Data Privacy Statement

This Data Privacy Statement provides information on which personal data we process in connection with our activities and operations, including our https://www.aaregg.ch and https://www.aareggstube.ch website. We specifically provide information on why, how and where we process which personal data. We also provide information on the rights of persons whose data we process.

Other data privacy statements or other legal documents such as General Terms and Conditions (T&C), terms of use, or conditions of participation may also apply for individual or additional activities and operations.

We are subject to Swiss data protection laws as well as all applicable foreign data protection legislation, specifically that of the European Union (EU) with the European General Data Protection (GDPR).

With their decision from 26 July 2000, the European Commission ruled that Swiss data protection legislation provides appropriate data protection. With their report from 15 January 2024 , the European Commission confirmed this adequacy decision.

1. Contact adresses

Responsibility for handling personal data:
Camping Aaregg AG
Seestrasse 22
3855 Brienz
mail@aaregg.ch

In individual cases, another party may be responsible for handling personal data or responsibility may be shared with at least one other party.

2. Terms and legal bases

2.1 Terms

Personal data is all information that refers to a individual or identifiable natural person. A data subject is a person whose personal data we are processing.

Processing comprises any action involving personal data, irrespective of the means and processes used, for example, the retrieval, comparison, modification, archiving, storage, export, publishing, purchase, recording, collection, deletion, disclosure, filing, saving, revision, distribution, reference, destruction and use of personal data.

The European Economic Area (EEA) comprises the Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway.
The General Data Protection Regulation (GDPR) describes the processing of personal data as the processing of data specific to the individual, and the processing of particularly sensitive personal data as the processing of special categories of personal data (Art. 9 GDPR).

2.2 Legal bases

We process personal data in accordance with Swiss data protection legislation, such as, specifically, the Federal Act on Data Protection (Data Protection Act, FADP) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).

If and in so far as the General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with at least one of the following legal bases:

• Art. 6 (1) lit. b GDPR for the necessary processing of personal data for fulfilment of a contract with the data subject and for the execution of pre-contractual actions.
• Art. 6 (1) lit. f GDPR for the necessary processing of personal data in order to protect the legitimate interests of ourselves or of a third party, except where such interests are overridden by the fundamental freedoms or rights interests of the data subject. Legitimate interests are specifically the interests pursued in order to carry out and communicate our activities and operations on a long-term, user-friendly, secure and reliable basis, to ensure information security, protection from misuse, the assertion of our own legal rights and compliance with Swiss law.
• Art. 6 (1) lit. c GDPR for the necessary processing of personal data for compliance with a legal obligation to which we are subject, if necessary, in accordance with the applicable law of member states within the European Economic Area (EEA).
• Art. 6 (1) lit. e GDPR for the necessary processing of personal data for performance of a task carried out in the public interest.
• Art. 6 (1) lit. a GDPR for the processing of personal data with the consent of the data subject.
• Art. 6 (1) lit. d. GDPR for the necessary processing of personal data in order to protect the vital interests of the data subject or another natural person.

3. Type, scope and purpose

We process the personal data that is necessary to enable us to carry out our activities and operations on a long-term, user-friendly, secure and reliable basis. This personal data may specifically be in the categories of inventory and contact data, browser and device data, content data, meta or marginal data and usage data, location data, sales data or contract and payment data.

We process the personal data for the duration required for the respective purpose or purposes, or which is required by law. Personal data that is no longer required for processing is anonymised or deleted.

We may have the personal data processed by a third party. We may process the personal data with a third party or transfer it to a third party. These third parties are specialised providers whose services we have commissioned. We also guarantee data protection with these third parties.

As a matter of principle, we process personal data only with the consent of the data subjects. If, and to the extent that processing is permitted for other legal reasons, we are not required to obtain consent. For example, we may process personal data without consent in order to fulfil a contract, to meet legal requirements, or to protect prevailing interests.
We also process personal data that we receive from third parties, purchase from publicly accessible sources, or collect while carrying out our activities and operations, if and to the extent that such processing is permitted for legal reasons.

