Terms of Use and Privacy Policy

Privacy Policy

With this Privacy Policy, we inform you about the personal data we process in connection with our activities and operations, including our valsurses.ch website. We specifically provide information about the purposes, methods, and locations of the personal data we process. Additionally, we inform you about the rights of individuals whose data we process.

For specific or additional activities and operations, additional privacy policies and other legal documents such as General Terms and Conditions (GTC), Terms of Use, or Participation Conditions may apply.

We are subject to Swiss data protection law and, where applicable, foreign data protection law, especially that of the European Union (EU) under the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.

1. Contact Information

Responsible for the processing of personal data:

Tourismus Savognin Bivio Albula AG
Stradung 42
7460 Savognin
Switzerland

ferien@valsurses.ch

We will inform you if there are other controllers responsible for the processing of personal data in individual cases.

1.1 Data Protection Officer

We have the following data protection officer as a point of contact for data subjects and as a contact person for supervisory authorities regarding data protection inquiries:

Tanja Amacher
Tourismus Savognin Bivio Albula AG
Stradung 42
7460 Savognin
Switzerland

ferien@valsurses.ch

1.2 Data Protection Representative in the European Economic Area (EEA)

We have the following data protection representative in accordance with Article 27 of the GDPR. The data protection representative serves as an additional point of contact for supervisory authorities and data subjects in the European Union (EU) and the rest of the European Economic Area (EEA) regarding inquiries related to the General Data Protection Regulation (GDPR):

VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany

ferien@valsurses.ch

2. Terms and Legal Basis

2.1 Terms

Personal data refers to any information relating to an identified or identifiable individual. An affected person is an individual about whom personal data is processed.

Processing includes any operation or set of operations performed on personal data, regardless of the means and methods used, such as collection, recording, storage, alteration, retrieval, consultation, use, disclosure, dissemination, erasure, or destruction of personal data.

The European Economic Area (EEA) consists of the member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.

2.2 Legal Basis

We process personal data in accordance with Swiss data protection law, in particular the Federal Data Protection Act (DSG) and the Ordinance to the Federal Data Protection Act (VDSG).

If and to the extent that the General Data Protection Regulation (GDPR) is applicable, we process personal data based on at least one of the following legal bases:

• Art. 6(1)(b) GDPR for the necessary processing of personal data for the performance of a contract with the data subject or for the implementation of pre-contractual measures.
• Art. 6(1)(f) GDPR for the necessary processing of personal data to safeguard our legitimate interests or those of third parties, provided that the fundamental rights and freedoms of the data subject do not override those interests. Legitimate interests include, in particular, our interest in exercising our activities and tasks in a sustainable, user-friendly, secure, and reliable manner, as well as being able to communicate about them, ensuring information security, protecting against misuse, enforcing our legal claims, and complying with Swiss law.
• Art. 6(1)(c) GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under any applicable law of member states in the European Economic Area (EEA).
• Art. 6(1)(e) GDPR for the necessary processing of personal data for the performance of a task carried out in the public interest.
• Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
• Art. 6(1)(d) GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.

3. Type, Scope, and Purpose

We process those personal data that are necessary to exercise our activities and tasks in a sustainable, user-friendly, secure, and reliable manner. Such personal data may include categories of inventory and contact data, browser and device data, content data, meta or metadata, usage data, location data, sales data, as well as contract and payment data.

We process personal data for the duration that is necessary for the respective purpose(s) or as required by law. Personal data that is no longer necessary for processing will be anonymized or deleted.

We may have personal data processed by third parties. We may jointly process or disclose personal data to third parties. Such third parties are primarily specialized service providers whose services we utilize. We ensure data protection even with such third parties.

We process personal data only with the consent of the data subject, unless the processing is permissible for other legal reasons. Processing without consent may be permissible, for example, for the performance of a contract with the data subject and for corresponding pre-contractual measures, to safeguard our overriding legitimate interests, if the processing is evident from the circumstances, or after prior information.

In this context, we particularly process information that a data subject voluntarily provides to us when contacting us, for example, by postal mail, email, instant messaging, contact form, social media, or telephone, or when registering for a user account. We may store such information, for example, in an address book, a customer relationship management system (CRM system), or similar tools. When we receive data transmitted about other individuals, the transmitting individuals are obligated to ensure data protection for these individuals and to ensure the accuracy of this personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and tasks, to the extent and as long as such processing is permissible for legal reasons.

