6.1
1 CONTACTS
1.1 RESPONSIBLE
We, the following companies:
Bürgenstock Hotels AG, Bürgenstock 17, 6363 Obbürgen, Switzerland (CHE105.841.711), operator of the websites www.burgenstockresort.com and www.buergenstock-waldhotel.ch
are responsible for the collection, processing and use of your personal data and the compliance of the data processing with the applicable data protection law on the respective website.
Bürgenstock Bahn AG, Bürgenstock 17, 6363 Obbürgen, Switzerland (CHE108.107.719) and the
Hammetschwand Lift AG, Bürgenstock 2c, 6363 Obbürgen, Switzerland (CHE106.643.533)
are responsible for the collection, processing and use of your personal data and the compatibility of the data processing with the applicable data protection law with the services provided by these companies.
We handle your data confidentially.
The protection of your personality data and your privacy is important to us. We guarantee that your personal data will be processed in accordance with the applicable provisions of data protection law.
To summarise, we process personal data exclusively in accordance with the following principles:
You yourself decide on the processing of your personal data.
Within the legal framework, you can refuse data processing or withdraw your consent or have your data deleted at any time.
We offer you added value when processing your data.
We use your data exclusively in the context of providing our services and to offer you added value (e.g. customised offers, information and support). We therefore only use your data for the development, provision, optimisation and evaluation of our services or for maintaining the customer relationship.
Your data will not be sold.
Your data will only be disclosed to selected third parties listed in this privacy policy and only for the purposes explicitly stated. If we commission third parties to process data, they are obliged to comply with our data protection standards.
We guarantee the security and protection of your data.
We guarantee careful handling of your data as well as its security and protection. We take the necessary organisational and technical precautions to ensure this. Below you will find detailed information on how we handle your data.
1.2 DATA PROTECTION CONSULTANT / DATA PROTECTION OFFICER
For questions in connection with data protection and for information regarding your rights and how to assert them, please contact our data protection officer:
data-privacy@burgenstockresort.com
1.3 NAME AND ADDRESS OF THE EU REPRESENTATIVE
We have the following data protection representation in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein as an additional point of contact for supervisory authorities and data subjects for enquiries in connection with the General Data Protection Regulation (GDPR): VGS Datenschutzpartner UG, Am Kaiserkai 69, 20457 Hamburg, Germany, INFO@DATENSCHUTZPARTNER.EU
2 DATA PROCESSING IN CONNECTION WITH OUR WEBSITE
2.1 ACCESS TO OUR WEBSITE
When you visit our website, our servers temporarily store every access in a log file. As with every connection to a web server, the following technical data is recorded without any action on your part and stored by us until it is automatically deleted after 12 months at the latest:
• the IP address of the requesting computer,
• the name of the owner of the IP address range (usually your Internet access provider),
• the date and time of access,
• the website from which the access was made (referrer URL) with the search term used, if applicable,
• the name and URL of the retrieved file,
• Country from which access is done;
• the status code (e.g. error message),
• Time zone difference to Greenwich Mean Time (GMT)
• the operating system of your computer,
• the browser you are using (type, version and language),
• the transmission protocol used (e.g. HTTP/1.1) and
• If applicable, your username from a registration/authentication.
This data is collected and processed for the purpose of enabling the use of our websites (establishing a connection), ensuring system security and stability in the long term and enabling the optimisation of our website as well as for internal statistical purposes. This constitutes our legitimate interest in data processing.
The IP address is also analysed together with the other data in the event of attacks on the network infrastructure or other unauthorised or abusive use of the website for clarification and defence purposes and, if necessary, used in the context of criminal proceedings for identification and for civil and criminal proceedings against the users concerned. This is our legitimate interest in data processing.
We use Google reCaptcha on our websites to protect the technical systems and to prevent abusive automated entries in web forms. reCaptcha is an offer from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).
