1/ Introductiton
Hereinafter we, MFD Rail GmbH, inform you about the processing of your personal data when using our website and the associated services and contact opportunities.
 
We process your personal data in accordance with the Swiss Federal Act on Data Protection (“DSG“), the European General Data Protection Regulation (“GDPR“) and other applicable data protection laws.
 

2/ Controller
Controller for the processing of your personal data is:
 
MFD Rail GmbH
Grundstrasse 12
CH-6343 Rotkreuz
T/ +41 41 531 24 24
E/ info@mfdrail.ch
 
If you have any questions or suggestions regarding the protection of your personal data, please feel free to contact us at any time.

3/ Subject matter of data protection 
The subject of data protection is the protection of personal data. Personal data is all information that relates to you as an identified or identifiable natural person (so-called data subject). This includes information such as your name, postal address, e-mail address or telephone number, but also other information that we collect about you when you use our website, contact details or services, such as your IP address.

4/ Details of the data processing 
We process your data in accordance with Art. 6 DSG and Art. 5 GDPR.
 
Below you will find an overview of what personal data we collect about you, where we collect this data, the purposes for which we process your personal data and how long we store this data. We also inform you about the legal basis according to Art. 6 GDPR on which we process your personal data.
 
4.1/ Accessing the website 
When you visit our website, the following information is automatically transmitted from your browser to our server:
 
• Name and URL of the retrieved file
• Date and time of the retrieval
• Transferred data volume
• Notification of successful retrieval (HTTP response code)
• Browser type and browser version
• Operating system
• Referrer URL (i.e., the previously visited page)
• Websites that are accessed by the user’s system via our website
• Internet service provider of the user
• IP address and the requesting provider
 
We use this data from you to enable you to establish a proper connection and convenient use of our website and to ensure the security and stability of our website. We collect this data directly from you. 
The legal basis for data processing is our legitimate interest in the security, stability and proper usability of our website in accordance with Art. 6 para. 1 lit. f GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
 
4.2/ Contact & customer service
 
If you use the contact information provided on the website to get in touch with us, we will use your name, your address data (name, email address, postal address) and the content of your message to us to contact you and process your request.
If you contact us as part of an ongoing business relationship or wish to establish such a relationship with us, we base the data processing on Art. 6 para. 1 lit. b GDPR. Otherwise, we base the processing of your personal data on our legitimate interest in contacting you and processing your request in accordance with Art. 6 para. 1 lit. f GDPR.
We delete your data as soon as its processing is no longer necessary for answering your question or fulfilling your order or you request us to delete it, unless we are obliged to continue processing your data due to legal or contractual retention obligations.
 
4.3/ Use of your data for product and service information and other commercial communications
 
If you have given us your consent in accordance with Art. 6 para. 1 lit. a GDPR or if we are entitled to do so on the basis of our legitimate interest in carrying out marketing activities in accordance with Art. 6 para. 1 lit. f GDPR, we will use your name, your professional e-mail address and/or address to send you information and offers about our services and products by e-mail, postal or SMS at irregular intervals, to invite you to trade fair, information and advertising events and to send you other commercial content.
We generally collect your data from you. We also collect your data, including contact information, via published articles in newspapers and trade journals, press releases and other publicly accessible sources, including company websites and/or social media websites such as Xing or LinkedIn. Like most companies, we also use customer data management systems for the purpose of customer relationship management, so-called CRM systems, in which we store your personal data and use it for the implementation and tracking of our advertising measures.
We store your data for these purposes for as long as you wish and have not objected to the processing of your data or withdrawn your consent, unless we are legally or contractually obliged to store your data for longer.
 
