Privacy policy

1. What is this privacy policy about?

Toggenburg Bergbahne AG and Chäserrugg Sports AG (hereinafter also referred to as "we", "us") obtain and process personal data concerning you or other persons (so-called "third parties"). We use the term "data" here synonymously with "personal data" or "personal information".
Personal data" refers to data that relates to specific or identifiable persons, i.e. it is possible to draw conclusions about their identity based on the data itself or with corresponding ad-ditional data. "Particularly sensitive personal data" is a category of personal data that en-joys special protection under applicable data protection law. For example, data revealing racial and ethnic origin, health data, information on religious or philosophical beliefs, bio-metric data for identification purposes and information on trade union membership are considered to be particularly sensitive personal data. In para. 3 you will find details of the data that we process within the scope of this privacy policy. "Processing" means any hand-ling of personal data, e.g. obtaining, storing, using, adapting, disclosing and deleting.
In this Privacy Policy we describe what we do with your data when you use www.chaeser-rugg.ch, www.shop.chaeserrugg.ch, www.shop.e-guma.ch/chaeserrugg, www.chaeser-rugg.skischool.shop (hereinafter collectively referred to as the "Website"), purchase our services or products, otherwise engage with us under a contract, communicate with us or
otherwise deal with us. Where appropriate, we will provide you with timely written notice of additional processing activities not mentioned in this Privacy Policy.
If you send us or disclose data about other persons, such as family members, work collea-gues, etc., we assume that you are authorised to do so and that this data is correct. By transmitting data about third parties, you confirm this. Please also ensure that these third parties have been informed about this privacy policy.
This Privacy Policy is designed to meet the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Data Protection Act ( "DSG" ) and the revised Swiss Data Protection Act ("revDSG"). However, whether and to what extent these laws are applicable depends on the individual case.

2. Who is responsible for processing your data?

For the data processing of Toggenburg Bergbahnen AG and Chäserrugg Sports AG described in this data protection declaration, Toggenburg Bergbahnen AG, Wildhaus-Alt St. Johann (the TBB), and Chäserrugg Sports AG, Wildhaus-Alt St. Johann, are responsible under data protection law, unless otherwise communicated in individual cases.

You can contact us as follows for your data protection concerns and to exercise your rights in accordance with section 11:

Toggenburg Bergbahnen AG
Iltios 1708
9657 Unterwasser

info@chaeserrugg.ch
Tel. +41 71 998 68 10

 

Chäserrugg Sports AG
c/o Toggenburg Bergbahnen AG
Iltios 1708
9657 Unterwasser

skischule@chaeserrugg.ch
Tel. +41 71 999 19 75

3. What data do we process?

We process different categories of data about you. The most important categories are as follows:

Technical data: When you use our website or other electronic offers (e.g. free WLAN), we collect the IP address of your end device and other technical data to ensure the functionality and security of these offers. This data also includes logs in which the use of our systems is recorded. To ensure the functionality of these services, we can also assign you or your end device a personalised code (e.g. in the form of a cookie, see section 12). The technical data itself does not allow any conclusions to be drawn about your identity. However, in the context of user accounts, registrations, access controls or the processing of contracts, they can be linked to other data categories (and thus possibly to your person).

Registration data: Certain offers, e.g. of competitions and services (e.g. login areas of our website, newsletter dispatch, free WLAN access, etc.) can only be used with a user account or registration, which can be done directly with us or via our external login service providers. In doing so, you must provide us with certain data and we collect data on the use of the offer or service. Registration data may be collected for access controls to certain facilities; depending on the control system, biometric data may also be collected.

Communication data: If you are in contact with us via the contact form, by e-mail, telephone, letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the marginal data of the communication. If we want or need to establish your identity, we collect data to identify you (e.g. a copy of an identity document).

Master data: We define master data as the basic data that we require in addition to the contract data (see below) for the processing of our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details and information, e.g. about your role and function, your bank account(s), your date of birth, customer history, powers of attorney, signature authorisations and declarations of consent. We process your master data if you are a customer or other business contact or work for one (e.g. as a contact person of the business partner), or because we want to contact you for our own purposes or the purposes of a contractual partner (e.g. as part of marketing and advertising, with invitations to events, with vouchers, with newsletters, etc.). We receive master data from you (e.g. when you make a purchase or register), from organisations for which you work or from third parties such as our contractual partners, associations and address dealers and from publicly accessible sources such as public registers or the internet (websites, social media, etc.). We may also collect master data from our shareholders and investors. We generally retain this data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons.

Contract data: This is data that arises in connection with the conclusion or processing of a contract, e.g. information on contracts and the services to be provided or provided, as well as data from the run-up to the conclusion of a contract, the information required or used for processing and information on reactions (e.g. complaints or information on satisfaction, etc.). We generally collect this data from you, from contractual partners and from third parties involved in the fulfilment of the contract, but also from third-party sources (e.g. providers of creditworthiness data) and from publicly accessible sources.

Behavioural and preference data: Depending on the relationship we have with you, we try to get to know you and better tailor our products, services and offers to you. To do this, we collect and use data about your behaviour and preferences. We do this by evaluating information about your behaviour in our area, and we can also supplement this information with data from third parties, including from publicly accessible sources. Based on this, we can, for example, calculate the probability that you will use certain services or behave in a certain way. Some of the data processed for this purpose is already known to us (e.g. when you use our services), or we obtain this data by recording your behaviour (e.g. how you navigate our website). We anonymise or delete this data when it is no longer relevant for the purposes pursued, which can be between 2-3 weeks and 24 months (for product and service preferences), depending on the type of data. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons. We describe how tracking works on our website in section 12.

