Skip to main content

Privacy Policy

Effective Date: 15th September 2025

1. Introduction

The WACO System, having its registered seat at St. Peterstrasse 1, Zurich, Switzerland (“WACO”, “we”, “us”, or “our”), is committed to protecting your personal data. This Privacy Policy explains how we collect, process, and protect your personal data when you visit our website ([website address]) or otherwise interact with us, in compliance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the European Union’s General Data Protection Regulation (GDPR).

2. Data Controller

The controller responsible for the processing of your personal data is:

The WACO System, St. Peterstrasse 1, 8001 Zurich, Switzerland.

Email: admin@waco-system.com

3. Personal Data We Process

We process different categories of personal data depending on your interaction with us:

  • Data you provide directly: When you use the contact form, register for membership, subscribe to our newsletter, or register for an event, we may collect personal data such as your first and last name, email address, telephone number, postal address, company affiliation, and payment information.
  • Data collected automatically: When you visit our website, our servers automatically record information that your browser sends. This data may include your IP address, browser type and version, operating system, referring website, pages visited, and the date and time of your visit. This data is primarily used to ensure the security and stability of our website.
  • Data from third-party sources: In specific cases, we may receive personal data about you from public sources or third parties, for instance, in the context of verifying membership eligibility.

4. Purposes and Legal Basis of Data Processing

We process your personal data based on the principles of lawfulness, proportionality, and purpose limitation, as stipulated in the Swiss Federal Act on Data Protection. The processing is conducted for the following specific purposes and based on the corresponding legal grounds:

  • To provide our services and fulfil contractual obligations: We process your data to manage your membership, process registrations for events, and provide you with the services you have requested. The legal basis for this processing is the performance of a contract to which you are a party (Art. 31 para. 2 lit. a FADP).
  • To respond to your inquiries: When you contact us via our contact form or email, we process your data to handle your request. The legal basis is our overriding private interest in providing effective communication and service (Art. 31 para. 1 FADP).
  • For marketing and communication: With your explicit consent, we may send you newsletters and other information about our activities. Member communications are managed through our Customer Relationship Management (CRM) system. You may withdraw your consent for marketing communications at any time. The legal basis for this is your consent (Art. 31 para. 1 FADP in conjunction with Art. 6 para. 6 FADP) or our overriding interest in maintaining member relations.
  • To operate and improve our website: We process technical data to ensure the functionality, security, and optimization of our website. The legal basis is our overriding private interest in maintaining a secure and user-friendly online presence (Art. 31 para. 1 FADP).
  • To comply with legal obligations: We may process your data to comply with legal, regulatory, or accounting requirements. The legal basis is the necessity to comply with a legal obligation (Art. 31 para. 1 FADP).

5. Disclosure of Personal Data to Third Parties

We do not sell, trade, or rent your personal data. We may disclose your data to trusted third parties (processors) who assist us in operating our association and providing our services, under strict contractual obligations of confidentiality and data protection. Such categories of recipients may include:

  • IT service providers for hosting, maintenance, and support.
  • Payment service providers for processing membership fees or event tickets.
  • Customer Relationship Management (CRM) platform providers (e.g., Salesforce).
  • Email marketing and communication platform providers (e.g., Mailchimp).
  • Website analytics service providers (e.g., Google).
  • External auditors and legal advisors.

These third parties are only permitted to process your data in accordance with our instructions and for the purposes outlined in this policy.

6. International Data Transfers

As a global association with members in numerous countries worldwide, your personal data may be processed in or accessed from various locations outside of Switzerland. This includes countries that may not have a level of data protection equivalent to that of Switzerland as determined by the Swiss Federal Council.

Specifically, some of our key service providers, including Google (for website analytics), Salesforce (for customer relationship management), and Mailchimp (for email communications), are based in the United States. The United States is not considered by the Swiss Federal Council to provide an adequate level of data protection.

To ensure the protection of your personal data in such cases, we implement appropriate safeguards as required by law. These safeguards primarily consist of the Standard Contractual Clauses (SCCs) approved by the Federal Data Protection and Information Commissioner (FDPIC), which contractually oblige the recipient to adhere to a level of data protection equivalent to that of Switzerland. By using these safeguards, we ensure that your personal data remains protected even when transferred abroad.

