Data protection
With this privacy policy, we inform you about the personal data we process in connection with our activities and operations, including our bergblick-lodge.ch website. We provide information, in particular, about the purposes, methods, and locations of the personal data we process. We also inform about the rights of individuals whose data we process.
For specific or additional activities and operations, additional privacy policies as well as other legal documents such as Terms and Conditions (T&C), Terms of Use, or Participation Terms may apply.
We are subject to Swiss data protection law as well as any applicable foreign data protection law, particularly that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission acknowledges that Swiss data protection law ensures adequate data protection.
1. Contact addresses
Responsibility for the processing of personal data:
Bergblick Lodge
Scheidgasse 46
3703 Aeschi bei Spiez
Schweiz
In individual cases, there may be other controllers for the processing of personal data or joint responsibility with at least one other controller.
2. Terms and Legal Basis
2.1 Terms
Personal data refers to any information relating to an identified or identifiable natural person. A data subject is a person about whom we process personal data.
Processing includes any handling of personal data, regardless of the means and methods applied, such as querying, matching, adapting, archiving, storing, retrieving, disclosing, acquiring, collecting, recording, deleting, arranging, organizing, altering, disseminating, linking, destroying, and using personal data.
The European Economic Area (EEA) comprises the Mitgliedstaaten der Europäischen Union (EU) The European Economic Area (EEA) includes the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as "processing of personal data".
2.2 Legal Basis
We process personal data in accordance with Swiss data protection law, particularly the Bundesgesetz über den Datenschutz (Datenschutzgesetz, DSG) and the Verordnung über den Datenschutz (Datenschutzverordnung, DSV).
We process - to the extent that the General Data Protection Regulation (GDPR) applies - personal data in accordance with at least one of the following legal bases:
- Art. 6 Abs. 1 lit. b DSGVO for the necessary processing of personal data to fulfill a contract with the data subject and to carry out pre-contractual measures.
- Art. 6 Abs. 1 lit. f DSGVO for the necessary processing of personal data to safeguard our legitimate interests or those of third parties, unless the fundamental freedoms and rights as well as interests of the data subject prevail. Legitimate interests include, in particular, our interest in being able to exercise our activities and operations permanently, user-friendly, securely, and reliably, as well as communicate about them, ensuring information security, protection against misuse, enforcement of our own legal claims, and compliance with Swiss law.
- Art. 6 Abs. 1 lit. c DSGVO for the necessary processing of personal data to fulfill a legal obligation to which we are subject under any applicable law of the Member States in the European Economic Area (EEA).
- Art. 6 Abs. 1 lit. e DSGVO for the necessary processing of personal data to perform a task carried out in the public interest.
- Art. 6 Abs. 1 lit. a DSGVO for the processing of personal data with the consent of the data subject.
- Art. 6 Abs. 1 lit. d DSGVO for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.
3. Nature, scope and purpose
We process those personal data that are necessary to exercise our activities and operations permanently, user-friendly, securely, and reliably. Such personal data may include, in particular, categories of inventory and contact data, browser and device data, content data, meta or peripheral data, and usage data, location data, sales data as well as contract and payment data.
We process personal data for the duration necessary for the respective purpose(s) or as required by law. Personal data that is no longer required for processing will be anonymized or deleted.
We may have third parties process personal data on our behalf. We may process personal data jointly with third parties or transfer it to third parties. Such third parties include, in particular, specialized providers whose services we use. We also ensure data protection with such third parties.
We generally only process personal data with the consent of the data subjects. To the extent that processing is permissible for other legal reasons, we may refrain from obtaining consent. For example, we may process personal data without consent to fulfill a contract, to comply with legal obligations, or to safeguard overriding interests.
We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, to the extent that such processing is permissible for legal reasons.
4. Communication
We process personal data to communicate with third parties. In this context, we particularly process data that a data subject provides when contacting us, for example, by postal mail or email. We may store such data in an address book or similar tools.
Third parties transmitting data about other individuals are obligated to ensure data protection for such data subjects. This includes ensuring the accuracy of the transmitted personal data.
We use selected services from suitable providers to communicate more effectively with third parties.
5. Applications
We process personal data of job applicants to the extent necessary for assessing suitability for employment or for the subsequent performance of an employment contract. The necessary personal data arises primarily from the information requested, for example, in the context of a job advertisement. We may publish job advertisements with the help of suitable third parties, for example, in electronic and printed media or on job portals and job platforms
We also process personal data voluntarily provided or published by job applicants, particularly as part of cover letters, resumes, and other application documents, as well as online profiles.
