Important legal information
General definition and regulatory information
The “Website” means this website MyFleet, MyShop, any pages thereof, all information and materials contained on the website, as BCAG Group of Companies (referred to as “BCAG”), established in Switzerland including all or any of its subsidiaries or affiliates.
Unless expressly waived in writing by BCAG, the Disclaimer stated herein apply to all written materials prepared, provided and published (through any medium or channel) by BCAG, including but is not limited to documents, presentations, legal updates, reports, text, photo’s, illustrations, graphs, logos, drawings, trade and services brands, that are provided by BCAG for information and/or commercial purposes. Many of these documents do not constitute an offer, invitation or inducement to contract and it is expressly stated that the information contained therein does not constitute any legal, privacy, tax, regulatory, accounting, banking, investment or other professional advice. BCAG prepares these documents based on the information available to BCAG at the material time and BCAG does not warrant that the materials or information contained therein will be error-free, accurate, complete, non-infringing, or will meet any particular criteria of performance or quality as expected by the user.
Website contents and materials
Unless otherwise expressly provided, information on this website does not constitute an offer or solicitation to conduct investment business in any jurisdiction. Persons accessing, visiting or using this Website must satisfy themselves that the laws of their own country allow them to access the information or must either refrain from accessing, visiting and/or using the Website accordingly.
The information published and opinions expressed on this website are for information purposes only and are subject to change.
Who we are
The pages on the website myFleet, MyShop (“the website”) are published by Burckhardt Compression AG and its worldwide group of companies, (collectively referred to as “BCAG”). A company registered in Switzerland with company registration number CHE–115.944.755 whose registered address is at Franz-Burckhardt-Strasse 5, P.O. Box 3352, CH-8404 Winterthur, Switzerland.
What are cookies?
The cookies which are used
BCAG Group, MyFleet, MyShop uses the following cookies:
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. Please note that these cookies do not store any personally identifiable information.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how our visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
How to adjust your cookies settings
You can adjust your cookies settings at any time by clicking the ‘Cookies Settings’ button below.
Data Processing Protocol
The Data Processing Protocol is applicable in the situation where we may process certain personal information of which our client or client entities are the controller. It sets, among others, out the principle of confidentiality, the security practices and technical and organizational measures that BCAG has put in place.
Please find our full Data Processing Protocol in the snap-down below:
This Data Processing Protocol (the “Protocol”) shall apply between BCAG and the Client Entity (“Client”) it is servicing, where BCAG Group may process personal data, of which the Client is the Controller.
The Protocol forms part of any agreement in place between BCAG and the Client (the “Service Agreement”).
Where this Protocol uses terms which are defined in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, the “GDPR”), then the definitions set out in that regulation shall apply.
“Client” shall mean the company, trust, foundation, any other form of legal entity, partnership, or unincorporated business, set up, to which BCAG provides any service at the request or instruction of such entity and/or its group members;
“BCAG” shall mean the relevant BCAG (Headquarters) or any of its companies or entities that are affiliates to BCAG worldwide group of companies (main address: Franz-Burckhardt-Strasse 5, P.O. Box 3352, CH-8404 Winterthur, Switzerland) and have concluded a Service Agreement with the Client; and
“Personal Data” shall mean personal data as defined in Article 4 GDPR, which BCAG processes as a Processor in the course of providing services to the Client.
Scope of the Protocol
2.1 The Client and BCAG note that:
- a) BCAG may process Personal Data whilst providing services to the Client, acting on behalf and under the direct authority of the Client (or acting as sole controller) who (i) initiates and delegates such processing to BCAG and (ii) ultimately reviews, controls, confirms and approves such processing. BCAG shall (I) only carry out such processing on the instructions of the Client and in accordance with the provisions of this Protocol and the associated Service Agreement(s), and (II) immediately inform the Client if, in its opinion, an instruction infringes the GDPR or other Union or Member State data protection provisions, to the extent permitted by laws whether local or international; and
- b) the Protocol does not apply to BCAG’s processing of Personal Data concerning the Client’s representatives, stakeholders, and ultimate beneficial owners as necessary for the purposes of its service providing or as required by applicable laws whether local or international (notably for AML and KYC purposes).
2.2 The Client shall obtain the required consent for collecting and processing the Personal Data in accordance with the Applicable Laws whether local or international.
