This data protection statement provides information on how the "GstaadLife" (hereinafter referred to as the "Provider") handles personal data (hereinafter also referred to as "User data"). The provider attaches great importance to the protection of the personal rights of the users of the products, complies with the applicable data protection regulations and takes the necessary measures to protect the user data.
Websites of other providers that can be accessed via the provider's websites are not subject to the data protection regulations set out here. The provider assumes no responsibility or liability for the observance of data protection by third-party websites.
2 Data processing and purposes of use
"Personal data" means all data and information relating to a specific or identifiable person. This includes, for example, contact details such as name, telephone number, address or e-mail address, as well as other details that the user provides, for example, when registering, as part of an order or when participating in competitions or surveys and the like.
Processing" means any handling of personal data, including but not limited to the collection, storage, management, use, transmission, disclosure or deletion of user data.
In the following, the provider informs about the cases in which user data is collected, which data is processed, for which purposes it is used and to whom it may be disclosed. In addition, the provider explains what rights the user has vis-à-vis the provider with regard to user data and how these can be asserted.
2.2 Non-anonymous users
Within the scope of the registration process, the ordering of a subscription or another product and the participation in a competition or sweepstake, the provider collects personal data such as first and last name, address, e-mail address, payment details and possibly other data such as telephone numbers or date of birth as well as all data voluntarily entered by the registered user in his user profile. This data may also be enriched with data acquired from third parties.
The provider uses this data to process the contractual relationship entered into, to enable and check user access to the products or use of the products in accordance with the contract, and to notify and/or publish the winners of competitions and prize draws. As a basis for access to online products, data on individual user behaviour is also collected and evaluated to improve the provider's products. User data is also used for customer care, marketing purposes and for user-tailored advertising and the design of the same (e.g. pop-ups).
The online transmission of personal data between the user's browser and the provider's server is encrypted using the HTTPS protocol. To enable the functionality of this encryption technology, the user is obliged to use the current browser versions.
2.3 Users of the website
The aforementioned technologies are collected in particular to analyse the surfing behaviour of users and to measure reach. Reach measurement can be used to determine how many target persons an advertiser can reach. The information collected with such technologies can also be used for marketing purposes, to improve the products and the websites, to evaluate user behaviour, to deliver target group-specific advertising formats and to design these in line with requirements (e.g. by means of pop-ups).
3. Disclosure of personal data to third parties
The provider does not pass on personal data to third parties unless this is required by law or ordered by a court decision. Exceptions to this are the disclosure to third parties:
a) for the legal protection of users
b) to comply with legal requirements
c) for the defence and protection of the provider's rights
e) to remedy technical difficulties of the products
f) to cooperate with service partners who require the transmission of data for order or contract processing. In these cases, the transmission of data is limited to the minimum necessary for their order fulfilment
g) to cooperate with the provider's service partners, who support the provider, in particular in the marketing area, for the analysis of certain technical data and for data processing and/or storage functions.
The provider works with a limited number of trustworthy external service partners who have been carefully selected and meet high data protection and security standards. Data is only disclosed to the service partners to the extent that this is necessary for the provision of the services offered.
4. Transmission abroad
In principle, the user data collected is stored in Switzerland. In individual cases, however, and particularly in the case of cooperation with third-party service providers, data may be processed abroad or passed on to third parties.
5 Plug-ins and other integration of third-party offers
The digital offerings are networked with third-party functions and systems in a variety of ways, for example by integrating plug-ins of third-party social networks, such as Facebook, LinkedIn or Twitter in particular. If the user has a user account with these third parties, it may also be possible for these third parties to measure and evaluate the use of the digital offerings. In the process, further personal data such as IP address, personal browser settings and other parameters may be transmitted to these third parties and stored there. The provider has no control over the use of such personal data collected by third parties and assumes no responsibility or liability.
6 Legal basis for data processing
The provider always processes user personal data in accordance with the applicable data protection regulations.