When you visit one of our websites in which reCaptcha is integrated, a connection to the Google servers is established. A reCaptcha cookie is set. Your IP address is transmitted to Google. In addition, reCaptcha collects the following data (fingerprinting):
• the date
• the browser language
• CSS information for the requested page
• Javascript objects
• Browser plugins used
• Number of mouse clicks and touches you have made on this screen
• the cookies set by Google in the last 6 months
The data is stored and analysed based on our legitimate interest in protecting our website from abusive automated spying and SPAM. Insofar as personal data is transferred to Google in the USA, this is done based on EU standard contractual clauses.
2.2 USE OF OUR CONTACT FORM
Where you have the option of using a contact form on our website to get in touch with us, we generally require the following information:
• Salutation
• First name and surname
• E-mail address
• Telephone number
• Communication
Those entries that are necessary for the smooth processing of your enquiry are marked as mandatory. The entry of other information is optional. We only use this data and the address you provide voluntarily to answer your contact request in the best possible and personalised way. The processing of this data is therefore necessary for the implementation of pre-contractual measures or is in our legitimate interest.
2.3 ENQUIRIES ABOUT MEETINGS, CONFERENCES AND EVENTS
• You have the option of making an enquiry on our website to book a meeting, conference or event. We generally require the following information:
• For which hotel the enquiry applies
• Type of event, description of the event, number of guests
• Event date
• Salutation
• First name and surname
• Company
• Postal address
• E-mail address
• Telephone number
• Event details (VIP participation, catering requirements, conference technology requirements, additional services (flowers, photographer, music, tablecloth, transport, spa time and activities, budget))
Those entries that are necessary for the smooth processing of your enquiry are marked as mandatory. The entry of other information is optional. We only use this data and the address you provide voluntarily to answer your enquiry in the best possible and personalised way. The processing of this data is in our legitimate interest.
Please note that we may pass on your data to third parties if this is necessary in the context of using the websites and processing the contract.
2.4 MICROSOFT TEAMS
We use the "Microsoft Teams" tool to conduct telephone conferences, online meetings, video conferences and/or online seminars (hereinafter: "Online Meetings")
"Microsoft Teams" is a product of Microsoft Corporation, Way, Redmond, WA 980526399, USA
Various types of data are processed when using "Microsoft Teams". The scope of the data also depends on what data information is provided before or during participation in an "online meeting". These are, for example
• User details: e.g. display name, e-mail address if applicable, profile picture (optional), preferred language
• Meeting metadata: e.g. date, time, meeting ID, telephone numbers, location
• Text, audio and video data:
It is possible to use the chat function in an "online meeting". In this respect, the text entries made by the respective user are processed in order to display them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device are processed accordingly for the duration of the meeting. The camera or microphone can be switched off or muted by the user at any time via the "Microsoft Teams" applications.
If "online meetings" are to be recorded, this is communicated transparently in advance and, if necessary, consent is requested.
The chat content is logged when using Microsoft Teams. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. As a rule, however, this will not be the case.
The processing of this data is in our legitimate interest. In these cases, we are interested in the effective organisation of online meetings. Otherwise, the legal basis for data processing when conducting "online meetings" is the contract, insofar as the meetings are conducted within the framework of contractual relationships.
2.5 SUBSCRIBE TO OUR NEWSLETTER
Wherever you have the option of subscribing to our newsletter on our website, registration is required. The following data must be provided as part of the registration process:
• Salutation
• First name and surname
• E-mail address
The above data is necessary for data processing. We process this data exclusively in order to personalise the information and offers sent to you and to better tailor them to your interests.
By registering, you give us your consent to process the data provided for the regular dispatch of the newsletter to the address you have provided and for the statistical evaluation of user behaviour and the optimisation of the newsletter. This consent constitutes our legal basis for processing your e-mail address. We are authorised to commission third parties with the technical processing of the newsletter and are entitled to pass on your data for this purpose.
Registration for the newsletter takes place in a so-called double opt-in procedure. This means that after registering and clicking on the corresponding checkbox, you will receive an e-mail in which you must click on a link to confirm your registration.
