Data protection
The website of Berner Oberland Pass is subject to Swiss data protection law, in particular in accordance with the Federal Data Protection Act (DSG) and any applicable foreign data protection law such as the Basic Data Protection Ordinance (DSGVO) of the European Union (EU). The EU recognises that Swiss data protection law guarantees adequate data protection.
Our website is accessed via transport encryption (SSL/TLS).
Thank you very much for your interest in our company. Data protection has a particularly high priority for us. It is generally possible to use the Berner Oberland Pass Internet pages without providing any personal data. However, if a person concerned wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the person concerned. The processing of personal data, for example the name, address, e-mail address or telephone number of a person concerned, is always carried out in accordance with the statutory data protection requirements. By means of this data protection declaration, our company wishes to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, this data protection declaration will inform the persons concerned about their rights.
As the authority responsible for processing, Berner Oberland Pass has implemented numerous technical and organisational measures to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed. For this reason, each person concerned is free to transmit personal data to us by alternative means, such as telephone.
1. Name and address of the responsible person
The person responsible within the meaning of the law (hereinafter referred to as "operator") is the
BERNER OBERLAND PASS
c/o BLS AG
Genfergasse 11
CH-3001 Berne
berneroberlandpass@bls.ch
2. general information on data processing
When you visit our website, we initially collect and use only the data specified in Section 3. In addition, we only process the personal data of our users to the extent necessary to provide a functioning website and our content and services. The collection and use of personal data of our users regularly only takes place with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.
2.1. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, the Federal Data Protection Act (DSG) or, if and to the extent applicable, Art. 6 para. 1 lit. a EU Data Protection Basic Regulation (DSGVO) serves as the legal basis for the processing of personal data.
In the processing of personal data required for the performance of a contract to which the data subject is a party, the Federal Data Protection Act (DSG) or, if and to the extent applicable, Art. 6 para. 1 lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, the Federal Data Protection Act (DSG) or, if and to the extent applicable, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first interest, the Federal Act on Data Protection (DSG) or, if and to the extent applicable, Art. 6 para. 1 lit. f DSGVO shall serve as the legal basis for the processing.
2.2. Data erasure and storage period
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, the data may be stored if the European or national legislator has provided for this in EU regulations, laws or other provisions to which the person responsible is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.
3. Provision of the website and creation of log files
3.1. Description, purpose and scope of data processing
Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
- Information about the browser type and the version used
- The user's operating system
- The IP address of the user
- Date and time of accesss
- Websites from which the user's system accesses our Website
- Websites accessed by the user's system through our Website
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session. The log files contain IP addresses or other data that enable the user to be identified. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website to which the user switches contains personal data.
The data is also stored in the log files of our system. These data are not stored together with other personal data of the user. The data is stored in log files in order to ensure the functionality of the website. The data is also used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
3.2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is the Federal Data Protection Act (DSG) or, if and to the extent applicable, Art. 6 para. 1 lit. f DSGVO.
3.3. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. Technical server log files are automatically deleted after 365 days.
3.4. Objection and removal possibility
The collection of data for the provision of the website and the storage of the data in log files are mandatory for the operation of the website. There is therefore no possibility of objection on the part of the user.
4. Use of cookies
This website uses cookies. Cookies are text files which are stored on a computer system via an Internet browser.
Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the person concerned from other Internet browsers that contain other cookies. A particular Internet browser can be recognized and identified by its unique cookie ID.
The use of cookies makes it possible to provide users of this website with more user-friendly services, which would not be possible without the setting of cookies.
By means of a cookie, the information and offers on our website can be optimised in the interests of the user. Cookies enable us, as already mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter his access data each time he visits the website because this is taken over by the website and the cookie stored on the user's computer system. Another example is the cookie of a shopping basket in the online shop. The online shop remembers the items that a customer has placed in the virtual shopping basket via a cookie.
The person concerned can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the person concerned deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable under certain circumstances.
4.1. Description, purpose and scope of data processing
Our website uses cookies. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly. The user data collected by technically necessary cookies are not used to create user profiles.
In addition, we use cookies on our website which enable an analysis of the surfing behaviour of the users.
In this way, the following data can be transmitted:
- Entered search Terms
- Frequency of page views
- Use of website functions
The analysis cookies are used for the purpose of improving the quality of our website and its content. The analysis cookies tell us how the website is used and enable us to continually optimise our services.
4.2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is the Federal Data Protection Act (DSG) or, if and to the extent applicable, Art. 6 para. 1 lit. f DSGVO.
4.3. Duration of storage, objection and removal options
Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that all functions of the website can no longer be used to their full extent.
5. Contact forms and e-mail contact
5.1. Contact form: description, purpose and scope of data processing
Contact forms are available on our website which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask is transmitted to us and stored. These data are:
- Name
- First Name
- Address (optional)
- Zip code, city (optional)
- Telephone number (optional)
- E-mail address
- Message
At the time the message is sent, the following data will also be stored:
- IP address of the user
- Date and time of registration
The processing of the personal data from the input mask serves us exclusively for the processing of the establishment of contact. If you contact us by e-mail, this is also the necessary legitimate interest in the processing of the data by our order data processing partner. The other personal data processed during transmission serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will not be passed on to third parties in this context. The data will be used exclusively for the processing of the conversation.
5.2. Legal basis for data processing
The legal basis for the processing of the data is the Federal Data Protection Act (DSG) or, if and to the extent applicable, Art. 6 para. 1 lit. a DSGVO if the user has given his consent.
