Do you have a question?
{{phoneView}}
Opening hours:

Mon - Fri: 9 a.m. - 5 p.m
Saturday: 9 a.m. - 2 p.m (seasonal)
Sunday: closed

Privacy Policy

In case of discrepancies, the German version of this Privacy Policy shall prevail.

 

With this Privacy Policy, we inform you about the processing of personal data in connection with our activities and operations, including our website under the domain name booking.amden-weesen.ch. In particular, we explain why, how, and where we process which personal data. We also inform you about the rights of individuals whose data we process.

For individual or additional activities and operations, we may publish additional privacy policies or other information related to data protection.

We are subject to Swiss data protection law and, if applicable, foreign data protection laws, such as the European Union's General Data Protection Regulation (GDPR).

On July 26, 2000, the European Commission recognized that Swiss data protection law ensures an adequate level of data protection. This adequacy decision was confirmed by the European Commission in a report on January 15, 2024.

1. Contact Information

Responsible for Data Processing:

Amden Weesen Ferien und Freizeit GmbH
Dorfstrasse 22
8873 Amden
Switzerland

home@amden.swiss

In certain cases, third parties may be responsible for data processing, or there may be joint responsibility with third parties.

Data Protection Representation in the European Economic Area (EEA):
We have the following data protection representative in accordance with Art. 27 GDPR:

VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany

info@datenschutzpartner.eu

This data protection representative serves as an additional contact point for inquiries related to GDPR for affected individuals and authorities within the European Union (EU) and the European Economic Area (EEA).

2. Terms and Legal Basis

2.1 Terms

  • Affected Individual: Natural person whose personal data we process.
  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Special Categories of Personal Data: Data about trade union membership, political, religious, or philosophical beliefs, health, intimate sphere, racial or ethnic origin, genetic or biometric data uniquely identifying a person, criminal or administrative sanctions, and social welfare measures.
  • Processing: Any handling of personal data, regardless of the means and procedures used, such as querying, matching, adjusting, archiving, storing, reading, disclosing, collecting, recording, erasing, sharing, organizing, storing, modifying, linking, destroying, or using personal data.
  • European Economic Area (EEA): Member states of the European Union (EU) and Liechtenstein, Iceland, and Norway.

2.2 Legal Basis

We process personal data in accordance with Swiss data protection laws, such as the Federal Data Protection Act (DPA) and the Data Protection Ordinance (DPO).

When the European General Data Protection Regulation (GDPR) applies, we process personal data based on at least one of the following legal bases:

  • Art. 6(1)(b) GDPR: Processing necessary for the performance of a contract with the affected person or to take pre-contractual measures.
  • Art. 6(1)(f) GDPR: Processing necessary to safeguard legitimate interests, provided these do not override the fundamental rights and freedoms of the affected individual.
  • Art. 6(1)(c) GDPR: Processing necessary for compliance with a legal obligation under the laws of an EEA member state.
  • Art. 6(1)(e) GDPR: Processing necessary for a task carried out in the public interest.
  • Art. 6(1)(a) GDPR: Processing based on the consent of the affected individual.
  • Art. 6(1)(d) GDPR: Processing necessary to protect vital interests of the affected individual or another natural person.
  • Art. 9(2) GDPR: Processing special categories of personal data with the individual's explicit consent or under other specified conditions.

The GDPR refers to personal data processing as "processing of personal data" and the processing of special categories of personal data as "processing of special categories of personal data" (Art. 9 GDPR).

3. Type, Scope, and Purpose of Data Processing

We process the personal data necessary for the sustainable, user-friendly, secure, and reliable execution of our activities and operations. This may include browser and device data, content data, communication data, metadata, usage data, master data, location data, transaction data, contract data, and payment data.

We process personal data obtained from third parties, publicly accessible sources, or directly during our activities and operations, provided it is legally permissible.

We process personal data for as long as required for the respective purpose. Data is anonymized or deleted in line with legal retention and limitation periods.

4. Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties, or jointly process it with third parties. These third parties include specialized providers whose services we use.