2.3 Where BCAG may be provided with sensitive Personal Data (as defined under the Applicable Laws), excluding special categories of personal data as defined under art. 9 of the GDPR, for the purposes of its service offering, the Client hereby confirms that it shall obtain the required consent for collecting and processing the sensitive Personal Data in accordance with the Applicable Laws whether local or international.
2.4 BCAG will have no control over the purposes and means of processing the Personal Data.
2.5 The GDPR and any other applicable privacy laws apply to this Protocol and anything not specifically mentioned in this Protocol shall be governed by the GDPR and any other applicable privacy laws whether local or international as required. (“Applicable Laws”).
3.1 BCAG, and any person authorized to process Personal Data on its behalf, receiving the Personal Data from the Client pursuant to the Service Agreement, shall exercise at least the same degree of care with respect to Personal Data with which BCAG protects its own Personal Data of the same or similar nature.
3.2 BCAG shall ensure that person(s) authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. BCAG and its employees shall not communicate the Personal Data to or put the Personal Data at the disposal of third parties without the Client’s prior written consent thereto unless (a) it is required to do so by mandatory law or regulation or ordered to do so by a competent authority or (b) pursuant to Clause 9.
3.3 BCAG will only use or reproduce the Client’s Personal Data to the extent necessary to it to fulfil its obligations under the applicable Service .
Security Practices, Procedures and Technical and Organizational Measures
4.1 BCAG shall implement appropriate commercially reasonable, technical, physical and organizational security measures to protect Personal Data from misuse and/or accidental, unlawful and/or unauthorized destruction, loss, alteration, disclosure, acquisition and/or access and against all other unlawful forms of Processing in accordance with adequate internal instructions adopted by BCAG. BCAG will ensure a level of security suitable (taking into account the state of the art and the costs of implementation of such security) in relation to the risks and the nature of the Personal Data to be protected to the identified risks and pursuant to applicable Data Protection Laws and, where the Processing concerns Personal Data of EU residents or in case GDPR applies, shall take all measures required pursuant to Article 32 GDPR. Where local laws prescribe specific instructions and measures to be adopted for the purposes of this Article, local laws will be applied.
4.2 In fulfillment of BCAG’s obligation to demonstrate compliance with paragraph 4.1, BCAG will make available a description of its . The BCAG Information Security Overview as published on the website of BCAG includes an overview of the Technical and Organizational Measures, as may be amended from time to time. BCAG may from time to time also make, at its discretion, reference to certificates, third party audit reports or other relevant information.
4.3 Client shall provide BCAG with thirty (30) calendar days advance notice of any audit request, which may be at the Client’s expense. The Client may not engage in an audit which would compromise confidentiality obligations towards any other Clients of BCAG, access to non-public external reports, supplier internal pricing information, BCAG confidential information and/or any internal reports prepared by BCAG’s internal audit function. If the Client wishes to nominate another auditor to undertake the audit, it shall ensure that the auditor enters into a confidentiality agreement with BCAG in such form as BCAG shall reasonably require. Any liability, indemnity and all obligations under this contract shall also remain with the Client, even if it nominates another auditor. The Client warrants that any auditors are suitably qualified to undertake such an exercise.
Duration of processing of the Personal Data
5.1 BCAG will process the Personal Data for as long as it provides services to the Client and will hold the Personal Data in archive after that date to the extent necessary for legitimate business purposes or for bona fide compliance purposes.
5.2 The Client may instruct BCAG to delete or return Personal Data at the end of the period during which BCAG will process such Personal Data. BCAG shall be authorized to keep a copy to the extent required for legal, regulatory or bona fide compliance purposes only, as well as the exercise or defense of legal claims for as long as is legally required for such purposes. BCAG will delete such Personal Data at the end of such period.
Data Breach Incident
6.1 BCAG will comply with GDPR requirements with respect to notifying the impacted Client whenever BCAG becomes aware that there has been a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data processed by BCAG in the context of this Protocol (“Data Breach Incident”). BCAG will investigate the Data Breach Incident and take necessary steps to eliminate or contain the impact of the Data Breach Incident.
6.2 BCAG shall maintain written procedures which enable it to provide a response to the Client about a Data Breach Incident as soon as practicably possible.
