us if you are permitted to do so and if such personal data is correct.

1. Responsibility

Unless otherwise specified in individual cases, the entity responsible for the data processing described herein is vsag. If you have any data protection concerns, you may contact us at the following address:

vs | verkehrssysteme ag
Neue Bahnhofstrasse 160
CH-4132 Muttenz
info@vs-plus.com
Tel. +41 61 501 41 41

2. Collection and Processing of Personal Data

We process personal data (data that directly or indirectly identifies natural persons) that we receive from our customers and other business partners and other persons involved in the course of our business relationships, as well as data that we collect from users when operating our websites, apps and other applications or that is recorded during traffic surveys.

Where permitted, we also obtain certain data from publicly accessible sources or receive such data from other companies within the scope of projects, from authorities, clients and other third parties. In addition to the data that you provide directly to us, the categories of personal data that we receive about you from third parties include in particular information:

• from public registers (e.g. commercial registers, land registers, debt enforcement registers);
• that we become aware of in connection with official and judicial proceedings;
• in connection with your professional functions and activities (so that we can, for example, conclude and process transactions with your employer with your assistance);
• about you in correspondence and discussions with third parties;
• regarding your creditworthiness (where we conduct business with you personally and where necessary);
• about you that persons from your environment (family, advisers, legal representatives, etc.) provide to us so that we can conclude or perform contracts with or involving you (e.g. references, your address for deliveries, powers of attorney, information regarding compliance with legal requirements such as export restrictions);
• from banks, insurance companies, sales and other contractual partners of ours regarding the use or provision of services by you (e.g. payments made);
• from media and the internet concerning you (where appropriate in the specific case, e.g. in connection with an application, press review, marketing/sales, etc.), your addresses and possibly interests and other socio-demographic data (for marketing);
• in connection with the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of the visit, accessed pages and content, functions used, referring website, location data).

3. Purposes of Data Processing and Legal Bases

We primarily use the personal data collected by us to conclude and process our contracts with our customers and business partners, in particular in connection with providing services in traffic engineering and purchasing products and services from our suppliers and subcontractors, as well as to comply with our legal obligations in Switzerland and abroad. If you act for such a customer or business partner, you may naturally also be affected by this in your role through your personal data.

In addition, we also process personal data about you and other persons, where permitted and where we consider it appropriate, for the following purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

• communication with third parties and processing their inquiries (e.g. applications, media inquiries);
• offering and further development of our services and websites, apps and other platforms on which we are present;
• review and optimization of procedures for needs analysis for the purpose of direct customer contact and collection of personal data from publicly accessible sources for customer acquisition;
• advertising and marketing (including organizing events), provided that you have not objected to the use of your data (if we send advertising to you as an existing customer, you may object at any time and we will place you on a suppression list for further advertising mailings);
• market and opinion research, media monitoring;
• assertion of legal claims and defense in connection with legal disputes and official proceedings;
• prevention and investigation of criminal offences and other misconduct (e.g. conducting internal investigations, data analyses for fraud prevention);
• ensuring our operations, in particular IT, our websites, apps and other platforms;
• video surveillance to safeguard domiciliary rights and other measures for IT, building and facility security and protection of our employees and other persons and assets belonging or entrusted to us (such as access controls, visitor lists, network and mail scanners, telephone recordings);
• purchase and sale of business units, companies or parts of companies and other corporate transactions and the associated transfer of personal data, as well as measures for business management and compliance with legal and regulatory obligations and internal regulations of vsag.

Where you have given us your consent to process your personal data for specific purposes, we process your personal data within the scope of and based on this consent, unless we have another legal basis and require one. Consent given may be revoked at any time, although this has no effect on data processing already carried out.

4. Cookies / Tracking and Other Technologies in Connection with the Use of Our Website

Data Collected Automatically

As a rule, we do not collect personal data on our website for further processing. When you access our website, technical information is automatically recorded. This information is stored in the server log file and includes IP address, HTTP status code, your operating system, browser, browser language, websites accessed, the website from which you accessed our website and the website on which you leave our website, date and time including time zone of your access and the duration of your visit. This data is stored in the web hosting environment (https://www.cyon.ch/) and is not further processed there. A corresponding data processing agreement (DPA) is in place. The collection of this data serves data security purposes and enables us to provide our website in a user-friendly and reliable manner.

Your data is not used to draw conclusions about your person. Information of this type is only evaluated statistically.

Cookies

Cookies are stored by your browser. They are used to recognize a website that has already been accessed and thereby, for example, measure the reach of the website. Online marketing would be another possible use, which we do not use. Cookies are generally stored only during the session (i.e. the current visit to our website) and are then automatically deleted. You can configure how your computer handles cookies (accept all, exclusion lists, etc.) in your browser settings. Without cookies, a website may not be fully displayed, which is why we request consent.

