DATA PROTECTION
REGULATIONS
The following data protection information concerns all processing of personal data by Engelberg-Titlis Tourismus AG (ETT), entered in the commercial register of the Canton of Obwalden (CHE-104.991.377).
According to the data protection law, ETT is responsible for the following data processing. The following data protection information does not just concern the processing of data associated with the website www.engelberg.ch, but also the processing of personal data at points of sale.
These data protection regulations apply as an integral component of the general terms and conditions (GTC) of ETT.
We are obliged to handle your personal data responsibly. Consequently, for us it is self-evident that we should meet the legal requirements of the Swiss Data Protection Act (DSG), the Ordinance to the Federal Act on Data Protection (VDSG), the Telecommunica-tions Act (FMG) and other provisions of the Swiss Data Protection Law. Furthermore, we also believe it is obvious that we should meet the legal requirements of the EU General Data Protection Regulation (EU-GDPR).
Please find below information about how we handle your personal data. Please be aware that the following information is reviewed and amended from time to time. We there-fore recommend that you view this data privacy statement regularly.
1. Scope and extent of data collection, data processing and the use of personal data on www.engelberg.ch.
When you visit our website, our servers temporarily record each access in a log file.
The following data is saved:
- The IP address of the inquiring computer,
- The date and time of the access,
- The name and URL of the accessed data,
- The website, from which you accessed our domain,
- The operating system of your computer and browser used,
- The country from which our website was accessed and
- The name of your internet provider.
In general, the collection and processing of this data is done anonymised without reference to people, so as to allow the use of the website (establishing a connection), ensure permanent system security and stability and to optimise the website, as well as for inter-nal statistical purposes. The information mentioned above is not linked to personal data or saved with such data.
Only in the event of an attack on the network infrastructure of the website, or suspicion of any other unauthorised or improper use, is the IP address evaluated for clarification and defence and, where necessary, used as part of criminal proceedings for identification purposes and for civil and criminal law proceedings against the affected user.
In the cases described above, we have a justified interest in data processing in accord-ance with Art. 6, paragraph 1 f, EU-GDPR.
B. During registration
The website can be visited without registering. Some bookings can also be made on the website with-out registration. Certain functions, on the other hand, are only available to registered users.
During registration, the following data is collection:
- E-mail address
- Password
The details in the customer account can be viewed and changed at any time. Ultimately, the customer can request the complete deletion of its customer account. If you want to delete your customer account, please send us a corresponding request (see the "Contact” section below).
The legal basis for the processing of your data for this purpose lies in the fulfilment of a contract as per Art. 6, paragraph 1 b, EU-GDPR.
C. Registering for events
On the website it is possible to register for various events and activities. Depending on the event, various personal details are recorded. In the registration screen you are notified of which information is mandatory and which is voluntary.
The following data is regularly recorded:
- Title
- First name and surname
- E-mail address
- Telephone number
The telephone number is required so that we can quickly get in touch with you when processing the booking, or to notify you about the completion of the event.
Please be aware that we forward the aforementioned relevant data for registration to all involved service providers. They will process your data to execute the booking. We will also include your data in our central database and process it there for marketing purposes, provided you have agreed to this. You can revoke your consent at any time (see below under “Contact”).
The legal basis for the processing of your data for this purpose lies in the fulfilment of a contract as per Art. 6, paragraph 1 b, EU-GDPR.
D. Booking mountain train tickets
You have the option to purchase mountain train tickets on our website. To make a book-ing, you have to provide the following information:
- First name and surname
- Address
- E-mail address
- Method of payment and credit card information
Please be aware that we forward the afore-mentioned relevant data for the booking to the involved service providers. They will process your data to execute the booking. We will also include your data in our central database and process it there for marketing purposes, provided you have agreed to it. You can revoke your consent at any time (see below under “Contact”).
Please be aware that the ticket shop is operated with the technical support and the aid of an application from Axess AG, Sonystrass 18, A 5081 Anif / Salzburg, Austria. You can find more information about the data processing by the applications of Axess AG here.
The legal basis for the processing of your data for this purpose lies in the fulfilment of a contract as per Art. 6, paragraph 1 b, EU-GDPR.
E. Booking accommodation
Accommodation can be booked on our website. When booking accommodation, the following information has to be provided:
- Title
- First name and surname
- Address
- E-mail address
- Telephone number
- Country
- Date of birth
- First name, surname and Date of birth
- Method of payment and credit card information
A telephone number is required to be able to contact you quickly in the event of prob-lems with the booking process or the processing of the booking.
Please be aware that we forward the afore-mentioned data, which is relevant for processing the booking, to the involved service providers. They will process your data to execute the booking. We will also include your data in our central database and process it there for marketing purposes, provided you have agreed to this. You can revoke your consent at any time (see below under “Contact”).