4. Communication

We process personal data in order to communicate with third parties. Within this framework, we specifically process data which a data subject provides at first contact, for example, in a letter or e-mail. We may save such data in an address book or comparable tool.

Third parties who provide data on other persons are obliged to guarantee data protection to these data subjects. To do so, accuracy of the transmitted personal data must be ensured, inter alia.

5. Applications

We process personal data about applicants if this is required for assessing their suitability for an employment relationship or for the subsequent implementation of an employment contract. The required personal data comes specifically from the information requested, for example, within the context of a job advertisement. We may publish job advertisement with the help of suitable third parties, for example, in electronic and printed media, or via job portals and job platforms.

Furthermore, we process the personal data that applicants voluntarily share or publish, specifically as part of a letter, resume or online profile.

If and to the extent that the General Data Protection Regulation (GDPR) is applicable, we process the personal data of applicants specifically in accordance with Art. 9 (2) lit. b GDPR.

6. Data privacy

We take appropriate technical and organisational steps in order to ensure risk-appropriate data security. Through these steps, we guarantee, in particular, the confidentiality, availability, traceability, and integrity of the processed personal data, however we cannot guarantee absolute data security:

access to our website and other online presence uses transport encryption (SSL / TLS, specifically using Hypertext Transfer Protocol Secure, HTTPS in short). Most browsers identify transport encryption with a small padlock in the address bar.

Our digital communication is subject – like fundamentally all digital communication – to mass surveillance without cause and suspicion by security authorities in Switzerland, in the rest of Europe, in the United States of America (USA) and in other countries. We have no direct influence on the associated processing of personal data by secret services, police agencies or other security authorities. Furthermore, we cannot exclude individual persons being subject to specific monitoring.

7. Personal data abroad

We process personal data only in Switzerland and in within the European Economic Area (EEA). However, we may also export or transmit personal data to other countries in order to specifically process this data or have it processed there.

We may export personal data to all countries and territories of the world , and to anywhere in the universe provided that the local legislation provides appropriate data protection in accordance with the resolution of the Swiss Federal Council and – if and to the extent that the General Data Protection Regulation (GDPR) is valid – in accordance with the resolution of the European Commission.

We may transmit personal data to countries whose laws do not ensure appropriate data protection provided that data protection is guaranteed through other means, specifically on the basis of standard data protection clauses or other suitable guarantees. In exceptional cases, we may export personal data to countries without appropriate or suitable data protection if the specific data protection requirements are met, for example, with the explicit consent of the data subject or there is a direct connection with the conclusion or fulfilment of a contract. We are happy to provide data subjects with information on possible guarantees or provide a copy of any guarantees.

8. Rights of data subjects

8.1 Data protection rights

We grant data subjects all rights in accordance with applicable data protection legislation. Data subjects have specifically the following rights:

• Information: Data subjects can request information on whether we process personal data about them and, if so, the nature of this personal data. Data subjects can also receive the necessary information on how to assert their rights relating to data protection and to ensure transparency. These include the processed personal data, but also information on the processing purpose, the duration of storage, any publication of the data or any export of the data to other countries and on the origin of the personal data.
• Correction and restriction: Data subjects may correct erroneous personal data, complete missing data and restrict the processing of their data.
• Deletion and objection: Data subjects can have personal data deleted (“right to be forgotten”) and opt out of having their data processed in the future.
• Data disclosure and data transfer: Data subjects can request the disclosure of personal data or the transfer of their data to another party.

We may defer, restrict, or refuse the exercising of rights of data subjects within the legally permitted framework. We may notify data subjects to any prerequisites that must be fulfilled for the exercising of their data protection rights. For example, we may fully or partly refuse information with reference to company secrets or the protection of other persons. For example, we may also fully or partly refuse to delete personal data with reference to statutory retention requirements.

In exceptional cases, we may earmark costs for exercising these rights. We shall inform data subjects in advance of any costs.

We are obliged to identify data subjects who request information or assert other rights using appropriate measures. Data subjects are obliged to cooperate.

