Data protection

瑞士綜覽
簡介

Switzerland Tourism (Morgartenstrasse 5a, 8004 Zurich, Switzerland), an Institute of Swiss Public Law (CHE-108.956.138), operates the website myswitzerland.com and is therefore responsible for the collection, processing and use of your personal data and the compliance of the said data processing with Swiss law.

Table of contents

Privacy policy

1. Responsible party and content of this privacy policy

A. General information

2. Responsible body

3. Data protection advisor

4. Your rights

5. Data security

6. Contacting us

7. Use of your data for marketing purposes

7.1 Central data storage and analysis in the CRM system

7.2 Email marketing and marketing

8. Disclosure to third parties and access by third parties

9. Data transfer abroad

10. Retention periods

B. Special information

11. Log file data

12. Cookies

13. Tracking and web analysis tools

13.1 General information on tracking

13.2 Analysis services

14. Online advertising and targeting

14.1 General information about online marketing

14.2 Services

15. Social media

16. Use of our chat function

17. Registration for a customer account

18. Booking, ordering, or reserving with third parties

19. Online payment processing

20. Applying for a job opening

21. Video surveillance

22. Payment processing

23. Contractual services

24. Events

25. Competitions and contests

26. Surveys and questionnaires

27. Market research

28. Profiling and automated decision-making

29. Artificial intelligence

29.1 Use of language models

30. Use of automation tools

Privacy Policy

1. Responsible party and content of this privacy policy

Switzerland Tourism (hereinafter referred to as “ST” or “we”) collects and processes personal data relating to you or other persons (hereinafter referred to as “third parties”). We use the term ‘data’ here as synonymous with "personal data“ or ”personal information“.

Your trust is important to us, which is why we take data protection seriously and ensure that appropriate security measures are in place. We naturally comply with the provisions of the Federal Act on Data Protection (”FADP") the Data Protection Ordinance (“DSV”) and, where applicable, other data protection regulations, in particular the General Data Protection Regulation (“GDPR”) of the European Union.

In this privacy policy, we describe what we do with your data when you visit myswitzerland.com and other websites owned by us or use our apps (hereinafter collectively referred to as the “website”), use our services, are otherwise connected to us within the scope of a contract, participate in our events, communicate with us, or otherwise interact with us. This is not an exhaustive description; all persons whose personal data we process are covered by this privacy policy.website"), use our apps, purchase our services, otherwise interact with us within the scope of a contract, participate in our events, communicate with us, or otherwise have dealings with us. This is not an exhaustive description; other privacy policies or general terms and conditions and similar documents may govern specific matters.

A. General information

2.  Responsible body

Switzerland Tourism is responsible for the data processing described in this privacy policy, unless otherwise stated in individual cases.

If you have any questions about data protection or wish to exercise your rights, please write to the following address:

Switzerland Tourism
Morgartenstrasse 5a
CH-8004 Zurich

dataprivacy@switzerland.com

3.  Data protection advisor

Our data protection advisor is:

Swiss Infosec AG
Centralstrasse 8A
CH-6210 Sursee

dataprivacy.dpo@switzerland.com

4.  Your rights

You have the following rights under the data protection law applicable to you and to the extent provided therein:

Right to information: You have the right to request access to your personal data stored by us at any time if we process it.

Right to rectification: You have the right to have inaccurate or incomplete personal data corrected.

Right to erasure: You have the right to have your personal data erased under certain circumstances. In individual cases, particularly in the event of statutory retention obligations, the right to erasure may be excluded. In this case, the data may be blocked instead of being erased if the relevant conditions are met.

Right to data portability: You have the right to request that we disclose certain personal data to you in a commonly used electronic format or transfer it to another controller.

Right of withdrawal: You have the right to withdraw your consent at any time. However, processing activities based on your consent prior to withdrawal will not become unlawful.

Right to object: You have the right to object to the processing of your data, in particular for direct marketing purposes, profiling for direct advertising, and other legitimate interests in processing.

Right to further information: You have the right to request further information necessary for the exercise of these rights.

Automated individual decisions: You have the right to state your point of view in the case of automated individual decisions and to request that the decision be reviewed by a natural person.

To exercise these rights, please send us an email to the following address: dataprivacy@switzerland.com.

Right to lodge a complaint: You also have the right to enforce your claims in court or to lodge a complaint with the competent data protection authority.