Other data: We also collect data from you in other situations. In connection with official or judicial proceedings, for example, data is collected (such as files, evidence, etc.) that may also relate to you. We may also collect data for health protection reasons (e.g. as part of protection concepts). We may receive or produce photos, videos and audio recordings in which you may be recognisable (e.g. at events, through security cameras, etc.). We may also collect data about who enters certain buildings or has access rights to them and when (including during access controls, based on registration data or visitor lists, etc.), who takes part in events or campaigns (e.g. competitions) and when, or who uses our infrastructure and systems and when. Finally, we collect and process data about our shareholders and other investors; in addition to master data, this includes information for the relevant registers, regarding the exercise of their rights and the organisation of events (e.g. general meetings). The retention period for this data depends on the purpose and is limited to what is necessary. This ranges from a few days for many of the security cameras and usually a few weeks for contact tracing data to visitor data, which is usually stored for 5 months, to reports on events with images, which may be stored for several years or longer. Data about you as a shareholder or other investor will be retained in accordance with company law requirements, but in any case for as long as you are invested.

You provide us with much of the data mentioned in this Section 3 yourself (e.g. via forms, in the context of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, subject to individual cases, e.g. as part of binding protection concepts (legal obligations). If you wish to conclude contracts with us or make use of services, you must also provide us with data as part of your contractual obligation in accordance with the relevant contract, in particular master data, contract data and registration data. When using our website, the processing of technical data is unavoidable. If you wish to gain access to certain systems or buildings, you must provide us with registration data. In the case of behavioural and preference data, however, you generally have the option of objecting or not giving your consent.

Insofar as this is not prohibited, we also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the internet, including social media) or receive data from other companies within our group, from authorities and from other third parties (such as credit agencies, address dealers, associations, contractual partners, internet analysis services, etc.).

4. For what purposes do we process your data?

We process your data for the purposes explained below. Further information for the online area can be found in sections 12 and 13. These purposes and the underlying objectives represent legitimate interests on our part and, where applicable, on the part of third parties. You will find further information on the legal basis of our processing in section 5.

We process your data for purposes related to communication with you, in particular to respond to enquiries and assert your rights (section 11) and to contact you in the event of queries. In particular, we use communication data and master data for this purpose and, in connection with offers and services used by you, also registration data. We retain this data in order to document our communication with you, for training purposes, for quality assurance and for enquiries.

We process data for the establishment, administration and processing of contractual relationships.

We process data for marketing purposes and to maintain relationships, e.g. to send our customers and other contractual partners personalised advertising about our products and services and those of third parties (e.g. advertising contractual partners). This may, for example, take the form of newsletters and other regular contacts (electronically, by post, by telephone), via other channels for which we have contact information from you, but also as part of individual marketing campaigns (e.g. events, competitions, etc.) and may also include free services (e.g. invitations, vouchers, etc.). You can refuse such contacts at any time (see the end of this section 4) or refuse or revoke your consent to be contacted for advertising purposes. With your consent, we can target our online advertising on the Internet more specifically to you (see section 12). Finally, we also want to enable our contractual partners to contact our customers and other contractual partners for advertising purposes (see section 7).

We also process your data for market research, to improve our services and operations and for product development.

We may also process your data for security purposes and for access control.

We process personal data to comply with laws, instructions and recommendations from authorities and internal regulations ("compliance").

We also process data for the purposes of our risk management and in the context of prudent corporate governance, including business organisation and corporate development.

We may process your data for other purposes, e.g. as part of our internal processes and administration or for training and quality assurance purposes.

5. On what basis do we process your data?

If we ask for your consent for certain processing (e.g. for marketing mailings and for advertising control and behaviour analysis on the website), we will inform you separately about the corresponding purposes of the processing. You can withdraw your consent at any time with effect for the future by sending us written notification (by post) or, unless otherwise stated or agreed, by email; our contact details can be found in Section 2. For the withdrawal of your consent in the case of online tracking, see Section 12. If you have a user account, you can also withdraw your consent or contact us via the relevant website or other service. Once we have received notification of the withdrawal of your consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

Where we do not ask for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation or fulfilment of a contract with you (or the entity you represent) or that we or third parties have a legitimate interest in it, in particular to pursue the purposes and associated objectives described above under section 4 and to be able to carry out corresponding measures. Our legitimate interests also include compliance with statutory provisions, unless this is already recognised as a legal basis by the applicable data protection law (e.g. in the case of the GDPR, the law in the EEA and Switzerland). However, this also includes the marketing of our products and services, the interest in better understanding our markets and the secure and efficient management and further development of our company, including its operations.

If we receive sensitive data (e.g. health data, information on political, religious or ideological views or biometric data for identification purposes), we may also process your data on the basis of other legal grounds, e.g. in the event of disputes due to the necessity of processing for possible litigation or the enforcement or defence of legal claims. In individual cases, other legal grounds may apply, which we will communicate to you separately if necessary.

6. What applies to profiling and automated individual decisions?

We may automatically evaluate certain of your personal characteristics for the purposes mentioned in Section 4 using your data (Section 3) ("profiling") if we want to determine preference data, but also to determine risks of misuse and security risks, to carry out statistical analyses or for operational planning purposes. For the same purposes, we can also create profiles, i.e. we can combine behavioural and preference data, but also master and contract data and technical data assigned to you in order to better understand you as a person with your different interests and other characteristics.

In both cases, we pay attention to the proportionality and reliability of the results and take measures to prevent misuse of these profiles or profiling. If these can have legal consequences or significant disadvantages for you, we always provide for a manual review.

