Red Am 841 locomotive with long yellow construction trains for track construction on a station track.

Data Protection

This data protection declaration provides information on how LokPool AG processes personal data on www.lokpool.ch. It is based on the Swiss Data Protection Act (DSG) and – insofar as applicable – on the EU General Data Protection Regulation (GDPR).

1. Responsible party

LokPool AG
Metzgerstrasse 5, 8500 Frauenfeld, Switzerland
Phone: +41 76 721 36 72
E-mail: dispo@lokpool.ch

2. Hosting

Our website is operated by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (server location EU/Germany). There is a data processing agreement with Hetzner. Hetzner processes server logs (e.g. IP address, date/time, URL, referrer, user agent) to ensure operation and security. Deletion/anonymization takes place according to the usual deadlines at the host.

3. Types of data processed

  • Server logs/usage data (see above)
  • Communication data from the contact form (name, e-mail, message; optional telephone)
  • Data from external services: Apple Maps (embedding), Google Analytics (statistics), social media links

4. Purposes & legal bases

  • Operation, presentation and security of the website
  • Processing of contact requests
  • Reach measurement/statistics (only with consent)
    Legal bases (EU, insofar as applicable): Art. 6 para. 1 lit. b (contract/initiation), lit. f (legitimate interest in secure operation), lit. a (consent, e.g. analytics/cookies/maps, via cookie banner).

5. Contact form

Information is processed to handle the request and transmitted to dispo@lokpool.ch. Storage period: until final processing and in accordance with statutory retention periods.

6. Cookies & Consent

We use technically necessary cookies for operation. Optional cookies (e.g. for Google Analytics) are only set after consent via a cookie banner (e.g. CookieYes). Consent can be revoked at any time in the banner.

7. Google Analytics (GA4)

We use Google Analytics 4 for reach measurement, provided you have consented. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA, USA.

  • Data types: Page views, interactions, approximate location data (based on IP/network), device/browser information, referrer. GA4 does not store complete IP addresses in reports by default; however, transmissions to the USA may take place.
  • Legal basis (EU): Art. 6 para. 1 lit. a (consent).
  • Consent Mode v2: We use Google Consent Mode; without consent, only cookieless, aggregated metrics are processed.
  • Retention: Event data standard 2–14 months (configured: [please insert your setting, e.g. 14 months]).
  • Data processing & guarantees: Data processing agreement with Google; data transfers outside Switzerland/EU are based on EU standard contractual clauses.
  • Opt-out/revocation: You can change your consent at any time via the cookie banner or prevent collection by a browser add-on: tools.google.com/dlpage/gaoptout.
    More information: policies.google.com/privacy, policies.google.com/technologies/partner-sites.

8. Apple Maps (embedding)

We integrate Apple Maps for location display (Apple Inc., USA / Apple Distribution International Ltd., Ireland). When the map is accessed, data (IP address, device information; optional location, if released) can be transferred to Apple. Legal basis (EU): Consent via the cookie banner (Art. 6 para. 1 lit. a) or legitimate interest (Art. 6 para. 1 lit. f), if loaded without tracking. Data protection: apple.com/legal/privacy/.

9. Social media links

We only link (no auto-plugins) to:

  • Instagram
  • Facebook
  • LinkedIn
    Data is only transmitted to the platforms when you click on it. Please note their data protection notices.

10. Disclosure & third countries

Data will only be disclosed if necessary, required by law or covered by consent. For transfers to countries without an adequate level of data protection, we use suitable guarantees (in particular EU standard contractual clauses).

11. Storage period

Personal data will only be processed for as long as it is necessary for the respective purposes or as long as statutory retention obligations exist. Afterwards deletion or anonymization.

12. Data security

TLS/SSL encryption, access restrictions, backups and organizational measures according to risk.

13. Rights of data subjects

Switzerland (DSG): Information, correction, deletion, restriction, data release/transfer, objection (where applicable).
EU (GDPR, insofar as applicable): Art. 15–21 GDPR incl. revocation of granted consent (Art. 7 para. 3).
Complaint:

  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC), http://www.edoeb.admin.ch
  • EU: competent supervisory authority at the place of residence/work/place of the alleged violation.
    Contact for exercising rights: dispo@lokpool.ch

14. Obligation to provide

The provision of data is not mandatory for simply visiting the site. The mandatory fields are required for the contact form.

15. Automated decisions

No exclusively automated decisions with legal effect are made.

16. Changes

We may amend this declaration; the current version on this website applies.

Status: September 2, 2025