Privacy policy

General privacy policy

General privacy policy of APCOA Switzerland AG

  1. What is this privacy policy about?

  2. Who is responsible for processing your data?

  3. What personal data do we process?

  4. For what purposes do we process your personal data?

  5. Which online tracking and online advertising techniques do we use?

  6. To whom do we disclose your personal data?

  7. Do we disclose personal data abroad?

  8. How long do we process personal data?

  9. How do we protect your data?

  10. What rights do you have?

 

1 What is this privacy policy about?

APCOA Switzerland AG (hereinafter also "APCOA", "we" or "us") processes personal data relating to you or other persons in different ways and for different purposes.
"Personal data" means any information that can be linked to a specific person, and "processing" means any handling of it, e.g. obtaining, using and disclosing it.
This Privacy Policy explains our processing of such data (hereinafter referred to as personal data or data) when

  • you visit our website www.apcoa.ch,
  • you use the car park facilities operated by us,
  • you use our services,
  • you are otherwise in contact with us as part of a contract,
  • you contact us by e-mail, letter, etc,
  • you have dealings with us in the context of all other data processing in connection with our offers.

For ease of reading, this privacy policy does not refer to more than one gender. However, we always refer to persons of all genders.
Please take the time to read this privacy policy to find out how and why APCOA processes your personal data, how APCOA protects your personal data and what rights you have in this regard. If you have any questions or would like further information about our data processing, please do not hesitate to contact us (Section 2). 
We have based this Privacy Policy on the Swiss Data Protection Act (DPA). In very rare cases, the European General Data Protection Regulation (GDPR) may also be applicable. If the term "personal data" is used in the privacy policy, this also includes "personal data" in accordance with the GDPR. However, whether and to what extent the GDPR is applicable at all depends on the individual case.

2 Who is responsible for processing your data?

The following company is the "controller", i.e. the entity primarily responsible under data protection law, for data processing in accordance with this privacy policy, unless otherwise communicated in individual cases:
 

APCOA Switzerland AG
Elisabethenanlage 7
4051 Basel
 

For our operations in Biel/Bienne:
APCOA Service Switzerland AG
Bahnhofplatz 6
2502 Biel/Bienne

If you are in contact with another Group company, e.g. because you or your company receive a service from this company or because you correspond directly with this company, the company in question is the controller.
If you have any questions about data protection, you are welcome to contact the following address so that we can process your request as quickly as possible: datenschutz@apcoa.ch

3 What personal data do we process?

We process different categories of personal data depending on the occasion and purpose. The most important categories are listed below, although this list is not exhaustive. 
We process less personal data for contractual partners that are companies because the applicable data protection law (in Switzerland the revised data protection law from 1 September 2023) only covers data of natural persons (i.e. people). However, we process data of the contact persons with whom we are in contact, e.g. name, contact details, professional details and details from communication, and details of managers, etc. as part of the general information about companies with which we work.
You provide us with much of the data mentioned in this section yourself (e.g. via forms, in the context of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, subject to individual cases. If you wish to conclude contracts with us or make use of services, you must also provide us with data as part of your contractual obligation in accordance with the relevant contract, in particular master data and contract data.

3.1 Data when using a car park
We collect this data by means of

  • the data provided by you for the creation of the contract
  • the licence plate number entered by you
  • Image recording, evaluation of the licence plate data

The provision of your personal data is voluntary. You will be informed of the image recording and the collection of licence plate data in accordance with the legal requirements upon entry.

3.2 Master data
We define master data as the basic data that we require to process our business relationships or for marketing and advertising purposes and that relate directly to your person and characteristics. For example, we process the following master data:

  • Title, surname and first name, gender
  • car registration number
  • Address, contact details such as email address and telephone and mobile number
  • Information on language preferences
  • In the case of contact persons of companies, also relationships with the company for which you work

3.3 Contract data
Contract data is information that arises in connection with the conclusion or execution of the contract, e.g. information about contracts and the services to be provided or provided, as well as data from the run-up to the conclusion of a contract, information about the conclusion of the contract itself (e.g. the date of conclusion and the subject matter of the contract), as well as the information required or used for processing. We process the following contract data, for example:

  • Date, application process, information on the type and duration as well as conditions of the contract in question, data on the termination of the contract
  • contact details
  • Information on the use of services
  • Information on payments and payment methods, invoices, mutual claims, contacts with customer service, complaints, defects, returns, information on customer satisfaction, complaints, feedback, etc.

