Data protection declaration

The responsible body within the meaning of data protection laws, in particular the European Union’s General Data Protection Regulation (GDPR), is

SimpleTrain Gmbh
Saskia Bilang
Einkaufszentrum Glatt
Neue Winterthurerstrasse 99
8304 Wallisellen

Phone: +41 78 346 37 97
E-mail: saskia@simpletrain.ch
Website: https://simpletrain.ch

Privacy policy version 2.0 from 7.8.2023.

General information

In this privacy policy we, SimpleTrain GmbH, explain how we collect and otherwise process personal data. This is not an exhaustive description; other privacy policies or general terms and conditions may govern specific matters. Personal data refers to all information relating to an identified or identifiable person. If you provide us with the personal data of other persons (e.g. family members, work colleagues), please ensure that these persons are aware of this privacy policy and only provide us with their personal data if you are authorised to do so and if this personal data is correct. This Privacy Policy is designed to meet the requirements of the EU General Data Protection Regulation (“GDPR”), the Swiss Data Protection Act (“DPA”) and the revised Swiss Data Protection Act (“revDPA”).

Responsibility

Saskia Bilang, Einkaufszentrum Glatt, Neue Winterthurerstrasse 99, 8304 Wallisellen, saskia@simpletrain.ch, is responsible for the data processing that we carry out here, unless otherwise stated in individual cases. If you have any data protection concerns, you can send them to us at the above contact address. You can reach our data protection officer in accordance with Art. 37 GDPR at the same address. She is also our representative in the EEA in accordance with Art. 27 GDPR.

Processing of personal data

Personal data is any information relating to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, erasure, storage, modification, destruction and use of personal data. We primarily process the personal data that we receive from our customers and other business partners as part of our business relationship with them and other persons involved or that we collect from their users when operating our websites, apps and other applications. We use the personal data we collect primarily to conclude and process our contracts with our customers and business partners, in particular in the context of purchasing tickets for train journeys for our customers.

We process personal data in accordance with Swiss data protection law. In addition, we process personal data in accordance with the following legal bases in connection with Art. 6 para. 1 GDPR, insofar as the EU GDPR is applicable. We process personal data for the duration required for the respective purpose or purposes. In the case of longer-term retention obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.

Rights of data subjects

If you wish to exercise one of the following rights, you can contact the data protection officer at any time.

Right to confirmation

Every data subject has the right to obtain confirmation from the website operator as to whether or not personal data concerning them is being processed.

Right to information

Any person affected by the processing of personal data has the right to receive information free of charge from the operator of this website at any time about the personal data stored about them and a copy of this information. Furthermore, the data subject has a right to information as to whether personal data has been transferred to a third country or to an international organisation.

Right to rectification

Any person affected by the processing of personal data has the right to demand the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.

Right to erasure

Any person affected by the processing of personal data has the right to demand from the controller of this website that the personal data concerning them be deleted immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:

  • The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary.

  • The data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing.

  • The data subject objects to the processing on grounds relating to their particular situation, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in the case of direct marketing and associated profiling.

  • The personal data has been processed unlawfully.

  • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

  • The personal data have been collected in relation to the offer of information society services directly provided to a child.

If one of the above reasons applies and you would like to request the deletion of personal data stored by the operator of this website, you can contact our data protection officer at any time.

Right to revoke consent under data protection law

Any person affected by the processing of personal data has the right to withdraw their consent to the processing of personal data at any time.

Privacy policy for cookies

This website uses cookies. These are small text files that make it possible to store specific information relating to the user on the user’s end device while they are using the website. Cookies make it possible, in particular, to determine the frequency of use and number of users of the pages, to analyse the behaviour of page use, but also to make our offer more customer-friendly. Cookies remain stored at the end of a browser session and can be called up again when you visit the site again. If you do not wish this to happen, you should set your Internet browser to refuse to accept cookies. You can also disable the storage of cookies by switching them off in your browser settings. Please note that you may then not be able to use all the functions of this website.

Privacy policy for SSL/TLS encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as the enquiries you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Chargeable services

In order to provide chargeable services, we request additional data, such as payment details, in order to be able to fulfil your order. We store this data in our systems until the statutory retention periods have expired.

As part of the fulfilment of contracts, we use payment service providers on the basis of the Swiss Data Protection Ordinance and, if necessary, Art. 6 para. 1 lit. b. EU-DSGVO. In addition, we use external payment service providers on the basis of our legitimate interests in accordance with the Swiss Data Protection Ordinance and, if necessary, in accordance with Art. 6 para. 1 lit. f. EU GDPR in order to offer our users effective and secure payment options.

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, totals and recipient-related details.

Third-party services

This website may use Google Maps for embedding maps, Google Invisible reCAPTCHA for protection against bots and spam and YouTube for embedding videos.

These services of the American Google LLC use cookies, among other things, and as a result, data is transferred to Google in the USA, whereby we assume that no personal tracking takes place in this context solely through the use of our website.

Google has undertaken to guarantee appropriate data protection in accordance with the US-European and US-Swiss Privacy Shield.

Further information can be found in Google’s privacy policy.

Privacy policy for Hubspot

Our website uses Hubspot, a marketing automation software from HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. HubSpot is a software company from the USA with a European branch in Ireland. Hubspot helps us to analyse the use of our portal. Hubspot uses cookies for this purpose.

Certain usage data is linked to your person (e.g. after entry in a registration form) and stored in our CRM. This enables us to send you information and offers that are specifically tailored to your interests.

Your personal data may also be forwarded to Hubspot servers in the United States (USA). The appropriate level of protection is ensured by the fact that HubSpot, Inc. participates in the EU-US Privacy Shield agreement and is certified for compliance with it.

We use Hubspot to provide you with customised information and offers. Accordingly, we have a legitimate interest in this processing within the meaning of Art. 6 para. 1 lit. f) GDPR. The legal basis for the processing of your personal data by us in connection with the use of Hubspot is Art. 6 para. 1 lit. f) General Data Protection Regulation.

When you use Hubspot, we store your personal data for as long as is necessary to provide you with customised information and offers.

The provision of personal data collected via Hubspot is not required by law or contract or necessary for the conclusion of a contract. If you do not provide us with this data, we will not be able to provide you with customised information and offers.

You can find more information on the use of data by Hubspot in Hubspot’s privacy policy at https://legal.hubspot.com/privacy-policy.

You can object to the use of your data at any time, e.g. by sending an email to our email address in this privacy policy.

Privacy policy for newsletter data

If you would like to receive the newsletter offered on this website, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data is collected. We use this data exclusively for sending the requested information and do not pass it on to third parties.

You can revoke your consent to the storage of the data, the email address and its use for sending the newsletter at any time, for example via the unsubscribe link in the newsletter.

The newsletter is sent using the mailing service provider “MailChimp”, a newsletter mailing platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the mailing service provider here. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with the European level of data protection. The mailing service provider is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR and an order processing contract pursuant to Art. 28 para. 3 sentence 1 GDPR.

Amendments

We may amend this privacy policy at any time without prior notice. The current version published on our website applies. If the privacy policy is part of an agreement with you, we will inform you of the change by email or other suitable means in the event of an update.

Questions for the data protection officer

If you have any questions about data protection, please send us an email or contact the person responsible for data protection in our organisation listed at the beginning of the privacy policy directly.

Wallisellen, 7.8.2023