7. To whom do we disclose your data?

In connection with our contracts, the website, our services and products, our legal obligations or otherwise to safeguard our legitimate interests and the other purposes listed in Section 4, we also transfer your personal data to third parties, in particular to the following categories of recipients:

  • Subsidiary: The subsidiary Chäserrugg Sports AG may use the data for the same purposes as Toggenburg Bergbahnen AG in accordance with this privacy policy (see section 4).
  • Service providers: We work with service providers in Switzerland and abroad who process data about you on our behalf or under joint responsibility with us or who receive data about you from us under their own responsibility (e.g. IT providers, advertising service providers, login service providers, banks, insurance companies, debt collection companies, credit agencies or address verifiers). For the service providers used for the website, see section 12. Our central service providers in the IT sector are Microsoft and fowi Wirtschaftsberatungs GmbH.
  • Contractual partners including customers: This initially refers to customers (e.g. service recipients) and other contractual partners of ours, because this data transfer arises from these contracts. For example, you receive registration data for vouchers issued and redeemed, invitations, etc. If you work for such a contractual partner yourself, we may also transmit data about you to them in this context. The recipients also include contractual partners with whom we cooperate (e.g. the Chäserrugg Race Academy association) or who advertise for us and to whom we therefore transmit data about you for analysis and marketing purposes (these may in turn be service recipients, but also sponsors and providers of online advertising, for example). We require these partners to only send you advertising or display it based on your data if you have consented to this (for the online area, see section 12). Our online advertising contract partners are listed in section 12.
  • Public authorities: We may pass on personal data to offices, courts and other authorities in Switzerland and abroad if we are legally obliged or authorised to do so or if this appears necessary to protect our interests. The authorities process data about you that they receive from us under their own responsibility.
  • Other persons: This refers to other cases where the involvement of third parties arises from the purposes set out in section 4, e.g. service recipients, media and associations in which we participate or if you are part of one of our publications.

All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).

We also allow certain third parties to collect personal data from you on our website and at our events (e.g. media photographers, providers of tools that we have integrated on our website, etc.). Insofar as we are not significantly involved in this data collection, these third parties are solely responsible for it. If you have any concerns and wish to assert your data protection rights, please contact these third parties directly. See section 12 for the website.

8. Will your personal data also be sent abroad?

As explained in section 7, we also disclose data to other organisations. These are not only located in Switzerland. Your data may therefore be processed both in Europe and in the USA; in exceptional cases, however, in any country in the world.

If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with the applicable data protection regulations (we use the revised standard contractual clauses of the European Commission, which can be accessed here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption clause. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the fulfilment of a contract requires such disclosure, if you have given your consent or if the data in question has been made generally accessible by you and you have not objected to its processing.

Please also note that data exchanged via the Internet is often routed via third countries. Your data may therefore be sent abroad even if the sender and recipient are located in the same country.

9. How long do we process your data?

We process your data for as long as required by our processing purposes, the statutory retention periods and our legitimate interests in processing for documentation and evidence purposes or if storage is technically necessary. Further information on the respective storage and processing periods can be found in the individual data categories in section 3 or in the cookie categories in section 12. If there are no legal or contractual obligations to the contrary, we will delete or anonymise your data after the storage or processing period has expired as part of our normal processes.

10. How do we protect your data?

We take appropriate security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorised or unlawful processing and to counteract the risks of loss, unintentional modification, unwanted disclosure or unauthorised access.

11. What rights do you have?

Under certain circumstances, the applicable data protection law grants you the right to object to the processing of your data, in particular for the purposes of direct marketing, profiling for direct advertising and other legitimate interests in processing.

To make it easier for you to control the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection law:

  • The right to request information from us as to whether we are processing your data and, if so, which data;
  • the right to have us correct data if it is incorrect;
  • the right to request the deletion of data;
  • the right to request that we provide you with certain personal data in a commonly used electronic format or transfer it to another controller
  • the right to withdraw consent where our processing is based on your consent
  • the right to request further information necessary to exercise these rights;

If you wish to exercise the above rights against us, please contact us in writing, at our premises or, unless otherwise stated or agreed, by e-mail; our contact details can be found in section 2. In order for us to rule out misuse, we must identify you (e.g. with a copy of your ID, unless otherwise possible).

You also have these rights vis-à-vis other organisations that work with us on their own responsibility - please contact them directly if you wish to exercise rights in connection with their processing. You will find details of our key cooperation partners and service providers in section 7, and further details in section 12.

Please note that these rights are subject to conditions, exceptions or restrictions under the applicable data protection law (e.g. to protect third parties or business secrets). We will inform you accordingly if necessary.

If you do not agree with our handling of your rights or data protection, please let us know (Section 2). In particular, if you are located in the EEA, the United Kingdom or Switzerland, you also have the right to lodge a complaint with the data protection supervisory authority in your country.

12. Do we use online tracking and online advertising techniques?

We use various technologies on our website with which we and third parties engaged by us can recognise you when you use our website and, under certain circumstances, track you over several visits. We will inform you about this in this section.
In essence, we want to be able to distinguish between access by you (via your system) and access by other users so that we can ensure the functionality of the website and carry out analyses and personalisation. We do not want to draw conclusions about your identity, even if we can, insofar as we or third parties engaged by us can identify you by combining this with registration data. Even without registration data, however, the technologies used are designed in such a way that you are recognised as an individual visitor each time you visit the website, for example by our server (or the servers of third parties) assigning you or your browser a specific identification number (so-called "cookie").
We use such technologies on our website and allow certain third parties to do the same. You can programme your browser to block or deceive certain cookies or alternative tech-nologies or delete existing cookies. You can also add software to your browser that blocks tracking by certain third parties. You can find more information about this on the help pages of your browser (usually under the heading "Data protection") or on the websites of the third parties listed below.
A distinction is made between the following cookies (technologies with comparable func-tions such as fingerprinting are also included here):

