Privacy Policy
We are very pleased with your interest in our company. Data protection is of a particularly high priority for the management of MountainRiviera AG. The use of the Internet pages of MountainRiviera AG is possible without providing any personal data. However, if a data subject wishes to use special services provided by our company through our website, the processing of personal data could become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain consent from the data subject.
The processing of personal data, such as the name, address, email address, or telephone number of a data subject, is always in line with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to MountainRiviera AG. Through this privacy policy, our company aims to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed of their rights through this privacy policy.
MountainRiviera AG, as the data controller, has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions can, in principle, have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transfer personal data to us by alternative means, such as by telephone.
1. Definitions
The privacy policy of MountainRiviera AG is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the general public, as well as for our customers and business partners. To ensure this, we would like to first explain the terminology used.
We use the following terms, among others, in this privacy policy:
a) Personal data
Personal data refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
b) Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.
c) Processing
Processing refers to any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data that consists of using personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller or data controller
The controller or data controller is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor
A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
i) Recipient
A recipient is a natural or legal person, public authority, agency, or another body, to which personal data is disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third party
A third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
k) Consent
Consent is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and Address of the Data Controller
The data controller, within the meaning of the General Data Protection Regulation (GDPR), other applicable data protection laws in the Member States of the European Union, and other provisions related to data protection, is:
MountainRiviera AG
Steinmattstrasse 43
P.O. Box 153
3920 Zermatt
Switzerland
Phone: +41 27 968 19 17
Email: info@zermattpremium.ch
Website: www.zermattpremium.ch
3. Collection of General Data and Information
The website of MountainRiviera AG collects a series of general data and information when a data subject or an automated system calls up the website. This general data and information are stored in the server log files. The following information may be collected: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using this general data and information, MountainRiviera AG does not draw any conclusions about the data subject. This information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisements, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber attack. Therefore, MountainRiviera AG analyzes anonymously collected data and information statistically with the aim of increasing the data protection and data security of our company and to ensure an optimal level of protection for the personal data we process. The anonymous data in the server log files are stored separately from all personal data provided by a data subject.
4. Contact Possibility via the Website
The website of MountainRiviera AG contains information that enables a quick electronic contact to our company, as well as direct communication with us, including a general address of the so-called electronic mail (email address). If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data voluntarily transmitted by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
5. Routine Deletion and Blocking of Personal Data
The data controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or as permitted by the European directives and regulations or another legislator in laws or regulations to which the data controller is subject.
If the storage purpose ceases to apply or a storage period prescribed by European directives, regulations, or another competent legislator expires, the personal data is routinely blocked or deleted in accordance with the legal provisions.
6. Rights of the Data Subject
a) Right to Confirmation
Every data subject has the right granted by the European directives and regulations to obtain confirmation from the data controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right of confirmation, they may contact an employee of the data controller at any time.
b) Right of Access
Every data subject affected by the processing of personal data has the right granted by the European directives and regulations to obtain free information about their stored personal data and a copy of this information at any time from the data controller. Furthermore, the European legislator has granted the data subject access to the following information:
Furthermore, the data subject has the right to know whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to be informed of the appropriate safeguards related to the transfer.
If a data subject wishes to exercise this right of access, they may contact an employee of the data controller at any time.
c) Right to Rectification
Every data subject affected by the processing of personal data has the right granted by the European directives and regulations to demand the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing, including by means of a supplementary declaration.
If a data subject wishes to exercise this right to rectification, they may contact an employee of the data controller at any time.
d) Right to Erasure (Right to be Forgotten)
Every data subject affected by the processing of personal data has the right granted by the European directives and regulations to demand from the controller the immediate deletion of personal data concerning them, provided that one of the following reasons applies and the processing is not required:
If one of the above reasons applies, and a data subject wishes to request the deletion of personal data stored by MountainRiviera AG, they may contact an employee of the data controller at any time. The employee of MountainRiviera AG will arrange for the request for deletion to be promptly fulfilled.
If the personal data has been made public by MountainRiviera AG and our company is obliged as the controller to delete the personal data pursuant to Article 17(1) of the GDPR, MountainRiviera AG will, taking into account available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers processing the published personal data that the data subject has requested the deletion of all links to this personal data or copies or replications of this personal data, unless the processing is necessary. The employee of MountainRiviera AG will arrange for the necessary measures to be taken on a case-by-case basis.
