Privacy Policy

With this Privacy Policy, we inform about the personal data we process in connection with our activities and operations, including our seilbahnen.ch website. We specifically address the reasons, methods, and locations of our data processing. We also inform about the rights of individuals whose data we process.

For individual or additional activities and operations, other privacy policies, and other legal documents, such as General Terms and Conditions (GTC), Terms of Use, or Participation Conditions, may apply.

We are subject to Swiss data protection law and any applicable foreign data protection law, especially that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.

1. Contact Addresses

Responsibility for the processing of personal data:

Inauen-Schätti AG
Tschachen 1
CH-8762 Schwanden

info@seilbahnen.ch

We indicate if there are other responsible parties for the processing of personal data in individual cases.

2. Definitions and Legal Foundations

2.1 Definitions

Personal data are all details that refer to a specific or identifiable natural person. An affected person is someone whose personal data we process.

Processing encompasses every handling of personal data, regardless of the methods and means used, such as querying, matching, adapting, archiving, storing, reading, disclosing, acquiring, capturing, collecting, deleting, revealing, sorting, organizing, storing, changing, distributing, linking, destroying, and using personal data.

The European Economic Area (EEA) comprises the member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personally identifiable information.

2.2 Legal Foundations

We process personal data in accordance with Swiss data protection law, in particular, the Federal Data Protection Act (Datenschutzgesetz, DSG) and the Data Protection Ordinance (Datenschutzverordnung, DSV).

We process – provided and as far as the General Data Protection Regulation (GDPR) is applicable – personal data according to at least one of the following legal bases:

• Art. 6 Para. 1 lit. b GDPR for the necessary processing of personal data for the performance of a contract with the affected person and for carrying out pre-contractual measures.
• Art. 6 Para. 1 lit. f GDPR for the necessary processing of personal data to protect our legitimate interests or those of third parties, unless the basic freedoms and rights and interests of the affected person outweigh them. Legitimate interests include our interest in conducting our activities and operations sustainably, user-friendly, securely, and reliably and in communicating about them, ensuring information security, protection against misuse, enforcement of our legal claims, and compliance with Swiss law.
• Art. 6 Para. 1 lit. c GDPR for the necessary processing of personal data to comply with a legal obligation to which we may be subject under any applicable law of member states in the European Economic Area (EEA).
• Art. 6 Para. 1 lit. e GDPR for the necessary processing of personal data for the performance of a task in the public interest.
• Art. 6 Para. 1 lit. a GDPR for processing personal data with the consent of the affected person.
• Art. 6 Para. 1 lit. d GDPR for the necessary processing of personal data to protect the vital interests of the affected person or another natural person.

3. Type, Scope, and Purpose

We process those personal data that are necessary to carry out our activities and operations continuously, user-friendly, safely, and reliably. Such personal data can especially fall into the categories of inventory and contact data, browser and device data, content data, meta or ancillary data and usage data, location data, sales data, as well as contract and payment data.

We process personal data for the duration required for the respective purpose or purposes or as required by law. Personal data that is no longer required to be processed will be anonymized or deleted.

We may have personal data processed by third parties. We can process personal data together with third parties or transfer it to third parties. Such third parties are especially specialized providers whose services we use. We also ensure data protection with such third parties.

We generally process personal data only with the consent of the affected persons. If and insofar as processing is permitted for other legal reasons, we may refrain from obtaining consent. For example, we can process personal data without consent to fulfill a contract, to comply with legal obligations, or to safeguard overriding interests.

In this context, we process in particular information that an affected person voluntarily transmits to us when making contact – for example, by regular mail, email, instant messaging, contact form, social media, or telephone – or when registering for a user account. We may, for example, store such details in an address book, in a Customer-Relationship-Management system (CRM system), or with similar tools. If we receive data about other people, the transmitting persons are obliged to ensure data protection towards these people and to ensure the accuracy of these personal data.

We also process personal data that we obtain from third parties, procure from publicly accessible sources, or collect during our activities and operations, provided and insofar as such processing is legally permissible.

4. Applications

We process personal data of applicants to the extent necessary to assess their suitability for an employment relationship or for the subsequent execution of an employment contract. The necessary personal data primarily results from the requested information, for instance, as part of a job advertisement. Furthermore, we process those personal data that applicants voluntarily communicate or publish, especially as part of cover letters, resumes, and other application documents, as well as online profiles.

If and insofar as the General Data Protection Regulation (GDPR) is applicable, we process personal data of applicants especially according to Art. 9 Para. 2 lit. b GDPR.

We may allow applicants to store their details in our Talent Pool so that we can consider them for future vacancies. We may also use such details to maintain contact and inform about news. If we believe an applicant might be suitable for an open position based on their details, we may inform the applicant accordingly.

We use third-party services to advertise positions through E-Recruitment and to facilitate and manage applications.

