Platform guidelines / Version May 2024
Preamble
We are delighted that you have decided to use the innovative Swiss tourism platform discover.swiss ("Platform"). The Platform is developed, managed and operated by the cooperative discover.swiss, Schaffhauserstrasse 14, CH-8042 Zurich ("discover.swiss", "We"). These Platform Guidelines form an essential cornerstone for the technical use of and participation in the Platform and at the same time regulate all important aspects regarding the roles, rights and obligations of Platform users (hereinafter individually "Service Users", "Service Suppliers", "Service Providers" or collectively "Users").
01 / Definitions
We / discover.swiss
Cooperative discover.swiss
Plattform
The tourism platform operated by discover.swiss, which can be used by users to develop their applications and websites or to provide information feeds so that guests/end customers can obtain and purchase a wide range of tourist information and/or cross-location tourism offers.
Services
The overall services offered by discover.swiss that are available to platform users via the platform or other systems of discover.swiss, such as API products, portals, websites, tools, interfaces, legal services, marketing, security, data management, in particular for the purchase and processing of tourism offers for guests and end customers as well as the storage and management of data and information.
Users
All players who use the platform as service users, service suppliers, service providers, portal users (guest or other user portals) or agencies for the development of solutions for service users.
Service user
Companies or institutions that utilise the services of discover.swiss on a one-off or recurring basis on the basis of a contractual relationship and use the platform to provide services to their customers.
Service supplier
Companies or institutions that may provide services for platform users on the basis of a contractual relationship with discover.swiss or the users of the platform (e.g. information feed on tourism offers).
Service provider
Companies and institutions whose tourism offers can be offered to and purchased by guests via the platform.
End customer (guest or portal user, other user, portals of service users)
End customer who can obtain tourism offers from the platform and the service providers by using a service user's application. The portal user can act as a registered or non-registered user and purchase and obtain tourism offers (e.g. tours or events etc.).
Agency / solution partner
Service providers who develop or provide applications for service users that incorporate the discover.swiss platform services.
Tourist offers
Tourist offers and services from service providers that are offered to the end customer via the platform and can be purchased by the end customer for a fee or free of charge.
API products
API Web Service Services that can be subscribed to by service users, such as the Info-Centre, my.discover.swiss account (user login and profile) and Tourism Services (Marketplace). API stands for "Application Programming Interface".
Info-Center
A service provided by the platform to provide information on charchable and free-of-charge tourism information and offerings.
Tourismus Services (Marketplace)
A platform service for providing functions for the secure purchase and payment processing of tourist offers from various service providers that are offered via service user applications. The model enables mixed shopping baskets, i.e. guests can purchase different tourist offers from various service providers simultaneously in one shopping basket.
my.dicover.swiss account
A service of the platform to provide functions for the management of personal user and guest profiles, including all purchases made by end customers via the platform, which follows the "myData" concept. The my.discover.swiss account is an API product from discover.swiss.
Guest portal / my.discover.swiss portal
The portal for end customers in their guest role for managing their personal data in accordance with the "myData" concept and the legal guidelines of the "FADP" and the "EU-GDPR". End customers can log in here and view and edit their stored data at my.discover.swiss and submit support requests.
Developer Portal
Technical access portal for service users to the API products and API keys, which is provided via Microsoft API Management (APIM).
Application of service users
Mobile applications or websites that are developed by service users, possibly with the help of service providers (agencies), and that use and obtain the platform's services such as API products.
User account
Account of a service user in order to be able to obtain services from the platform.
FADP
Swiss Federal Act of 25 September 202 (as at 1 September 2023) on Data Protection ("FADP")
GDPR
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("EU GDPR").
