Privacy policy cable car Kandersteg-Oeschinensee AG

privacy statement

This data protection declaration applies to the cable car Kandersteg-Oeschinensee AG, Oeschistrasse 50, CH-3718 Kandersteg and www.oeschinensee.ch as well as www.oeschinensee.com

With this data protection declaration we inform you which data we process from you, for what we need this data and how you can object to the data collection.

Public transport companies treat customer data confidentially.

The protection of your personality and your privacy is important to us, the public transport companies http://www.ch-direct.org/datenschutz. We guarantee that your personal data will be processed in accordance with the law and the applicable provisions of data protection law.

With the following principles, public transport companies set an example for the trustworthy handling of your data:

You yourself decide on the processing of your personal data.

Within the legal framework, you can refuse data processing at any time or have your consent revoked or your data deleted. You always have the possibility to travel anonymously, i.e. without entering your personal data.

We offer you added value in the processing of your data.

Public transport companies use your personal data exclusively to provide services and to offer you added value along the mobility chain (e.g. tailor-made offers and information, support or compensation in the event of a fault). Your data will therefore only be used for the development, provision, optimisation and evaluation of our services or for customer relationship management.

Your data will not be sold.

Your data will only be disclosed to selected third parties listed in this data protection declaration and only for the explicitly stated purposes. If we commission third parties with data processing, they will be obliged to comply with our data protection standards.

We guarantee security and protection for your data.

Public transport companies guarantee the careful handling of customer data as well as the security and protection of your data. We ensure that the necessary organisational and technical precautions are taken.

Below you will find detailed information on how we handle your data.

Contents

– Who is responsible for data processing?

– Why do we collect personal data?

– What data is stored and what is it used for?

– How long is your data kept?

– Where is the data stored?

– What data is processed in connection with marketing?

– What data is processed for market research purposes?

– What rights do you have with regard to your personal data?

– What does “joint responsibility” mean?

– Will your data be passed on to third parties?

– How are tracking tools used?

– What are cookies and when are they used?

– What are social plug-ins and how are they used?

– Advertisements on our websites and in our apps.

– Data security.

– Changes to this Privacy Policy.

Who is responsible for data processing?

Gondelbahn Kandersteg-Oeschinensee AG is responsible for processing your data. As a public transport company, we are obliged by law to carry out so-called direct transports (DV). For this purpose, within the transport companies (TU) and public transport associations http://www.ch-direct.org/datenschutz as well as with third parties who sell public transport products, certain data is exchanged and stored centrally in databases jointly operated by all TU and public transport associations. We are therefore responsible for individual data processing jointly with these TUs and associations. Further information on the individual data processing can be found in the section “What does joint responsibility in public transport mean?

If you have any questions or suggestions regarding data protection, please feel free to contact the following DSG or the DSGVO “our company data protection officer”. Either by post:

Cable car Kandersteg-Oeschinensee AG

Christoph Wandfluh

Oeschistrasse 50

3718 Kandersteg

Or by mail to Mr. Christoph Wandfluh: christoph.wandfluh@oeschinensee.ch

Customers based in an EU member state can also contact our EU representative:

Invit Travel GmbH, Radlkoferstrasse 2, 81373 Munich, Germany

Why do we collect personal data?

We understand how important it is to you to handle your personal data carefully. All data processing is carried out only for specific purposes. These may, for example, arise from technical necessity, contractual requirements, legal requirements or the need to provide

We collect, store and process personal data to the extent necessary, for example for the administration of customer relations, the sale of our products and the provision of our services, the processing of orders and contracts, sales and invoicing, the answering of questions and concerns, information on our products and services as well as their marketing, support in technical matters and the evaluation and further development of services and products. For more detailed information on what data is processed and for what purposes, please read the following sections.

What data is stored and what is it used for?

