Privacy policy CO2 Exchange

Personal data that we collect on our website can be found in the section Website, social media and cookie information.

Valid from: 01.01.2024

In this privacy policy, we provide information about the collection and processing of personal data. Personal data is all information that relates to an identified or identifiable natural person.

Please note that other data protection declarations, general terms and conditions, conditions of participation and similar documents regulate specific circumstances.

We take measures to ensure comprehensive data protection. These include commissioning a data protection consultant, drawing up a processing directory, regularly training our employ-ees in data protection and committing them to data protection. We also check our service pro-viders carefully and conclude order processing contracts with them, carry out annual data security assessments, check data transfers abroad and obtain the necessary assurances.

  1. Person responsible
  2. Purpose of processing in the context of our services and offers
  3. Website, social media and cookie notices
  4. Origin of personal data
  5. Data transfer and data transmission abroad
  6. Duration of storage of personal data
  7. Data security
  8. Rights of the data subjects
  9. Changes to this privacy policy
  10. Copyright and licence
  11. Categories of personal data

1. Controller

The controller within the meaning of the Swiss Federal Act on Data Protection (FADP) for the data processing described here is

Bourse CO2 SA
Route de la Conversion 261
1093 La Conversion

Please contact our data protection advisor:

If you have any questions or concerns regarding data protection and the exercise of your rights, please contact us in the first instance:

Impunix AG - Data protection full service
Lagerhausstrasse 18, CH-8400 Winterthur
privacy@impunix.ch
Importers, manufacturers or FEDRO

Please note that in the case of our services, the processing of your personal data or the personal data provided to us may also be carried out by the importer, manufacturer or the Federal Roads Office (FEDRO) and the Swiss Federal Office of Energy (SFOE). Data or personal data will be transmitted to them if:

  • you can request a quote from us,
  • you have agreed a CO2 deal,
  • you have imported a vehicle that was registered without a type certificate,
  • We can issue you with parallel or type approvals as well as "IVI" approvals.

These offices and organisations are also bound by data protection and only process the data to the extent necessary for the purpose.

2.  Purpose of processing in the context of our services and offers

We obtain and process the personal data that we receive in the course of our business activities, in particular with interested parties, customers, business partners and other persons involved, or that is collected during the operation of our websites. The last section contains an overview of the categories of personal data used. If you provide us with information about other persons, please ensure that these persons have been informed in advance and that the data provided is correct.

The personal data obtained will be used for the provision of our services and offers, such as bonus transfers, assignments, customs documents and for the provision of other services. Subcontractors may also be used to provide these services. Further information on the processing and its purposes can be found in the following sections.

2.1  CO2 trading

We process your personal data as part of the initiation and processing of contracts, e.g. for import, CO2 trading or to process a request you have made, such as an enquiry for an offer. In the context of contract processing or to process a request, we will contact you without separate consent, e.g. in writing, by telephone, via messenger services or by e-mail and collect contact details, identity details, vehicle information and payment and transaction data in particular.

2.2  Assignment applications and customs documents

We support you in concluding assignment applications and customs documents and receive additional data from you for this purpose, such as bank details, extended contact details and identity details. Your data will not be passed on to unauthorised third parties.

2.3  Websites and online offers

We use websites, apps and other online offerings to provide our services and market our offers. When you access our website, we collect usage data. In some cases, contact data, vehicle data and data on your interests and preferences are also collected. Further information on the website can be found in the relevant section.

2.4  Marketing

We process your contact data for marketing purposes in relation to our products and services. This includes mailings, events, new products, personalised advertising based on your customer profile, market research and newsletters. Further information on marketing can be found in the relevant section. For quality assurance purposes, we conduct customer satisfaction surveys ourselves or in cooperation with third parties.

2.5  Newsletter

We also use your contact details as an interested party, customer or potential customer to send you information by newsletter about our products, services and events. If you no longer wish to receive newsletters or would like to be informed via other channels, you can unsub-scribe via the link in our email newsletter or contact us at the following email address: info@bourse-co2.ch

In our newsletters and other marketing emails, we sometimes include visible and invisible elements that allow us to determine whether and when you have opened the email when you open it, so that we can better understand whether and how our offers are used and we can tailor them to you. You can block this in your e-mail programme; most e-mail programmes are preset to do so.

We reserve the right to work with third parties to send newsletters and to pass on your contact details for this purpose. If you have any questions about the manufacturer's or importer's newsletter, please contact them directly. Further information can be found in their privacy poli-cies; the relevant websites are linked in section 1.

3. Website, social media and cookie notices

Usage data is collected via the website and automatically stored in so-called server log files, which your browser automatically transmits to us. This data cannot be assigned by us to specific persons. This data is not merged with other data sources. However, we reserve the right to check this data retrospectively if we receive specific indications of unlawful use of the web-site.

For security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the website operator, this website uses SSL/TLS encryption.

The website may contain links to other websites that are beyond our control and are therefore not covered by this privacy policy. If you use these links and access other websites, the operators of these websites may collect information about you.