7. Data Retention

We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable legal and regulatory obligations. Data that is no longer required will be securely destroyed or irrevocably anonymised. For instance, data related to contracts and accounting is subject to statutory retention periods under the Swiss Code of Obligations.

8. Data Security

We have implemented appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures are regularly reviewed and adapted to the state of the art.

9. Website Analytics and Cookies

Our website uses cookies, which are small text files stored on your device, to enhance your user experience and analyse website usage.

  • Essential Cookies: Some cookies are necessary for the website’s basic functionality and are activated automatically.
  • Google Analytics: Our website uses Google Analytics, a web analytics service provided by Google LLC (USA) and Google Ireland Limited (Ireland). Google Analytics uses cookies to help us analyse how users interact with the site. The information generated by the cookie about your use of the website is typically transmitted to and stored by Google on servers in the United States.
  • IP Anonymization: We have activated the IP anonymization feature for Google Analytics on this website. This means your IP address will be truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be sent to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
  • Consent and Opt-Out: The use of Google Analytics and other non-essential cookies is based on your consent, which you can provide and manage via our cookie banner. You can also prevent the collection and processing of data by Google Analytics by downloading and installing the browser plug-in available from Google’s official tools website.

10. Your Rights as a Data Subject

Under the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR), you have comprehensive rights concerning your personal data. These rights include:

  • Right to Information and Access (Art. 25 FADP; Art. 15 GDPR): You have the right to request information about whether we process personal data concerning you and to receive a copy of that data and further details about the processing.
  • Right to Rectification (Art. 32 para. 1 FADP; Art. 16 GDPR): You have the right to request the immediate correction of inaccurate personal data concerning you.
  • Right to Erasure (“Right to be Forgotten”) (Art. 32 para. 2 lit. c FADP; Art. 17 GDPR): You have the right to request the deletion of your personal data, for instance, if the data is no longer necessary for the purposes for which it was collected or if you withdraw your consent. This right is subject to legal retention obligations.
  • Right to Object (Art. 32 para. 2 lit. b FADP; Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on our overriding interests. This applies in particular to direct marketing.
  • Right to Restriction of Processing (Art. 32 para. 2 lit. b FADP; Art. 18 GDPR): You have the right to request the restriction of processing of your personal data, for example, if you contest the accuracy of the data.
  • Right to Data Portability (Art. 28 FADP; Art. 20 GDPR): You have the right to receive the personal data which you have provided to us in a structured, commonly used, and machine-readable format or to request that we transmit this data directly to another controller, where technically feasible.
  • Right to Withdraw Consent (Art. 6 para. 6 FADP; Art. 7 para. 3 GDPR): Where processing is based on your consent, you have the right to withdraw that consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a competent supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC). If you are in the EU, you may lodge a complaint with the data protection authority in your member state of habitual residence, place of work, or the place of the alleged infringement.

To exercise these rights, please contact us using the details provided in Section 2.

11. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy at any time. The current version published on our website is applicable. We will notify you of any significant changes where appropriate.

12. Representative in the European Union

As we have members from the European Union, we have appointed a representative within the EU in accordance with Art. 27 GDPR, who serves as a point of contact for supervisory authorities and data subjects on all issues related to data processing under the GDPR.

Our EU representative is:

Dr. Eschmann Rechtsanwälte, St. Peterstrasse 1, 8001 Zurich, Switzerland.

Email: admin@waco-system.com

The Global Network for Collaborative Logistics

© 2026 The WACO System | All Rights Reserved.

Privacy Policy

|

Terms of Use

How Can We Help You?

About Us

Digital Innovation

Events

News

Member Portal

How to Get in Touch

Contact Us

St. Peterstrasse 1, 8001 Zurich, Switzerland

Company Identification Number: CH-020.6.000.394-5

© 2026 The WACO System | All Rights Reserved.

Privacy Policy

Terms of Use