Data protection statement

In this Data Protection Statement, we explain what information (including personal data) we process during your visit and use of our internet offering on our website https://www.swissworldcargo.com and its subpages (hereinafter referred to as “Website“) and which rights you have in relation to your personal data.

I. Who is responsible for processing the data?

Swiss WorldCargo is the air freight division of Swiss International Air Lines Ltd. The party responsible for the processing of personal data under data protection law (the “Controller”) is Swiss International Air Lines Ltd., Obstgartenstrasse 25, 8302 Kloten, Switzerland. Where the words “we” or “us” are used in this Data Protection Statement, they refer to the above company.

If you have any questions regarding the processing of your personal data, you may contact the Data Protection Officer and team at any time by mail (Swiss International Air Lines Ltd., P.O. Box ZRHS/CJ, CH-8058 Zurich Airport) or email (dataprotection@swiss.com).

Our representative in the European Union is Swiss International Air Lines Ltd., Zweigniederlassung Frankfurt, Cargo City Süd 558, 60549 Frankfurt am Main, Germany.

II. Personal data

Personal data means any information relating to an identified or identifiable individual. On this Website we can also record items of information that, taken on their own, do not allow us to directly draw conclusions about your person. Nevertheless, this information may constitute “personal data” within the meaning of data protection law in certain cases, in particular if it is combined with other data. In addition, we may also record information on this Website that does not enable us to identify you directly or indirectly; this is the case, for example, with aggregated information on all users of this Website.

III. What data do we process?

You can access our Website without directly providing personal data (such as your name, postal address or e-mail address). In this case, too, we have to process certain information to enable you to access our Website. Moreover, on this Website we use certain analytics methods and have integrated links to other Websites whose operators may process further (personal) data. Finally, on our Website we offer you the use of various services for the performance of which we require personal data from you. These are mostly your contact data, which we collect either when you contact us or when you register as a user of our various services. In detail, we process personal data on our Website as follows:

  1. Log files: When you visit this Website, our web server automatically stores the domain name or IP address of the requesting computer system (usually your internet access provider), including the date, time and length of your visit, the sub-sites/URLs you visit, and information on the applications and devices you use to view our Websites.
  2. Cookies: We use cookies and similar technologies to run the website (necessary cookies) and for analytics, personalization and advertising. For more information about the cookies and similar technologies we use on our Website please refer to our Cookie Information. In the Cookie Settings which you can access via the link “Change Privacy Settings” in the footer of our Website, you have the possibility to give/reject your consent where necessary at any time.
  3. Embedded media content: We have embedded various media content on our Website, e.g.
  • own videos, which are also available on our channel on the YouTube platform (an offering from YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, U.S. – “YouTube”);
  • Maps from Google Maps (a service of Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland) with the purpose of providing our users with information about our station network.

The contents of the media content embedded on our Website are displayed within a subsection of our Website and are only activated when you click on them.

  • When you play an embedded YouTube video, a connection to the YouTube servers is established so that the video is played in your browser. YouTube videos are embedded on our Website in the privacy-enhanced mode provided by YouTube; according to YouTube, use of this mode means that no cookies are stored on your device. However, when you play a YouTube video, your IP address is transferred and so YouTube obtains information that you have visited our Website. According to YouTube, this information cannot be assigned to you if you are not logged on to YouTube or another Google service at the time a video is called. As soon as you start playing an embedded video by clicking on it, YouTube – in privacy-enhanced mode – only stores cookies on your device which do not contain any data that can identify you personally, unless you are currently logged on to a Google service. These cookies can be prevented by appropriate browser settings and extensions. You can find more information on data processing by and the privacy policy of YouTube and Google at https://policies.google.com/privacy?hl=en
  • When you use the maps of Google Maps on our website, a direct connection to the Google servers and your browser will be established. Google stores and processes data such as your IP address(es) or the search terms you enter on the Google Maps map (e.g. station details) and, after your consent, your current location. Further information on data processing and information on data protection can be found at: https://policies.google.com/?hl=de

