Camping Bad Ragaz AG
Seestrasse 41
7310 Bad Ragaz
Last update: 15.02.2024
With this data protection declaration, Camping Bad Ragaz AG (hereinafter "Camping Bad Ragaz", "we" or "us") explains to its customers, users, business partners, applicants, authorities and other persons involved ("you") how personal data is collected and processed in the company. Responsible handling of your personal data is very important to us.
You may only disclose personal data of third parties to us if you are authorised to do so and the personal data is correct. We ask you to ensure that the persons concerned are aware of this privacy policy.
We alternate between the masculine and feminine form in this privacy policy. All other gender designations are also to be understood under the respective designation.
We may amend this privacy policy at any time and without prior notice. The current version published on our website applies in each case.
Responsible for the content of this privacy policy and for the data processing described is
Camping Bad Ragaz AG
Seestrasse 41
7310 Bad Ragaz
datenschutz@camping-badragaz.ch
For natural persons with a simple residence in countries of the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein as well as for the country-specific supervisory authorities provided for in the GDPR, we designate the following person as EU data protection representative in accordance with Art. 27 GDPR:
Lodgyslife Services AG
Dornbachstrasse 1a
61352 Bad Homburg v.d. Höhe
E-mail: datenschutz@logdyslife.com
By way of introduction, we clarify the most important terms used below for better understanding. In this respect, we adhere to the definitions of the Swiss Data Protection Act.
This Privacy Policy complies with the requirements of the Swiss Federal Act on Data Protection ("FADP") and the associated Ordinance ("DPO") as well as the General Data Protection Regulation of the European Union ("GDPR"). The type and scope of the applicable legislation depends on the individual case. Foreign data protection law is only applied insofar as this is mandatory under the applicable law and only for the data processing processes and persons affected.
We comply with the applicable data protection regulations when processing personal data.
The processing of personal data must not unlawfully violate the personality of the persons concerned. For this reason, such data processing must comply with the processing principles of data protection law and/or must be legitimised by a justification. In particular, we are legitimised to process personal data if the processing:
Depending on the services you use and the respective relationship between you and us, we process the following categories of personal data in particular:
To a large extent, we collect personal data directly from you as the data subject. In particular, this includes master data, contract data, communication data, marketing data, behavioural data and transaction data. Such personal data is collected as part of the initiation and processing of business relationships and the use of our services.
We may also collect personal data about you ourselves or automatically or derive it from existing data. This includes, in particular, behavioural and transaction data as well as technical data.
Finally, we also receive personal data from third parties to the extent permitted by law. Such third parties include, in particular, persons from your environment (e.g. family members, fellow travellers), business partners, insurance companies, banks, authorities, official bodies, courts, parties and their legal representatives in the context of legal disputes, etc. We may also collect personal data from public sources (e.g. credit agencies, social media).
We process the data collected in order to fulfil our legal and contractual obligations towards you and third parties. This includes in particular the establishment, administration and processing of contractual relationships, such as
We also process the data collected to ensure communication with you, to provide and improve the services, services and information you have requested, to manage your use of and access to our services, services and information, to maintain our business relationship with you, to carry out advertising and marketing measures (insofar as we are authorised to do so, e.g. with your consent), to monitor the performance of our services, to enforce legal claims or to defend ourselves against them, to detect, prevent or clarify illegal activities, to monitor the performance of our services, services and information, to enforce legal claims or to defend ourselves against them. to monitor and improve the performance of our offering, to enforce or defend ourselves against legal claims, to detect, prevent or investigate illegal activities, to ensure compliance with laws and recommendations of domestic and foreign authorities and internal regulations ("compliance"), to generally guarantee our operations (in particular IT, website, etc.) and to ensure administrative processes (e.g. data archiving, accounting, master data maintenance, quality assurance).
We process your personal data for as long as we are legally obliged to do so (e.g. retention and archiving obligations) or our legitimate business interests require this (e.g. enforcement of or defence against claims, ensuring IT security) or as long as the purpose of collecting your data makes it necessary or the retention is technically required. In the case of contracts, data is generally stored for the duration of the contractual relationship and the statutory retention periods beyond this (usually 10 years).
This may result in your personal data or extracts thereof having to be stored for several years after the end of the contractual relationship between you and us. If your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymised as far as possible.
In certain cases, we may also store your personal data for longer - based on your consent (e.g. job applications that we hold pending).
To secure your data, we maintain technical and organisational security measures in accordance with the current state of the art.
Communication via our website is encrypted using the SSL/TLS encryption protocol.
