Terms of Use and Privacy Policy

Familie am Mountainbiken in Savognin Bivio
Terms of Use and Privacy Policy of the Website of Tourismus Savognin Bivio Albula AG, Savognin, Switzerland │Version April 2021 By using the website www.valsurses.ch, you consent to the following terms.

Privacy Policy

With this Privacy Policy, we inform you about the personal data we process in connection with our activities and operations, including our valsurses.ch-website. We particularly inform you about the purposes, methods, and locations where we process personal data. We also provide information about the rights of individuals whose data we process.

Additional privacy policies and other legal documents, such as General Terms and Conditions (AGB), Terms of Use, or Participation Conditions, may apply to specific or additional activities and operations.

We are subject to Swiss data protection law, as well as any applicable foreign data protection law, such as the European Union's (EU) General Data Protection Regulation (GDPR). The European Commission acknowledges that Swiss data protection law provides adequate data protection.

1. Contact Information

Responsibility for the processing of personal data:

Tourismus Savognin Bivio Albula AG
Stradung 42
7460 Savognin


In individual cases, there may be other responsible parties for the processing of personal data or joint responsibility with at least one other responsible party.

1.1 Data Protection Officers or Data Protection Advisors

We have the following data protection officers or data protection advisors as contact persons for individuals and authorities with inquiries related to data protection:

Tanja Amacher
Tourismus Savognin Bivio Albula AG
Stradung 42
7460 Savognin


1.2 Data Protection Representation in the European Economic Area (EEA)

We have the following data protection representation in accordance with Art. 27 GDPR:

VGS Datenschutz­partner GmbH
Am Kaiserkai 69
20457 Hamburg


The data protection representation serves as an additional contact point for inquiries related to the GDPR for individuals and authorities in the European Union (EU) and the rest of the European Economic Area (EEA).

2. Terms and Legal Basis

2.1 Terms

Personal data refers to any information relating to a specific or identifiable natural person. An affected person is a person about whom we process personal data.

Processing encompasses any handling of personal data, regardless of the means and methods used, including but not limited to querying, comparing, adapting, archiving, retaining, extracting, disclosing, obtaining, recording, collecting, deleting, disclosing, organizing, storing, altering, disseminating, linking, destroying, and using personal data.

The European Economic Area (EEA) includes the Member States of the European Union (EU), as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.

2.2 Legal Bases

We process personal data in accordance with Swiss data protection law, in particular the Federal Data Protection Act (Data Protection Act, DSG) and the Data Protection Ordinance (Data Protection Ordinance, DSV).

We process - if and to the extent the General Data Protection Regulation (GDPR) is applicable - personal data according to at least one of the following legal bases:

  • Art. 6 (1) lit. b GDPR for the necessary processing of personal data to fulfill a contract with the affected person and to carry out pre-contractual measures.
  • Art. 6 (1) lit. f GDPR for the necessary processing of personal data to protect the legitimate interests of us or third parties, unless the fundamental rights and freedoms and interests of the affected person prevail. Legitimate interests include, in particular, our interest in being able to exercise our activities and operations permanently, user-friendly, safely, and reliably, as well as communicate about them, ensure information security, protect against abuse, enforce our own legal claims, and comply with Swiss law.
  • Art. 6 (1) lit. c GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under the laws of Member States in the European Economic Area (EEA).
  • Art. 6 (1) lit. e GDPR for the necessary processing of personal data for the performance of a task carried out in the public interest.
  • Art. 6 (1) lit. a GDPR for the processing of personal data with the consent of the affected person.
  • Art. 6 (1) lit. d GDPR for the necessary processing of personal data to protect the vital interests of the affected person or another natural person.

3. Type, Scope, and Purpose

We process personal data that is necessary to conduct our activities and operations in a permanent, user-friendly, safe, and reliable manner. Such personal data may include categories of inventory and contact data, browser and device data, content data, meta or marginal data, usage data, location data, sales data, and contract and payment data.

We process personal data for the duration that is necessary for the respective purpose(s) or as required by law. Personal data that is no longer required for processing will be anonymized or deleted.

We may have personal data processed by third parties. We may process personal data jointly with third parties or transmit it to third parties. Such third parties include specialized providers whose services we use. We ensure data protection even with such third parties.

We generally process personal data only with the consent of the affected persons. If and to the extent that processing is permissible for other legal reasons, we may dispense with obtaining consent. For example, we may process personal data without consent to fulfill a contract, to comply with legal obligations, or to protect overriding interests.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, to the extent that such processing is permissible for legal reasons.

4. Communication

We process personal data to communicate with third parties. In this context, we particularly process data that an affected person transmits when contacting us, for example, by postal mail or email. We may store such data in an address book or similar tools.

