Privacy Policy

Privacy Policy

You are reading the privacy policy of the discover.swiss cooperative. We operate the innovative Swiss tourism platform "discover.swiss" (hereinafter "platform"). During its development, we paid the greatest possible attention to data protection and orientated ourselves on the "myData" concept. You can find out more about our platform on our website at https://discover.swiss.

	We only process general personal data such as your name and contact details. We do not process any biometric data, health data or location data. Example: as a contact person of a company that uses our platform or if you use the my.discover.swiss account as a guest.
	We process your financial data. Example: you deposit a means of payment in your my.discover.swiss account or purchase a tourist service in the app of one of our users.
	We process personal data that you provide to us. Examples: You enter your name and email address when making a contact enquiry, subscribing to our newsletter or creating a my.discover.swiss account.
	We process personal data that we collect about you. Example: We request the type and language setting of your browser when you visit our website.
	We process personal data about you that we receive from third parties. Example: You book a tourist service in the app of a platform user. We receive from the platform user the data relating to your booking that is necessary to process the transaction and which we use exclusively for this purpose.
	We use your personal data for marketing and advertising. The data will not be used for any other purposes. Example: You will receive our newsletter if you have subscribed to it or invitations to webinars and events.
	We also process your data outside Switzerland and the EU. Example: In principle, your personal data is processed within Europe and Switzerland. In the event of problems, we may have to call in IT experts from outside the EU to gain access to the data storage. We also use common IT services where data flows outside Switzerland and the EU cannot be avoided.

A. General Information

With this data protection declaration, we inform you which personal data we process in connection with our activities and operations, including our discover.swiss website. We provide detailed information on where, how and for what purpose we obtain and process which personal data. We also provide information about the rights of persons whose data we process. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain your consent.

1 Contact us

1.1 Responsible for the processing of personal data:

Cooperative discover.swiss
Schaffhauserstrasse 14
8006 Zürich
Switzerland

You can contact us at any time with all questions and suggestions regarding data protection and the exercise of your rights directly via e-mail at the above address or the following e-mail: legal@discover.swiss.

1.2 The address of our data protection representative within the meaning of the GDPR in the EU is: Sachverständigenbüro Mülot GmbH Grüner Weg 80, 48268 Greven, Germany

2 Legal basis

2.1 The website www.discover.swiss is subject to Swiss data protection law, in particular the Federal Act on Data Protection (FADP) as well as any applicable foreign data protection law, such as the General Data Protection Regulation (GDPR) of the European Union (EU). The EU recognises that Swiss data protection law guarantees adequate data protection. We may amend and adapt our privacy policy at any time. We will provide information about such amendments and additions in an appropriate form, in particular by publishing the current privacy policy on our website.

2.2 In case of discrepancies or interpretation issues between the German and the English version of this Privacy Policy, the German version shall prevail.

3 Scope of application

The privacy policy applies to all data processing including the websites of discover.swiss.

4 Personal data and how it reaches us

Personal data is all information that relates to you and can identify you directly or indirectly (e.g. via the internet; name, email address, telephone number, image, other profile details as appropriate). You explicitly provide us with this data yourself or we obtain this data through what you do (e.g. when you surf our website or use our services such as the guest portal or the marketplace to make a purchase).

5 Data processing

5.1 We only process the personal data that is required to carry out our activities and operations in a permanent, user-friendly, secure and reliable manner. We only process your data

• based on your consent (especially if you voluntarily enter data in your user account)
• to fulfil a contractual obligation and to implement pre-contractual measures between us and you or in fulfilment of a legal obligation (ordinary business and tax documentation).
• in fulfilment of a legal obligation (compliance, legal proceedings/investigations, maintaining security and access controls, combating crime and fraud)
• to protect our legitimate interests (e.g. for administrative purposes, to improve our quality, to analyse data or to publicise our services)

5.2 In addition, we may use data for communication with you and for our management, including risk management.

6 Storage

discover.swiss only stores personal data until the described data processing purposes no longer apply and no further legitimate interest or statutory retention periods prevent deletion. In the case of contractual data, storage is prescribed by statutory retention obligations. Requirements that oblige us to retain data arise, among other things, from accounting and tax regulations. According to these regulations, business communication, concluded contracts and accounting documents must be stored for up to 10 years. If we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used if this is necessary for the fulfilment of retention obligations or for the defence and enforcement of our legal interests. The data will be deleted as soon as there is no longer an obligation to retain it and there is no longer a legitimate interest in retaining it.

