This data protection declaration provides information about how, where and why we process what personal data in connection with capzlog.aero. In addition to this, the data protection declaration provides information about the rights of individuals whose data we process.
Special, supplementary or further data protection declarations and other legal documents such as General Terms and Conditions of Business (GTCB), terms of usage or conditions of participation may apply for individual or additional offerings and services.
Our offering is subject to Swiss data protection law and to any applicable foreign data protection law such as, in particular, the laws of the European Union (EU) including the General Data Protection Regulation (GDPR). The European Commission recognises that Swiss data protection law ensures an adequate level of data protection.
1. Contact addresses
Responsible for processing of personal data:
c/o Uraster GmbH
To the contact form
Should, in individual cases, other entities be responsible for processing of personal data, then we will draw attention to this.
Data protection representation in the European Economic Area (EEA)
As per Art. 27 GDPR we have the following data protection representation in the European Economic Area (EEA), comprising the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway, as an additional point of contact for supervisory authorities and data subjects making enquiries relating to the General Data Protection Regulation (GDPR):
VGS Datenschutzpartner GmbH
Am Kaiserkai 69
To the contact form
2. Processing of personal data
Personal data means all information relating to an identified or identifiable natural person. A data subject is a natural person whose personal data is processed.
Processing means any handling of personal data, independent of the means and procedures which are used and, in particular, the storage, disclosure, acquisition, collection, erasure, saving, alteration, destruction and use of personal data.
The European Economic Area (EEA) comprises the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) defines the processing of personal data as the processing of personal data relating to a specific natural person.
2.2 Legal bases
We process personal data in compliance with Swiss data protection law such as, in particular, the Federal Act on Data Protection (DSG) and the Ordinance to the Federal Act on Data Protection (VDSG). We generally store personal data only in Switzerland.
If and insofar as the General Data Protection Regulation (GDPR) is applicable, we process personal data according to at least one of the following legal bases:
- Art. 6 Para. 1 (b) GDPR where processing of personal data is necessary to perform a contract with the data subject and to take steps prior to entering into a contract.
- Art. 6 Para. 1 (f) GDPR where processing of personal data is necessary to safeguard our or third-party legitimate interests insofar as these interests are not overridden by the fundamental rights and freedoms of the data subject. Legitimate interests are, in particular, our interest in providing our offering in the long term and in a manner which is user-friendly, secure and reliable as well as to advertise this offering if required; information security and protection against misuse and unauthorised use; exercising of our own legal claims; and compliance with Swiss law.
- Art. 6 Para. 1 (c) GDPR where processing of personal data is necessary to comply with a legal obligation to which we are subject as per any applicable law of member states of the European Economic Area (EEA).
- Art. 6 Para. 1 (e) GDPR where processing of personal data is necessary to perform a task carried out in the public interest.
- Art. 6 Para. 1 (a) GDPR to process personal data given with the data subject’s consent.
- Art. 6 Para. 1 (d) GDPR where processing of personal data is necessary to protect the vital interests of the data subject or of another natural person.
2.3 Type, extent and purpose
We process personal data which is necessary to provide our offering in the long term and in a manner which is user-friendly, secure and reliable. Such personal data can fall into the following categories: master and contact data, browser and device data, pilot logbook data, medical data, content data, licence data, meta- respectively peripheral data and usage data, location data or sales, contractual and payment data.
We process personal data for the period which is required for the relevant purpose or purposes or which is required by law. Personal data which must no longer be processed is anonymised or erased. Data subjects whose data we process in general have a right to erasure.
As a matter of principle we only process personal data after obtaining the data subject’s consent unless processing is permissible for other legal reasons, such as to perform a contract with the data subject and to take steps prior to entering into a contract; in response to justified requests from competent authorities such as in particular the Federal Office of Civil Aviation (FOCA) and the Swiss Transportation Safety Investigation Board (STSB); to safeguard our overriding legitimate interests; because processing is evident from the circumstances; or based on prior information.
Within this framework we process in particular the information which the data subject transmits to us voluntarily and themselves when establishing contact with us – for example by letter, email, contact form, social media or telephone – or when registering for a user account. We may, for example, store such information in an address book, a customer relationship management system (CRM system) or using comparable aids. Insofar as the data subject transmits personal data to us via third parties, they are obliged to ensure data protection vis-à-vis such third parties and to ensure the correctness of such personal data.
In addition to this, we process personal data which we receive from third parties; acquire from publicly accessible sources; or collect when providing our offering, if and insofar as such processing is legally permissible.
