1. General Information
Davos Klosters Bergbahnen AG, Weisse Arena Bergbahnen AG, Arosa Bergbahnen AG, and Lenzerheide Bergbahnen AG (hereinafter collectively referred to as “Partners”, “we” or “us”) explain in this Privacy Policy how we process your personal data in connection with the provision of our website https://www.topcard.info (the “Website”). In this document, we use the term “data” synonymously with “personal data”.
To ensure that all products and services of the Website and the TOPCARD itself can be offered seamlessly, the data collected through the Website are exchanged between the partners and used jointly to coordinate and manage the products and services. The exchange of data is also necessary to provide you with optimal customer service. In the sense of applicable data protection law, Davos Klosters Bergbahnen AG, Weisse Arena Bergbahnen AG, Arosa Bergbahnen AG, and Lenzerheide Bergbahnen AG are “jointly responsible” for the data processing described in this Privacy Policy. This means that all partners collaborate in deciding how your data are processed and are jointly responsible for the processing of that data.
However, the partners do not execute all data processing as jointly responsible parties; other privacy policies, general terms and conditions, and similar documents may regulate specific matters. On the website of the respective partner, you can learn more about the data processing that each partner carries out independently:
2. Joint Controllers
Unless stated otherwise, the following legal entities are jointly responsible for the data processing described in this Privacy Policy according to data protection laws:
If you have questions and concerns regarding your personal data you can contact the email addresses listed above.
3. Collection and Processing of Data
We collect data when you visit our website, use the functionalities available on the website, buy our products or services, and/or enter into a business relationship with us. The processing of your data is limited to data that is necessary for the operation of functional websites and the provision of our content available there. The specific data we process about you depends on the occasion and purpose of processing.
If you transmit or disclose data about other persons than yourself, we assume that you are authorized to do so and that these data are correct. By transmitting data about third parties, you confirm this. Please also ensure that these third parties have been informed about this Privacy Policy.
The categories of data that you have provided to us directly and the categories of data that we receive about you from third parties include, among others:
- Technical Data: IP address; information regarding the operating system of your device; cookies; the name and URL of the requested web page; volume of data transferred; region, date, and time of access; websites accessed through our website; websites from which access is made; type of browser; name of the internet service provider; logs, etc.;
- Identification Data: Name; salutation/title, address; email address; telephone number; gender; date of birth; nationality; start-destination, consent declarations (e.g., subscription to newsletters); photographs; copies of identification documents; payment information, etc.;
- Communication Data: Data transmitted via email, telephone, mail, or other means of communication; name; contact details; the manner, location, and time of communication and generally the content thereof (i.e., content of emails, letters, etc.), etc.;
- Contract and Service Data: Information relating to the use of our online offerings and/or regarding potential contract conclusions; order information (destination, salutation, name, address, telephone number, email address; additional persons; type of annual subscription; reference type; payment method); information about your contracts (e.g., type and date of conclusion), information about the products and services provided or to be provided; feedback information (e.g., complaints, satisfaction feedback, etc.); information required for the execution and management of contracts (e.g., information related to billing, guest services, technical support, and the enforcement of contractual claims), etc.;
- Behavioral and Preference Data: Information on user behavior on our website; information about the use of our products and services; information about your reaction to electronic communications; information from input fields (e.g., order form), etc.;
- Registration Data: Name; address; email address, etc.;
- Other Data: We may also collect data from you in other contexts. For example, data may be collected in connection with administrative or judicial proceedings (e.g., files, evidence, etc.).
There is no legal obligation for you to provide us with your data. However, within the scope of our business relationship, it is necessary for you to provide us with data that allows us to execute our transactions with you (e.g., recording your order; selling our products and services, etc.). Moreover, certain information must be disclosed to enable traffic on websites, for example, an IP address.
4. Purposes of Data Processing
The data collected is primarily used for the purpose of entering into and executing contracts with you and our business partners, especially in connection with the products and services offered on our website. We also process the data to fulfill our legal obligations, both domestically and internationally.
Furthermore, in accordance with applicable law and, where appropriate, we may process data for the following purposes, which lie within our legitimate interest or the legitimate interest of third parties:
- Sales and Guest Service: We process your data when advising you about our products and services, selling our products and services to you, and providing ongoing support in connection with them.
