Data protection

The protection of your privacy is very important to us. Below we provide you with detailed information about the processing of personal data by Snowlife AG, Gotschnastrasse 16, 7250 Klosters, operator of the following websites: www.snowlife.ch

All terms used are not gender specific.

1. Person responsible

The person responsible for the processing of personal data under data protection law is:

Snowlife AG
Gotschnastrasse 16
7250 Klosters 

E-Mail: support@snowlife.ch

To assert your rights, report data protection incidents, and for suggestions and complaints regarding the processing of your personal data and to withdraw your consent, we recommend that you contact our data protection officer:

Snowlife AG
Gotschnastrasse 16
7250 Klosters

E-Mail: support@snowlife.ch

We have appointed a data protection consultant. You can reach them at support@snowlife.ch, or you can write to them with your concerns at the postal address provided with the note “To the data protection officer”.

2. Terminology

This data protection notice serves to provide information in accordance with both the Swiss Federal Data Protection Act (DSG) and the General Data Protection Regulation (GDPR). For this reason, we ask you to note that the terms of the GDPR are used due to the broader spatial application and comprehensibility. In particular, instead of the terms "processing" of "personal data", "overriding interest" and "personal data requiring particular protection" used in the Swiss DSG, the terms "processing" of "personal data" as well as "legitimate interest" and "special categories of data" used in the GDPR are used. However, the legal meaning of the terms will continue to be determined according to the Swiss DSG within the scope of the validity of the Swiss DSG.

3. Legal basis for data processing

3.1 Legal basis under Swiss data protection law (DSG)

If you are located in Switzerland, we process your data on the basis of the Federal Data Protection Act (DSG for short)

We only process personal data if the processing is lawful, carried out in good faith and proportionate (Art. 6 para. 1 and 2 of the Swiss Data Protection Act). Furthermore, we only collect personal data for a specific purpose that is recognizable to the person concerned and only process it in a way that is compatible with these purposes (Art. 6 para. 3 Data Protection Act).

3.1.1 Legal basis according to the General Data Protection Regulation (GDPR)

Below you will find a brief overview of the legal bases under the GDPR that are relevant for EU citizens. Special legal regulations in your country of residence may also apply.

3.1.2 Legal basis

• Consent (Article 6, Paragraph 1, Sentence 1, Letter a) of GDPR) - The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or for several specific purposes.
  
  
• Contract performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
  
  
• Legal obligation (Article 6 (1) sentence 1 lit. c) GDPR) - The processing is necessary to fulfill a legal obligation to which the controller is subject.
  
  
• Legitimate / overriding interests (Art. 6 para. 1 sentence 1 lit. f) GDPR / Art. 31 DSG) - Processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require protection of personal data prevail.

4. Processing of personal data

Visiting our website is generally possible without providing personal data. We collect, process and use
Your personal data on our website as follows:

4.1 Data when visiting our website

Each time our website is accessed, the web server automatically saves a so-called server log file, which contains, for example, the name of the URL accessed, the user's IP address, the date and time of access, the browser used, the amount of data transferred, the HTTP status code and the requesting provider (access data) and documents the access.

This access data is only evaluated for the purpose of ensuring trouble-free operation of the site and improving our offering. This serves to safeguard our legitimate interests in a correct presentation of our offering, which prevail within the framework of a balancing of interests.

There will be no merging with other user data records.

4.1.1 Hosting services provided by third parties

• As part of processing on our behalf, third-party providers provide us with hosting and website display services. This serves to protect our legitimate interests in the correct presentation of our offers and services, which prevail when balancing interests. Usage data (e.g. websites visited, interest in content, access times); meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status); content data (e.g. entries in online forms) from users (e.g. website visitors, users of online services) for the purpose of providing our online offer and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).). security measures are processed. The legal basis for the processing is our overriding legitimate interest.
  
  
• We use the "Content Delivery Network" (CDN) from Cloudflarenet (Shopify). A CDN is a service that helps deliver the content of an online offering, especially large media files such as graphics or program scripts, more quickly and securely using regionally distributed servers connected via the Internet.
  