The legal basis for the processing of data transmitted in the course of an e-mail transmission is the Federal Data Protection Act (DSG) or, if and to the extent applicable, Art. 6 para. 1 lit. f DSGVO. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for the processing is the Federal Data Protection Act (DSG) or, if and to the extent applicable, Art. 6 para. 1 lit. b DSGVO.
5.3. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
5.6. Possibility of opposition and removal
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail (contact form), he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued and the revocation must be made by telephone.
All personal data stored in the course of contacting us will be deleted in this case.
6. Rights of the data subject
If personal data is processed by you, you are the "person concerned" within the meaning of the Federal Data Protection Act (DSG) or, if and to the extent applicable, the DSGVO and you have the following rights vis-à-vis us as the person responsible. You can make use of your rights by contacting us stating your request.
6.1. Right to information
Any person concerned by the processing of personal data shall have the right at any time to obtain from the controller, free of charge, information concerning the personal data relating to him which have been stored and a copy of such data.
You may ask the data controller to confirm whether personal data concerning you will be processed by us.
6.2. Right of rectification
Any person data subject to the processing of personal data has the right to obtain the rectification without delay of inaccurate personal data concerning him or her. Furthermore, the data subject shall have the right, having regard to the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary statement.
6.3. Right to limitation of processing
Any person affected by the processing of personal data has the right to demand that the data controller restrict the processing if the conditions laid down by the legislator in the Federal Act on Data Protection (DPA) or, if and to the extent applicable, in Art. 18 para. 1 DPA are met.
6.4. Right to deletion
Any person affected by the processing of personal data has the right to demand that the data controller restrict the processing if the conditions laid down by the legislator in the Federal Act on Data Protection (DPA) or, if and to the extent applicable, in Art. 18 para. 1 DPA are met.
6.5. Right to data transferability
Any data subject involved in the processing of personal data has the right to obtain personal data concerning him or her which have been provided by the data subject to a controller in a structured, common and machine-readable format. He also has the right to transfer this data to another data controller without being hindered by the data controller to whom the personal data was provided, provided that the processing is based on consent in accordance with the Federal Data Protection Act (DPA) or, if and to the extent applicable, Art. 6 para. 1 letter a DPA Regulation or Art. 9 para. 2 letter a DPA Regulation or on a contract in accordance with Art. 6 para. 1 letter b DPA Regulation and the processing is carried out using automated procedures.
6.6. Right of objection
Any person concerned by the processing of personal data has the right to object at any time to the processing of personal data concerning him or her on the basis of the Federal Act on Data Protection (DPA) or, if and to the extent applicable, Article 6(1)(e) or (f) of the DPA for reasons arising from his or her particular situation. This also applies to profiling based on these provisions.
In the event of objection, the company will no longer process the personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.
If the Company processes personal data for the purpose of direct marketing, the data subject has the right to object at any time to the processing of the personal data for the purpose of such advertising. This also applies to profiling insofar as it is connected with such direct advertising. If the data subject objects to the processing for direct marketing purposes, the personal data shall no longer be processed for those purposes.
6.7. Right to revoke the declaration of consent under data protection law
Any person concerned by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.
You have the right to revoke your data protection consent at any time. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of your consent until you revoke it.
6.8. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority, in particular in the Member State in which you reside, your place of work or the place where the alleged infringement is suspected, if you believe that the processing of your personal data violates the Federal Data Protection Act (DSG) or, if and to the extent applicable, the DSGVO.
7. Privacy policy for Google Analytics
The person responsible for the processing has integrated the Google Analytics component on this website. Google Analytics uses cookies and usually saves them outside the EU/EFTA area. Google uses this information to evaluate the use of the website and to compile reports on website activity and internet usage. In addition, Google transfers this information to third parties according to its own specifications, insofar as this is required by law or insofar as third parties process this data on behalf of Google. The IP address transmitted by the browser within the scope of Google Analytics is not combined with other Google data. Users may refuse the use of cookies by selecting the appropriate settings on their browser (see "4. Use of cookies"). Users can also prevent the transmission to Google of the data generated by the cookie and related to their use of the website (including IP address) and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
8. Privacy policy for Google Maps
On our website, the Google Maps map service is used via an API (programming interface). Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The operator of this site has no further influence on this data transfer.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy retrievability of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
You can find more information on data protection at Google under the following link: https://policies.google.com/privacy?hl=en&gl=en.
9. Data protection regulations for Google Web Fonts
This page uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google's servers. This enables Google to know that your IP address has been used to access our website. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
If your browser does not support web fonts, a standard font will be used by your computer.
Further information can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=en&gl=en.
10. Note about data transfer to the US
For the sake of completeness, we would like to point out to users residing or based in Switzerland that in the US there are monitoring measures taken by the US authorities that generally allow the storage of all personal data relating to all persons whose data has been transferred from Switzerland to the US. This happens without differentiation, limitation or exception on the basis of the aim pursued and without an objective criteria that makes it possible to limit access to the data by US authorities and its later use to very specific, strictly limited purposes that may justify the intervention associated with both access to this data and use thereof. We would also like to point out that there are no judicial remedies in place in the US for affected persons from Switzerland that would make it possible to receive access to the data relating to them and to have this corrected or deleted, as well as no effective legal protection against general access rights by US authorities. We refer the persons affected explicitly to this legal and factual situation so that they can make an appropriately informed decision on whether or not to consent to their data being used.
For users residing in EU Member States, please note that, from the point of view of the European Union, the US does not have sufficient data protection levels due, inter alia, to the issues mentioned in this section. To the extent that we have explained in this privacy policy that recipients of data (such as Google, Facebook and Twitter) are located in the US, we will either based on a contract or by securing certification of these companies under the EU-US -Privacy Shield ensure that your data is protected at an appropriate level by our Partners.