This website was created and published by Transa Backpacking AG, Josefstrasse 53, 8005 Zurich, Switzerland, listed in the commercial register of the canton of Zurich under number CHE-105.852.057 (‘Transa’, ‘we’, ‘us’). The controller under data protection law is Transa Backpacking AG, unless otherwise stated in this Privacy Policy.
This Privacy Policy applies to the website www.transa.ch, to all our other offers and to all associated instances of the processing of personal data (‘personal data’).
Please read the below information so you know what personal data Transa collects from you and what Transa uses it for. In terms of data protection, we are primarily guided by the legal requirements of Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and the European General Data Protection Regulation (GDPR), the provisions of which could apply in individual instances.
Please note that the information below may be reviewed and amended from time to time. Therefore, we recommend checking this Privacy Policy at regular intervals.
Your personal data is collected by us to the following extent and used for the following purposes:
1. Extent and purpose of the collection, processing and usage of personal data
a. When visiting www.transa.ch
When you visit our website, our servers temporarily store every instance of access in a log file; we collect the following data without your input. This may be stored for up to three months before being automatically deleted:
The IP address of the accessing computer,
The name of the owner of the IP address area (generally your internet access provider),
The browser type and version,
The date and time of access,
The website from which access was made (referrer URL) or, if applicable, the search term used,
The name and URL of the file and file size accessed,
The status code, e.g. error warning,
Your computer’s operating system.
This data is generally collected and processed in anonymised form, without being associated with a particular person. This is undertaken for the purpose of enabling website use (connection creation), to ensure system security and stability in the long run, to optimise our internet offering and for internal statistical purposes. The information above is not connected to or stored with personal data.
The IP address will only be evaluated for clarification and defence purposes in instances of an attack on the website’s network infrastructure or if another impermissible or abusive use of the website is suspected. If applicable, it may be used for identification purposes during criminal proceedings or against the user in question in civil and criminal proceedings.
Geolocalisation can also be conducted with the IP address to narrow down your location. The IP address is not stored beyond the end of the usage process for geolocalisation purposes. This data is collected and processed for the purpose of enabling website use (connection creation), to ensure system security and stability in the long run, to optimise our internet offering and for internal statistical purposes. This represents our legitimate interest in data processing under Art. 6 (1) (f) GDPR.
b. When registering for a user account and the newsletter
We collect the following data from you (*mandatory) when you register for a user account:
Title
First name*
Surname*
Email*
Password*
Date of birth
Acceptance of GTCs*
We need this information so that we can process your orders and provide you with an overview of your orders. The legal basis for processing your personal data is the pre-contractual measures and the performance of a contract under Art. 6 (1) (b) GDPR and our legitimate interest under Art. 6 (1) (f) GDPR.
Your email address is all we require in order for you to subscribe to our newsletter; the other data listed above can be provided if you wish. By registering for the newsletter, you consent to our processing of this data to regularly send the newsletter to the email address provided. This consent under Art. 6 (1) (a) GDPR is the legal basis on which we process your data.
In addition, we are entitled to commission third parties to handle the technical processing of marketing campaigns. As a result, we have the right to provide your personal data to third parties for these purposes.
We use the email marketing services offered by a Canada-based service provider (see sections 4 and 11 below on the transmission of data abroad) to send our newsletter.
Our newsletter may contain a web beacon (tracking pixel) or similar technical feature. A web beacon is an invisible graphic, 1x1 pixel in size, that is associated with the user ID of the newsletter subscriber in question.
For every newsletter sent, it provides information on the address file used, the subject and the number of newsletters sent. In addition, it shows which addresses have not yet received the newsletter, to which addresses it was sent, and to which addresses it was not possible to send it. Furthermore, details can be provided on the opening rate, including information on which addresses opened the newsletter and which removed themselves from the distribution list. We use this data for statistical purposes and to optimise the newsletter’s content and structure. This enables us to tailor the newsletter’s information and offering to recipients’ individual interests better. The tracking pixel is deleted when you delete the newsletter.
To prevent the web beacon from being used in our newsletter, please adjust your email program’s settings so that HTML is not displayed in messages, if this is not already the default. The websites below explain how to do this for common email programs.
These processes are carried out on the basis of Art. 6 (1) (f) GDPR and, in turn, our legitimate interest.
You can object to this data processing at any time if there are reasons relating to your specific situation that conflict with the data processing (see section 15, Contact). In addition, you can withdraw your consent with effect for the future at any time (see section 15, Contact).
c. When ordering a TransaCard
We collect the following data (mandatory*) from you when you order a TransaCard:
Title
First name*
Surname*
Street*
Post code*
Place*
Date of birth*
Email*
Acceptance of GTCs*
Acceptance of TransaCard conditions*
We need this information so that we can create your personal TransaCard and give you certain benefits within the TransaCard programme. By participating in the TransaCard programme, you consent to our processing of this data to send information and promotional offers. The legal basis for processing your personal data is your consent under Art. 6 (1) (a) GDPR, the pre-contractual measures and the performance of a contract under Art. 6 (1) (b) GDPR and our legitimate interest under Art. 6 (1) (f) GDPR.