When purchasing services:

For contractual reasons, we require personal data for online ordering or the purchase of certain services and products in order to provide our services and process the contractual relationship. For example, when purchasing a subscription or a single ticket.

When purchasing personalized services, we collect the following data – depending on the product or service – whereby mandatory data is marked with an asterisk (*) in the corresponding form:

– Personal photo

– Gender, name, e-mail address of the purchasing or travelling person

– Further information such as postal address, date of birth, etc.

– telephone number

– Means of payment / method

– Consent to the general terms and conditions

In order to process the contractual relationship, we also collect data on the services you have purchased (“performance data”). This includes – depending on the product or service – the following information:

– Type of product or service purchased

– price

– Place, date and time of purchase

– Purchase channel (Internet, vending machine, counter, etc.)

– Date of travel or period of validity and time of departure

– Place of departure and destination

The legal basis for this data processing is the necessity for the execution of the contract.

Data generated when services are purchased is stored in a central database (see the section on shared responsibility in public transport) and also processed for other purposes, including marketing and market research purposes (see the relevant sections of this privacy statement for details). In addition, the data will be used for ticket control purposes to identify the holder of a personalised ticket and to prevent misuse. The data will also be used to provide our Après Vente service, to identify and assist you with any concerns or difficulties you may have, and to process any claims for compensation. Finally, the data will be used to fairly distribute the revenue generated by the purchase of driving styles among direct traffic companies and associations. Our legitimate interest forms the legal basis for this data processing.

When using the website www.oeschinensee.ch:

When you visit our website, the servers of our hosting provider temporarily store each access in a log file. The following technical data is collected:

– IP address of the requesting computer

– Date and time of access

– Internet page from which the access was made, if necessary with used search word

– Name and URL of the retrieved file

– searches carried out (timetable, general search function on website, products, etc.)

– the operating system of your computer (provided by the User Agent)

– Browser used by you (provided by the User Agent)

– Device type in case of mobile phone accesses

– Transmission protocol used

The collection and processing of this data serves system security and stability and for error and performance analysis as well as for internal statistical purposes and enables us to optimize our Internet offer. In addition, this enables us to design our website specifically for target groups, i.e. to provide it with specific content or information that may be of interest to you.

The IP address is also used to preset the language of the website. In addition, it is evaluated together with other data in the event of attacks on the network infrastructure or other unauthorised or abusive use of the website for clarification and defence purposes and, if necessary, used in the context of criminal proceedings for identification and for civil and criminal proceedings against the users concerned.

Finally, when you visit our website, we use cookies as well as applications and aids based on the use of cookies. You will find more detailed information on this in the sections on cookies, tracking tools, advertisements and social plug-ins of this data protection declaration.

In the case of external websites linked to our website, we do not assume any liability for compliance with data protection regulations.

When using a contact form/helpdesk:

You have the possibility to use a contact form to contact us. The entry of the following personal data is mandatory:

– Surname and first name

– email address

We use these and other voluntarily entered data (such as title, address, telephone number and company) only to answer your contact request in the best possible and personalized way. Any voluntary information on how you became aware of our offer will also be used for internal statistical purposes. We base this data processing on our legitimate interest as a legal basis or, if your contact is aimed at the conclusion of a contract, on the implementation of the pre-contractual measures requested by you:

– E-mail address (*)

– Password (*)

– Consent to the general terms and conditions (*)

We collect this information in order to give you an overview of your orders and the contracts concluded with you in this connection. In this respect, these are data processing operations for which you have given us your consent. This is the legal basis of the data processing. You can revoke your consent at any time with effect for the future (see section 2.8). If you link your customer account to a SwissPass account, changes to your personal data (e.g. changes of address) and the services purchased are automatically compared with each other and recorded in both accounts. Please also note the following information for data processing in connection with your SwissPass account.

