Privacy Policy

With this privacy policy, we inform you about the personal data we process in connection with our activities and operations, including our mobilityacademy.ch website. Specifically, we provide information on what, how, and where we process personal data. We also inform about the rights of individuals whose data we process.

For specific or additional activities and operations, other privacy policies and legal documents, such as General Terms and Conditions (GTC), Terms of Use, or participation conditions, may apply.

We are subject to Swiss data protection law and, if applicable, foreign data protection law, in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.

1. Contact Addresses

Responsibility for processing personal data:

Mobilitätsakademie des TCS
Poststrasse 1
CH-3072 Ostermundigen

info@mobilitaetsarena.ch

We will indicate if there are other responsible parties for the processing of personal data in specific cases.

2. Terms and Legal Bases

2.1 Terms

Personal data refers to all information relating to an identified or identifiable natural person. An affected person is an individual whose personal data we process.

Processing includes any handling of personal data, regardless of the means and methods used, such as querying, matching, adjusting, archiving, storing, reading, disclosing, acquiring, recording, collecting, deleting, revealing, arranging, organizing, storing, modifying, distributing, linking, destroying, and using personal data.

The European Economic Area (EEA) includes the member states of the European Union (EU) as well as Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal-related data.

2.2 Legal Bases

We process personal data in accordance with Swiss data protection law, especially the Federal Data Protection Act (Data Protection Act, DPA) and the Data Protection Ordinance (Data Protection Regulation, DPR).

We process – provided and insofar as the General Data Protection Regulation (GDPR) is applicable – personal data according to at least one of the following legal bases:

• Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data for the performance of a contract with the affected person and for the implementation of pre-contractual measures.
• Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data to protect the legitimate interests of us or third parties, unless the fundamental freedoms and rights and interests of the affected person prevail. Legitimate interests include our interest in carrying out our activities and operations in a sustainable, user-friendly, secure, and reliable manner, ensuring information security, protection against misuse, asserting our legal claims, and compliance with Swiss law.
• Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data to fulfill a legal obligation to which we may be subject according to the law of member states in the European Economic Area (EEA).
• Art. 6 para. 1 lit. e GDPR for the necessary processing of personal data in the public interest.
• Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the affected person.
• Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data to protect the vital interests of the affected person or another natural person.

3. Type, Scope, and Purpose

We process those personal data that are necessary in order to carry out our activities and tasks in a sustainable, user-friendly, secure, and reliable manner. Such personal data can particularly fall into the categories of inventory and contact data, browser and device data, content data, meta or edge data, usage data, location data, sales data, and contract and payment data.

We process personal data for the duration required for the respective purpose or purposes or as legally required. Personal data that is no longer required to be processed will be anonymized or deleted.

We may have personal data processed by third parties. We may process personal data jointly with third parties or transmit it to third parties. Such third parties are particularly specialized providers whose services we use. We also ensure data protection with such third parties.

We process personal data fundamentally only with the consent of the affected persons. In cases where the processing is permissible for other legal reasons, we may refrain from obtaining consent. For example, we can process personal data without consent to fulfill a contract, to comply with legal obligations, or to safeguard overriding interests.

In this context, we particularly process details that an affected person voluntarily provides to us when contacting us - for example by regular mail, email, instant messaging, contact form, social media, or phone - or when registering for a user account. We may, for instance, store such details in an address book or similar tools. If we receive data about other people, those who provide the data are obliged to ensure data protection towards these persons and ensure the accuracy of this personal data.

We also process personal data that we obtain from third parties, procure from publicly accessible sources, or collect during the performance of our activities and tasks, provided that such processing is legally permissible.

4. Applications

We process personal data of applicants to the extent necessary to assess their suitability for an employment relationship or for the subsequent execution of an employment contract. The necessary personal data are primarily derived from the information requested, for example, within a job advertisement. We also process the personal data that applicants voluntarily provide or publish, especially as part of cover letters, CVs, and other application documents, as well as online profiles.

In cases where the General Data Protection Regulation (GDPR) applies, we process personal data of applicants particularly in accordance with Art. 9 Para. 2 lit. b GDPR.

5. Personal Data Abroad

We process personal data primarily in Switzerland and the European Economic Area (EEA). However, we can also export or transmit personal data to other countries, especially for processing or to have them processed there.

We can export personal data to any country or territory on Earth, as well as elsewhere in the Universe, provided the local law meets the decision of the Swiss Federal Council standards for adequate data protection and - if and when the General Data Protection Regulation (GDPR) applies - meets the decision of the European Commission for adequate data protection.

