With this Privacy Policy, we inform about the personal data we process in connection with our activities and operations, including our
For individual or additional activities and operations, additional privacy policies as well as other legal documents such as General Terms and Conditions (GTC), Terms of Use, or Participation Conditions may apply.
We are subject to Swiss data protection law as well as, where applicable, foreign data protection law, especially that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission acknowledges that Swiss data protection law ensures adequate data protection.
Responsibility for the processing of personal data:
Conda SA
Plaz 2
7524 Zuoz
Switzerland
In individual cases, there may be other responsible parties for the processing of personal data or joint responsibility with at least one other controller.
We have the following data protection officer or advisor as a contact person for data subjects and authorities regarding data protection inquiries:
Rita Klarer
Conda SA
Plaz 2
7524 Zuoz
Switzerland
We have the following data protection representation according to Art. 27 GDPR:
VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
The data protection representation serves as an additional point of contact for inquiries related to the GDPR for data subjects and authorities in the European Union (EU) and the rest of the European Economic Area (EEA).
Personal data refers to any information relating to an identified or identifiable natural person. A data subject is a person about whom we process personal data.
Processing includes any operation or set of operations performed on personal data, regardless of the means or methods used, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction of personal data.
The European Economic Area (EEA) comprises the Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as processing of personal data.
We process personal data in accordance with Swiss data protection law, including in particular the Federal Act on Data Protection (Datenschutzgesetz, DSG) and the Ordinance to the Federal Act on Data Protection (Datenschutzverordnung, DSV).
Where and to the extent the General Data Protection Regulation (GDPR) applies, we process personal data according to at least one of the following legal bases:
We process those personal data that are necessary to permanently, user-friendly, safely, and reliably conduct our activities and operations. Such personal data may include, in particular, categories of inventory and contact data, browser and device data, content data, meta or marginal data, and usage data, location data, sales data, as well as contract and payment data.
We process personal data for the duration necessary for the respective purpose(s) or as required by law. Personal data no longer needed for processing will be anonymized or deleted.
We may have personal data processed by third parties. We may process personal data jointly with third parties or disclose them to third parties. Such third parties are particularly specialized providers whose services we use. We also ensure data protection with such third parties.
We generally process personal data only with the consent of the data subjects. To the extent that processing is permissible for other legal reasons, we may waive obtaining consent. For example, we may process personal data without consent to fulfill a contract, to comply with legal obligations, or to safeguard overriding interests.
We also process personal data that we receive from third parties, obtain from publicly available sources, or collect in the course of our activities and operations, to the extent that such processing is permissible for legal reasons.
We process personal data to be able to communicate with third parties. In this context, we process in particular data that a data subject transmits when contacting us, for example, by postal mail or email. We may store such data in an address book or similar tools.
Third parties transmitting data about other individuals are obligated to ensure data protection for such affected individuals. This includes, among other things, ensuring the accuracy of the transmitted personal data.
We implement appropriate technical and organizational measures to ensure data security appropriate to the respective risk. With our measures, we ensure in particular the confidentiality, availability, traceability, and integrity of the processed personal data, but we cannot guarantee absolute data security.
Access to our website and other online presence is via transport encryption (SSL / TLS, especially with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a small padlock icon in the address bar.
Our digital communication is subject – like all digital communication – to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the corresponding processing of personal data by intelligence services, police authorities, and other security authorities. Nor can we rule out that individual affected individuals are monitored.
We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other states, particularly to process them there or have them processed.
We may export personal data to all countries and territories on Earth and elsewhere in the Universe, provided that the local law ensures adequate data protection according to a decision of the Swiss Federal Council and – where and to the extent the General Data Protection Regulation (GDPR) applies – according to a decision of the European Commission.
We may transfer personal data to states whose law does not ensure adequate data protection if data protection is ensured for other reasons, especially based on standard data protection clauses or other suitable safeguards. Exceptionally, we may export personal data to states without adequate or suitable data protection if the special data protection requirements are met, for example, the explicit consent of the data subjects or a direct connection with the conclusion or performance of a contract. Upon request, we will gladly provide affected individuals with information about any guarantees or provide a copy of any guarantees.
We grant data subjects all rights under applicable data protection law. Data subjects particularly have the following rights:
We may postpone, restrict, or refuse the exercise of data subjects’ rights within the legally permissible framework. We may inform data subjects about any requirements they need to fulfill to exercise their data protection rights. For example, we may refuse information with reference to business secrets or the protection of other persons, in whole or in part. For example, we may also refuse the deletion of personal data with reference to legal retention obligations, in whole or in part.
We may exceptionally impose costs for exercising rights. We will inform data subjects in advance of any costs.
We are obligated to identify data subjects who request information or exercise other rights with appropriate measures. Data subjects are obliged to cooperate.
Data subjects have the right to enforce their data protection claims through legal channels or to file a complaint with a competent data protection supervisory authority.
The data protection supervisory authority for complaints by data subjects against private controllers and federal agencies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
European data protection supervisory authorities for complaints by data subjects – where and to the extent the General Data Protection Regulation (GDPR) applies – are organized as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), data protection supervisory authorities are federally structured, especially in Germany.
We may use cookies. With cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – data is stored in the browser. Such stored data does not necessarily have to be limited to traditional text cookies.
Cookies can be stored in the browser temporarily as “session cookies” or for a specific period as so-called permanent cookies. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a specific storage period. Cookies allow, in particular, to recognize a browser on the next visit to our website and thus, for example, to measure the reach of our website. Permanent cookies can also be used, for example, for online marketing purposes.
Cookies can be deactivated or deleted entirely or partially in the browser settings at any time. Without cookies, our website may not be fully available. We request – at least if and to the extent necessary – active consent to the use of cookies.