The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from the server of the dispatch service provider when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, is initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our endeavour nor that of the mailing service provider to observe individual users. Instead, the analyses help us to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
At the end of each newsletter, you will find a link that you can use to unsubscribe from the newsletter at any time. When unsubscribing, you can voluntarily inform us of the reason for your cancellation. After unsubcribed, your personal data will be deleted. To optimize our newsletter, your data will only be used in anonymized form after the deletion.
You can also send your request to unsubscribe to the following e-mail address: data-privacy@burgenstockresort.com
2.6 ORDER VOUCHERS
You have the option of ordering vouchers on our website. We generally require the following information for this:
• Salutation
• Title
• Company name
• First name and surname
• E-mail address
• Number of persons
• Telephone number
• Voucher type
• Dedication, greeting message and salutation for voucher recipient
• Payment method
The entries that are necessary for the smooth processing of your enquiry are marked as required. Entering other information is optional. We only use this data and the address you provide voluntarily to answer your enquiry in the best possible and personalised way. The processing of this data is in our legitimate interest.
Please note that we may pass on your data to third parties insofar as this is necessary in the context of using the websites and processing the contract.
2.7 OPENING A CUSTOMER ACCOUNT
Wherever you have the option of making bookings on our websites, you can order as a guest or open a customer account. When you register for a customer account, we generally collect the following data:
• Salutation
• First name and surname
• Postal address
• Telephone number
• E-mail address
• Password and security question
The entries that are necessary for the smooth processing of your customer account opening are marked as mandatory. The entry of other information is optional. The purpose of collecting this data and other data you provide voluntarily (e.g. company name) is to provide you with password-protected direct access to your basic data stored with us. You can view your previous and current bookings or manage or change your personal data.
The legal basis for processing the data for this purpose is the consent you have given.
2.8 BOOKING ON THE WEBSITE, BY CORRESPONDENCE OR BY TELEPHONE CALL
If you make bookings for overnight stays, restaurant reservations, leisure activities, wellness services and/or medical services either via our websites, by correspondence (e-mail or letter post) or by telephone call, we generally require the following data to process the contract:
• Salutation
• First name and surname
• Postal address
• Telephone number
• Credit card information
• E-mail address
We will process the data by name in order to record your booking/reservation as requested, to provide the booked services, to contact you in the event of ambiguities or problems and to ensure correct payment.
Those entries that are necessary for the smooth processing of your booking are marked as mandatory or - in the case of telephone bookings - requested by you in person. The entry of other information is optional. We will only use other information that you provide voluntarily (e.g. date of birth, expected arrival time, motor vehicle licence plate, preferences, comments) to process the contract, unless otherwise stated in this data protection declaration or unless you have given your separate consent.
Please note that we may pass on your data to third parties insofar as this is necessary in the context of using the websites and processing the contract.
The legal basis for data processing for this purpose is the fulfilment of a contract.
2.9 ORDERS IN OUR ONLINE SHOP
If you have to register when ordering in our online shop and set a username and a personal password, you can log in with your user name and password on future visits to the website and do not have to re-enter your address and payment information each time you place an order. Your password is stored in encrypted form and cannot be viewed by us.
You must enter the following data when registering:
• Salutation
• First name and surname
• Postal address (billing address)
• Delivery address
• E-mail address
• Telephone number
• Shipping and payment method
The entries that are necessary for the smooth processing of your customer account opening are marked as required. Entering other information is optional.
Your order data is also stored in your customer account.
We use the personal data collected during registration and ordering exclusively for the proper processing of your order. The legal basis for data processing for this purpose is the fulfilment of a contract.
You can view and change the data in your customer account, such as the payment method and delivery address you have selected, at any time. If you update information, we will keep a copy of your original details in order to be able to clarify any questions between you and us.
You have the option of deleting your customer account at any time as soon as there are no more open orders. You can also send your deletion request to the following email address:
data-privacy@burgenstockresort.com
To verify your identity, please send the request directly via e-mail from your user account.