Please note that these rights are subject to certain conditions, exceptions, or restrictions (e.g., if we are required to retain or process certain data, have an overriding interest in doing so (to the extent that we are permitted to invoke this), or need the data to assert claims or defend against legal claims).We will inform you accordingly if necessary.

5.  Data security

We use appropriate technical and organizational security measures to protect your personal data stored with us against loss and unlawful processing, in particular unauthorized access by third parties. Our security measures are continuously adapted in line with technological developments. However, security risks cannot be completely ruled out; residual risks are unavoidable.

We also take internal data protection very seriously. Our employees and the service providers we commission are bound by confidentiality and data protection obligations. Furthermore, these persons are only granted access to personal data to the extent necessary for the performance of their tasks.

6.  Contacting us

If you contact us via our contact addresses and channels (e.g. by email, telephone or contact form), your personal data will be processed. The data you provide us with will be processed (e.g. your name, email address or telephone number and your request). The data collected in the case of a contact form is evident from the respective form.(e.g., your name, email address, or telephone number and your request). The data collected in the case of a contact form can be seen in the respective form. In addition, the time of receipt of the request is documented. Mandatory information is marked with an asterisk (*) in contact forms.

We process this data exclusively for the purpose of fulfilling your request (e.g., providing information). Our legitimate interest in fulfilling your request lies within the meaning of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time (see section 4).

7.  Use of your data for marketing purposes

7.1 Central data storage and analysis in the CRM system

If it is possible to clearly identify you, we will store and link the data described in this privacy policy, i.e. in particular your personal details, your contact details, your contract data and your surfing behaviour on our websites in a central database and link them together. This serves the efficient management of customer data and allows us to respond appropriately to your concerns and enables the efficient provision of the services you have requested and to process the associated contracts. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the efficient management of user data. We evaluate this data in order to further develop our offers in line with your needs and to display and suggest the most relevant information and offers to you. We also use methods that are based on your website usage. and to display and suggest information and offers that are as relevant as possible to you. We also use methods that predict possible interests and future orders based on your website usage. The legal basis for this data processing is our legitimate interest in carrying out marketing measures. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in carrying out marketing measures.

When you register for our email newsletter, various data is collected from you (e.g., your name and email address). The mandatory fields in the registration form are marked with an asterisk (*).

By registering, you give us your consent to process the data provided for the regular dispatch of the newsletter to the address you have provided and for the statistical evaluation of usage behavior and the optimization of the newsletter. This consent constitutes our legal basis for data processing within the meaning of Art. 6 para. 1 lit. a GDPR. In order to prevent misuse and to ensure that the owner of an email address has actually given their consent, we use the double opt-in procedure for registration. After submitting your registration, you will receive an email from us containing a confirmation link. To definitively subscribe to the newsletter, you must click on this link. If you do not click on the confirmation link within the specified period, our newsletter will not be delivered to this address.

We use your data for sending emails until you revoke your consent. You can revoke your consent at any time, in particularvia the unsubscribe link in all our marketing emails. Unsubscribed and inactive profiles, as well as those without a completed double opt-in, will be automatically deleted after a certain period of time. Further processing will only take place in anonymized form for the purpose of optimizing our newsletter.

Our marketing emails may contain a so-called web beacon or 1x1 pixel (tracking pixel) or similar technical tools. A web beacon is an invisible graphic that is linked to the user ID of the respective newsletter subscriber. For each marketing email sent, we receive information about which addresses have not yet received the email, to which addresses it was sent, and at which addresses the delivery failed. It also shows which addresses opened the email, how long they were open, and which links were clicked. Finally, we also receive information about which addresses have unsubscribed. We use this data for statistical purposes and to optimize the advertising emails in terms of frequency, timing, structure, and content of the emails. This allows us to better tailor the information and offers in our emails to the individual interests of the recipients.

The web beacon is deleted when you delete the email. To prevent the use of web beacons in our marketing emails, please set the parameters of your email program so that HTML is not displayed in messages, if this is not already the case by default.auml;ssig der Fall ist. In the help sections of your email software, you will find information on how to configure this setting, e.g. here for Microsoft Outlook.

By subscribing to the newsletter, you also consent to the statistical analysis of user behavior for the purpose of optimizing and adapting the newsletter. This consent constitutes our legal basis for processing the data within the meaning of Art. 6 para. 1 lit. a GDPR.