6.3 Please report any incident immediately which you deem is a data breach incident to this email address: [email protected]
Transfer of Personal Data
The Client confirms that BCAG may transfer Personal Data to its affiliates and subprocessors inside and outside the European Economic Area (EEA) for purposes of servicing, support, back-up or any other legitimate interest BCAG may have to transfer Personal Data in order to fulfil its obligation(s) as per the relevant Service Agreement(s). BCAG confirms that it has established safeguards to protect Personal Data transferred to countries outside the EEA that are, as a minimum, in accordance with the relevant Standard Contractual Clauses as approved by the European Commission. Where BCAG enters such arrangements, it may act either for itself or as an agent for the Client or in both capacities. Every BCAG group company has adhered to or is bound by the Standard Contractual Clauses through an intragroup arrangement.
Rights of Data Subjects
8.1 Upon instruction of the Client, BCAG will cooperate to enable the Client:
- a) in providing access to Data Subjects whose Personal Data are being processed via the provision of the services by BCAG;
- b) in deleting or correcting their Personal Data;
- c) demonstrating that their Personal Data have been deleted or corrected if they are incorrect, or, if the Client disagrees with the point of view of the Data Subject, recording that the Data Subject is of the opinion that the Personal Data is incorrect;
- d) in restricting the processing of Personal Data as per Article 18 GDPR;
- e) in protecting the rights of Data Subjects to its best advantage;
- f) in case a Data Subject exercises his or her right to data portability to another Data Controller pursuant to Article 20 GDPR and where technically feasible; and
- g) in case a Data Subject exercises his or her right to object in accordance with Article 21 GDPR.
8.2 Notwithstanding Clause 8.1, BCAG shall not be obligated to delete copies of Personal Data that it holds, to the extent where further processing is required in order to comply with a legal obligation to which BCAG is subject or for the establishment, exercise or defense ? of legal claims.
8.3 The Client, as Controller, has the responsibility to provide the Data Subject with the information necessary to ensure fair and transparent processing in respect of the Data Subject (as set out in Article 14.1 of the GDPR or any similar provision under other applicable Data Protection Law). Where further processing of the Personal Data is required, for a purpose other than that for which the Personal Data were obtained, the Client shall provide the Data Subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in Articles 13.1 and 14.2 of the GDPR or any similar provision under any other applicable privacy laws. BCAG shall not be held responsible if it is not aware of such information not being provided to the Data Subject.
8.4 BCAG shall not correct, delete or restrict data to be processed on behalf of the Client in an unauthorized manner. a Data Subject contact BCAG directly in this context, BCAG shall forward this request to the Client without undue delay
Modification or amendment
Any amendment to this Protocol shall be published on the website of BCAG but shall not reduce or otherwise limit the rights of the Client.
Assistance to Client compliance with Articles 32 to 36 GDPR
BCAG shall assist the Client in ensuring compliance with its obligations pursuant to Articles 32 to 36 GDPR considering the nature of processing and the information available to BCAG.
Applicable Law and Jurisdiction
This Data Processing Protocol is governed by the applicable law of the relevant Service Agreement and any dispute in respect of this Data Processing Protocol or execution thereof shall be submitted to the BCAG entity servicing the Client and before the competent court in Zurich, Switzerland as defined in the relevant Service Agreement.
Annex 1 – Description of processing of Personal Data
- Subject Matter, Nature and Purpose
All processing activities (including the collection, organization and analysis of Personal Data) as are reasonably required to facilitate or support the provision of the services described under the Service Agreement.
- Categories of Data Subjects
The Data Subjects may include individuals that represent the Client, that are advising the Client, that are in any contractual or statutory relationship with the Client, or that the Client has collected in view of its servicing towards such individuals or are otherwise connected to such individuals.
Most commonly the Data Subjects will include: (1) employees, contractors or other workers of the Client and/or their family members, representatives or others connected with workers and (2) past, existing or prospective Clients and/or contractual counterparties of the Client, and/or their employees or other individuals connected with them, and/or their family members, representatives or others connected with them.
- Types of Personal Data
The services under the Service Agreement may involve the processing of the following types of Personal Data:
- names and contact information;
- general demographic information (such as gender, age, date of birth, marital status, nationality, employment details, residence, utility bills, .);
- personal identification documentation and related information such as passport numbers and employee identification numbers;
- financial and payment data such as bank account numbers and transaction information;
- details of shareholdings and other assets which are legally or beneficially owned by the Data Subject
- details of people and organizations which may be connected to the Data Subject (family or otherwise); and
- information related to the provision of the services performed under the Service Agreement or per the services provided by the Client to such individuals.