2.10 SERVICES OF THE BÜRGENSTOCK RAILWAY
The Bürgenstock Railway is responsible for the processing of your data. As a public transport company, we are obligated by law to provide transport services together with other transport companies and associations ("direct transport", Art. 16 and 17 of the Passenger Transport Act). In order to make this possible, data that originates from contacting you or from your purchased services, for example, is passed on at national level within the National Direct Transport (NDV), an association of over 240 transport companies (TU) and public transport networks. The individual transport companies and associations are listed here.
The data is stored in the central database NOVA (network-wide public transport connection), which is managed by SBB on behalf of the NDV and for which we are responsible together with the other companies and associations of the NDV. NOVA is a technical platform for the sale of public transport services. It contains all the central elements for the sale of public transport services, such as the customer database. The scope of access to the shared databases by the individual transport companies and associations is governed by a joint agreement. The forwarding of data and its processing by the transport companies and associations in connection with centralised storage is limited to the following purposes:
2.10.1
PROVISION OF THE TRANSPORT SERVICE
To ensure that your journey runs smoothly, your travel and purchase details are forwarded within the NDV.
2.10.2
CONTRACT PROCESSING
We process this data for the establishment, administration and processing of contractual relationships.
2.10.3
MAINTAINING CUSTOMER RELATIONSHIPS AND SUPPORT
We process your data for purposes related to communication with you, in particular to respond to enquiries and assert your rights and to identify and provide you with the best possible support in the event of concerns or difficulties across the entire public transport network, as well as to process any claims for compensation.
2.10.4
TICKET CONTROLAND REVENUE PROTECTION
Customer and season ticket data is required and processed to secure revenue (checking the validity of travel or discount cards, collection, combating abuse). Incidents of travelling without a valid or partially valid ticket can be recorded via the national fare dodger register.
2.10.5
REVENUE DISTRIBUTION
The office of the Alliance SwissPass, managed by ch-integral, fulfils the legal mandate defined in the Swiss Passenger Transport Act to collect travel data for the correct distribution of revenue [https://www.allianceswisspass.ch/de/informationenov-nutzende/kundenbefragungen]. The office acts as the mandate holder for revenue distribution in national direct transport on behalf of the companies that are members of the NDV.
2.10.6
IDENTIFICATION AS PART OF THE AUTHENTICATION OF THE SWISSPASS LOGIN (SSO)
For services that you purchase using the SwissPass login, the data is then stored in the central customer database (NOVA). To enable single sign-on (SSO) (one login for all applications that offer use of their services with the SwissPass login), the aforementioned login, card, customer and service data are also exchanged between the SwissPass central login infrastructure and us as part of the authentication process.
2.10.7
JOINT MARKETING AND MARKET RESEARCH ACTIVITIES
In addition, the data collected when purchasing public transport services (https://www.allianceswisspass.ch/de/informationen-ov-nutzende/Datenschutz) is also processed for marketing purposes in certain cases. If you have given your consent and your data is processed or you are contacted for this purpose, this will only be carried out by the transport company or association from which you purchased the corresponding public transport service. Processing or contact by the other transport companies and networks involved in the NDV will only take place in exceptional cases and under strict conditions, and only if the evaluation of the data shows that a particular public transport service could provide added value for you as a customer. An exception to this is processing and contacting by SBB. SBB manages the marketing mandate for NDV services (e.g. GA travelcard and Half-Fare travelcard) on behalf of NDV and can contact you regularly in this role. We also process your data for market research, to improve our services and for product development.
2.10.8
FURTHER DEVELOPMENT OF PUBLIC TRANSPORT SYSTEMS WITH ANONYMOUS DATA
We analyse their data anonymously in order to be able to further develop the overall public transport system in line with their needs.
2.10.9
CUSTOMER INFORMATION
[For cross-border journeys, we will notify you by e-mail or text message about the upcoming journey and any delays or cancellations. You can unsubscribe from these notifications]. For group travel, we will notify you via SMS about your group
reservation and any delays or cancellations. You can decide for yourself whether you wish to receive these notifications when you book a group trip.
Why do we collect personal data?