5. Personal Data Abroad

We process personal data primarily in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, especially to process or have it processed there.

We can export personal data to all countries and territories on Earth and elsewhere in the universe, provided the local law ensures adequate data protection according to a decision of the Swiss Federal Council and – if and as long as the General Data Protection Regulation (GDPR) is applicable – according to a decision of the European Commission.

We can transfer personal data to countries whose law does not ensure adequate data protection, provided other reasons guarantee data protection, especially based on standard data protection clauses or other appropriate guarantees. Exceptionally, we can export personal data to countries without adequate or suitable data protection if the specific data protection requirements are met, for example, the explicit consent of the affected persons or a direct connection with the conclusion or execution of a contract. Upon request, we will gladly inform affected persons about possible guarantees or provide a copy of any guarantees.

6. Rights of Affected Individuals

6.1 Data Protection Rights

We grant affected individuals all rights in accordance with applicable data protection law. Affected individuals especially have the following rights:

• Information: Affected individuals can inquire whether we process personal data about them, and if so, which personal data this concerns. They also receive information necessary to assert their data protection rights and ensure transparency. This includes the processed personal data as such, but also, among other things, information on the purpose of the processing, the duration of storage, any disclosure or potential export of data to other countries, and the origin of the personal data.
• Correction and Restriction: Affected individuals can correct incorrect personal data, complete incomplete data, and request the restriction of their data processing.
• Deletion and Objection: Affected individuals can have personal data deleted (the "right to be forgotten") and object to the processing of their data with effect for the future.
• Data Release and Data Transfer: Affected individuals can request the release of personal data or the transfer of their data to another responsible party.

We can postpone, restrict, or deny the exercise of the rights of affected individuals within the legally permissible framework. We can point out to affected individuals any prerequisites for asserting their data protection rights. For example, we can partially or wholly deny information, citing trade secrets or the protection of other individuals. Similarly, we can partially or wholly deny the deletion of personal data, citing statutory retention obligations.

We can exceptionally charge for the exercise of rights. We will inform affected individuals in advance about any costs.

We are obligated to identify affected individuals who request information or assert other rights using appropriate measures. Affected individuals are required to cooperate.

6.2 Right to Complain

Affected individuals have the right to legally enforce their data protection rights or file a complaint with a responsible data protection supervisory authority.

The supervisory authority for private entities and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Affected individuals – if and insofar as the General Data Protection Regulation (GDPR) applies – have the right to file a complaint with a responsible European data protection supervisory authority.

7. Data Security

We take appropriate technical and organizational measures to ensure data security commensurate with the respective risk. However, we cannot guarantee absolute data security.

Access to our website is via transport encryption (SSL / TLS, especially with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.

Our digital communication is – as is fundamentally the case with all digital communication – subject to mass surveillance without reason or suspicion and other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence on the respective processing of personal data by intelligence agencies, police stations, and other security authorities.

8. Use of the Website

8.1 Cookies

We may use cookies. Cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data does not have to be limited to traditional text-based cookies.

Cookies can be stored temporarily as "session cookies" in the browser or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specified storage duration. Cookies especially allow a browser to be recognized when visiting our website again, thereby, for example, measuring the reach of our website. Permanent cookies can also be used for online marketing.

Cookies can be disabled or deleted in the browser settings at any time, either entirely or in part. Without cookies, our website might not be fully available. We ask – at least where and when required – for explicit consent to the use of cookies.

For cookies used for success and reach measurement or advertising, a general objection (opt-out) is possible for numerous services through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

8.2 Server Log Files

We can record the following details for each access to our website, provided they are transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual subpage of our website accessed including the amount of data transferred, and the last website accessed in the same browser window (referrer).

We store such details, which may also be personal data, in server log files. This information is necessary to permanently, user-friendly, and reliably provide our website and to ensure data security, especially the protection of personal data – even by third parties or with the help of third parties.

8.3 Tracking Pixels

We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – including those from third parties whose services we use – are small, typically invisible images that are automatically retrieved when visiting our website. Tracking pixels can capture the same information as server log files.

9. Social Media

We are present on social media platforms and other online platforms to communicate with interested parties and to inform about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).

The general terms and conditions (GTC) and terms of use as well as privacy statements and other provisions of the individual operators of such platforms also apply. These provisions provide information about the rights of affected persons directly vis-à-vis the respective platform, including, for example, the right to information.

For our social media presence on Facebook, including the so-called page insights, we are – if and to the extent the General Data Protection Regulation (GDPR) applies – jointly responsible with Meta Platforms Ireland Limited (Ireland). The Meta Platforms Ireland Limited is part of the Meta companies (including in the USA). The page insights provide information on how visitors interact with our Facebook presence. We use page insights to effectively and user-friendly offer our social media presence on Facebook.