We use the email marketing software BRAZE (BRAZE Inc., USA and, where applicable, Germany and Ireland), Campaign Monitor (Campaign Monitor Pty Ltd., USA and, where applicable, Germany and Australia) and Customer.io (Peaberry Software Inc., USA) for marketing emails. Your data is therefore stored in a database of the aforementioned providers, which allows the respective providers to access your data if this is necessary for the provision of the software and for support in using the software. We have concluded standard contractual clauses with the providers to ensure compliance with data protection regulations.For the USA, there is an adequacy decision by the EU Commission, the Data Privacy Framework (DPF). You can find more detailed information on data processing by the providers in the privacy policy of the respective provider. The legal basis for this processing is our legitimate interest within the meaning of Article 6(1)(f) GDPR in using the services of third-party providers.

In the context of marketing and advertising measures, we may transfer certain personal data (e.g., email address, telephone number) to partners such as Facebook, Google, or other Braze Audience Sync partners in order to exclude existing users from advertisements or to address similar target groups (so-called lookalike audiences). Before transmission, this data is pseudonymized using the SHA256 hash algorithm. The recipients do not have access to the plain text data and may only use it for comparison purposes. We do not use this data to create or expand profiles. You can object to this data processing at any time (see section 4).

We use Typeform software for newsletter registrations and for deleting additional data from newsletter subscribers, such as travel preferences, first name, last name, title, date of birth, etc. Your data is temporarily stored in the provider's database. Typeform can access your data if this is necessary for the provision of the software and for support in using the software. We have concluded a standard data processing agreement with the provider to ensure compliance with data protection regulations. You can find more detailed information on data processing by the provider in the provider's privacy policy.The legal basis for this processing is our legitimate interest within the meaning of Article 6(1)(f) GDPR in using the services of third-party providers.

8.  Disclosure to third parties and access by third parties

We will only disclose your personal data if you have expressly consented to this, if it is necessary for the initiation or execution of the contract, if there is a legal obligation to do so, or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship or other rights.if there is a legal obligation to do so, or if it is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship or other rights, or if the processing is carried out to protect a legitimate interest on our part or on the part of third parties.

In addition, we pass on your data to third parties to the extent that this is necessary within the scope of the use of the website for the provision of the services you have requestedor to analyze your user behavior. Insofar as this is necessary for the purposes specified in sentence 1, the data may also be transferred abroad. If the website contains links to third-party websites, Switzerland Tourism has no influence over the collection, processing, or storage of personal data by these third parties and accepts no responsibility for this. storage or use of personal data by the third party and accepts no responsibility for this.

In addition to the third parties already mentioned in this privacy policy, personal data may be transferred to internal or external recipients, in particular:

Internally to authorized personnel of our companies, in particular:

  • IT department
  • Marketing department
  • Finance department

Externally to:

  • Market representatives: In addition, we transfer your data to our market representatives. They may use your data for the same purposes as us, as described in this privacy policy. The market representatives have access in particular to your master, contract, and registration data, as well as behavioral and preference data, in order to provide you with offers from their own range of products and services.auml;rkte representatives have access in particular to your master data, contract data, registration data, and behavioral and preference data in order to provide you with offers from their own range of products and services or to advertise these. If you wish to object to the transfer and use of your data for marketing purposes, you can do so via us (section 2), even if this concerns another company, because data has already been transferred.If you object to the transfer and use of your data for marketing purposes, you can do so via us (Section 2), even if this concerns another company, because data has already been transferred. The recipients generally process the data on their own responsibility.
  • Service providers: We work with service providers in the US and abroad who (i) on our behalf, (ii) in joint responsibility with us, or (iii) on their own responsibility process data that they have received from us or collected for us. These service providers include, for example, IT service providers (providers of software solutions), services for processing booking data or in the area of CRM, payment processing, advertising agencies, or consulting firms. For the service providers used for the website, see sections 13 ff. Our main service providers in the IT sector are Microsoft, AWS, Railway, and Snowflake. For more information on how Microsoft processes data, please click here; for the use of Microsoft Teams in particular here. For more information on how AWS processes data, please visit here. For more information on how Railway processes data, please visit here. For more information on how Snowflake processes data, please visit here. We generally enter into agreements with these third parties regarding the use and protection of personal data.
  • Customers and other contractual partners: This primarily refers to customers and other contractual partners of ours who require your data to be transferred as part of the contract (e.g., because you work for a contractual partner or because they provide services for you). This category of recipients also includes contractual partners with whom we cooperate or who advertise for us and to whom we therefore transfer data about you for analysis and marketing purposes (these may include, for example, tourism partners and tourism service providers, sponsors, and online advertising providers). We require these partners to only send you advertising or display advertising based on your data if you have consented to this (for the online area, see sections 13 ff.). Our main cooperation partners are here; our online advertising partners are listed in section 13 ff.
  • Authorities and courts: We may disclose personal data to government agencies, courts, and other authorities in the United States and abroad if we are required to do so by law or if it is necessary to protect our rights, in particular to enforce claims arising from our relationship with you. These recipients process the data on their own responsibility.
  • Other persons: This refers to other cases where the involvement of third parties arises from the purposes stated in this privacy policy (e.g., media and press offices).