4. Personal Data Abroad

We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transmit personal data to other countries, particularly for processing purposes.

We may export personal data to all countries and territories on Earth as well as elsewhere in the Universe, provided that the local laws ensure adequate data protection, as assessed by the Federal Data Protection and Information Commissioner (FDPIC) or in accordance with the decision of the Swiss Federal Council, and, if applicable, the decision of the European Commission ensuring adequate data protection under the General Data Protection Regulation (GDPR).

We may transfer personal data to countries where the law does not ensure adequate data protection, provided that data protection is ensured by other means, particularly based on standard data protection clauses or other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or suitable data protection if the specific data protection requirements are met, such as the explicit consent of the data subjects or a direct connection to the conclusion or performance of a contract. Upon request, we are happy to provide individuals with information about any guarantees or provide a copy of the guarantees.

5. Rights of Data Subjects

Data subjects whose personal data we process have rights under Swiss data protection law. These include the right to information as well as the right to rectification, erasure, or blocking of processed personal data.

Data subjects whose personal data we process can, to the extent that the General Data Protection Regulation (GDPR) is applicable, request confirmation free of charge as to whether we process personal data concerning them. In this case, data subjects can request information about the processing of their personal data, restrict the processing of their personal data, exercise their right to data portability, as well as correct, erase ("right to be forgotten"), block, or complete their personal data.

Data subjects whose personal data we process can, to the extent that the GDPR is applicable, revoke their consent granted at any time with effect for the future and object to the processing of their personal data at any time.

Data subjects whose personal data we process have the right to lodge a complaint with a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

6. Data Security

We implement appropriate technical and organizational measures to ensure data security commensurate with the respective risk. However, we cannot guarantee absolute data security.

Access to our website is secured using transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a padlock icon in the address bar.

Our digital communication is subject to mass surveillance without cause or suspicion, as well as other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries, as is the case with all digital communication in general. We have no direct control over the processing of personal data by intelligence services, police authorities, and other security agencies.

7. Use of the Website

7.1 Cookies

We may use cookies. Cookies - both first-party cookies and third-party cookies from services we use - are data stored in the browser. Such stored data is not limited to traditional text-based cookies.

Cookies can be stored in the browser temporarily as "session cookies" or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies enable, among other things, the recognition of a browser on the next visit to our website, allowing us to measure the reach of our website, for example. However, permanent cookies can also be used for online marketing purposes.

Cookies can be disabled or deleted entirely or partially in the browser settings at any time. Without cookies, our website may not be fully available. We request, at least if and to the extent necessary, explicit consent for the use of cookies.

For cookies used for success and reach measurement or for advertising, a general opt-out is possible for numerous services through the AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

7.2 Server Log Files

We may record the following information for each access to our website, provided that it is transmitted from your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, specific subpage of our website accessed including transmitted data volume, previously visited webpage in the same browser window (referer or referrer).

We store such information, which may also include personal data, in server log files. The information is necessary to provide our website permanently, in a user-friendly and reliable manner, and to ensure data security, especially the protection of personal data, both by ourselves and by third parties or with the assistance of third parties.

7.3 Tracking Pixels

We may use tracking pixels, also known as web beacons, on our website. Tracking pixels, including those from third parties whose services we use, are small, usually invisible images that are automatically retrieved when visiting our website. Tracking pixels can capture the same information as server log files.

8. Notifications and Communications

We send notifications and communications via email and other communication channels such as instant messaging or SMS.

8.1 Success and Reach Measurement

Notifications and communications may contain web links or tracking pixels that record whether an individual notification has been opened and which web links were clicked. Such web links and tracking pixels may also capture personally identifiable information regarding the use of notifications and communications. We require this statistical measurement of usage for success and reach measurement in order to effectively and user-friendly send notifications and communications based on the needs and reading habits of recipients, while ensuring their long-term, secure, and reliable delivery.

8.2 Consent and Objection

You must generally give explicit consent for the use of your email address and other contact details, unless the use is permissible for other legal reasons. Whenever possible, we use the "double opt-in" procedure for obtaining consent, which means you will receive an email with a web link that you must click to confirm, in order to prevent misuse by unauthorized third parties. We may record such consents, including the internet protocol (IP) address, date, and time, for evidential and security purposes.