The additional terms of use of Google Maps/Google Earth also apply: https://www.google.com/intl/de_de/help/terms_maps/

  1. Links to other Websites: Our Website contains links to other offerings (including our presence on YouTube, LinkedIn. Please note that when you visit the other offering, information (possibly including personal data) on your visit may be collected by the operator of the other offering. You can find more information in the data protection statements of the operators of the offering.
  2. Means of contact: On our Website, we point out various ways you can contact us. If you use one of these ways, we process the information we ask for and/or you give us in order to handle your inquiry. Your requests can be processed with the assistance of AI technologies. If necessary, the information may be stored for a longer period of time after completion of the processing for reasons of preservation of evidence.
  3. Online bookings: Online Bookings can be made by creating a user account on our service provider’s platform. During registration, we collect not only details of the business partner, but also personal data on the contact person as specified on the platform. Please refer to the information provided on the platform.
  4. Our Services: You can also book many of our services by telephone, e-mail or in person with us or our service providers. If you book one of our services, we process the information you provide in order to be able to provide the corresponding services to you. The personal data provided is usually contact information, such as names, address, telephone number or email addresses. After completion of the processing, your data will be stored by us for a longer period to facilitate a further booking for you and for reasons of preservation of evidence. In connection with your order, we may also offer you the possibility to provide information about the recipient of the consignment that we transport or a possible contact person (again, this is mostly the contact information mentioned above); this information can as well refer to individuals (for example, the recipient himself or a specific contact person in a legal entity). Please ensure that the individuals you have named are informed of the processing of their personal data in connection with an order, as required by law. Please note that the provision of services may also require the disclosure of the data to domestic and foreign authorities, such as airports, customs, police, etc.
  5. Customer Relationship Management: We use the Customer Relationship Management (“CRM”) system Microsoft Dynamics 365 or a similar service to store customer data such as contact data, and data of persons who submit an inquiry or claim or register as a subscriber to our newsletter. The provider of Microsoft Dynamics 365 is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. For more information about how Microsoft Dynamics 365 works, see the Microsoft Privacy Statement, available at https://privacy.microsoft.com/en-us/privacystatement.
  6. Email newsletter: On our Website we may also offer you the possibility of registering for our email newsletter. The necessary information is as defined in the registration form and usually comprises – as mandatory data – your title, your given name and surname, your company and your e-mail address. Mandatory information is indicated as such.
  7. For the distribution of our e-mail newsletter, we use the Customer-Relationship-Management (“CRM”) system Microsoft Dynamics 365 or a similar service. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Our email newsletters contain cookie and tracking-pixel allowing us to track if emails are opened. In addition, the cookie or tracking pixel enables us to analyze the click behavior. The data thus collected is sent to Microsoft’s servers and stored there. We use this data for statistical purposes and for the individual optimization of our newsletter. Further information about how Microsoft Dynamics 365 works can be found in Microsoft’s privacy policy, available at: at https://privacy.microsoft.com/en-us/privacystatement.
  8. Customer surveys: We may contact you as part of our customer surveys. As part of the customer surveys, which we conduct to improve our services, we receive your information in anonymized form and evaluate it accordingly. In the context of customer surveys, the following personal data in particular will be processed: First name, last name, gender, e-mail address and, if applicable, your postal address. The participation is voluntary.
  9. Online surveys: We can also conduct online surveys to improve our services, the participation of which is voluntary. These can take place anonymously or personalized. If we process personal data in the context of such an online survey, we will inform you accordingly (e.g. in a corresponding pop-up window). In such a case, we process the information we request and/or the information you provide as part of the evaluation of the survey in order to optimize our services.
  10. Manage subscriptions / promotional consents: In our Subscription Center, we offer you the possibility to take out subscriptions (e.g. for receiving our newsletters) and to give us your consent to receive promotional information, as well as to view your existing subscriptions and the given consents and to adjust them at any time. If you give us your consent to send you advertising information, we will, for example, inform you about our company, our products and our events or, if necessary, carry out customer surveys with you. Please note that existing customers may receive newsletters without their express consent. You can nevertheless opt out at any time. In the context of subscriptions and promotional consents, the following personal data in particular will be processed: First name, surname, gender, e-mail address and, if applicable, your postal address.

