top of page
Traxess_Logo_dark_250210.png

Privacy & Cookie Policy

This Privacy & Cookie Policy of Traxess Ltd. was last updated on 25 February 2026.

 

 1. Introduction

This Privacy & Cookie Policy details how we handle the collection, use, disclosure, transfer, storage, and protection of personal information acquired through our products and services. It also covers your options concerning this data.

 

As you review our policy, bear in mind that it applies to Traxess Ltd. (“Traxess”, “we”, “our”, or “us”), our products, including the Traxess Sentinel, Traxess Data Solutions, Traxess Web Publishing Solutions, the mobile apps SPOTAP and Sentinel Security so on (collectively referred to as “Products”).

 

Traxess collects Personal Information when you register for or use the Services. Traxess does not collect Sensitive Personal Information, known as Special Categories under GDPR.

 

Traxess processes the personal data of persons who have signed up for the service individually, employees of corporate clients, and clients’ customers and/or employees. In the service provided to the client segments, Traxess acts as the data processor as well as the data controller.

The standards outlined in this Privacy & Cookie Policy are part of the legal agreement between Traxess, our clients, and clients’ customers. It shall comprise all security measures in place for protecting personal data and to secure the availability of the software as a service provided by Traxess in compliance with Swiss Data Protection Law and the EU’s General Data Protection Regulation as of 25 May 2018 (hereinafter referred to as the “GDPR”).

 

Before accessing or using our Products and/or services, please ensure that you have read this Privacy & Cookie Policy and understand how we collect, store, use and disclose your personal information as described herein. By using our Products and/or services, you agree to the collection and use of information in accordance with this Privacy & Cookie Policy.

 2. Terms & Definitions

  • Application – Web Applications and Mobile Apps

  • Products – Traxess Sentinel Security Solutions, Traxess Data Solutions, Traxess Security App SPOTAP, Traxess E-Learning Solutions, Traxess Web Publishing Systems and so on.

  • Third Parties – any natural or legal person or entity other than Traxess;

  • Website – the website available at www.traxess.ch

 3. Purpose and legal basis of personal data processing

The purposes of collecting and processing the Personal Data of Data Subjects, i.e. Customer employees, who have registered individually for the Product are:

  1. The proper functioning of the application in order to

    • Enable access to information required in the event of user support;​

    • Manage access to Products;​

    • Detect and prevent illegal activities on the Products;

  2. Monitoring travel bookings if the service has been contracted by the Customer with Traxess, on the understanding that Traxess is deemed to be the Data Controller when the Customer subscribes to such a service;2.  

  3. The provision of information relating to security and health risks in destination countries;

  4. The sending of alerts in the event of events/incidents that could affect the Persons concerned;

  5. Where appropriate, tracking and tracing the Persons concerned using the Mobile application); and

  6. In the event of an emergency response being triggered, providing assistance to the Persons concerned.

The legal bases for the Processing implemented for the purposes set out above are as follows:

  • Purpose 1: The legitimate interests pursued by Traxess; as part of its contracted service, use the personal data of Data Subjects in order to improve cybersecurity, manage the Web interface and the mobile application, ensure the efficiency of operational processes and ensure business continuity.

  • Purpose 2: The performance of the contract concluded, where applicable, for the benefit of the Data Subject between the Customer and the Assistance provider;

  • Purposes 3 and 4: The performance of the insurance contract for the benefit of the Data Subject; 

  • Purpose 5: The consent of the Data Subject;

  • Purpose 6: Safeguarding the vital interests of the Data Subject. 

Please note that Traxess and its Partners only use the data of Data Subjects for the purposes described above and under no circumstances for any other purposes, in particular advertising or market or opinion research. Nor is the data collected sold.


For all intents and purposes, it is recalled that the consent given by any Data Subject may be withdrawn at any time without affecting the lawfulness of the processing carried out on the basis of the consent until such withdrawal; it is also recalled that the services and functionalities provided to Data Subjects and based on the legal basis of the consent will no longer be available once the consent has been withdrawn.

 4. Information We Collect

Traxess strictly utilises data solely in cases where it is legally permitted, abstaining from its use for advertising, market research, or opinion-gathering purposes.
 

We may collect several types of personal information from the users of our Products and store it on your mobile device and/or our server, such as:

  • Personal profile information, including your name, postal address, email address, and mobile or other telephone numbers).

  • Information about your device, including the IP address of the device (anonymised), internet service provider, operating system, browser type, language preference, and mobile phone identification code.

  • Precise location information obtained through your IP address, Wi-Fi, and GPS coordinates made available through your device.

  • Information from third parties, such as travel agencies.

  • Web behaviour information, such as information related to how the users use the Products (e.g. browser type, domains, page views) collected through cookies and other automated technology.