You can generally object to receiving notifications and communications, such as newsletters, at any time. By objecting, you can also refuse the statistical measurement of usage for success and reach measurement. Necessary notifications and communications related to our activities and operations are exempt from objection.

8.3 Service Providers for Notifications and Communications

We send notifications and communications with the help of specialized service providers.

9. Social Media

We maintain a presence on social media platforms and other online platforms to communicate with interested individuals and provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The terms and conditions (T&Cs), terms of use, privacy policies, and other provisions of each operator of such platforms also apply. These provisions provide information, in particular, about the rights of data subjects directly against the respective platform, including the right to information.

For our social media presence on Facebook, including so-called page insights, we are jointly responsible with Meta Platforms Ireland Limited (Ireland), to the extent that the General Data Protection Regulation (GDPR) applies. Meta Platforms Ireland Limited is part of the Meta Companies (including in the United States). Page insights provide information on how visitors interact with our Facebook presence. We use page insights to effectively and user-friendly provide our social media presence on Facebook.

Further information about the nature, scope, and purpose of data processing, information on the rights of data subjects, and contact details of Facebook, as well as Facebook's data protection officer, can be found in the Facebook Privacy Policy. We have concluded the so-called "Controller Addendum" with Facebook, thereby agreeing, in particular, that Facebook is responsible for ensuring the rights of data subjects. The relevant information for page insights can be found on the "Information about Page Insights" page, including "Information about Page Insights Data".

Users of social media platforms have the option to log in or register with our online service using their respective user accounts ("Social Login"). The respective terms and conditions of the respective social media platforms apply.

10. Third-Party Services

We use services from specialized third parties to carry out our activities and operations in a sustainable, user-friendly, secure, and reliable manner. These services allow us to embed functions and content into our website. For technical reasons, the services used capture the internet protocol (IP) addresses of users at least temporarily.

For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data to provide the respective service.

We use the following services in particular:

• Google services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General information on data protection: "Privacy and Security Principles", Privacy Policy, "Google is committed to complying with applicable privacy laws", "Privacy Guide for Google Products", "How we use data from websites or apps that use our services" (Google's information), "Types of cookies and other technologies used by Google", "Personalized Advertising" (Enable / Disable / Settings).
• Microsoft services: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), United Kingdom, and Switzerland; General information on data protection: "Privacy at Microsoft", "Privacy (Trust Center)", Privacy Statement.

10.1 Digital Infrastructure

We use services from specialized third parties to access the necessary digital infrastructure related to our activities and operations. This includes hosting and storage services from selected providers.

We use the following services in particular:

• Hostpoint: Hosting; Provider: Hostpoint AG (Switzerland); Information on data protection: Privacy Policy.

10.2 Contact Options

We use services from selected providers to better communicate with third parties, such as potential and existing customers.

10.3 Audio and Video Conferences

We use specialized services for audio and video conferences to facilitate online communication. These services enable us to hold virtual meetings, conduct online classes, and host webinars. Additional legal texts of each service, such as privacy policies and terms of use, apply to participating in audio and video conferences.

Depending on your personal circumstances, we recommend muting the microphone by default and blurring the background or using a virtual background during audio and video conferences.

We primarily use the following services:

• Facebook Messenger including Facebook Messenger Rooms: Video conferences; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including the USA); Privacy information: Privacy and Security (Facebook Messenger), Privacy and Security in Messenger, Facebook Privacy Principles, Data Policy (Facebook).
• Google Meet: Video conferences; Provider: Google; Google Meet-specific information: Google Meet - Safety and Privacy for Users.
• Microsoft Teams: Platform for audio and video conferences; Provider: Microsoft; Teams-specific information: Privacy and Microsoft Teams.
• Skype: Audio and video conferences; Skype-specific providers: Skype Communications SARL (Luxembourg) / Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), United Kingdom, and Switzerland; Privacy information: Skype Legal, Privacy and Security.
• Zoom: Video conferences; Provider: Zoom Video Communications Inc. (USA); Privacy information: Privacy Policy, Zoom Privacy, Legal Compliance Center.