All of these categories of recipients may in turn involve third parties, meaning that your data may also become accessible to them. We alsoWe also allow certain third parties to collect personal data from you on our website and at events we organize, for example, media photographers, providers of tools that we have integrated into our website, etc. Insofar as we are not significantly involved in this data collection, these third parties are solely responsible for it. If you have any concerns or wish to exercise your data protection rights, please contact these third parties directly.

9.  Data transfer abroad

We are also entitled to transfer your personal data to third parties abroad, in particular to our market representatives, if this is necessary for the data processing operations specified in this privacy policy. Your data may therefore be processed both in Europe and potentially in any country worldwide (e.g.via subcontractors of our service providers). In particular, you must expect your data to be transferred to other countries in Europe and around the world where our market representatives or some of the IT service providers we use (such as Microsoft and Google) are located.

If a recipient is located in a country without adequate data protection, we contractually oblige them to maintain an adequate level of data protection (we use the standard contractual clauses of the European Commission, available here), unless they are already subject to a legally recognized set of rules for ensuring data protection and we cannot rely on an exception provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases ofwhere there is an overriding public interest or if contract processing requires such disclosure, if you have given your consent or if the data is generally accessible by you and you have not objected to its processing.

EU-US Trans-Atlantic Data Privacy Framework: Within the framework of the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA as adequate within the framework of the adequacy decision of July 10, 2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce. We will inform you in our privacy policy which service providers we use that are certified under the Data Privacy Framework.

We only store personal data for as long as necessary to use the processing within the scope of our legitimate interest, to perform the services you have requested or to which you have given your consent, and to comply with our legal obligations. Contract data is stored by us for longer, as this is required by statutory retention obligations. Retention obligations that require us to store data arise in particular from accounting and tax law. In accordance with these regulations, business communications, concluded contracts, and booking receipts must be retained for up to 10 years or, in the case of users residing in France, for up to 5 years. If we no longer need this data to provide services to you, it will be blocked. This means that the data may then only be used if this is necessary to fulfill the storage obligations or to defend and enforce our legal interests. The data will be deleted as soon as there is no longer any obligation to store it and no legitimate interest on our part in storing it.fulfillment of the storage obligations or to defend and enforce our legal interests. The data will be deleted as soon as there is no longer any obligation to store it and no legitimate interest in its storage.

B.  Special information

11. Log file data

When you visit our website, the servers of our hosting providers (UNIC AG (Switzerland), Fastly Inc. (USA), AWS (USA), LIIP AG (Switzerland), Netlify (USA)) temporarily store each access in a log file. This may also involve transfer to servers abroad, e.g. in the USA (see section 9 for more information, in particular on the guarantees we have put in place). The following data is collected without your intervention and stored by us until it is automatically deleted:

  • the IP address of the requesting computer,
  • the date and time of access,
  • the name and URL of the file accessed,
  • the website from which access was made
  • the operating system of your computer and the browser you are using (including type, version, and language settings),
  • device type in the case of access via mobile phones,
  • the city or region from which access was made,
  • the name of your Internet access provider.

This data is collected and processed for the purpose of enabling the use of our website (connection establishment), ensuring system security and stability in the long term, and optimizing our Internet offeringor internal statistical purposes. The IP address is used in particular to determine the country of residence of the website visitor and to set the language of the website accordingly. Furthermore, the IP address and other data will be evaluated in the event of attacks on the network infrastructure of www.myswitzerland.com or in the event of suspected other unauthorized or abusive website use, for clarification and defense and, if necessary, used in criminal proceedings to identify and take civil and criminal action against the users concerned.

Our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR lies in the purposes described above

Finally, when you visit our website, we use cookies and applications and tools that are based on the use of cookies. In this context, the data described here may also be processed. You can find more detailed information on this in the following sections of this privacy policy.

