Data protection
Switzerland Tourism (Morgartenstrasse 5a, 8004 Zurich, Switzerland), an Institute of Swiss Public Law (CHE-108.956.138), operates the website myswitzerland.com and is therefore responsible for the collection, processing and use of your personal data and the compliance of the said data processing with Swiss law.
Table of contents
1. Responsible party and content of this privacy statement.
7. Using your data for marketing purposes.
7.1 Centralized data storage and analysis in the CRM system.
7.2 Email marketing and marketing
8. Third-party disclosure and third-party access
13. Tracking and web analytics tools.
13.1 General tracking information.
14. Online advertising and targeting
14.1 General information about online marketing
17. Registering for a customer account.
18. Booking, ordering or reservation with third parties.
19. Payment processing online.
20. Applying for a job opening.
28. Profiling and automated decision making.
Privacy Statement
1. Responsible party and content of this privacy statement.
Switzerland Tourism (hereinafter «ST» or «we») obtains and processes personal data concerning you or other persons (so-called «third parties»). We use the term «data» here synonymously with «personal data» or «personal data».
Your trust is important to us, so we take the issue of data protection seriously and ensure appropriate security. Of course, we comply with the statutory provisions of the Federal Data Protection Act («DSG»), the Data Protection Ordinance («DSV») and, where applicable, other data protection provisions, in particular the General Data Protection Regulation («DSGVO») of the European Union.
In this privacy statement, we describe what we do with your data when you visit myswitzerland.com and other websites of ours or use our apps (hereinafter collectively «Website»), obtain our services, otherwise interact with us under a contract, participate in our events, communicate with us, or otherwise deal with us. This is not an exhaustive description; other privacy statements or general terms and conditions and similar documents may govern specific matters.
A. General Information
2. Responsible entity.
In terms of data protection, Switzerland Tourism is responsible for the data processing described in this data protection statement, unless otherwise communicated in individual cases.
If you have any questions about data protection or wish to exercise your rights, please contact us in writing at the following address:
Switzerland Tourism
Morgartenstrasse 5a
CH-8004 Zürich
3. Data protection consultant
Our privacy advisor is:
Swiss Infosec AG
Centralstrasse 8A
CH-6210 Sursee
dataprivacy.dpo@switzerland.com
4. Your rights
You have the following rights under the data protection laws applicable to you and to the extent provided therein:
Right of access:You have the right to request access to your personal data that we hold about you at any time when we are processing it.
Right to rectification: You have the right to have inaccurate or incomplete personal data corrected.
Right to deletion: You have the right to have your personal data deleted under certain circumstances. In individual cases, especially in the case of legal obligations to retain data, the right to deletion may be excluded. In this case, under given conditions, a blocking of the data can take the place of the deletion.
Right to data transfer: You have the right to demand that we hand over certain personal data in a valid electronic format or transfer them to another responsible party.
Right of revocation: In principle, you have the right to revoke any consent you have given at any time. However, processing activities based on your consent in the past will not become unlawful as a result of your revocation.
Right to object: You have the right to object to the processing of your data, in particular those for direct marketing purposes, profiling carried out for direct marketing and other legitimate interests in the processing.
Right to further information: You have the right to obtain, upon request, further information necessary for the exercise of these rights.
Automated Individual Decisions: You have the right to express your point of view in the case of automated individual decisions and to request that the decision be reviewed by a natural person.
To exercise these rights, please email us at the following address: dataprivacy@switzerland.com.
Right of Complaint: You also have the right to enforce your claims in court or to file a complaint with the competent data protection authority.
5. Data security
We use appropriate technical and organizational security measures to protect your personal data stored by us against loss and unlawful processing, namely unauthorized access by third parties. Our security measures are continuously adapted in line with technological developments. However, security risks cannot be completely ruled out in general; residual risks are unavoidable.
We also take internal data protection very seriously. Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and data protection. Moreover, these persons are only granted access to personal data to the extent necessary for the performance of their tasks.
6. Contacting us
If you contact us üvia our contact addresses and channels (eg by e-mail, telephone or contact form), your personal data will be processed. We process the data that you have provided to us (e.g. your name, e-mail address or telephone number and your request). Which data is collected in the case of a contact form can be seen from the respective form. In addition, the time of receipt of the request is documented. Mandatory data is marked with an asterisk (*) in contact forms.
We process this data exclusively in order to implement your request (e.g. issuing information). In the implementation of your request is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. You can object to this data processing at any time (see point 4).
7. Use of your data for marketing purposes
7.1 Central data storage and analysis in the CRM system
If a clear assignment to your person is possible, we will store and link the data described in this data protection statement, i.e., in particular, your personal details, your contacts, your contract data, and your surfing behavior on our websites in a central database. This serves the efficient administration of customer data and allows us to respond to your requests adequately, and enables the efficient provision of the services you have requested and the processing of the associated contracts. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO in the efficient management of user data.
We evaluate this data in order to further develop our offers in a needs-oriented manner and to display and suggest information and offers that are as relevant as possible to you. We also use methods which, on the basis of your website use, predict possible, interests and future orders. The legal basis for this data processing is our legitimate interest in carrying out marketing measures. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO in the implementation of marketing measures.