Social Media

We use social networks on our website such as YouTube (Privacy and Safety Center, Your Data on YouTube) or LinkedIn (LinkedIn Consumer Solutions Platform, Privacy Policy). This is visible to you in each case (typically via corresponding symbols). By clicking/using these links, personal data is transferred to the respective platforms and thus also processed outside Switzerland. How and for what purpose this personal data is used and processed, and the rights you have regarding this data, are the responsibility of the respective operator and are governed by their privacy policies, terms of use and general terms and conditions. We do not receive any information about you from these operators.

Plug-ins

We use so-called plug-ins on our website. These serve to enable certain functions, such as the direct playback of digital video content or image optimization. How and for what purpose any collected personal data is used and processed, and the rights you have regarding this data, are the responsibility of the respective operator and are governed by their privacy policies, terms of use and general terms and conditions. We do not receive any information about you from these operators.

Personal Data Not Collected Automatically

If data is voluntarily transmitted to us via contact form, e-mail or other means, we assume that you agree to the transmission of the data. If we receive data from a third party, we assume that such third party has complied with the applicable data protection obligations towards you.

Photos of Persons

If people appear in our photographs who do not agree with publication, they may contact us. The copyright to the photographs displayed on this website belongs to vsag.  Downloading and use of the photographs is only permitted with our written consent.

5. Disclosure of Data and Transfer of Data Abroad

Within the scope of our business activities and for the purposes set out in Section 3, we also disclose personal data to third parties where permitted and where we consider it appropriate, either because they process it for us or because they wish to use it for their own purposes. In particular, this concerns the following recipients:

• our service providers as well as external service providers such as banks and insurance companies, including processors (such as IT providers; HR administration/payroll accounting);
• dealers, suppliers, subcontractors and other business partners;
• customers;
• domestic and foreign authorities, official bodies or courts;
• catering and hotel businesses as well as media in connection with your participation in events;
• the public, including visitors to websites and social media;
• competitors, industry organizations, associations, organizations and other bodies;
• other parties in potential or actual legal proceedings.

These recipients are generally located in Switzerland but may be located anywhere in the world. In particular, you must expect your data to be transferred to other European countries and the USA, where the service providers we use are located (such as Microsoft, YouTube).

If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with applicable data protection law (for this purpose we use the revised standard contractual clauses of the European Commission, available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj ), unless the recipient is already subject to a legally recognized framework ensuring data protection and unless we can rely on an exception. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interest or where the performance of a contract requires such disclosure, if you have consented or if it concerns data made generally accessible by you and the processing of which you have not objected to.

6. Duration of Retention of Personal Data

We process and store your personal data for as long as required for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued by the processing, i.e. for example for the duration of the entire business relationship (from initiation, processing through to termination of a contract) and beyond that in accordance with statutory retention and documentation obligations. It is possible that personal data will be retained for the period during which claims may be asserted against our company and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidentiary and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will generally and where possible be deleted or anonymized. For operational data (e.g. system protocols, logs), shorter retention periods of twelve months or less generally apply.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access and misuse, such as issuing directives, regular training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization and monitoring of these measures.

8. Obligation to Provide Personal Data

Within the scope of our business relationship, you must provide the personal data that is necessary for establishing and conducting a business relationship and fulfilling the associated contractual obligations. Without this data, we will generally not be able to conclude or make a contract with you (or with the entity or person you represent). The website also cannot be used if certain information required to ensure data traffic (such as the IP address) is not disclosed.

9. Profiling and Automated Decision-Making

For the establishment and conduct of the business relationship and otherwise, we generally do not use profiling or fully automated decision-making based on personal data (as regulated, for example, in Art. 22 GDPR). Should we use such procedures in individual cases, we will inform you separately where legally required and explain the associated rights.

10. Applicability of Data Protection Law

This Privacy Policy is designed to comply with the requirements of the Swiss Federal Act on Data Protection, the revised Swiss Federal Act on Data Protection and the EU General Data Protection Regulation. However, whether and to what extent these laws are applicable depends on the individual case.

11. Rights of the Data Subject

Within the scope of the data protection law applicable to you and insofar as provided therein (such as in the case of the General Data Protection Regulation), you have the right to access, rectification, erasure, the right to restriction of processing and otherwise to object to our data processing, in particular for purposes of direct marketing and other legitimate interests in processing, as well as the right to receive certain personal data for transfer to another entity (so-called data portability). Please note, however, that we reserve the right to assert the restrictions provided for by law on our part, for example if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we may rely on this) or require it for the assertion of claims. If costs are incurred for you, we will inform you in advance. We have already informed you about the possibility of revoking consent in Section 3. Please note that exercising these rights may conflict with contractual agreements and this may result in consequences such as premature contract termination or costs. In such cases, we will inform you in advance unless this is already contractually regulated.

The exercise of such rights generally requires that you clearly prove your identity (e.g. by means of a copy of an identity document where your identity is otherwise unclear or cannot be verified). To assert your rights, you may contact us at the address specified in Section 1.

Every data subject also has the right to enforce their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

12. Amendments

We may amend this Privacy Policy at any time without prior notice. The current version published on our website shall apply. Insofar as the Privacy Policy forms part of an agreement with you, we will inform you of any amendments by e-mail or by other suitable means in the event of an update.

* * * * *