7 Data security

7.1 We protect your personal data by taking appropriate security measures. We comply with the appropriate technical and organisational measures required by Swiss and European data protection legislation to prevent unauthorised processing. This includes the following risks in particular:

• Unauthorised or accidental destruction
• Accidental loss
• Technical errors
• Counterfeiting, theft or unauthorised use
• Unauthorised modification, copying, access or other unauthorised processing.

7.2 Our security measures are continuously improved in line with technological developments. We also take data protection within the company very seriously. Our employees and the service companies we commission have been sworn to secrecy and to comply with data protection regulations.

8 Data transmission abroad

8.1 We transmit and store the data associated with the discover.swiss platform in Microsoft data centres in the Western Europe region. This data is stored there in encrypted form and protected against unauthorised access.

8.2 We are authorised to transfer your personal data to third parties abroad if this is necessary to carry out the data processing specified in this privacy policy. It goes without saying that the statutory provisions on the disclosure of personal data to third parties will be complied with. If the country in question does not have an adequate level of data protection, we ensure that your data is adequately protected by these companies through contractual provisions such as the standard contractual clauses and the necessary technical and organisational measures.

9 Data transfer to third parties

9.1 In compliance with the Swiss Data Protection Act and the EU GDPR, we may have personal data processed by third parties. Such third parties are, in particular, specialised providers whose services we use.

9.2 We transmit guest data to the platform users involved in the transaction only to the extent necessary and indicated at the time of booking. Payments on the platform are processed via a payment provider so that payments flow directly from the guest to the service provider.

10 Your rights

You have the right to request information about the personal data we process about you. If we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time with effect for the future. Furthermore, you may - to the extent permitted by law - request the rectification, erasure or restriction of the processing of your personal data. Finally, you have the right to lodge a complaint with the competent data protection authority. For the EU, we have appointed Sachverständigenbüro Mülot GmbH Grüner Weg 80, 48268 Greven, Germany, as our representative within the meaning of the GDPR. As a guest, you can edit your personal details and purchased tourism offers via the user portal on the platform.

 

B. Data processing in connection with the use of the platform

11 Presence and use of platform

11.1 In connection with your use of our platform, we collect information directly from you that is necessary to fulfil the business relationship with you, irrespective of the specific form and type:

• Company
• Salutation
• First name and surname of our reference persons
• Address
• Bank details
• Correspondence language
• e-mail
• (Mobile) phone

11.2 We may also obtain information about you from third party sources, namely: references; orders relating to you that we receive from third parties; documents relating to you; extracts from government registers (e.g. commercial register); recommendations and references to you from third parties; your social media/online activities; or publications in which you appear.

12 Purpose of processing your data as a platform user

We process your data as a user of the platform only for the following purposes:

• For perfect identification
• In order to be able to fulfil our contractual obligations and/or
• to be able to contact you immediately in the event of malfunctions or data breakdowns.

C. Data processing when using platform services as a guest or portal user

13 Registration my.discover.swiss account/user portals

In order to use the my.discover.swiss guest account or another user portal that discover.swiss provides for a service user, we require some master data, i.e. specifically, if you register as a guest or portal user via the application of a platform user (companies and institutions that use our platform services) for the myDiscover.Swiss account or another user portal, we collect the following data:

• E-mail address
• First names and surnames
• Display names

14 Use of booking services via the discover.swiss marketplace

As a guest, you can book tourist activities in the applications of service users, e.g. apps or websites of tourist destinations or service providers such as mountain railways, hotels or tour operators. In order for our platform users to use these booking options, we require additional data depending on the booking, such as your home address, date of birth, mobile phone number, nationality, passport number, correspondence language and information about your travel group.

15 Purpose of the processing of guest data/user data

15.1 We only process your data for the following purposes:

• to fulfil the contract between us and you regarding the use of the my.discover.swiss account
• to fulfil a contract between you and one of our platform users or between you and a service provider whose services you book or purchase using our platform.