10.4 Map Material

We use services from third parties to embed maps into our website.

Specifically, we use:

• OpenStreetMap (OSM): Map service; Provider: OpenStreetMap Foundation (United Kingdom); Privacy information: Privacy Policy.

10.5 Digital Audio and Video Content

We use services from specialized third parties to enable the direct playback of digital audio and video content, such as music or podcasts.

In particular, we use:

• Vimeo: Video platform; Provider: Vimeo Inc. (USA); Privacy information: Privacy Policy, Video Privacy.
• YouTube: Video platform; Provider: Google; YouTube-specific information: Privacy and Security Center, My Data on YouTube.

10.6 E-Commerce

We operate e-commerce and use services from third parties to successfully offer services, content, or goods.

10.7 Payments

We use specialized service providers to securely and reliably process payments from our customers. The respective legal texts of each service provider, such as terms and conditions (T&Cs) or privacy policies, also apply to payment processing.

In particular, we use:

• Datatrans: Payment processing; Provider: Datatrans AG (Switzerland); Privacy information: Privacy Statement, Security & Compliance.
• PayPal (including Braintree): Payment processing; Providers: PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg) / PayPal Pte. Ltd. (Singapore); Privacy information: Privacy Policy, Cookie and Tracking Technologies Statement.
• PostFinance: E-payment solutions; Provider: PostFinance AG (Switzerland); Privacy information: Legal Information and Barrier-Free Accessibility, Data Protection (including "Privacy Policy").
• TWINT: Payment processing in Switzerland; Provider: TWINT AG (Switzerland); Privacy information: Data Protection for TWINT Apps, Website Privacy Statement, General Terms and Conditions for the Use of TWINT (including the "Privacy" section).
• Worldline (formerly SIX Payment Services): Mobile and online payment processing; Providers: Worldline Schweiz AG (Switzerland) / Worldline Financial Services (Europe) S.A. (Luxembourg) / Worldline Payment Services (Germany) GmbH (Germany) / Worldline Financial Services (Europe) S.A., Branch Austria; Privacy information: Privacy Policy, Customer Information on Data Protection.

10.8 Advertising

We take advantage of the opportunity to display targeted advertisements for our activities and services on third-party platforms such as social media platforms and search engines.

With such advertising, our aim is to reach individuals who are already interested in or may be interested in our activities and services (remarketing and targeting). To achieve this, we may transmit relevant information, potentially including personal data, to third parties that enable such advertising. Additionally, we may assess the success of our advertising, particularly whether it leads to visits to our website (conversion tracking).

Third parties on which we advertise and where you are signed in as a user may associate the use of our online offering with your profile there.

We particularly utilize:

• Facebook Advertising (Facebook Ads): Social media advertising; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Privacy information: Remarketing and targeting, especially with the Facebook Pixel and Custom Audiences, including Lookalike Audiences, Privacy Policy, "Ad Preferences" (requires user registration).
• Google Ads: Search engine advertising; Provider: Google; Google Ads-specific information: Advertising based on search queries, utilizing various domain names including doubleclick.net, googleadservices.com, and googlesyndication.com for Google Ads, "Advertising" (Google), "Why am I seeing this ad?".
• Instagram Ads: Social media advertising; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Privacy information: Remarketing and targeting, especially with the Facebook Pixel and Custom Audiences, including Lookalike Audiences, Privacy Policy (Instagram), Privacy Policy (Facebook), "Ad Interests" (Instagram) (requires user registration), "Ad Preferences" (Facebook) (requires user registration).
• LinkedIn Ads: Social media advertising; Providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); Privacy information: Remarketing and targeting, especially with the LinkedIn Insight Tag, "Privacy", Privacy Policy, Cookie Policy, Opt-out of personalized advertising.

11. Success and Reach Measurement

We use services and programs to determine how our online offering is used. In this context, we can measure the success and reach of our activities and actions, as well as the impact of third-party links on our website. For example, we may test and compare how different versions of our online offering or parts of our online offering are used (A/B testing method). Based on the results of success and reach measurement, we can, in particular, fix errors, strengthen popular content, or make improvements to our online offering.

When using services and programs for success and reach measurement, the Internet Protocol (IP) addresses of individual users must be stored. IP addresses are generally truncated ("IP masking") to follow the principle of data minimization through pseudonymization and improve the data protection of users.