Personal data originating from job applications is only processed insofar as it is required to assess suitability for an employment relationship or for subsequent performance of an employment contract. The personal data which is required to carry out an application process arises from the information which is requested and/or provided, for example within the scope of a job description. Candidates have the option of transmitting further voluntary information for their corresponding job application.
2.4 Processing of personal data by third parties, also abroad
We can have personal data processed by contracted third parties or process it together with third parties or with the help of third parties as well as transmit this data to third parties. Such third parties are, in particular, providers whose services we use. Should we use such third parties, then we will ensure an adequate level of data protection.
Such third parties are, as a matter of principle, located in Switzerland and the European Economic Area (EEA). Such third parties may, however, also be located in other states and territories around the world or elsewhere in the universe insofar as their data protection law is, according to the adequacy decision of the Swiss Federal Data Protection and Information Commissioner (EDÖB) and – if and insofar as the General Data Protection Regulation (GDPR) is applicable – according to the adequacy decision of the European Commission, applicable and ensures adequate data protection or if, for other reasons, such as a corresponding contractual agreement, in particular based on standard contractual clauses, or corresponding certification, adequate data protection is ensured. In exceptional cases, such a third party may be located in a country without adequate data protection insofar as the data protection law-related prerequisites, such as the data subject’s explicit consent, are fulfilled.
3. Data subject rights
3.1 Data protection claims
We grant data subjects all rights under applicable data protection law. In particular, data subjects have the following rights:
- Information: Data subjects can request information as to whether we process personal data about them and, if so, what personal data is involved. Data subjects also receive the information necessary to assert their data protection rights and to ensure transparency. This includes the personal data processed as such, but also, among other things, information on the purpose of processing, the duration of storage, any disclosure or export of data to other countries and the origin of the personal data.
- Correction and limitation: Data subjects can have inaccurate personal data corrected, incomplete data completed and the processing of their data restricted.
- Deletion and objection: Data subjects can have personal data deleted ("right to be forgotten") and object to the processing of their data with effect for the future.
We may suspend, restrict or refuse the exercise of the rights of data subjects to the extent permitted by law. We can draw the attention of data subjects to any requirements that must be met in order to exercise their rights under data protection law. For example, we may refuse to provide information in whole or in part with reference to business secrets or the protection of other persons. We may also, for example, refuse to delete personal data in whole or in part with reference to statutory retention obligations.
We are obliged to take reasonable steps to identify data subjects who request information or assert other rights. Data subjects are obliged to cooperate.
3.2 Right to complain
Data subjects have the right to enforce their data protection claims through legal channels or to lodge a complaint with a competent data protection supervisory authority.
The data protection supervisory authority for private data controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
Data subjects have the right - if and to the extent that the General Data Protection Regulation(GDPR) applies - to lodge a complaint with a competent European data protection supervisory authority.
4. Data security
We take adequate and appropriate technical and organisational measures to ensure data protection and, in particular, data security. Despite these measures there will, however, always be security gaps when personal data is processed on the Internet. We cannot thus guarantee absolute data security.
Access to our online offering is via transport encryption (SSL / TLS, in particular using hypertext transfer protocol secure, or HTTPS for short). Most browsers identify transport encryption with a padlock in the address bar.
Access to our online offering is – as is, as a matter of principle, all Internet use – subject to groundless, non-suspicion-related mass surveillance and other surveillance by security agencies in Switzerland, the European Union (EU), the United States of America (USA) and other states. We have no direct influence on the corresponding processing of personal data by secret services, police authorities and other security agencies.
5. Use of the website
When you visit our website cookies can be temporarily stored in your browser as “session cookies” or for a predefined period of time as so-called permanent cookies. “Session cookies” are automatically erased when you close your browser. Permanent cookies are stored for a certain duration. Permanent cookies make it possible in particular to recognise your browser when you next visit our website and thus, for example, measure the website’s reach. Permanent cookies can, however, also be used for purposes such as online marketing.
Where cookies are used to measure success and range or for advertising it is possible to make a general objection (“opt-out”) via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA) for numerous web services.
5.2 Server log files
Each time you visit our website we are able to log the following information insofar as your browser transmits them to our server infrastructure or our web server is able to identify them: date and time including time zone; Internet protocol (IP) address; access status (HTTP status code); operating system including user interface and version; browser including language and version; the sub-pages of our website which were retrieved including the transmitted data volume; and the prior website retrieved in the same browser window (referrer).