We would like to point out that even encrypted data transmission on the Internet always involves security risks. Complete protection of data against access by third parties cannot be guaranteed.
We oblige our employees and business partners to maintain secrecy and confidentiality and to comply with the applicable data protection regulations.
Where legally permissible and necessary, we may also pass on certain personal data to third parties as part of our business activities. Where permitted, these third parties process your personal data either on our behalf (processor), in joint responsibility with us or on their own responsibility. These include, among others:
Where necessary, we have concluded corresponding contracts with these third parties . In the event that contract processors are engaged, they undertake to comply with the data protection and data security provisions. Furthermore, they may only process personal data in accordance with our instructions. They also grant us comprehensive rights of inspection and control as well as rights of access, rectification and erasure.
We generally process and store personal data in Switzerland and in the European Union (EU) or the European Economic Area (EEA). In certain cases, however, we may also disclose personal data to service providers and recipients located outside this area or process personal data outside this area, in principle in any country in the world. In particular, you must expect personal data to be disclosed to all countries in which the service providers we use and their subcontractors are located (in particular the USA).
By taking appropriate measures, we ensure compliance with the legal requirements. Specifically, there is an adequacy decision by the competent authority. In the absence of such a decision, the transfer of personal data takes place on the basis of suitable guarantees (in particular standard contractual clauses approved by the European Commission and the Federal Data Protection and Information Commissioner [FDPIC]) or there are exceptions for certain situations (contract processing, legal enforcement abroad, etc.) or we obtain your express consent.
Insofar as the legal requirements are met and no legal exceptions apply, you as the data subject have the following rights in particular:
Please note that these rights may be restricted or excluded in specific individual cases (e.g. to protect third parties or business secrets).
In order to assert your rights as a data subject or if you have any questions about this privacy policy and the processing procedures described therein, you can contact the data protection officer listed in section 2 above.
If you believe that your data has been processed unlawfully, we would be grateful if you could contact us directly. Alternatively, you can lodge a complaint with the supervisory authority responsible for you. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC). In the EU, the complaint must be submitted to the respective national data protection authority.
Our website is hosted by an external service provider (hoster). The personal data collected in the course of using the website is stored on the hoster's servers. This includes, in particular, server log files (e.g. name and URL of the accessed file, date and time of access, data volume, web browser and web browser version, operating system, the domain name of your internet provider, the so-called referrer URL (the page from which you accessed our website), the IP address), contact requests, meta and communication data, contract data, contact data, names, website accesses and other data.
Our hoster will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions with regard to this data. We have concluded an order processing contract with the hoster.
Within the scope of the GDPR, the associated processing of your personal data is carried out either for the purpose of initiating and fulfilling a contract (Art. 6 para. 1 lit. b GDPR) or based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in providing a user-friendly, secure and efficient website in cooperation with a professional provider.
Our mail servers are hosted by an external service provider (hoster). The personal data collected in the course of mail traffic is stored on the hoster's servers. This may include IP addresses, meta and communication data, contact data, names and other data.
Our hoster will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions with regard to this data. We have concluded an order processing contract with the hoster.
Within the scope of application of the GDPR, the associated processing of your personal data is carried out either for the purpose of initiating and fulfilling a contract (Art. 6 para. 1 lit. b GDPR) or based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in processing the enquiries and communication content addressed to us and in providing secure, fast and efficient e-mail communication in cooperation with a professional provider.
Our Internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your end device when you use our website (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. displaying videos). Other cookies are used to evaluate user behaviour or display advertising.
When you visit our website for the first time, you can select your preference regarding the use of cookies via the cookie banner, whereby the storage of technically necessary cookies cannot be prevented. If you do not agree to the storage of such cookies, please do not visit our website. You can change your preferences regarding the use of cookies at any time via XY on our website.
You can configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie. On the following pages you will find explanations of how you can configure the processing of cookies in the most common browsers:
If cookies are deactivated, the functionality of this website may be restricted.
We use cookies to carry out the electronic communication process, to provide certain functionalities or to optimise our website (technically necessary cookies). Within the scope of the GDPR, we store technically necessary cookies on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR). If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR). Consent can be revoked at any time with effect for the future.
13.4.1. Google
Our website uses Google Analytics, Google Ads, Google Maps, Google Tag Manager, Google reCAPTCHA from Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services (hereinafter "Google").
In addition to the following explanations, you will find further information on data protection at Google in the Google data protection declaration: https://policies.google.com/privacy.
We have concluded an order processing contract with Google.
Within the scope of application of the GDPR, this data is processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in an appealing website and in increasing our reach or based on your consent (Art. 6 para. 1 lit. a GDPR). Consent can be revoked at any time with effect for the future.