IV. For what purposes and on what legal basis do we process your data?

  1. Personal data that may be contained in the log files is processed to enable you to use our Website; that is done on the basis of Article 6 paragraph 1(f) GDPR so as to safeguard our legitimate interests in operating our Website.
  2. The data collected using necessary cookies and the pseudonymous user profiles are processed for the purposes of tailoring our Website to users’ needs on the basis of Article 6 paragraph 1(f) GDPR so as to safeguard our legitimate interests in the use of our Website. The data collected using optional cookies(cookies of the categories “comfort”, “statistics” and “performance”) and the pseudonymous user profiles are processed for the purposes of analyzing the Website, advertising, and market research on the basis of your consent and Article 6 paragraph 1(a) GDPR.
  3. The processing of the data collected through the playing of embedded media content on our Website is carried out for the purpose of using and designing our Website in accordance with the requirements of Article 6 paragraph 1(f) GDPR to safeguard our legitimate interest in the operation of our Website.
  4. Personal data provided to us as part of an inquiry directed to us using the channels specified on the Website is processed to process the inquiry so as to safeguard our legitimate interests in conducting an existing business relationship or performing our other business activities on the basis of Article 6 paragraph 1(f) GDPR.
  5. Personal data of our business partners’ contact persons or other natural persons (recipient of the consignment or recipient’s contact person) that is collected as part of registration or use of a user account is processed so as to safeguard our legitimate interests in conducting existing business relationships on the basis of Article 6 paragraph 1(f) GDPR.
  6. The processing of personal data collected from you in the course of using our Services is carried out on the basis of Article 6 paragraph 1(b) GDPR in order to provide the corresponding contractual services. Please refer to the respective contracts such as our general terms and conditions of carriage. The storage of this data beyond the provision of the respective service is carried out to protect our legitimate interest in the execution of existing business relationships or in the assertion of legal claims and the defense in legal disputes, in each case on the basis of Article 6 paragraph 1(f) GDPR.
  7. Personal data provided as part of registration for a newsletter, or in your participation in a customer survey, or an online survey or personal data provided as part of your registration to receive promotional information, is processed on the basis of your consent and Article 6 paragraph 1(a) GDPR. Please note that you can withdraw the consent you have given to us at any time with future effect, for example by clicking on the relevant link in each newsletter or email we send, via the Subscription Centre, or by sending a letter or e-mail using one of the contact channels specified in Section I. of this Data Protection Statement (kindly also refer to Article X b) below). Please note that existing business partners/customers may receive the correspondence mentioned without their express consent (see 5 above). You can nevertheless opt out at any time.
  8. We can also process personal data to comply with legal obligations to which we are subject; this is done on the basis of Article 6 paragraph 1(c) GDPR.
  9. We can conduct credit assessments and verify payment transactions in order to determine credit worthiness, prevent fraud and other improper usage. To this end, we use both internal and external sources of information. We reserve the right to receive and share the relevant information (including personal data) with other subsidiaries of the Lufthansa Group who may also verify the data for their own purposes; this is done on the basis of Article 6 paragraph 1(f) GDPR..
  10. Where necessary, we also process personal data above and beyond the above-mentioned purposes to safeguard further legitimate interests or the interests of third parties; this is done on the basis of Article 6 paragraph 1(f) GDPR. Our legitimate interests include
    1. establishing legal claims and defending ourselves in legal disputes;
    2. preventing and investigating criminal acts;
    3. security including IT security; and
    4. controlling and further development of our business activities, including risk management and operation of our IT systems.

