Data protection

Image

Privacy Policy

This Privacy Policy provides information about the processing of personal data in connection with our activities and operations, including our website under the domain name www.lauberhorn.ch. In particular, it provides information about for what purpose, how and where we process personal data and which personal data we process. It also provides information about the rights of persons whose data we process.

We may publish further privacy policies or other information about data protection for certain or additional activities and operations.

We are subject to Swiss data protection law and any applicable foreign data protection law, in particular that of the European Union (EU) with the European General Data Protection Regulation (GDPR).

In its decision of 26 July 2000, the European Commission recognised that Swiss data protection law ensures an adequate level of data protection. The European Commission confirmed this adequacy decision in its report of 15 January 2024.

1. Contact addresses

Controller:

International Lauberhorn Races Association
PO Box 385
3823 Wengen
Switzerland

info[at]lauberhorn.ch

In individual cases, the controller may be a third party or we may have joint responsibility as the controller with a third party.

2. Terms and legal basis

2.1 Terms

Data subject: a natural person about whom we process personal data.

Personal data:all information that relates to an identified or identifiable natural person.

Particularly sensitive personal data: data relating to union membership, political opinions or religious or philosophical beliefs, data concerning a natural person’s health, private life or ethnicity or race, genetic data, biometric data that uniquely identify a natural person, data on criminal and administrative sanctions or proceedings and data on social assistance measures.

Processing:any handling of personal data, regardless of the means and procedures applied, such as the consultation, alignment, adaptation, archiving, retention, retrieval, making known, obtaining, recording, collection, erasure, disclosure, structuring, organisation, storage, alteration, dissemination, combination, destruction and use of personal data.

European Economic Area (EEA):member states of the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway.

2.2 Legal bases

We process personal data in accordance with Swiss data protection law, in particular the Swiss Federal Act on Data Protection (FADP; Datenschutzgesetz, DSG) and the Ordinance on Data Protection (DPO; Datenschutzverordnung, DSV).

If and to the extent that the European General Data Protection Regulation (GDPR) applies, we process personal data in accordance with at least one of the following legal bases:

  • Article 6(1)(b) GDPR: the processing of personal data is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract.
  • Article 6(1)(f) GDPR: The processing of personal data is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such interests include, in particular, the long-term, people-friendly, safe and reliable performance of our activities and operations, ensuring information security, protection against misuse, enforcing our own legal claims and compliance with Swiss law.
  • Article 6(1)(c) GDPR: the processing of personal data is necessary for compliance with a legal obligation to which we are subject to in accordance with any applicable law of member states of the European Economic Area (EEA).
  • Article 6(1)(e) GDPR: the processing of personal data is necessary for the performance of a task carried out in the public interest.
  • Article 6(1)(a) GDPR: the processing of personal data is carried out with the consent of the data subject.
  • Article 6(1)(d) GDPR: the processing of personal data is necessary in order to protect the vital interests of the data subject or another natural person.
  • Article 9(2) f. GDPR: the processing of special categories of personal data, in particular with the consent of data subjects.

The European General Data Protection Regulation (GDPR) defines the processing of personal data as the processing of personal data and the processing of particularly sensitive personal data as the processing of special categories of personal data (Article 9 GDPR).

3. Processing of personal data: type, scope and purpose

We process the personal data that are necessary to enable us to perform our activities and operations on a long-term, people-friendly, safe and reliable basis. The personal data processed may in particular fall within the categories of browser and device data, content data, communication data, metadata, usage data, master data (including inventory data and contact details), location data, transaction data, contract data and payment data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the performance of our activities and operations, to the extent that such processing is permitted by law.

We process personal data, where necessary, with the consent of the data subjects. In many cases, we may process personal data without consent, for example to fulfil legal obligations or to safeguard overriding interests. We may also ask data subjects for their consent if their consent is not required.

We process personal data for the duration necessary for the respective purpose. We anonymise or erase personal data in particular in accordance with statutory retention and limitation periods.

4. Disclosure of personal data

We may disclose personal data to third parties, have them processed by third parties or process them together with third parties. Such third parties include, in particular, specialised providers whose services we use.