We process - to the extent that the General Data Protection Regulation (GDPR) applies - personal data of job applicants particularly by Art. 9 Abs. 2 lit. b DSGVO.
We may allow applicants to store their information in our talent pool to consider them for future job openings. We may also use such information to maintain contact and provide updates. If we believe that an applicant is suitable for a job opening based on the information provided, we may inform the applicant accordingly.
6. Data Security
We implement appropriate technical and organizational measures to ensure data security commensurate with the respective risk. With our measures, we ensure, in particular, the confidentiality, availability, traceability, and integrity of the processed personal data, although we cannot guarantee absolute data security.
Access to our website and other online presence is encrypted using transport encryption (SSL/TLS, especially with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a small padlock icon in the address bar.
Our digital communication, like all digital communication in principle, is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, Europe, the United States of America (USA), and other countries. We cannot directly influence the corresponding processing of personal data by intelligence services, police authorities, and other security authorities. We also cannot exclude the possibility that individual data subjects are specifically monitored.
7. Personal Data Abroad
We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, particularly for processing purposes.
We may transfer personal data to all Staaten und Territorien auf der Erde as well as elsewhere in the Universum export, provided that the local law according to Beschluss des Schweizerischen Bundesrates Adequate data protection and, where applicable, in accordance with the General Data Protection Regulation (GDPR) Beschluss der Europäischen Kommission ensuring adequate data protection.
We may transfer personal data to countries whose laws do not ensure adequate data protection, provided that data protection is ensured for other reasons, particularly based on standard data protection clauses or other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the special data protection requirements are met, such as the explicit consent of the data subjects or a direct connection with the conclusion or performance of a contract. Upon request, we will gladly provide data subjects with information about any safeguards or provide a copy of any safeguards.
8. The rights of data subjects
8.1 Data protection claims
We grant data subjects all rights as per the applicable data protection law. Data subjects particularly have the following rights:
- Affected individuals have the right to request information on whether we process personal data about them, and if so, what personal data it concerns. Affected individuals also receive the necessary information to assert their data protection rights and ensure transparency. This includes the processed personal data itself, as well as details such as the purpose of processing, the duration of retention, any disclosure or transfer of data to other countries, and the source of the personal data.
- Correction and Restriction: Affected individuals have the right to correct inaccurate personal data, complete incomplete data, and request the restriction of processing of their data.
- Deletion and Objection: Affected individuals can request the deletion of personal data ("Right to be Forgotten") and object to the processing of their data with effect for the future.
- Data Disclosure and Data Portability: Affected individuals can request the disclosure of personal data or the transfer of their data to another controller.
We reserve the right to postpone, restrict, or refuse the exercise of the rights of affected individuals within legally permissible limits. We may inform affected individuals about any requirements that need to be met to exercise their data protection rights. For example, we may refuse to provide information in whole or in part by referring to trade secrets or the protection of other individuals. Similarly, we may refuse to delete personal data in whole or in part by referring to legal retention obligations.
We may exceptionally impose costs for the exercise of rights. We will inform affected individuals in advance about any potential costs.
We are obligated to identify affected individuals who request information or assert other rights through appropriate measures. Affected individuals are obliged to cooperate.
8.2 Legal Protection
Affected individuals have the right to enforce their data protection claims through legal action or to file a complaint with the competent data protection supervisory authority.
The data protection supervisory authority for complaints from affected individuals against private entities and federal agencies in Switzerland is the Eidgenössische Datenschutz- und Öffentlichkeitsbeauftragte (EDÖB).
European data protection supervisory authorities for complaints from affected individuals - where and to the extent that the General Data Protection Regulation (GDPR) applies - are organized as Mitglieder im Europäischen Datenschutzausschuss (EDSA). In some member states of the European Economic Area (EEA), data protection supervisory authorities are structured federally, insbesondere in Deutschland.
9. Website Usage
9.1 Cookies
We may use cookies. Cookies - both first-party cookies and third-party cookies from services we use - are data stored in the browser. Such stored data is not necessarily limited to traditional text-based cookies.
Cookies can be stored in the browser temporarily as "session cookies" or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies allow, in particular, for recognizing a browser on the next visit to our website, thereby, for example, measuring the reach of our website. However, permanent cookies can also be used for online marketing purposes.
Cookies can be disabled or deleted entirely in the browser settings at any time. Without cookies, our website may not be fully functional. We request - at least where necessary - explicit consent for the use of cookies.
For cookies used for tracking success and measuring reach or for advertising purposes, many services offer a general opt-out option through the AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA) is possible.