V. Do I have an obligation to provide data?

The particulars required for any account registration and for registering for the newsletter are indicated as mandatory details in the relevant section of our Website (e.g. an online form); if you do not provide these mandatory details, we cannot enable you to use the feature in question.

If we collect personal data from you above and beyond that, we notify you at the time whether the information must be provided under the law or contract or is necessary so that a contract can be concluded. We usually indicate information that is provided voluntarily and does not have to be furnished pursuant to one of the above obligations or is not required to conclude a contract.

VI. Who receives personal data?

In general, personal data is processed inside our company. Only specific departments/organizational units can access personal data, depending on its nature. They include in particular the specialist departments tasked with providing our digital offerings (e.g. Websites) or the described business processes, and our IT department. A role and authorization concept restricts access at our company to the functions and the scope required for the purpose for which the data is processed.

We may also transfer personal data to third parties outside our company to the legally permissible extent. In particular, these external recipients may include

  • affiliated companies in the Lufthansa Group to which we transfer personal data for internal administrative purposes and for the performance of central services (e.g. billing services);
  • those third parties we use to provide our services (e.g. to carry out flights or load and unload cargo), insofar as the transfer is necessary to fulfil the contracts concluded with us, such as ground handling service providers at the airports we operate;
  • service providers whom we have engaged (e.g. our transport-, IT-, CRM- or payment service providers etc. or partly also our ground handling service providers) and who, on the basis of a separate contractual agreement, provide us with services that may also involve processing personal data, as well as the subcontractors our service providers engage with our consent;
  • non-public and public bodies (e.g. airports, customs or police authorities, etc.), where we are obliged to transfer your personal data pursuant to statutory obligations,
  • recipients of a consignment we deliver for one of our business partners; the consignments may also contain personal data from you in individual cases if you have been named as the contact person in the provided consignment data;
  • our business partners or a contact at this business partner in order to verify a contact person’s affiliation with our business partner in the context of the registration of a contact person (see above under III.7 Registration) or in the further course of the business relationship
  • other contact persons at your organization if they are likewise registered to use our e-services; in this case, all contact persons within the organization of a business partner may be able to access details of all business transactions of that business partner (including information on your involvement in such a business transaction) using the e-services;
  • Furthermore, we may transfer further data to third parties within the scope of the use of cookies and tracking functions on our Website, according to the details set down in our Cookie Information.

VII. Is automated decision-making used?

In principle, we do not use automated decision-making (including profiling) within the meaning of Article 22 GDPR in connection with operation of our Website. If we use such methods in individual cases, we will notify you separately to the legally prescribed extent.

VIII. Is Personal data transferred to countries outside the EU/EEA?

In most cases, personal data is processed within the EU or the European Economic Area.

Since Swiss International Air Lines ltd. and the Lufthansa Group operate globally and we also perform our services worldwide, we also transfer information to recipients in what are called “third countries”. “Third countries” are countries outside the European Economic Area (EEA) and Switzerland where it cannot be readily assumed that they have a level of data protection comparable to that in the EEA and Switzerland. Recipients in third countries may be, for example, service providers we engage (such as our call center) or the foreign offices of our own we run as part of our international presence, but also non-public and public bodies (e.g. airports, customs or police authorities, etc.), in case we are obliged to transfer specific information  in the course of the provision of our services pursuant to statutory obligations.

If the transferred information also includes personal data and we do not have a legal obligation to disclose such data, we ensure before transferring it that the necessary adequate level of data protection is ensured in the third country in question or at the recipient in the third country. That may be based in particular on an “adequacy decision” by the European Commission and the Swiss Federal Council, in which an adequate level of data protection is ascertained for a specific third country as a whole. Alternatively, we can transfer data on the basis of EU standard contractual clauses agreed with a recipient. For information about the EU Standard Contract Terms, click here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en, and for information about the adequacy decisions click here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en#dataprotectionincountriesoutsidetheeu and here: https://www.bj.admin.ch/bj/en/home/staat/datenschutz/internationales/anerkennung-staaten.html. As exceptions provided by law, transfers to countries without adequate protection may also be permissible in other cases, e.g. based on consent, in connection with legal proceedings abroad or if the transfer is necessary for the execution of a contract.