When creating a SwissPass login/customer account on www.swisspass.ch: You have the option of creating a customer account on swisspass.ch. We need the following data from you:

– Name and first name

– date of birth

– Address (street, postcode, city and country)

– Customer number (if you already have a public transport subscription)

– E-mail address and password (login data)

By registering, we enable you to access the numerous online services (web shops and apps) of public transport companies and associations using the login data (so-called SwissPass-Login) and to purchase these services without having to carry out an additional, time-consuming registration process. Services that you purchase using the SwissPass login (in particular public transport tickets/subscriptions) are recorded in your customer account and in a central database (“IT database”). This data processing is necessary for the processing of the contract for the use of the SwissPass and is therefore based on this legal basis. Further information on this can be found in the sections on joint responsibility in public transport and on disclosure to third parties in this data protection declaration and in the data protection declaration on swisspass.ch https://www.swisspass.ch/disclaimer?lang=de

How long will your data be kept?

We only store personal data for as long as is necessary:

– in order to provide services to the extent specified in this data protection declaration which you have requested or for which you have given your consent.

– to use the tracking services mentioned in this Privacy Policy in the context of our legitimate interest.

Contract data will be stored by us for a longer period of time, as this is prescribed by statutory storage obligations. Retention obligations, which oblige us to retain data, result from accounting regulations and tax regulations. If we no longer need this data to provide the services for you, the data will be blocked. This means that the data may then only be used to fulfil our storage obligations.

Where is the data stored?

Your data is always stored in databases within Switzerland or in countries with comparable levels of data protection (namely EU countries). However, in some cases listed in this data protection declaration, the data will also be passed on to third parties based outside Switzerland. If the country concerned does not have an adequate level of data protection, we ensure that your data is adequately protected by these companies, either through contractual arrangements with these companies or by ensuring that these companies are certified under the CH/EU-US Privacy Shield.

What data is processed in connection with marketing?

Unless you object, we will use your customer data (name, gender, date of birth, address, customer number, e-mail address), your performance data (data about you, your company, your company, etc.) for marketing purposes.

We evaluate this data in order to further develop our offers in line with your needs and to send you or display as relevant information and offers as possible (via e-mail, letter, SMS, push messages in the app and personalised teasers on the web, personally at the counter). We only use the data that we can clearly assign to you, for example because you have registered or identified yourself on our website with your SwissPass login and purchased a ticket. We also use methods that predict a possible future purchasing behavior based on your current purchasing behavior. Our legitimate interest is the legal basis for this processing. In certain cases, SBB or another company involved in direct traffic may also contact you under strict conditions. Please note the information in the section on “Joint responsibility in public transport”.

We, SBB (e.g. in connection with your GA or Half-Fare travelcard) and other public transport companies may refuse to contact you at any time. The following options are available to you:

– Each e-mail that you receive from us or from other public transport companies contains a unsubscribe link that you can use to unsubscribe from further messages by clicking on it.

– You can also log in or log out at any counter.

Please also refer to the notes on the right of objection regarding the evaluation of click behaviour in the section on tracking tools.

What data is processed for market research purposes?

In order to continuously improve the quality of our services and offers, we regularly conduct market research. We may therefore use your contact information to invite you to participate in online surveys. If you do not wish to receive such invitations, you can opt out of receiving surveys here [link to: in progress] or by sending an e-mail to [e-mail address]. The legal basis for these surveys is our legitimate interest.

What rights do you have with regard to your personal data? You have the following rights with regard to your personal data:

– You can request information about your stored personal data.

– You may request that your personal data be corrected, supplemented, blocked or deleted. The deletion will be replaced by blocking if there are legal obstacles to the deletion (e.g. legal storage obligations).

– If you have set up a customer account, you can delete it or have it deleted.

– You can object to the use of your data for marketing purposes.

– You can revoke your consent at any time with effect for the future.

– You can request the transfer of your data.