9.2 Logging
We can log at least the following information for each access to our website and other online presence, provided that they are transmitted to our digital infrastructure during such accesses: Date and time, including timezone, IP-Adresse, Access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual sub-page of our website including transmitted data volume, last visited webpage in the same browser window (referrer).
We log such information, which may also constitute personal data, in log files. The information is necessary to provide our online presence permanently, user-friendly, and reliably. Furthermore, the information is necessary to ensure data security - also by third parties or with the help of third parties.
9.3 Tracking pixel
We can integrate tracking pixels into our online presence. Tracking pixels are also referred to as web beacons. Tracking pixels - including those from third parties whose services we use - are typically small, invisible images or scripts formulated in JavaScript that are automatically retrieved when accessing our online presence. With tracking pixels, at least the same information as in log files can be captured.
10. Notifications and Messages
We send notifications and messages via email and through other communication channels such as instant messaging or SMS.
10.1 Success and Reach Measurement
Notifications and messages may contain web links or tracking pixels that record whether an individual message has been opened and which web links were clicked. Such web links and tracking pixels can also capture the usage of notifications and messages on a personalized basis. We require this statistical tracking of usage for success and reach measurement to effectively and user-friendly send notifications and messages based on the needs and reading habits of the recipients, and to ensure their permanent, secure, and reliable delivery.
10.2 Consent and Objection
You must generally consent to the use of your email address and other contact information, unless the use is permissible for other legal reasons. For potentially obtaining a double confirmed consent, we may use the "Double Opt-in" procedure. In this case, you will receive a notification with instructions for double confirmation. We can log obtained consents, including IP-Adresse and Zeitstempel for evidentiary and security reasons.
You can generally object to receiving notifications and messages such as newsletters at any time. With such an objection, you can also object to the statistical tracking of usage for success and reach measurement. Reserved are necessary notifications and messages related to our activities and operations.
10.3 Service Providers for Notifications and Messages
We send notifications and messages with the help of specialized service providers.
We particularly utilize:
- Brevo: Building and maintaining customer relationships especially via email and instant messaging; Provider: Sendinblue GmbH (Germany); Data Privacy Information: Datenschutzerklärung, «Datenschutz und Datensicherheit», «Sicherheit und Datenschutz».
11. Social Media
We are present on social media platforms and other online platforms to communicate with interested individuals and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).
The general terms and conditions (GTC) and terms of use, as well as privacy policies and other provisions of the individual operators of such platforms, also apply. These provisions particularly inform about the rights of affected individuals directly towards the respective platform, including, for example, the right to information.
For our social media presence on Facebook, including the so-called Page Insights, we are jointly responsible with Meta Platforms Ireland Limited (Ireland), where the General Data Protection Regulation (GDPR) applies. The Meta Platforms Ireland Limited is part of the Meta-Unternehmen (including in the USA). Page Insights provide information on how visitors interact with our Facebook presence. We use Page Insights to effectively and user-friendly provide our social media presence on Facebook.
Further information about the nature, scope, and purpose of data processing, details about the rights of data subjects, as well as contact information for Facebook and Facebook's data protection officer can be found in the Datenschutzerklärung von Facebook. We have concluded the so-called «Zusatz für Verantwortliche» with Facebook, thereby agreeing in particular that Facebook is responsible for ensuring the rights of data subjects. For the so-called Page Insights, the corresponding information can be found on the «Informationen zu Seiten-Insights» including «Informationen zu Seiten-Insights-Daten».
12. Third-Party Services
We use services from specialized third parties to conduct our activities and operations permanently, user-friendly, securely, and reliably. With such services, we can embed features and content into our website. In such embedding, for technical reasons, the services used may temporarily collect at least the IP-Adressen of users.
For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. This may include performance or usage data to provide the respective service.
We particularly utilize:
- Dienste von Google: Providers: Google LLC (USA) / Google Ireland Limited (Irland) for users in the European Economic Area (EEA) and in Switzerland; General Data Privacy Information: «Grundsätze zu Datenschutz und Sicherheit», Datenschutzerklärung, «Google ist der Einhaltung der anwendbaren Datenschutzgesetze verpflichtet», «Leitfaden zum Datenschutz in Google-Produkten», «Wie wir Daten von Websites oder Apps verwenden, auf bzw. in denen unsere Dienste genutzt werden» (Angaben von Google), «Arten von Cookies und ähnliche Technologien, die Google verwendet», «Werbung, auf die du Einfluss hast» («Personalisierte Werbung»).
- Dienste von Microsoft: Providers:for users in the European Economic Area (EEA), Switzerland, and the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; General Data Privacy Information: «Datenschutz bei Microsoft», «Datenschutz und Privatsphäre», Datenschutzerklärung, «Daten- und Datenschutzeinstellungen».