12. Cookies

When you use our website (including newsletters and other digital offerings), data is collected and stored in logs (in particular technical data). We may also use cookies and similar technologies (e.g., pixel tags or fingerprints) to recognize website visitors, evaluate their behavior, and identify preferences. A cookie is a small file that is transmitted between the server and your system and enables a specific device or browser to be recognized. We use cookies, for example, to better tailor the information, offers, and advertising displayed to you to your individual interests. Their use does not result in us receiving new personal data about you as an online visitor. Most Internet browsers automatically accept cookies. However, you can configure your browser so that so that no cookies are stored on your computer or a message always appears when you receive a new cookie. You can also deactivate or delete cookies in individual cases. You can find out how to manage cookies in your browser in your browser's help section.

We use OneTrust (OneTrust Technology Limited, United Kingdom) as a consent tool. With this data protection management software, we offer you the option of consenting to the storage of cookies in a legally compliant manner and ensuring that your consent can be revoked. Furthermore, consent is documented for legal proof and the setting of cookies is technically controlled. Cookies are used for this purpose, which store your cookie settings on our website. This allows your cookie settings to be retained when you visit our platforms again, as long as you do not delete the cookies beforehand. You can adjust your settings at any time.

Disabling cookies may result in you not being able to use all the features of our website.

13. Tracking and web analysis tools

13.1 General information about tracking

We use the web analytics services listed below for the purpose of designing our website in line with your needs and continuously optimizing it. In this context, pseudonymized usage profiles are created and cookies are used. The information generated by the cookie about your use of this website is usually transferred to a server of the service provider within the scope of your legal rights and transferred to a server of the service provider within the scope of your legal rights.Transmission to servers abroad, e.g. in the USA, may also occur (see section 9 for more information, in particular on the safeguards taken)

The processing of the data provides us with the following information, among other things:

  • The navigation path taken by a visitor on the site (including content viewed and products selected or purchased or services booked),
  • The length of time spent on the website or subpage,
  • the subpage from which the website is left,
  • the country, region, or city from which access is made,
  • end device (type, version, color depth, resolution, width, and height of the browser window) and
  • Returning or new visitor.

On our behalf, the provider will use this information to evaluate the use of the website, to compile reports on website activity for us, and to provide other services related to website activity and internet usage for the purposes of market research and the design of this website in line with user needs.For this processing, we and the providers can be considered jointly responsible for data protection to a certain extent

The legal basis for this data processing with the following tools is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time or refuse processing by rejecting or disabling the relevant cookies in your web browser settings (see section 12) or by using the service-specific options described below.

For further processing of the data by the respective provider as the (sole) data controller, in particular any transfer of this information to third parties such as authorities due to national legal provisions, please refer to the respective data protection information of the provider.

13.2 Analysis services

We currently use services provided by the following service providers in particular. Their contact details and further information on the individual data processing operations can be found in the respective privacy policy:

14. Online advertising and targeting

14.1 General information about online marketing

We use the services of various companies to provide you with interesting offers online. Your user behavior on our website and the websites of other providers is analyzed so that we can then display online advertising tailored to your individual interests.

Most technologies for tracking your user behavior (“tracking”) and for the targeted display of advertising (“targeting”) work with cookies, which enable your browser to be recognized across different websites. Depending on the service provider, it may also be possible for you to be recognized online even when using different devices (e.g. laptops and smartphones). This may be the case, for example, if you have registered for a service that you use on multiple devices.

In addition to the data already mentioned, the following data is collected when you visit websites (“log file data”) and when cookies are used, and which may be passed on to companies participating in advertising networks, the following data in particular is included in the selection of advertisements that may be most relevant to you:

  • Personal information that you provided when registering for or using a service from advertising partners (e.g., your gender, age group);
  • User behavior (e.g., search queries, interactions with advertising, types of websites visited, products or services viewed and purchased, newsletters subscribed to).

We and our service providers use this data to determine whether you belong to the target group we are addressing and take this into account when selecting advertisements. For example, after you have visited our site, you may see advertisements for the products or services you have consulted when you visit other sites (“retargeting”). Depending on the scope of the data, a user profile may also be created, which is evaluated automatically, and the ads are selected according to the information stored in the profile, such as affiliation with certain demographic segments or potential interests or behaviors. Such ads may be presented to you on various channels, including our website or apps, as well as advertisements placed via the online advertising networks we use, such as Google.