  
• Types of data processed:
  Legal basis: overriding / legitimate interest (Art. 31 DSG / 6 para. 1 sentence 1 lit. f) GDPR).
  Deletion: occurs after 720 days

  4.1.2 Data deletion and storage period

• Your personal data will be deleted or blocked as soon as the purpose for storing it no longer applies. Please note that we may be required to store certain data for the duration of the legally specified period due to statutory retention periods. Data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.

4.2 Your contact via email and contact form

If you contact us, we will store and process your personal data that you provide to us in the email or via the contact form. This data is stored and used exclusively to answer your request or to contact you and the associated technical administration. This data is processed to fulfill a contract or pre-contractual measures or the processing is also in our legitimate interest without any conflicting interests on your part outweighing this, as the processing of these inquiries is in the interest of both parties. After the inquiry has been processed, we will keep the correspondence for a further three years from the end of the calendar year in which the termination takes place. After that, we will delete your data or only keep it to the extent that statutory, statutory or contractual retention periods exist or further storage is necessary to assert, exercise or defend legal claims.

4.3 Data for registering for the newsletter 

If you register for our newsletter service, your personal data (email address, surname, first name if applicable) will be stored and processed by us for the purpose of sending the newsletter. The processing of this data is based on your consent or is carried out to fulfill the contract. In this case, we will regularly send you advertising information about the services associated with our offers.

With the following information we will inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures as well as your right of objection. By subscribing to our newsletter you agree to receive it and to the procedures described.

We only send newsletters, emails and other electronic notifications with advertising information (hereinafter "newsletters") with the consent of the recipient or with legal permission. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the user's consent.

Registration for our newsletter is carried out using a so-called double opt-in process. This means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register using someone else's email address. Registrations for the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation, as well as the IP address.

The newsletter is sent via Klaviyo Inc., a newsletter distribution and marketing platform of a US company.

When using this platform, your data will be transmitted to the platform operator Klaviyo, Inc; 125 Summer Street, Floor 6, Boston; MA 02110 USA and processed on their servers. The transmission and processing take place with your consent. The service provider is bound by our instructions on the basis of standard contractual clauses and has implemented additional security measures.

4.3.1 Login data

To subscribe to the newsletter, simply provide your email address.

The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from the server when the newsletter is opened. As part of this retrieval, technical information such as information about the browser and your system, as well as your IP address and the time of retrieval, is initially collected. This information is used to technically improve the services
based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our aim to observe individual users. The evaluations help us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

There are cases in which we direct newsletter recipients to the websites of the above-mentioned provider. For example, our newsletters contain a link that newsletter recipients can use to access the newsletter online (e.g. if there are display problems in the email program). Newsletter recipients can also subsequently correct their data, such as their email address. Likewise, Klavio Inc.'s privacy policy can only be accessed on their website.

In this context, we would like to point out that cookies are used on the websites of the named provider and thus personal data is processed by this provider, its partners and the service providers used (e.g. Google Analytics). We have no influence on this data collection. Further information can be found in the privacy policy of klaviyo, Inc. We would also like to draw your attention to the options for objecting to the collection of data for advertising purposes on the websites and (for the European area).

4.3.2 Cancellation of the newsletter

You can cancel your subscription to our newsletter at any time, i.e. revoke your consent. This will also revoke your consent to the sending of the newsletter and the statistical analyses. Unfortunately, it is not possible to revoke the sending of the newsletter or the statistical analysis separately.
You can also unsubscribe from the newsletter at any time by contacting the address provided under section 1 or by unsubscribing via the unsubscribe link at the end of each newsletter. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list.

After unsubscribing, we will block your email address unless you have expressly consented to further use of your data or we reserve the right to use the data in any other way that is permitted by law and about which we will inform you in this declaration.