7.2 Email marketing and marketing
When you register for our e-mail newsletter, various data is collected from you (e.g. your name and e-mail address). The mandatory data in the registration form are marked with an asterisk (*).
By registering, you give us your consent to process the data provided for the regular dispatch of the newsletter to the address you have provided and for the statistical evaluation of user behavior and the optimization of the newsletter. This consent constitutes our legal basis for data processing within the meaning of Art. 6 Para. 1 lit. a DSGVO. In order to avoid misuse and to ensure that the owner of an e-mail address has actually given their consent themselves, we use the so-called double opt-in for registration. After sending the registration, you will receive an e-mail from us containing a confirmation link. To definitely register for the newsletter, you must click on this link. If you do not click on the confirmation link within the specified period, your data will be deleted again and no delivery of our newsletter will be made to this address.
We will use your data for e-mail delivery until you revoke your consent. A revocation is possible at any time, especially üvia the unsubscribe link in all our marketing emails. Further processing only takes place in anonymized form for the optimization of our newsletter.
Our marketing emails may contain a so-called web beacon or 1x1 pixel (Zählpixel) or ähnliche technical aids. A web beacon is an invisible graphic that is linked to the user ID of the respective newsletter subscriber. For each marketing email sent, we receive information about which addresses have not yet received the email, which addresses it was sent to, and which addresses failed to send it. We also see which addresses have opened the email, for how long, and which links they have clicked on. Finally, we also receive information about which addresses have unsubscribed. We use this data for statistical purposes and to optimize the advertising e-mails in terms of frequency, timing, structure and content of the e-mails. This allows us to better tailor the information and offers in our emails to the individual interests of recipients.
The web beacon is deleted when you delete the email. To prevent the use of the web beacon in our marketing emails, please set the parameters of your email program to not display HTML in messages if it is not already the default. See the help sections of your email software for information on how to configure this setting, e.g. here for Microsoft Outlook.
By subscribing to the newsletter, you also consent to the statistical analysis of user behavior for the purpose of optimizing and customizing the newsletter. This consent constitutes our legal basis for the processing of data within the meaning of Art. 6 para. 1 lit. a DSGVO.
We use the email marketing software BRAZE (BRAZE Inc., USA sowie ggf. Deutschland und Irland), Campaign Monitor (Campaign Monitor Pty Ltd., USA as well as Germany and Australia, if applicable), Customer.io (Peaberry Software Inc., USA) for marketing emails. Therefore, your data is stored in a database of the aforementioned providers, which allows the respective providers to access your data if this is necessary for the provision of the software and for support in the use of the software. We have concluded so-called standard contractual clauses with the providers for data protection compliance. For the USA, an adequacy decision of the EU Commission is available, the Data Privacy Framework (DPF). More detailed information on data processing by the providers can be found in the data protection declaration of the respective provider. The legal basis for this processing is our legitimate interest within the meaning of Article 6 (1) f DSGVO in the use of the services of third-party providers.
We use Typeform software for newsletter sign-ups and for collecting additional data from newsletter subscribers, such as travel preferences, first name, last name, salutation, date of birth, etc. Your data will be temporarily stored in the provider's database. Typeform may access your data if this is necessary for providing the software and for supporting its use. We have entered into Standard Contractual Clauses with the provider to ensure compliance with data protection regulations. You can find more detailed information about the provider’s data processing in their privacy policy. The legal basis for this processing is our legitimate interest according to Article 6(1)(f) of the GDPR in using third-party services.
8. Disclosure to third parties and third party access
We will only disclose your personal data if you have expressly consented to this, if this is necessary for the initiation or execution of the contract, if there is a legal obligation to do so, or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship or other rights, or if the processing is carried out to protect a legitimate interest on our part or on the part of third parties.
We will only disclose your personal data to third parties if you have expressly consented to this, if this is necessary for the initiation or execution of the contract, if there is a legal obligation to do so, or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship or other rights, or if the processing is carried out to protect a legitimate interest on our part or on the part of third parties
Darüber hinaus weitergeben wir Ihre Daten an Dritte, soweit dies im Rahmen der Nutzung der Website für die Bereitstellung der von Ihnen gewünschten Dienstleistungen sowie der Analyse Ihres Nutzerverhaltens erforderlich ist. As far as this is necessary for the purposes mentioned in sentence 1, the transfer may also take place abroad. Where the website contains links to third-party websites, Switzerland Tourism has no control over the collection, processing, storage or use of personal data by such third parties after you have clicked on the link and accepts no responsibility for this.
In addition to the third parties already mentioned in this privacy statement, personal data may be transferred to internal or external recipients, in particular:
Internally to the authorized personnel of our companies, in particular:
- IT department
- Marketing Department
- Finance Department
External to:
- Märkte Representations: Überdies übermittitt we your data to our Märkte representations. They may use your data for the same purposes as we do, as described in this privacy statement. The Märkte agencies will have access in particular to your master data, contract data and registration data as well as behavioral and preference data in order to make you offers from their own range of products and services or to advertise them. If you wish to object to disclosure and use for marketing purposes, you may do so by contacting us (section 2), even if this concerns another company, because data has already been disclosed. The recipients usually process the data on their own responsibility.