The data on user behavior is also passed on to those involved in the advertising networks, in particular their operators. For certain campaigns, the data is also transmitted to our partner companies. The data may then be evaluated for the purpose of billing the service provider and assessing the effectiveness of advertising measures in order to better understand the needs of our users and customers and improve future campaigns. This may also include information that an action (e.g., visiting certain sections of our website or sending information) can be traced back to a specific advertisement. Furthermore, we receive aggregated reports from service providers on advertising activities and information on how users interact with our website and our advertisements. The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by rejecting or disabling the relevant cookies in your web browser settings. You can find further options for blocking advertising in the information provided by the respective service provider (so-called “opt-out”).). Unless an explicit opt-out option has been specified, the following opt-out options are also available, which are offered in summary form for the respective regions: a) Europe: Your Online Choices; b) Canada: YourAdChoices; c) USA: AboutAds.

14.2 Services

15. Social media

We have included links to our profiles on the social networks of the following providers on our website:

Facebook

Meta Platforms Inc. (USA) / Meta Platforms Ireland Ltd. (Ireland):

Privacy Policy

Instagram

Meta Platforms Inc. (USA) / Meta Platforms Ireland Ltd. (Ireland):

Privacy Policy

LinkedIn

LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland):

Privacy Policy

X (formerly Twitter)

X Corporation (USA) / Twitter International Unlimited Company (Ireland):

Privacy Policy

Snapchat

Snap Inc. (USA):

Privacy Policy

TikTok

TikTok Technology Limited (USA) / TikTok Technology Limited (Ireland) and TikTok Information Technologies UK Limited (United Kingdom):

Privacy Policy

Pinterest

Pinterest Inc. (USA) / Pinterest Europe Limited (Ireland):

Privacy Policy

YouTube

Google LLC (USA) / Google Ireland Limited (Ireland):

Privacy Policy

When you click on the social network icons, you will be automatically redirected to our profile on the respective network. This establishes a direct connection between your browser and the server of the respective social network. This provides the network with the information that you have visited our website with your IP address and clicked on the link.

If you click on a link to a network while you are logged into your user account with that network, the content of our website may be linked to your profile, allowing the network to associate your visit to our website directly with your account. If you wish to prevent this, you should log out before clicking on the relevant links. A connection between your access to our website and your user account will be established in any case if you log in to the respective network after clicking on the link. The respective provider is responsible for data processing in accordance with data protection law. Please therefore note the information on the network's website.

The legal basis for any data processing attributed to us is our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR in the use and promotion of our social media profiles.

16. Use of our chat function

If you contact us via chat, your personal data will be processed. The data you provide us with (e.g. your name, email address, and your request) will be processed. In addition, the time of receipt of the request will be documented.

We process this data exclusively for the purpose of fulfilling your request (e.g., providing information about a restaurant, assisting with contract processing such as questions about your wine order, providing information about an event, or assisting with registration for an event, including your feedback on a visit to a restaurant, etc.).assistance with registration for an event, inclusion of your feedback on a visit to a restaurant, etc.). We use a tool from guuru (GUURU Solutions GmbH, Switzerland) to provide the chat function. Your data is therefore stored in a guuru database, which may allow guuru to access your data if this is necessary for the provision of the software and for support in using the software. Further information on data protection at guuru can be found here.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the use of modern communication technologies or, if your request is aimed at the conclusion or execution of a contract, in the implementation of the necessary measures within the meaning of Art. 6 para. 1 lit. b GDPR.17. Registration for a customer account

17. Registration for a customer account

If you open a customer account on our website, we collect various data from you (e.g., your name, your billing and, if applicable, delivery address, your email address, your login data). The mandatory fields in the corresponding form are marked with an asterisk (*).

We require the aforementioned data for the processing and administration of our website, to check the data entered for plausibility, i.e. for justification, content design, processing and changing the contractual relationships concluded with you via your user account. The email address and password together form the login details. The data in the customer account can be viewed and changed by the customer at any time.

The legal basis for processing your data for the above purpose is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by removing the information from your customer account or deleting your customer account or by sending us a message requesting that it be deleted.

To prevent misuse, you must always treat your login details as confidential and close the browser window when you have finished communicating with us, especially if you share your computer with others.