3.1  Permanent cookies or other tracking technologies

We use "cookies" and similar technologies on our websites to identify your browser or device. A cookie is a small file that is automatically sent to your computer or stored on your computer or mobile device by the web browser you use when you visit our website. If you visit this web-site again, we can recognise you, even if we do not know who you are. In addition to cookies that are only used during a session and are deleted after visiting the website ("session cook-ies"), cookies can also be used to store user settings and other information for a certain period of time ("permanent cookies"). However, you can set your browser to reject cookies, store them for one session only or otherwise delete them prematurely. Most browsers are set to accept cookies. We use permanent cookies to save user settings (e.g. language, auto-login), to better understand how you use our offers and content, and to be able to show you customised offers and advertising (which may also be the case on websites of other companies). Some cookies are set by us, others by contractual partners with whom we work. If you block cookies, some functions (e.g. language selection, shopping basket, order process) may no longer work. If you do not wish this to happen, you must set your browser or e-mail pro-gramme accordingly.

3.2  WhatsApp or other messenger apps

We actively use WhatsApp as a means of communication and enable you to contact us via this service. Please note that when using WhatsApp, the address book is usually shared and personal data is therefore transmitted to WhatsApp Inc. in the USA. We would like to point out that the USA has been categorised by the Federal Council as a country without adequate data protection. Further information on how and for what purpose WhatsApp processes your data can be found in WhatsApp's privacy policy.

3.3 Contact form

If you send us enquiries via the contact form, we store the information from the form, including the contact details you provide. This serves to process your enquiry and enables us to contact you in the event of any queries. We will not pass this data on to third parties without your consent.

3.4 Google Analytics or other statistics services

We use Google Analytics or similar services on our websites. These are third-party services that may be located in any country in the world. In the case of Google Analytics, this is Google Ireland (based in Ireland), which uses Google LLC (based in the USA) as a processor (together "Google") (http://www.google.com). These services enable us to measure and analyse the use of the website (not on a personal basis). Permanent cookies are also used for this purpose, which are set by the service providers. They use Google Analytics with activated IP anonymisation, which shortens the IP address before it is transmitted to the USA to prevent it from being traced.

Although the information we share with Google is not personal data for us, it is possible that Google can use this data to draw conclusions about the identity of visitors, create personal profiles and link this data to the Google accounts of these persons.

3.5 Google Fonts

This website uses so-called fonts from Google or other providers to ensure a standardised display of fonts. When you call up the page, your browser loads the required fonts into the browser cache in order to display the texts and fonts correctly. To protect your privacy, we have installed the fonts on our own web server as far as possible so that your IP address is not passed on to other service providers when the fonts are loaded. However, please note that when using certain services, such as Maps or Captcha, fonts from these service providers may be used. If your browser does not support external fonts, a standard font from your computer will be used automatically. Further information on Google Fonts and their data protection provisions can be found on the Google website or the respective provider's website.

3.6 Google Tag Manager

The Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus, for example, integrate Google Analytics and other marketing services into our online offering. The Tag Manager itself, which implements the tags, does not usually process any personal data of users, but usage data is transmitted to Google. With regard to the processing of users' personal data, please refer to the information provided by the respective provider.

4. Origin of personal data

In most cases, the data that we process originates from you, e.g. in connection with the provision of our services, the use of our website or communication with us. If you wish to conclude contracts with us or utilise our services, you must provide us with certain data. This also applies to the use of our website. In addition, you are obliged to disclose data in order to fulfil legal obligations. Otherwise, you are free to decide whether you wish to provide us with data about yourself.

We may also receive data from third parties, in particular from our service providers or contractual partners, from financial service providers and insurance companies or from the manufacturer or importer. In addition, we may receive data from publicly accessible sources such as websites, company registers, land registers, commercial registers, address dealers, associations, telephone directories and internet analysis services.

5.  Data transfer and data transmission abroad

As part of our business activities and in accordance with the purposes mentioned, we may share information with third parties, in particular with the following categories of recipients:
  • Service providers: We work with service providers who process data on our behalf or under joint responsibility, such as: marketing agencies or IT service providers, other suppliers or subcontractors, manufacturers, importers, business partners;
  • Public authorities: We may also disclose data to domestic authorities, official bodies or courts if we are legally obliged to do so;
  • Manufacturer and importer: Along our value chain, the manufacturer and importer receives, among other things, personal and vehicle information that is necessary for the provision of services and offers and is used, among other things, for the purposes of contract fulfilment, quality assurance and marketing;
  • Other third parties: All other third parties with whom we cooperate in order to fulfil the aforementioned purposes. This may include, for example, the media, the public, including visitors to websites and social media, competitors, industry organisations, associations, organisations and other bodies. In addition, they may also be parties in connection with a corporate transaction such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or part of our company.
These categories of recipients may include third parties to whom personal data is disclosed. We may contractually oblige service providers and certain contractual partners who work on our behalf not to use the data for their own purposes. Other third parties such as financial service providers, insurance companies or authorities use the data for their own purposes, e.g. to fulfil legal requirements, which is why we cannot restrict this processing.