Google Analytics
We use functions of the web analysis service Google Analytics on our website. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site (see section 13.3). The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on these websites, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and Switzerland. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
The purpose of the data processing is to analyse the use of the website and to compile reports on activities on the website. Based on the use of the website and the Internet, further associated services are then to be provided. The processing is based on the legitimate interest of the website operator.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout.
In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking on this link. This will install an opt-out cookie on your device. This will prevent the collection by Google Analytics for this website and for this browser in the future as long as the cookie remains installed in your browser.
You can find more information on how Google Analytics handles user data here: https://support.google.com/analytics/answer/6004245.
Google Ads
This website uses Google Conversion Tracking. If you have reached our website via an advert placed by Google, Google Adwords will set a cookie on your computer. The cookie for conversion tracking is set when a user clicks on an advert placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognise that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers are told the total number of users who clicked on their advert and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
If you do not wish to participate in tracking, you can refuse the setting of a cookie required for this - for example, by using a browser setting that generally deactivates the automatic setting of cookies or by setting your browser so that cookies from the domain "googleleadservices.com" are blocked.
Please note that you must not delete the opt-out cookies as long as you do not wish measurement data to be recorded. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.
Google Maps
We use Google Maps on our website to display interactive maps and to provide directions. When you call up a web page on our website that has integrated Google Maps, your browser establishes a connection with the Google servers. In addition, Google Maps sets cookies (see above under section 13.3). By using Google Maps, various information (e.g. IP address, addresses entered, date and time of the website visit) can be transmitted to Google servers in the USA.
You can find more information about data processing by Google here: https://policies.google.com/privacy. You can also change your personal data protection settings there in the data protection centre. Detailed instructions on managing your own data in connection with Google products can be found here.
General information about Google Maps can be found at: https://www.google.com/intl/de/maps/about/#!/.
Google Tag Manager
Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus, for example, integrate Google Analytics and other Google marketing services into our online offering. The Tag Manager itself, which implements the tags, does not process any personal user data. With regard to the processing of users' personal data, please refer to the following information on Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.
Google reCAPTCHA
We use Google reCAPTCHA. The associated query serves the purpose of distinguishing whether entries (e.g. in the contact form) are made by a human or by automated, machine processing. The query includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. For this purpose, your input is transmitted to Google and used there. According to Google, your IP address will be truncated beforehand within member states of the EU/EEA and Switzerland. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google uses this information to analyse your use of the service. According to Google, the IP address transmitted by your browser as part of reCAPTCHA will not be merged with other Google data. By activating the query, you consent to this processing of your data, which means that the data processing is based on your consent. You can find more information about Google reCAPTCHA at: https://www.google.com/recaptcha/about/.
13.4.2. Meta
We use selected tools from Meta. The provider of these tools is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (hereinafter "Meta").
In addition to the following explanations, you will find further information on data protection at Meta in the Meta data protection declaration: https://www.facebook.com/privacy/policy
We use the Meta pixel from Meta on our website. With the help of the Meta pixel or comparable tools, we want to optimise the customer experience by only displaying our services and products to those people who are interested in them. To this end, Meta collects certain information about visitors to our website and social media platforms. Based on this, we receive analyses regarding the way our website, services and products are used. Specifically, target groups can be created for the display of adverts. It also allows us to track the effectiveness of adverts for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on an advert (known as "conversion tracking").
You can object to receiving customised advertising via this link: www.facebook.com/settings?tab=ads.
We have concluded an order processing contract with Meta: https://www.facebook.com/legal/terms/dataprocessing
Facebook and we are considered jointly responsible for certain data processing (e.g. Facebook fan page). Where necessary, we have therefore entered into appropriate agreements with Facebook to regulate the rights and obligations of both parties as joint controllers (see www.facebook.com/legal/terms/page_controller_addendum).
Within the scope of application of the GDPR, this data is processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in an appealing website and in increasing our reach or based on your consent (Art. 6 para. 1 lit. a GDPR). Consent can be revoked at any time with effect for the future.
We operate a YouTube channel and embed videos from the YouTube platform on our website. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode, which, according to YouTube, only initiates the storage of user information when the video is played. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode.
As soon as you start a YouTube video on our website, a connection is established to the YouTube servers (possibly also in the USA). In this context, YouTube learns which of our pages you have visited. If you are logged into your YouTube account, you also allow YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube can store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about you. According to YouTube, this serves, among other things, to record video statistics, improve user-friendliness and prevent abusive behaviour.
After the start of a YouTube video, further data processing operations may be triggered over which we have no influence.