02 / The tourism platform
1 General information
With the platform, we offer an innovative and scalable service for tourism stakeholders that allows users to utilise the platform's services according to specific, predefined criteria and purposes. The aim of the platform is to provide end customers with a simple, versatile and location-independent access to Swiss tourist offers, with discover.swiss acting as the Swiss hub for various tourism stakeholders. Users can provide, offer, request and process information, services and offers in compliance with the platform guidelines. End customers can obtain these services and offers via applications from platform users. The discover.swiss cooperative does not offer any tourist services itself.
In order to ensure fair and safe use of the services provided via the platform in accordance with the legal framework, these platform guidelines apply to the technical use of the platform and services.
2 Users of the platform
Use of the platform is open to legal entities and partnerships acting as service users or suppliers or service providers, as well as natural persons (end customers) with unlimited legal capacity. Minors (persons under the age of 18) or persons who are considered legally incapable or have limited legal capacity are excluded from participating in and completing purchase processes.
3 Utilisation options
3.1 Based on a contractual basis, the service user has the option of using the Developer portal (see section 01 / ) to subscribe to API products according to a predefined subscription model from discover.swiss and to integrate them into their applications for corresponding usage purposes in order to make services from service providers available to end customers. In principle, the Service User has the option of integrating additional "non-discovery.swiss" services and functionalities into its applications on its own terms (see also 04 / ). If a service is utilised by guests via the integrated discover.swiss API products in the Service User's application, its processing is determined by 07 / .
3.2 Based on a contractual basis, the service provider has the option of providing the platform with "information feeds" or "connectors" that are integrated into the platform and are available to all users via standardised interfaces.
3.3 Using standardised interfaces and service standards on the platform, the service provider may offer its own tourist services to guests on a contractual basis. Service providers' offers can be accessed by guests via service user applications.
3.4 The end customer can use the application of a service user to obtain information about tourist offers and/or to purchase or to book them. The end customer can do this both as a registered or non-registered user.
4 Contents, data and services
4.1 Service users can use their respective developer account to obtain unlocked API products (such as the Info-Centre, Tourism Services and my.discover.Swiss account) via the underlying subscription model in the developer portal and use them to create their application (or websites).
4.2 discover.swiss has the right to technically process information and data (e.g. in the presentation, translation or data management) in such a way that provision and display on different end devices or software applications of discover.swiss or third parties can be ensured.
4.3 Service users recognise and respect the fact that the content uploaded and made available via the platform may be legally protected by other parties. Any use of such content requires the consent of the respective rights holder or the indication of the source (see also Section 24).
5 Range of services
The GTC discover.swiss and the specific GTC for the individual services apply to the purchase of services provided by discover.swiss.
6 Web presence / Website
The website (https://discover.swiss) of discover.swiss is the public web presence on the Internet. Users of the platform and interested parties can access general information about the cooperative, its platform and vision on the website. In addition, the website contains the current description of the platform's services as well as the currently applicable GTC, tariff information for users, the applicable privacy policy and other information. The website can be accessed from any browser using encrypted communication (https).
7 Developer portal
7.1 The Developer Portal is the primary technical access point for the developers of service users' applications . It provides developers with access to the API products and API keys for authentication on the platform. At the same time, it is the primary source of information for technical API documentation and, in particular, provides information on how the APIs must be used correctly and securely (cf. 08 / ).
7.2 For the technical use of the platform, an initial registration on the developer portal and subsequent activation by discover.swiss is required (cf. 14.2).
8 my.discover.swiss Portal/ Guest Portal
8.1 The platform enables users of the my.discover.swiss account to view and edit their stored personal data at any time via a guest portal. They may also address all data protection requests in accordance with the FADP and GDPR, such as requests for information, deletion and correction via the my.discover.swiss portal.
8.2 In addition, the guest portal may send send support enquiries to discover.swiss via the guest portal and use other customer self-service functions, such as the knowledge base.
9 Further functions
The functional scope of the platform is constantly being expanded by discover.swiss. Extensions can be added to the platform at any time or existing functions can be deleted or replaced by other functions.