Please be aware that some of the accommodation bookings are done with the technical support and aid of an application of feratel media technologies AG, Maria-Theresien-Strasse 8, 6020 Innsbruck, Austria.
The legal basis for the processing of your data for this purpose lies in the fulfilment of a contract as per Art. 6, paragraph 1 b, EU-GDPR.
F. When booking services through the MICE department
Through our MICE department (Meetings Incentives Conventions Events), services such as accommodation, catering, social programs, transfers and event locations can be booked on account. When booking, please provide the following information:
- Title
- First name and surname
- Address
- Telephone number
- desired services
A telephone number is required to be able to contact you quickly in the event of prob-lems with the booking process or the processing of the booking.
Please be aware that we forward the aforementioned data, relevant for processing the booking, to the involved service providers. They will process your data to execute the booking. We will also include your data in our central database and process it there for marketing purposes, provided you have agreed to this. You can revoke your consent at any time (see below under “Contact”).
Please be aware that bookings of catering services are processed with the technical support and aid of an application of ONAX AG - it solutions, Italienische Strasse 49, 7408 Cazis, Switzerland. Further information about the applications of ONAX AG can be found here.
The legal basis for the processing of your data for this purpose lies in the fulfilment of a contract as per Art. 6, paragraph 1 b, EU-GDPR.
G. When buying items from the webshop
Through our website, various items can be purchased through the webshop. When booking an item, provide the following information:
- Title
- First name and surname
- Address, post code, town/city
- E-mail address
- Country
- Telephone number
- Delivery method
- Method of payment and credit card information
Please be aware that we forward the afore-mentioned data, which is relevant for processing the booking, to the involved service providers. They will process your data to execute the booking. We will also include your data in our central database and process it there for marketing purposes, provided you have agreed to it. You can revoke your con-sent at any time (see below under “Contact”).
Please be aware that some of the voucher bookings are done with the technical support and aid of an application of feratel media technologies AG, Maria-Theresien-Straße 8, 6020 Innsbruck Austria.
The legal basis for the processing of your data for this purpose lies in the fulfilment of a contract as per Art. 6, paragraph 1 b, EU-GDPR.
H. Subscribing to the newsletter
You can subscribe to our newsletter on our website. You have to provide the following information when subscribing:
- Title
- First name and surname
- E-mail address
By subscribing to the newsletter, you explicitly declare that we can use your address and personal data for marketing campaigns, such as the sending of our newsletters and/or the delivery of catalogues. You can unsubscribe from all marketing campaigns at any time. The contact details can be found in the "Contact” section below. In addition, you can find an unsubscribe link in every newsletter e-mail.
Furthermore, you can subscribe for the newsletter when you place a booking with us or take part in competitions.
The legal basis for the processing of your data for this purpose is therefore the consent you have given, as per Art. 6, paragraph 1 a, EU-GDPR.
I. Applying for a job vacancy
You can apply for a job vacancy via our website. You have to provide the following information in the application:
- Title
- First name and surname
- Address
- Telephone number
- E-mail address
- Nationality
- Date of birth
- Residence permit
This and other voluntary information provided by you (such as the uploading of files) is used by us to evaluate your application and for the application process. After the end of the application process, we destroy your data.
The legal basis for the processing of your data for this purpose is the execution of an agreement (pre-contractual phase) and our justified interest as per Art. 6, paragraph 1 b and f, EU-GDPR.
J. Cookies
Cookies help us, amongst other things, to make your visit to our website easier, more pleasant and expedient. Cookies are data files which your web browser automatically saves on the hard drive of your computer, when you visit our website.
Cookies neither damage the hard drive of your computer nor transfer your personal data to us.
We use cookies, for example, to recognise you as a registered user, without you having to login again each time. In this case, using cookies does not mean that we receive new personal data about you as an online visitor.
Most internet browsers accept cookies automatically. You can, however, make settings in your browser so that no cookies are saved on your computer, or you receive a warning message when you encounter a new cookie. You can find more information about this in the setting options of your browser.
The deactivation of cookies may, however, mean that you are not able to use all of the functions of our portal.
K. Google Analytics
We use Google (Universal) Analytics, a web analysis service of Google Inc. to design our website to meet your needs and to continually optimise our website. In this context, pseudonymised user profiles are created and small text files used, which are saved on your computer (cookies). Information about your use of this website, generated by the cookie, such as
- The browser type/version
- Operating system used
- Referrer URL (previous visited page)
- Host name of the accessing computer (IP address)
- Time of server request
- Device
are transferred to a server of Google Inc., part of the holding company Alphabet Inc., in the USA and saved there. The IP address is abbreviated by activating the IP anonymising function ("anonymizeIP") on this website before transfer within the Member States of the European Union or in other EEC states. The anonymised IP address transferred by your browser due to Google Analytics is not com-piled with other data from Google. Only in exceptions is the full IP address transferred to a server of Google in the USA and abbre-viated there. In these cases we ensure, by undertaking contractual guar-antees, that Google Inc. maintains a sufficient level of data protection.