4.4 E-mail advertising without registration for the newsletter and your right of objection

If we receive your email address in connection with the sale of a service or product and you have not objected, we reserve the right to regularly send you offers for similar products and services from our range by email. This serves to protect our legitimate interests in advertising to our customers, which prevail in the context of a balancing of interests.

You can object to this use of your e-mail address at any time by sending a message to the contact option described in the imprint or via a link provided for this purpose in the advertising e-mail.

4.5 Data processing when opening a customer account and for contract processing

You have the option of creating a customer account as part of your order in our web shop. In accordance with Art. 6 DSG and Art. 6 Paragraph 1 Letter b of GDPR, personal data will continue to be collected and processed to the extent required if you provide it to us when opening a customer account. You can find out which data is required to open an account in the input mask of the corresponding form on our website. You can delete your customer account at any time and can do so by sending a message to the above-mentioned address of the person responsible. After your customer account has been deleted, your data will be deleted provided that all contracts concluded through it have been fully processed, there are no statutory retention periods to the contrary and we have no legitimate interest in continuing to store the data.

4.5.1 Data processing for order processing

To the extent necessary for the execution of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution.
If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact details you provided when ordering (name, address, email address) in order to inform you personally about upcoming updates within the legally stipulated period by suitable communication channels (e.g. by post or email) within the scope of our statutory information obligations in accordance with Art. 6 Paragraph 1 Letter c GDPR. Your contact details will be used strictly for the purpose of notifications about updates owed by us and will only be processed by us for this purpose to the extent that this is necessary for the respective information. To process your order, we also work with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

4.5.2 Use of payment service providers (payment services)

To pay for goods in our e-shop, we offer the following payment options/service providers.

• TWINT
• Worldline Online Payments 
• credit card payment

Depending on your choice of preferred payment method, you will be redirected to the website of the respective service provider to make the payment, which has been transmitted in encrypted form to your selected service provider.

The payment service providers’ terms and conditions and data protection regulations apply on their websites.

• Worldline Online Payments 
• TWINT 

4.5.3 Functionalities of the webshop

To ensure the functionality of our web shop, we use cookies which, for example, save your shopping cart, recognize you when you have made a payment or want to continue shopping.
These functionalities are essential and do not require consent due to the functionality expected from our customers.
We share your personal information with third parties who help us use your personal information as described above. We use Shopify to operate our online store. You can find more information about how Shopify uses your personal information here.

4.6 B2B area and customer registration

We offer a B2B area on our website for which registration is required. As part of the registration process, we collect the following personal data: first name, last name, company name, company address and your email address. You also set a user name and password that you can use to log into the B2B area in the future.

This data is used exclusively to manage your user account, to fulfill contractual obligations and to process your inquiries and orders. The data is processed in accordance with Art. 6 Para. 1 lit. b GDPR and, where applicable, the corresponding provisions of the Swiss Data Protection Act (DSG), as the processing is necessary to fulfill a contract or to carry out pre-contractual measures.

The data will not be passed on to third parties unless this is required by law, necessary to fulfill the contract or you have given your express consent. Transfer to third countries only takes place in compliance with the legal provisions (Art. 44 ff. GDPR or Art. 16 ff. DSG).

Your data will be stored as long as your user account is active. You have the right to request deletion of your account at any time, which will result in the immediate deletion of your personal data, unless legal retention obligations (e.g. for tax reasons) require longer storage. In this case, the data will be blocked for further use and deleted after the retention period has expired.

4.6.1 Data deletion and storage period 

Deletion of Customer data

You have the option of deleting your customer account. All you need to do is send an email to the designated data protection officer.

The following also applies in connection with our web shop: We delete the data after the expiry of statutory warranty and similar obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g. as long as it must be kept for legal archiving reasons. The statutory retention period is ten years for documents relevant to tax law, as well as for commercial books, inventories, opening balance sheets, annual financial statements, the work instructions required to understand these documents and other organizational documents and accounting documents, and six years for received commercial and business letters and reproductions of sent commercial and business letters.