 5. How We Collect Information

Visiting our user interface without logging in. If the user visits our applications outside the login-protected area, our web server technology automatically logs general technical visit information. These include the IP address of the user’s device (anonymised), information about the browser type, the Internet service provider and the operating system.

Visiting our user interface by logging in. When the user accesses the login-protected area of the application by logging in to their personal account, in addition to the automatic logging of general technical visit information, all data entered or submitted by the user during the registration process and during the use of the application will be stored. In particular, this is the case when the user registers and enters their travel booking details as well as personal master data (name, postal address, email address, mobile or other telephone numbers); the settings required for the respective service are collected, too.By entering data during the registration, the user consents to processing and storing of personal data within the scope described in this Privacy & Cookie Policy.

Travellers’ booking reservations. Booking reservation data is provided to Traxess by third-party travel agencies through the optionally available automated data import function. This data shall include flight bookings, hotel and car reservations, etc., processed by the travel agency. The consent and permission to receive, process, and store this information is granted to Traxess by the user’s employer on behalf of their employees.

Using the Traxess mobile security application SPOTAP or the Sentinel app. When downloading and installing the mobile security application, the device ID and the phone number are detected and linked to the user’s profile.If the user activates the “GPS tracking” function, the device sends coordinates of its position on a time interval that is steered by changing its position. These coordinates shall be captured and stored.In the registration process, the user agrees to the processing and utilisation of personal data, including location information acquired via GPS tracking. This consent is given in accordance with the aims and extent outlined in the privacy notice provided before the app is installed on the device.

 6. Data transfer to third parties

Personal data will be treated confidentially by Traxess and will not be passed on to third parties without the customer’s consent unless it is required due to a judicial or official request. Traxess will not pass on any data to non-EU countries without the customer’s consent. The data remains with Traxess and is not made available to any third party except to the extent of providing contracted assistance services as approved either by the users or by their employer.

 7. Historical Data Storage

Any user data that is processed and stored on our servers is encrypted. The data storage depends on the service contracted by clients. By default, Traxess applies the following standard that might change upon client request. The default standard applyes to the following:
 

Traxess Security Solutions / Traxess Sentinel

  • The full data history of users is stored for three months.

  • Anonymised data history without private user information (without name, email, and phone number) is stored for one year.

Traxess Data Solutions

  • The full data history of users is stored for six months.

  • Anonymised data history without private user information (without name, email, and phone number) is stored for one year.

 

After a contract with a corporate client has expired, all data is removed from Traxess’s servers within one month.

 8. Cookies

When using the Products, we may collect certain information by automated means, such as cookies (small text files stored in your browser). 

You can control cookies through your browser settings and other tools. Your device may offer you control over the use of cookies or other technologies when you use the Products. For example, you may be able to set your device or browser to disable, clear, reset or block the use of cookies or similar technologies. Please note, however, that without cookies, the Products may not work correctly, or you may be unable to use all their features.

 9. Use of Google Analytics or other analytics tools

The Traxess Software Solutions, which utilises Google Maps, actively blocks any third-party tools designed to capture data for user profiling. Consequently, no personal data from users accessing the system is transferred to third parties.

 10. Use of Social Media Plug-ins

The Traxess public website www.traxess.ch uses social plug-ins from Facebook and LinkedIn, such as the “Like” button.

When you click on the plug-in, a direct connection is established between your computer and the server of this plug-in’s provider, e.g. Facebook, LinkedIn, etc. As a result, certain types of personal and non-personal customer data may be collected according to the privacy policies of these providers.

 11. Links to Other Websites

The Traxess Products contain hyperlinks to third-party websites that are not operated or controlled by Traxess. Traxess is not responsible for their content or data protection practices.

 12. Data Security Measures

We implement appropriate technical and organisational measures in accordance with Article 32 of Regulation (EU) 2016/679 (“GDPR”) to ensure a level of security appropriate to the risk, taking into account:

  • the state of the art,

  • the costs of implementation,

  • the nature, scope, context and purposes of processing, and

  • the risk of varying likelihood and severity for the rights and freedoms of natural persons.

Our security measures are designed to ensure the confidentiality, integrity, availability and resilience of processing systems and services.


12.1 Risk-Based Security Approach

We maintain a documented information security framework based on a risk assessment methodology. Security controls are selected and implemented proportionate to the risks presented by the processing activities performed through our Software-as-a-Service platform (“Service”). Risk assessments are conducted periodically and whenever significant changes occur in the processing environment.
 