  • Necessary cookies: Some cookies are necessary for the functioning of the website as such or for certain functions. For example, they ensure that you can switch between pages without losing the information entered in a form. They also ensure that you remain logged in. These cookies are only temporary ("session cookies"). If you block them, the website may not work. Other cookies are necessary so that the server can save decisions or entries made by you beyond a session (i.e. a visit to the website) if you use this function (e.g. selected language, consent given, the function for automa-tic log-in, etc.).
  • Performance cookies: In order to optimise our website and corresponding offers and to better tailor them to the needs of users, we use cookies to record and analyse the use of our website, possibly even beyond the session. We do this by using third-party analytics services. We have listed these below. Details can be found on the websites of the third-party providers.
  • Marketing cookies: We and our advertising contract partners have an interest in tar-geting advertising to specific groups, i.e. only displaying it to those we want to address. We have listed our advertising contract partners below. For this purpose, we and our advertising contract partners - if you consent - also use cookies with which the content accessed or contracts concluded can be recorded. This enables us and our advertising partners to display adverts that we believe will be of interest to you, both on our website and on other websites that display adverts from us or our adver-tising partners. If you consent to the use of these cookies, you will be shown the re-levant adverts. If you do not consent to these cookies, you will not see fewer adverts, but simply any other adverts.

We currently use offers from the following service providers and advertising contract part-ners (insofar as they use data from you or cookies set by you for advertising purposes):