5. Data transmission / data transfer to third parties

As a matter of principle, we do not pass on any personal data to third parties unless this is necessary to fulfil the contract (for example, transmission of address data to the shipping company when placing orders), otherwise permitted by relevant legal provisions or you have given your consent.

The recipients of this data may include, among others, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

5.1 Returns to Snowlife AG

Returns are processed directly by Snowlife AG, Gotschnastrasse 16, 7250 Klosters. As part of the return process, personal data such as your name, address and contact details are passed on to Snowlife AG ​​in order to properly process the return and refund. The data is passed on exclusively for this purpose and is based on the legal basis of Art. 6 Para. 1 lit. b GDPR (performance of the contract) and, where applicable, Art. 31 of the Swiss Data Protection Act (DSG), which permits data processing to fulfill a contract.

Snowlife AG ​​is contractually obliged to use personal data exclusively for the purpose of processing returns and to comply with the provisions of the GDPR and the Swiss Data Protection Act (DSG). In particular, the company ensures that all necessary security measures are taken to guarantee the protection of your data. The data will not be passed on to third parties unless this is required by law.

Your personal data will be deleted or blocked after the return has been fully processed and any statutory retention periods have been met.

5.2 International data transfers

According to Article 16 of the Swiss Data Protection Act, exceptions to the disclosure of data abroad may be permitted if certain conditions are met, including the consent of the data subject, contract execution, public interest, protection of life or physical integrity, data made public or data from a legally provided register. These disclosures are always made in accordance with the legal requirements.

In accordance with the Swiss Data Protection Act (DSG), we only disclose personal data abroad if adequate protection of the data subjects is guaranteed (Art. 16 DSG). If the Federal Council does not determine adequate protection, we take alternative security measures. These may include international treaties, specific guarantees, data protection clauses in contracts, standard data protection clauses approved by the Federal Data Protection and Information Commissioner (FDPIC) or internal company data protection rules approved in advance by the FDPIC or a competent data protection authority in another country.

If we process data from EU citizens in a third country as defined by the GDPR (i.e. for EU citizens - outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transmission of data to other persons, bodies or companies, this will only be done in accordance with the legal requirements.

Subject to your express consent or contractually or legally required transfers (see Art. 49 GDPR), we only have the data processed in third countries with a recognized level of data protection (Art. 45 GDPR), in the presence of and compliance with contractual obligations through so-called standard protection clauses of the EU Commission (Art. 46 GDPR) or in the presence of certifications or binding internal data protection regulations (see Art. 44 to 49 GDPR, information page of the EU Commission.

The Swiss-U.S. Data Privacy Framework and the EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called “Data Privacy Framework” (DPF), Switzerland and the EU Commission have also recognized the level of data protection for certain companies from the USA as secure as part of the adequacy decision. The list of certified companies as well as further information on the DPF can be found on the website of the US Department of Commerce.

Please note that in order to perform a contract (e.g. when you place an order through the Website) or to pursue our stated legitimate business interests, your data will be transferred to and processed outside of Europe, including Canada and the United States.

6. Technologies on the website

Use of cookies and other technologies (local storage)

In order to make visiting our websites more attractive and to enable the use of certain functions, to display suitable products or for market research, we use so-called cookies on various pages. This serves to protect our legitimate interests in an optimized presentation of our offer, which prevail in the context of a balancing of interests.
Cookies are small text files that are automatically saved on your device. Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on the user's device and enable us to recognize the browser on the next visit (persistent cookies).
You can view the storage period, type of cookies, etc. in our Cookie Policy [https://snowlifech.myshopify.com/?manage_preferences=1], or you can find an overview in the cookie settings of your web browser.
When using our websites, technically necessary cookies are required, which you cannot opt ​​out of. You can give your consent to the use of all other cookies. You can revoke this consent at any time by

1. Change your consent here
2. In the browser settings, exclude the acceptance of cookies and delete cookies that have already been set.

However, if you do not accept cookies, the functionality of our website may be limited. You can also set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or generally exclude the acceptance of cookies for certain cases or certain websites.