You can object to this data processing at any time if there are reasons relating to your specific situation that conflict with the data processing (see section 15, Contact).
d. When using Transa’s second-hand shop
Transa uses Loopia Resale so you can resell products. This solution is operated by Thingsy AG, Technoparkstrasse 1, 8005 Zurich. When you use the second-hand platform, data such as your name, addresses, email address, phone number, IBAN, IP address and transaction details are recorded to process the transaction. The applicable data protection legislation is taken into account when the data is processed.
The privacy policy applicable to Loopia Resale can be accessed via
https://www.getloopia.ch/en/datenschutz.
e. When making a purchase in one of our stores or from our online shop
In principle, you need to register for a user account to purchase from our online shop; as an exception, you can purchase as a guest. To this end, we collect the following data from you (mandatory*):
Title
First name*
Surname*
Email*
Password*
Street, post code, town/city*
Date of birth
Acceptance of GTCs*
We need this information so that we can process your orders and deliver the desired products to you. The legal basis for processing your personal data is the pre-contractual measures and the performance of a contract under Art. 6 (1) (b) GDPR.
When you make a purchase in our stores, the above data is only collected from you if you actively share this at the till. If you have a TransaCard and display or provide this when making your purchase, your purchase will be associated with your TransaCard’s data. We need this information to process your purchase and give you certain TransaCard-related benefits. The legal basis for processing your personal data is the performance of a contract under Art. 6 (1) (b) GDPR and our legitimate interest under Art. 6 (1) (f) GDPR.
f. When booking events, courses, seminars or training sessions
We collect the following data from you (*mandatory) when you book an event, course, seminar or training session:
Title*
First name*
Surname*
Street*
Post code*
Place*
Date of birth*
Email*
Acceptance of GTCs*
Acceptance of Terms of Participation for courses and events*
Alongside this, we may collect event-specific data, such as gender, meal preferences, dietary intolerances, item requests, accommodation information or other details required to ensure the smooth running of the event.
We need this information to register your sign-up for the event, course, seminar or training session. The legal basis for processing your personal data is the pre-contractual measures and the performance of a contract under Art. 6 (1) (b) GDPR.
Transa only uses the personal data of participants where permitted by law. If Transa uses personal data for a purpose that requires the participant’s consent in accordance with statutory provisions, Transa will ask the participant for their express consent in each case. Once consent has been given, the participant can revoke it at any time with effect for the future and/or object to future use of their data.
g. When using the contact form or other means of contact
Your personal data is processed if you get in touch with us via our contact addresses and channels (e.g. via email, phone or contact form). The data you have provided to us, such as your email address, name or phone number, is processed. In addition, the time at which the enquiry is received is documented. Mandatory information is marked with an asterisk in contact forms (*). We process this information to handle your enquiry, e.g. to provide information on our products and services, to assist with contract processing, to take your feedback into account when improving our products and services and so on.
The legal basis for processing this data is our legitimate interest under Art. 6 (1) (f) GDPR in handling your enquiry. Alternatively, if your enquiry relates to entering into or processing the contract, our legitimate interest is its necessity for the performance of a contract under Art. 6 (1) (b) GDPR.
You can object to this data processing at any time if there are reasons relating to your specific situation that conflict with the data processing (see section 15, Contact).
h. When using the chat feature
Your personal data will be processed if you communicate with us via chat. The data you provide, such as your company’s name, your name, your role, your email address and your enquiry, will be processed. In addition, the time at which the enquiry is received is documented. Mandatory details are marked with an asterisk (*). We solely process this information to handle your enquiry (e.g. to provide information on our products and services, to assist with contract processing, to take your feedback into account when improving our products and services and so on).
We use a software application provided by a German service provider to process communication via the chat feature. As a result, your data may be stored in a database in Germany. The German service provider may also support us with processing your chat enquiries. Information on the processing of data by third parties and any transmission abroad is detailed under sections 3, 4 and 11 below.
The legal basis for this data processing is our legitimate interest under Art. 6 (1) (f) GDPR in using contemporary communications technologies. Alternatively, if your enquiry relates to entering into or processing a contract, our legitimate interest is the performance of a contract under Art. 6 (1) (b) GDPR.
i. When connecting to in-store Wi-Fi
We collect the following data (mandatory*) if you connect to Wi-Fi in our stores:
Device manufacturer (incl. OS version)*
MAC address*
Device name (host name)
We need this information so you can access the internet in our stores. The legal basis for processing your personal data is your consent under Art. 6 (1) (a) GDPR.
You can withdraw your consent at any time with effect for the future (see also section 15, Contact).
j. Hiring of material
Transa uses Wintersteiger (EasyRent) to hire out sports equipment. As part of the hire process, it is necessary to collect personal data, such as contact details and information on your weight, body size, shoe size and athletic ability, so that the hired item(s) can be tailored to your needs and offer you maximum comfort. Data is stored at Transa’s in-house data centre to this end. The data required for invoicing is sent from EasyRent to our ERP. EasyRent is represented by WINTERSTEIGER AG, Johann-Michael-Dimmelstraße 9, A-4910 Ried im Innkreis. The privacy policy applicable to EasyRent can be accessed via https://www.wintersteiger.com/en/Group/Privacy.
k. When applying to a vacancy via our careers portal
You can apply to Transa speculatively or in response to a specific job advertisement. To this end, we process the personal data you provide.