03 / Role of discover.swiss
10 Role as operator of the discover.swiss platform
10.1 discover.swiss is the developer and operator of the technical platform, which provides a highly available and scalable platform based on the Microsoft Cloud.
10.2 discover.swiss is also the operator of the service platform. The term service platform refers to a range of interfaces (APIs), specifications, documentation, technologies and data (such as events) that users can use to access services from discover.swiss and make them available to guests.
10.3 As a service platform, discover.swiss acts as an intermediary between guests, service users and -suppliers and offers from service providers. Enquiries from guests are sent directly to the platform via the service users' applications (API products) and answered with tourist information and offers, which are compiled from the individual service components of various players.
10.4 As the operator of the service platform, discover.swiss attaches great importance to compliance with and transparency of data protection regulations when collecting and storing personal data from platform users. In addition, compliance with minimum standards in the areas of security, quality of service and data ethics is a prerequisite. We therefore set out certain requirements and rules that participants must comply with (see section 05 / 06 / ). We reserve the right to check compliance with these guidelines and rules or to have them checked by third parties but are not obliged to do so.
04 / role of service user, service supplier and service providers
11 Role of service user and suppliers
11.1 The service user is the owner of and responsible for the application that integrates and uses the platform's services. The service user's application acts as the first point of contact (touchpoint) in an end customer's journey through the tourist offers and services (customer journey). If an end customer wishes to create a user account (register), this is only possible via the service user's applications or via the my.discover.swiss portal.
11.2 The applications of the service users in turn utilise services provided by the platform to carry out user registration and user authentication securely and easily. The end customer can also purchase tourist offers and services via a service user's application without registering as a user.
11.3 The service provider makes "information feeds" or "connectors" available to the platform. These are integrated into the platform based on a standardised data structure and made available to service users via API services.
12 Role of service providers
12.1 The service provider markets and provides tourist offers and services via the platform. The prerequisite for the integration and provision of these services on the platform is a legally valid agreement between the service provider and discover.swiss. The service provider is the contractual partner of the guest in relation to the various tourist offers and services. Corresponding payments are transferred to the service provider via the platform's integrated payment system.
12.2 discover.swiss itself does not offer any tourist services via the platform and therefore does not become a contracting party at any time in the event of a purchase or booking by the guest.
13 Compliance with rules and quality standards
All platform users are required to follow the rules and quality requirements of these platform guidelines and, in particular, to comply with the provisions of section 05 / and 06 / and to take appropriate and reasonable measures to this end.
05 / Rules for the use of the platform
14 Prerequisite for use
14.1 Use of the platform is subject to a legally valid agreement between the user and discover.swiss, with consent to the General Terms and Conditions and any other terms and conditions for specific services, the Privacy Policy, these Platform Guidelines and the order processing contract provided.
14.2 The technical use of the platform requires the initial registration of platform users in the developer portal by e-mail to creat an API management account (cf.08/).
14.3 The technical use of the platform requires an initial activation and assignment of the API products to a developer account by discover.swiss. This is not necessary for the use of the Infocenter Open Data Services.
14.4 Access is granted by means of a subscription key (API key), which can be obtained in the Developer Portal after the API products have been released. All API requests to the platform are authenticated using the API key and unauthorised access is denied.
14.5 Authenticated access to the platform and the API interfaces always takes place via the Internet using encrypted communication (https/TLS/SSL).
15 Test and production environments
15.1 The platform provides a test and productive environment for the secure development and provision of applications for service users. The test environment can be used by users as a development and test environment.
15.2 Special test accounts are provided by discover.swiss for the test environment. The productive environment may not be used for test purposes. Discover.swiss reserves the right to charge a fee for the test environment after the end of a trial period.
16 Blocking access
16.1 discover.swiss is authorised to block the user's access at any time and without prior notice if the user violates or insufficiently complies with the provisions of these platform guidelines.