Examples include banks, authorities, IT service providers, marketing agencies, logistics companies, and legal advisors.

 

5. Communication

We process personal data to communicate with individuals, authorities, organizations, and companies. In doing so, we process data provided by an affected individual during contact, such as through postal mail or email. We may store such data in an address book or similar tools.

Third parties who provide us with data about other individuals are required to ensure the privacy of the affected individuals independently. They must, in particular, ensure that such data is accurate and may be shared.

We use selected services from suitable providers to enable and improve communication with individuals and other communication partners. These services may also manage and process the data of affected individuals beyond direct communication.

We specifically use:

  • bexio: Customer Relationship Management (CRM); Provider: bexio AG (Switzerland); Privacy information: Privacy Policy, "Cloud and Data Security," "Data Security – Definitions and Measures for Businesses."

6. Data Security

We implement appropriate technical and organizational measures to ensure data security proportionate to the respective risk. These measures ensure confidentiality, availability, traceability, and integrity of processed personal data, although absolute data security cannot be guaranteed.

Access to our website and other online presences is via transport encryption (SSL/TLS, particularly with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn against visiting websites without transport encryption.

Our digital communication, like all digital communication, is subject to mass surveillance by security authorities in Switzerland, Europe, the United States of America (USA), and other countries. We have no direct influence on this data processing by intelligence services, law enforcement, or other security agencies. Individual surveillance of affected persons cannot be excluded.

7. Personal Data Abroad

We primarily process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transmit data to other countries, especially for processing or having it processed there.

We may export data to any country worldwide, provided that the local law ensures adequate data protection according to decisions by the Swiss Federal Council and, where the GDPR applies, the European Commission.

If a country’s laws do not provide adequate data protection, we ensure data protection through other means, such as standard data protection clauses or other suitable safeguards. In exceptional cases, we may export data to countries without adequate or appropriate data protection if specific legal conditions are met, such as the explicit consent of the affected individual or direct connection to the execution of a contract. Upon request, we provide details about or copies of safeguards.

8. Rights of Affected Individuals

8.1 Data Protection Claims

We grant affected individuals all rights under applicable data protection law, including:

  • Access: Affected individuals can request confirmation on whether their data is processed and, if so, details of such data. This includes data types, purposes, storage duration, possible disclosure or export to other countries, and the origin of the data.
  • Correction and Restriction: Affected individuals may request corrections to inaccurate data, completion of incomplete data, or restriction of data processing.
  • Deletion and Objection: Affected individuals may request the deletion of their data ("Right to be Forgotten") or object to data processing with future effect.
  • Data Release and Transfer: Affected individuals may request the release of their data or its transfer to another responsible entity.

We may defer, restrict, or deny the exercise of these rights as permitted by law. For instance, we may refuse access for reasons of confidentiality, overriding interests, or protecting others. Similarly, we may refuse data deletion citing legal retention obligations.

In exceptional cases, exercising these rights may incur costs, which we will notify in advance.

8.2 Legal Protection

Affected individuals can enforce their rights through legal action or file complaints with a supervisory authority.

The Swiss Federal Data Protection and Information Commissioner (FDPIC) oversees private entities and federal agencies in Switzerland. In the EEA, data protection authorities are members of the European Data Protection Board (EDPB). In some EEA member states, such as Germany, supervisory authorities are federally structured.

9. Website Use

9.1 Cookies

We may use cookies—both our own (first-party cookies) and those of third-party services we use (third-party cookies). Cookies are data stored in the browser and may be temporary ("session cookies") or persistent ("persistent cookies"). Session cookies are deleted upon browser closure, while persistent cookies have defined storage periods.

Cookies facilitate recognizing browsers during subsequent visits, enabling functionalities like website reach measurement or online marketing.

Cookies can be disabled or deleted in browser settings. However, disabling cookies may limit website functionality. We may seek explicit consent for cookie use when necessary.