We may disclose personal data to banks and other financial services providers, public authorities, educational and research institutions, consultants and lawyers, interest representatives, IT service providers, cooperation partners, credit and economic information agencies, logistics and shipping companies, marketing and advertising agencies, media, organisations and associations, social institutions, telecommunications companies and insurance companies.

5. Communication

We process personal data to enable us to communicate with third parties. In this context, we process in particular data that a data subject transmits when contacting us, for example by post or e-mail. We may store such data in an address book or using comparable tools.

Third parties that transmit data on other persons are obliged to guarantee data protection vis-à-vis such data subjects. For this purpose, among other things, the accuracy of the transmitted personal data must be ensured.

We use selected services of suitable providers to enable us to communicate better with third parties.

6. Applications

We process personal data about applicants to the extent necessary for assessing their suitability for an employment relationship or for the subsequent performance of an employment contract. The personal data required are indicated in particular by the information requested, for example in the context of a job advertisement. We may publish job advertisements with the help of suitable third parties, such as electronic and printed media or job portals and job platforms.

We also process personal data that applicants provide voluntarily, in particular as part of a cover letter, CV and other application documents and online profiles.

If and to the extent that the General Data Protection Regulation (GDPR) applies, we process personal data about applicants in particular in accordance with Article 9(2)(b) GDPR.

7. Data security

We take appropriate technical and organisational measures to ensure data security appropriate to the respective risk. With our measures, we ensure, in particular, the confidentiality, availability, traceability and integrity of the processed personal data without being able to guarantee absolute data security.

Access to our website and our other online presence is provided by means of transport encryption (SSL/TLS, in particular with Hypertext Transfer Protocol Secure, or HTTPS). Most browsers warn users before they visit websites without transport encryption.

As with any form of digital communication as a rule, our digital communication is subject to mass monitoring without cause or suspicion by security authorities in Switzerland, Europe, the United States of America (USA) and other countries. We cannot directly influence the processing of personal data by secret services, police authorities and other security authorities, nor can we rule out that a data subject is being specifically monitored.

8. Personal data abroad

As a rule, we process personal data in Switzerland and in the European Economic Area (EEA). However, we may also export or transmit personal data to other countries, in particular to process or have it processed there.

We may export personal data to all countries on earth and elsewhere in the universe, provided that the law there ensures an adequate level of data protection, as determined by the decision of the Swiss Federal Council and – if and to the extent that the General Data Protection Regulation (GDPR) applies – as determined by the decision of the European Commission.

We may transfer personal data to countries where the law does not ensure an adequate level of data protection, provided that data protection is ensured for other reasons, in particular on the basis of standard data protection clauses or with other suitable safeguards. In exceptional cases, we may export personal data to countries without adequate or suitable levels of data protection if the specific requirements under data protection law are met, such as the express consent of the data subjects or a direct connection with the conclusion or performance of a contract. We will be happy to provide data subjects with information about any guarantees or provide a copy of any guarantees upon request.

9. Rights of data subjects

9.1 Data protection rights

We grant data subjects all their rights under applicable data protection law. In particular, data subjects have the following rights:

  • Right of access: Data subjects may request information on whether we process personal data about them and, if so, which personal data these are. Data subjects also receive the information necessary to assert their rights under data protection law and to ensure transparency. This includes the personal data processed as such, but also, among other things, information about the purpose of the processing, the duration of the retention, any disclosure or any export of data to other countries and the origin of the personal data.
  • Right to rectification and right to restriction: Data subjects may have incorrect personal data rectified, complete incomplete data and restrict the processing of their data.
  • Right to erasure and right to object: Data subjects may have personal data erased (“right to be forgotten”) and object to the processing of their data with effect for the future.
  • Right to data portability: Data subjects may request the delivery of personal data or the transfer of their data to another controller.

We may defer, restrict or refuse the exercise of the rights of data subjects to the extent permitted by law. We may notify data subjects of any conditions to be met for the exercise of their data protection rights. We may, for example, refuse to provide information with reference to confidentiality obligations, overriding interests or the protection of other persons in whole or in part. We may also, for example, refuse to erase personal data, in particular with reference to statutory retention obligations, in whole or in part.