For cookies used for success and reach measurement or for advertising, a general objection (“opt-out”) is possible for numerous services via the AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
We may log at least the following information for each access to our website and our other online presence, provided that this information is transmitted to our digital infrastructure during such accesses: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed including the amount of data transferred, last visited website in the same browser window (referer).
We log such information, which may also constitute personal data, in log files. The information is necessary to be able to provide our online presence permanently, user-friendly, and reliably. The information is also necessary to ensure data security – also by third parties or with the help of third parties.
We may integrate tracking pixels into our online presence. Tracking pixels are also called web beacons. With tracking pixels – also from third parties whose services we use – it usually involves small, invisible images or scripts formulated in JavaScript, which are automatically retrieved when accessing our online presence. Tracking pixels can capture at least the same information as in log files.
We send notifications and messages by email and through other communication channels such as instant messaging or SMS.
Notifications and messages may contain web links or tracking pixels that record whether an individual message has been opened and which web links were clicked. Such web links and tracking pixels can also capture the use of notifications and messages on a personal basis. We need this statistical recording of usage for success and reach measurement in order to be able to send notifications and messages effectively and user-friendly, as well as permanently, securely, and reliably based on the needs and reading habits of the recipients.
As a rule, you must consent to the use of your email address and other contact addresses, unless the use is permitted for other legal reasons. For the possible obtaining of a double-confirmed consent, we can use the “double opt-in” procedure. In this case, you will receive a notification with instructions for double confirmation. In this case, we may log obtained consents, including IP address and timestamp, for evidence and security reasons.
As a rule, you can object to the receipt of notifications and messages such as newsletters at any time. With such an objection, you can also object to the statistical recording of usage for success and reach measurement. Necessary notifications and messages in connection with our activities and operations remain reserved.
We are present on social media platforms and other online platforms in order to communicate with interested individuals and to inform about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).
The general terms and conditions (GTC) and terms of use as well as privacy policies and other provisions of the individual operators of such platforms also apply. These provisions provide information in particular about the rights of affected individuals directly against the respective platform, including the right to information, for example.
For our Facebook social media presence, including so-called page insights, we are – if and to the extent the General Data Protection Regulation (GDPR) applies – jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta companies (including in the USA). The page insights provide information on how visitors interact with our Facebook presence. We use page insights to effectively and user-friendly provide our social media presence on Facebook.
Further information on the type, scope, and purpose of data processing, information on the rights of affected individuals, as well as contact details of Facebook as well as the data protection officer of Facebook can be found in the Facebook Privacy Policy. We have concluded the so-called “Addendum for Controllers” with Facebook, thereby agreeing in particular that Facebook is responsible for ensuring the rights of affected individuals. For the so-called page insights, the corresponding information can be found on the page “Information on Page Insights” including “Information about Page Insights Data”.
We use services from specialized third parties in order to be able to exercise our activities and operations permanently, user-friendly, securely, and reliably. With such services, we can embed functions and content into our website. In the case of such embedding, the services used capture the IP addresses of the users at least temporarily for technical reasons.
For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data in connection with our activities and operations in an aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data in order to be able to offer the respective service.
We use in particular:
We use services from specialized third parties in order to be able to use the necessary digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.
We use in particular:
We use services and plugins from third parties in order to embed features and content from social media platforms and to enable the sharing of content on social media platforms and in other ways.
We use in particular:
We use services from third parties in order to be able to embed maps into our website.
We use in particular:
We use services from third parties in order to be able to embed selected fonts as well as icons, logos, and symbols into our website.
We use in particular:
We operate e-commerce and use services from third parties in order to be able to offer services, content, or goods successfully.
We use specialized service providers to process payments from our customers securely and reliably. For the processing of payments, the legal texts of the individual service providers such as General Terms and Conditions (GTC) or Privacy Policies also apply.
We use in particular:
We utilize the opportunity to display targeted advertisements with third parties, such as social media platforms and search engines, for our activities and operations.
With such advertising, we aim to reach individuals who are already interested in or may be interested in our activities and operations (remarketing and targeting). For this purpose, we may transmit corresponding – possibly also personal – information to third parties that enable such advertising. Additionally, we may ascertain whether our advertising is successful, particularly whether it leads to visits to our website (conversion tracking).
Third parties with whom we advertise and with whom you, as a user, are logged in may potentially associate the use of our website with your profile there.
We use in particular:
We use extensions for our website to access additional features. We may use selected services from suitable providers or use such extensions on our own server infrastructure.
We use in particular:
We try to determine how our online offering is used. In this context, we can, for example, measure the success and reach of our activities and operations as well as the impact of third-party links on our website. However, we may also experiment with and compare how different parts or versions of our online offering are used (“A/B test” method). Based on the results of success and reach measurement, we can particularly fix errors, strengthen popular content, or make improvements to our online offering.
For success and reach measurement, the IP addresses of individual users are usually stored. In this case, IP addresses are basically shortened (“IP masking”) to follow the principle of data minimization through the corresponding pseudonymization.
Cookies may be used for success and reach measurement, and user profiles may be created. Any user profiles created may include, for example, the individual pages visited or content viewed on our website, information about screen size or browser window, and the – at least approximate – location. Basically, any user profiles created are exclusively pseudonymized and not used to identify individual users. Individual services from third parties, where users are logged in, may potentially associate the use of our online offering with the user account or profile with the respective service.
We use in particular:
We have created this privacy policy with the Privacy Policy Generator from Datenschutzpartner. The present privacy policy is an unofficial translation from the original German version.
We reserve the right to adjust and supplement this privacy policy at any time. We will inform about such adjustments and supplements in an appropriate manner, particularly by publishing the respective current privacy policy on our website.