- Service providers: We work with service providers in Germany and abroad who (i) on our behalf, (ii) under joint responsibility with us, or (iii) under their own responsibility process data that they have received from us or collected for us. These service providers include, for example, IT service providers (providers of software solutions), services for processing booking data or in the area of CRM, payment processing, advertising agencies or consulting companies). For information on the service providers used for the website, see section 13 et seqq. Central service providers in the IT area for us are Microsoft and AWS. More information on how Microsoft processes data can be found here; for the use of Microsoft Teams in particular here. More information about how AWS processes data can be found here. We generally enter into agreements with these third parties regarding the use and protection of personal data
- Customers and other contractual partners: This refers first of all to customers and other contractual partners of ours, for which a transfer of your data arises from the contract (for example, because you are working for a contractual partner or he provides services for you). This category of recipients also includes contractual partners with whom we cooperate or who advertise for us and to whom we therefore transfer data about you for analysis and marketing purposes (these may be, for example, tourism partners and tourism service providers, sponsors and providers of online advertising). We require these partners to send you advertising or play it out based on your data only if you have consented to this (for the online area, see sections 13 ff.). Our central cooperation partners are listed here; our online advertising contract partners are listed in item 13 ff.
- Authorities and Courts: We may disclose personal data to authorities, courts and other authorities in Germany and abroad if we are required to do so by law or if this is necessary to protect our rights, in particular to enforce claims arising from our relationship with you. These recipients process the data under their own responsibility.
- Other persons: This refers to other cases where the involvement of third parties arises from the purposes stated in this privacy statement (e.g. media and press offices).
All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We also allow certain third parties to collect personal data from you on our website and on our occasions on their own responsibility (e.g. media photographers, providers of tools that we have integrated on our website, etc.). Insofar as we are not decisively involved in these data collections, these third parties are solely responsible for them. If you have any concerns or wish to assert your data protection rights, please contact these third parties directly.
9. Data transfer abroad
We are entitled to transfer your personal data also to third parties abroad, in particular to our Märkte representations, if this is necessary to carry out the data processing mentioned in this privacy statement. Your data may therefore be processed both in Europe and potentially in any country worldwide (e.g. via subcontractors of our service providers). In particular, you should expect that your data may be transferred to other countries in Europe and around the world where our market offices or some of the IT service providers we use (such as Microsoft and Google) are located.
If a recipient is located in a country without adequate data protection, we contractually obligate it to comply with an adequate level of data protection (for this purpose, we use the standard contractual clauses of the European Commission, available here), unless it is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have consented or if it is a matter of data made generally accessible by you, the processing of which you have not objected.
EU-US Trans-Atlantic Data Privacy Framework: Within the framework of the so-called «Data Privacy Framework» (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA as safe within the framework of the adequacy decision of 10.07.2023. The list of certified companies as well as further information on the DPF can be found on the website of the US Department of Commerce. We will inform you which service providers we use are certified under the Data Privacy Framework as part of the Privacy Notice.
10. Retention Periods
We retain personal data only for as long as is necessary to use the processing in our legitimate interests, to perform services to the extent set out above that you have requested or consented to, and to comply with our legal obligations. Contractual data will be retained by us for a longer period of time, as this is required by legal retention obligations. Retention obligations that require us to retain data result in particular from accounting and tax law. According to these regulations, business communications, concluded contracts and accounting records must be retained for up to 10 years or, in the case of users residing in France, for up to 5 years. If we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used if this is necessary to fulfill the retention obligations or to defend and enforce our legal interests. The data will be deleted as soon as there is no longer any obligation to retain the data and no longer any justified interest in retaining it.
B. Special Notes
11. Log File Data
When you visit our website, the servers of our hosting providers (UNIC AG (Switzerland), Fastly Inc.(USA), AWS (USA), LIIP AG (Switzerland), Netlify (USA)) temporarily store each access in a log file (so-called log file). This may also result in a transfer to servers abroad, e.g. in the USA (cf. in this regard, in particular with regard to the guarantees provided, section 9). The following data is collected without your intervention and stored until automated deletion by us:
- the IP address of the requesting computer,
- the date and time of access,
- the name and URL of the file accessed,
- the website from which the access was made
- the operating system of your computer and the browser you are using (including type, version and language setting),
- the type of device in the case of access by cell phones,
- the city or region from where the access occurred,
- the name of your Internet access provider.
The collection and processing of this data is done for the purpose of enabling the use of our website (connection establishment), to ensure system security and stability permanently and to enable the optimization of our Internet offering, as well as for internal statistical purposes. In particular, the IP address is used to record the country of residence of the website visitor and to preset the language of the website accordingly. Furthermore, in the event of attacks on the network infrastructure of www.myswitzerland.com or the suspicion of other unauthorized or abusive website use, the IP address and other data will be evaluated for the purpose of clarification and defense and, if necessary, used in the context of criminal proceedings for identification and civil and criminal action against the users concerned.
In the purposes described above, there is our legitimate interest in data processing within the meaning of Art. 6 (1) lit. f DSGVO.