Each browser differs in the way it manages cookie settings. For more information about cookies and how to accept or reject them, please visit the following links from the relevant browser providers:

• InternetExplorer™
  
• Safari™: 
• Chrome™:
  
• Firefox™: 
• Opera™

An objection to the use of cookies for online marketing purposes can also be declared via the websites or here.

We also use so-called local storage functions on our website. Data is stored locally in your browser's cache and can continue to exist and be read even after you close the browser - unless you delete the cache or it is session storage.
Third parties cannot access the data stored in local storage. If special plugins or tools use the local storage functions, this is described in the respective plugin or tool.
If you do not want plugins or tools to use local storage functions, you can control this in the settings of your respective browser. We would like to point out that this may lead to functional limitations.

When using cookies or other similar technologies, your data may be transferred to recipients outside Switzerland and the EEA where there is no adequate level of data protection in accordance with the DSG and/or GDPR.

We use a cookie consent management process within which users' consent to the use of cookies and similar technologies, or the processing and providers mentioned in the cookie consent management process, can be obtained, managed and revoked by users. The declaration of consent is saved so that it does not have to be requested again and consent can be proven in accordance with the legal obligation. Storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies) in order to be able to assign consent to a user or their device. Subject to individual information about the providers of cookie management services, the following information applies: The consent can be stored for up to two years. A pseudonymous user identifier is created and saved with the time of consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) and the browser, system and device used.

• TinyCookie: Cookie consent management;
  Service provider: TinyCookieHosting on TinyCookie's servers. Data is not passed on to third parties;
  Website:
  Further information: An individual user ID, language, types of consent and the time of their submission are stored on the server side and in the cookie on the user's device.
  
  
• DO NOT TRACK: Please note that we will not alter our website's data collection and use practices when we receive a "Do Not Track" signal from your browser

7. Use of analysis tools

When using the analysis tools, your data may be transmitted to recipients outside Switzerland and the EEA where there is no adequate level of data protection in accordance with the DSG and/or GDPR.

7.1 Google Analytics 

If you have given your consent, this website uses Google Analytics 4, a web analysis service provided by Google LLC. The responsible body for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

7.2 Scope of processing

Google Analytics uses cookies that enable us to analyze your use of our website. The information collected through the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

With Google Analytics 4, IP address anonymization is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. During your visit to the website, your user behavior is recorded in the form of "events". Events can be:

• page views
• First time visiting the website
• start of the session
• Your “click path”, interaction with the website
• Scrolls (whenever a user scrolls to the end of the page (90%))
• clicks on external links
• internal search queries
• interaction with videos
• file downloads
• ads viewed / clicked
• language setting

In addition, the following is recorded:

• Your approximate location (region)
• your IP address (in abbreviated form)
• technical information about your browser and the devices you use (e.g. language settings, screen resolution)
• your internet provider
• the referrer URL (via which website/advertising medium you came to this website)

7.2.1 Purposes of processing

On behalf of the operator of this website, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

7.2.2 Recipient

Recipients of the data are/may be Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR) Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
It cannot be ruled out that US authorities will access the data stored by Google.

7.2.3 Third country transfer

If data is processed outside the EU/EEA and there is no data protection level corresponding to the European standard, we have concluded standard contractual clauses with the service provider to ensure an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. Transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within Switzerland, the EU/EEA. You may not have any legal remedies against access by authorities.

7.2.4 Storage period

The data we send and linked to cookies is automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

7.2.5 Legal basis

The legal basis for this data processing is your consent in accordance with Art.6 Para.1 S.1 lit.a GDPR.

7.2.6 Revocation

You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The legality of the processing carried out on the basis of the consent until the revocation remains unaffected. You can also prevent cookies from being saved in advance by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in restricted functionality on this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by

     a. Do not give your consent to the setting of the cookie or
     b. Download and install the browser add-on to deactivate Google Analytics. 

You can find more information on the terms of use of Google Analytics and data protection at Google here and here.