The information is used to evaluate the use of the website, to compile reports about website activities and to provide other services associated with the use of the website and the internet for the purpose of market research, and to designing these websites to meet your needs. This information is also transferred to third parties, if necessary, if this is specified by law or if third parties process this data on our behalf. According to Google Inc., the IP address is not linked to other data associated with the user.
Users can prevent the recording of userrelated data generated by the cookie, and concerning the use of the website (incl. the IP address), by Google, and the processing of this data by Google, by downloading and installing the browser plugin available here.
As an alternative to the browser plugin, users can click on this link to prevent the recording of data by Google Analytics on the website in the future. This stores an opt-out cookie on the user’s end device. If the user deletes its cookies (see the section “Cookie” above), it is necessary to click on the link again.
We would like to point out that, in the view of the European Union, the USA does not have a sufficient level of data protection – in part due to the issues mentioned in this section. Where we have mentioned in this data privacy statement that recipients of data (such as Google) have their place of residence in the USA, we will ensure, either by agreeing contractual regulations with these companies, or by ensuring the certification of this companies under the EU-US Privacy Shield, that your data is protected to a suitable level by our parties.
The legal basis for the processing of your data for this purpose is our justified interest as per Art. 6, paragraph 1 f, EU-GDPR.
L. Links to our Social Media sites and Facebook plugins
On our website we have links to our social media sites on the following social networks:
- Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA,
- Instagram Inc., 1601 Willow Road, Menlo Park, California 94025, USA,
- Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA und
- Youtube, ein von Google Inc. betriebener Dienst
- Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA,
- Google+, , Amphitheatre Parkway, Mountain View, Ca 94043, USA
If you click on symbols of the respective social networks, you are automatically forwarded to our profile page on the respective network. To be able to use the functions of the respective network, you may have to login to your user account on the respective network.
If you click on a link to one of our social medial profiles, a direct connection is generated between your browser and the server of the respective social network. By doing so, the network receives information that you visited our website with your IP address, and clicked on the link. If you click on a link to a network while being logged in to your ac-count on the respective network, the content of our page can be linked with your profile on the network, which means that the network can directly allocate your visit to our web-site, to your user account. If you want to prevent this, you should log out before clicking on the respective links. In any case, the information is still linked if you login to the respective network after clicking on the link.
We also use Facebook social plugins. In this case, it is possible that the IP address of all visitors to our website could be forwarded to the servers of Facebook. The data protection provisions of Facebook apply in this case, which you can find here.
The legal basis for the processing of your data for this purpose is our justified interest as per Art. 6, paragraph 1 f, EU-GDPR.
2. Collection of data outside of our website
A. General
ETT also obtains personal data about you outside of the website. This could be, for example, if you get in touch with us by e-mail or phone independently from the website, and we have to record your data to process your request (e.g. your e-mail address or telephone number), so that we can contact you.
We also record your personal data if you register, for example, for an event on site or book accommodation. When doing so, we generally obtain the same data that we would get for bookings on the website.
The legal basis for this data processing is the processing your contact request and is therefore a justified interest as per Art. 6, paragraph 1f, GDPR, or the execution of a contract as per Art. 6, paragraph 1b, GDPR.
In the event of any third-party services, we are merely the intermediate and make bookings on behalf of the service provider. We forward the data for processing the booking to the respective service provider. These service providers are responsible for the further processing of data according to the data protection law. Provided nothing else is stated, the service providers will use the data for the processing of the booking. They can also involve third parties who process the data on their behalf. Hoteliers, holiday apartment and holiday home landlords and campsite owners are also legally obliged to report you and your co-travellers to the authorities.
With third-party services, we are not responsible for the data processing of the service provider. However, we will save the booking data and all other data which we collect in association with service in our central database and evaluate it there for marketing purposes (see below), provided we have your consent.
Particularly sensitive personal data: Depending on the services you have booked, it may be the case that particularly sensitive personal data has to be collected or that you have to provide such information. For example, your religion may be deduced based on a dietary request or similar. This data is forwarded to the service provider to ensure the contract is executed correctly. By providing this kind of information, you explicitly authorise us to use this information in accordance with this provision and allow us to forward it to the service provider.
B. Participation in surveys
You have the option to take part in our surveys. We perform these surveys to improve our services. Participation is possible in anonymously. If you do not wish to complete the survey anonymously, you usually have to provide the following information:
- First name and surname
- Address - E-mail address
- Date of birth
- Duration of stay (from-to)
Please be aware that we may cooperate with SurveyMonkey Europe UC, 2 Shelbourne Buildings, 2nd Floor, Shelbourne Road, Ballsbridge, Dublin 4, Ireland for technical support, and use an application of theirs. You can find more information about the company here.