Finally, when you visit our website, we use cookies as well as applications and tools that are based on the use of cookies. In this context, the data described here may also be processed. You will find more details in the following sections of this privacy statement
12. Cookies
When using our website (including newsletters and other digital offers), data is generated that is stored in logs (especially technical data). In addition, we may use cookies and similar technologies (e.g. pixel tags or fingerprints) to recognize website visitors, evaluate their behavior and recognize preferences. A cookie is a small file that is transferred between the server and your system and enables the recognition of a specific device or browser. We use cookies, for example, to better tailor the information, offers and advertising displayed to you to your individual interests. Their use does not result in us obtaining new personal data about you as an online visitor. Most Internet browsers accept cookies automatically. You can, however, configure your browser so that no cookies are stored on your computer or a message always appears when you receive a new cookie. You can also disable or delete cookies on a case-by-case basis. You can find out how to manage cookies in your browser in the help menu of your browser.
We use OneTrust (OneTrust Technology Limited, United Kingdom) as our consent tool. With this data protection management software, we offer you the possibility to consent to the storage of cookies in a legally compliant manner and to ensure the revocation of consent. Furthermore, the consent is documented for legal proof and the setting of cookies is technically controlled. Cookies are used for this purpose, which saves your cookie settings on our website. In this way, your cookie settings can be retained when you visit our platforms again, as long as you do not delete the cookies beforehand. You can adjust your settings at any time.
Disabling cookies may prevent you from using all the features of our website.
13. Tracking and Web Analysis Tools
13.1 General tracking information
For the purpose of demand-oriented design and continuous optimization of our website, we use the web analysis services listed below. In this context, pseudonymous user profiles are created and cookies are used. The information generated by the cookie about your use of this website is usually transmitted to a server of the service provider together with the log file data listed in section 11, where it is stored and processed. This may also result in a transfer to servers abroad, e.g. the USA (cf. in this regard, in particular with regard to the guarantees provided, section 9).
By processing the data, we receive, among other things, the following information:
- Navigation path taken by a visitor on the site (including content viewed and products selected or purchased or services booked),
- duration on the website or subpage,
- the subpage on which the website is left,
- the country, region or city from where an access is made,
- end device (type, version, color depth, resolution, width and height of the browser window) and
- Recurring or new visitor.
On our behalf, the provider will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing other services relating to website activity and internet usage for the purposes of market research and tailoring these internet pages to your needs. For these processing operations, we and the providers may be considered jointly responsible under data protection law up to a certain extent.
The legal basis of these data processing operations with the following tools is your consent within the meaning of Art. 6 para. 1 lit. a DSGVO. You can revoke your consent or refuse the processing at any time by rejecting or turning off the relevant cookies in your web browser settings (see section 12) or by making use of the service-specific options described below.
You may refuse the use of cookies by selecting the appropriate settings on your browser
For the further processing of the data by the respective provider as the (sole) responsible party under data protection law, in particular also any disclosure of this information to third parties such as authorities on the basis of national statutory provisions, please refer to the respective data protection information of the provider.
13.2 Analysis services
Currently, we can use offers of the following service providers in particular, whereby their contact details and further information on the individual data processing can be found in the respective data protection statement:
- Services provided by Microsoft: Operator of the IT operating infrastructure; Service provider: Microsoft Corporation (USA) or Microsoft Ireland Operations Limited (Ireland); Data protection information: «Privacy at Microsoft», «Privacy (Trust Center)», «privacystatement»; contract: «Microsoft Products and Services Data Protection Addendum (DPA)»; Basic Third Countryübmittlung: Data Privacy Framework (DPF), Standard Contractual Clauses «Microsoft Products and Services Data Protection Addendum (DPA)».
- Services provided by Google: Web analytics and reach measurement; Service Provider: Google LLC (USA) and Google Ireland Limited (Ireland), respectively; Privacy Statement: «principles on privacy and security», privacy statement, «Privacy Guide in Google Products», «Cookie types used by Google and other technologies», «Personalized advertising» (activation / deactivation / settings)»; Order processing contract: «Contract Data Processing Terms for Google Advertising Products»; Basic Third Countryüb Transfers: Data Privacy Framework (DPF), Standard Contractual Clauses «Contract Data Processing Terms for Google Advertising Products».
Google Looker Studio would need to be explicitly mentioned here (https://lookerstudio.google.com/u/0/navigation/reporting) - Services of Meta: Web analytics and reach measurement; Service Provider: Meta Platforms Inc. (USA) or Meta Platforms Ireland Ltd. (Ireland); Privacy Statement: «Privacy Center», «Help section of Meta», «privacy statement», «advertising settings of Facebook»; contract: «Data Processing Terms»; Basic Third Country: Data Privacy Framework (DPF), Standard Contractual Clauses «META CONTRACTUAL AGREEMENT FOR THE &UUUMl;PROCESSING OF EUROPEAN DATA».
- STAPE: Web analytics and audience measurement; Service provider: Stape Europe OÜ (Estonia); Privacy Policy: «STAPE privacy features», «Privacy Policy at STAPE», «Data protection declaration»; Legal foundation: Consent (Art. 6 para. 1 lit. a GDPR); Basis third country transfer: Data Privacy Framework (DPF), standard contractual clauses.
- JENTIS: Web analytics and reach measurement; Service provider: JENTIS GmbH (Österreich); Data protection information: «JENTIS privacy features», «Privacy at JENTIS», «Privacy Statement»; Legal basis: Consent (Art. 6 para 1 lit. a DSGVO); Basis third countryübermittlung: Data Privacy Framework (DPF), standard contractual clauses «».