7.3 Google Ads Remarketing 

Our website uses the remarketing function of the Google Ads service. This function is used to present interest-based advertisements to visitors to the website as part of the Google advertising network. The browser of the website visitor stores so-called "cookies", text files that are stored on your computer and that make it possible to recognize the visitor when he or she visits websites that belong to the Google advertising network. On these pages, the visitor can then be presented with advertisements that relate to content that the visitor has previously viewed on websites that use the Google remarketing function. According to Google, no personal data is processed during this process. In particular, according to Google, pseudonymization is used in remarketing.

The service is legitimized by the conclusion of a contract between Homerunner GmbH and Google and your consent.

However, if you do not wish to use Google's remarketing function, you can always deactivate it by making the appropriate settings under. Alternatively, you can deactivate the use of cookies for interest-based advertising via the advertising network initiative by following the instructions here. Further information on Google Remarketing and Google's privacy policy can be found here.

 

8. Other applications used 

8.1 Google Fonts

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you establish a connection to Google Ireland Limited servers, whereby your IP address is transmitted. The use of Google Fonts is based on our balancing of interests or our legitimate interests, i.e. interest in a uniform provision and optimization of our online offering. The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Fonts:

8.2 Google ReCaptcha 

Our website uses the ReCaptcha service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
This plugin checks whether a request in our contact form comes automatically from a robot.
The service includes sending your IP address and, if applicable, other data required by Google for the ReCaptcha service to Google. The different data protection regulations of the company Google apply to this data.
You can access Google’s privacy policy and further information at the following link.

9. Rights of data subjects

As a Swiss citizen and data subject, you are entitled to the following rights in accordance with the provisions of the DSG:

• Right to information according to Art. 25 DSG: You have the right to request confirmation as to whether personal data concerning you is being processed and to receive the information necessary to enable you to assert your rights under this law and to ensure transparent data processing.
  
  
• Right to data disclosure or transfer according to Art. 28 DSG: You have the right to request the disclosure of your personal data that you have provided to us in a common electronic format.
  
  
• Right to rectification according to Art. 32 DSG: You have the right to request the rectification of inaccurate personal data concerning you.
  
  
• Right to object, deletion and destruction according to Art. 32 DSG: You have the right to object to the processing of your data and to request that the personal data concerning you be deleted or destroyed

As an EU citizen, you as the data subject are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

• Right to object: You have the right to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (e) or (f) GDPR, for reasons related to your particular situation; this also applies to profiling based on these provisions. If the personal data concerning you are processed in order to conduct direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct advertising.
  
  
• Right to withdraw consent: You have the right to withdraw consent at any time.
  
  
• Right to information: You have the right to request confirmation as to whether data concerning you is being processed and to request information about this data as well as further information and a copy of the data in accordance with legal requirements.
  
  
• Recht auf Berichtigung: Sie haben entsprechend den gesetzlichen Vorgaben das Recht, die Vervollständigung der Sie betreffenden Daten oder die Berichtigung der Sie betreffenden unrichtigen Daten zu verlangen.
  
  
• Right to rectification: You have the right, in accordance with the statutory provisions, to request that the data concerning you be completed or that inaccurate data concerning you be rectified.
  
  
• Right to data portability: You have the right to receive the data concerning you that you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements or to request that it be transmitted to another controller.
  
  
• Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you violates the provisions of the GDPR.

You can also address your complaint to the Swiss data protection supervisory authority. You can reach the Federal Data Protection and Information Commissioner (FDPIC):

10. Online presence of social media 

We maintain so-called fan pages, accounts or channels on the networks mentioned in order to provide you with information and offers within social networks and to offer you further ways to contact us and find out about our offers. Below we will inform you about which data we or the respective social network process in connection with your access to and use of our fan pages/accounts.

10.1 Data that we process from you

If you would like to contact us via messenger or direct message via the respective social network, we generally process your user name that you use to contact us and, if necessary, store other data that you provide to the extent that this is necessary to process/answer your request.
The legal basis is Art. 6 Para. 1 Sentence 1 f) GDPR (processing is necessary to protect the legitimate interests of the controller).