  • Google Analytics: Google Ireland (based in Ireland) is the provider of the "Google Analytics" service and acts as our processor. Google Ireland relies on Google LLC (ba-sed in the USA) as its processor (both "Google"). Google uses performance cookies (see above) to track the behaviour of visitors to our website (duration, frequency of pages accessed, geographical origin of access, etc.) and compiles reports for us on the use of our website on this basis. We have configured the service so that the IP addresses of visitors are truncated by Google in Europe before being forwarded to the USA and therefore cannot be traced. We have switched off the "Data sharing" and "Signals" settings. Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google can use this data for its own purposes to draw conclusions about the identity of visitors, create personal profiles and link this data to the Google accounts of these persons. If you agree to the use of Google Analytics, you explicitly consent to such processing, which also includes the transfer of personal data (in particular usage data for the website and app, device information and individual IDs) to the USA and other countries. You can find informa-tion on data protection from Google Analytics here https://support.google.com/ana-lytics/answer/6004245 and if you have a Google account, you can find further infor-mation on processing by Google here https://policies.google.com/technologies/part-ner-sites?hl=de.
  • Google Re/Marketing Services: On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use the marketing and remarketing services (in short "Google Marketing Services") of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, ("Google"). GDPR) the marketing and remarketing services ("Google Marketing Services" for short) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google"). Google Marketing Services allow us to display adverts for and on our website in a more targeted manner in order to present users only with adverts that potentially match their interests. If, for example, a user is shown adverts for products that they have been interested in on other websites, this is referred to as "remarketing". For these purposes, when our and other websites on which Google marketing services are active are accessed, a code from Google is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, what content they are interested in and which offers they have clicked on, as well as tech-nical information about the browser and operating system, referring websites, time of visit and other information about the use of the online offer. The IP address of the user is also recorded, whereby we inform Google Analytics that the IP address is shor-tened within member states of the European Union or in other signatory states to the Agreement on the European Economic Area and only in exceptional cases is it
    transmitted in full to a Google server in the USA and shortened there. The IP address is not merged with the user's data within other Google offers. Google may also com-bine the aforementioned information with such information from other sources. If the user subsequently visits other websites, they can be shown adverts tailored to their interests. User data is processed pseudonymously as part of Google marketing services. This means that Google does not store and process the user's name or email address, for example, but processes the relevant data in relation to cookies within pseudonymous user profiles. This means that, from Google's perspective, the adverts are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has ex-pressly allowed Google to process the data without this pseudonymisation. The in-formation collected by Google marketing services about users is transmitted to Google and stored on Google's servers in the USA. The Google marketing services we use include the online advertising programme "Google Ads". In the case of Google Ads, each Google Ads customer receives a different "conversion cookie". Cookies can therefore not be tracked via the websites of Google Ads customers. The information obtained with the help of the cookie is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. Google Ads customers find out the total number of users who clicked on their advert and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. We can integrate third-party adverts on the basis of the Google marketing service "AdSense". AdSense uses cookies to enable Google and its partner websites to display adverts based on users' visits to this webs-ite or other websites on the Internet. We may also use Google Tag Manager to in-tegrate and manage Google analytics and marketing services on our website. Further information on the use of data for marketing purposes by Google can be found on the overview page: www.google.com/policies/technologies/ads, Google's privacy policy is available at www.google.com/policies/privacy. If you wish to object to inte-rest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google: www.google.com/ads/preferences.
  • Google Tag Manager: We use Google Tag Manager on our website, a service provided by Google Ireland Limited ("Google"). Google Tag Manager enables us to implement and manage website tags and tracking scripts.
    Google Tag Manager activates third-party tags on our website that may collect data. However, Google Tag Manager itself does not collect any personal data. It is merely a management solution for integrating and managing tags.
    The use of Google Tag Manager is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to improve the efficiency of our website and to enable the smooth integration of third-party tags.
    Please note that Google Tag Manager may implement other tags that may collect personal data. We have no influence on the data collection and processing by these tags. For information on the use of data by the third-party providers concerned and
    your rights and settings options to protect your privacy, we recommend that you read the privacy policies of the relevant third-party providers.
    Further information on the use of data by Google Tag Manager can be found in Google's privacy policy: https://policies.google.com/privacy.
    Please note that we have no influence on the collection and processing of data by Google Tag Manager and cannot accept any responsibility for this.
  • Google Ads: We use Google Ads, an online advertising programme from Google Ireland Limited ("Google"). Google Ads enables us to place adverts on Google search results pages, websites in the Google Display Network and other Google services.
    As part of the use of Google Ads, personal data may be processed, such as your IP address, your location, your search behaviour or your interactions with our ads. This data is used to present you with relevant and targeted adverts.
    The use of Google Ads is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to advertise our products and services and to address potential customers.
    If you do not want your data to be used in the context of Google Ads, you can deac-tivate personalised advertising via Google's ad settings or restrict the use of cookies in your browser.
    Further information on the use of data by Google Ads as well as your rights and set-ting options to protect your privacy can be found in Google's privacy policy: https://policies.google.com/privacy.
    Please note that we have no influence on the collection and processing of data by Google and cannot accept any responsibility for this.
  • Google Maps: We use Google Maps, a map service provided by Google LLC ("Google"), to display our location on our website and to offer you an interactive map function.
    The use of Google Maps may result in the collection of certain information about your use of the map function, including your IP address, location data and interactions with the map. This information may be collected and stored by Google.
    Please note that Google has its own privacy policy, which you can view here: https://policies.google.com/privacy?hl=de. We recommend that you read Google's privacy policy to find out more about their data protection practices.
    You have the option of controlling the collection of your data by Google Maps, for example by deactivating location services on your device or blocking the use of coo-kies. Please note, however, that this may impair the functions of the interactive maps on our website.
  • Cookie First: We use the cookie management tool Cookie First on our website, which is provided by Cookie First B.V. ("Cookie First"). Cookie First enables us to obtain and manage your consent to the use of cookies and similar technologies on our website.
    When you visit our website, cookies and other tracking technologies are used that can collect information about your user behaviour. Before using these cookies, we ask for your consent via the cookie banner that is displayed when you first visit our website. With the help of Cookie First, you can adjust your cookie settings at any time and revoke your consent.
    The use of Cookie First is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can adjust your cookie settings at any time via the cookie banner or the settings of your browser.
    For more information about Cookie First's use of data, your rights and settings opti-ons to protect your privacy, please refer to Cookie First's privacy policy: https://coo-kiefirst.com/legal/privacy-policy/.
    Please note that we have no influence on the collection and processing of data by Cookie First and cannot accept any responsibility for this.
Diese Cookie-Tabelle wurde erstellt und aktualisiert von der Cookie Banner Tool - CookieFirst.
  • Meta / Facebook pixel: The website uses the Meta pixel (formerly: Facebook pixel), a tracking tool of the social networks "Facebook" and "Instagram" (Meta Platforms Ireland Ltd.). A code is placed on our website that collects certain data about your usage behaviour on our website and transmits it to Meta. Cookies may be used for this purpose. The Facebook pixel is used on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis and optimisation of our website and in the placement of targeted advertising on the platforms of Meta Platforms Ireland Ltd. By using our website, you consent to the collection and processing of your data by Facebook in the manner described. You can deactivate the use of cookies by Meta in your browser settings or object to the processing of your data by Facebook. For more information about Facebook's use of data and your rights and settings options to protect your privacy, please refer to Facebook's privacy policy: https://www.face-book.com/privacy/policy/. Please note that we have no influence on the collection and processing of data by Facebook and cannot accept any responsibility for this.
  • Meta Retargeting (Custom Audience): When you visit our website, a direct connection is established between your browser and the Meta server via the Meta Pixel. Meta thereby receives the information that you have visited our site with your IP address. This allows Meta to associate your visit to our website with your user account. We can use the information obtained in this way to display Facebook and Instagram ads or for tracking functionalities. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Meta. Further information on this can be found in Meta's privacy policy at https://www.facebook.com/privacy/policy/Falls. If you do not wish data to be collected via Custom Audience, you can deactivate Custom Audi-ences here.
  • Newsletter Wilken Software Group: We use the E-Marketing Suite (EMS) software provided by the Wilken Software Group, Hörvelsinger Weg 29-31, 89081 Ulm, Germany, to send our newsletter. The Wilken Software Group servers are located in certified and secure data centres in Germany.
    You can view the data protection provisions of the shipping service provider at https://www.wilken.de/datenschutz/.
    If you would like to receive the newsletter offered on this website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected. We use this data exclusively for sending the requested information and do not pass it on to third parties.
    You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to unsubscribe from the newsletter at the end of each newsletter.
  • Privacy policy for YouTube: Functions of the "YouTube" service are integrated on this website. "YouTube" is owned by Google Ireland Limited, a company incorporated and opera-ted under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, which operates the services in the European Economic Area and Switzer-land. Your legal agreement with "YouTube" consists of the terms and conditions found at the following link: youtube.com/static?gl=en&template=terms&hl=en. These terms form a legally binding agreement between you and "YouTube" regarding the use of the services. Google's privacy policy explains how "YouTube" handles your personal data and protects your data when you use the service.
  • Privacy policy for the use of our online shops: We use the following online shop systems on our website e-guma voucher & ticket system from the company Idea Creation GmbH, Wal-chestrasse 15, 8006 Zurich, Switzerland and the online shop from the company Pri-cenow AG, Ogimatte 7, 3713 Reichenbach im Kandertal. As well as the shop system of Waldhart Software GmbH, Unterdorf 1, A-6405 Pfaffenhofen for our ski school shop. Through the shop functions, data is sent to the above-mentioned companies, stored and processed.