We need this information so that we can review your application. The legal basis for processing your personal data is the pre-contractual measures and the performance of a contract under Art. 6 (1) (b) GDPR, and our legitimate interest under Art. 6 (1) (f) GDPR.
Application documents from candidates not considered will be deleted after the end of the application process if you do not explicitly consent to a longer storage period or if we are not obliged by law to retain them for longer.
Our careers portal is operated on our behalf by a service provider based in Switzerland. Data is hosted in a computer centre in Germany (see section 4 below on the transmission of data abroad).
If you want your application data to be erased before the end of the storage period, send an email to personal@transa.ch with the subject line ‘Delete application documents’.
l. When subscribing for job alerts
If you would like to be automatically notified of new vacancies, you can subscribe to job alerts by simply inputting your email address. Further information on your desired place of work, area of the company and target group may be provided if you wish. Your email address is solely used for the purposes of notifying you about jobs; it will not be disclosed to third parties.
The legal basis for this data processing is your consent under Art. 6 (1) (a) GDPR, which you grant to us by registering for alerts.
m. When leaving ratings
You have the opportunity to rate our products and services to assist other users with making decisions and to support our quality management activities (especially in terms of processing negative feedback). The data processed and published on our website is the data you have provided to us, i.e. along with your rating itself, the time at which it was provided, any potential comment added to your rating or the name you provided. The legal basis for data processing is your consent under Art. 6 (1) (a) GDPR.
You can withdraw your consent at any time and request that your rating be anonymised.
We reserve the right to delete unlawful ratings, and to contact you and ask you to make a statement in the event of any suspicions.
The legal basis for this processing is our legitimate interest under Art. 6 (1) (f) GDPR in providing a lawful, genuine comment and ratings feature and in preventing abuse during the use of the same.
Transa uses a Danish-based company to perform this service (see section 4 below on the transmission of data abroad).
n. IT support enquiries
Transa uses a US-based service provider to handle IT support. In the event of a support issue, personal data, i.e. first name, phone number and email address, may be stored by this service provider (see section 11 below on the transmission of data to the US). The data stored may not be disclosed to third parties.
o. Processing of supplier data and data from other service providers
We process various pieces of personal data when we procure goods from suppliers or services from third parties (e.g. over the telephone, via email or in a shop). This includes, for instance, the supplier’s or third-party service provider’s contact details and basic information (company, address, contact details of the representative), product- or service-specific data (e.g. the number of products, item numbers), order history and communication data.
We store this data in our ERP system (see section 2 below) with other data relating to the order (e.g. the time at which the order was placed) and information for processing and fulfilling the contract (e.g. return of products, commissioning of services or warranties) so that we can manage the orders. In addition, we store the data to organise and manage the business relationship with suppliers and third-party service providers.
Our legal basis for this data processing is the performance of a contract or the taking of steps prior to entering into a contract (Art. 6 (1) (b) GDPR) or our legitimate interest in managing and organising relationships with our suppliers and service providers in the best possible way (Art. 6 (1) (f) GDPR).
p. Participation in competitions
We collect the following data (mandatory*) from you when you participate in a competition run by us:
Title
First name*
Surname*
Street
Postcode
Place
Date of birth*
Phone number
Email*
Acceptance of the Conditions of Participation*
We need this data so we can register and process your participation and contact you in relation to the competition. By participating in a competition, you consent to our processing of this data and, if applicable, to sending information and promotional offers. The legal basis for processing your personal data is your consent under Art. 6 (1) (a) GDPR, the pre-contractual measures and the performance of a contract under Art. 6 (1) (b) GDPR and our legitimate interest under Art. 6 (1) (f) GDPR in actioning your request and using contemporary communications technologies.
You can object to this data processing at any time if there are reasons relating to your specific situation that conflict with the data processing (see section 15, Contact).
If you take part in a competition using an online form on a landing page, we use online forms provided by Jotform (headquartered at 4 Embarcadero Center, Suite 780, San Francisco CA 94111). The data collected is stored in a data centre within the European Union. In exceptional cases, Jotform can share the data with third parties for the contractually regulated purpose of processing. These third parties include Amazon Web Services and Google Cloud (see sections 4 and 11 below on the transmission of data abroad). Further information can be found in Jotform’s privacy policy: https://www.jotform.com/privacy/.
2. Centralised storage
If it is possible to clearly associate the data with you as a person, we will store and link together the data described in this Privacy Policy in a centralised database. In particular, this relates to your personal details, your contact details, your contract data and your browsing behaviour on our websites. This facilitates the efficient management of customer data or relationships with suppliers and service providers, enables us to process your enquiries adequately and makes it possible for us to render the services you request and process the associated contracts.
The legal basis for this data processing is our legitimate interest under Art. 6 (1) (f) GDPR in efficiently managing data and organising our business relationships. In addition, this data processing is based on the performance of a contract under Art. 6 (1) (b) GDPR.
