Privacy Policy – Board of Airline Representatives in Switzerland

Introduction
General Information on Data Processing
Provision of the website and creation of log files
Email contact
Membership
Member area
Cloud
Disclosure of data to third parties
Rights of the data subject
Controller

1. Introduction

This privacy notice serves to inform you about how we handle the personal data collected, processed and stored through our website.

This privacy notice applies to the website of B.A.R. Switzerland. We assume no responsibility for the data protection regulation compliance of other websites linked on ours.

We reserve the right to change the contents of this privacy notice, especially if we offer new or modified services or if changes in the applicable legislation or legal precedents make modifications necessary or useful, as long as the user can reasonably be expected to accept them taking into account our legitimate interests.

2. General information on data processing

2.1 Scope of processing of personal data

We collect and process personal data of our users insofar as necessary for providing a functioning website and delivering our content and services, including the processing of orders placed through our online forms.

The collection and processing of our users’ personal data take place regularly only with the user’s consent. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.

2.2 Legal basis

Generally, the Swiss Federal Act on Data Protection (FADP) serves as the legal basis for this privacy notice. In addition, the EU General Data Protection Regulation (GDPR), which is frequently mentioned in this notice, applies for users from EU member states.

2.3 Data deletion and storage duration

A user’s personal data are deleted or blocked as soon as the purpose of storage ceases to apply. Storage can also occur if provided for by the European or national legislator in EU regulations, laws or other legislation to which the controller is subject.

Blocking or deletion of data also occurs when a storage period prescribed by the aforementioned legislation expires, unless there is a need for further storage of data for the conclusion or fulfillment of a contract.

3. Provision of the website and creation of log files

3.1 Description and scope of data processing

Our website can be visited without provision of any personal data. For every access query to our website, our system automatically collects data transmitted by the user’s web browser.

The following data are collected in this process:

Browser type, version and language
Operating system and language setting used
Activated browser plugins
Screen resolution
Address of the website visited previously (referrer URL)
Host name of the user’s computer (IP address)
Date and time of access
Name of the file being requested
Volume of data transmitted
Report on successful data retrieval

These data are compiled in log files and saved on our server. No further personal data are stored together with the log file data.

3.2 Legal basis

EU: Art. 6 para. 1 lit. f GDPR

3.3 Purpose

The temporary storage of the IP address by our system is necessary for granting the user’s system access to our website. For this purpose, the user’s IP address must be stored for the duration of the session.

Data storage in log files is required to ensure the functioning of the website. Furthermore, the data allows us to optimize the website and ensure the security of our IT systems. No data analysis for marketing-related purposes is performed in this context.

These purposes correspond to the legitimate interests in data processing in accordance with the above mentioned legal basis.

3.4 Duration of storage

The data are deleted as soon as they are no longer needed to fulfill the purpose for which they were collected. In the case of data collection for the purpose of providing the website, this is the case as soon as the session ends. In the case of data storage in log files, this is the case after 10 weeks. In the case of statistical information, this is the case after 12 months.

3.5 Ability to object and delete

The collection of data for the provision of the website and the storage of data in log files is necessary for the operation of the website. The website user therefore has no ability to object to the processing of their data.

4. Email contact

4.1 Description and scope of the processing of personal data

On our website, users can personally contact us via email by using the email address provided. In this case, the sender’s personal data transmitted along with the email message are stored.

These data are:

Email address
Name

In addition, further data commonly used for email messages are transmitted and stored, such as:

Subject
Message content and email attachments
Sender’s IP address
Host name of the mail server
Host names of the relaying servers
Date and time of submission
Email application used

4.2 Legal basis

EU: Art. 6 para. 1 lit. a, b and f GDPR

4.3 Purpose

The data are used only to process the communication. This corresponds to the legitimate interests in processing personal data.

4.4 Duration of storage

The data are deleted as soon as they are no longer needed to fulfill the purpose for which they were collected. For personal data transmitted by email, this is the case after 10 years at the latest.

4.5 Ability to object and delete

The user has the possibility to withdraw their consent to have their personal data processed at any time. When the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, we can no longer communicate with the user.

In this case, all personal data stored in the communication process will be deleted.

5. Membership

5.1 Description and scope of the processing of personal data

Scheduled airlines can apply for membership in our organization by filling in the accreditation questionnaire available on our website.

Personal data collected is:

Name, phone number and signature of person signing the questionnaire
Name, address, phone number, email address

5.2 Legal basis

EU: Art. 6 para. 1 lit. a, b and f GDPR

5.3 Purpose

We collect, store and process these data in order to provide our members with services for their membership including access to our online platforms.

