Swietelsky Rail Benelux B.V.
(hereinafter referred to as “Swietelsky”)

PREAMBLE

At Swietelsky Rail Benelux B.V. with its headquarters at Vestigingsadres, Laarakkerweg 11, 5061 JR Oisterwijk and its subsidiaries (collectively Swietelsky), the protection of the personal data of contact partners is a primary concern for all business partners and employees. For this reason, Swietelsky processes personal data in coordination with the relevant applicable legal provisions for the protection of personal data and data security.

I. SCOPE:

Objective: These guidelines regulate the handling and processing of personal data in the Swietelsky business group.

Personal: These guidelines apply to all employees of the Swietelsky business group as well as their partners, clients and suppliers and other people integrated in Swietelsky operations.

Time: These guidelines come into effect on 25.5.2018 and are a minimum standard for the processing of personal data.

II. PURPOSE OF DATA PROCESSING:

Swietelsky processes the personal data of employees, partners, clients and suppliers for the purpose of carrying out business activities and thus fulfilling legal and contractual requirements.

1. Processing business partner data:

Swietelsky processes the personal data provided to us by stakeholders, clients, suppliers etc. for the creation of offers and the settlement of commissions and the fulfilment of the associated contractual and legal obligations.

2. Applicants:

The contact details and application documents provided as part of an application are electronically processed by us for the purposes of selecting a suitable candidate for a service relationship. In the event of a rejection, the application documents are only kept beyond the legal retention obligations in evidence if you consent to this.

3. Website & Google Analytics:

a. IP-Address:

When you visit our website, information is automatically saved on a web server. This includes the browser used, the operating system used, which site brought you to our web page, the IP address, the time of access and other information. This data is pseudonymised from the viewpoint of Swietelsky and cannot be assigned to any clear individual without further data sources.

Swietelsky does not evaluate this data unless you have used the website illegally.

b. Google Analytics

Our website uses the service Google Analytics, which is provided by Google Inc. (1600 Ampitheatre Parkway Mountain View, CA 94043, USA) for the user to analyse website use. The service uses ‘cookies’ - text files, which are stored on your end device. The information collected by cookies is generally sent to a Google server in the USA and saved there.

This website uses IP anonymisation. The user’s IP address is shortened within the member states of the EU and the European Economic Area. When this shortening takes place, your IP address ceases to be traceable to a specific person. As part of the agreement on contract-related data processing that this website operator has closed with Google Inc., they provide an analysis of website use and website activity with the help of the collected information and provides services associated with internet use.

You have the option to prevent the storage of cookies on your device by using a corresponding setting on your browser. We cannot guarantee that you will be able to access all of this website’s functions without limitations if your browser does not allow cookies.

Furthermore, you can use a browser plugin to prevent the information collected by the cookies (including your IP address) being sent to Google and used by Google Inc. The following link will take you to the corresponding plugin: tools.google.com/dlpage/gaoptout [tools.google.com]

Alternatively, you can prevent Google Analytics collecting data about you within this website by clicking this link tools.google.com/dlpage/gaoptout [tools.google.com]. By clicking the above link you will download an ‘opt-out cookie’. Therefore your browser must allow the storage of cookies for this to work. If you delete your cookies regularly it will be necessary to click on the link every time you visit the website.

You can find more information on the way Google Inc uses data here: support.google.com/analytics/answer/6004245 [support.google.com]

c. Notes on cookies

When you visit our website, we advise you in accordance with EU cookie guidelines that our website uses cookies. Cookies are small text files, which are left on your hard drive when you visit our website. Here we differentiate between the different types

  • ‘Session Cookies’ which are automatically deleted when you close your browser depending on the settings on your browser programme
  • ‘Permanent cookies’, which are left with an expiration date and remain after closing your browser.

To prevent you from having to confirm that you accept the use of cookies every time you visit the website by clicking OK, a permanent cookie ‘cb-enabled’ is stored for a duration of 365 days.

On our website we use so-called ‘session cookies’ to make using our website easier and secure the website’s basic functions.

These cookies do not retrieve information stored about you on your hard drive and do not negatively impact your PC or files. Most browsers are set up in such a way that they automatically accept cookies. You can, however, deactivate the saving of cookies or set your browser so that it informs you when cookies are delivered.

You can delete cookies which are already on your computer at any time. The process for doing this varies according to the browser, please refer to your browser instructions (under ‘help’ on the browser menu)

III. LEGAL BASIS FOR PROCESSING:

According to the data protection guidelines applicable in the EU, there must be a legal basis to process your personal data. The relevant applicable legal basis depends on which of these defined purposes your personal data is processed for:

In certain cases, you must have given permission for the collection and processing of your personal data. If you give permission you can revoke it later. Please be aware that revoking your permission has no effect on processing which has already taken place.

In other cases the processing of your personal data may be necessary to adhere to the applicable legal conditions and guidelines or to fulfil a contract relating to you.

