Privacy Policy
With this Privacy Policy, we provide information about the processing of personal data in connection with our activities and operations, including our website under the domain name
For specific or additional activities and operations, we may publish other privacy policies or additional data protection information.
We are subject to Swiss data protection law as well as any applicable foreign data protection laws, in particular those of the European Union (EU) with the General Data Protection Regulation (GDPR).
On July 26, 2000, the European Commission recognized that Swiss data protection law provides an adequate level of data protection. This adequacy decision was reaffirmed by the European Commission on January 15, 2024.
1. Contact Information
Responsible for the processing of personal data:
Pascal Croizier
Pascal Croizier
Klosterstrasse 1
6415 Arth
In individual cases, third parties may be responsible for processing personal data, or joint responsibility with third parties may exist.
Data Protection Officer
We have the following data protection officer as the point of contact for affected individuals and authorities regarding inquiries related to data protection:
Pascal Croizier
Pascal Croizier
Klosterstrasse 1
6415 Arth
2. Definitions and Legal Bases
2.1 Definitions
Affected Person: Any natural person whose personal data we process.
Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any handling of personal data, regardless of the means or procedures applied, such as querying, matching, adapting, archiving, storing, reading, disclosing, obtaining, recording, collecting, deleting, revealing, organizing, structuring, storing, altering, disseminating, linking, destroying, and using personal data.
European Economic Area (EEA): Member states of the European Union (EU), as well as Liechtenstein, Iceland, and Norway.
2.2 Legal Bases
We process personal data in accordance with Swiss data protection law, particularly the Swiss Federal Act on Data Protection (FADP) and the Data Protection Ordinance (DPO).
If and to the extent the European General Data Protection Regulation (GDPR) applies, we process personal data in accordance with at least one of the following legal bases:
- Art. 6(1)(b) GDPR for necessary processing of personal data to fulfill a contract with the affected person and to carry out pre-contractual measures.
- Art. 6(1)(f) GDPR for necessary processing of personal data to safeguard legitimate interests, provided these are not overridden by the fundamental rights and freedoms of the affected person.
- Art. 6(1)(c) GDPR for necessary processing of personal data to comply with a legal obligation under applicable laws.
- Art. 6(1)(e) GDPR for processing of personal data to perform a task carried out in the public interest.
- Art. 6(1)(a) GDPR for processing personal data based on consent from the affected person.
- Art. 6(1)(d) GDPR for necessary processing of personal data to protect vital interests of the affected person or another natural person.
The GDPR refers to the processing of personal data as the "processing of personal data" and particularly sensitive personal data as "special categories of personal data" (Art. 9 GDPR).
3. Type, Scope, and Purpose of Data Processing
We process the personal data necessary to carry out our activities and operations in a sustainable, user-friendly, secure, and reliable manner. This includes browser and device data, content data, communication data, metadata, usage data, master data, location data, transactional data, contractual data, and payment data.
We also process personal data received from third parties, obtained from publicly accessible sources, or collected during the performance of our activities and operations, provided such processing is legally permissible.
We process personal data as required, with the consent of the affected individuals. In many cases, we may process personal data without consent, for example, to fulfill legal obligations or to protect overriding interests. We may also request consent even when it is not required.
We process personal data for as long as necessary for the respective purpose. We anonymize or delete personal data, particularly in accordance with legal retention and limitation periods.
4. Disclosure of Personal Data
We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties include specialized service providers whose services we use.
We may disclose personal data to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and credit information agencies, logistics and shipping companies, marketing and advertising agencies, media organizations, associations, social institutions, telecommunications companies, and insurers.
5. Communication
We process personal data to communicate with third parties. In this context, we process data that an affected person provides during communication, such as by mail or email. We may store such data in an address book or similar tools.
Third parties who transmit data about other persons are obligated to ensure data protection for such affected persons. This includes ensuring the accuracy of the transmitted personal data.
6. Data Security
We take appropriate technical and organizational measures to ensure data security appropriate to the respective risk. With our measures, we ensure in particular the confidentiality, availability, traceability, and integrity of the processed personal data, but cannot guarantee absolute data security.
Access to our website and other online presence is encrypted using transport encryption (SSL/TLS, particularly with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn about visiting websites without transport encryption.
Our digital communication is subject to mass surveillance by security authorities in Switzerland, Europe, the United States (USA), and other countries, as is generally the case for any digital communication. We cannot directly influence the corresponding processing of personal data by intelligence services, police departments, and other security authorities. We also cannot rule out targeted surveillance of an affected person.
7. Personal Data Abroad
We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, particularly for processing there.
We can export personal data to any countries on Earth and elsewhere in the universe, provided that their laws ensure adequate data protection according to the decision of the Swiss Federal Council and, where applicable, the decision of the European Commission under the General Data Protection Regulation (GDPR).
