This data protection declaration provides information about how, where and why we process what personal data in connection with capzlog.aero. In addition to this, the data protection declaration provides information about the rights of individuals whose data we process.
Special, supplementary or further data protection declarations and other legal documents such as General Terms and Conditions of Business (GTCB), terms of usage or conditions of participation may apply for individual or additional offerings and services.
Our offering is subject to Swiss data protection law and to any applicable foreign data protection law such as, in particular, the laws of the European Union (EU) including the General Data Protection Regulation (GDPR). The European Commission recognises that Swiss data protection law ensures an adequate level of data protection.
1. Contact addresses
Responsible for processing of personal data:
To the contact form
Should, in individual cases, other entities be responsible for processing of personal data, then we will draw attention to this.
Data protection representation in the European Economic Area (EEA)
As per Art. 27 GDPR we have the following data protection representation in the European Economic Area (EEA), comprising the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway, as an additional point of contact for supervisory authorities and data subjects making enquiries relating to the General Data Protection Regulation (GDPR):
VGS Datenschutzpartner UG
Am Kaiserkai 69
To the contact form
2. Processing of personal data
Personal data means all information relating to an identified or identifiable natural person. A data subject is a natural person whose personal data is processed. Processing means any handling of personal data, independent of the means and procedures which are used and, in particular, the storage, disclosure, acquisition, collection, erasure, saving, alteration, destruction and use of personal data.
The European Economic Area (EEA) comprises the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) defines the processing of personal data as the processing of personal data relating to a specific natural person.
2.2 Legal bases
We process personal data in compliance with Swiss data protection law such as, in particular, the Federal Act on Data Protection (DSG) and the Ordinance to the Federal Act on Data Protection (VDSG). We generally store personal data only in Switzerland.
If and insofar as the General Data Protection Regulation (GDPR) is applicable, we process personal data according to at least one of the following legal bases:
- Art. 6 Para. 1 (b) GDPR where processing of personal data is necessary to perform a contract with the data subject and to take steps prior to entering into a contract.
- Art. 6 Para. 1 (f) GDPR where processing of personal data is necessary to safeguard our or third-party legitimate interests insofar as these interests are not overridden by the fundamental rights and freedoms of the data subject. Legitimate interests are, in particular, our interest in providing our offering in the long term and in a manner which is user-friendly, secure and reliable as well as to advertise this offering if required; information security and protection against misuse and unauthorised use; exercising of our own legal claims; and compliance with Swiss law.
- Art. 6 Para. 1 (c) GDPR where processing of personal data is necessary to comply with a legal obligation to which we are subject as per any applicable law of member states of the European Economic Area (EEA).
- Art. 6 Para. 1 (e) GDPR where processing of personal data is necessary to perform a task carried out in the public interest.
- Art. 6 Para. 1 (a) GDPR to process personal data given with the data subject’s consent.
- Art. 6 Para. 1 (d) GDPR where processing of personal data is necessary to protect the vital interests of the data subject or of another natural person.
2.3 Type, extent and purpose
We process personal data which is necessary to provide our offering in the long term and in a manner which is user-friendly, secure and reliable. Such personal data can fall into the following categories: master and contact data, browser and device data, pilot logbook data, medical data, content data, licence data, meta- respectively peripheral data and usage data, location data or sales, contractual and payment data.
We process personal data for the period which is required for the relevant purpose or purposes or which is required by law. Personal data which must no longer be processed is anonymised or erased. Data subjects whose data we process in general have a right to erasure.
As a matter of principle we only process personal data after obtaining the data subject’s consent unless processing is permissible for other legal reasons, such as to perform a contract with the data subject and to take steps prior to entering into a contract; in response to justified requests from competent authorities such as in particular the Federal Office of Civil Aviation (FOCA) and the Swiss Transportation Safety Investigation Board (STSB); to safeguard our overriding legitimate interests; because processing is evident from the circumstances; or based on prior information.
Within this framework we process in particular the information which the data subject transmits to us voluntarily and themselves when establishing contact with us – for example by letter, email, contact form, social media or telephone – or when registering for a user account. We may, for example, store such information in an address book, a customer relationship management system (CRM system) or using comparable aids. Insofar as the data subject transmits personal data to us via third parties, they are obliged to ensure data protection vis-à-vis such third parties and to ensure the correctness of such personal data.
In addition to this, we process personal data which we receive from third parties; acquire from publicly accessible sources; or collect when providing our offering, if and insofar as such processing is legally permissible.