- Product/Service Development and Innovation: We process your data to further develop our products, services, website, and other platforms on which we operate, and to enhance our offerings.
- Relationship Management: We may use a Customer Relationship Management system (“CRM”) to store and process your data as described.
- Communication: We process your data for the purpose of communicating with you, especially to respond to your inquiries, assist you in the execution of your rights, and to get back to in case of inquiries.
- Marketing: We process your data for market, media, and opinion research and for the optimization of advertising campaigns, to show you advertisements and offers that are truly tailored to your interests, as well as for sending newsletters, if and to the extent you have given us your consent, as required by applicable law.
- Security: We process your data to protect our operations, our IT and other infrastructures, as well as our website and other platforms.
- Risk Management, Corporate Governance, and Business Development: We process your data within the framework of our risk management and corporate governance to protect ourselves from criminal or abusive activities. As part of our business development, we may sell businesses, parts of businesses, or companies to others, or acquire them from others, or enter into partnerships, which may result in the exchange and processing of data based on your consent.
- Legal Disputes: We process your data for the enforcement of legal claims and for defense in legal disputes and regulatory proceedings.
- Compliance with Laws: We process your data to comply with legal requirements (e.g., prevention and investigation of crimes and other misconduct; conducting internal investigations, data analysis for fraud prevention).
5. Legal Basis for Data Processing
In cases where we ask for your consent for certain processing activities (e.g., for receiving newsletters), we process your data on the basis of this consent. You may revoke your consent at any time with effect for the future by written notification (email suffices) to us. If you wish to revoke your consent to online tracking, please refer to section 8. The revocation of your consent does not affect the legality of the processing that we have carried out before your revocation, nor the processing of your data on the basis of other grounds for processing.
If we have not asked for your consent, we process your data for other legal reasons, such as a contractual obligation, a legal obligation, a vital interest of the data subject or another natural person, for the performance of a public task, or a legitimate interest, which includes compliance with the applicable law and the marketing of our products and services, the interest in better understanding our markets, and managing and developing our company, including its activities, safely and efficiently.
6. Disclosure of Data to Third Parties
In order to fulfill our contracts, comply with our legal obligations, protect our legitimate interests, and for the other purposes and legal reasons mentioned above, we may disclose your data to third parties, particularly to the following categories of recipients:
- Partners: Data is exchanged between partners in order to offer the services and benefits associated with TOPCARD smoothly and to improve customer services.
- Service Providers: We work with service providers at home and abroad who process data about you on our behalf or in joint responsibility with us, or who receive data about you from us on their own responsibility (e.g., IT providers, banks, insurance companies, telecommunications companies, credit reporting agencies, address verification providers, payment service providers, lawyers) or whom we commission to process data for one of the purposes mentioned above on our behalf and only according to our instructions.
- Contractual Partners: If the respective contract requires it, we pass on your data to other contractual partners, dealers, subcontractors, etc.
- Authorities: We may pass on personal data to offices, courts, and other authorities in Switzerland or abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. The authorities process the data about you, which they receive from us, on their own responsibility.
7. Newsletter
If you subscribe to one of our offered newsletters, you can cancel the subscription at any time by using the unsubscribe option included in the newsletter.
8. Cookies
We use cookies on our website that enable us to identify your browser or device, and that may allow certain third parties to do the same. Cookies are small files that your browser automatically creates and that are saved on your device (laptop, tablet, smartphone, etc.) when you visit our website.
Some cookies are essential for the operation of our website or for certain functions. These cookies only exist temporarily (“session cookies”) and are deleted after you visit our website. Other cookies are necessary to store user configurations and other information beyond a session (“permanent cookies”). Regardless, you have the option to configure your browser to reject cookies, to store them only for a single session, or to delete them before their usual expiration date.
Most of the cookies we use are so-called session cookies. We use permanent cookies solely to store user settings (e.g., language, etc.) and to understand how you utilize our services and content. Some cookies are sent to you by us, while others by business partners with whom we cooperate. If you choose to block cookies, you may not be able to use certain features (e.g., language settings, etc.).
By using our website and consenting to other marketing emails, you agree to the use of such techniques. Depending on the purpose of these cookies, however, we may ask for your express consent beforehand. You can always access your current settings under “Cookies,” adjust your settings, and, if necessary, revoke your previously given consent.