We may transfer personal data to countries without adequate data protection, provided data protection is ensured by other means, such as through standard contractual clauses or other appropriate safeguards. In exceptional cases, we may transfer personal data to countries without adequate or suitable data protection if specific data protection requirements are met, such as the express consent of the individuals concerned or a direct connection with the conclusion or execution of a contract. Upon request, we will gladly provide information about any safeguards or copies of such safeguards to the concerned individuals.
8. Rights of Affected Persons
8.1 Data Protection Claims
We grant all rights to individuals as specified by applicable data protection law. Affected individuals are particularly entitled to the following rights:
- Access: Affected individuals can request information on whether we process their personal data, and if so, what personal data we process. Additionally, they can request information required to enforce their rights and ensure transparency, such as processing purposes, retention periods, data disclosures, or transfers to other countries, and the origin of the personal data.
- Correction and Restriction: Affected individuals can correct inaccurate personal data, complete incomplete data, and restrict the processing of their data.
- Deletion and Objection: Affected individuals can request the deletion of their personal data ("right to be forgotten") and object to the future processing of their data.
- Data Portability: Affected individuals can request the release of their personal data or its transfer to another controller.
We may defer, restrict, or refuse the exercise of data protection rights within the bounds of the law. Affected individuals may be advised of any conditions required to exercise their rights. For example, we may refuse access with reference to confidentiality obligations, overriding interests, or the protection of other individuals. Likewise, the deletion of personal data may be refused, especially if subject to statutory retention requirements.
In exceptional cases, costs may be incurred when exercising data protection rights. We will inform affected individuals of any potential costs in advance.
We are obligated to verify the identity of individuals requesting access or asserting other rights using appropriate measures. Affected individuals are required to cooperate in this process.
8.2 Legal Remedies
Affected individuals have the right to enforce their data protection rights in court or file a complaint with a data protection supervisory authority.
The supervisory authority for private entities and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
European data protection supervisory authorities are organized as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), data protection supervisory authorities are federally structured, such as in Germany.
9. Use of the Website
9.1 Cookies
We may use cookies. Cookies—whether first-party cookies or third-party cookies from services we use—are data stored in the browser. Such stored data is not limited to traditional text-based cookies.
Cookies may be stored temporarily as "session cookies" or for a specific duration as "permanent cookies." "Session cookies" are automatically deleted when the browser is closed, while permanent cookies have a defined storage duration. Cookies allow a browser to be recognized upon subsequent visits to our website, facilitating activities such as measuring website reach or marketing activities.
Cookies can be disabled or deleted in the browser settings. Without cookies, our website may not be fully accessible. Where necessary, we will explicitly request consent for the use of cookies.
For cookies used for performance measurement or advertising, general objections ("opt-out") can be made via platforms like AdChoices, the Network Advertising Initiative (NAI), YourAdChoices, or the European Interactive Digital Advertising Alliance (EDAA).
9.2 Logging
We may log the following information for each access to our website and other online presence, provided this information is transmitted to our digital infrastructure during such access: date and time, including time zone, IP address, access status (HTTP status code), operating system including interface and version, browser including language and version, accessed sub-page of our website including transferred data volume, and the last webpage visited in the same browser window (referer).
We log such information, which may also constitute personal data, in log files. This information is necessary to provide our online presence in a permanent, user-friendly, secure, and reliable manner. Additionally, this information is required to ensure data security, including through or with the assistance of third parties.
9.3 Tracking Pixels
We may integrate tracking pixels into our online presence. Tracking pixels are also known as web beacons. Tracking pixels—also from third parties whose services we use—are typically small, invisible images or JavaScript scripts that are automatically retrieved when accessing our online presence. Tracking pixels can record at least the same information as log files.
10. Notifications and Communications
10.1 Success and Reach Measurement
Notifications and communications may include web links or tracking pixels that track whether a specific message was opened and which web links were clicked. Such web links and tracking pixels may also capture usage data on a personal level. We require this statistical data collection for success and reach measurement to ensure that notifications and communications are effective, user-friendly, and sent in a permanent, secure, and reliable manner, tailored to the needs and reading habits of recipients.
10.2 Consent and Objection
You must generally consent to the use of your email address and other contact information, unless the use is permitted for other legal reasons. For obtaining double-confirmed consent, we may use the "Double Opt-in" procedure. In this case, you will receive a message with instructions for double confirmation. We may log the obtained consent, including IP address and timestamp, for evidence and security purposes.
You may generally object to receiving notifications and communications such as newsletters at any time. By doing so, you may also object to the statistical data collection for success and reach measurement. Required notifications and communications related to our activities and operations remain unaffected by such objections.
11. Social Media
We are present on social media platforms and other online platforms to communicate with interested individuals and provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).
The terms and conditions (T&Cs), usage policies, and privacy statements or other terms of each platform operator also apply. These terms particularly inform about the rights of individuals directly against the respective platform, such as the right to access.
For our social media presence on Facebook, including the so-called Page Insights, we are—if and insofar as the General Data Protection Regulation (GDPR) applies—jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta companies (including in the USA). Page Insights provide information on how visitors interact with our Facebook presence. We use Page Insights to make our Facebook social media presence effective and user-friendly.