15.2 If this data, which may be required for the booking, is not transmitted, no booking can be made via the platform. The data entered on the platform user's application is transmitted to us via an interface. The partner is only responsible for this data up to the interface. We assume full responsibility from this interface onwards.

D. Data processing in connection with our website

16 Calling up our website

16.1 When you visit our website or the my.discover.swiss guest portal , the following technical data is recorded in a log file:

• Browser type including language and version
• Internet Protocol address (IP) of the device you are using
• the date and time of access to the website
• the sub-websites that are accessed via an accessing system on our website
• the website from which the access was made (referrer URL)

16.2 This data is collected and processed for the purpose of enabling the use of our website (establishing a connection), ensuring system security and stability in the long term and enabling the optimisation of our website as well as for internal statistical purposes.

17 Use of our contact form

You have the option of using a contact form to get in touch with us. We require the following information for this: First name, surname, company, function, e-mail address, telephone number, subject, message. We only use this data and any telephone number or message you provide voluntarily in order to answer your contact enquiry in the best possible and personalised way.

18 Cookies

18.1 We use cookies when you visit our website. Cookies are information files that your web browser stores on your computer's hard drive or memory when you visit our website. Cookies are assigned identification numbers that identify your browser and allow the information contained in the cookie to be read. We, discover.swiss, only use functional, necessary cookies and cookies to collect statistics for our website, which enable our servers to make our website secure, useful and user-friendly for you.

18.2 Third-party services may also use cookies (see no. E).

19 Links to our social media presences

19.1 We have included links to our social media profiles on our website. The links lead to the following networks:

• YouTube, operated by Google Inc. Amphitheatre Parkway, Mountain View, Ca 94043
• Facebook operated by Meta Platforms Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA
• LinkedIn from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

19.2 If you click on the relevant social network icons, you will be automatically redirected to our profile on the relevant network. In order to use the functions of the relevant network there, you must log into your user account in some cases. When you click on a link to one of our social media profiles, a direct connection is established between your browser and the server of the relevant social network. This provides the network with the information that you are visiting our website with your IP address and have accessed the link. If you access a link to a network while you are logged into your account with the relevant network, the content of our site may be linked to your profile on the network, which means that the network can directly associate your visit to our website or use of our apps with your user account. If you wish to prevent this, you should log out before clicking on the relevant links. An assignment will take place in any case if you log in to the relevant network after clicking on the link.

E. Third-party services

We use services from specialised third parties in order to be able to carry out our activities and operations in a permanent, user-friendly, secure and reliable manner. Among other things, we can use such services to embed functions and content in our website. In the case of such embedding, the services used record the Internet Protocol (IP) addresses of visitors at least temporarily for technically compelling reasons and use their own cookies.

20 Success and reach measurement

20.1 Google Analytics: We use Google Analytics on our website, a service provided by Google Ireland Ltd, Google Building Gordon House, Barrow St, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; both together "Google", whereby Google Ireland Ltd. is responsible for the processing of personal data. Google uses cookies, which are stored on your device and enable the website to be analysed by you. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. The IP addresses are anonymised (shortened by three digits) so that it is not possible to identify you personally. In particular, the following data is processed by you and passed on to Google:

• Navigation path that a visitor follows on the site,
• Time spent on the website or subpage,
• the subpage on which the website is left,
• the country, region or city from which access is made,
• End device (type, version, colour depth, resolution, width and height of the browser window),
• Returning or new visitor,
• Browser type/version,
• Operating system used,
• Referrer URL (the previously visited page),
• host name of the accessing computer (IP address) and
• Time of the server request

Google evaluates the data collected on our behalf so that we can get an idea of the visits and user behaviour on our website. This enables us to improve our services and website content as well as its design.

20.2 Google Tag Manager: We use the Google Tag Manager on our website. This collects data about user behaviour on our website and forwards it to our analysis tools. Google Tag Manager does not have access to the data, it only collects the data. As Google Tag Manager does not process any personal data per se, please refer to the information on the respective tracking services and the Google Tag Manager usage guidelines. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.