We may charge a fee for the exercise of rights in exceptional cases. We will inform data subjects in advance of any such fees.

We are obliged to identify data subjects who request information or exercise other rights by means of appropriate measures. Data subjects are obliged to cooperate.

9.2 Legal protection

Data subjects have the right to enforce their data protection rights by law or to file a report or complaint with a data protection supervisory authority.

The Federal Data Protection and Information Commissioner (FDPIC) is the data protection supervisory authority for private controllers and federal bodies in Switzerland.

European data protection supervisory authorities are organised as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), the data protection supervisory authorities are federally structured, particularly in Germany.

10. Use of our website

10.1 Cookies

We may use cookies. Cookies – our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data stored on the user’s browser. These stored data do not need to be limited to traditional cookies in text form.

Cookies can be temporarily stored on the user’s browser as “session cookies” or stored as permanent cookies for a certain period of time. Session cookies are automatically deleted when the user’s browser is closed. Permanent cookies have a specific storage period. In particular, cookies enable us to recognise a browser the next time a user visits our website and thus measure the reach of our website, for example. Permanent cookies can also be used for online marketing purposes, for example.

Cookies can be partially or fully deactivated and deleted at any time in the browser settings. However, certain features of our website may not be fully available without cookies. We actively request – at least if and to the extent necessary – express consent to the use of cookies.

In the case of cookies used for measuring success and reach or for advertising purposes, a general objection (opt-out) is possible for numerous services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) and Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

10.2 Logging

We may log at least the following information every time our website and our other online presence are accessed, provided that such access is transmitted to our digital infrastructure: date and time (including time zone), IP address, access status (HTTP status code), operating system (including user interface and version), browser (including language and version), individual subpage of our website (including data volume transferred) and previous website retrieved in the same browser window (referrer).

We log such information, which may also constitute personal data, in log files. This information is required to enable us to provide our online presence for the long term, reliably and in a people-friendly manner. The information is also necessary to enable us to ensure data security, including via third parties or with the help of third parties.

10.3 Tracking pixels

We may include tracking pixels in our online presence. Tracking pixels are also referred to as web beacons. Tracking pixels – including those of third parties whose services we use – are usually small, near-invisible images or scripts formulated in JavaScript that are automatically retrieved when you access our online presence. With tracking pixels, at least the same information as can be recorded as in log files.

11. Notifications and communications

11.1 Measurement of success and reach

Notifications and communications may include web links or tracking pixels that record whether a single communication was opened and which web links were clicked on in this regard. Such web links and tracking pixels can also be used to record the use of notifications and communications on a personal basis. We need this statistical recording of use to measure success and reach to enable us to send notifications and communications based on the needs and reading habits of recipients effectively, safely, reliably, in a people-friendly manner and for the long term.

11.2 Consent and objection

As a rule, you must consent to the use of your e-mail address and other contact addresses, unless their use is permitted for other legal reasons. We may use the “double opt-in” method to obtain double confirmation of consent if necessary. In this case, you will receive a notification with instructions regarding double confirmation. We may log obtained consent, including IP addresses and time stamps, for the purposes of evidence and security.

As a rule, you can opt out of receiving notifications and communications such as newsletters at any time. By raising an objection of this kind, you can simultaneously object to the statistical recording of use for the purposes of measuring success and reach. We reserve the right to send notifications and communications that are necessary in connection with our activities and operations.

11.3 Notification and communication service providers

We send notifications and communications with the help of specialised service providers.

In particular, we use:

12. Social media

We have a presence on social media platforms and other online platforms to communicate with interested individuals and provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The general terms and conditions (GTC), terms of use, privacy policies and other provisions of the individual operators of such platforms also apply. In particular, these provisions provide information about the rights of data subjects directly vis-à-vis the respective platform, including right of access, for example.

We are jointly responsible for our social media presence on Facebook, including “page insights”, with Meta Platforms Ireland Limited (Ireland), if and to the extent that the General Data Protection Regulation (GDPR) applies. Meta Platforms Ireland Limited is part of the Meta Companies (including those in the USA). The page insights provide insights into how visitors interact with our Facebook presence. We use page insights to make our social media presence on Facebook available in an effective and people-friendly manner.