3.4 Communication data 
Communication data is data in connection with our communication with you, e.g. when you contact us via various means of communication. Communication data are e.g.

  • Name and contact details such as postal address, email address and telephone number
  • Content of correspondence (e.g. emails, written correspondence, telephone conversations, etc.)
  • Information on the type, time and possibly place of communication and other peripheral data of the communication.

3.5 Technical data
Technical data is collected in connection with the use of our website. This includes, for example, the following data

  • IP address of the end device and device ID
  • Information about your device, the operating system of your device or language settings
  • Information about your internet provider
  • content accessed or logs in which the use of our systems is recorded
  • Date and time of access to the website and your approximate location

We may also assign you or your end device an individual code (e.g. by means of a cookie; see section 5.1). This code is stored for a certain period of time, often only during your visit.

3.6 Behavioural and preference data
In order to tailor our offers and services to you or your company in the best possible way, we try to get to know you better and tailor our services to you. To do this, we collect and use data about your behaviour. Behavioural data is, in particular, information about your use of our website. It can also be collected on the basis of technical data. We can also use your other interactions with us as behavioural data, and we can link behavioural data with other data (e.g. with anonymous data from statistical offices) and evaluate this data on a personal and non-personal basis. Preference data provides us with information about your likely needs and which services might be of interest to you or your company. We therefore also process data on your interests and preferences. For this purpose, we can link behavioural data with other data and evaluate this data on a personal and non-personal basis. This allows us to draw conclusions about characteristics, preferences and expected behaviour.

3.7 Other data
We may also collect data from you in other situations. For example, data (such as files, evidence, etc.) that may also relate to you may be collected in connection with official or legal proceedings

4. for what purposes do we process your personal data?

We will process your personal data when you use a parking facility or make use of a service for the following purposes:
a.) Long-term parking management
b.) Tariff calculation for registered short-term parking customers
c.) Checking the terms of use (e.g. parking over two spaces)
d.) Control of legally compliant use (e.g. exceeding the free parking time) 
e.) Protection of the facilities (e.g. vandalism)
f.) Prosecution of misuse (e.g. exit without payment, passing on a parking ticket)
In addition, we also process your personal data for other purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose, insofar as this is permitted and appears appropriate to us:

For communication purposes, i.e. to contact you and maintain contact with you. This includes responding to enquiries and contacting you in the event of queries, e.g. by email. In particular, we process your communication and master data for this purpose.

For customer care and marketing purposes, in order to inform you specifically about offers in line with your personal interests and preferences. In particular, we process technical data, master data and communication data as well as behavioural and preference data for this purpose.

We also process data to improve our services.

To ensure IT security and for prevention: We process personal data to monitor the performance of our operations, in particular IT, our website, applications and other platforms, for security purposes, to ensure IT security, to prevent theft, fraud and abuse and for evidence purposes. This includes, for example, the evaluation of system-side records of the use of our systems (log data), the prevention, defence against and investigation of cyber attacks and malware attacks, analyses and tests of our networks and IT infrastructures, system and error checks.

For legal defence: We may also process personal data in order to enforce claims in court, before or outside of court and before authorities in Switzerland and abroad or to defend ourselves against claims. Master data and communication data may be processed for this purpose.

To comply with legal requirements: This includes, for example, the processing of complaints and other reports, compliance with orders of a court or authority, measures to detect and clarify abuses and generally measures to which we are obliged under applicable law and self-regulation. In particular, we may process your master data and communication data for this purpose.

For administration and support: In order to organise our internal processes efficiently, we process data to the extent necessary for IT administration, accounting or data archiving. This may include, in particular, communication and behavioural data as well as technical data.

We may also process data for other purposes. These include corporate management, including business organisation and corporate development, other internal processes and administrative purposes, training and education purposes and the preparation and execution of the purchase and sale of business divisions, companies or parts of companies and other transactions under company law and the associated transfer of personal data, as well as measures for business management and the protection of other legitimate interests.

If we ask for your consent for certain processing, we will inform you separately about the corresponding purposes of the processing. You can withdraw your consent at any time by notifying us in writing.