20.3 Further information on data protection at Google can be found at https://support.google.com/analytics/answer/6004245?hl=de and for the Google Tag Manager at https://support.google.com/tagmanager/answer/9323295?hl=de. Further general information on Google's privacy policy can be found at: https://policies.google.com/privacy?hl=de.

20.4 Users can prevent Google from collecting the data generated by the cookie and relating to the use of the website by the user concerned (including the IP address) and from processing this data by Google by downloading and installing the browser plug-in under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. Further information and the applicable data protection provisions of Google may be retrieved under www.google.de/intl/de/policies/privacy/ and under www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link www.google.com/intl/de_de/analytics/.

21 Digital audio and video content

We use services from specialised third parties to enable the direct playback of digital audio and video content such as music or podcasts. In particular, we use YouTube from Google Inc ("Google"), Amphitheatre Parkway, Mountain View, CA 94043, USA; Google Ireland Ltd, Gordon House, Barrow Street Dublin 4, Ireland for users in the European Economic Area (EEA) and Switzerland. In addition, we use the "Vimeo.com" platform of Vimeo Inc. 330 West 34th Street, 10th Floor New York, New York 10001. This always assumes that the providers of this content recognise your IP address. Without the IP address, the providers would not be able to send the content to your end device. The IP address is therefore mandatory for the display of this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence over whether the providers store the IP address for statistical purposes, for example. If you are registered with Google or Vimeo, the providers may also record your usage behaviour across websites on our website. If you do not wish this to happen, we recommend that you log out of the providers beforehand.

Information on data protection at YouTube can be found at: https://www.youtube.com/intl/de_be/howyoutubeworks/our-commitments/protecting-user-data/.

Information on data protection at Vimeo can be found at https://vimeo.com/privacy.

22 card material

We use third-party services to embed maps on our website, in particular Google Maps, including the Google Maps platform. This always requires Google, as the map provider, to collect your IP address. Without the IP address, Google cannot send the content to your end device. The IP address is therefore mandatory for the display of this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence over whether the providers store the IP address for statistical purposes, for example. If you are registered with Google, your usage behaviour may also be recorded by Google across websites on our website. If you do not wish this to happen, we recommend that you unsubscribe from the providers in advance. Google Maps specific information on data protection can be found here https://policies.google.com/technologies/location-data?hl=de.

23 Spam protection service

We use the spam protection service reCAPTCHA provided by Google to determine whether the actions on our website actually originate from humans or are abusive through automated, machine processing. The query includes sending the IP address and any other data required by Google for reCAPTCHA to Google. The notes from 20.2. Further information on Google's privacy policy can be found at: https://policies.google.com/privacy?hl=de.

24 Audio and video conferencing

We use specialised audio and video conferencing services to communicate online. For example, we can use them to hold virtual meetings or conduct online lessons and webinars. Audio and video data is collected from you, as well as any user names and other data collected by the services. For participation in audio and video conferences, the legal texts of the individual services, such as data protection declarations and terms of use, also apply.

In particular, we use Microsoft Teams from the provider Microsoft. Teams-specific information on data protection can be found at https://learn.microsoft.com/de-de/microsoftteams/teams-privacy.

25 Contact options

We use services from selected providers in order to communicate better with you. In particular, we use Jira Service Desk from Atlassian PTY Ltd, Level 6, 341 George St, Sydney NSW 2000 Australia. In particular, your contact details (e.g. name, e-mail) and communication data may be collected. Further information on data protection can be found at https://www.atlassian.com/de/legal/privacy-policy#what-this-policy-covers.

26 Scheduling

We use services from specialised third parties to be able to arrange appointments online, in particular Microsoft Bookings: Provider Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area and Switzerland; Microsoft Bookings-specific information: "Microsoft Bookings: Frequently Asked Questions". The data you provide will be recorded in the system and processed by and via the tool used.

27 General administration

We use Microsoft 365 in particular for our data processing in our day-to-day business: Provider: Microsoft Ireland Operations Limited, South County Business Park, One Microsoft Place, Carmanhall And Leopardstown, Dublin, D18 P521, Ireland for users in the European Economic Area and Switzerland; General information on data protection: "Data protection at Microsoft", "Data protection (Trust Centre)", Privacy Policy.

 

Further information on our order processing can be found in the download area.