18. Booking, ordering, or reserving with third parties

Our website offers various options for making bookings or reservations or requesting information material or other services. The corresponding services are provided by third parties. You will be informed accordingly when you are redirected to our partners. Depending on the service, various data will be collected in this context. This includes, for example, your first and last name, your address, your email address, your telephone number and, if applicable, your credit card information. If this information is not provided, this may prevent the provision of the booking services. The provision of other information is optional and does not affect the use of our website.

The data you enter is usually collected directly by the relevant provider or, in the case of certain offers, forwarded to them by us.In such cases, the data protection provisions of the respective provider apply to any further processing of the data. The legal basis for the processing of the aforementioned data is the fulfillment of a contract within the meaning of Art. 6 para. 1 lit. b GDPR.

19. Online payment processing

If you make bookings on our website that are subject to a fee, depending on the service and the desired payment method, you will be required to provide additional data, such as your credit card information or your login details for your payment service provider, in addition to the information specified in section 18. This information, as well as the fact that you have purchased a service from us for the relevant amount and at the relevant time, will be forwarded to the respective payment service providers (e.g., payment solution providers, credit card issuers, and credit card acquirers). Please always note the information provided by the respective company, in particular the privacy policy and the general terms and conditions. The legal basis for this transfer is the fulfillment of a contract pursuant to Art. 6 para. 1 lit. b GDPR.

20. Applying for an open position

You have the option of applying to us spontaneously or via a specific email address for a specific job vacancy. For this purpose, we collect various data from you (e.g., your name, address, your email address, the documents and references submitted by the applicant).

We use this and other data provided by you on a voluntary basis to review your application. Application documents from applicants who are not considered will be deleted after the application process has ended, unless you explicitly agree to a longer storage period or we are not legally obliged to store them for longer.for this purpose is therefore the performance of a contract (pre-contractual phase) in accordance with Art. 6 para. 1 lit. b GDPR.

To prevent misuse and to take action against illegal behavior (in particular theft and damage to property), the entrance area and the publicly accessible areas of our companies are monitored by cameras. The image data is only viewed if there is suspicion of illegal behavior. We rely on a service provider for the provision of the video surveillance system who may have access to the data if this is necessary for the provision of the system. Should suspicion of illegal behavior arise, the data may then be passed on to the extent necessary to enforce claimsor to report it to consulting firms (in particular our law firm) and authorities.

The legal basis is our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR in protecting our property and safeguarding and enforcing our rights.

22. Payment processing

If you purchase products or services using electronic means of payment or pay for your restaurant visit, the processing of data is necessary. By using the payment terminals, you transmit the information stored in your payment method, such as the name of the cardholder and the card number, to the payment service providers involved (e.g., payment solution providers, credit card issuers, and credit card acquirers).. They also receive information that the payment method was used in one of our companies, the amount, and the time of the transaction. Conversely, we only receive the credit for the amount of the payment made at the corresponding time, which we can assign to the relevant receipt number, or information that the transaction was not possible or was canceled. Please always note the information provided by the respective company, in particular the privacy policy and the general terms and conditions. The legal basis for this transfer is the fulfillment of the contract with you in accordance with Art. 6 para. 1 lit. b GDPR.

We process the data of our contractual partners and interested parties as well as other clients, customers, and clients (“contractual partners”) in order to provide them with our contractual or pre-contractual services. The data processed in this context, the type, scope, and purpose of the data, and the necessity of the data are specified in the data protection declaration.contractual partners") in order to provide them with our contractual or pre-contractual services. The data processed in this context, the type, scope and purpose of the processing and the necessity of the processing are determined by the underlying contractual relationship. The data processed includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. email addresses and telephone numbers) and payment details.

The data processed includes the master data of our contractual partners (e.g., names and addresses), contact details (e.g., email addresses and telephone numbers), contract data (e.g., services used, contract content, contractual communication, names of contact persons), and payment data (e.g., bank details, payment history).

The legal basis for processing your data for this purpose is the fulfillment of a contract in accordance with Art. 6 para. 1 lit. b GDPR.

24. Events

When we hold events (e.g., to promote Switzerland) and study trips, we also process personal data. This includes the name and postal or email address of participants or interested parties and, depending on the event, other data such as your date of birth or photographs taken during the event. We process this information for the preparation, implementation, and follow-up of the events. Data relevant to the implementation may also be passed on to third parties (e.g., hotels, host destinations). The legal basis for data processing is your consent within the meaning of Art. 6 (1) GDPR. Participants may revoke their consent at any time by notifying us. Upon revocation, you are no longer entitled to participate in the event.