Third parties transmitting data about other persons are obligated to ensure data protection for such affected persons. This includes ensuring the accuracy of the transmitted personal data, among other things.

We use selected services from suitable providers to communicate better with third parties.

5. Data Security

We implement suitable technical and organizational measures to ensure data security appropriate to the respective risk. With our measures, we ensure in particular the confidentiality, availability, traceability, and integrity of the processed personal data, but we cannot guarantee absolute data security.

Access to our website and our other online presence is carried out using transport encryption (SSL / TLS, especially with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a small padlock icon in the address bar.

Our digital communication is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries, as is generally the case with all digital communication. We cannot directly influence the processing of personal data by intelligence services, law enforcement agencies, and other security authorities. We also cannot exclude that individual affected persons are being monitored.

6. Personal Data Abroad

We generally process personal data in Switzerland and in the European Economic Area (EEA). However, we may also export or transmit personal data to other states, especially to process or have them processed there.

We can export personal data to all countries and territories on Earth and elsewhere in the Universe, as long as the local law ensures adequate data protection according to the decision of the Swiss Federal Council and, if applicable, according to the decision of the European Commission regarding adequate data protection in accordance with the General Data Protection Regulation (GDPR).

We may transmit personal data to states whose law does not guarantee adequate data protection if data protection is ensured for other reasons, especially based on standard data protection clauses or other suitable guarantees. In exceptional cases, we may export personal data to states without adequate or suitable data protection if the specific data protection requirements are met, such as the explicit consent of the affected persons or a direct connection with the conclusion or execution of a contract. Upon request, we provide affected persons with information about any guarantees or provide a copy of any guarantees.

7. Rights of Affected Persons

7.1 Data Protection Claims

We grant affected persons all claims according to the applicable data protection law. Affected persons have the following rights in particular:

  • Information: Affected persons can request information about whether we process personal data about them and, if so, what personal data it concerns. Affected persons also receive the information necessary to assert their data protection claims and to ensure transparency. This includes the processed personal data as such, but also, among other things, information about the purpose of processing, the duration of storage, any disclosure or export of data to other countries, and the origin of the personal data.
  • Correction and Restriction: Affected persons can have incorrect personal data corrected, incomplete data completed, and the processing of their data restricted.
  • Deletion and Objection: Affected persons can have personal data deleted ("right to be forgotten") and object to the processing of their data with effect for the future.
  • Data Disclosure and Data Portability: Affected persons can request the disclosure of personal data or the transfer of their data to another controller.

We may, within the legally permissible framework, postpone, restrict, or refuse the exercise of the rights of affected persons. We may inform affected persons of any prerequisites that must be met to exercise their data protection rights. For example, we may refuse information with reference to business secrets or the protection of other persons, in whole or in part. For example, we may also refuse the deletion of personal data with reference to legal retention obligations, in whole or in part.

We may exceptionally charge for the exercise of the rights. We will inform affected persons in advance of any possible costs.

We are obliged to identify affected persons who request information or exercise other rights with appropriate measures. Affected persons are obliged to cooperate.

7.2 Legal Protection

Affected persons have the right to enforce their data protection claims through legal means or to lodge a complaint with a competent data protection supervisory authority.

The data protection supervisory authority for complaints by affected persons against private controllers and federal authorities in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities for complaints by affected persons, if and to the extent that the General Data Protection Regulation (GDPR) applies, are organized as members of the European Data Protection Board (EDPB). In some Member States in the European Economic Area (EEA), data protection supervisory authorities are organized at the federal level, especially in Germany.

8. Use of the Website

8.1 Cookies

We may use cookies. Cookies – both first-party cookies and third-party cookies from services we use – are data stored in the browser. Such stored data may not be limited to traditional text-based cookies.

Cookies can be stored in the browser temporarily as "session cookies" or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies allow, among other things, recognizing a browser on the next visit to our website, enabling us to measure the reach of our website, and, in some cases, for online marketing purposes.

Cookies can be disabled or deleted entirely in the browser settings at any time. Without cookies, our website may not be fully functional. We request, at least if required, explicit consent for the use of cookies.

For cookies used for success and reach measurement or for advertising, a general opt-out is possible for many services through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

8.2 Logging

We may log the following information for each access to our website and other online presence, to the extent that such information is transmitted to our digital infrastructure during such accesses: Date and time including timezone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual subpage of our website including transferred data volume, last visited website in the same browser window (referer or referrer).

We log such information, which may also constitute personal data, in log files. This information is necessary to provide our online presence on a permanent, user-friendly, and reliable basis. The information is also necessary to ensure data security – even through third parties or with the help of third parties.