5.4 Duration of storage

Data is stored for the period of their membership and after it for 10 years due to tax laws.

5.5 Ability to object and delete

You can have your data removed on request anytime by unless any laws require us to keep it on record. Removing your data means cancelling your membership. Please contact us.

6. Member area

6.1 Description and scope of the processing of personal data

On our website the delegates of our members can access a member area using their credentials in order to manage and publish their data in the public directory and job board.

These personal data for a user account is:

Given name
Family name
Username
Email address

Other personal data that is published in the directory is:

Name of alternate delegate (optional)
Name of person authorizing concessional trips (optional)
Names, postal addresses, phone numbers, fax numbers, SITA telex address and email of other contacts of the member (optional)

Other personal data that is published in the job board is:

Name and contact data for job applications (optional)

6.2 Legal basis

EU: Art. 6 para. 1 lit. a, b and f GDPR

6.3 Purpose

We collect, store and process these data in order:

to provide the public with a member directory and job postings
for our members to access and publish data

6.4 Duration of storage

Data is stored for the period of Data is stored for the duration of the membership or as long as the contact data in directory or for the job opening is valid.their membership and after it for 10 years due to tax laws.

6.5 Ability to object and delete

Members can update and remove their data in the directory and job board anytime using their user account. Basic membership information will only be deleted when the membership has been terminated. It can be updated anytime by contacting our Executive Officer.

7. Cloud

7.1 Description and scope of data processing

On our cloud the delegates of our members can access an internal address book as well as documents (files) using their credentials.

These personal data for a user account is:

Given name
Family name
Username
Email address

Other personal data that is published in the address book is:

Contact data such as address, phone and fax number
Name and contact data of other people of the member (optional)

7.2 Legal basis

EU: Art. 6 para. 1 lit. f GDPR

7.3 Purpose

We collect, store and process these data in order:

to provide our members with documents and an internal address book
for users to access to this data

7.4 Duration of storage

Data is stored for the duration of the membership.

7.5 Ability to object and delete

Members can update the data of their user account anytime. In order to update or delete data in the address book members can contact our Executive Officer.

8. Disclosure of data to third parties

8.1 Description and scope of the processing of personal data

We may disclose our users’ personal data collected through our website to third parties in order to carry out our activities or fulfill contracts.

The following data may be disclosed to third parties:

To our hosting provider in Switzerland: Log files and any data of our website and cloud

The scope of the data is described above.

When a person is a member or a person contacts us in writing or by telephone or is in a customer relationship with us, we may also disclose personal data to the following third parties for the following purposes:

To Swiss International Airlines in Switzerland: addresses, email (data scope: contact data, email messages).
To a Swiss bank: for payments (data scope: payment information)
To Swiss tax authorities: to fulfill tax obligations (data scope: invoice data)

8.1.1 Unencrypted emails

Due to the open nature of the email service, it cannot be ruled out that data transmitted by email are viewed by third parties, in particular when emails are unencrypted.

8.1.2 Data retention

Data transmitted over the internet may be viewed, stored and processed by third parties such as internet providers or state institutions. According to the Swiss Federal law on the surveillance of post and telecommunications traffic (SPTA), Swiss internet providers are obliged to store internet metadata (this is called “data retention”). Similar regulations may apply in other states.

8.2 Legal basis

EU: Art. 6 para. 1 lit. f GDPR
CH: Data retention: Federal law on the surveillance of post and telecommunications traffic (SPTA)

8.3 Purpose

The purpose of the collection, storage, transmission and processing of these data is mentioned above.

8.4 Duration of storage

The duration of storage is mentioned in the paragraph on the respective data collection context. The storage of personal data in a customer relationship depends on the duration of the customer relationship. In tax matters, the retention period stipulated by the legislator is applicable (10 years at most).

8.5 Ability to object and delete

The possibilities described in the paragraph on the respective data collection context apply. You can have address data stored with us deleted at any time, which generally ends the membership/customer relationship.

9. Rights of the data subject

If your personal data are processed, you are a data subject as contemplated by the GDPR (EU) or the FADP (Switzerland).

If you are a data subject as contemplated by the GDPR, you have various rights in relation to the controller (right to information, right to rectification, right to restriction of processing, right to erasure, right to notification, right to data portability, right to object, right to withdraw consent, right to lodge a complaint). You can find more details in chapter III of the GDPR at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679

10. Controller

Board of Airline Representatives
Mr. Ricardo Aresu
P.O.Box/ZRHAG/HS/ARRI
8058 Zurich Airport
SWITZERLAND

For more details please see our contact page.

Updated: 21 March 2023