1. Data controller
Data controller within the meaning of the Data Protection Act:
Stadler Rail Management AG
2. Data protection officer
Our data protection officer for the Stadler Group is:
3. General information
3.1 Personal data
We primarily process personal data that you provide us with voluntarily. Certain data is also collected automatically when you visit our website.
The categories of personal data we process include your contact details, in particular your name and the e-mail and postal addresses you provide.
When you visit our website, our system automatically collects certain technical information. This includes your IP address, details of your browser and operating system, the date and time of your visit, the name and URL of the file accessed, the web pages visited and their content.
3.2 Legal basis
Your data is processed according to the following legal bases: your consent according to Art. 6 para. 1 lit. a) GDPR, for the performance of a contract with you according to Art. 6 para. 1 lit. b) GDPR, for compliance with legal obligations according to Art. 6 para. 1 lit. c) GDPR or for the purposes of legitimate interests according to Art. 6 para. 1 lit. f) GDPR. Insofar as we base the processing of your personal data on legitimate interests as defined in Art. 6 para. 1 lit. f) GDPR, these interests correspond to the improvement of our range of products, protection against misuse and the keeping of statistics.
3.3 Data transmission to third-party services
This website does not transmit data to third-party services such as Google Analytics, Google AdWords or similar services.
3.4 Data deletion
We delete your personal data stored with us as follows:
if you have consented to the processing: as soon as you withdraw your consent,
if we need the data for the performance of a contract: as soon as the data is no longer required for the performance of the contract and legal retention periods do not require further storage,
if we use the data on the basis of a legitimate interest: as soon as your hypothetical interest in deletion or anonymisation outweighs this legitimate interest.
4. Collection, processing and use of your personal data
4.1 General data
This Webshop collects a series of general data and information each time it is visited by a data subject or an automated system. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the Internet page from which an accessing system accesses our Internet pages (the “Referrer”), (4) the sub-websites that are accessed via an accessing system on our Internet pages, (5) the date and time of access of the Internet pages, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on the company’s information technology systems. If you use one of our contact options, your details, last name, first name, e-mail address and your message will be processed exclusively for the purpose of processing and handling your enquiry. This data is processed by us on the basis of your consent pursuant to Art. 6 para. 1 lit. a) GDPR.
To purchase a book, you must provide your full address details, payment information and e-mail address. This data is required by us to ensure that you can place orders. In addition, you can enter further information when using our services, e.g. a password for your customer account.
Additional data is collected and processed separately, as specified in sections 5 and 6.
4.2 Use and disclosure of data
This Webshop uses the data you provide for the fulfilment and processing of your order and, if applicable, for marketing purposes. Stadler is also legally obliged to provide information to certain public bodies on request.
Comments/ratings are not processed.
5. Customer account
We provide each Customer with password-protected direct access to their order data stored with us by enabling them to register a customer account. Here you can view information about your orders and manage your data. You undertake to treat your personal access data confidentially and not to make it accessible to any unauthorised third parties. We accept no liability for misused passwords.
Opening a customer account is based on your consent, which you have the opportunity to provide during the ordering process and which is shown again below.
“When you open a customer account, you agree that your basic data such as your name, address, e-mail address and password, as well as your usage data, may be stored. This gives you the option of ordering from us using your e-mail address or your customer number as well as your personal password.
You can revoke your consent at any time with effect for the future without incurring any costs other than the transmission costs according to the basic rates. A notification in text form sent to the contact details mentioned in section 1 shall suffice for this purpose.”
6. Provision of contractual services, payment processing and shipping
In this context, we process personal data for the fulfilment of the contract, and in particular for the processing of your order, for the delivery of goods, for the processing of the payment, for the handling of your enquiries, for the prevention of fraud and for the settlement of any potential warranty claims. For these purposes, we process your first and last names, your delivery and invoicing address, your payment data, your e-mail address and, if applicable, your telephone number, as well as all other information from the ordering process. This data may be transmitted by the payment provider to credit agencies to verify your identity and creditworthiness. The payment provider guarantees that your personal data will neither be sold nor shared with third parties outside their organisation. Exceptions: external service providers who process your enquiry or order on their behalf and process the data that is absolutely necessary for this purpose. It is ensured that all parties receiving data comply with the requirements of data protection and data security.
In order to process the corresponding payments in our Webshop, we work with various service providers who receive automated data from us for payment processing if this is necessary for contract processing or billing, or if you have given your prior consent. In some cases, we also redirect you to the pages of these providers (e.g. TWINT, PayPal), where you again have to enter data for payment processing.
If you make a payment via such third-party payment services, the terms and conditions and the privacy policies of the respective third-party providers apply, which can be accessed within the relevant websites or transaction applications.
6.1 Payment processing with zahls.ch
We process the payment methods offered in our Webshop via zahls.ch.
The provider of this payment service is Siebenberge GmbH, Toggenburgerstrasse 29, 9652 Neu St. Johann SG, Switzerland (hereinafter referred to as “zahls.ch”). If you make your payment via zahls.ch, the payment data you enter will be transmitted to zahls.ch and to the selected payment provider.
7.1 Data backup and encryption
We have taken extensive technical and organisational measures to secure your data against possible threats, such as unauthorised access, unauthorised disclosure, modification or dissemination, as well as against loss, destruction or misuse.
To protect your personal data from unauthorised access by third parties during transmission, we secure data transmissions using SSL encryption. This is a standardised encryption procedure for online services.
7.2 Log files
Every time you access our website, usage data is transmitted by the respective Internet browser and stored in log files called server log files. The data records stored in this process contain the data objects listed in section 4.1.
These log file data records are evaluated in anonymised form in order to improve our services and make them more user-friendly, to find and correct errors and to optimise the performance of the server and the program code.
We use “session cookies” which are only stored for the duration of the current visit to our website (e.g. in order to be able to save your login or the shopping basket function, and thus enable you to use our online service at all). A randomly generated unique identification number, called a session ID, is stored in a session cookie. In addition, a cookie contains information about its origin and the storage period. These cookies cannot store any other data.
8.2 Data contained in cookies
No pseudonymised data is stored in the cookies we use. When the cookie is activated, it is assigned an identification number in order to recognise the specific browser. This is the only way to ensure, for example, that your individual shopping basket is visible only to you when you navigate within different pages of our online shop. Your name, IP address, or similar data that would allow the cookie to be directly associated with you are not stored in the cookie.
8.3 Third-party cookies
8.4 Preventing cookies from being saved and deleting saved cookies
You can revoke the consent you have given us at any time with effect for the future by deleting the relevant cookies and preventing cookies from being saved.
The help function in the menu bar of your web browser will usually show you how to reject new cookies and disable those you have already received. You can also delete cookies that have already been set at any time. Please note that deactivating cookies may lead to restrictions in the use of our website or may prevent you from using it at all.
The place of jurisdiction for legal disputes arising in connection with the use of our websites is Weinfelden (Canton of Thurgau), Switzerland.