10.1.1 (Static) usage data that we receive from social networks

We receive automated statistics about our accounts via insights functions. The statistics include the total number of page views, likes, information on page activities and post interactions, reach, video views/views and information on the proportion of men/women among our fans/followers.
The statistics only contain aggregated data that cannot be related to individual people. We cannot identify them through this.

10.1.2 Which data the social networks process from you

In order to view the content of our fan pages or accounts, you do not have to be a member of the respective social network and no user account is required for the respective social network.

Please note, however, that when you access the respective social network, the social networks also collect and store data from website visitors without a user account (e.g. technical data in order to be able to show you the website) and use cookies and similar technologies over which we have no influence. You can find details in the data protection regulations of the respective social network (see the relevant links above)

If you want to interact with the content on our fan pages/accounts, e.g. comment on, share or like our postings/contributions and/or contact us via messenger functions, you must first register with the respective social network and provide personal data.

We have no influence on the data processing by the social networks in the context of your use. To the best of our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, and also to analyze user behavior (using cookies, pixels/web beacons and similar technologies) on the basis of which advertising based on your interests is displayed both within and outside the respective social network. It cannot be ruled out that your data will also be stored by the social networks outside Switzerland, the EU/EEA and passed on to third parties.

Information on the exact scope and purposes of the processing of your personal data, the storage period/deletion and guidelines on the use of cookies and similar technologies in the context of registration and use of the social networks can be found in the data protection provisions/cookie guidelines of the social networks. There you will also find information on your rights and options for objection.

10.2 Facebook page

When you visit our Facebook pages, Meta records your IP address and other information that is available on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more information on this at the following link.

Using the statistical information transmitted, we are unable to draw conclusions about individual users. We only use this to respond to the interests of our users and to continuously improve our online presence and ensure its quality.

We only collect your data via our fan pages in order to make it possible for you to communicate and interact with us. This collection usually includes your name, message content, comment content and the profile information you have made "public".

The processing of your personal data for the purposes stated above is based on our legitimate business and communicative interest in offering an information and communication channel. If you as a user have given your consent to the respective provider of the social network for data processing, the processing extends to this legal basis.

Due to the fact that the actual data processing is carried out by the provider of the social network, our access options to your data are limited. Only the provider of the social network is authorized to have full access to your data. Due to this, only the provider can directly take and implement appropriate measures to fulfill your user rights
(request for information, request for deletion, objection, etc.). The most effective way to assert corresponding rights is therefore directly with the respective provider.

We are jointly responsible with Meta for the personal content of the fan pages. The rights of those affected can be asserted with Meta Ireland and with us.

According to the GDPR, the primary responsibility for processing insights data lies with Meta and Meta fulfills all obligations under the GDPR with regard to the processing of insights data, Meta Ireland makes the essentials of the Page Insights Supplement available to the data subjects.

We do not make any decisions regarding the processing of insights data and all other resulting information, including the legal basis, identity of the controller and storage period of cookies on user devices.

You can find further information directly here on Facebook (supplementary agreement with Facebook).

We expressly point out again that when using the platforms we use, user data may be processed outside Switzerland and the European Union. This can result in risks for users because, for example, it could make it more difficult to enforce users' rights.

The purpose and scope of data collection and the further processing and use of the data by the social networks mentioned, as well as the related rights and setting options for protecting users' privacy, can be found in the data protection information of the individual websites.

Further settings and objections to the use of data for advertising purposes are possible within the respective profile settings of the social networks. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.

10.2 Instagram page

When you visit our Instagram pages, Instagram records your IP address and other information that is available on your PC in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. Instagram provides more information on this at the following link,

Using the statistical information transmitted, it is not possible for us to draw conclusions about individual users. We only use this to respond to the interests of our users and to continuously improve our online presence and ensure its quality.

We only collect your data via our fan pages in order to make it possible for you to communicate and interact with us. This collection usually includes your name, message content, comment content and the profile information you have made "public".