Furthermore, we evaluate this data so that we can refine our products and services in a needs-based way and to show and display information and offerings to you that are as relevant as possible. Besides this, we use methods that predict potential interests and future orders based on your use of our website.
The legal basis for this data processing is our legitimate interest under Art. 6 (1) (f) GDPR in implementing marketing campaigns.
We use a software application from Microsoft for centralised data storage and analysis. According to information provided by Microsoft, the data is stored on servers in the EU. Information on data processing by third parties and any transmission abroad can be found under sections 3, 4 and 11 below. Further details on data processing in conjunction with Microsoft can be obtained via https://www.microsoft.com/en-us/trust-center/product-overview. We work with a Switzerland-based service provider to refine the system and on matters relating to system security.
3. Disclosure of data to third parties
We would not be able to provide our products and services in the desired form without support from other companies. We need to disclose your personal data to these companies to a certain extent so that we can use their services. Data is disclosed to selected third-party service providers; this only occurs to the extent required for the optimum provision of our services.
Various third-party service providers have already been explicitly mentioned in this Privacy Policy. There are also the following service providers:
Hosting service provider: our hosting provider is Microsoft, Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The website is hosted on authorised Microsoft data centres, certified under ISO 27001 and located in the Netherlands and Germany. Further information about data processing by Microsoft can be found at https://privacy.microsoft.com/en-us/privacystatement.
Financial service providers:
payments are processed via the relevant financial institution or payment services provider; to this end, we collaborate with a Switzerland-based company. We also conduct credit checks when we grant credit (e.g. in the event of payment on account). Credit information can include probability values (known as ‘score values’). If score values impact the result of the credit check, they are based on scientifically accepted, mathematical and statistical processes. We transmit personal data to a Switzerland-based service provider to perform the credit check.
Marketing service providers: we share your data with external service providers for advertisement transmission. We work with a Switzerland-based service provider to do so.
Content management system (CMS): we use a CMS from a Germany-based company for our website’s online presence. Personal data may be stored on the company’s servers in Germany. In exceptional cases, the company may be able to access personal data on our servers (see section 4 below on the transmission of data abroad).
Alongside this, personal data can also be shared with IT service providers, production and development service providers or logistics service providers. For instance, we work with Swiss Post to ship products that have been ordered.
In these instances of disclosure, the necessity for the performance of a contract under Art. 6 (1) (b) GDPR is the legal basis. In individual cases (the sending of advertisements or for credit checks), the legal basis is our legitimate interest under Art. 6 (1) (f) GDPR.
In addition, your data may be disclosed, in particular, to authorities, legal advisors or debt collection companies if we are legally obliged to do this or this is required to protect our rights, in particular to assert claims arising from our relationship with you. Data may also be disclosed if another company intends to purchase our company or parts of it and this disclosure is required for a due diligence review or to complete the transaction.
For these instances of data processing, our legitimate interest under Art. 6 (1) (f) GDPR in the protection of our rights and the upholding of our obligations or the sale of our company or parts of it represents the legal basis.
4. Transmission of personal data abroad
We are entitled to share your data with third parties abroad provided this is necessary for implementing the data processing mentioned in this Privacy Policy. Individual instances of data transfer are noted in sections 1 to 3 above.
As a matter of course, the legal requirements regarding the disclosure of personal data to third parties are complied with in this respect. The countries to which data is transmitted include nations that have an appropriate level of data protection according to the resolution of the Swiss Federal Council and EU Commission (such as EEA member states or, from the EU’s perspective, Switzerland). However, they also encompass nations (such as the US) with an inadequate level of data protection (see Annex 1 to the Federal Act on Data Protection (FADP) and the EU Commission’s website). If the country in question does not have an appropriate level of data protection, we use suitable safeguards to ensure that your data is appropriately protected at these companies, provided no exception (see Art. 49 GDPR) has been stated for the individual instance of data processing. Unless otherwise stipulated, this relates to standard contractual clauses under Art. 46 (2) (c) GDPR, accessible on the Federal Data Protection and Information Commissioner’s and the EU Commission’s websites. If you have questions on the steps taken, please get in touch with our contact person for data protection (see section 15).
5. Online marketing
We use services provided by various companies to share interesting offerings with you online. In the process, your user behaviour on our website and other providers’ websites is analysed so that we can then show you tailored online advertising.
Most technologies to track your user behaviour and to display targeted advertising use cookies (see also section 6), which enable your browser to be recognised across various websites. Depending on the service provider, it is also possible that you could be recognised online when using different terminal devices (e.g. laptops or smartphones). This can be the case if you have registered with a service that you use across multiple devices.
Alongside the data already mentioned that is generated when accessing websites (log file data, see section 1.a) and during the use of cookies (section 6) and which could be passed to companies involved in the advertising network, the following data also plays a role in selecting the advertising that may be the most relevant for you:
Information on you as a person that you shared when registering or using a service provided by advertising partners (e.g. gender, age group), and
User behaviour (e.g. search queries, interaction with advertising, types of websites visited, products or services viewed and purchased, newsletters subscribed to).