To exercise your rights, a letter is sufficient either by post:

Cable car Kandersteg Oeschinensee AG

Cable car Kandersteg-Oeschinensee AG

Christoph Wandfluh

Oeschistrasse 50

3718 Kandersteg

Or by mail to Mr. Christoph Wandfluh: christoph.wandfluh@oeschinensee.ch

Customers based in an EU member state can also contact our EU representative:

In addition, you have the right to complain to a data protection authority at any time.

What does “joint responsibility in public transport” mean?

Gondelbahn Kandersteg-Oeschinensee AG is responsible for processing your data. As a public transport company/association, we are obliged by law to provide certain transport services with other transport companies and associations (“direct transport”).

For this purpose and for other purposes described in this data protection declaration, data is passed on at national level within the so-called National Direct Transport (NDV), an association of more than 240 transport companies (TU) and associations.

of public transport. The individual TUs and networks are listed here [Link to: in progress]. Data from the purchase of services and the establishment of contacts are stored in a central database, which is managed by SBB under NDV’s mandate and for which we are jointly responsible with the other NDV companies and associations (“DV database”).

In the case of services purchased using the SwissPass login, the data is then stored in another central database (“SwissPass database”), for which we are jointly responsible with the TU and NDV Associations, whereby the database is in turn managed by SBB under NDV’s mandate. The data from the various databases are merged where necessary to ensure efficient service provision and cooperation between the parties involved.

In order to enable the so-called Single Sign- On (SSO) (a login for all applications that offer the use of their services with the SwissPass-Login), the aforementioned login, card, customer and performance data are exchanged between the central login infrastructure of the SwissPass and us during authentication.

The scope of access to the joint databases by the individual TUs and associations is regulated and limited by a joint agreement. The forwarding and processing by the other TUs and networks of NDV that takes place with the central storage is basically limited to contract processing, ticket control, après vente service and revenue distribution. In addition, the data collected for the purchase of NDV services [link to: in progress] will in certain cases also be processed for marketing purposes. This includes the evaluation of the data in order to further develop and advertise public transport services in line with requirements. If we contact you for this purpose, we ([company]) will always do so. Contact will only be established by the other TUs and associations involved in NDV in exceptional cases and under strict conditions, and only if the evaluation of the data shows that a particular public transport service could bring added value for you as a customer. One exception to this is when SBB contacts you. On behalf of NDV, SBB carries out the marketing mandate for the IT services (e.g. GA and Half-Fare travelcard) and can contact you regularly in this role.

Our legitimate interest forms the legal basis for the data processing mentioned here.

Will your data be passed on to third parties?

Your data will not be resold by us. Your personal data will then only be passed on to selected service providers and only to the extent necessary to provide the service. These are IT support service providers, exhibitors of subscription cards, shipping service providers (e.g. Swiss Post), service providers who are commissioned to allocate the traffic revenue to the transport companies involved (in particular in the course of compiling so-called distribution keys within the meaning of the Swiss Passenger Transport Act), our hosting provider (see section “Use of Internet presence”) and the providers mentioned in the sections on tracking tools, social plug-ins and advertisements. With regard to service providers based abroad, please also refer to the information in the “Where is your data stored” section.

In addition, your data may be passed on if we are legally obliged to do so or if this is necessary to safeguard our rights, in particular to enforce claims arising from our relationship with you.

If you book cross-border trips, they will also be passed on to the respective foreign providers. However, this only takes place to the extent necessary to check the validity of the tickets and to prevent misuse.

Our legitimate interest forms the legal basis for the data processing mentioned here.

Your personal data will not be disclosed to third parties other than public transport. The only exceptions (to the extent described below) are SwissPass partners and companies which have been granted permission by public transport companies to provide public transport services on the basis of a contractual agreement. These intermediaries will only be granted access to your personal data if you wish to obtain a public transport service via them and have given them your consent to access. Even in this case, you will only receive access to your data to the extent necessary to determine whether you already have tickets or subscriptions for the planned travel period that are relevant to your trip and the service you have requested from the third party. The legal basis for this data processing is therefore your consent. You can revoke your consent at any time with effect for the future (see Section 2.8).