8.2 Legal protection

Data subjects have the right to assert their data protection claims through legal action or to file a charge or complaint with a responsible data protection supervisory authority.

The data protection supervisory authority for charges made by data subjects against private data protection officers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (EDÖB).

European data protection supervisory authorities for complaints made by data subjects – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – are organised as Members of the European Data Protection Committee (EDSA). In some member states of the European Economic Area (EWR), the data protection supervisory authorities have a federal structure, specifically in Germany.

9. Use of the website

9.1 Cookies

We may use cookies. Cookies – our own cookies (First-Party Cookies) as well as cookies from third parties whose services we use (Third-Party Cookies) – are data objects stored in the browser. Saved data of this type is not restricted to traditional cookies in text format.

Cookies can be temporarily saved in the browser as “session cookies” or saved as permanent cookies for a specific period of time. “Session cookies” are automatically deleted when the browser is closed. Permanent cookies are stored for a specific period of time. Cookies primarily enable a browser to be recognised upon the next visit to our website, and thus enable us to track the reach of our website, for example. However, permanent cookies can also be used for online marketing.

Cookies can be fully or partially deactivated or deleted at any time via the browser settings. Without cookies, our website is not available in its full capacity. We actively request – at least if and to the extent required – explicit consent for the use of cookies.

In the case of cookies used for success and coverage tracking or for advertising purposes, a general opt-out is possible for numerous services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

9.2 Logs

Each time our website or other online presence is accessed, we may log at least the following information, provided that this is transferred to our digital infrastructure with each access: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual subsites accessed from our website, including quantity of data transferred, most recent website called in the same browser window (referrer).
We record this information, which may also represent personal data, in log files. This information is required so that we can provide a permanent, user-friendly and reliable online presence. The information is also required so that we can guarantee data security – including via a third party or with the help of a third party.

9.3 Tracking pixels

We may integrate tracking pixels into our online presence. Tracking pixels are also called web beacons. Tracking pixels – including those of third parties whose services we use – are usually small, invisible images or scripts formulated in JavaScript which are automatically called when our online presence is accessed. Tracking pixels can record at least the same information as log files.

10. Social media

We are present on social media platforms and other online platforms in order to communicate with interested persons and provide information on our activities and operations. In relation to such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).

The General Terms and Conditions and Conditions of Use are also applicable, as well as data protection statements and other conditions of the individual operators of such platforms. These provisions specifically provide information on the rights of data subjects towards the respective platform, whereby, for example, the right of information counts.

For our social media presence on Facebook , including the page insights, we – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – are jointly responsible together with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta Group (including in the USA). The page insights provide information on how users interact with our Facebook presence. We use page insights so that we can provide our social media presence on Facebook in an effective and user-friendly manner.

Additional information on the type, scope and purpose of data processing, information on the rights of the data subjects, as wells as Facebook contact data and the Facebook data controller can be found under Facebook Privacy Policy. We have concluded a «Controller Addendum» with Facebook and have thus agreed that Facebook is responsible for ensuring the rights of data subjects. The information relating to page insights can be found on the page «Information on page insights» including «Information on page insight data».

11. Services of third parties

We use services of specialised third parties so that we can carry out our activities and operations on a long-term, user-friendly, secure and reliable basis. Amongst other things, these services enable us to embed functions and content in our website. With embedding of this type, the services used occasionally capture the IP addresses of the users for technical reasons.

For necessary security-relevant, statistical and technical purposes, third parties whose services we use may process data in connection with our activities and operations in an aggregated, anonymised or pseudonymised form. This may be, for example, service or usage data necessary to provide the respective service.
Specifically, we use:

Google services: providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users within the European Economic Area (EEA) and in Switzerland; General information on Data Protection: «Our privacy principles», Privacy Policy, «We are committed to complying with applicable data protection laws», «Google Product Privacy Guide», «How Google uses information from sites or apps that use our services (information from Google)», «Types of cookies and similar technologies used by Google», «Your ads, your choice» («Customized ads»).

11.1 Digital infrastructure

We use third-party services in order to make use of digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.