We and our service providers use this data to identify whether you fall within our desired target audience and to take this into account when selecting advertisements. For instance, once you have visited our website, you may be shown advertisements on the products or services you consulted when visiting other websites (retargeting). Depending on the scope of the data, a user profile may be created that is automatically evaluated. In this instance, the advertisements will be selected in line with the information stored in the profile, such as affiliation with certain demographic segments or potential interests or behaviours. These advertisements can be displayed to you on various channels. Alongside advertisements on our website or app (as part of on-site and in-app marketing), this could include advertisements broadcast via online advertising networks we use, such as Google.
The data can then be evaluated for the purpose of settling bills from the service provider and to assess the efficacy of advertising so that we can better understand our users’ and customers’ needs and improve future campaigns. This may also include the information that an action (e.g. visiting various sections of our website or sending information) was taken due to a particular advertisement. Furthermore, service providers send us aggregated reports of advertising activity and information on how users interact with our website and our advertisements.
The legal basis for data processing is your consent under Art. 6 (1) (a) GDPR. You can withdraw your consent at any time by adjusting your web browser’s settings so it refuses or switches off the relevant cookies (see also section 6). Further options for blocking advertising can be found in information provided by the service provider in question, such as Google.
a. Google Ads
Our website uses the online advertising programme Google Ads, provided by Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
We use conversion tracking as part of Google Ads. When you click on an ad served by Google, a cookie is stored for conversion tracking. Google tells us the total number of users who have clicked on the ad and been forwarded to our website; our website includes a conversion tracking tag. However, we do not receive information we can use to identify you personally.
We also use Google’s remarketing features. This enables us to link the advertising target audiences that have been created with the cross-device features of Google Ads and Google DoubleClick. In turn, interest-based, personalised advertisements can be adjusted to you depending on your previous usage and browsing behaviour on a terminal device (e.g. mobile phone) or they can be shown on a different terminal device you own (e.g. tablet or PC).
Further information on Google’s privacy policy, can be found at https://www.google.com/policies/privacy/.
b. Microsoft Advertising
We use Microsoft Advertising (Microsoft Corporation, One Microsoft Way; Redmond; WA 98052-6399; USA) so that we can show advertisements, for example, in lists of search results within the Microsoft Search Network (e.g. Bing) and therefore promote our products. To do so, Microsoft uses cookies so the user’s browser can be recognised when they visit other websites.
Information on Microsoft Ads and a precise explanation of this can be accessed via: https://help.ads.microsoft.com/#apex/ads/en/53102/0 and: https://ads.microsoft.com/?n1pq=1c2ae759-b80d-4b26-a28d-3c19bf455dad&fdmkt=de-ch&fdiso=ch&fdtz=1.
Detailed information can be found in the privacy policy and cookie statement at https://privacy.microsoft.com/en-us/privacystatement.
6. Cookies
Cookies are information files that your web browser stores on your computer’s hard drive or working memory when you visit our website. Cookies are assigned identification numbers that can be used to identify your browser and to enable the information contained in the cookies to be read.
Cookies help in various ways, such as making our website design simpler, more pleasant and more logical for visitors. We use cookies for various reasons that are required for your desired usage of the website, i.e. are ‘technically necessary’. For instance, we use cookies so that we can recognise you as a registered user once you have logged in, without you needing to log in again when you navigate to the various sub-pages. Order-related features are also provided based on cookies. Furthermore, cookies also fulfil other functions necessary for the operation of the website, such as load balancing, i.e. distributing the website’s performance load across various web servers to lighten their load. Cookies are additionally used for security purposes to prevent impermissible content from being posted, for instance. Finally, we use cookies when designing and programming our website so that scripts or codes can be uploaded, for example.
The legal basis for this data processing is our legitimate interest under Art. 6 (1) (f) GDPR in providing a contemporary, user-friendly website.
Most internet browsers automatically accept cookies. Where possible, you can also configure your browser to prevent cookies from being stored or so that a notification is always shown when you receive a new cookie. The following pages contain explanations of how you can configure cookie processing on selected browsers:
Deactivating cookies may leave you unable to use all the features of this website.
7. Tracking tools
We use the following website services for the purpose of designing our website in a needs-oriented way and optimising it on an ongoing basis. Pseudonymised user profiles are created and cookies are employed (see also section 6) in this context. The information generated by the cookie on your use of this website is generally transmitted to a server operated by the service provider in conjunction with the log file data listed under section 1.a before being stored there and processed. In the course of this, data may also be transmitted to servers abroad, e.g. the US (see also sections 4 and 11, especially on the absence of an appropriate level of data protection and regarding the safeguards foreseen).
Processing the data gives us various information, including the following:
The navigation pathway followed by a visitor to our site (incl. content viewed and products selected or purchased, or services booked),
The duration spent on our website or sub-page,
The final sub-page visited on the website,
The country, region or city from which the website is accessed,
The terminal device (type, version, colour depth, resolution, width and height of the browser window), and
Whether the user is new or returning.
On our behalf, the provider will use this information to evaluate the use of the website, in particular to compile website activities and to render further services associated with website usage and internet usage for the purpose of market research and the needs-based design of these websites. Up to a certain extent, we and the providers may jointly be seen as the controller under data protection law for this processing.