When processing personal data for the purpose of processing a contractual relationship, the contractual relationship serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
In the case of data processing that is necessary to comply with a legal obligation, the relevant legal obligation serves as the legal basis.
For further processing, the provider relies on its overriding interest, for example, to adapt and continuously improve the offers to the needs of the customers and to carry out marketing activities in order to be able to offer the user suitable products or services, as well as to display advertisements that are relevant to the user. This is an important basis for the financing and further development of the offers. To achieve these interests, the processing of personal data, as described here, is necessary. However, the provider has taken measures to mitigate the impact of the data processing on users. In particular, where it processes personal data relating to children, it takes specific precautions (such as excluding them from advertising campaigns) to protect their interests.
The provider has also compared its interest with the interest of its users and has concluded that it does not unduly affect the interests or fundamental rights of its users with its data processing activities and that its interests in these data processing activities are accordingly outweighed. If the user is of a different opinion, he has the right to object to this data processing at any time within the legally permissible framework (see sections 8 and 9 below).
In cases where consent is obtained for data processing, this is considered the legal basis.
7 Duration of storage
The provider uses and retains user data only for as long as is necessary in accordance with the processing purpose in question or for as long as there is another legal basis for doing so. Data held on the basis of a contractual relationship with the user will be retained by the provider at least as long as the contractual relationship exists and limitation periods for possible claims by the provider are running or legal or contractual retention obligations exist.
8. User rights
8.1 Right to information and correction
The user has the right to obtain information from the provider at any time and free of charge as to whether and which of his personal data is being processed. In addition, the user may request that incorrect user data in the systems be corrected or completed.
8.2 Right to deletion and restriction
The user has the right to request the deletion or restriction of the processing of personal data.
It should be noted that even after the request for deletion of personal data, the provider may have to retain it due to legal or contractual obligations to retain data (e.g. for billing purposes) and in this case can only restrict or block the data as necessary.
8.3 Right of objection
The user has the right to object to the processing of the data, which can be asserted with the provider (see section 9 for details).
8.4 Right to data portability
If applicable, the User may assert his/her right to data portability.
8.5 Revocation of consent
The user can revoke his or her consent to data processing at any time, in principle with effect for the future. In the event of a revocation, personalised use of free and/or chargeable products may no longer be made available.
8.6 Right of complaint
Where applicable, the user has the right to lodge a complaint with the competent supervisory authority regarding data processing. This can be done at the supervisory authority at the place of residence, workplace or the place of the suspected data protection breach.
The user has the right to object to the processing of personal data in accordance with legal requirements at any time.
If the user wishes to stop retargeting if he/she visits the websites as a non-registered or non-logged-in - i.e. anonymous - user, the provider, unfortunately, cannot make this setting, as he/she cannot establish a link between an anonymous user of the websites and a person registered with the user. However, the user can prevent such retargeting himself by selecting "do not accept cookies" in his browser settings and thus preventing the storage of cookies necessary for retargeting.
If you have any questions or suggestions about data protection, for information about user rights in accordance with sections 8 and 9 or for the assertion of such rights, you can contact the provider at the following address:
c/o Müller Media AG.
Data Protection Department
1. Partial invalidity
Should individual provisions of the GTC and data protection declarations be or become invalid, this shall not affect the validity of the remaining provisions. An invalid provision shall be replaced by a new provision which comes as close as possible to the invalid provision in its economic and legal effect.
The provider reserves the right to unilaterally amend these GTC and data protection declarations at any time. If such adjustments are made, the provider will publish them in an appropriate manner. It is the user's responsibility to inform himself about the currently valid version of the GTC and data protection declarations as well as the tariffs on the provider's website.
3 Applicable law and place of jurisdiction
Swiss substantive law is applicable to all legal relationships between the provider and the user. The exclusive place of jurisdiction for all disputes, including any disputes in connection with data protection legislation, is Saanen as the registered office of the Provider; this is subject to any differing places of jurisdiction arising from mandatory law.
Entry into force: These GTC and data protection declarations came into force on 17 September 2018.