If you participate in prize draws and competitions, we collect the personal data required to carry out the prize draw or competition. This is usually your name and contact details (e.g., email address). The mandatory fields in the corresponding form are marked with an asterisk (*). During the processing of the prize draw or competition, communication data may also be collected (e.g., content of emails and other written correspondence, information on the type, time, and, if applicable, location of the communication).

This data will be used for the purpose of participating in the prize draw and competition and for its implementation, i.e. specifically to determine the winners and to be able to contact them. We may pass on your personal data to our prize drawand competition partners, e.g. to send you your prize. Participation in the prize draw and competition and the associated data collection is, of course, voluntary.

By participating in the competition, participants agree that the relevant data may be processed for the aforementioned purposes. The legal basis forfor data processing is therefore your consent within the meaning of Art. 6 (1) GDPR. Participants may revoke their consent at any time by notifying us. Upon revocation, participants are no longer entitled to participate in the prize draw or competition. Detailed information can be found in our terms and conditions for the respective prize draw and competition.

We conduct surveys and polls to collect information for the purpose of the survey or poll communicated in each case. The surveys and polls conducted by us are anonymous.We conduct surveys and questionnaires to collect information for the purpose communicated in each survey or questionnaire. The surveys and questionnaires we conduct (hereinafter referred to as “questionnaires”) are evaluated anonymously. When you participate in surveys, we collect the personal data necessary to conduct the surveys. This usually includes your name and contact details (e.g., email address, telephone number). The mandatory fields in the corresponding form are marked with an asterisk (*). During the processing of the surveys, communication data may also be collected (e.g., content of emails and other written correspondence, information on the type, time, and, if applicable, location of the communication).

By participating in the surveys, you consent to the processing of the relevant data for the aforementioned purposes. The legal basis for data processing is therefore your consent within the meaning of Art. 6 (1) GDPR. You can revoke your consent at any time by notifying us. Detailed information can be found in our terms and conditions of participation for the respective prize draw and competition. Market research

We do not use the data collected in the context of market research for advertising purposes. Detailed information (in particular on the evaluation of your data) can be found in the respective survey or where you enter your data. Your responses to surveys will not be passed on to third parties or published.

The basis for the processing of your personal data is your consent. The legal basis for this transfer is the fulfillment of the contract with you in accordance with Art. 6 para. 1 lit. b GDPR.

28. Profiling and automated decision-making

We do not use fully automated automatic decision-making for the establishment and execution of the business relationship or for any other purpose. Should we use such procedures in individual cases, we will inform you of this separately if this is required by law and you are informed of your rights in this regard., we will inform you separately if this is required by law and inform you of your related rights.

29. Artificial intelligence

We may use artificial intelligence (AI) to support our existing activities. Artificial intelligence applications may also process personal data, but this is not always the case. We are aware that the use of artificial intelligence in data processing can entail certain risks and uncertainties. We therefore have internal guidelines to ensure that AI is used in a legally responsible manner.

We assume responsibility for the content generated by AI on our behalf or for decisions made by AI, and if a decision has significant implications for the data subject, we ensure that it can be reviewed by a human being (see section 28). If AI used by us interacts directly with you, we will inform you of this. The legal basis for any data processing attributed to us is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the use of new technologies such as artificial intelligence. If corresponding consent has been requested, processing will take place exclusively on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time.

For further processing of the data by the respective provider as the (sole) controller under data protection law, in particular any disclosure of this information to third parties such as authorities due to national legal provisions, please refer to the respective data protection information of the provider. OpenAI's privacy policy.

 

30. Use of automation tools

To support internal processes and carry out technical process automation, we use the service Make (https://make.com) from Celonis Inc., with servers located within and outside the EU. Depending on the specific design of individual workflows, this may involve the processing of personal data, in particular in connection with automated user interactions, such as support requests, marketing processes, or data synchronization. Make stores your data in a data center located in the EU. However, Make reserves the right to transfer data to countries in exceptional cases, in particular to the USA, where there is no adequate level of data protection comparable to that in Switzerland or the EU. In order to ensure an adequate level of data protection, we have concluded an order processing agreement with Make that includes standard contractual clauses for compliance with data protection regulations. You can find more detailed information on data processing by Make in Make's privacy policy.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

General

This page was last modified on August 22, 2025

This page has been translated from German. For legal matters, the German version of this page shall apply. (You can change the language to "German" at the top or bottom of the page.)