Further information about the type, scope, and purpose of data processing, as well as information on the rights of affected individuals and contact details of Facebook and Facebook's data protection officer, can be found in the Facebook Privacy Policy. We have concluded the so-called "Controller Addendum" with Facebook, agreeing, among other things, that Facebook is responsible for safeguarding the rights of affected individuals. The relevant information on Page Insights can be found on the "Page Insights Information" page, including "Information About Page Insights Data".
11. Social Media
We are active on social media platforms and other online platforms to communicate with interested individuals and provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).
The respective terms and conditions (T&Cs), usage policies, privacy statements, and other provisions of the individual platform operators apply. These provisions particularly inform users about their rights directly with the respective platform, such as the right to access.
For our social media presence on Facebook, including the so-called Page Insights, we are—if and insofar as the General Data Protection Regulation (GDPR) applies—jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta Companies (including in the USA). Page Insights provide information on how visitors interact with our Facebook presence. We use Page Insights to make our social media presence on Facebook effective and user-friendly.
Further details about the type, scope, and purpose of data processing, information about the rights of affected individuals, and the contact details of Facebook and Facebook’s data protection officer can be found in the Facebook Privacy Policy. We have concluded the so-called "Controller Addendum" with Facebook, agreeing that Facebook is responsible for safeguarding the rights of affected individuals. Relevant information about Page Insights can be found on the "Page Insights Information" page, including "Information About Page Insights Data".
12. Services from Third Parties
We use services from specialized third parties to conduct our activities and operations in a permanent, user-friendly, secure, and reliable manner. With such services, we may embed functions and content into our website. The services used may, for technical reasons, temporarily record IP addresses of users.
For necessary security, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized manner. This includes, for example, performance or usage data needed to provide the respective service.
We use, in particular:
- Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General data protection information: "Privacy and Security Principles", "How Google Uses Data", Privacy Policy, "Google's Commitment to Compliance", "Privacy Guide for Google Products", "How Google Uses Data from Sites or Apps", "Types of Cookies and Similar Technologies Used by Google", "Ads You Control".
12.1 Digital Infrastructure
We use services from specialized third parties to access the necessary digital infrastructure for our activities and operations. This includes, for example, hosting and storage services from selected providers.
12.2 Appointment Scheduling
We use services from specialized third parties to enable online appointment scheduling, for example, for meetings. In addition to this privacy policy, the visible terms and conditions of the services used, such as usage terms or privacy policies, apply.
We use, in particular:
- CalendarApp: Online booking calendar; Provider: Tool Loft UG (Germany); Privacy information: Privacy Policy.
12.3 Mapping Services
We use services from third parties to embed maps into our website.
We use, in particular:
- OpenStreetMap (OSM): Mapping service; Provider: OpenStreetMap Foundation (United Kingdom); Privacy information: Privacy Policy.
12.4 Payment Processing
We use specialized service providers to process payments securely and reliably for our customers. The terms of service and privacy policies of each provider apply in addition to this privacy policy.
We use, in particular:
- Apple Pay: Payment processing; Providers: Apple Inc. (USA) / Apple Distribution International Limited (Ireland) for users in the EEA, the United Kingdom, and Switzerland; Privacy information: Apple Privacy Policy.
- PostFinance: Payment processing; Provider: PostFinance AG (Switzerland); Privacy information: Legal Notes and Accessibility.
- Stripe: Payment processing; Providers: Stripe Inc. (USA) / Stripe Payments Europe Limited (Ireland) for users in the EEA and Switzerland; Privacy information: Stripe Privacy Policy.
- TWINT: Payment processing in Switzerland; Provider: TWINT AG (Switzerland); Privacy information: Privacy Policy.
12.5 Advertising
We use targeted advertising with third parties, such as social media platforms and search engines, to promote our activities and operations.
We aim to reach individuals who are already interested in or could be interested in our activities and operations (remarketing and targeting). For this purpose, we may provide relevant—possibly personal—data to third parties that enable such advertising. We may also track whether our advertisements are successful, such as whether they lead to visits to our website (conversion tracking).
Third parties with whom we advertise and where you are registered as a user may associate your use of our website with your profile on their platform.
We use, in particular:
- Google Ads: Search engine advertising; Provider: Google; Google Ads-specific information: Advertising Privacy Policy.
- Meta Ads: Social media advertising on Facebook and Instagram; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta Companies; Privacy information: Meta Privacy Policy.
13. Extensions for the Website
We use extensions for our website to enable additional functionalities. We may utilize services from selected providers or implement such extensions on our own digital infrastructure.
We specifically use:
- TinyPNG: Image optimization; Provider: Tinify BV (Netherlands); Privacy information: "Terms of Use".
14. Final Notes on the Privacy Policy
We created this privacy policy using the Privacy Policy Generator from Datenschutzpartner.