If you use offers from a SwissPass partner using your SwissPass, data on any services you may have purchased from us (e.g. a GA travelcard, Half-Fare travelcard or Verbund route subscription) may be transmitted to the SwissPass partners in order to check whether you can benefit from a specific offer from the SwissPass partner (e.g. discount for GA holders). In the event of loss, theft, misuse, forgery or replacement of a card after the purchase of a service, the partner concerned will be informed.

This data processing is necessary for the processing of the contract on the use of the SwissPass and is therefore based on this legal basis. Further information can be found in the data protection declaration on swisspass.ch and the data protection declaration of the respective SwissPass partner.

How are tracking tools used?

We use the web analysis services of Google and swisspass.ch for the purpose of designing and continuously optimising our Internet pages, apps and e-mails to meet your needs. Our legitimate interest forms the legal basis for the data processing described below.

Tracking on Internet pages:

In connection with our Internet pages, pseudonymised user profiles are created and small text files (“cookies”) stored on your computer are used (see below “What are cookies and when are they used?”). The information generated by cookies about your use of these Internet pages is transferred to the servers of the providers of these services, stored there and processed for us. In addition to the data listed above (see “Which data is processed when using our Internet pages?”), we thereby receive the following information:

– Navigation path followed by a visitor on the website

– Time spent on the website or subpage

– Underside, on which the Internet page is left

– Country, region or city from which access is made

– End device (type, version, color depth, resolution, width and height of the browser window)

– returning or new visitor

– Browser type/version

– Operating system used

– Referrer URL (the previously visited page)

– Host name of the accessing computer (IP address) and

– Time of the server request

The information is used to evaluate the use of the Internet pages.

Tracking when sending e-mails:

When sending e-mails, we use e-mail marketing services provided by third parties.

Our e-mails may therefore contain a so-called web beacon or similar technical means. A web beacon is a 1×1 pixel, invisible graphic associated with the user ID of the respective e-mail subscriber.

For each newsletter sent, there is information on the address file used, the subject and the number of newsletters sent. In addition, you can see which addresses have not yet received the newsletter, to which addresses the newsletter has been sent and which addresses have failed to be sent. In addition, the opening rate, including information on which addresses have opened the newsletter and which addresses have unsubscribed from the newsletter distribution list, can be discussed.

The use of appropriate services makes it possible to evaluate the information listed above. In addition, the click behaviour can also be recorded and evaluated. We use this data for statistical purposes and to optimise the content of our news. This enables us to better tailor the information and offers in our e-mails to the individual interests of each recipient. The pixel-code is deleted when you delete the e-mail.

If you wish to prevent the use of the Web Beacon in our e-mails, please set your e-mail program so that no HTML is displayed in messages if this is not already the case as standard.

In the following you will learn more about our tracking tools:

Google Analytics

Our website uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA and Google Iland Limited, Gordon House Barrow St, Dublin 4, Ireland. Google Analytics uses methods that enable it to analyze website usage, such as cookies (see below “What are cookies and when are they used?”). The information generated by a cookie about your use of this website, as set out above, will be transmitted to and stored by Google, a company of the holding company Alphabet Inc., on servers in the United States. The IP address is shortened by activating IP anonymisation (“anonymizeIP”) on this website before transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area or Switzerland. The anonymous IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. In such cases, we provide contractual guarantees to ensure that Google maintains an adequate level of data protection.

The information is used to evaluate the use of the website, to compile reports on the activities on the website and to provide further services associated with the use of the website and the internet for purposes of market research and needs-based design of the website. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of third parties. According to Google, the IP address will in no case be associated with other data concerning the user.