When you visit our online shop and make purchases, we collect various infor-mation, including

  • Your contact information, such as name, address, telephone number and e-mail address.
  • Information about your purchases, such as products, prices and payment in-formation.
  • Information about your device, your browser and your IP address.
  • Cookies and similar technologies to improve your user experience and analyse the website
     

We use your data to:

  • process your orders and send you the products you have purchased.
  • Contact you to provide confirmations, shipping information or support.
  • prevent fraud and ensure the security of our website.
  • To optimise our website and improve the user experience.
  • show you personalised content and offers, provided you have consented to this.

Your data is processed on the basis of our contract with you for the fulfilment of your orders (Art. 6 para. 1 lit. b GDPR) and our legitimate interest in improving our website and our products (Art. 6 para. 1 lit. f GDPR).
We only store your data for as long as is necessary for the above-mentioned purposes or as required by law. You have the right to information, correction and deletion of your data as described in our privacy policy.
You have certain data protection rights in relation to your data, including the right of access, rectification, erasure and objection to processing. Please contact us to exer-cise your rights.

  • Privacy policy for the use of Mastercard and Maestro: We offer the payment service provider Mastercard in our online shop for the pro-cessing of payments. The provider is Mastercard Inc. based in the USA. The com-pany Mastercard Europa SA, based in Belgium, is responsible for Europe.
    When you make a payment via Mastercard or Maestro, your payment information is transmitted to Mastercard. Mastercard processes your data such as your name, your credit card number, the expiry date of the credit card and the CVC code in or-der to carry out the payment transaction and to prevent fraud.
    Mastercard uses the data collected to process payment transactions, prevent fraud and improve its services. They may also use data for marketing purposes, unless the customer has objected to this.
    Mastercard may share data with other financial institutions, regulators and legal bo-dies, especially when it comes to fraud prevention or legal requirements.
    Cardholders have certain rights in relation to their data, including the right to ac-cess, correct and delete their personal information.
    Mastercard is obliged to comply with various national and international data pro-tection laws, including the General Data Protection Regulation (GDPR) in the Euro-pean Union.
    Mastercard has its own privacy policy that regulates the processing, storage and protection of your personal data. We recommend that you read Mastercard's pri-vacy policy carefully to find out more about your rights and the processing of your personal data. For more information, please visit Mastercard's website and consult their privacy policy: https://www.mastercard.de/de-de/datenschutz.html
    Your payment information is processed on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contrac-tual measures.
  • Privacy policy for the use of Visa: We use the payment service provider Visa in our online shop to process payments. The provider is Visa Inc. based in the USA. The company Visa Europe Services Inc. based in the UK is responsible for Europe.
    When you make a payment via Visa, your payment information is transmitted to Visa. Visa processes your personal data such as your name, credit card number, card expiry date and security code in order to complete the payment transaction and prevent fraud attempts.
    Visa may share data with other financial institutions, regulators and legal bodies, es-pecially when it comes to fraud prevention or legal requirements.
    Cardholders have certain rights in relation to their data, including the right to ac-cess, correct and delete their personal information.
    Visa has its own privacy policy that governs the processing, storage and protection of your personal data. We recommend that you read Visa's privacy policy carefully to learn more about your rights and the processing of your personal data. For more information, please visit Visa's website and read their privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html
    Your payment information is processed on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
  • Privacy policy for the use of TWINT: We use the payment service provider TWINT in our online shop to process pay-ments. The provider is TWINT AG, based in Switzerland. Your personal data may be disclosed to TWINT AG or TWINT Acquiring AG within the group as part of group-internal services.
    When you make a payment via TWINT, certain personal data and your payment in-formation will be transmitted to TWINT. TWINT processes your personal data such as your surname, first name, date of birth, telephone number, bank details, proof of identity, e-mail address and location data (with your consent) in order to complete the payment transaction and prevent attempted fraud.
    The data is deleted as soon as it is no longer required for the provision of the ser-vice. Data that must be stored for longer by law, such as payment data, is exempt from erasure. Contract data is also stored by us for longer, as this is required by sta-tutory retention obligations.
    TWINT may share data with other financial institutions, supervisory authorities and legal bodies, in particular when it comes to fraud prevention or legal requirements.
    TWINT has its own data protection guidelines that govern the processing, storage and protection of your personal data. We recommend that you read TWINT's privacy policy carefully to find out more about your rights and the processing of your personal data. For more information, please visit the TWINT website and read their privacy policy: https://www.twint.ch/datenschutz/
    Your payment information is processed on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
  • Privacy policy for the use of Diners Club: We use the payment service provider Diners Club International Ltd in our online shop to process payments. The provider is Discover Financial Services LLC, based in the USA.
    If you make a payment via Diners Club, certain personal data and your payment information will be transmitted to Diners Club. Diners Club processes your personal data such as your surname, first name, date of birth, telephone number, bank details, proof of identity, e-mail address and location data (with your consent) in order to complete the payment transaction and prevent fraud attempts.
    The data is deleted as soon as it is no longer required for the provision of the service. Data that must be stored for longer by law, such as payment data, is exempt from erasure. Contract data is also stored by us for longer, as this is required by statutory retention obligations.
    Diners Club may share data with other financial institutions, regulators and legal bo-dies, particularly where fraud prevention or legal requirements are involved.
    Diners Club has its own privacy policy that governs the processing, storage and pro-tection of your personal data. We recommend that you read Diners Club's privacy policy carefully to find out more about your rights and the processing of your personal data. For more information, please visit the Diners Club website and read their privacy policy: https://www.dinersclub.com/privacy-policy/
    Your payment information is processed on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contrac-tual measures.
  • Privacy policy for the use of PostFinance: We use the payment service provider PostFinance in our online shop to process payments. The provider is PostFinance AG, based in Switzerland.
    If you make a payment via PostFinance, your payment information will be transmitted to PostFinance. PostFinance processes your personal data such as name and contact details (e.g. address, e-mail address, telephone number), financial informa-tion (e.g. credit card details, bank account information), transaction data (e.g. information about your purchases and payments).
    PostFinance may share data with other financial institutions, supervisory authorities and legal bodies, especially when it comes to fraud prevention or legal require-ments.
    You have certain rights in relation to your personal data, including the right to access, correct and delete your personal information.
    PostFinance has its own data protection guidelines that regulate the processing, storage and protection of your personal data. We recommend that you read PostFinance's privacy policy carefully to find out more about your rights and the processing of your personal data. For more information, please visit the PostFinance webs-ite and read their privacy policy: https://www.postfinance.ch/de/detail/data/allge-meine-datenschutzerklaerung.html
    Your payment information is processed on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
  • Datatrans: Your payment data will be processed by the following service provider as part of payment processing: Datatrans AG, Kreuzbühlstrasse 26, CH-8008 Zurich.