- Twitter Analytics: web analytics and reach measurement; Service Provider: X Corporation (USA) / Twitter International Unlimited Company (Ireland):; Privacy Disclosures: «Twitter Privacy Center», «Privacy Settings», «privacy notices»; order processing agreement: «Twitter Data Processing Addendum»; Basic Third Country: Data Privacy Framework (DPF), Standard Contractual Clauses «Twitter Data Processing Addendum».
- adverity: Web analytics and reach measurement; Service provider: Adverity GmbH (ÖAustria); Data protection disclosures: «Data protection declaration», «Data Security», «Terms»; Order Processing Agreement: «Data Processing Agreement».
- YouTube: Social network and video platform; Service provider: Google LLC (USA) or Google Ireland Limited (Ireland); Privacy statement: «Data Privacy Statement»; Order Processing Agreement: «Order Data Processing Terms and Conditions for Google Advertising Products»; Basic Third Countryüb Transfer: EU-US Data Privacy Framework (DPF). Opposition (Opt-Out): «Opt-Out
- Google Maps: Online map service; Service provider: Google LLC (USA) resp. Google Ireland Limited (Ireland); Data privacy statement: «Data privacy statement»; Order processing agreement: «Contract Data Processing Terms for Google Advertising Products»; Basic Third Countryübmittance: Data Privacy Framework (DPF), Standard Contractual Clauses «Contract Data Processing Terms for Google Advertising Products».
- Aymo: Reach measurement and web analytics: Service provider APG|SGA AG (Switzerland); Data protection information: ‘Privacy policy’; ‘Data protection notice’; ‘Terms and conditions’
14. Online Advertising and Targeting
14.1 General information about online marketing
We use services of various companies to provide you with interesting offers online. In doing so, your user behavior on our website and websites of other providers is analyzed in order to subsequently be able to show you online advertising tailored to your individual needs.
Most technologies for tracking your user behavior («Tracking») and for the targeted display of advertising («Targeting») work with cookies, with which your browser can be recognized üacross different websites. Depending on the service provider, it may also be possible for you to be recognized online even when using different end devices (e.g. laptop and smartphone). This may be the case, for example, if you have registered for a service that you use with several devices.
In addition to the data already mentioned, which is generated when websites are called up («log file data») and when cookies are used and which may reach the companies involved in the advertising networks, the following data in particular is included in the selection of the advertising that is potentially most relevant for you:
- Information about yourself that you provided when registering or using a service from advertising partners (e.g., your gender, age group);
- User behavior (e.g., search queries, interactions with advertisements, types of websites visited, products or services viewed and purchased, newsletters subscribed to)
We and our service providers use this data to identify whether you belong to the target group we address and take this into account when selecting advertisements. For example, after you have visited our site, you may be shown ads for the products or services you have consulted when you visit other sites («re-targeting»). Depending on the scope of the data, a profile of a user may also be created, which is evaluated automatically, and the ads are selected according to the information stored in the profile, such as membership in certain demographic segments or potential interests or behaviors. Such advertisements may be presented to you on various channels, including, in addition to our website or apps, advertisements served through the online advertising networks we use, such as Google.
The data on user behavior also reaches the parties involved in the advertising networks, in particular their operators. For certain campaigns, the data is also transmitted to our partner companies. The data may then be analyzed for the purpose of billing the service provider and assessing the effectiveness of advertising measures in order to better understand the needs of our users and customers and to improve future campaigns. This may include information that the performance of an action (e.g., visiting certain sections of our website or submitting information) is attributable to a particular advertisement. We also receive aggregated reports from the service providers of ad activity and information about how users interact with our website and ads.
The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time by rejecting or disabling the relevant cookies in your web browser settings. You can also find further options for blocking advertising in the information provided by the respective service provider (so-called «Opt-Out»). If no explicit opt-out option has been specified, the following opt-out options are also available, which are offered in summary for the respective regions: a) Europe: Your Online Choices; b) Canada: YourAdChoices; c) USA: AboutAds.
14.2 Services
- Microsoft Advertising: Online marketing practices for the purpose of placing content and ads within the Service Provider's advertising network (e.g., in search results, in videos, on web pages, etc.) so that they are displayed to users who have a presumed interest in the ads. In addition, we measure the conversion of the ads, i.e. whether users have taken them as an opportunity to interact with the ads and use the advertised offers (so-called conversion). However, we only receive anonymous information and no personal information about individual users; Service provider: Microsoft Corporation (USA) or Microsoft Ireland Operations Limited (Ireland); Data protection information: «Privacy Statement», «Opt-Out», «Legal, Privacy and Security»; Task Processing Agreement: «Microsoft Products and Services Data Protection Addendum (DPA)»; Basic Third Countryübmittlung: Data Privacy Framework (DPF), Standard Contractual Clauses «Microsoft Products and Services Data Protection Addendum (DPA)».