16.2 Any attempt to circumvent the block is prohibited.
17 Support and assistance
17.1 discover.swiss provides users with support in accordance with the subscription and subscription model.
17.2 In the event of problems, users are encouraged to search the documentation and guidelines provided for possible solutions and to verify the availability and functionality of the API products via the API Status Board (cf. 08 / ).
17.3 Support requests from the end customer must be sent to discover.swiss via the my.Discover.Swiss portal.
17.4 In the event of planned maintenance work, discover.swiss will inform users electronically or by other means with a reasonable lead time.
18 Duties of care
18.1 The user shall take appropriate measures to ensure that the access data (API keys) are kept secret and protected against misuse by unauthorised persons.
18.2 The access data (API key) may not be disclosed to unauthorised third parties or passed on to them.
18.3 The user shall bear all consequences/liability arising from the disclosure and use - including misuse - of his/her access data.
18.4 The user shall ensure that all obligations under these platform guidelines are also complied with by its subcontractors (third parties) and that all notifications, instructions and changes are forwarded to the respective third parties without delay.
18.5 If there is reason to believe that an unauthorised third party other than the user has gained knowledge of the user's access data, the API key concerned must be changed immediately and discover.swiss must be informed of the incident without delay.
18.6 The user shall ensure that all access data such as API keys are immediately deleted or blocked in the event of a change or departure of third parties working for the respective user.
18.7 In the event of cancellation or termination of the collaboration with discover.swiss, the user shall ensure that the process for deregistration is followed by deactivating the API key.
19 Further rules
19.1 discover.swiss is entitled to implement various access restriction rules to protect the platform and developer accounts from unauthorised use, such as limiting the call rate by API key, limiting the call rate by API product, throttling.
19.2 discover.swiss is authorised to implement various extended rules for access restriction, such as authentication policies, caching policies, cross-domain policies and transformation policies, in order to protect the platform and developer accounts from unauthorised use.
06 / Quality and standards
20 The common quality standard *Excellence*
20.1 Switzerland stands for quality and reliability. With the Swiss platform, we want to offer services of the highest quality in all areas and commit ourselves and our users to the "Excellence" quality standard. The value proposition of discover.swiss and its users is to use the service platform to make a positive contribution to the tourism offering in Switzerland and thereby provide end customers with a first-class 360° customer experience when travelling through Switzerland.
20.2 This value proposition is based on our own high standards of quality and our willingness to consistently exceed expectations with great commitment. However, we can only achieve this comprehensively by assuming our quality standards for all users and urging them to conscientiously adhere to them.
20.3 The following general quality standards will assist us in collectively maintaining the value proposition at a high level and avoiding problems sustainably. All platform users are encouraged to heed and adhere to these quality standards.
21 Safety standards and certifications
21.1 We offer a security-tested platform according to OWASP Top 10. To ensure a consistent level of security, the platform undergoes regular security assessments based on OWASP Top 10, either on a risk-based approach or in case of significant changes or expansions.
21.2 The certified security level of the platform is indirectly and partially transferred to the users and their applications through conscientious use and compliance with platform policies.
21.3 A re-evaluation of security based on OWASP Top 10 for the platform's used services (e.g., purchasing tourist offers and services and processing payments in the API product Tourism Service/Marketplace) by the applications of the service users may be completely waived in certain cases. However, discover.swiss cannot provide a binding statement on this matter, as each case needs to be analysed and discussed individually with the respective service user.
21.4 Users are encouraged to adhere to the recommendations of OWASP Top 10 and OWASP API Security Top 10 when using the services and developing their applications and websites.
21.5 Users are encouraged to adhere to the principles of "Security by Design," "Security by Default," "Privacy by Design," and "Privacy by Default" when using the services and developing their applications and websites.
22 Quality of Service
22.1 discover.swiss is authorised to use a wide variety of configuration and monitoring tools to maintain the quality of service .