4.4/ Social media
 
We maintain a social media profile on the social media platform LinkedIn. For this purpose, we use the technical platform and services of LinkedIn Ireland Unlimited Company (“LinkedIn“), Wilton Plaza, Gardner House 4,5,6 2 Dublin, Ireland, Tel: +1 855 832 5465. Ireland. 
We would like to point out that the use of our LinkedIn profile and its functions is your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating). When you visit our profile, LinkedIn collects, your IP address and other information that is stored on your device in the form of cookies. This information is used to provide us, as the operator of the LinkedIn account, with statistical information about the interaction with us. This data processing serves our (and your) legitimate interest in improving the user experience when visiting our LinkedIn profile for specific target groups. The legal basis for the data processing is therefore Art. 6 para. 1 lit. f) GDPR 
The data collected about you to compile these statistics is processed by the LinkedIn platform and may be transferred to countries outside the European Economic Area, in particular to the USA. We are not aware of how LinkedIn uses the data from your visit to our account and interaction with our posts for its own purposes, how long this data is stored and whether data is passed on to third parties. Data processing may differ depending on whether you are registered and logged in to the social network or whether you visit the site as a non-registered and/or non-logged-in user. If you are currently logged in as a user, a cookie on your end device can be used to track how you have moved around the network. Cookies embedded in websites enable LinkedIn to record your visits and assign them to your profile. This data can be used to tailor content or advertising to you.
For details on the processing of your personal data and the type, scope and purpose of its use by LinkedIn, please refer to LinkedIn’s privacy policy and cookie policy.
If you use our LinkedIn profile to contact us (e.g., by creating your own posts, responding to one of our posts or sending us private messages), the data you provide us with will be processed by us exclusively for the purpose of contacting you. The legal basis for data collection is our legitimate interest in contacting you according to Art. 6 para 1 lit. f GDPR.
We will delete your data as soon as its processing is no longer necessary to respond to your request or you have objected to the processing of your data unless we are legally or contractually obliged or authorized to process your data for longer. 
To exercise your rights as a data subject, you can contact us or LinkedIn. Please contact the operator of the social media platform directly if you have any questions about profiling and the processing of your data when using the LinkedIn website. If you have any questions about the processing of your interaction with us, please write to the contact details we have provided above.
 
4.5/ Recruitment
 
If you use our career information on the website to apply to us, we process the personal data that you have provided to us as part of the application process, insofar as this is necessary for the application process and the subsequent establishment of an employment relationship with you in accordance with Art. 6 para. 1 lit. b GDPR.
These personal applicant data are usually your surname, first name, date of birth and contact details (telephone number, e-mail address, postal address), your CV, cover letter and references, certificates, if applicable, information on your state of health, an application photo, account details in the event of reimbursement of travel expenses and other information that you provide during the application process. 
It may also be necessary to process your data for the defense or enforcement of legal claims. Our legitimate interest also lies in this purpose. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR. 
If your application documents contain special categories of personal data pursuant to Art. 9 para. 1 GDPR, we will process these as part of the application process for the exercise of rights or the fulfillment of obligations under labor law, social security law and social protection pursuant to Art. 6 para. 1 lit. c GDPR in conjunction with Art. 9 para. 2 lit. f GDPR. Art. 9 para. 2 lit. b GDPR or if you have given us your consent pursuant to Art. 6 para. 1 lit. a in conjunction with Art. 9 para. 2 lit. Art. 9 para. 2 lit. a GDPR.
Applicants’ data will be deleted after 6 months in the event of a rejection, unless the processing of your data is necessary for the defense against possible legal claims. In the event that you have consented to further storage of your personal data, we will transfer your data to our applicant pool. There the data will be deleted after two years. If you are accepted for a position as part of the application process and we have concluded an employment contract with you, your application data will be included in your personnel file.
If we do not collect the data directly from you and you have an active profile on a job portal or you apply to us via a job advertisement on jobs.ch, we may also collect personal data from this source. 
The provision of your personal data is neither legally nor contractually required, nor are you obliged to provide personal data. However, the provision of your personal data is necessary for the conclusion of a contract of employment with us. If your application does not contain all the personal data required for a decision, we would like to point out as a precautionary measure that this may result in you not being considered for a position we are offering.
 
4.6/ Cookies
 
We use various cookies and other tracking and analysis technologies on our website. You can find detailed information on this in our Cookie Policy.