Specifically, we use:

• Hetzner: hosting and other infrastructure; providers: Hetzner Online GmbH / Hetzner Cloud GmbH (both in Germany; data protection information: Data Protection Declaration, «Data Protection FAQ».

11.2 Social media functions and social media content

We use services and plug-ins provided by third parties so that we can embed functions and content from social media platforms and enable content to be shared on social media platforms and other channels.

Specifically, we use:

• Facebook (social plug-ins): embedding of Facebook functions and Facebook content, for example, «Like» or «Share»; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); information on data protection: Privacy Policy.
• Instagram platform: Embedding of Instagram content; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); information on data protection: Privacy Policy (Instagram), Privacy Policy (Facebook).

11.3 Map material

We use third party services to embed maps in our website.

Specifically, we use:

• Google Maps including Google Maps platform: map service; provider: Google; Google Maps-specific information: «How Google uses location information».

11.4 Digital audio and video content

We use services provided by specialised third parties to present digital audio and video content such as, for example, music or podcasts.

Specifically, we use:

• YouTube: video platform; provider: Google; YouTube-specific information: «Data Protection and Security Center», «My data on YouTube».

12. Extensions to the website

We use extensions for our website so that we can utilise additional functions. We may use selected services from suitable providers or such extensions on our own server infrastructure.

Specifically, we use:

• Google reCAPTCHA: Spam protection (differentiation between content from people and unwanted content from bots and spam); provider: Google; Google reCAPTCHA-specific information: «What is reCAPTCHA?».
• SecureHoliday booking system from CTOUTVERT SAS, 10 place Alfonse Jourdain 31000 Toulouse, France
• Table reservation tool from netfuchs gmbh, untere Bönigstrasse 10a, 3800 Interlaken (on site www.aareggstube.ch)

13. Success and coverage measurement

We try to determine how our online offerings are used. Within this framework, we can, for example, measure the success and coverage of our activities and operations as well as the impact of third-party links on our website. However, we can also, for example, try out and compare how different parts or versions of our online offering are used (“A/B test” method). We can specifically use the results of the success and coverage measurement to resolve errors, develop popular content or make improvements to our online offering.

In most cases, the success and coverage measurement involves saving the IP addresses of individual users. In this case, IP addresses are always shortened («IP Masking») in order to comply with the principle of data economy.

Success and coverage measurement may include the use of cookies and the creation of user profiles. The created user profiles comprise, for example, individual pages visited or content viewed on our website, information on the size of the screen or browser window and the – approximate – location. As a matter of course, any user profiles are exclusively pseudonymised when generated and are not used for the identification of individual users. Individual third-party services for which users are registered can assign the use of our online offer to the user account or user profile for the respective service.

Specifically, we use:

• Google Analytics: success and coverage measurement; provider: Google; Google Analytics-specific information: also tracked across different browsers and devices (Cross-Device Tracking) and with pseudonymised IP addresses, which are only transferred in full to Google in the USA in exceptional cases , «data protection», «browser add-on to deactivate Google Analytics».

14. Video surveillance

We use a video surveillance system for the prevention of crime and for conservation of evidence if a crime is committed, for the exercising, enforcement or defence of legal rights, and to exercise our domiciliary rights. This relates – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – to legitimate prevailing interests in accordance with Art. 6 ( 1) lit. f GDPR. In the case of particularly sensitive personal data, with reference to Art. 9 ( 2) lit. f GDPR.

We store recordings from our video surveillance system for as long as required for conservation of evidence. The recordings are usually deleted or overwritten after 48 hours.
We may save recordings on the basis of statutory obligations, for the execution of our own legal rights and if there is a suspected crime, or transfer them to responsible parties, specifically to judicial or law enforcement authorities.

15. Closing provisions

We have created the German version of this Data Privacy Statement using the Data Protection Generator from Datenschutzpartner. It was translated by a professional.
We may amend or supplement this Data Privacy Statement at any time. We will provide information about such amendments and supplements in a suitable form, specifically through publication of the current Data Protection Regulation on our website.

Brienz, April 2024