The processing of your personal data for the purposes stated above is based on our legitimate business and communicative interest in offering an information and communication channel. If you as a user have given your consent to the respective provider of the social network for data processing, the processing extends to this legal basis.

Due to the fact that the actual data processing is carried out by the provider of the social network, our access options to your data are limited. Only the provider of the social network is authorized to have full access to your data. Due to this, only the provider can directly take and implement appropriate measures to fulfill your user rights
(request for information, request for deletion, objection, etc.). The most effective way to assert corresponding rights is therefore directly with the respective provider.

We are jointly responsible with Instagram for the personal content of the fan page. The rights of those affected can be asserted with Meta Ireland and with us.

The primary responsibility for the processing of insights data lies with Meta and Meta fulfills all obligations under the GDPR with regard to the processing of insights data, Meta Ireland makes the essence of the Page Insights Supplement available to the data subjects.

We do not make any decisions regarding the processing of insights data and all other resulting information, including the legal basis, identity of the controller and storage period of cookies on user devices. Further information can be found here directly on Instagram (supplementary agreement with Facebook)

10.3 LinkedIn page

Our company operates a social media channel on the LinkedIn platform.

According to the ruling of the European Court of Justice (ECJ) of June 5, 2018, case no. C-210/16, the operator of social media pages is at least jointly responsible for data processing, at least for Facebook fan pages, within the meaning of Art. 26 GDPR.

To date, we are not aware of LinkedIn offering an agreement that meets the requirements of Art. 26.

We only process your data if you contact our HR department via the LinkedIn platform or apply for a job advertised via LinkedIn for these purposes. In this case, LinkedIn collects your data and makes it available to us.

The legal basis for the processing of personal data is, depending on the case, processing for the initiation and execution of a contract with you or on the basis of our legitimate interest in communicating with users and our external presentation for advertising purposes.

If you have given your consent to the provider of the social network for the data processing described above with effect for us, the legal basis is Art. 6 Paragraph 1 Letter a of GDPR.

In this case, storage and further processing by us may also take place.

We may also collect data from visitors to our company page, provided that the display as a visitor can be defined as processing.

However, we do not store this data on our own systems, nor do we systematically process it further beyond occasional reading.

For these processing steps, our information regarding the responsible body, the data protection officer and the declaration of your rights as a data subject applies.

For any further processing, we would like to point out that the privacy policy of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter: LinkedIn) applies to our LinkedIn company page. Further information on the processing of personal data by LinkedIn can be found here. 

10.4 YouTube

Within our online offering, we embed videos from the “YouTube” platform of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). For this purpose, the Javascript library for embedding videos is loaded from the YouTube server. The YouTube server is informed which of our pages have been visited.

If you are logged into your YouTube account, you allow Google to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

The legal basis for the processing of personal data using cookies in connection with the use of YouTube is Art. 6 Para. 1 lit. a GDPR if consent has been given in this regard.

Google is bound to us by standard contractual clauses and thus offers a guarantee to comply with Swiss and European data protection law.

You can find more information on how user data is handled in Google’s privacy policy here.

11. Retention period and deletion

We retain personal data for as long as the person concerned gives us their consent, it is necessary for the processing of the relevant legal relationship and/or it is required by law. After this, the personal data is deleted in the best possible and appropriate way.

After the contract has been fully processed or an account has been deleted, the associated data will be restricted for further processing and deleted after the tax and commercial retention periods have expired, unless you have expressly consented to further use of your data or we reserve the right to use the data in any other way that is permitted by law and about which we will inform you in this declaration. You can delete your account at any time and can do so either by sending a message to the contact option described in the imprint or via a function provided for this purpose in the account.

12. Safety measures

In accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

The measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, securing availability and separation of data. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to threats to data. Furthermore, we take the protection of personal data into account when developing or selecting hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

13. Changes to this Privacy Policy

If legally and/or actually necessary, this privacy policy will be adapted or amended.

CH-Klosters, last updated on 18.11.2024