The provider may collect the following personal data as part of the payment transactions processed via the services of Datatrans AG:

  • Account information (e.g. credit card number, bank account details)
  • Transaction data (e.g. information about payments made)
  • Contact information (e.g. name, e-mail address)

Datatrans AG uses your personal data exclusively for the processing of payments and transactions. This includes

  • The processing of payments via the services of Datatrans AG
  • The confirmation of payment transactions
  • Communication about payment transactions
  • Ensuring the integrity and security of payment transactions

Datatrans AG only shares your personal data with its payment processors in order to handle payment transactions and process payments. Your data will not be passed on to third parties unless this is required by law.
Datatrans AG takes comprehensive security measures to protect your personal data. This includes the use of encryption technologies and access to personal data only by authorised persons.
You have certain data protection rights in relation to your personal data. This inclu-des the right to access, rectify and erase your data. Please contact us to exercise y-our rights.

  • Privacy policy for the use of Auth0: For the purchase process in the Pricenow AG online shop, the services of Auth0 Inc., a subsidiary of Okta Inc. based in the USA, are used for user identification and au-thentication.

In the course of providing the Services, Auth0 Inc. may collect the following perso-nal data:

  • User identification data (e.g. user names, e-mail addresses)
  • Authentication and access information (e.g. passwords, tokens)
  • Metadata about the use of our services
  • Information that you provide to us voluntarily (e.g. profile information)

Auth0 uses your personal data for the following purposes:

  • To authenticate and authorise your identity and your access to services and re-sources
  • For the provision of access management services
  • To improve and customise its services
  • To communicate with you in the context of your service
  • To secure and maintain the integrity of your service

Auth0 may disclose your personal data to the following third parties:

  • Its customers, for whom it provides identity and access management services
  • Third parties who provide services in connection with Auth0 to support the operation of their services
  • If required by law, to law enforcement authorities or other government agen-cies

Auth0 takes comprehensive security measures to protect your personal data. This includes the use of encryption technologies and access to personal data only by authorised per-sons.
You have certain data protection rights in relation to your personal data. These include the right to access, rectification, erasure and restriction of processing.
Further information on data protection can be found in the privacy policy of Auth0 Inc. or Okta Inc: https://www.okta.com/privacy-policy/

  • Privacy policy for the use of the webcam function: We use the Roundshot Livecam Frontend application from Seitz Phototechnik AG on our website. When you use the application, the provider may also collect information that your browser sends when you use the service or when you access the service via a mobile device ("usage data"). This Usage Data may include information such as your computer's IP address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, device identifiers and other diagnostic data.
    If you access the Service via a mobile device, this Usage Data may include informa-tion such as the type of mobile device used, the unique ID of your mobile device, the IP address of your mobile device, information about your mobile operating system and the type of mobile device, about your mobile internet browser, unique de-vice identifiers and other diagnostic data.
    The Provider uses cookies and similar tracking technologies to track activity within the Service and store certain information.
    Cookies are files with small amounts of data that may contain an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies that are also used are beacons, tags and scripts to col-lect and track information and to improve and analyse the service.
    You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of the Service.

Seitz Phototechnik AG uses the collected data for various purposes:

  • To offer and perform the service
  • To inform about changes in their service
  • So that you can participate in interactive functions of the service if you wish to do so
  • To collect analyses or valuable information so that they can improve their service.
  • can improve
  • To monitor the use of the service
  • To recognise, prevent or rectify technical problems

Seitz Phototechnik AG will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. It will retain and use your personal information to the extent necessary to comply with its legal obligations (for example, if we are required to retain your information under applicable law), resolve disputes, and enforce its legal agreements and policies.
Seitz Phototechnik AG will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of their service, or they are required by law to retain this data for longer periods of time.
Your information, including personal information, may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those of your jurisdiction.
If you are located outside of France and choose to provide information to us, please note that we transfer the data, including personal data, to France and process it there.
Your consent to this Privacy Policy, followed by your submission of such information, signifies your agreement to that submission. Seitz Phototechnik AG will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. No transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data.
Seitz Phototechnik AG endeavours to take reasonable steps to correct, amend, delete or limit the use of your personal data.
Further information on data protection can be found on the provider's website at: https://www.roundshot.com/public/upload/assets/1205/Roundshot-Datenschutz-Richtlinien-frontend.pdf

13. What data do we process on our pages in social networks?

We may operate pages and other online presences ("fan pages", "channels", "profiles", etc.) on social networks and other platforms operated by third parties and provide the services described in para. 3 and below about you. We receive this data from you and the platforms when you come into contact with us via our online presence (e.g. when you communicate with us, comment on our content or visit our presence). At the same time, the platforms evaluate your use of our online presence and link this data with other data about you known to the platforms (e.g. about your behaviour and preferences). They also process this data for their own purposes under their own responsibility, in particular for marketing and mar-ket research purposes (e.g. to personalise advertising) and to control their platforms (e.g. which content they display to you).