We store such information, which can also be personal data, in server log files. The information is necessary to provide our online offering in the long term and in a user-friendly, reliable form as well as to ensure data security and thus in particular the protection of personal data – also by third parties or with the help of third parties.
5.3 Tracking pixels
We may use tracking pixels on our website. Tracking pixels are also known as web beacons. They are small, generally invisible images which are automatically retrieved when you visit our website and also used by third parties whose services we employ. Tracking pixels can gather the same information as server log files.
6. Notifications and messages
We send notifications and communications such as newsletters by email and through other communication channels such as instant messaging.
6.1 Success measurement and reach measurement
Notifications and messages may contain web links or tracking pixels that record whether an individual message has been opened and which web links have been clicked on. Such web links and tracking pixels may also track usage of notifications and communications on a personal basis. We need this statistical recording of usage for performance and reach measurement in order to be able to offer notifications and communications effectively and in a user-friendly manner based on the needs and reading habits of the recipients, as well as permanently, securely and reliably.
6.2 Consent and objection
You must basically expressly consent to the use of your e-mail address and other contact addresses, unless the use is permitted for other legal reasons. For any consent to receive e-mails, we use the "double opt-in" procedure where possible, i.e. you will receive an e-mail with a web link that you must click to confirm, so that no misuse by unauthorised third parties can take place. We may log such consents including Internet Protocol (IP) address, date and time for evidence and security reasons.
You can basically unsubscribe from notifications and communications such as newsletters at any time. This does not apply to notifications and communications that are absolutely necessary for our services. By unsubscribing, you can in particular object to the statistical recording of usage for performance and reach measurement.
6.3 Service provider for notifications and messages
We send notifications and communications via third-party services or with the help of service providers. Cookies may also be used in the process. We ensure appropriate data protection for such services as well.
We use in particular:
- SendGrid: Platform for transactional emails ("emailing made easy"); provider: Twilio Inc (USA) / Twilio Ireland Limited (Ireland); data protection information: Data protection declaration.
7. Social Media
We are present on social media platforms and other online platforms in order to be able to communicate with interested persons and provide information about our offer. Personal data may also be processed outside of Switzerland and the European Economic Area (EEA).
For our Social Media presence on Facebook including the so-called Page Insights, we are - if and insofar as the General Data Protection Regulation (GDPR) is applicable - jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta companies (including in the USA). Page Insights provide information about how visitors interact with our Facebook presence. We use Page Insights to provide our social media presence on Facebook in an effective and user-friendly way.
Further information on the type, scope and purpose of data processing, information on the rights of data subjects and the contact details of Facebook as well as Facebook's data protection officer can be found in Facebook's data protection statement. We have entered into what is known as the "Responsible Party Addendum"with Facebook and have thus agreed in particular that Facebook is responsible for ensuring the rights of data subjects. For the so-called page insights, the corresponding information can be found on the page "Information on page insights" including "Information on Page Insights data".
8. Success and reach measurement
We try to determine how our online offer is used. In this context, we can, for example, measure the success and reach of our activities and operations as well as the effect of third-party links to our website. But we can also, for example, try out and compare how different parts or versions of our online offer are used ("A/B test" method). Based on the results of the success and reach measurement, we can in particular correct errors, strengthen popular content or make improvements to our online offer.
In most cases, the Internet Protocol (IP) addresses of individual users are stored for performance and reach measurement. In this case, IP addresses are always shortened ("IP masking") in order to follow the principle of data economy through the corresponding pseudonymisation.
Cookies may be used for performance and reach measurement and user profiles may be created. Any user profiles created include, for example, the individual pages visited or content viewed on our website, information on the size of the screen or browser window and the - at least approximate - location. In principle, any user profiles are created exclusively in pseudonymised form and are not used to identify individual users. Individual services of third parties with which users are registered may be able to assign the use of our online services to the user account or user profile of the respective service.
We use in particular:
- Google Analytics: Performance and reach measurement; provider: Google; Google Analytics-specific information: Measurement also across different browsers and devices (Cross-Device Tracking) and with pseudonymised Internet Protocol (IP) addresses, which are only exceptionally transmitted in full to Google in the USA, "Data protection", "Browser add-on to deactivate Google Analytics".
- Google Tag Manager: Integration and management of other services for performance and reach measurement as well as other services from Google and third parties; provider: Google; Google Tag Manager-specific information: "Data collected with Google Tag Manager"; Further information on data protection can be found with the individual integrated and managed services.