12.1 Digital Infrastructure
We use services from specialized third parties to access the necessary digital infrastructure related to our activities and operations. This includes, for example, hosting and storage services from selected providers.
We particularly utilize:
- Hostpoint: Hosting; Provider: Hostpoint AG (Switzerland); Data Privacy Information: Datenschutzerklärung.
12.2 Social Media Features and Social Media Content
We use services and plugins from third parties to embed features and content from social media platforms, as well as to enable content sharing on social media platforms and through other means.
We particularly utilize:
- Facebook (Soziale Plugins): Embedding Facebook functions and content, such as 'Like' or 'Share'; Providers: Meta Platforms Ireland Limited (Ireland) and weitere Meta-Unternehmen (including in the USA); Data privacy information: Datenschutzerklärung.
- Instagram-Plattform: Embedding Facebook features and Facebook content, such as "Like" or "Share"; Providers: Meta Platforms Ireland Limited (Ireland) and weitere Meta-Unternehmen (including in the USA); Data Privacy Information: Datenschutzerklärung (Instagram), Datenschutzerklärung (Facebook).
- LinkedIn Consumer Solutions Platform: Embedding LinkedIn features and content, such as Plugins like the «Share Plugin»; Provider: Microsoft; LinkedIn-specific information: «Datenschutz» («Privacy»), Datenschutzerklärung, Cookie-Richtlinie, Cookie-Verwaltung / Widerspruch gegen E-Mail und SMS-Kommunikation von LinkedIn, Widerspruch gegen interessenbezogene Werbung.
12.3 Mapping Data
We use third-party services to embed maps into our website.
We particularly utilize:
- Google Maps including Google Maps Platform: Mapping Service; Provider: Google; Google Maps-specific information: «Wie Google Standortinformationen verwendet».
12.4 Digital Audio and Video Content
We use services from specialized third parties to enable the direct playback of digital audio and video content such as music or podcasts.
We particularly utilize:
Video Platform; Provider: Vimeo Inc. (USA); Data Privacy Information: Datenschutzerklärung, «Privates Video-Hosting».
YouTube: Video Platform; Provider: Google; YouTube-specific information: «Datenschutz- und Sicherheitscenter», «Meine Daten auf YouTube».
13. Website Extensions
We use extensions for our website to enable additional features. We can use selected services from suitable providers or use such extensions on our own server infrastructure.
We particularly use:
- CleanTalk: Website Spam Protection; Provider: CleanTalk Inc. (USA); Data Privacy Information: Datenschutzerklärung.
14. Success and Reach Measurement
We aim to determine how our online offering is used. In this context, we can measure the success and reach of our activities and operations, as well as the impact of third-party links to our website. Additionally, we can experiment and compare how different parts or versions of our online offering are used (using the "A/B test" method). Based on the results of success and reach measurement, we can particularly address errors, strengthen popular content, or make improvements to our online offering.
For success and reach measurement, in most cases, the IP-Adressen of individual users are stored. In this case, IP addresses are generally truncated ("IP masking") to follow the principle of data minimization through the appropriate pseudonymization.
During success and reach measurement, cookies may be used, and user profiles may be created. Any created user profiles may include, for example, the visited individual pages or viewed content on our website, information about the size of the screen or browser window, and the - at least approximate - location. In principle, any user profiles are created exclusively in pseudonymized form and are not used to identify individual users. However, individual third-party services, where users are logged in, may potentially associate the usage of our online offering with the user account or profile on the respective service.
We particularly use:
Success and Reach Measurement; Provider: Google; Google Analytics-specific Information: Measurement across different browsers and devices (Cross-Device Tracking) as well as with pseudonymized IP addresses, which are only exceptionally transmitted in full to Google in the USA, «Datenschutz», «Browser Add-on zur Deaktivierung von Google Analytics».
15. Real Cookie Banner
To manage the used cookies and similar technologies (tracking pixels, web beacons, etc.) and related consents, we use the consent tool "Real Cookie Banner." Details on how "Real Cookie Banner" works can be found below: https://devowl.io/de/rcb/datenverarbeitung/.
The legal basis for processing personal data in this context are Art. 6 Abs. 1 lit. c DS-GVO and Art. 6 Abs. 1 lit. f DS-GVO. Our legitimate interest lies in managing the used cookies and similar technologies, as well as the related consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obligated to provide the personal data. However, if you do not provide the personal data, we will not be able to manage your consents.
16. Final Provisions
We reserve the right to amend and supplement this privacy policy at any time. We will inform you about such changes and additions in an appropriate manner, particularly by publishing the current privacy policy on our website.