- Google Ads: Search engine advertising, advertising based on search queries, among other things, using various domain names – in particular doubleclick.net, googleadservices.com and googlesyndication. com – are used for Google Ads; service provider: Google LLC (USA) and Google Ireland Limited (Ireland); privacy statement: «privacy statement», «Personalized Advertising» (Enable/Disable/Settings)»; Order Processing Agreement: «Contract Data Processing Terms for Google Advertising Products»; Basic Third Countryüb Transfers: Data Privacy Framework (DPF), Standard Contractual Clauses «Contract Data Processing Terms for Google Advertising Products».
- Google Ads Remarketing: Google Remarketing, also called Retargeting, is a technology that adds users who use an online service to a pseudonymous remarketing list so that users can be shown ads on other online advertisements based on their visit to the online service; Service Provider: Google LLC (USA) and. Google Ireland Limited (Ireland); Data protection information: «Privacy Statement», «Personalized Advertising» (Activation / Deactivation / Settings)»; Order Processing Agreement: «Contract Data Processing Terms for Google Advertising Products»; Basic Third Countryüb Transfers: Data Privacy Framework (DPF), Standard Contractual Clauses «Contract Data Processing Terms for Google Advertising Products».
- Meta Pixel and Targeting (Custom Audiences): Social media advertising, remarketing and targeting in particular with the Met Pixel as well as Custom Audiences; Service Provider: Meta Platforms Inc. (USA) or Meta Platforms Ireland Ltd. (Ireland); Data protection information: «Privacy Center», «Privacy Statement», «Advertising Preferences of Facebook»; Order Processing Agreement: «Data Processing Terms»; Basic Third Country: Data Privacy Framework (DPF), Standard Contractual Clauses «META CONTRACTUAL AGREEMENT FOR THE &UUUMl;PROCESSING OF EUROPEAN DATA».
- Facebook Ads: social media advertising, placement of ads within the Facebook platform and analysis of ad results; service provider: Meta Platforms Inc. (USA) or Meta Platforms Ireland Ltd. (Ireland); Data protection: «Privacy Center», «Privacy Statement», «Advertising Preferences of Facebook»; Order Processing Agreement: «Data Processing Terms»; Basic Third Country: Data Privacy Framework (DPF), Standard Contractual Clauses «META CONTRACTUAL AGREEMENT FOR THE &UUUMl;PROCESSING OF EUROPEAN DATA».
- Instagram Ads: Placement of ads within the Facebook platform and analysis of the ad results; Service Provider: Meta Platforms Inc. (USA) or Meta Platforms Ireland Ltd. (Ireland); Data protection: «Privacy Center», «Data protection declaration», «Facebook's advertising settings»; Contract: «Data Processing Terms»; Basic Third Country: Data Privacy Framework (DPF), Standard Contractual Clauses «META CONTRACT AGREEMENT FOR THE &UUUMl;TRANSFER OF EUROPEAN&AUMl;ISCH DATA».
- LinkedIn: Social media advertising, remarketing and targeting especially with the LinkedIn Insight Tag / conversion measurement; Service Provider: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); Privacy Statement: «Privacy Center», «Privacy Statement», «Cookie Policy», «Opt-Out»;Legal basis: Consent (Art. 6 para. 1 lit. a DSGVO); Order processing contract: «LinkedIn Data Processing Agreement»; Basic Third Country: Data Privacy Framework (DPF), Standard Contractual Clauses «LinkedIn Data Processing Agreement».
- Pinterest Tag: Social media advertising, remarketing and targeting in particular with the Pinterest tag / conversion measurement; Service Provider: Pinterest Inc (USA) / Pinterest Europe Limited (Ireland); Privacy Statement: «Track conversions with the Pinterest tag», «Manage privacy and data settings», «Data-Privacy-Declaration», «Opt-Out»; Order-Processing-Contract: «LinkedIn Data Processing Agreement»; Basic Third Country: Data Privacy Framework (DPF), Standard Contractual Clauses «LinkedIn Data Processing Agreement».
- TikTok: social media advertising; Service Provider: TikTok Technology Limited (USA) / TikTok Technology Lim-ited (Ireland) and TikTok Information Technologies UK Limited (United Kingdom); Privacy Statement: «Privacy Policy», «Cookie Policy», «account-privacy-settings», «Privacy and Safety Settings for Teens»; Account Processing Agreement: «Data processing contract»; Basic third countryüb transfer: «Standard contractual clauses».
- Snapchat: Social Media Advertising; Service Provider: Snap Inc (USA); Privacy Disclosures: «Privacy Statement», «Privacy Sphere», «Privacy Settings»; Order Processing Contract: «Data-processing agreement»; Basic third-country standard contractual clauses«standard contractual clauses».
- Outbrain: Display of personalized advertisements; Service Provider: Outbrain United Kingdom Limited (United Kingdom); Privacy Statement: «Privacy Center», «Privacy Statement»; Order Processing Agreement: «Amplify Data Sharing Agreement»; Basic Third Countryüb Transfers: Standard Contractual Clauses.
- BeReal: Social media advertising; Service Provider: BeReal SAS (France); Privacy Statement: «Privacy Statement», «Terms», «Community Standards».
- emplifi: Social Media Advertising; Service Provider: Emplifi Inc.(USA); Privacy Statement: «Privacy Statement», «Terms».
- Teads: Social Media Advertising; Service Provider: Teads SAS (France);; Privacy Statement: «Privacy Statement», «Terms».