5 Which online tracking and online advertising technologies do we use?

We use various techniques on our website with which we and third parties engaged by us can recognise you when you use our website and, in some cases, track you over several visits. The use of such technologies is specifically regulated. We will inform you about this in this section.

5.1 How and why do we use cookies and similar technologies?
We use third-party services for our website in order to measure and improve the user-friendliness of the website and online advertising campaigns. For this purpose, we may integrate third-party components on our website, which in turn may use cookies. When we track you or use similar technologies, it is essentially so that we can distinguish access by you (via your system) from access by other users so that we can ensure the functionality of the website and carry out statistical analyses. We do not want to infer your identity. The technologies used are designed in such a way that you are recognised as an individual visitor each time you access a page, for example by our server (or the servers of third parties) assigning you or your browser a specific identification number (so-called "cookie"). 
Cookies are files that your browser automatically saves on your end device when you visit our website. Cookies contain a unique identification number (an ID) that enables us to distinguish individual visitors from others, but generally without identifying them. Depending on their intended use, cookies contain further information, e.g. about pages accessed and the duration of a page visit. We use session cookies, which are deleted when the browser is closed, and persistent cookies, which remain stored for a certain period of time after the browser is closed and are used to recognise visitors on subsequent visits.
We use the following types of cookies and similar technologies:

  • Necessary cookies: necessary cookies are required for the functionality of the websites, e.g. so that you can switch between pages without losing information entered in a form.
  • Performance cookies: These cookies collect information about the use of a website and enable analyses, e.g. which pages are the most popular. They can simplify the visit to a website and improve user-friendliness.
  • Functional cookies: Functional cookies enable extended functions and can display personalised content.
  • Marketing cookies: Marketing cookies help us and our advertising partners to target you on our websites and on third-party websites with adverts for products or services that may be of interest to you, or to display our adverts when you continue to use the internet after visiting our websites.

We use cookies for the following purposes in particular

  • Personalisation of content
  • Displaying personalised advertisements and offers
  • Displaying adverts on third-party websites and measuring success, i.e. whether you respond to these adverts (remarketing)
  • Saving settings between your visits
  • Determining whether and how we can improve our website
  • Collecting statistical data on the number of users and their usage habits and to improve the speed and performance of the website
  • We may process your contact details to target you with adverts on third party platforms.

We may also use similar technologies, e.g. pixel tags or fingerprints, to store data in the browser. Pixel tags are small, usually invisible images or programme code that are loaded by a server and thereby transmit certain information to the server operator, e.g. whether and when the website was visited. Fingerprints are information that is collected during your visit to our website via the configuration of your end device or your browser and that make your end device distinguishable from other devices.

5.2 How can cookies and similar technologies be deactivated?
You have the option of activating or deactivating certain categories of cookies when you visit our website. You can configure your browser settings so that it blocks certain cookies or similar technologies or deletes existing cookies and other data stored in the browser. You can also add software (so-called "plug-ins") to your browser that blocks tracking by certain third parties. You can find out more about this in the help pages of your browser (usually under the heading "Data protection"). Please note that our website may no longer function to its full extent if you block cookies and similar technologies.

5.3 Cookies from partners and third parties on our website
We use third-party services to measure and improve the user-friendliness of the website and online advertising campaigns. Third-party providers may also be located outside Switzerland and the EU/EEA, provided that the protection of your personal data is ensured in an appropriate manner. For example, we use analysis services so that we can optimise our website. The relevant third-party providers may record the use of the website for this purpose and combine their recordings with other information from other websites. This allows them to record user behaviour across multiple websites and end devices in order to provide us with statistical evaluations on this basis. The providers can also use this information for their own purposes, e.g. for personalised advertising on their own website or other websites. 
The most important third-party provider is Google. You can find more information on this below. Other third-party providers generally process personal and other data in a similar way.
Google Analytics, an analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd (Google Building Gordon House, Barrow St, Dublin 4, Ireland; both together "Google", whereby Google Ireland Ltd. is responsible for the processing of personal data). Google uses cookies and similar technologies to collect certain information about the behaviour of individual users on or in the relevant website and the end device used for this purpose (tablet, PC, smartphone, etc.). Google collects information about the behaviour of users on the website and the end device used and provides us with evaluations on this basis, but also processes certain data for its own purposes. We have configured Google Analytics in such a way that visitors' IP addresses are anonymised before being forwarded to the USA. Information on data protection at Google Analytics can be found here. You can deactivate Google Analytics by installing an appropriate browser add-on.