XI. For how long is personal data stored?

In general, we store personal data according to article 17 GDPR only for as long as they are necessary for the purposes mentioned, or if we have legitimate interests in storing it and they are not overridden by your interests in your data no longer being stored. Subsequently, such data will be deleted in order to comply with the principle of data minimization.

Even if we have no legitimate interests, we can continue to store your data if we are required to do so by law (such as to comply with retention obligations). We erase your personal data, also without any action on your part, as soon as we no longer need to know it in order to fulfill the purpose of processing or storage of it is otherwise legally impermissible.

As a rule

  • log data is erased within seven days, unless it needs to be stored further for purposes envisaged under the law, such as detection of misuse and the identification and rectification of technical faults;
  • data processed in connection with a business relationship is erased no later than by the end of the statutory retention periods or the applicable limitation periods;
  • data stored in connection with a registration as a user is erased when the customer account is deleted, unless further retention of it is required to comply with statutory retention periods in connection with the business relationship in question. If applicable, information (including personal data) is also erased before the customer account is deleted if a shorter period of time is envisaged in the respective e-service, if such shorter period can be defined by you or the business partner in question or if the purpose for further processing such personal data ceases to apply otherwise.

Personal data we have to store in order to comply with retention obligations is stored until the obligation to retain it ends. If we store personal data solely to comply with retention obligations, it is usually blocked, meaning it can only be accessed when that is required for the purpose for which the data had to be retained.

X. What are your rights as a data subject?

a)   Right of objection under Article 21 GDPR

As a data subject you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which is based on (e) or (f) of Article 6 (1), including profiling based on those provisions. In the event of such an objection, we will no longer process your personal data, unless (i) we can demonstrate compelling legitimate grounds to further process the personal data, outweighing your interests, rights and freedoms, or (ii) the processing is used for effective exercise or defense of legal rights.

In case we process your personal data for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the relevant personal data will no longer be processed for these purposes.

b)    Withdrawal of consent

If you have given us your consent to process your personal data, we hereby inform you that you can withdraw this consent at any time, e.g. by clicking on the corresponding link in each of our newsletters or in our emails or with regard to cookies, by selecting the appropriate boxes in the Cookie Settings, which you can access at any time via the link in the footer of our Website, by sending us a corresponding message by mail or e-mail via one of the contact channels mentioned in Section I. of this Data Protection Statement. In all other cases or if you have problems withdrawing your consent, you can also contact our Data Protection Officer and team, also mentioned in Section I. of this Data Protection Statement.

Please note that the consent you have withdrawn will only have effect for the future and has no influence on the lawfulness of processing based on consent before its withdrawal. In some cases, despite your withdrawal, we are entitled to process your personal data on a different legal basis – for example, to fulfil a contract.

c)    Additional rights

As a data subject, you also have the right to

  • access the personal data retained about you (Article 15 GDPR);
  • have incorrect data rectified and to have incomplete data completed (Article 16 GDPR);
  • demand erasure of personal data (Article 17 GDPR);
  • demand restriction of processing (Article 18 GDPR); and
  • demand data portability (Article 20 GDPR),

In order to exercise these rights, you can contact us at any time via our ​​contact form for data subject rights. Please note that it may take up to 30 days until you receive our first response. If you have questions relating to the processing of data, you can also contact our Data Protection Officer and team, whose contact information you can find in Section I. of this Data Protection Statement.

As a data subject you also have the right to lodge a complaint with a supervisory authority responsible for data protection (Article 77 GDPR).

XI. Changes to the Data Protection Statement

Due to the further development of our Website and our offers or due to changed legal or official requirements, it may become necessary to change this Data Protection Statement.

You can access and print out the current Data Protection Statement on our Website at any time.

Last change: July 2025