The legal basis for this data processing using the below services is your consent under Art. 6 (1) (a) GDPR. You can withdraw your consent or refuse the processing at any time by changing the settings of your web browser to reject or turn off the relevant cookies (see section 6 in this respect) or by making use of the following service-specific options.
Please see the privacy policy of the provider in question for details of whether data is processed further by the provider as the (sole) controller under data protection law. In particular, this details if there is also any potential disclosure of this information to third parties, such as authorities, due to national legislation.
a. Google Analytics
We use the web analytics service Google Analytics provided by Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).
In derogation of the above general description, IP addresses are not logged or stored in Google Analytics (in the ‘Google Analytics 4’ version used here). For accesses from the EU, IP address data is only used to derive location data before immediately being erased. When measurement data is collected in Google Analytics, all IP searches take place on EU-based servers before the traffic is forwarded to Analytics servers for processing. Regional data centres are used by Google Analytics. If Google Analytics makes a connection to the nearest available Google data centre, the measurement data is sent to Analytics via an encrypted HTTPS connection. At these centres, data is encrypted further before it is forwarded to Analytics processing servers and made available on the platform. The IP addresses are used to determine the most suitable local data centre. In the process, data may also be transmitted to servers abroad, e.g. the US (see also sections 4 and 11, especially on the absence of an appropriate level of data protection and the safeguards foreseen).
Users can prevent the data generated by the cookie and relating to the use of the website by the user concerned (incl. IP address) from being recorded and processed by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
b. TikTok Pixel | TikTok Ads Manager
The website uses TikTok Pixel | TikTok Ads Manager provided by TikTok, a company operated by ByteDance, 48 Zhichun Lu Jia, Haidian Qu, Peking (see also section 11 on information on the transmission of data to the US or China; ‘TikTok’). According to TikTok, the service is operated by a group company headquartered in Dublin, Ireland for users in Switzerland, the EU and the EEA. However, it is impossible to fully exclude that employees from China can access this data.
This feature serves to analyse user behaviour and user interests.
The pixel records information on advertisements/events in your browser, plus a date stamp (date and time), IP address, button clicks and certain other details. More information can be found via the following link: https://ads.tiktok.com/help/article/tiktok-pixel?lang=en
In addition, please see the privacy policy and cookie guidelines for TikTok for Business: https://ads.tiktok.com/i18n/official/policy/privacy.
c. Google Tag Manager
We use Google Tag Manager, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that assists us with integrating tracking tools, statistics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, does not store cookies and does not perform analyses independently: its sole function is the management and usage of the tools integrated via it. However, Google Tag Manager does record your IP address, which may also be transmitted by Google to the US.
Google Tag Manager is used on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the swift, straightforward integration and management of various tools on its website.
d. Criteo
We use certain features from Criteo (Criteo S.A.; 32 Rue Blanche; 75009 Paris) for marketing purposes. We use cookies to collect data on website visitors, such as your email address, which is hashed (SHA256) and stored.
Further information can be found in Criteo’s privacy policy, available at https://www.criteo.com/privacy/. Criteo itself provides a clear explanation of this feature: https://help.criteo.com/kb/guide/en/pass-hashed-emails-through-cross-device-event-cYHxCUc1qv/Steps/1977811,1977816.
e. Hotjar
We use Hotjar (Hotjar UK Limited; 5 Fleet Pl; London EC4M 7RD; United Kingdom) on www.transa.ch so that we can continuously improve and optimise our website. This tool integrated into our website enables us to create a heatmap that we can analyse to see what links website visitors clicked on, how long they stayed on a page and similar.
This tool plays a substantial role in improving the user experience and enables us to precisely determine what issues there are on our website.
Hotjar’s privacy policy can be found at: https://www.hotjar.com/legal/policies/privacy/.
f. fusedeck
The tracking solution fusedeck, provided by Capture Media AG (Capture Media AG, Löwenstrasse 3, 8001 Zurich, Switzerland), is integrated into this website. Capture Media is a Swiss company headquartered in Zurich that has been commissioned to measure the use of this website with respect to engagement and events. This tracking enables us to analyse and optimise our advertising campaigns. The following events and engagements, in particular, can be measured to this end: timestamps, ad impressions, clicks, clients and unique clients, sessions, duration spent on the website, URL visited, scroll depths, text and image visibility, hovers, engagement with video and audio (clicks, play, play duration, visibility), on-page clicks, click-outs.
The tracking is anonymous; it cannot be linked to an identified or identifiable person. Further information on data protection and data subjects’ rights in conjunction with fusedeck, including the right to object, can be found in fusedeck’s privacy policy and objection notice: https://privacy.fusedeck.net/en/etcowbZMsj
8. Tools and plugins
a. YouTube
Our website includes plugins from the video portal YouTube, provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Every time a page containing one or several YouTube video clips is accessed, a direct connection is made between your browser and a YouTube server in the US (see also section 12, Information on the transmission of data to the US). In the process, information on your visit and IP address is stored. Interactions with YouTube plugins (e.g. clicking the ‘start’ button) can lead to this information also being transmitted to YouTube and stored there. Further details on the collection and usage of your data by YouTube can be found in YouTube’s/Google’s privacy policy: www.google.com/policies/privacy/.