9. Third party services
We use services provided by specialised third parties in order to carry out our activities and operations in a durable, user-friendly, secure and reliable manner. With such services, we can, among other things, embed functions and content in our website. In the case of such embedding, the services used record the Internet Protocol (IP) addresses of the users at least temporarily for technically compelling reasons.
For necessary security-related, statistical and technical purposes, third parties whose services we use may process data in connection with our activities and operations in aggregated, anonymised or pseudonymised form. This is, for example, performance or usage data in order to be able to offer the respective service.
We use in particular:
9.1 Digital infrastructure
We use services from specialised third parties to provide us with the digital infrastructure we need in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.
We use in particular:
- Microsoft Azure: Storage and other infrastructure; Provider: Microsoft; Microsoft Azure-specific information: "Data protection in Azure".
- ServerBase: Cloud hosting; provider: ServerBase AG (Switzerland); Data protection information: Data protection declaration, "Swiss data center".
9.2 Contact options
We use services from selected providers to better communicate with third parties such as potential and existing customers.
9.3 Audio and video conferences
Depending on the life situation, we recommend muting the microphone by default when participating in audio or video conferences, as well as blurring the background or having a virtual background superimposed.
We use in particular:
- Microsoft Teams: Platform for audio and video conferencing, among other things; provider: Microsoft; Teams-specific information: "Data protection and Microsoft Teams".
9.4 Digital audio and video content
We use services from specialised third parties to enable the direct playback of digital audio and video content such as music or podcasts.
We use in particular:
- YouTube: Video platform; Provider: Google; YouTube-specific information: "Data Protection and Security Centre", "My data on YouTube".
We use third-party services to embed selected fonts as well as icons, logos and symbols on our website.
We use in particular:
- Font Awesome: Icons and logos; provider: Fonticons Inc. (USA); Data protection information: Data protection declaration.
- Google Fonts: Fonts; Provider: Google; Google Fonts-specific information: "Privacy and Google Fonts", "Data protection and data collection".
We use specialised service providers to process our customers' payments securely and reliably. The legal texts of the individual service providers, such as the General Terms and Conditions (GTC) or data protection declarations, also apply to the processing of payments.
We use in particular:
- PayPal (including Braintree): Processing of payments; providers: PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxemburg) / PayPal Pte. Ltd. (Singapur); Data protection information: Data protection declaration, "Explanation of cookies and tracking technologies".
- TWINT: Processing of payments in Switzerland; provider: TWINT AG (Schweiz); Data protection information: Data protection declaration, "Safety according to Swiss standards".
- Worldline (former SIX Payment Services): Processing of mobile and online payments; providers: Worldline Schweiz AG (Schweiz) / Worldline Financial Services (Europe) S.A. (Luxemburg) / Worldline Payment Services (Germany) GmbH (Deutschland) / Worldline Financial Services (Europe) S.A., Branch Office Austria; Data protection information: Data protection declaration, "Customer information on data protection".
We use the possibility to display targeted advertisements for our activities and operations on third parties such as social media platforms and search engines.
With such advertising, we would like to reach in particular people who are already interested in our activities and operations or who might be interested in them (Remarketing und Targeting). For this purpose, we may transmit corresponding - possibly also personal - information to third parties who enable such advertising. We can also determine whether our advertising is successful, i.e. in particular whether it leads to visits to our website (Conversion Tracking).
Third parties with whom we advertise and where you are registered as a user may be able to assign the use of our online services to your profile there.
We make use of the possibility of embedding advertising from third parties - in principle against compensation - in our website. Third parties whose advertising is embedded in our website and where you are registered as a user may be able to assign the use of our online offer to your profile there.
We use in particular:
- Google Ads: Search engine advertising; Provider: Google; Google Ads-specific claims: Advertising based, inter alia, on search queries, using various domain names - in particular doubleclick.net, googleadservices.com and googlesyndication.com - for Google Ads, "Advertising" (Google), "Why do I see a certain advertisement?".
10. Extensions for the website
We use extensions for our website in order to be able to use additional functions.
We use in particular:
- Google reCAPTCHA: Spam protection (differentiation between wanted comments from humans and unwanted comments from bots as well as spam); Provider: Google; Google reCAPTCHA-specific information: "What is reCAPTCHA?".
11. Concluding provisions
We may adjust and add to this data protection declaration at any time. We will provide notification of such adjustments and additions in an appropriate form, in particular by means of publishing the corresponding current data protection declaration on our website.
The version of this document in German is authoritative. Versions in other languages have been produced by machine.