9.2 Logging

We may log data for every website visit, such as date, time, time zone, IP address, access status (HTTP status code), operating system, browser type and version, sub-page accessed, and referring website (referrer). Logs may also include transmitted data volumes.

Such logs, stored in log files, are essential for ensuring website reliability and security.

9.3 Tracking Pixels

We may embed tracking pixels or web beacons, often small, invisible images or JavaScript snippets that load automatically when the website is accessed. These collect data similar to logs.

10. Notifications and Communications

10.1 Success and Reach Measurement

Notifications may contain links or tracking pixels that record whether a message was opened and which links were clicked. This data helps measure communication success and optimize future messages.

10.2 Consent and Objection

The use of email addresses generally requires consent unless otherwise legally permissible. We may use a "double opt-in" procedure to verify consent. Consent data, including IP address and timestamp, may be logged.

Recipients can object to receiving notifications, including newsletters, at any time.

10.3 Notification Services

We use specialized providers for sending notifications, such as:

  • Brevo: Email and instant messaging services; Provider: Sendinblue GmbH (Germany).
  • Mailjet: Email marketing platform; Provider: Mailgun Technologies Inc. (USA).

11. Social Media

We operate social media profiles to communicate and share information about our activities. Data may be processed outside Switzerland and the EEA, subject to platform-specific terms.

For Facebook, including Page Insights, we share responsibility with Meta Platforms Ireland Limited (Ireland) under GDPR. Insights data provide aggregated details about user interactions with our Facebook presence.

12. Services from Third Parties

We use services from specialized third parties to perform our activities securely, reliably, and efficiently. These services allow us to integrate functions and content into our website. Such integrations may require third parties to process user IP addresses temporarily for technical reasons.

For security, statistical, or technical purposes, third-party providers may process aggregated, anonymized, or pseudonymized data related to our activities.

We specifically use:

12.1 Digital Infrastructure

We rely on specialized providers for necessary digital infrastructure services, such as hosting and storage.

Examples include:

  • Amazon Web Services (AWS): Cloud storage and other infrastructure services; Providers: Amazon Web Services Inc. (USA) for Switzerland and Amazon Web Services EMEA SARL (Luxembourg) for EEA users.
  • Hostfactory: Hosting services; Provider: OptimaNet Schweiz AG (Switzerland).

12.2 Online Collaboration

We use tools to enable online collaboration, governed by additional terms, such as service-specific privacy policies.

For example:

  • Microsoft Teams: Collaboration platform with audio and video conferencing; Provider: Microsoft.

12.3 Maps

We use mapping services to embed maps into our website.

Example:

  • OpenStreetMap (OSM): Mapping service; Provider: OpenStreetMap Foundation (UK).

12.4 Digital Content

We integrate digital content such as images, videos, and audio into our website.

Example:

  • YouTube: Video platform; Provider: Google.

12.5 E-Commerce

We conduct e-commerce activities and utilize third-party services to offer goods, services, and content.

12.6 Payments

We use specialized payment processors to securely and reliably handle payments.

Example:

  • Stripe: Payment processing; Providers include Stripe Inc. (USA) and Stripe Payments Europe Limited (Ireland) for EEA users.

13. Success and Reach Measurement

We measure the effectiveness of our activities and analyze the reach of our operations. This includes evaluating the impact of third-party advertisements or testing different features of our online presence (e.g., A/B testing).

Data collection often involves shortened IP addresses (IP masking) to adhere to data minimization principles. Cookies and pseudonymous user profiles may also be used to track user interactions.

For example:

  • Google Marketing Platform: Includes Google Analytics for reach measurement and cross-device tracking using pseudonymized IP addresses. Provider: Google.

14. Final Remarks on the Privacy Policy

This Privacy Policy was created with the assistance of a privacy generator from Datenschutzpartner.

We may update this Privacy Policy at any time. Updates will be communicated appropriately, typically through publishing the current version on our website.

Cookies

Bitte aktivieren Sie Javascript, um die Liste aller deklarierten Cookies und ähnlicher Techniken zu sehen.
Last viewed