We process this data for the purposes described in para. 4 in particular for communication, marketing purposes (including advertising on these platforms, see section 12) and for mar-ket research. You will find information on the relevant legal bases in Section 5. We may redistribute content published by you (e.g. comments on an announcement) ourselves (e.g. in our advertising on the platform or elsewhere). We or the operators of the platforms may also delete or restrict content from or about you in accordance with the usage guidelines (e.g. inappropriate comments).

For further information on the processing carried out by the platform operators, please refer to the platforms' data protection notices. There you can also find out in which count-ries they process your data, what rights of access, erasure and other rights of data subjects you have and how you can exercise these or obtain further information. We currently use the following platforms:

  • Facebook

Here we operate the website https://www.facebook.com/chaeserrugg/. The entity responsible for operating the platform for users from Europe is Meta Platforms Ireland Ltd, Dublin, Ireland. Their privacy policy is available at www.facebook.com/policy. Some of your data will be transferred to the USA. You can object to advertising here: www.facebook.com/settings?tab=ads. We are jointly responsible with Meta Platforms Ireland Ltd, Dublin, Ireland, for the data collected and processed when you visit our website for the creation of "Page Insights". As part of Page Insights, statistics are compiled about what visitors do on our site (comment on posts, forward content, etc.). This is described at www.facebook.com/legal/terms/information_about_page_insights_data. It helps us to understand how our site is used and how we can improve it. We only receive anonymous, aggregated data. We have regulated our responsibilities regarding data protection in accordance with the information on www.facebook.com/legal/terms/page_controller_addendum.

  • LinkedIn

We operate a LinkedIn page at the address: https://ch.linkedin.com/company/chaeserrugg-toggenburg-bergbahnen in order to communicate with interested parties, customers and the LinkedIn community and to provide information about our products and services. When you visit our LinkedIn page, personal data may be processed by LinkedIn or us as the page operator.

The processing of personal data is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR or on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to provide information about our company and to interact with interested parties.

Please note that we have no influence on data processing by LinkedIn. The processing of personal data by LinkedIn is carried out in accordance with LinkedIn's privacy policy. Further information on data processing and your rights can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

Please note that we reserve the right to delete inappropriate posts or comments on our LinkedIn page. We would like to point out that your posts or comments on our LinkedIn page are publicly visible and can be read by other LinkedIn users.

If you have any questions about the processing of your personal data in connection with our LinkedIn page or would like to withdraw your consent, you are welcome to contact us by email or post.

  •  Instagram

We operate an Instagram profile at https://www.instagram.com/chaeserrugg/ to communicate with our followers, customers and the Instagram community and to provide information about our products and services. When you visit our Instagram profile, personal data may be processed by Instagram or us as the profile operator.

The processing of personal data is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR or on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to provide information about our company and to interact with our followers.

Please note that we have no influence on data processing by Instagram. The processing of personal data by Instagram is carried out in accordance with Instagram's privacy policy. Further information on data processing and your rights can be found in Instagram's privacy policy: https://help.instagram.com/519522125107875.

Please note that we reserve the right to delete inappropriate posts or comments on our Instagram profile. We would like to point out that your posts or comments on our Instagram profile are publicly visible and can be read by other Instagram users.

If you have any questions about the processing of your personal data in connection with our Instagram profile or would like to revoke your consent, you are welcome to contact us by email or post.

  • YouTube-Kanal

We operate a YouTube channel at the address
https://www.youtube.com/@toggenburgbergbahnen3738 to provide videos and interact with our subscribers and the YouTube community. When you visit our YouTube channel, personal data may be processed by YouTube or us as the channel operator.

The processing of personal data is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR or on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to provide information about our company and to interact with our subscribers.

Please note that we have no influence on data processing by YouTube. The processing of personal data by YouTube is carried out in accordance with YouTube's privacy policy. Further information on data processing and your rights can be found in YouTube's privacy policy: https://policies.google.com/privacy.

We would like to point out that your activities on our YouTube channel are publicly visible and can be viewed by other YouTube users. If you have any questions about the processing of your personal data in connection with our YouTube channel or would like to withdraw your consent, you are welcome to contact us by email or post.

14. Handling applications

As part of the application process, we may collect the following personal data:

  • Contact information (e.g. name, address, email address, telephone number)
  • Professional information (e.g. CV, certificates, qualifications, references)
  • Other information that you voluntarily provide to us (e.g. letter of application, references)

We use your personal data exclusively for the application process and the evaluation of your suitability for the advertised position. This includes

The administration and processing of your application
Contacting you as part of the selection process
Assessing your qualifications and skills
Your application data will only be disclosed to internal employees and decision-makers involved in the selection process. Your data will not be passed on to third parties unless this is required by law.

We will retain your application data for a reasonable period of time in order to finalise the selection process. If your application is unsuccessful, your data will be deleted or anonymised in accordance with applicable data protection laws.

You have certain data protection rights in relation to your application data. These

include the right to access, rectify and erase your data. Please contact us to exercise your rights.

15. Can this privacy policy be amended?

This privacy policy is not part of any contract with you. We may amend this privacy policy at any time. The version published on this website is the current version.

Last updated: 26.01.2024