In other cases again your personal data may be processed due to a justified interest to communicate with you about our services.  

IV. PRINCIPLES FOR PROCESSING PERSONAL DATA:

The processing of personal data at Swietelsky is based on strict principles, which prioritise the protection and security of data and the rights of those affected.

Lawfulness & transparency: Data protection is conducted lawfully and in good faith.

Earmarking: the data is collected and processed for defined, clear and legitimate purposes. The processing of data is not conducted in ways not corresponding to these purposes.

Data minimisation: Only data, which is absolutely necessary for the given purposes is collected and processed. If it is possible to achieve the purpose and the effort required is reasonable, only anonymised data is processed.

Memory limitation and deletion: Personal data is deleted as soon as the purpose for which it was originally collected ceases to apply and legal retention times do not prevent deletion. If in individual cases there are interest parties to this data worthy of protection, it is stored until the interested parties worthy of protection have been legally cleared.

Data security: Data confidentiality applies to personal data. The data is to be treated as confidential and protected against unauthorised access, improper manipulation or forwarding as well as against loss and destruction using relevant organisational and technical measures.

Factual correctness: Personal data is to be kept correct, in full and up to date. Applicable measures are met to correct outdated, incorrect or incomplete data.

V. DATA TRANSFER:

Personal data is only transferred to recipients outside of the Swietelsky business group and recipients in third party EU countries in compliance with applicable laws and on a lawful basis as well as observing the highest level of confidentiality and data security. We do not sell or lease personal data to third parties for their own marketing purposes.

Personal data is transferred to recipients within the Swietelsky group to fulfil legal requirements and simplify group-wide administrative activities. Here, the data is only transferred adhering to the legal framework conditions.

The following categories of recipients exist in the sense of art. 13 sec. 1 lit e GDPR

  • Affiliate companies of the responsible party
  • Subcontractors, general contractors, suppliers
  • Processors, provided they need the data to fulfil their relevant services
  • Authorities, public bodies and institutions 
  • Notaries, legal and tax advisers, collection service providers and experts for the enforcement, practice or defence of legal claims
  • Auditing firms for the fulfilment of accountability
  • Insurance companies
  • Credit and financial institutes or comparable institutions
  • Courts for the enforcement, practice or defence of legal claims
  • Arbitration boards

VI. OBLIGATION TO MAINTAIN DATA CONFIDENTIALITY:

All employees of the Swietelsky business group and employees of the contractual partners are contractually obligated to maintain confidentiality and are regularly informed and instructed on the safe handling of personal and other critical data.

VII. DATA SECURITY:

The protection of the confidentiality, availability and integrity of data is a significant task for Swietelsky. The same applies equally to operational secrets, client data, personal data and other critical information.

For this purpose, technical and organisational safety measures are established and continually improved in accordance with the current standard of technology and internationally recognised best practices and safety standards.

VIII. DATA PROTECTION OFFICERS:

Swietelsky is not required to appoint a data protection officer as article 37, section 1 of the EU GDPR does not apply. Due to the importance of data protection, Swietelsky has decided to voluntarily appoint a data protection officer. This officer is available to those affected and the data protection authorities as a point of contact.

IX. RIGHTS OF THOSE AFFECTED:

Each affected person whose data is processed by Swietelsky has the option at any time to invoke their own rights and apply these at Swietelsky. To exercise your rights, you can contact us in writing at any time by sending an email to datenschutz@swietelsky.com.

Disclosure: Those affected can request a disclosure at any time of which personal data is processed about them and which purposes this processing serves.

Rectification: Those affected have the right to request the immediate rectification of incorrect personal data relating to them.

Limitation: Affected people have the right to limit processing if the correctness of the data relating to them is disputed, the processing is unlawful, the data is no longer needed for processing or the affected people have revoked the processing.

Revocation: Those affected have the right to object to the processing of personal data relating to them.

Transferability: Affected people have the right to receive the personal data relating to them that they have made available to Swietelsky in a structured, common and machine-readable format. They also have the right to request the transfer of this data to another responsible party provided this is technically feasible. The transferability only applies to personal data, which is processed with the help of automated processes.

Deletion - right to be forgotten: The affected person has the right to request the immediate deletion of the personal data relating to them if there is no legal basis for the processing of the data or there ceases to be such a basis, the data processing is revoked or the data processing is unlawful and no legal retention period makes deletion impossible. Data security is also important in relation to rights, so the invocation of rights is only possible after an unequivocal identification of the affected person is possible.

Right to complain: Those affected have the right to issue a complaint to the data protection authority at any time.

X. CONTINUAL CONTROL AND IMPROVEMENT:

The continual improvement of quality and processes is very important to Swietelsky. There are defined processes for continually increasing quality, which has also been proven with a certification in accordance with ISO 9001. Adherence to data protection guidelines and the applicable legislation and the effectiveness of data protection and data security measures is measured and increased continually with the help of this process to ensure the data protection measures are run optimally.