We can transfer personal data to countries whose laws do not guarantee adequate data protection, provided data protection is ensured for other reasons, especially based on standard data protection clauses or other appropriate guarantees. Exceptionally, we can export personal data to countries without adequate or appropriate data protection, if the special data protection legal requirements are met, such as the explicit consent of the affected persons or a direct connection with the conclusion or execution of a contract. We are happy to provide information or supply a copy of possible guarantees upon request.

6. Rights of Affected Persons

6.1 Data Protection Claims

We grant affected persons all claims in accordance with applicable data protection laws. Affected persons have the following rights in particular:

• Information: Affected persons can request information on whether we process personal data about them, and if so, which personal data. They also receive further information required to assert their data protection claims and ensure transparency. This includes the processed personal data as such, but also information about the purpose of processing, the duration of storage, any disclosure or export of data to other countries, and the origin of personal data.
• Correction and Restriction: Affected persons can correct inaccurate personal data, complete incomplete data, and restrict the processing of their data.
• Deletion and Objection: Affected persons can request deletion of personal data ("right to be forgotten") and object to the processing of their data for the future.
• Data Release and Data Transfer: Affected persons can request the release of personal data or the transfer of their data to another responsible party.

We may, within the legally permissible framework, delay, limit, or deny the exercise of the rights of affected persons. We can point out any prerequisites to be met for the assertion of their data protection claims. For example, we may fully or partially refuse to provide information, citing trade secrets or the protection of other persons. Similarly, we may fully or partially refuse to delete personal data, citing statutory retention obligations.

We may exceptionally charge fees for exercising these rights. We inform affected persons in advance of any possible charges.

We are obliged to identify affected persons who request information or assert other rights using appropriate measures. Affected persons are obligated to cooperate.

6.2 Right to Lodge a Complaint

Affected persons have the right to assert their data protection claims in court or file a complaint with a competent data protection supervisory authority.

The supervisory authority for private entities and federal agencies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Affected persons have – if and when the General Data Protection Regulation (GDPR) applies – the right to file a complaint with a competent European data protection supervisory authority.

7. Data Security

We take appropriate technical and organizational measures to ensure data security commensurate with the respective risk. However, we cannot guarantee absolute data security.

Access to our website is secured using transport encryption (SSL / TLS, especially with the Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.

Our digital communication is - as is fundamentally the case with all digital communication - subject to mass surveillance without cause or suspicion as well as other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence on the corresponding processing of personal data by intelligence services, police agencies, and other security authorities.

8. Website Usage

8.1 Cookies

We may use cookies. Cookies - both our own cookies (First-Party-Cookies) and cookies from third parties whose services we use (Third-Party-Cookies) - are data that is stored in the browser. Such stored data is not limited to traditional text-based cookies.

Cookies can be stored temporarily in the browser as "Session Cookies" or for a specified duration as so-called permanent cookies. "Session Cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies, in particular, allow us to recognize a browser the next time it visits our website and, for instance, measure the reach of our website. However, permanent cookies can also be used for online marketing.

Cookies can be disabled or deleted in the browser settings at any time, either completely or partially. Without cookies, our website may not be fully available. We request - at least when and as required - explicit consent for the use of cookies.

For cookies used for performance and reach measurement or for advertising, a general objection ("Opt-out") is possible for numerous services via the AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

8.2 Server Log Files

For every access to our website, we may record the following information, provided it is transmitted by your browser to our server infrastructure or can be determined by our web server: Date and time including timezone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, the specific sub-page of our website accessed including the amount of data transferred, and the last webpage accessed in the same browser window (referrer).

We store such information, which may also constitute personal data, in server log files. This data is necessary to provide our website consistently, user-friendly, and reliably and to ensure data security, especially the protection of personal data – either by ourselves or with the help of third parties.

8.3 Tracking Pixels

We may use tracking pixels on our website. Tracking pixels are also referred to as web beacons. Tracking pixels - also from third parties whose services we use - are small, typically invisible images that are automatically retrieved when visiting our website. The same information as in server log files can be captured with tracking pixels.

9. Notifications and Communications

We send notifications and communications via email and through other communication channels such as instant messaging or SMS.

9.1 Success and Reach Measurement

Notifications and communications may contain web links or tracking pixels that record whether an individual communication was opened and which web links were clicked on. Such web links and tracking pixels can also record the use of notifications and communications in relation to individuals. We require this statistical recording of usage for the success and reach measurement in order to send notifications and communications effectively and user-friendly, as well as on a permanent, safe, and reliable basis.