7. Data Protection Provisions on the Use and Application of Google Analytics (with Anonymization Function)
The controller has integrated the component Google Analytics (with anonymization function) on this website. Google Analytics is a web analytics service. Web analytics involves the collection, gathering, and evaluation of data regarding the behavior of visitors to websites. A web analytics service captures data about, among other things, which website a data subject has come from (so-called referrers), which subpages of the website have been accessed, and how often and for what duration a subpage has been viewed. Web analytics is primarily used to optimize a website and to perform cost-benefit analyses of online advertising.
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the "_gat._anonymizeIp" add-on for web analysis via Google Analytics. With this add-on, the IP address of the internet connection of the data subject is shortened and anonymized by Google when accessing our websites from a member state of the European Union or from another contracting state of the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze visitor flows on our website. Google uses the collected data and information, among other things, to evaluate the use of our website, to compile online reports that highlight the activities on our websites, and to provide additional services related to the use of our website.
Google Analytics sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. Each time one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component is integrated, is accessed, the internet browser on the data subject's information technology system is automatically prompted by the respective Google Analytics component to transmit data for online analysis to Google. Within the framework of this technical process, Google becomes aware of personal data, such as the IP address of the data subject, which helps Google, among other things, to trace the origin of visitors and clicks, and subsequently to facilitate commission settlements.
Through the cookie, personal information, such as access time, the location from which access originated, and the frequency of visits to our website by the data subject, is stored. With each visit to our websites, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share these personal data collected through the technical process with third parties.
The data subject can prevent the setting of cookies by our website at any time, as outlined above, by adjusting the settings of the internet browser used, thus permanently opposing the setting of cookies. Such a setting of the internet browser would also prevent Google from setting a cookie on the data subject's information technology system. Additionally, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.
Furthermore, the data subject has the option to object to the collection of data generated by Google Analytics, which is related to the use of this website, as well as to prevent the processing of this data by Google. To do this, the data subject must download and install a browser add-on available at the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information regarding the visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. If the information technology system of the data subject is deleted, formatted, or reinstalled at a later time, the data subject must reinstall the browser add-on to deactivate Google Analytics. If the browser add-on is uninstalled or disabled by the data subject or any other person within their area of control, the option to reinstall or reactivate the browser add-on exists.
Further information and the applicable data protection provisions of Google can be accessed at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link: https://www.google.com/intl/de_de/analytics/.
8. Legal Basis for Processing
Article 6(1)(a) of the GDPR serves as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the fulfillment of a contract to which the data subject is a party, as is the case for processing operations necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6(1)(b) of the GDPR. The same applies to processing operations that are necessary for the execution of pre-contractual measures, such as in cases of inquiries regarding our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Article 6(1)(c) of the GDPR. In rare cases, the processing of personal data may be necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured in our company and, as a result, their name, age, health insurance information, or other vital information had to be disclosed to a doctor, a hospital, or other third parties. In such a case, the processing would be based on Article 6(1)(d) of the GDPR. Ultimately, processing operations may be based on Article 6(1)(f) of the GDPR. This legal basis applies to processing operations that are not covered by any of the aforementioned legal bases if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not outweigh those interests. Such processing operations are particularly permitted because they are expressly mentioned by the European legislator. It was maintained that a legitimate interest may be assumed if the data subject is a customer of the controller (Recital 47, Sentence 2 of the GDPR).
9. Legitimate interests in processing pursued by the controller or a third party
If the processing of personal data is based on Article 6(1)(f) of the GDPR, our legitimate interest is the conduct of our business for the benefit of the well-being of all our employees and our shareholders.
10. Duration for which personal data will be stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiration of that period, the relevant data will be routinely deleted, provided that it is no longer necessary for the fulfillment or initiation of a contract.
11. Legal or contractual requirements to provide personal data; necessity for contract conclusion; obligation of the data subject to provide the personal data; potential consequences of non-provision
We inform you that the provision of personal data is partly required by law (e.g., tax regulations) or can result from contractual provisions (e.g., details about the contracting party). In some cases, it may be necessary for the conclusion of a contract that a data subject provides us with personal data, which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data when our company enters into a contract with them. Failure to provide the personal data would result in the contract not being concluded with the data subject. Before providing personal data, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract, whether it is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data, and the consequences of failing to provide it.
12. Existence of automated decision-making
As a responsible company, we do not engage in automatic decision-making or profiling.
This privacy policy was created using the privacy policy generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as the External Data Protection Officer in Kempten, in cooperation with Christian Solmecke, lawyer specializing in IT and data protection law.