8.3 Tracking Pixels

We may embed tracking pixels in our online presence. Tracking pixels are also referred to as web beacons. Tracking pixels – including those from third parties whose services we use – are typically small, invisible images or JavaScript-formulated scripts that are automatically retrieved when accessing our online presence. Tracking pixels can capture at least the same information as in log files.

9. Notifications and Messages

We send notifications and messages via email and other communication channels such as instant messaging or SMS.

9.1 Success and Reach Measurement

Notifications and messages may contain web links or tracking pixels that determine whether an individual message has been opened and which web links were clicked. Such web links and tracking pixels may also capture the use of notifications and messages in a personally identifiable manner. We require this statistical tracking of usage for success and reach measurement to effectively and user-friendly deliver notifications and messages based on the needs and reading habits of recipients, as well as to do so on a permanent, secure, and reliable basis.

9.2 Consent and Objection

You must generally consent to the use of your email address and other contact details unless the use is permissible for other legal reasons. For obtaining double-confirmed consent, we may use the "Double Opt-in" procedure. In this case, you will receive a message with instructions for double confirmation. We may log obtained consents, including IP addresses and timestamps, for evidence and security reasons.

You can generally object to receiving notifications and messages such as newsletters at any time. With such an objection, you can simultaneously object to the statistical tracking of usage for success and reach measurement. Required notifications and messages related to our activities and operations remain reserved.

9.3 Service Providers for Notifications and Messages

We send notifications and messages with the help of specialized service providers.

10. Social Media

We are present on social media platforms and other online platforms to communicate with interested individuals and to inform about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).

The terms and conditions (T&Cs) and usage terms as well as privacy policies and other provisions of the respective operators of such platforms also apply. These provisions inform, in particular, about the rights of data subjects directly against the respective platform, including the right to information.

For our Social Media presence on Facebook, including so-called Page Insights, we are jointly responsible – to the extent that the General Data Protection Regulation (GDPR) applies – with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta Companies (including in the USA). Page Insights provide information on how visitors interact with our Facebook presence. We use Page Insights to effectively and user-friendly provide our social media presence on Facebook.

Further information about the type, scope, and purpose of data processing, information on the rights of data subjects, and the contact details of Facebook as well as the data protection officer of Facebook can be found in the Facebook Privacy Policy. We have concluded the so-called "Controller Addendum" with Facebook, thereby agreeing, among other things, that Facebook is responsible for ensuring the rights of data subjects. For the so-called Page Insights, the relevant information can be found on the "Information about Page Insights" page, including "Information about Page Insights Data".

Users of social media platforms have the option to log in or register with their respective user accounts for our online offerings ("Social Login"). The respective terms and conditions of the relevant social media platforms apply.

11. Third-Party Services

We use services from specialized third parties to perform our activities and operations on a permanent, user-friendly, secure, and reliable basis. With such services, we may embed functions and content into our website. When embedding, the used services capture the IP addresses of users at least temporarily for technical reasons.

For security-relevant, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. This includes performance or usage data necessary to provide the respective service.

We use, in particular:

11.1 Digital Infrastructure

We use services from specialized third parties to access the necessary digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.

We use, in particular:

11.2 Appointment Scheduling

We use services from specialized third parties to schedule appointments online, for example, for meetings. In addition to this privacy policy, the terms and conditions of use or privacy policies of the services used also apply as applicable.

We use, in particular:

11.3 Audio and Video Conferences

We use specialized services for audio and video conferences to communicate online. This allows us to conduct virtual meetings or online classes and webinars. Participation in audio and video conferences is subject to the legal texts of the respective services, such as privacy policies and terms of use, in addition.

We recommend, depending on the situation, muting the microphone by default and blurring the background or using a virtual background when participating in audio or video conferences.

We use, in particular:

11.4 Online Collaboration

We use third-party services to enable online collaboration. In addition to this privacy policy, the terms and conditions or privacy policies of the services used may also apply as indicated.

We use, in particular:

11.5 Mapping Data

We use third-party services to embed maps into our website.

We use, in particular:

11.6 Digital Audio and Video Content

We use specialized third-party services to enable the direct playback of digital audio and video content such as music or podcasts.

We use, in particular:

11.7 Documents

We use third-party services to embed documents into our website. Such documents may include PDF files, presentations, spreadsheets, and text documents. This allows us not only to view but also to edit or comment on such documents.

We use, in particular:

11.8 E-Commerce

We operate e-commerce and use third-party services to successfully offer services, content, or goods.

11.9 Payments

We use specialized service providers to securely and reliably process payments from our customers. The terms and conditions, such as General Terms and Conditions (AGB), or privacy policies of the individual service providers also apply to payment processing.