We have concluded an order processing contract with Google. You can find more information here: https://www.youtube.com/t/terms_dataprocessing.
Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy.
Within the scope of application of the GDPR, this data is processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in a modern website and in increasing our reach or based on your consent (Art. 6 para. 1 lit. a GDPR). Consent can be revoked at any time with effect for the future.
On our website, we offer you the opportunity to subscribe to our newsletter, which we use to inform you about our services at regular intervals.
In order to send you the newsletter, we need your e-mail address and information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. This data is used exclusively for sending the newsletter.
We use the so-called double opt-in procedure to register for the newsletter. After registering, you will receive an e-mail in which we ask you to confirm your registration. Subscriptions to the newsletter are logged. This includes storing the time of registration and confirmation as well as the IP address. Any changes to your stored data are also logged.
You can revoke your consent to the storage of your personal data and its use for sending the newsletter at any time. There is a corresponding link in every newsletter.
We use the services of Microsoft Dynamics to process, send and analyse the newsletter. You can find their privacy policy here: https://learn.microsoft.com/de-de/dynamics365/customer-insights/journeys/privacy.
Within the scope of application of the GDPR, the associated processing of your personal data is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in providing appropriate information to our existing customers or based on your consent (Art. 6 para. 1 lit. a GDPR). Consent can be revoked at any time with effect for the future.
We use external payment service providers to process payments via our website. When you make a payment, your payment details are forwarded to the respective payment service provider via an interface on our website in order to process the payment.
The data processed by the payment service providers includes master data such as name and address, bank details (including account numbers or credit card numbers), passwords, TANs and checksums as well as contract data. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored by them. As the operator, we do not receive any information about the (bank) account or credit card, but only information to confirm (accept) or reject the payment.
Payment service providers adhere to the standards set by PCI-DSS, which are managed by the PCI Security Standards Council. This is a joint effort by brands such as Visa, Mastercard, American Express and Discover. PCI-DSS requirements help to ensure the secure handling of payment information.
We use as payment service provider:
Within the scope of application of the GDPR, the associated processing of your personal data is carried out either for the purpose of initiating and fulfilling a contract (Art. 6 para. 1 lit. b GDPR) or based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in providing a secure, fast and efficient payment option in cooperation with professional providers.
Our website contains hyperlinks to third-party websites that are not operated or controlled by us. We are not responsible for their content or data protection practices.
We maintain the publicly accessible profiles in social networks listed below. In connection with the use of social networks, we would like to draw your attention to the following:
When you visit our profiles on social networks, personal data may be collected about you. For example, if you are logged into your social network accounts and visit our profile at the same time, the portal operator can assign this visit to your user account. However, even if you have logged out of your account or if you do not have an account with the respective portal, your personal data may be collected. Such data can be collected, for example, by setting cookies. Based on the data collected in this way, the portal operators can create user profiles and show you interest-based advertising. Further information on this can be found in the respective data protection declarations of the portal operators.
The use of social networks and the associated data processing is based on our legitimate interest. In particular, we want to present ourselves on the Internet and increase our reach.
Within the scope of the GDPR, we use social networks in the interest of presenting our online services in an appealing manner, increasing our reach and advertising our services. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time with effect for the future.
We operate a profile on Facebook. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (hereinafter "Facebook").
If you have a Facebook user account, you can interact with us via Facebook. As part of this interaction, we process the personal data you provide.
You can find more information on data protection at Facebook here: https://www.facebook.com/policy.php.
We operate a profile on Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (hereinafter "Instagram").
If you have a user account with Instagram, you can interact with us via Instagram. As part of this interaction, we process the personal data you provide.
Further information on data protection at Instagram can be found here: https://instagram.com/about/legal/privacy/.
We use the REFLINE recruiting tool as part of the recruitment process. The provider is Refline AG, Baarermattstrasse 10, 6340 Baar, Switzerland. The company's privacy policy can be found here. We have concluded an order processing contract with the provider.
If necessary, we can also work with other external partners (e.g. job portals and recruitment agencies). In this case, please also note the data protection notices of these partners.
We treat your data as strictly confidential. Your personal data will only be passed on to persons who are responsible for processing your application.
We process the personal data sent to us as part of your application and the personal data collected as part of the application process, insofar as this is necessary for the decision on the conclusion and implementation of an employment contract. This includes
We process your personal data in this regard for as long as this is necessary for the decision on your application. They will be deleted a maximum of six months after the end of the application process, unless longer storage is legally required or permitted or you have not consented to longer storage.
If an employment relationship is established following the application process, your application documents will be transferred to your personnel file.