Personal data originating from job applications is only processed insofar as it is required to assess suitability for an employment relationship or for subsequent performance of an employment contract. The personal data which is required to carry out an application process arises from the information which is requested and/or provided, for example within the scope of a job description. Candidates have the option of transmitting further voluntary information for their corresponding job application.
2.4 Processing of personal data by third parties, also abroad
We can have personal data processed by contracted third parties or process it together with third parties or with the help of third parties as well as transmit this data to third parties. Such third parties are, in particular, providers whose services we use. Should we use such third parties, then we will ensure an adequate level of data protection.
Such third parties are, as a matter of principle, located in Switzerland and the European Economic Area (EEA). Such third parties may, however, also be located in other states and territories around the world or elsewhere in the universe insofar as their data protection law is, according to the adequacy decision of the Swiss Federal Data Protection and Information Commissioner (EDÖB) and – if and insofar as the General Data Protection Regulation (GDPR) is applicable – according to the adequacy decision of the European Commission, applicable and ensures adequate data protection or if, for other reasons, such as a corresponding contractual agreement, in particular based on standard contractual clauses, or corresponding certification, adequate data protection is ensured. In exceptional cases, such a third party may be located in a country without adequate data protection insofar as the data protection law-related prerequisites, such as the data subject’s explicit consent, are fulfilled.
3. Data subjects’ rights
Swiss data protection law grants data subjects whose personal data we process specific rights. These include the right to information and the right to rectification, erasure or blocking of the processed personal data.
Data subjects whose personal data we process may – if and insofar as the General Data Protection Regulation (GDPR) is applicable – demand a confirmation whether we are processing their personal data and, if the answer is yes, information about processing of their personal data; have processing of their personal data restricted; exercise their right to data portability; and exercise their right to have their personal data rectified, erased (“right to be forgotten”), blocked or completed.
Data subjects whose personal data we process may – if and insofar as the GDPR is applicable – withdraw any consent with effect for the future and object to processing of their personal data at any time.
Data subjects whose personal data we process have a right to lodge a complaint with a responsible supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (EDÖB).
4. Data security
We take adequate and appropriate technical and organisational measures to ensure data protection and, in particular, data security. Despite these measures there will, however, always be security gaps when personal data is processed on the Internet. We cannot thus guarantee absolute data security.
Access to our online offering is via transport encryption (SSL / TLS, in particular using hypertext transfer protocol secure, or HTTPS for short). Most browsers identify transport encryption with a padlock in the address bar.
Access to our online offering is – as is, as a matter of principle, all Internet use – subject to groundless, non-suspicion-related mass surveillance and other surveillance by security agencies in Switzerland, the European Union (EU), the United States of America (USA) and other states. We have no direct influence on the corresponding processing of personal data by secret services, police authorities and other security agencies.
5. Use of the website
When you visit our website cookies can be temporarily stored in your browser as “session cookies” or for a predefined period of time as so-called permanent cookies. “Session cookies” are automatically erased when you close your browser. Permanent cookies are stored for a certain duration. Permanent cookies make it possible in particular to recognise your browser when you next visit our website and thus, for example, measure the website’s reach. Permanent cookies can, however, also be used for purposes such as online marketing.
Where cookies are used to measure success and range or for advertising it is possible to make a general objection (“opt-out”) via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA) for numerous web services.
5.2 Server log files
Each time you visit our website we are able to log the following information insofar as your browser transmits them to our server infrastructure or our web server is able to identify them: date and time including time zone; Internet protocol (IP) address; access status (HTTP status code); operating system including user interface and version; browser including language and version; the sub-pages of our website which were retrieved including the transmitted data volume; and the prior website retrieved in the same browser window (referrer).
We store such information, which can also be personal data, in server log files. The information is necessary to provide our online offering in the long term and in a user-friendly, reliable form as well as to ensure data security and thus in particular the protection of personal data – also by third parties or with the help of third parties.
5.3 Tracking pixels
We may use tracking pixels on our website. Tracking pixels are also known as web beacons. They are small, generally invisible images which are automatically retrieved when you visit our website and also used by third parties whose services we employ. Tracking pixels can gather the same information as server log files.
6. Notifications and announcements
We send notifications and announcements such as newsletters by email and via other communication channels such as instant messaging.