15. Social Media
On our website we have included links to our profiles on the social networks of the following providers:
|
|
Meta Platforms Inc (USA) / Meta Platforms Ireland Ltd (Irand): |
|
|
|
Meta Platforms Inc (USA) / Meta Platforms Ireland Ltd (Ireland): |
|
|
|
LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland): |
|
X (formerly Twitter) |
|
X Corporation (USA) / Twitter International Unlimited Company (Ireland): |
|
Snapchat |
|
Snap Inc (USA): |
|
TikTok |
|
TikTok Technology Limited (USA) / TikTok Technology Limited(Ireland) and TikTok Information Technologies UK Limited (United Kingdom): |
|
|
|
Pinterest Inc (USA) / Pinterest Europe Limited (Ireland): |
|
YouTube |
|
Google LLC (USA) / Google Ireland Limited (Ireland): |
When you click on the icons of the social networks, you are automatically redirected to our profile in the respective network. This establishes a direct connection between your browser and the server of the respective social network. This gives the network the information that you have visited our website with your IP address and clicked on the link.
If you click on a link to a network while you are logged into your user account with the network in question, the content of our website can be linked to your profile, so that the network can assign your visit to our website directly to your account. If you want to prevent this, you should log out before clicking on the relevant links. A connection between your access to our website and your user account takes place in any case if you log in to the respective network after clicking on the link. The respective provider is responsible under data protection law for the associated data processing. Therefore, please refer to the information on the website of the network.
The legal basis for any data processing attributed to us is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO in the use and promotion of our social media profiles.
16. Use of our chat function
When you contact us via chat, your personal data will be processed. The data that you have provided to us (e.g. your name, your e-mail address and your request) will be processed. In addition, the time of receipt of the request is documented.
We process this data exclusively in order to implement your request (e.g. providing information über a restaurant, support in contract processing such as questions about your wine order, information on questions about an event or support in registering for an event, inclusion of your Rückmeldung to a visit to a restaurant, etc.). For the provision of the chat function, we use a tool from guuru (GUURU Solutions GmbH, Switzerland). Therefore, your data is stored in a database of guuru, which may allow guuru to access your data if necessary for the provision of the software and for support in the use of the software. Further information on data protection at guuru can be found here.
The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO in the use of timely communication technologies or, if your request is directed to the conclusion or performance of a contract, in the implementation of the necessary measures within the meaning of Art. 6 para. 1 lit. b DSGVO.
17. Registration for a customer account
If you open a customer account on our website, we collect various data from you (e.g. your name, your billing and, if applicable, delivery address, your e-mail address, your login data). The mandatory data in the corresponding form are marked with an asterisk (*). We need the mentioned data for the processing and administration of our website, for checking the plausibility of the data entered, i.e. for the justification, content design, processing and modification of the contractual relationships concluded with you via your user account. The e-mail address and the password together form the login data. The data in the customer account can be viewed and changed by the customer at any time. The legal basis for the processing of your data for the preceding purpose lies in your consent pursuant to Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time by removing the information from your customer account again or by deleting your customer account or, by notifying us, have it deleted. To avoid misuse, you must always keep your login information confidential and should close the browser window when you have finished communicating with us, especially if you share the computer with others.
18. Booking, Ordering or Reservation with Third Parties
On our website there are various ways to make bookings or reservations or to request information material or other services. The corresponding services are provided in each case by third parties. You will be informed accordingly about the forwarding to our partners. Depending on the service, various data will be collected in this context. This is, for example, your first and last name, your address, your e-mail address, your telephone number and, if necessary, your credit card information.
The mandatory information in the corresponding form is marked with an asterisk (*): Failure to provide this information may hinder the provision of booking services. Providing other information is optional and does not affect use of our website.
The data you enter is thereby usually collected directly by the relevant provider or, in the case of certain offers, forwarded to them by us. For such further processing of the data in these cases, the data protection provisions of the respective provider apply. The legal basis for the processing of the aforementioned data lies in the fulfillment of a contract within the meaning of Art. 6 para. 1 lit. b DSGVO.
19. Payment Processing Online
If you purchase bookings for a fee on our website, depending on the service and the desired payment method – in addition to the information mentioned in paragraph 18 – the provision of further data is required, such as your credit card information or login to your payment service provider. This information, as well as the fact that you have purchased a service from us for the amount and at the time in question, will be forwarded to the respective payment service providers (e.g. payment solution providers, credit card issuers and credit card acquirers). Please always refer to the information provided by the respective company, in particular the data protection declaration and the general terms and conditions. The legal basis of this Übermittlung lies in the fulfillment of a contract in accordance with Art. 6 para.1 lit. b DSGVO.
20. Application for a vacancy
You have the option of applying to us spontaneously or üvia a corresponding e-mail address for a specific job posting. For this purpose, we collect various data from you (e.g. your name, address, e-mail address, the documents submitted by the applicant and certificates).
These and other data collected by us may be used for other purposes
We use this data and other data voluntarily provided by you to review your application. Application documents of applicants who are not considered will be deleted after the application process has been completed, unless you explicitly agree to a longer retention period or we are not legally obliged to retain them for a longer period.
