This privacy statement applies to the processing of personal data by Swissport in general and also for all pages on our online network which link to this statement.
General information regarding your rights as applicant can be found here.
If you are a State of California, USA, resident, California law may provide you with additional rights regarding Swissport’s collection and use of your personal information. To learn more, visit the CCPA Privacy Notice for California Residents.
General information on data processing
We collect and use personal data to the extent necessary for providing a functional website, our content and products/services as well as for pursuing other legitimate interests as described below.
Legal basis for the processing of your data:
- In cases where we obtain consent from data subjects for processing operations on personal data, Art. 6(1) a of the EU General Data Protection Regulation (GDPR) serves as the basis.
- When processing personal data necessary for the performance of a contract to which the data subject is party, Art. 6(1) b of the GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out steps prior to entering into a contract.
- In cases where processing of personal data is necessary to comply with a legal obligation which our company is subject to, Art. 6(1) c of the GDPR serves as the legal basis.
- In cases where vital interests of the data subject or another natural person make it necessary to process personal information, Art. 6(1) d of the GDPR serves as the legal basis.
- If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party (such as subject matter professionals in the fields of Communication, Marketing, PR, Legal, Finance, Health and Safety, Personal Development or other), and the interests, fundamental rights, and fundamental freedoms of the data subject do not override the interests of the former, Art. 6(1) f of the GDPR shall serve as the legal basis for the processing.
In particular, legitimate interests may include:
- Replying to enquiries;
- Carrying out direct marketing measures;
- Provision of services and/or information intended for you;
- The processing and transfer of personal data for internal and/or administrative purposes;
- The operation and administration of our website;
- The technical support of users;
- Avoiding and detecting cases of fraud and crimes;
- Establishment, exercise or defence of rights or legal claims before national or foreign courts, authorities or other judicial bodies;;
- Avoidance of prejudice and/or liability of the company through appropriate measures;
- Protecting against non-payment by obtaining credit reports in the case of enquiries regarding deliveries and performance; and or
- Ensuring network and data security, provided that these interests comply with the corresponding applicable laws and the rights and freedoms of the user;
Usage data/server log files
Each time our webpages are accessed, our systems automatically collect data and information from the computer system of the accessing computer.
In this case, the following types of data are collected: Browser type, version used, operating system of the user, internet service provider, IP address of the user, date and time accessed, websites from which the user’s system are directed to our website or which the user is directed to from our website.
The legal basis for the temporary storage of the data collected via webpages and the related log files is Art.6(1) f of the GDPR with the aforementioned legitimate interests.
The temporary storage of the IP address by the system is necessary to make it possible for the website to be delivered to the user’s computer. For this purpose, the IP address of the user must remain saved for the duration of the session.
Storage in log files takes place to ensure the functionality of the website. Furthermore, we use the data to optimise the website and to ensure the safety of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes also justify our legitimate interests to perform data processing pursuant to Art. 6(1) f of the GDPR. Personal data will be deleted as soon as they are no longer necessary to fulfil the purpose of their collection. In particular, the case of the collection of the data for the provision of the website, this is the case when the respective session is terminated. The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Furthermore, we reserve the right to review the files when concrete indications exist which point to a justified suspicion of unlawful use or a specific attack on the pages. In this case, it is within our legitimate interests to perform processing for the purposes of clarifying the issue and the criminal prosecution of such attacks and unlawful use.
General information on web beacons/tracking pixels
Web beacons are invisible images with the size of one pixel. These are used by partner companies, in particular for the purposes of tracking a user across various web pages for building a profile which allows users to be shown customised advertising (targeting). A pixel integrated into the webpage is loaded from the partner’s server when the webpage is accessed. In doing so, the partner receives your IP address as well as information about your browser and its version as well as the browser plugins used (browser fingerprint), about your operating system, as well as about your network operator.
Content from external providers
Some of our websites integrate third-party content into their offerings, such as videos from YouTube, map content from Google Maps, images, texts, and multimedia files, RSS feeds, or additional services from other websites. This always requires your IP address to be transmitted to the providers of the content. We are unable to provide information on how your data is used by these providers and also have no influence over subsequent processing. In particular, we have no information on whether the data will also be used for additional purposes, such as building a profile. To find out more, please consult the respective data privacy notices of the corresponding third-party providers.
Among other things, you can protect yourself from further tracking via tracking pixels from these providers by turning off the acceptance of third-party cookies in your browser settings.
Contact form and e-mail contact
Our webpage contains a contact form which can be used for getting in touch electronically. If a user makes use of this option, the data entered into the input form will be transmitted to us and saved. This data comprises: Name, address, e-mail address, telephone number etc. At the time the message is sent, the following data will also be saved: The IP address, date, and time. For processing the data, your consent will be obtained as part of the sending procedure, and reference will be made to this privacy statement.
Alternatively, you can also get in touch via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail will be saved.
The legal basis for the processing is:
- For the processing of the data after the user registers for the newsletter, provided that the user has given consent, Art. 6(1) a GDPR.
- For the processing of data which is transmitted as part of the sending of an e-mail or name and contact details collected by us or disclosed to us, Art. 6(1) f GDPR with the aforementioned legitimate interests.
- If the e-mail contact serves the purpose of entering into a contract, Art. 6(1) b of the GDPR serves as the additional legal basis for the processing.
In the case of the establishment of contact via e-mail, this also includes the required legitimate interest in the processing of the data. The other personal data processed during the sending procedure serve to prevent the abuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as they are no longer necessary to fulfil the purpose of their collection or upon expiration of our legitimate interest. For the personal data from the input fields of the contact form and data that have been transmitted via e-mail, this is the case when the respective conversation with the user has terminated. The conversation is terminated when circumstances allow one to surmise that the respective issue has been conclusively resolved. The additional personal data collected during the sending procedure will be deleted no later than after a deadline of seven days. You can use the contact form to inquire about how we process your personal data collected.