Further information on the type, scope, and purpose of data processing, information on the rights of affected persons, and the contact details of Facebook as well as the data protection officer of Facebook can be found in the privacy policy of Facebook. We have concluded the so-called "Addendum for Responsible Parties" with Facebook and thus agreed in particular that Facebook is responsible for ensuring the rights of affected persons. The relevant information on the so-called page insights can be found on the page "Information on Page Insights" including "Information on Page Insights Data".

10. Third Party Services

We use services from specialized third parties to permanently, user-friendly, securely, and reliably carry out our activities and operations. With such services, we can embed functions and content into our website. When embedding, the services used technically necessarily capture at least temporarily the Internet Protocol (IP) addresses of users.

For necessary security-relevant, statistical, and technical purposes, third parties whose services we use can process data related to our activities and operations in an aggregated, anonymized, or pseudonymized manner. This includes, for example, performance or usage data to be able to offer the respective service.

We use in particular:

• Services from Google: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and in Switzerland; General data protection information: "Principles on Data Protection and Security", Privacy Policy, "Google is committed to compliance with applicable data protection laws", "Guide to Data Protection in Google Products", "How we use data from websites or apps where our services are used" (Google information), "Types of cookies and other technologies used by Google", "Personalized Advertising" (Activation / Deactivation / Settings).
• Services from Microsoft: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the UK, and Switzerland; General data protection information: "Data Protection at Microsoft", "Data Protection and Privacy (Trust Center)", Privacy Statement, Data Protection Dashboard (Data and Privacy Settings).

10.1 Digital Infrastructure

We use services from specialized third parties to be able to make use of the necessary digital infrastructure in connection with our activities and tasks. This includes, for example, hosting and storage services from selected providers.

10.2 Scheduling

We use services from specialized third parties to be able to schedule appointments online, for example for meetings. In addition to this privacy policy, any directly visible conditions of the services used, such as terms of use or privacy policies, also apply.

10.3 Audio and Video Conferencing

We use specialized services for audio and video conferencing to be able to communicate online. For example, we can hold virtual meetings or conduct online classes and webinars. The legal texts of the individual services, such as privacy policies and terms of use, apply in addition to participation in audio and video conferences.

We recommend that, depending on the situation, you mute your microphone by default when participating in audio or video conferences, blur the background, or use a virtual background.

We especially use:

• Microsoft Teams: Platform for audio and video conferences among other things; Provider: Microsoft; Teams-specific information: "Privacy and Microsoft Teams".
• Zoom: Video Conferencing; Provider: Zoom Video Communications Inc. (USA); Privacy information: Privacy Policy, "Privacy at Zoom", "Legal Compliance Center".

10.4 Map Material

We use services from third parties to embed maps into our website.

We especially use:

• OpenStreetMap (OSM): Map Service; Provider: OpenStreetMap Foundation (UK); Privacy information: Privacy Policy.

10.5 Digital Audio and Video Content

We use services from specialized third parties to allow the direct playback of digital audio and video content, such as music or podcasts.

We especially use:

• YouTube: Video Platform; Provider: Google; YouTube-specific information: "Privacy and Security Center", "My Data on YouTube".

11. Success and Reach Measurement

We aim to determine how our online services are used. In this context, we can, for example, measure the success and reach of our activities and operations as well as the impact of third-party links on our website. We can also test and compare how different parts or versions of our online service are used (the "A/B test" method). Based on the results of the success and reach measurement, we can particularly fix errors, strengthen popular content, or make improvements to our online service.

For the success and reach measurement, in most cases, the Internet Protocol (IP) addresses of individual users are stored. In this case, IP addresses are generally shortened ("IP-masking") to follow the principle of data minimization through appropriate pseudonymization.

In the success and reach measurement, cookies may be used, and user profiles created. Any user profiles created might, for instance, include the individual pages visited or content viewed on our website, information about the size of the screen or browser window, and the - at least approximate - location. Generally, any user profiles are exclusively pseudonymized and not used to identify individual users. Some third-party services where users are registered can possibly assign the use of our online service to the user account or user profile of the respective service.

We particularly use:

• Google Analytics: Success and reach measurement; Provider: Google; Specific information about Google Analytics: Measurement across different browsers and devices (Cross-Device Tracking) and with pseudonymized Internet Protocol (IP) addresses that are only exceptionally fully transferred to Google in the USA, "Privacy", "Browser Add-on to deactivate Google Analytics".
• Google Tag Manager: Integration and management of other services for success and reach measurement as well as other services from Google and third parties; Provider: Google; Specific information about Google Tag Manager: "Data collected with Google Tag Manager"; further privacy information can be found with the individual integrated and managed services.

12. Final Provisions

We created this privacy statement using the Privacy Generator from Datenschutzpartner.

We can adjust and supplement this privacy statement at any time. We will inform about such adjustments and supplements in an appropriate manner, especially by publishing the respective current privacy statement on our website.