22.2 discover.swiss is authorised to carry out modern data management (automated and manual) in order to recognise identical data objects from different sources, among other things.
22.3 discover.swiss endeavours to find a solution at the "Standard" service level in the event of platform malfunctions within the scope of the available resources and expertise (best-effort approach). If services beyond the usual standard are required, these can be agreed on a case-by-case basis.
22.4 discover.swiss requires all users to ensure the quality of service of their systems that are directly or indirectly connected to the platform in a manner appropriate to the industry.
22.5 discover.swiss specifically requires users acting as service providers to adequately demonstrate the quality assurance of their own APIs (partner feeds)
23 Fair use and best practice
23.1 The basis for appropriate and secure use of the platform are high technical, informational, infrastructural, and procedural standards. When using the platform, we expect users to adhere to common standards of behaviour and best practice.
23.2 A "Fair Use" approach must be maintained at all times with the use of the platform, the provision of access credentials, and test accounts. Misuse is not permitted.
24 Copyright and references
24.1 Copyright must be respected
24.2 Content provided by the platform (e.g. photos) may be subject to an obligation to acknowledge the source (copyrighted material). Users must accept and comply with all corresponding labelling requirements when using such content.
25 Guides and documentation
25.1 Any instructions listed in our technical API documentation must be followed.
25.2 Any instructions listed in our technical security guide must be followed.
25.3 Any instructions regarding secure authentication procedures (Token Manage ment) must be followed.
25.4 Any instructions regarding the handling test and productive accounts must be followed.
25.5 Any instructions regarding API security for users must be followed.
25.6 The currently applicable references to guides and documentation are listed in section 08 / .
07 / Remuneration and fees
26 Compensation obligation
26.1 The applicable rates published on the website (https://discover.swiss/services) govern the obligation to pay by service users.
26.2 Service users operating with an external payment service provider also commit to providing security to discover.swiss. This ensures that discover.swiss is always able to make financial payments to the payment service provider and, if necessary, a service provider, which may become due prior to the collection of the sales proceeds for the service provider.
26.3 The obligation to pay compensation by service providers and suppliers to discover.swiss is generally divided into compensation for one-off integration services and for recurrent services and is specified on a case-by-case basis.
26.4 Service providers commit to providing security to discover.swiss, ensuring that discover.swiss can make financial payments to a third party eligible for commission due to the service billing at any time.
26.5 Registration and use of the service user's applications are always free for the end customer. The end customer is only required to pay for the services acquired or booked from tourism offers and services.
27 Integrated payment processing
In order to pay the respective service providers securely, efficiently and simply for the tourist offers and services purchased or booked by end customers, the platform enables payment processing by means of a payment service provider integrated into the platform. Funds owed by the end customer to the service provider never come into the possession of the platform or are never controlled by it.
08 / Overview of the most important references
Websites and Portal links:
Website and service description |
|
Developer portal |
|
Guest portal |
|
API Status Page |
Guides and documentation:
API documentation |
||
Technical security guide |
||
|
https://docs.discover.swiss/dev/quickstarts/how-to-get-access/ |
|
API security recommendations |
https://docs.discover.swiss/dev/quickstarts/how-to-get-access/#best-practices
|
|
Dealing with test and productive accounts |
Legal references:
|
||
General Terms and Conditions of Use |
||
Privacy policy |
||
Subscription model with applicable |
||
Order data processing |
09 / Final provision
discover.swiss reserves the right to amend or change these Platform Guidelines at a later date. Changes will only be announced on the URL under which these platform guidelines are stored at the relevant time. It is the responsibility of the platform user to check this page regularly for changes. The changes will become part of the contract unless the platform user objects within 14 days of notification of the change. Your continued use of the product after expiry of the aforementioned period constitutes your acceptance of the changes to the platform guidelines.
In case of discrepancies or interpretation issues between the German and the English version of this GTC, the German version shall prevail.
Zürich, May 2024