Further information on the type, scope and purpose of data processing, information on the rights of data subjects and the contact details of Facebook and Facebook’s data protection officer can be found in Facebook’s Privacy Policy. We have concluded the “Controller Addendum” with Facebook and, in particular, agreed that Facebook is responsible for ensuring the rights of data subjects. Information about the page insights can be found on the “Information about Page Insights” web page, including “Information about Page Insights Data”.

13. Third-party services

We use specialised third-party services to enable us to perform our activities on a permanent, people-friendly, safe and reliable basis. Such services allow us to integrate features and content into our website, among other things. For embedding of this kind, the services used will temporarily record users’ IP addresses for technical reasons.

For necessary security, statistical and technical purposes, third parties whose services we use may process data in connection with our activities and operations in an aggregated, anonymised or pseudonymised form. For example, these are performance or usage data in order to be able to offer the respective service.

In particular, we use:

13.1 Digital infrastructure

We use specialised third-party services to enable us to use the digital infrastructure we need in connection with our activities and operations. These include hosting and storage services of selected providers, for example.

In particular, we use:

13.2 Social media functions and social media content

We use third-party services and plug-ins to embed features and content from social media platforms and to enable sharing content on social media platforms and in other ways.

In particular, we use:

13.3 Map material

We use third-party services to enable us to embed maps in our website.

In particular, we use:

13.4 Digital content

We use specialised third-party services to enable us to integrate digital content into our website. Digital content in particular refers to image and video material, music and podcasts.

In particular, we use:

13.5 E-commerce

We operate an e-commerce service and use third-party services to enable us to provide services and offer content and products.

13.6 Payments

We use specialised service providers to enable us to process our customers’ payments securely and reliably. The legal texts of the individual service providers, such as general terms and conditions (GTC) and privacy policies, also apply to the processing of payments.

In particular, we use:

13.7 Advertising

We take the opportunity to display targeted ads with third parties, such as social media platforms and search engines, for our activities and operations.

These aim of these kinds of ads is to reach out to people who are already interested in or who may be interested in our activities and operations (remarketing and targeting). For this purpose, we may also transmit corresponding information – which may also include personal data – to third parties that facilitate such advertising. We can also determine whether our advertising is successful, i.e. whether ads generate visits to our website (conversion tracking).

Third parties with whom we advertise and with whom you are registered as a user may be able to assign the use of our website to your profile there.

We also utilise the option of embedding third-party ads in our website or displaying such ads elsewhere on our website, as a rule in exchange for a fee. Third parties whose ads are embedded in our website and with whom you are registered as a user may be able to assign the use of our website to your profile there.

In particular, we use:

14. Website extensions

We use extensions to our website to enable us to use additional features. We can use selected services from suitable providers or use these extensions on our own digital infrastructure.

In particular, we use:

  • Google reCAPTCHA: spam protection (differentiation between desired content from people and unwanted bots and spam content); provider: Google; Google reCAPTCHA-specific information: “What is reCAPTCHA?”.

15. Measurement of success and reach

We try to measure the success and reach of our activities and operations. In this context, we may also measure or check the effect of third-party notices on how different parts or versions of our online presence are used (A/B testing). Based on the results obtained from measuring success and reach, we can in particular fix errors, strengthen popular content and make improvements.

In most cases, the IP addresses of individual users are recorded for the purpose of measuring success and reach. In this case, IP addresses are truncated as a rule (IP masking) in order to follow the principle of data minimisation by means of the corresponding pseudonymisation.

Cookies may be used and user profiles may be created to measure success and reach. Any user profiles created may include, for example, the individual pages visited or content viewed on our website, information on the size of the screen or browser window and the (at least approximate) location. As a rule, any user profiles are created exclusively in pseudonymised form and are not used to identify individual users. Individual third-party services for which users are registered may be able to assign the use of our online presence to the user account or user profile for the respective service.

In particular, we use:

16. Final notes on the Privacy Policy

We have created this Privacy Policy using the Privacy Policy Generator provided by Datenschutzpartner.

We may update this Privacy Policy at any time. We provide information about updates in an appropriate form, in particular by publishing the Privacy Policy, as amended, on our website.