5.4 Google Ads
This is an advertising service. This service can be used to display personalised or non-personalised advertising to users.

Processing company
Google Ireland Limited
Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland

Data protection officer of the processing company
Below you will find the email address of the data protection officer of the processing company.
https://support.google.com/policies/contact/general_privacy_form

This list represents the purposes of data collection and processing.

  • Advertising
  • Analysis
  • Provision of services
  • Statistics

Technologies used

This list shows all the technologies used by this service to collect data.

  • cookies
  • Tracking pixels

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • Viewed adverts
  • Cookie ID
  • Date and time of the visit
  • Device information
  • Geographical location
  • IP address
  • Search terms
  • Adverts displayed
  • Customer ID
  • Impressions
  • Online identifiers
  • Browser information
  • Referrer URL
  • Interaction data

Legal basis

The required legal basis for the processing of data is stated below

  • Art. 6 para. 1 sentence 1 lit. a GDPR

Place of processing

This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.

  • European Union

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

  • The data is deleted as soon as it is no longer required for the purposes of processing. Log data is anonymised after 9 months and cookie information after 18 months.

Transfer to third countries

When using this service, the data collected may be transferred to another country. Please note that in the context of this service, the data may be transferred to a country that does not have the necessary data protection standards. Below you will find a list of the countries to which the data is transferred. For further information on security measures, please refer to the privacy policy of the respective provider or contact the provider directly.

  • Chile
  • Singapore
  • Taiwan
  • United States of America

Data recipients

The recipients of the data collected are listed below

  • Alphabet Inc, Google LLC, Google Ireland Limited

Click here to read the data processor's privacy policy.

https://business.safety.google/privacy/?hl=de

Click here to read the cookie policy of the data processor

https://policies.google.com/technologies/cookies?hl=de

Click here to revoke on all domains of the processing company.

https://safety.google/privacy/privacy-controls/

Storage information

Below you can see the longest possible storage period on a device, depending on the storage method used.

  • Maximum limit for the storage of cookies: 1 year
  • Non-cookie storage: no

 

5.5 Facebook Pixel

Description of the service
This is a tracking technology offered by Facebook and used by other Facebook services. It is used to track visitors' interactions with websites ("events") after they have clicked on an advert placed on Facebook or other services provided by Meta ("conversion").

Processing Company
Meta Platforms Ireland Ltd.
4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland

Data protection officer of the processing company
Below you will find the e-mail address of the data protection officer of the processing company

https://www.facebook.com/help/contact/1650115808681298

Purpose of the data

This list shows the purposes of data collection and processing.

  • Analysis
  • marketing
  • Retargeting
  • Advertising
  • Conversion tracking
  • Personalisation

Technologies used

This list shows all the technologies that this service uses to collect data.

  • cookies
  • Pixel

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • Viewed adverts
  • Viewed content
  • Device information
  • Geographic location
  • HTTP header
  • Interactions with adverts, services and products
  • IP address
  • Clicked elements
  • Marketing information
  • Pages visited
  • Pixel ID
  • Referrer URL
  • Usage data
  • User behaviour
  • Facebook cookie information
  • Facebook user ID
  • Usage/click behaviour
  • Browser information
  • Device operating system
  • Device ID
  • User Agent
  • Browser type

Legal basis

The required legal basis for the processing of data is stated below

  • Art. 6 para. 1 sentence 1 lit. a GDPR

Place of processing

This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.

  • European Union

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

  • User interactions recorded on the websites are not stored for longer than two years. However, the data is deleted as soon as it is no longer required for the purposes of processing.

Transfer to third countries

When using this service, the data collected may be transferred to another country. Please note that in the context of this service, the data may be transferred to a country that does not have the necessary data protection standards. Below you will find a list of the countries to which the data is transferred. For further information on security measures, please refer to the privacy policy of the respective provider or contact the provider directly.

  • Singapore
  • United States of America
  • United Kingdom

Data recipients

The recipients of the data collected are listed below

  • Meta Platforms Ireland Ltd, Meta Platforms Inc.

Click here to read the data processor's privacy policy.

https://www.facebook.com/privacy/explanation

Click here to read the data processor's cookie policy

https://www.facebook.com/policies/cookies

Storage information

Below you can see the longest possible storage period on a device, depending on the storage method used.