Users may refuse the use of cookies by selecting the appropriate settings on their browser, which will permit the collection of data (including IP address) relating to the use of the website by the user concerned, and the processing of such data by Google by allowing users to download and install the browser plug-in available through the link below:

http://tools.google.com/dlpage/gaoptout?hl=de

What are cookies and when are they used?

In certain cases we use cookies. Cookies are small files that are stored on your computer or mobile device when you visit or use one of our websites. Cookies save certain settings via your browser and data about the exchange with the website via your browser. When a cookie is activated, it can be assigned an identification number that identifies your browser and allows you to use the information contained in the cookie. You can set your browser so that a warning appears on the screen before a cookie is saved. You can also do without the advantages of personal cookies. Certain services cannot be used in this case.

We use cookies to evaluate general user behaviour. The aim is to optimise the digital presence. These should be made easier to use and the contents more intuitive to find. They should be more comprehensible and structured. It is important to us to make the digital presentations user-friendly according to your needs. In this way, we can optimise the website through targeted content or information on the website that may be of interest to you.

Most web browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears when you receive a new cookie. On the following pages you will find explanations on how to configure the processing of cookies:

– Google Chrome for Desktop [link to: https://support.google.com/chrome/ans- wer/95647?hl=en]

– Google Chrome for Mobile [Link to: https://support.google.com/chrome/ans- wer/2392709?hl=de&co=GENIE.Platform%3DAndroid&oco=1]

– Microsoft’s Windows Internet Explorer [Link to: https://support.microsoft.com/de- de/help/17442/windows-internet-explorer-delete-manage-cookies]

– Apple Safari for Mobile [Link to: https://support.apple.com/de-de/HT201265]

The deactivation of cookies can lead to the fact that you cannot use all functions of our Internet side. Our legitimate interest forms the legal basis for the data processing described.

What are social plug-ins and how are they used?

You can use the following social plug-ins on our website:

Todo listing

Social plug-ins serve to make our Internet pages more personal. The plug-ins are deactivated by default on our websites and therefore do not send any data to the social networks. You can activate all plug-ins by clicking on the “Activate social media” button (so-called 2-click solution). The plug-ins can of course be deactivated with a single click.

If the plug-ins are activated, your browser establishes a direct connection with the servers of the respective social network as soon as you access our website. The content of the plug-in is transmitted directly from the social network to your browser, which then integrates it into the website.

Through the integration of the plug-ins, the respective provider receives the information that your browser has called up the corresponding page of our website, even if you do not have an account on this social network or are not currently logged in to it. This information (including your IP address) is transmitted by your browser directly to a server of the provider (usually in the USA) and stored there. We therefore have no influence on the amount of data the provider collects with the plug-in.

If you are logged in to the social network, it can assign the visit to our website directly to your user account. If you interact with the plug-ins, the corresponding information is also transmitted directly to a server of the provider and stored there. The information may also be published on the social network and displayed to other users of the social network under certain circumstances.

The provider of the social network may use this information for the purpose of advertising, market research and needs-based design of the respective offer. For this purpose, usage, interest and relationship profiles could be created, for example to evaluate your use of our website with regard to the advertisements displayed to you on the social network, to inform other users about your activities on our website and to provide further services associated with the use of the social network.

The purpose and scope of the data collection and the further processing and use of the data by the providers of the social networks, as well as your rights in this regard and the options for setting up your privacy, can be found directly in the data protection information of the respective provider.

If you do not want the social network provider to associate the data collected via our website with your user account, you must log out of the social network before activating the plug-ins.

The data processing described is based on our legitimate interest.

Data security.

We use suitable technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

We also take internal data protection very seriously. Our employees and the external service providers commissioned by us have committed themselves to secrecy and compliance with data protection regulations.

We take appropriate precautions to protect your data. However, the transmission of information via the Internet and other electronic means always involves certain security risks and we cannot guarantee the security of information transmitted in this way.

Last updated: December 2019

Translated from www.oeschinensee.ch/datenschutzerklaerung