The legal basis for this processing of data is, on the one hand, the consent you have issued and in our justified interest as per Art. 6, paragraph 1 a and f, GDPR.
3. General provisions
A. Saving of your personal data in a central database of ETT
The personal data mentioned in the previous sections may be centrally saved, processed and also evaluated by ETT. These evaluations can lead to user profiles being created about you. When using the afore-mentioned website functions, you agree that we can save your personal data in our central database and evaluate the data there for advertising purposes. You agree that user profiles can be created about you. You give us your consent to evaluate your personal data for advertising purposes and to create user pro-files. This content forms, in accordance with Art. 6, paragraph 1 a, EU-GDPR, the legal basis for our processing of your data. You can revoke the evaluation of your personal data for advertising purposes and the creation of user profiles at any time (see below under “Contact”).
B. Forwarding of data to third parties
We only forward your personal data if you have explicitly agreed to it, if there is a legal obligation to do so, or if this is necessary to assert our rights, in particular to assert claims from the contractual relationship.
Furthermore, we forward your data to third parties, if this is necessary within the scope of the use of the website and the processing of the contract (also outside of the website), namely the processing of your bookings, the processing of event notifications, the processing of your ticket purchases and the analysis of your user behaviour.
Various third-party service providers are explicitly mentioned in this data privacy statement (for example in the sections “Newsletter, “Booking mountain train tickets” and “Social Plugins”). Another service provider to whom personal data is forwarded, or who has or could have access to personal data, is our website hosting company Webhoster Full Moon Digital GmbH, Löffelstrasse 40B, 70597 Stuttgart, Germany.
Finally, for payments by credit card, we forward your credit card information to your credit card issuer and the credit card acquirer. If you decide to make a payment by credit card, you will be requested to enter all the mandatory information. With regards to the processing of your credit card information by these third parties, we request that you also read the general terms and conditions and the data privacy statement of your credit card issuer.
C. Transfer of personal data abroad
We are permitted to forward your data to third-party companies abroad, if this is necessary in connection with the processing of your requests, to provide services and for marketing campaigns. These third-party companies are obliged to treat the private sphere of the user in the same way of the provider itself. If the level of data protection is deemed unsuitable in a country, according to the EU General Data Protection Regulation (EU-GDPR), we will ensure that your personal data is protected at all times in accordance with the EU-GDPR, by concluding a corresponding contract.
Various third-party service providers and their places of residence have already been mentioned in the section above (“Forwarding of data to third parties"). Some of the third-party service providers men-tioned in this data privacy statement have their place of residence in the USA (see above). Further details about the transfer of data to the USA can be found in the section "Google Analytics."
D. Right to information, deletion and correction
You can request information about the personal data we have saved about you at any time. Requests for information must be sent in writing with a proof of identity. You are also entitled to request the deletion or correction of the personal data about you that we have saved.
You also have the right to request back the data that you have given us (right to data portability). On request, we will also forward the data to a third party of your choice. You have the right to receive the data in a standard file format.
You can do this by sending a corresponding request by e-mail to [email protected]. You can find other contact options in the section “Contact”. We hereby point out that we reserve the right to request proof of identity and that, in the event of the deletion of your data, the use of our services may not be possible, or may not be possible in full.
Consent about particular types of data processing can be revoked at any time, with effect for the future.
Please note that, according to law, certain data has to be stored for a particular period of time. This data therefore has to remain saved until these periods of time have expired. We block this data in our system and only use it to meet legal requirements (for details about this, please see the section “Storage of data” below).
E. Data security
We take suitable technical and organisational safety measures, which seem appropriate to us, to protect the data about you we have saved from manipulation, partial or complete loss and unauthorised third-party access. Our safety measures are continually adapted in line with the developments in technology.
We also take the protection of data in our own company very seriously. Our employees and the service providers commissioned by us are obliged to maintain confidentiality and to comply with the legal provisions concerning data protection. Furthermore, they are only granted access to personal data if necessary.
F. Storage of data
We only save personal data for as long as necessary,
- To use the afore-mentioned service within the scope of our justified interest;
- To execute to services to the extent mentioned above, which you have requested or given your con-sent for.
Contract data is stored for us for a longer period of time, as specified by the legal storage obligations. Storage obligations which oblige us to store data, arise from the provisions concerning invoicing and tax law. According to these provisions, business communication, concluded contracts and accounting documents have to be stored for up to 10 years. If we no longer require this data to provide the services for you, the data is blocked. This means that the data can only be used for invoicing and tax purposes.
G. Contact
If you have questions about data protection, require information or want to have your data deleted, please contact us by sending an e-mail to [email protected].
H. Complaints to the data protection supervisory authorities
You have the right to complain at any time to the data protection supervisory authorities.