5/ Retention periods
Unless specifically stated, we only store personal data for as long as is necessary to fulfill the purposes pursued.
 
In some cases, the legislator provides for the retention of personal data, for example under tax or commercial law. In these cases, the data will only be stored by us for these legal purposes but will not be processed in any other way and will be deleted after the statutory retention period has expired.

6/ Recipients 
We engage other companies and individuals to perform tasks for us. These are service providers who assist in fulfilling orders for products and services, delivering packages, sending letters or emails, maintaining our customer lists, analyzing our databases, assisting with advertising, providing search results and links (including paid offers and links), processing payments (credit card, direct debit and purchase on account), transmitting content, evaluating and managing credit risks and providing customer service. These third-party service providers have access to personal information that is required to fulfill their tasks. However, they may not use this information for other purposes. In addition, they are obliged to handle the information in accordance with the relevant data protection laws.
 
In addition, we may have to pass on your data to authorities and courts if we are legally obliged to do so in accordance with Art. 6 para. 1 lit. c GDPR.
 
Furthermore, our tax consultants, lawyers and business consultants may have access to your personal data if this is necessary for the fulfillment of legal obligations pursuant to Art. 6 para. 1 lit. c GDPR or on the basis of our legitimate interest in defending and asserting legal claims pursuant to Art. 6 para. 1 lit. f GDPR.

7/ Data transfers to third countries
 
Unless otherwise stated above, we generally only process your personal data in the European Economic Area (EEA) and in Switzerland.
 
Personal data can be transferred to Switzerland without further safeguards because the European Commission has determined that Switzerland has an adequate level of data protection comparable to that of the EEA (Art. 45 GDPR). Switzerland also recognizes an adequate level of data protection in the EEA for data transfers from Switzerland to the EEA (Art. 16 para. 1 DSG)
 
If data is transferred to entities whose registered office or place of data processing is located outside Switzerland or the EEA without an adequate comparable level of data protection, we ensure before the transfer that the data transfer is covered by a legal permission and that there are guarantees for an adequate level of data protection with regard to the data transfer (e.g. by concluding the revised standard contractual clauses of the European Commission).
In these cases, we will inform you in this data protection notice about the respective data transfer.
 
If the data transfer takes place on the basis of Art. 46, 47 or 49 para. 1 subpara. 2 GDPR, you can obtain a copy of the guarantees for the existence of an adequate level of data protection in relation to the data transfer or a reference to the availability of a copy of the guarantees from us.
 
For detailed information on data transfers to third countries and a copy of the guarantees, you can contact us at any time under info@mfdrail.ch.

8/ Data subject rights 
You have the right at any time, as provided for by law 
• in accordance with Art. 7 para. 3 GDPR, to withdraw your consent once given;
• in accordance with Art. 15 GDPR, to request access to the personal data we process about you;
• in accordance with Art. 16 GDPR, to request the correction of incorrect or incomplete personal data stored about you
• in accordance with Art. 17 GDPR, to request the erasure of the personal data we have stored, unless the processing is necessary compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
• in accordance with Art. 18 GDPR, to demand the restriction of the processing of personal data
• in accordance with Art. 20 GDPR, to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller; and
• in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or our company headquarters.
• in accordance Art. 21 GDPR to object to the processing of your personal data:
 
In accordance with Art. 21 GDPR, you have the right to object to data processing performed by us at any time for reasons arising from your particular situation, insofar as this is based on the preservation of “legitimate interests” in accordance with Art. 6 para. 1 lit. f GDPR. If you exercise your right to object, we will no longer process your data unless we can demonstrate compelling legitimate grounds for further processing which override your rights and interests. You also have the right to object to the processing of your personal data for advertising purposes in accordance with Art. 21 para. 2 GDPR.

9/ Changes to this Data Protection Information 
The status of this data protection notice is indicated by the date (below). We reserve the right to amend this data protection notice at any time with effect for the future. The current version of the data protection notice can always be accessed via Link. We recommend that you inform yourself regularly about changes to this data protection notice.
 
Status of this data protection notice: March 2024