We use, in particular:

11.10 Advertising

We use the opportunity to display advertisements with third parties, such as social media platforms and search engines, for our activities and operations.

With such advertising, we aim to reach individuals who are already interested in or could be interested in our activities and operations (Remarketing and Targeting). To do this, we may transmit relevant – possibly also personal – information to third parties that enable such advertising. Additionally, we can determine whether our advertising is successful, meaning whether it leads to visits to our website (Conversion Tracking).

Third parties with whom we advertise and with whom you, as a user, are registered, may potentially associate the use of our website with your profile on their platform.

We use, in particular:

12. Success and Reach Measurement

We try to determine how our online offering is used. In this context, we can, for example, measure the success and reach of our activities and operations, as well as the impact of third-party links to our website. We can also experiment and compare how different parts or versions of our online offering are used (A/B test method). Based on the results of success and reach measurement, we can, in particular, fix errors, strengthen popular content, or make improvements to our online offering.

In most cases, IP addresses of individual users are stored for success and reach measurement. In this case, IP addresses are generally shortened ("IP masking") to follow the principle of data minimization through appropriate pseudonymization.

Cookies may be used for success and reach measurement, and user profiles may be created. Any user profiles created may include, for example, the individual pages visited or content viewed on our website, information about the size of the screen or browser window, and the – at least approximate – location. In principle, any user profiles are created exclusively pseudonymized and are not used for the identification of individual users. Individual third-party services, where users are registered, may potentially associate the use of our online offering with the user's account or profile with that respective service.

We use, in particular:

13. Final Provisions

We have created this privacy policy using the Privacy Policy Generator provided by Datenschutzpartner. The present privacy policy is an unofficial translation from the original German version.

We may adjust and supplement this privacy policy at any time. We will inform you about such adjustments and supplements in an appropriate manner, especially by publishing the current privacy policy on our website.


The Tourismus Savognin Bivio Albula AG provides users of the website "www.valsurses.ch" with links to other tourist or general-interest websites. The Tourismus Savognin Bivio Albula AG is not responsible for the content of the linked pages in any way and does not endorse the content of these pages by providing the link to them. Users of "www.valsurses.ch" use the linked web pages at their own risk. We recommend that you check the content of websites you access for currentness and accuracy. – On the basis of German court decisions, Tourismus Savognin Bivio Albula AG distances itself in every way from the content of linked pages. – We cannot be held responsible on any legal grounds for the consequences of using the linked pages.

Currentness of data, accuracy, contract formation, data transfer

The Tourismus Savognin Bivio Albua AG will endeavour to ensure that the information provided on this website is as current and correct as possible. As these details can change quickly, we cannot guarantee their accuracy. – We cannot be held liable on any legal grounds for incorrect or outdated information and details or the consequences of their use.

The travel recommendations and other details published on the Tourismus Savognin Bivio Albu AG website are not binding offers from us or the service providers mentioned in the travel recommendations.

The Tourismus Savognin Bivio Albula AG does not accept any liability for the security of data transmitted via the Internet.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. («Google»). Google Analytics uses cookies which are text files stored on your computer to help analyse your use of the website. The information generated by the cookie about your use of this website (including your IP address) will be transmitted to a Google server in the USA and stored there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activities for website operators and providing other services relating to website activity and internet usage.

Google may also transfer this information to third parties where this is required by law or insofar as third parties process this data on behalf of Google. Google will never associate your IP address with any other data held by Google. You may refuse the installation of cookies by selecting the appropriate settings on your browser; however please note that if you do so you may not be able to use the full functionality of this website. By using this website you consent to the processing by Google of data relating to you in the manner and for the purposes mentioned above.

As a user of this website you hereby acknowledge that the operator of this website, their vicarious agents, their representatives, associated companies, chief executives, managerial staff, employees and their shareholders accept no liability in connection with the obtaining, transmission, processing and analysis of the above-mentioned data for which reason no claims for compensation can be asserted against these natural persons and legal entities.


You, as a user of this website, agree that the operator of this website, its assistants, its representatives, its connected companies, its directors, its managers, its employees and its shareholders do not assume any liability in connection with the collection, transmission, processing and evaluation of the above-mentioned data and that no claims for damages can be asserted against these natural persons and juridical persons in this respect.

Application of law and venue

The use of this website is subject exclusively to Swiss law. Savognin, Switzerland is agreed as the exclusive place of jurisdiction.


If you have any questions or comments about privacy, please contact us at ferien@valsurses.ch.
Tourismus Savognin Bivio Albula AG, Stradung 42, CH-7460 Savognin.