top of page

Në ndërtim e sipër

​​

Version from 1 September 2025

In this Privacy Policy, we, RUBI Bahntechnik Schweiz AG, explain how we collect and process personal data. This is not an exhaustive description; other privacy policies, general terms and conditions, participation terms or similar documents may regulate specific matters. Personal data means all information relating to an identified or identifiable person.

If you provide us with personal data of other people (e.g. family members, work colleagues), please ensure that these persons are aware of this Privacy Policy and only provide us with their personal data if you are entitled to do so and if the data is correct.

This Privacy Policy is designed to comply with the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Federal Data Protection Act ("FADP") and the revised Swiss Federal Data Protection Act ("revFADP"). The applicability and extent of these laws depend on the individual case.

1. Controller / Data Protection Officer / Representative

 

The data controller for the processing described here is:

RUBI Bahntechnik Schweiz AG
Rautistrasse 12
8047 Zurich
Switzerland

If you have data protection concerns, you may contact us at the following address:
RUBI Bahntechnik Schweiz AG
Rautistrasse 12
8047 Zurich
services@rubi.group

Our Data Protection Officer under Article 37 GDPR can be reached at:
Wendy Di Mauro
Rautistrasse 12
8047 Zurich
services@rubi.group

2. Collection and Processing of Personal Data


We primarily process personal data that we receive from our customers and other business partners or involved persons as part of our business relationships with them, or that we collect from users when operating our websites, apps, and other applications.

Where permitted, we may also obtain certain data from publicly available sources (e.g. debt registers, land registries, commercial registers, press, Internet), or receive such data from other companies within the RUBI Group, from authorities, and from other third parties.

In addition to data you provide directly, the categories of personal data we receive about you from third parties, may include information from public registers, information we learn in the context of official and legal proceedings, information relating to your professional roles and activities (so that, for instance, we can conduct business with your employer with your assistance), information about you in correspondence and meetings with third parties, credit rating information (if we conduct business with you personally), information about you provided by persons from your environment (family, advisors, legal representatives, etc.) so that we can conclude or perform contracts with or involving you (e.g. references, your address for deliveries, powers of attorney, information to comply with legal requirements such as anti-money laundering and export restrictions), information from banks, insurers, distributors, and other contracting partners for the use and provision of services by you (e.g. completed payments, purchases), information from the media and the Internet about you (if appropriate, e.g. as part of an application, press review, marketing/sales), your addresses, interests and other sociodemographic data (for marketing), processing purposes and legal basis.

We primarily use the personal data we collect to conclude and perform our contracts with our customers and business partners, in particular with respect to consulting and planning projects in the field of railway infrastructure and digitalisation and the procurement of products and services from our suppliers and subcontractors, as well as to comply with our legal obligations in Switzerland and abroad. If you work for such a customer or business partner, your personal data may also be affected in this capacity.

In addition, we process your personal data and the data of other persons, as permitted and where we consider it appropriate, for the following purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose:

  • Offering and further development of our services, websites and other platforms on which we are present;

  • Communication with third parties and processing their inquiries (e.g. job applications, media inquiries);

  • Reviewing and optimising procedures for needs analysis for direct customer contact and gathering personal data from publicly available sources for customer acquisition;

  • Advertising and marketing (including organising events), unless you have objected to the use of your data (if you are an existing customer and we send you advertising, you can object at any time and we will put you on a suppression list);

  • Establishing legal claims and defence in connection with legal disputes and official proceedings;

  • Preventing and investigating offences and other misconduct (e.g. conducting internal investigations, data analyses to combat fraud);

  • Ensuring our operations, in particular IT, our websites, apps, and other platforms;

  • Video surveillance for the protection of property rights and other measures for IT, building and plant security, protection of our employees and other persons, and assets that belong to us or are entrusted to us (e.g. access controls, visitor lists, network and mail scanners, telephone recordings);

  • Acquiring and selling business units, companies, or parts of companies, and other corporate transactions and thereby transferring personal data, as well as measures for business management and compliance with legal and regulatory obligations and internal rules of RUBI Bahntechnik Schweiz AG.

 

Where you have given us consent to process your personal data for certain purposes (for example when signing up for newsletters or consent to background checks), we process your personal data within the framework and based on this consent unless we have another legal basis and require such. Consent can be withdrawn at any time, but this does not affect data processing already carried out.

3. Cookies / Tracking and Other Technologies Related to Our Website Use

We typically use "cookies" and similar technologies on our websites to identify your browser or device. A cookie is a small file sent to your computer or stored automatically by your web browser when you visit our website. When you visit again, we can recognise you, even if we do not know who you are. In addition to session cookies (deleted after you close your browser), cookies may also be used to store user preferences and other information for a certain period (e.g. two years) ("persistent cookies"). You can configure your browser to reject cookies, store them only for a session, or delete them early. Most browsers are preset to accept cookies. We use persistent cookies in order to store user settings (e.g. language). If you block cookies, certain functionalities such as language selection may no longer work.