6.1 Measurement of success and reach
Notifications and announcements can contain web links or tracking pixels which record whether the specific notification was opened and which corresponding web links were clicked. Such web links and tracking pixels can also record the use of notifications and announcements by specific data subjects. We require this statistical recording of use within the scope of measuring success and reach, which is in turn intended to ensure that notifications and announcements are based on recipients’ needs and reading habits and thus effective and user-friendly, as well as to be able to offer notifications and announcements in the long term and in a secure, reliable manner.
6.2 Consent and objection
You must as a matter of principle expressly consent to the use of your email address and your other contact addresses unless this use is permitted for other legal reasons. Wherever possible we use the “double opt-in” procedure when obtaining any consent to the receipt of emails. In other words, you receive an email with a web link which you must click as confirmation and to ensure that no unauthorised third parties can abuse your personal data. Such consents, including the Internet protocol (IP) address and the date and time, may be logged as evidence and for security reasons.
You may as a matter of principle unsubscribe from notifications and announcements such as newsletters at any time. Notifications and announcements which are absolutely essential for our offering may be excluded from this. When you unsubscribe you can, in particular, object to the statistical recording of use to facilitate the measurement of success and reach.
6.3 Use of service providers to send notifications and announcements
We use the services or help of third parties to transmit notifications and announcements. When doing so, cookies may be used. We ensure adequate data protection when using such services.
7. Social Media
We have a presence on social media platforms and other online platforms so that we can communicate with potential members and provide information about our offering. Personal data generated in this context may also be processed outside of Switzerland and the European Economic Area (EEA).
With regard to our social media presence on Facebook we are, if and insofar as the GDPR is applicable, jointly responsible together with Facebook for the so-called Page Insights. Page Insights provide information about how visitors interact with our Facebook presence. We use Page Insights to make our Facebook social media presence effective and user-friendly. Facebook has published information on Page Insights data plus a supplement regarding responsibility for Page Insights.
8. Success and reach measurement
We use Google Analytics to analyse how our website is used, whereby we can, for example, also measure its reach and the success of third-party links to our website. This is a service of Google LLC in the USA. Google Ireland Limited, located in Eire, is responsible for users in the European Economic Area (EEA) and Switzerland.
Google attempts to also record individual visitors to our website who use a variety of browsers or devices (cross-device tracking). When doing so cookies are also used. Google Analytics requires your Internet Protocol (IP) address, however this information is kept separate from other Google data.
In all cases we have your Internet Protocol (IP) address anonymised before it is analysed by Google. This means that your full IP address is, as a matter of principle, not transmitted to Google in the USA.
9. Third-party services
We use third-party services so that we can provide our offering in the long term and in a manner which is secure and reliable. Such services also allow us to embed content in our website. These services – for example, hosting and storage services, video services and payment services – require your Internet Protocol (IP) address since they would not otherwise be able to transmit corresponding content. Such services may be located outside of Switzerland and the European Economic Area (EEA) insofar as adequate data protection is ensured.
Third parties whose services we use may also process data related to our offering and from other sources – including cookies, log files and tracking pixels – in an aggregated, anonymised or pseudonymised manner for their own security-relevant, statistical and technical purposes.
9.1 Digital Infrastructure
We use the services of third parties in order to be able to use the digital infrastructure required for our services. These include in particular hosting and storage services from specialised providers. Such providers process - usually exclusively on our behalf - the data required to operate this infrastructure. This includes in particular your Internet Protocol (IP) address. We also guarantee appropriate data protection with such providers.
We use payment service providers to process our customers’ payments securely and reliably. We only use payment service providers who ensure an adequate level of data protection. Processing is subject to the relevant payment service provider’s terms, such as their general terms and conditions of business (GTCB) or data protection declarations.
9.2.1 We use in particular PayPal to process payments. PayPal is a service of PayPal (Europe) S.à.r.l. et Cie, S.C.A in Luxembourg as well as of PayPal Pte. Ltd. in Singapore. For information about the type, extent and purpose of data processing, see the data protection declaration.
9.2.2 We use in particular SIX Payment Services (including Saferpay) to process payments. It is a service of the Swiss SIX Payment Services AG together with SIX Payment Services (Europe) S.A. in Luxembourg as well as a branch in Austria and the german SIX Payment Services (Germany) GmbH. For information about the type, extent and purpose of data processing, see the data protection declaration and the "Customer information on data protection" of SIX Payment Services.
10. Extensions for the website
11. Concluding provisions
We may adjust and add to this data protection declaration at any time. We will provide notification of such adjustments and additions in an appropriate form, in particular by means of publishing the corresponding current data protection declaration on our website.