If you have a YouTube user account and do not want YouTube to collect data on you via this website and link it to your stored membership data, you need to log out of YouTube before visiting this website.
In addition, YouTube calls up the tracker Google Analytics via an iFrame within which the video is accessed (see also section 7, Tracking tools). This is YouTube’s internal tracking process; we cannot access this. You can prohibit tracking by Google Analytics by using deactivation tools that Google offers for certain internet browsers. In addition, you can prevent the data generated by Google Analytics and relating to the use of the website by you (incl. your IP address) from being recorded and processed by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
b. Google Photos
We use ‘Google Photos’ on this website, a service provided by Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.
When images are accessed on the website, the user’s browser loads the necessary pages in the user’s cache so it can display them properly.
To this end, the user’s browser needs to connect to Google’s servers. In the process, Google is notified that our website has been visited by the user’s IP address.
We use Google Photos in the interest of properly depicting the images on our website. The legal basis is our legitimate interest pursuant to Art. 6 (1) (f) GDPR.
Further information on Google Photos can be found at https://www.google.com/intl/en/photos/about/, while details on Google’s data processing can be viewed at https://policies.google.com/privacy.
c. Gstatic
In addition, this website includes a web service provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Gstatic). We use this data to ensure that our website can function fully. In this respect, your browser may transmit personal data to Gstatic. The server domains of the CDNs employed are s.w.org and twemoji.maxcdn.com. They are only used to ensure swift, secure file transmission. Users’ personal data is erased after transmission as soon as the purpose for which it was collected has been fulfilled.
Further information on how the data transferred is handled can be found in Gstatic’s privacy policy: https://policies.google.com/terms. You can prevent Gstatic from collecting and processing your data by deactivating the running of script codes in your browser or by installing a script blocker on your browser.
The legal basis is our legitimate interest pursuant to Art. 6 (1) (f) GDPR.
d. Google Maps
We use the Google Maps API (application programming interface, ‘Google Maps’) on our website to depict geographical information in visual form. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (see also section 11, Information on the transmission of data to the US). When Google Maps is used, information about the use of our website, including your IP address, is transmitted to a Google server in the US and stored there. There is the option of deactivating the Google Maps service and preventing data from being transferred to Google by disabling JavaScript in your browser. Please note, though, that you will no longer be able to view maps if you do this. Further information about the collection, processing and use of your data by Google, and your rights in this regard, can be found in Google’s privacy policy, at https://policies.google.com/privacy and in the additional terms of use for Google Maps/Google Earth at https://www.google.com/intl/en/help/terms_maps/.
We use plugins provided by the video portal Vimeo, operated by Vimeo, LLC, West 34th Street, 10th Floor, New York, New York 10001, USA, on this website. Every time a page containing one or several Vimeo video clips is accessed, a direct connection is made between your browser and a Vimeo server in the US (see also section 11, Information on the transmission of data to the US). In the process, information on your visit and IP address is stored. Interactions with Vimeo plugins (e.g. clicking the ‘start’ button) can lead to this information also being transmitted to Vimeo and stored there. Further details on the collection and usage of your data by Vimeo can be found in Vimeo’s privacy policy: https://vimeo.com/privacy.
If you have a Vimeo user account and do not want Vimeo to collect data on you via this website and link it to your stored membership data, you need to log out of Vimeo before visiting this website.
In addition, Vimeo calls up the tracker Google Analytics via an iFrame within which the video is accessed (see also section 7, Tracking tools). This is Vimeo’s internal tracking process; we cannot access this. You can prohibit tracking by Google Analytics by using deactivation tools that Google offers for certain internet browsers. In addition, you can prevent the data generated by Google Analytics and relating to the use of the website by you (incl. your IP address) from being recorded and processed by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. Further information on Google Analytics can be found in section 7 a.
9. Links to our social media profiles
Our website contains links to our social media profiles on the following social networks:
Facebook, c/o Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland,
Instagram, c/o Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland,
YouTube, a service operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA,
TikTok, TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland,
LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
You will automatically be forwarded to our profile on the relevant network when you click on the social networks’ icons. In the process, a direct connection is made between your browser and the server of the social network in question. By extension, the network is notified that you have visited our website with your IP address and clicked on the link. In the process, data may also be transmitted to servers abroad, e.g. the US (see also sections 4 and 11, especially on the absence of an appropriate level of data protection and the safeguards foreseen).
If you click on a link to a network while logged into your user account on the relevant network, the content of our website can be linked to your profile so the network can directly associate your visit to our website with your account. If you want to prevent this from occurring, you should log out before clicking on the relevant links. A connection is made between your access to our website and your user account when you sign into the relevant network after clicking on the link. The provider’s controller under data protection law is responsible for the associated data processing. As a result, please note the privacy policy on the network’s website.
The legal basis for any data processing is our legitimate interest under Art. 6 (1) (f) GDPR in using and promoting our social media profiles.