By using our websites and consenting to receive newsletters and other marketing emails, you agree to the use of these techniques. If you do not wish this, you must configure your browser or email program accordingly.

If Google Analytics or similar statistical services are used that do not receive personal data (such as email addresses):

We may use Google Analytics or similar services on our websites. This is a service provided by third parties anywhere in the world (for Google Analytics, Google Ireland (based in Ireland), and Google relies on Google LLC (based in the USA) as a processor (both "Google")), www.google.com , which allows us to measure and analyse the use of the website (non-personalised). Persistent cookies are also used for this purpose by the service provider. We have configured the service so that the IP addresses of visitors are truncated by Google in Europe before being forwarded to the USA, making it impossible to trace them. We have disabled the "data sharing" setting. Although we can assume the information shared with Google does not constitute personal data for Google, it is possible that Google may infer the identity, create personal profiles and link this data with the Google accounts of these persons. If you are registered with the provider themselves, they also know you. The processing of your personal data by the provider is then their responsibility under their privacy policy. The provider only informs us how our respective website is used (no information about you personally).

We also use so-called plug-ins from social networks such as LinkedIn, YouTube or Instagram on our websites. This is visible to you (typically via corresponding symbols). We have configured these elements so that they are deactivated by default. If you activate them (by clicking), the operators of the respective social networks can register that you are on our website and where, and may use this information for their own purposes. The processing of your personal data is then the responsibility of this operator in accordance with their privacy policy. We do not receive any information about you from them.

4. Data Transfer and Data Transmission Abroad


Within the scope of our business activities and for the purposes set out in section 3, we may, if permitted and deemed appropriate, also disclose data to third parties, either because they process it for us or because they use it for their own purposes. These may include:

  • Our service providers (within the RUBI Group and externally, e.g. banks, insurers), including processors (such as IT providers);

  • Distributors, suppliers, subcontractors and other business partners;

  • Customers;

  • Domestic and foreign authorities, agencies, or courts;

  • Media;

  • The public, including visitors to websites and social media;

  • Competitors, industry organisations, associations, and other committees;

  • Acquirers or those interested in acquiring business units, companies, or other parts of the RUBI Group;

  • Other parties in potential or actual legal proceedings;

  • Other companies of the RUBI Group;

  • All together, recipients.

 

These recipients may be located domestically or anywhere in the world. In particular, you must expect your data to be transmitted to any country in which the RUBI Group is represented by group companies, branches or other offices (see https://www.rubi.group/ ) as well as to other European countries and the USA, where our service providers (such as Microsoft, SAP) are located. If a recipient is based in a country without adequate legal data protection, we contractually obligate them to comply with the applicable data protection (using the revised standard contractual clauses of the European Commission, available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj ), unless they are already subject to a legally recognised scheme for ensuring data protection and we cannot rely on an exception. An exception may apply notably in legal proceedings abroad, in cases of overriding public interest, where contract processing requires such disclosure, or if you have consented or data has been made generally accessible by you and its processing has not been objected to.

5. Duration of Storage of Personal Data


We process and store your personal data as long as necessary to fulfil our contractual and legal obligations or for the purposes pursued with the processing, i.e. for the duration of the entire business relationship (from initiation and handling to the termination of a contract) and beyond in accordance with legal retention and documentation obligations. It may be that personal data is retained for the period in which claims may be asserted against our company and as far as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above purposes, it will generally be deleted or anonymised as far as possible. For operational data (e.g. system logs), shorter retention periods of twelve months or less generally apply.

6. Data Security


We take adequate technical and organisational security measures to protect your personal data from unauthorised access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transfers, controls.

7. Obligation to Provide Personal Data


Within the scope of our business relationship, you must provide the personal data required to establish and conduct the relationship and to fulfil the associated contractual obligations (you are generally not legally obliged to provide us data). Without this data we will generally not be able to conclude or perform a contract with you (or the entity or person you represent).

8. Rights of Data Subjects
Within the scope of the data protection law that applies to you (e.g. GDPR), you have the right to information, rectification, erasure, restriction of data processing, to object to our processing (in particular for direct marketing and other legitimate interest processing), and to receive certain personal data for transfer to another controller (data portability). Please note, however, that we reserve the right to enforce statutory restrictions, for example if we are obliged to retain or process certain data, have an overriding interest (where claimed), or require the data for assertion of claims. If you incur costs, these will be communicated to you in advance. You have already been informed about your right to withdraw consent under section 3. Note that exercising these rights may conflict with contractual agreements and may, for example, result in early termination of contract or cost consequences. We will inform you in advance where this is not already contractually regulated. Exercising such rights usually requires proof of identity (e.g. copy of ID if your identity cannot otherwise be verified). To exercise your rights, contact us at the address given in section 1. Every data subject also has the right to enforce rights in court or to file a complaint with the competent data protection authority. For Switzerland, this is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch ).

9. Changes


We may amend this Privacy Policy at any time without prior notice. The current version published on our website applies. If the Privacy Policy is part of an agreement with you, we will inform you about changes via email or other appropriate means upon updating.

bottom of page