We are aware of how important it is for you to handle your personal data with care. All data processing is only carried out for specific purposes. These may arise, for example, from technical necessity, contractual requirements, legal regulations, overriding interest, i.e. for legitimate reasons, or from your consent. We collect, store and process personal data insofar as this is necessary, for example for
• sales and invoicing,
• answering questions and concerns,
For more detailed information on which data is processed for which purposes, please read the following sections.
Where is the data stored?
Your data is generally stored in databases within Switzerland. In some cases listed in this privacy policy, however, the data will also be passed on to third parties based outside Switzerland. If the country in question does not have an adequate level of data protection, we ensure through contractual arrangements with these companies that your data is adequately protected by these companies.
2.11 APPLICATION FOR A JOB ADVERTISEMENT
Wherever you have the opportunity to apply for jobs on our websites, you must submit a complete application. As a rule, the following data must be provided:
• Salutation
• First name and surname
• Language
• Postal address
• Date of birth
• E-mail address
• Telephone number
• Application documents (CV, letter of motivation etc.)
Those entries that are necessary for the smooth processing of your application are marked as mandatory. This data and other information you provide voluntarily will be used to process the application process. Your data will be deleted after 6 months following the respective application process, unless you have given us your consent to use your details for further application processes with us.
The legal basis for data processing is therefore the implementation of pre-contractual measures and our legitimate interest. The legal basis for further data processing is the consent you have given.
We partly use the talent management software "Recruitment App" from Abacus Umantis AG, based in St. Gallen. The recruiting app is integrated into the websites via iFrame and shows vacancies and the option to apply via a form.
When you apply for a job with us, your personal data will be stored and processed on the systems of Abacus Umantis AG.
We have taken the necessary organisational and technical measures with HaufeUmantis AG to ensure the confidentiality of your application. All employees in the HR department and our software partner are obligated to maintain confidentiality regarding personal data as part of their employment contract.
Thanks to automatically activated 128-bit encryption, secure transmission of your data is ensured. The general standards for data security in accordance with the current latest technology are taken into account when processing data.
Further information can be found in the privacy policy:
Privacy Policy | Job Service Maltech AG (Umantis.com)
You can object to this data processing at any time. If you object, we will no longer process your personal data for this purpose. Please send your objection to the following e-mail address:
data-privacy@burgenstockresort.com
2.12 COOKIES
Cookies help in many ways to make your visit to our website easier, pleasant and more meaningful. Cookies are information files that your web browser automatically saves on your computer's hard drive when you visit our website.
For example, we use cookies to temporarily save your selected services and entries when you fill out a form on the website so that you do not have to repeat the entry when you access another subpage. Cookies may also be used to identify you as a registered user after you have registered on the website without you having to log in again when you access another subpage.
The most common types of cookies are explained below for your understanding:
2.12.1SESSION COOKIES:
While you are active on a website, a session cookie is temporarily stored in your computer's memory, in which a session identifier is stored, e.g. to prevent you from having to log in again each time you change pages. Session cookies are deleted when you log out or lose their validity as soon as your session has automatically expired.
2.12.2PERMANENT OR PROTOCOL COOKIES:
A persistent or protocol cookie stores a file on your computer for the period of time specified in the expiry date. These cookies allow websites to remember your information and settings on your next visit. This leads to faster and more convenient access, as you do not have to set your language preferences for our portal again, for example. Once the expiry date has passed, the cookie is automatically deleted when you visit the website that generated it.
2.12.3THIRD-PARTY COOKIES:
Third-party cookies originate from providers other than the operator of the website. They can be used, for example, to collect information for advertising, customised content and web statistics.
You can configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie. On the following pages you will find explanations of how you can configure the processing of cookies in the most common browsers:
MICROSOFTS WINDOWS INTERNET EXPLORER
MICROSOFTS WINDOWS INTERNET EXPLORER MOBILE
MOZILLA FIREFOX
GOOGLE CHROME FOR DESKTOP
GOOGLE CHROME FOR MOBILE
APPLE SAFARI FOR DESKTOP
APPLE SAFARI FOR MOBILE
If you deactivate cookies, you may not be able to use all the functions of our website.