The user has the option of revoking his consent for the processing of the personal data at any time. If the user establishes contact with us via e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
Some of our websites allow you to subscribe to a free newsletter. Provided you give us your specific consent, we will send you e-mail newsletters with promotional information (hereinafter ‘newsletter’). Our newsletter contains information on our service offerings, promotions, events, prize draws, job offers, and articles.
After registration, the data subject receives a confirmation e-mail in which an activation link needs to be clicked on to complete the registration. This corresponds to the double opt-in procedure, which ensures that the data subject is not registered for the newsletter by a third party and for documentation purposes. The consent for receiving the newsletter can be revoked by sending an e-mail to the e-mail address specified in the ‘Impressum’/Legal notice or by clicking on the unsubscribe link in the newsletter.
However, messages without promotional information which are sent as part of our contractual or other business relationship do not constitute newsletters. This includes e.g. the sending of service e-mails with technical information and follow-up questions on orders, events, prize draw notifications, or similar messages.
For the newsletter, only the e-mail address of the data subject is collected and stored. The legal basis is Art. 6(1) f GDPR with the aforementioned legitimate interests.
A statistical evaluation of the reading behaviour only takes place to the extent where it can be determined whether the recipients have opened the newsletter and clicked on the links. However, this is a function which we only use to review user activity and be able to perform the corresponding optimisations. For this purpose, the newsletter contains a web beacon, a pixel-sized file which is accessed from our server when the newsletter is opened.
You may revoke your consent to the storage of the data, the e-mail address, as well as its use to send the newsletter at any time. This revocation can be performed via a link in the newsletter itself, (in your profile area) or by sending a message to the following avenues of contact.
Data collection during registration and registered use
Some of our websites require or offer registration. The data collected during this procedure are utilised for the purposes of the use of the respective websites and services, unless otherwise described during the registration and explicitly consented to. The data collected is given by the input form used as part of the registration. All other data which you can add at a later point in time in order to complete your profile is optional and voluntary. After registration, we are permitted to inform you about relevant circumstances related to our offering which you have registered for via the e-mail address specified.
Collection and use of personal data in application procedures
Ensuring the highest possible protection for your personal data is one of our top priorities. All personal data which are collected and processed by us as part of an application are protected against unauthorised access and tampering via technical and organisational measures. Your data will be collected for filling positions in the entire company group. By entering your data, you declare your consent to the use of your data in all companies with group affiliation to the company. Furthermore, you also consent to the evaluation of your data by a service provider which assists us with the evaluation of applications with the help of psychological analysis. As part of this analysis, your application may be automatically rejected due to certain criteria. If this happens, we will inform you of this and provide you with the opportunity to make a statement. By entering your data, you also consent to allowing us to store the applications for the duration of 2 years in order to consider you for positions that become available in future as well. More information is available in the privacy statement for applicants.
Data in user-generated content
If you write comments or articles or upload files to our servers or publish images or use other services, your IP address and — if you are signed in — your user data will be stored for our security. Due to the large amount of unlawful content which is placed on the internet daily, we reserve the right to utilise this information for defence in legal disputes or criminal prosecution; i.e. also to hand it over to the opposing party in a claim, law enforcement authorities, as well as courts.
On some of our websites, you can subscribe to follow-up comments. If you are not signed in, you will receive a confirmation e-mail in what is called a double opt-in procedure in order to verify that you are the rightful owner of the e-mail address specified. You can unsubscribe from these notifications at any time. Every one of the e-mails contains instructions for this. Registered users do not have to undergo the double opt-in procedure, as this takes place during registration.
Furthermore, in the case of orders or commissions, we reserve the right to disclose personal data to third parties for credit checks, provided that this is necessary for safeguarding our legitimate interests. In this case, only the data required to calculate the credit rating via a mathematical and statistical procedure by the credit agency will be transmitted. We require credit checks in order to make decisions regarding the establishment and performance of a contractual relationship while safeguarding our legitimate interests.
Transmission of data via the internet
The transmission of data via the internet generally involves certain risks. Deliberate encryption of the data does not take place; in particular, messages from the contact form of our website and messages in the service chat are transmitted unencrypted.
Please bear this in mind when transmitting data. If you would like to communicate with us via encrypted e-mail, this can be done via S/MIME encryption. Please specifically request this encryption from us, as we generally send messages unencrypted due to the currently low market penetration of e-mail encryption procedures.
Disclosure of data
When provided with your personal data, we only disclose it to third parties to the extent necessary for the performance of the contractual relationship or based on other legal grounds legitimising such disclosure. Swissport may transfer personal data to third countries (including the United States of America and Switzerland) or to international organisations. Where personal data is transferred to a third country that has received an adequacy decision from the European Commission (e.g., Switzerland) Swissport may rely on that adequacy decision. Where no adequacy decision is in place, Swissport implements Standard Contractual Clauses.
Moreover, we provide certain services with the assistance of service providers. We have carefully selected these service providers and taken corresponding measures to protect your personal data.
The personal data of the data subjects are deleted or rendered unavailable as soon as the purpose of storage no longer applies. The assessment of continued storage is based on the purpose of processing, the frequency and intensity of processing as well as the necessity and commensurability of processing in its current state. Furthermore, storage may also take place when this is provided for via European or national legislation in Union regulations, laws, or other provisions which the controller is subject to. The data is also rendered unavailable or deleted when a prescribed storage duration mandated by the specified standards expires, unless there exists a necessity for the continued storage of the data for the conclusion of a contract or the fulfilment of a contract.