We process your personal data primarily in Switzerland. However, the personal data may also be disclosed to recipients abroad. In particular to the following countries: USA. The data may also be transferred to other countries in the European Economic Area. As a result of today's global networking and internationally active groups, it is also possible for data to be processed anywhere in the world. If a recipient is located in a country without an adequate legal level of data protection, we will contractually oblige our supplier or partner to comply with the applicable level of data protection, unless the recipient is already subject to a legally recognised set of rules to ensure data protection and we cannot invoke an exemption clause.

6. Duration of storage of personal data

We process and store your personal data for as long as is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) and beyond that in accordance with the statutory retention and documentation obligations. It is possible that personal data may be stored for the period in which claims can be asserted against our company and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes).

7. Data security

We take appropriate technical and organisational security precautions to protect your personal data. In doing so, we take into account the state of the art, the risk of processing, the investment costs and, in addition to the Swiss Data Protection Act, we are guided by the Data Protection Ordinance. The measures are intended to prevent data protection violations, such as unauthorised access and misuse of data. We also instruct the processors to whom we pass on data to take appropriate technical and organisational security precautions.

Contact by e-mail

Communication by email is generally not encrypted. There is a possibility that data may be lost or intercepted and/or manipulated by third parties, for example in order to feign authenticity. We take suitable technical and organisational security measures to prevent this within the system. Nevertheless, the confidentiality of data cannot be guaranteed when transmitting any data by e-mail. This note applies in particular to the transmission of particularly sensitive personal data; please do not send us this data by e-mail, but contact us in advance to arrange a secure channel. External access devices (PC, smartphone, etc. of end users) and parts of the infrastructure involved in the transmission between the sender and recipient are outside the area under our control. We are not liable for consequences and damages that may result from the electronic exchange of information and in particular from misuse of the e-mail system. We reserve the right to indemnify ourselves for any wilful damage arising from business transactions with the person concerned via the electronic exchange of information. Furthermore, we reserve the right not to reply by e-mail in individual cases or to require another form for the order or information received by e-mail, e.g. a form with a signature.

8. Rights of the data subjects

As a data subject, you have the rights provided for by law in connection with data processing. In particular, you have the right to request information about our data processing, to have incorrect data corrected or to object to data processing, in particular for direct marketing purposes. You can also request the erasure of data and the disclosure of certain personal data or its transfer to other controllers.

However, we would like to point out that we reserve the right to assert legal restrictions, for example if we are obliged to store or process certain data, have a legitimate interest in doing so or require the data to assert legal claims. Please note that the exercise of these rights may conflict with contractual agreements and may have consequences such as premature cancellation of the contract or cost consequences. We will inform you in advance in such a case, unless this is already contractually regulated.

The exercise of these rights generally requires that you clearly prove your identity (e.g. by providing a copy of your identity document if your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact the data protection advisor named in section 1.

Every data subject also has the right to assert their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch).

9. Changes to this privacy policy

We may change this privacy policy at any time without prior notice. This privacy policy is not part of any contract with you. In principle, the current version published on our website applies.

10. Copyright and licence

This privacy policy was created by impunix AG as part of the full data protection service. If you have any questions or comments, please feel free to contact us using the contact details in section 1. The use of this privacy policy is reserved exclusively for customers of our full data protection service.

11. Categories of personal data

Depending on the business transaction, we process one or more of the following categories of personal data in the table below.
  • Operating and usage data: Mileage, journeys, use of multimedia, chassis/chassis number (VIN), battery charge status, driving mode, data collected in the vehicle, service book, etc.;
  • Creditworthiness and bank data: Salary, housing costs, disposable income, payment behaviour, balance sheets, data from credit agencies, score values, financial circumstances, account details, credit card number, etc.;
  • Data on administrative offences: Information on fines, reports, criminal prosecution, especially traffic offences, etc.
  • Vehicle information: Chassis/chassis number (VIN), licence plate number, owner
  • Identity details: Data to establish your identity, e.g. ID or driving licence, etc.
  • Interests and preferences: Information provided or collected by you about your areas of interest, such as the vehicles you are interested in, favourite dealers, hobbies and other personal preferences;
  • Contact details: Name, address, telephone number, e-mail address;
  • Professional contact details: Surname, first name, title, address, e-mail address, telephone number, mobile phone number, employer, function, department, responsibilities, etc.;
  • Usage data of the website: The IP address, browser type and version, operating system and device type used, referrer URL (the previous website from which you arrived at our site), the internet service provider, host name of the accessing computer, time of the server request, etc. You also provide us with information about how you use the website. We explain data processing when using the website, including tracking with cookies, in the information on the website;
  • Information: Interactions with customer service;
  • Contract data: Data on the business relationship, customer number, insurance number, offers and products purchased, assignment contract, customs documents, services or services (incl. online services) for credit/financial services, date of contract, purchase price, special requests, warranties, goodwill, etc.;
  • Payment and transaction data: Information on payment method, purchases of products and services, discounts, etc.;