When using services and programs for success and reach measurement, cookies may be used, and user profiles may be created. User profiles may include, for example, visited pages or viewed content on our website, information about screen size or browser window, and—at least approximately—location. User profiles are generally created in a pseudonymized manner. We do not use user profiles to identify individual users. However, certain third-party services, where users are logged in, may associate the use of our online offering with the user account or profile on the respective service.

We particularly use:

• fusedeck: Success and reach measurement; Provider: Capture Media AG (Switzerland); Privacy information: "Data & Data Privacy", Privacy Policy.
• Google Analytics: Success and reach measurement; Provider: Google; Google Analytics-specific information: Measurement across different browsers and devices (Cross-Device Tracking) and with pseudonymized Internet Protocol (IP) addresses, which are only transmitted to Google in the USA in exceptional cases, "Data Protection", "Browser add-on for disabling Google Analytics".
• Google Tag Manager: Integration and management of other services for success and reach measurement, as well as other services from Google and third parties; Provider: Google; Google Tag Manager-specific information: "Data collected with Google Tag Manager"; further information on data protection can be found with the individual integrated and managed services.

12. Final Provisions

We have created this privacy policy using the privacy policy generator provided by Datenschutzpartner.

We reserve the right to adapt and supplement this privacy policy at any time. We will inform about such adaptations and supplements in an appropriate form, in particular by publishing the respective current privacy policy on our website.

Links

The Tourismus Savognin Bivio Albula AG provides users of the website "www.valsurses.ch" with links to other tourist or general-interest websites. The Tourismus Savognin Bivio Albula AG is not responsible for the content of the linked pages in any way and does not endorse the content of these pages by providing the link to them. Users of "www.valsurses.ch" use the linked web pages at their own risk. We recommend that you check the content of websites you access for currentness and accuracy. – On the basis of German court decisions, Tourismus Savognin Bivio Albula AG distances itself in every way from the content of linked pages. – We cannot be held responsible on any legal grounds for the consequences of using the linked pages.

Currentness of data, accuracy, contract formation, data transfer

The Tourismus Savognin Bivio Albua AG will endeavour to ensure that the information provided on this website is as current and correct as possible. As these details can change quickly, we cannot guarantee their accuracy. – We cannot be held liable on any legal grounds for incorrect or outdated information and details or the consequences of their use.

The travel recommendations and other details published on the Tourismus Savognin Bivio Albu AG website are not binding offers from us or the service providers mentioned in the travel recommendations.

The Tourismus Savognin Bivio Albula AG does not accept any liability for the security of data transmitted via the Internet.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. («Google»). Google Analytics uses cookies which are text files stored on your computer to help analyse your use of the website. The information generated by the cookie about your use of this website (including your IP address) will be transmitted to a Google server in the USA and stored there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activities for website operators and providing other services relating to website activity and internet usage.

Google may also transfer this information to third parties where this is required by law or insofar as third parties process this data on behalf of Google. Google will never associate your IP address with any other data held by Google. You may refuse the installation of cookies by selecting the appropriate settings on your browser; however please note that if you do so you may not be able to use the full functionality of this website. By using this website you consent to the processing by Google of data relating to you in the manner and for the purposes mentioned above.

As a user of this website you hereby acknowledge that the operator of this website, their vicarious agents, their representatives, associated companies, chief executives, managerial staff, employees and their shareholders accept no liability in connection with the obtaining, transmission, processing and analysis of the above-mentioned data for which reason no claims for compensation can be asserted against these natural persons and legal entities.

Liability

You, as a user of this website, agree that the operator of this website, its assistants, its representatives, its connected companies, its directors, its managers, its employees and its shareholders do not assume any liability in connection with the collection, transmission, processing and evaluation of the above-mentioned data and that no claims for damages can be asserted against these natural persons and juridical persons in this respect.

Application of law and venue

The use of this website is subject exclusively to Swiss law. Savognin, Switzerland is agreed as the exclusive place of jurisdiction.

General

If you have any questions or comments about privacy, please contact us at ferien@valsurses.ch.
Tourismus Savognin Bivio Albula AG, Stradung 42, CH-7460 Savognin.