  • Maximum limit for the storage of cookies: 1 year
  • Non-cookie storage: no

6. to whom do we disclose your personal data?

In connection with our processing, we also disclose your personal data to other recipients.
We may disclose personal data that we receive from you or from third-party sources, in particular to other companies in the APCOA Group, which includes APCOA itself. 
We then disclose the personal data required for their services to service providers. This applies in particular to IT service providers, but also to analysis service providers, debt collection service providers, call centres, etc. If service providers process personal data as processors, they are obliged to process personal data exclusively in accordance with our instructions and to take measures to ensure data security. 
data may also be disclosed to other recipients, e.g. to courts, lawyers and authorities in the context of proceedings and statutory information and cooperation obligations, to buyers of companies and assets, to financing companies in the case of securitisations and to debt collection agencies.
In individual cases, we may also disclose personal data to other third parties for their own purposes, e.g. if you have given us your consent or if we are legally obliged or entitled to disclose it.

7. do we disclose personal data abroad?

Recipients of data are not only located in Switzerland. This applies in particular to group companies and certain service providers. These may also be located outside the European Economic Area (EEA) and Switzerland, in particular in the USA, UK, but also in other countries worldwide. For example, we may transfer data to authorities and other persons abroad if we are legally obliged to do so or, for example, in the context of a company sale or legal proceedings. Not all of these countries currently guarantee a level of data protection equivalent to Swiss law. We compensate for the lower level of protection through appropriate contracts, in particular the standard contractual clauses issued by the European Commission and recognised by the Swiss Federal Data Protection and Information Commissioner (FDPIC). Further details and a copy of these clauses can be found at www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html.

In certain cases, we may also transfer data without such contracts in accordance with data protection regulations, e.g. if you have consented to the corresponding disclosure or if the disclosure is necessary for the fulfilment of the contract, for the establishment, exercise or enforcement of legal claims or for overriding public interests.

8 How long do we process personal data?

We store and process your personal data for as long as it is necessary for the purpose of processing (in the case of contracts, generally for the duration of the contractual relationship), as long as we have a legitimate interest in storing it (e.g. to enforce legal claims, for archiving and/or to ensure IT security) and as long as data is subject to a statutory retention obligation (e.g. a ten-year retention period applies to certain data). If there are no legal or contractual obligations to the contrary, we destroy or anonymise your data at the end of the storage or processing period as part of our normal processes.

9. how do we protect your data?

We take appropriate security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorised or unlawful processing and to counteract the risks of loss, unintentional modification, unwanted disclosure or unauthorised access. However, security risks cannot generally be completely ruled out; residual risks are unavoidable.

10 What rights do you have?

You have certain rights under applicable data protection law to obtain further information about our data processing and to influence it. These are in particular the following rights:

Right to information: You can request further information about our data processing. We are at your disposal for this purpose. You can also submit a request for information if you would like further information and a copy of your data.

Objection and deletion: You can object to our data processing and also request that we delete your personal data at any time if we are not obliged to continue processing or retaining this data and if it is not necessary to process the employment relationship.

Correction: You can have incorrect or incomplete personal data corrected or completed or have it supplemented by a confirmation note.

Transfer: You also have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format or to have it transferred to a third party, provided that the corresponding data processing is based on your consent or is necessary for the fulfilment of the contract.

Revocation: If we process data on the basis of your consent, you can revoke your consent at any time. The revocation is only valid for the future, and we reserve the right to continue processing data on another basis in the event of a revocation.

Please note that these rights are subject to legal requirements and restrictions and are therefore not always fully available. In particular, we may need to continue to process and store your personal data in order to fulfil a contract with you, to protect our own legitimate interests, such as the assertion, exercise or defence of legal claims, or to comply with legal obligations. To the extent permitted by law, in particular to protect the rights and freedoms of other data subjects and to safeguard legitimate interests, we may therefore also refuse a data subject request in whole or in part (e.g. by blacking out certain content that concerns third parties or our business secrets).
If you wish to exercise rights against us, please contact us in writing. Our contact details can be found in section 2. We will usually need to verify your identity (e.g. by means of a copy of your ID). You are also free to lodge a complaint against our processing of your data with the competent supervisory authority. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Status of the privacy policy: 15.11.2024