The information (e.g. that you like one of our products or services) may also be published on the social network or shown to other users of the social network under certain circumstances. The provider of the social network may use this information to serve advertising and design the offering in question in a needs-based way. To this end, usage, interest-based and relationship profiles may be created to evaluate your use of our website with respect to the advertisements shown to you on the social network, to inform other users about your activities on our website and to render other services associated with the use of the social network. Information on the scope and purpose of data collection and the further processing and use of data by the provider of the social network and your rights and setting options to protect your privacy can be obtained directly from the privacy policy of the provider in question.
10. Social media marketing
We use services provided by Sprout Social, headquartered in Chicago, to optimise our social media marketing and facilitate communication via social networks. The service provider collects comments and private messages sent by users about our accounts on the social networks Facebook, Instagram, TikTok and YouTube via an interface and brings them together in a central mailbox. The data is primarily merged and analysed to improve and prioritise our responses to comments and personal messages.
This data processing is based on Art. 6 (1) (f) GDPR and, in turn, our legitimate interest in improving and prioritising communication.
11. Notice regarding the transmission of data to the US and China
For the sake of completeness, we note that, under national legislation, Chinese and US authorities may carry out surveillance measures. Within this framework, they may undertake blanket storage of all the data forwarded from the European Union or Switzerland to China or the US. This occurs without differentiation, limitation or exception with regard to the goal pursued and without an objective criterion that makes it possible to restrict Chinese or US authorities’ access to the data and its subsequent usage to certain, strictly limited purposes that justify both the access to this data and the intrusion associated with its use. In addition, we note that there is no legal remedy in China and the US for data subjects from Switzerland or the EU that would enable them to access the data concerning them and arrange for its rectification or erasure; similarly, there is no effective judicial legal protection against blanket access rights on the part of Chinese and US authorities. We explicitly inform data subjects of this legal and factual situation so they can make a suitably informed decision on consenting to the use of their data.
We would like to inform residents of Switzerland or an EU member state that, in the view of both the European Union and Switzerland, China and the US do not have a sufficient level of data protection, inter alia due to the issues mentioned in this section. Provided we have explained in this privacy policy that the recipients of data (e.g. Google) are headquartered in the US or China, we will enter into contracts with these companies to ensure that your data is protected to an appropriate level when held by our partners (see also section 4 above).
12. Right of access, erasure and rectification
Provided the legal requirements have been met, you, as a data subject impacted by the data processing, have the following rights:
Right of access: You have the right at any time to receive information on the personal data concerning you that we store, free of charge, if we process this data. As a result, you have the opportunity to review the personal data concerning you that we process and whether we process this in line with the applicable data protection provisions.
Right to rectification: You have the right to have incorrect or incomplete personal data rectified and to be notified about this rectification. In this instance, we shall also inform the recipients of the data in question about the changes we have made, provided this is not impossible or associated with disproportionate effort.
Right to erasure: Under certain circumstances, you have the right to have your personal data erased. The right to erasure can be excluded in individual cases, particularly in the event of statutory retention obligations. Should this occur, and provided the requirements are met, the data may be made inaccessible instead of being erased.
Right to restriction of processing: You have the right to request that the processing of your personal data be restricted.
Right to data portability: You have the right to have the personal data you provided to us sent to you in a readable format free of charge.
Right to object: You can object to data processing at any time, in particular data processing in conjunction with direct marketing (e.g. marketing emails).
Right of withdrawal: In principle, you have the right to withdraw your consent at any time once you have granted it. Processing performed in the past on the basis of your consent is not rendered unlawful by your withdrawal.
To exercise these rights, contact the address in section 15.
13. Data security
We make use of appropriate technical and organisational security measures that we deem appropriate to protect the data we store from manipulation, total or partial loss and unauthorised third-party access. Our security measures are modified on an ongoing basis to take technological advancements into account.
We use technical encryption processes when transferring personal data. In addition, credit card payments are secured on a further level by requesting the security code during the order process.
We use online forms so we can easily communicate with you directly. The data input into the online form is also transmitted to us in encrypted form. If you would like a copy of the data that was input, this copy of the content will be emailed to you (unencrypted). Further information can be found in section 2.
We also take in-house, internal data protection very seriously. Our employees and the service providers commissioned by us are obliged to maintain confidentiality and comply with the provisions of data protection law. In addition, access to personal data is only granted to the extent necessary.
14. Storage of data
We only store data for as long as required:
To use the above tracking services, within the framework of our legitimate interest, and
To perform the services to the scope declared above that you have requested or to which you have given your consent.
We retain contract data for longer, as this is required by statutory retention obligations. Retention obligations that oblige us to retain data arise from invoicing- and tax-related regulations. Under these regulations, business communication, contracts concluded and booking receipts must be retained for up to ten years. The data will be made inaccessible if we no longer need it to perform services for you. This means that the data may only be used for invoicing and tax purposes.
15. Contact
If you have questions about data protection on our website, would like information or would like to arrange the erasure of your data, please contact us by emailing datenschutz@transa.ch.
Should you wish to send us a letter, please use the following address:
Transa Backpacking AG
Datenschutz
Josefstrasse 53
8005 Zurich
Switzerland
16. Lodging a complaint with a data protection supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority at any time.
(With the TransaCard always free of charge)