12.2 Technical Measures

We implement technical safeguards including, where appropriate:

(a) Encryption and Pseudonymisation

  • Encryption of Personal Data in transit using TLS or equivalent secure cryptographic protocols

  • Encryption of Personal Data at rest where appropriate

  • Secure cryptographic key management procedures

  • Pseudonymisation techniques where feasible and proportionate


(b) Access Control and Authentication

  • Role-based access control (RBAC)

  • Principle of least privilege

  • Multi-factor authentication for privileged accounts

  • Secure password policies

  • Logging and monitoring of administrative access


(c) System Integrity and Protection

  • Firewalls and network segmentation

  • Intrusion detection and prevention mechanisms

  • Continuous vulnerability scanning

  • Regular patch management

  • Secure configuration standards

 

(d) Secure Development Practices

  • Secure software development lifecycle (SDLC)

  • Code review and security testing

  • Protection against common vulnerabilities (including OWASP Top 10 risks)

  • Change management procedures

12.3 Availability and Resilience

In accordance with Article 32(1)(b) GDPR, we implement measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services, including:

 

  • Redundant infrastructure where appropriate

  • Regular automated backups

  • Secure storage of backup data

  • Periodic restoration testing​

  • ​Documented business continuity and disaster recovery procedures
     

12.4 Restoration Capability

In accordance with Article 32(1)(c) GDPR, we maintain the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident.

Recovery time objectives (RTO) and recovery point objectives (RPO) are defined internally based on service architecture and risk assessment.
 

12.5 Testing and Evaluation

In accordance with Article 32(1)(d) GDPR, we regularly test, assess and evaluate the effectiveness of our technical and organisational measures, including:

  • Periodic security reviews

  • Vulnerability assessments

  • Penetration testing where appropriate

  • Internal audits


Security measures are reviewed and updated as necessary to address emerging threats and technological developments.
 

12.6 Organisational Measures

We implement organisational safeguards including:

  • Confidentiality obligations for employees and contractors

  • Information security training and awareness programmes

  • Defined access management procedures

  • Incident response procedures

  • Vendor risk management procedures

  • Documented data handling policies
     

Access to Personal Data is limited to authorised personnel who require such access for legitimate business purposes.
 

12.7 Sub Processors and Third Parties

Where we engage sub processors to process Personal Data on our behalf:

  • We conduct appropriate due diligence prior to engagement

  • We enter into data processing agreements pursuant to Article 28 GDPR

  • We require implementation of appropriate technical and organisational measures

  • We monitor compliance where appropriate
     

12.8 Personal Data Breach Management

We maintain documented procedures for identifying, assessing and managing Personal Data breaches.
In the event of a Personal Data breach:

  • We will assess the scope and impact without undue delay

  • We will implement appropriate containment and remediation measures

  • Where required under Articles 33 and 34 GDPR, we will notify the competent supervisory authority and, where applicable, affected data subjects within the prescribed timeframes
     

12.9 Shared Responsibility

Customers are responsible for securely managing user credentials, configuring access permissions appropriately, and implementing additional security measures within their organisational environment where necessary.

 13. Data Subject Rights

Users have the rights regarding their personal data:

  • the right of access under Article 15 GDPR,

  • the right to correction under Article 16 GDPR,

  • the right to cancellation under Article 17 GDPR,

  • the right to restrict processing under Article 18 GDPR,

  • the right to data transfer from Article 20 GDPR, and

  • the right of objection under Article 21 GDPR.


Users are asked to give consent in connection with the Traxess services. You grant consent, by clicking on the corresponding checkbox in the registration process, that Traxess may collect, process, and use personal data accordingly.


The consent given by users in the past can be revoked at any time without affecting the legality of the processing carried out based on the consent until revocation. Users can cancel the consent given in the past by not accessing the Traxess Travel Security Portal anymore and by uninstalling the app from their mobile device. Unfortunately, the services and features provided to users will not be available anymore after the consent is revoked.


Users can request the correction of user profile data or the removal of any personal data stored on their profile by contacting the system admin dedicated by the employer who contracted the service on behalf of its employees or by contacting Traxess via the contact channels included in Contact Information in this Privacy & Cookies Policy.
 

The restrictions according to §§ 34 and 35 GDPR apply to the right to information and the right of cancellation. In addition, there is a right of appeal to a competent data supervisory authority (Article 77 GDPR).

 14. Changes to the Privacy & Cookies Policy

At our sole discretion, we reserve the right to amend this Privacy & Cookies Policy or impose new clauses at any time. If we do so, an updated version will be communicated to clients and made available in the solution. The new Privacy & Cookies Policy will be effective immediately upon being published on the company’s Website and made available to clients.

15. Contact Information

Traxess is in charge of data processing for the products provided by Traxess. Users can contact the Traxess data protection officer

  • by sending a letter to Traxess Ltd., Gartenstrasse 25, 8002 Zurich, Switzerland.

  • by sending an email to info@traxess.ch.

  • by calling the phone number +41 43 505 13 31.

bottom of page