9. Tools
- Google
We utilize functions from Google on our website. Google Ireland, located in Ireland, is the provider of the services Google Analytics and Google Tag Manager and acts as our data processor. For this purpose, Google Ireland relies on Google LLC, based in the USA, as its data processor (both referred to as “Google”). Google tracks the behavior of visitors on our websites through performance cookies (duration, frequency of pages accessed, geographic origin of access, etc.) and generates reports for us based on this data regarding the use of our websites. We have entered into a data processing agreement with Google Ireland and fully implement the strict requirements of the GDPR in the use of Google services. For further information on how Google handles personal data, please refer to Google’s privacy policy: https://support.google.com/analytics/answer/6004245.
- Meta-Pixel
We use features of Meta Pixel (formerly Facebook Pixel) on our website to analyze the effectiveness of our advertising. Meta Pixel is operated by Meta Inc. in the USA. We have entered into a data processing agreement with Meta Inc. and fully implement the strict requirements of the GDPR in the use of Meta Pixel. More information on how Meta Pixel handles personal data can be found in the privacy policy of Meta Inc.: https://de-de.facebook.com/business/gdpr.
10. Data Transfer Abroad
As explained in the above sections, we also disclose data to other entities, which are not exclusively located in Switzerland. Therefore, your data may be processed both in Europe and in the USA; in exceptional cases, however, it may be processed in any country in the world.
We transfer data to countries without adequate legal data protection only when it is necessary for fulfilling a contract or for the assertion or defense of legal claims, or if such a transfer is based on your explicit consent or is subject to guarantees that ensure the protection of your data, such as the standard contractual clauses approved by the European Commission (adapted to Switzerland, where applicable).
11. Data Storage and Retention
We store and process your data only for the duration necessary to fulfil the purposes for which it was collected, including compliance with legal retention obligations and, as far as necessary for the assertion or defense of legal claims, until the end of the respective retention period or until the claims in question have been settled. After the respective retention period has expired, we will safely destroy your data in accordance with applicable laws and regulations.
12. Data Security
We take appropriate security measures to maintain the confidentiality, integrity, and availability of your data, to protect it against unauthorized or unlawful processing, and to prevent risks of loss, accidental alteration, unwanted disclosure, or unauthorized access. Nevertheless, we and your data can fall victim to cyber-attacks, cybercrime, brute force methods, hacker attacks, and other fraudulent and malicious activities, including but not limited to viruses, forgeries, malfunctions, and interruptions, which are beyond our control and responsibility. We have also established procedures for dealing with suspected data protection breaches and will notify you and any competent supervisory authorities of a breach if we are legally required to do so..
13. Your Rights
In connection with the processing of your data by us, depending on the applicable data protection law, you have various rights: the right to obtain information about how we process which personal data about you, the right to correction, the right to deletion, the right to restriction of processing, the right to data portability, the right to revoke consent previously given, the right to raise a complaint with the responsible data protection authority if you believe that we are not processing your personal data in compliance with data protection regulations, and the right to object to a specific processing. However, we ask you to contact us first if you believe that we are not processing your personal data according to your wishe, so that we can address and implement your concerns accordingly.
Please note that we reserve the right to assert legal restrictions if necessary, for example, if we are obliged to retain or process certain data, have an overriding interest (insofar as we can rely on such interests), or need the data to assert claims. Should the exercise of certain rights incur costs for you, we will inform you in advance. We have already referred to the possibility of revoking consent in section 8. It is important to note that exercising these rights may conflict with your contractual obligations and could result in consequences such as early termination of the contract or associated costs. Should this occur, we will inform you in advance, unless this has already been agreed upon contractually.
If you wish to exercise the rights mentioned above, please contact us through the details provided in section 2, unless otherwise specified or agreed. Please note that we need to identify you to prevent misuse, for example, by a copy of your identity card or passport, unless identification is possible in another way.
Furthermore, every affected person has the option to assert their rights in court or to file a complaint with the competent data protection authority. In Switzerland, the competent data protection authority is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
14. Updating and Changing this Privacy Policy
Due to the continuous development of our website and its content as well as due to changes in legislation or regulatory requirements, it may be necessary for us to change this privacy statement from time to time. The version published on this website is the current version at any given time.
Last updated: February 29, 2024