9.2 Consent and Objection

You must generally expressly consent to the use of your email address and other contact addresses unless the use is permissible for other legal reasons. If possible, we use the "double opt-in" procedure for any consent, which means that you will receive an email with a web link that you must click to confirm, to prevent misuse by unauthorized third parties. We may log such consents including the Internet Protocol (IP) address and the date and time for proof and security reasons.

You can generally object to receiving notifications and communications, such as newsletters, at any time. With such an objection, you can also object to the statistical recording of usage for success and reach measurement. Exceptions are notifications and communications required in connection with our activities and operations.

10. Social Media

We are present on social media platforms and other online platforms to communicate with interested individuals and to inform about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).

The general terms and conditions (T&C) and terms of use, as well as privacy policies and other provisions of the individual platform operators, apply as well. These provisions provide information in particular about the rights of affected individuals directly vis-à-vis the respective platform, including, for example, the right to access.

11. Third Party Services

We use services from specialized third parties to be able to carry out our activities and operations on a permanent, user-friendly, safe, and reliable basis. With such services, we can, for example, embed functions and content into our website. For such embedding, the used services capture at least temporarily the Internet Protocol (IP) addresses of users for technical reasons.

For necessary security-related, statistical, and technical purposes, third parties whose services we use can process data in connection with our activities and operations in an aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data to be able to offer the respective service.

We particularly use:

• Services from Google: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General privacy information: "Principles on Data Protection and Security", Privacy Policy, "Google is committed to complying with applicable privacy laws", "Guide to Data Protection in Google Products", "How we use data from websites or apps that use our services" (Information from Google), "Types of Cookies and other technologies used by Google", "Personalized Advertising" (Activation / Deactivation / Settings).
• Services from Microsoft: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom, and Switzerland; General privacy information: "Privacy at Microsoft", "Privacy and Privacy (Trust Center)", Privacy Policy, Privacy Dashboard (Data and Privacy Settings).

11.1 Digital Infrastructure

We use services from specialized third parties to be able to utilize the required digital infrastructure in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.

11.2 Audio and Video Conferencing

We use specialized services for audio and video conferencing to be able to communicate online. For instance, we can hold virtual meetings or conduct online classes and webinars. Participation in audio and video conferences is subject to the additional legal texts of the individual services, such as privacy policies and terms of use.

We recommend, depending on the situation, to mute the microphone by default when participating in audio or video conferences, to blur the background, or to display a virtual background.

We particularly use:

• Microsoft Teams: Platform for audio and video conferencing among others; Provider: Microsoft; Specific Teams information: "Privacy and Microsoft Teams".
• Skype: Audio and video conferencing; Specific Skype Providers: Skype Communications SARL (Luxembourg) / Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom, and Switzerland; Privacy information: "Legal Information for Skype", "Data Protection and Security".
• Zoom: Video Conferencing; Provider: Zoom Video Communications Inc. (USA); Privacy information: Privacy Policy, "Privacy at Zoom", "Legal Compliance Center".

12. Success and Reach Measurement

We attempt to determine how our online offer is used. Within this context, we can, for example, measure the success and reach of our activities and operations as well as the impact of third-party links on our website. We can also test and compare how different parts or versions of our online offer are used ("A/B testing" method). Based on the results of success and reach measurements, we can in particular fix errors, strengthen popular content, or make improvements to our online offer.

For success and reach measurement, in most cases, the Internet Protocol (IP) addresses of individual users are saved. In this case, IP addresses are fundamentally shortened ("IP masking") to comply with the principle of data minimization through appropriate pseudonymization.

During success and reach measurement, cookies may be used and user profiles created. Any user profiles created typically include, for instance, the individual pages visited or viewed content on our website, details about the size of the screen or browser window, and the—at least approximate—location. Fundamentally, any user profiles are only pseudonymized and are not used for identifying individual users. Some third-party services, where users are logged in, may potentially associate the use of our online offer with the user account or user profile of the respective service.

We specifically use:

• Google Analytics: Success and reach measurement; Provider: Google; Google Analytics-specific information: Measurement across different browsers and devices (Cross-Device Tracking) as well as with pseudonymized Internet Protocol (IP) addresses, which only exceptionally are fully transmitted to Google in the USA, "Privacy", "Browser Add-on to deactivate Google Analytics".
• Google Tag Manager: Integration and management of other services for success and reach measurement as well as other services from Google and third parties; Provider: Google; Google Tag Manager-specific information: "Data captured with Google Tag Manager"; more privacy details are available for each integrated and managed service.

13. Final Provisions

We created this privacy policy with the Privacy Policy Generator from Datenschutzpartner.

We can adjust and amend this privacy policy at any time. We will inform about such adjustments and additions in an appropriate manner, especially by publishing the respective current privacy policy on our website.