The legal basis for the use of your data is that we will not use it for any other purpose
The legal basis for processing your data for this purpose is thus the performance of a contract (pre-contractual phase) in accordance with Art. 6 para.1 lit. b DSGVO.
21. Video monitoring
In order to prevent abuses and to take action against illegal behavior (esp. theft and damage to property), the entrance area and the publicly accessible areas of our companies are monitored by cameras. The image data is only viewed if there is a suspicion of illegal behavior.
For the provision of the video überwachungssystems we rely on a service provider who may have access to the data, provided that this is necessary for the provision of the system. Should the suspicion of illegal conduct arise, the data may then be disclosed to consulting companies (in particular our law firm) and authorities to the extent necessary to enforce claims or file charges.
The legal basis is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO in the protection of our property and the protection and enforcement of our rights.
22. Payment processing
When you purchase products or services or pay for your restaurant visit using electronic payment methods, the processing of data is required. By using the payment terminals übermittmitteln you the information stored in your payment means, such as the name of the cardholder and the card number, to the involved payment service providers (eg providers of payment solutions, credit card issuers and credit card acquirers). They also receive the information that the payment method was used in one of our companies, the amount and the time of the transaction. Conversely, we only receive the credit for the amount of the payment made at the relevant time, which we can assign to the relevant document number, or information that the transaction was not possible or was cancelled. Please always refer to the information provided by the respective company, in particular the data protection declaration and the general terms and conditions. The legal basis of this Übermittlung lies in the fulfillment of the contract with you according to Art. 6 para.1 lit. b DSGVO.
23. Contractual services
We process the data of our contractual partners and interested parties as well as other clients, customers, clients («contractual partners») in order to provide them with our contractual or pre-contractual services. The data processed in this context, the nature, scope and purpose and the necessity of their processing, are determined by the underlying contractual relationship.
The processed data includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. e-mail addresses and telephone numbers) as well as contract data (e.g. services used, contract contents, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history).
The legal basis for processing your data for this purpose is the fulfillment of a contract according to Art. 6 para.1 lit. b DSGVO.
24. Events
When we hold events (such as to market Switzerland) and study tours, we also process personal data. This includes the name and postal or e-mail address of participants or interested parties and, depending on the event, other data, such as your date of birth or photographs taken during the event. We process this information for the preparation, implementation and follow-up of the events. Data relevant to the implementation of the event may also be passed on to third parties (e.g. hotels, host destination). The legal basis for data processing is your consent within the meaning of Art. 6 (1) DSGVO. Participants may revoke their consent at any time by notifying us. Upon revocation, you are no longer entitled to participate in the event.
25. Sweepstakes and Contests
When you participate in sweepstakes and contests, we collect those personal data that are necessary for the implementation of the sweepstakes or contest. These are usually your name and contact details (e.g. e-mail address). The mandatory information in the corresponding form is marked with an asterisk (*). In the processing of the sweepstakes or contest may also be communication data (eg content of e-mails and other written correspondence, information on the nature, time and possibly place of communication).
This data is used for the purpose of participation in the competition and the competition as well as its implementation, i.e. namely to determine the winners and to be able to contact them. We may share your personal information with our sweepstakes and contest partners, for example, to send you the prize. Participation in the sweepstakes and contest and the associated data collection is, of course, voluntary.
By participating in the competition, participants agree to the processing of the corresponding data for the aforementioned purposes. The legal basis for data processing is therefore your consent within the meaning of Art. 6 (1) DSGVO. Participants may revoke their consent at any time by notifying us. Upon revocation, the participants are no longer entitled to participate in the sweepstakes or contest. Detailed instructions can be found in our conditions of participation for the respective sweepstakes and competition.
26. Surveys and polls
We conduct surveys and polls to collect information for the respective communicated survey or poll purpose. The surveys and interviews we conduct (hereinafter referred to as surveys) are analyzed anonymously. If you participate in surveys, we collect the personal data that is required to conduct the surveys. This is usually your name and your contact details (e.g. e-mail address, telephone number). The mandatory data in the corresponding form are marked with an asterisk (*). During the processing of the surveys, communication data may also be collected (e.g. content of e-mails and other written correspondence, information on the type, time and possibly location of the communication).
By participating in the surveys, you consent to the processing of the corresponding data for the aforementioned purposes. The legal basis for data processing is therefore your consent within the meaning of Art. 6 (1) DSGVO. You can revoke your consent at any time by notifying us. Detailed instructions can be found in our conditions of participation for the respective sweepstakes and contests.
27. Market Research
We do not use the data collected as part of market research for advertising purposes. You will find detailed information (in particular on the evaluation of your data) in the context of the respective survey or where you provide your data. Your answers to surveys will not be passed on to third parties or made public. The basis for processing your personal data is the existence of your consent. The legal basis of this transmission lies in the fulfillment of the contract with you according to Art. 6 para.1 lit. b DSGVO.
28. Profiling and automated decision-making
For the establishment and implementation of the business relationship and otherwise, we do not use any fully automated automated decision-making in principle. If we use such procedures in individual cases, we will inform you separately here, provided that this is required by law and inform you about the associated rights.
General
This page was last modified on December 5, 2024
This page has been translated from German. For legal matters, the German version of this page shall apply. (You can change the language to "German" at the top or bottom of the page.)