Data protection

cable car Jakobsbad-Kronberg AG, represented by Felix Merz, Managing Director, operates www.kronberg.ch and is responsible for the collection, processing and use of your personal data. cable car Jakobsbad-Kronberg AG is therefore also responsible for ensuring that all data processing is carried out in accordance with applicable law.

The protection of your personal data is very important to us. We take the issue of data protection seriously and pay attention to the security of your data. We comply with all applicable legal regulations, in particular the Swiss Data Protection Act (DSG) and the Ordinance to this Act (VDSG) as well as the provisions of the Telecommunications Act (FMG).

Where applicable, we also comply with the provisions of the European Union's General Data Protection Regulation (GDPR).

It is important to us that you know what personal data we collect from you, how this is done, how this data is processed and for what purposes. By using our website, you declare your consent to all this data processing within the meaning of Art. 6 para. 1 lit. a GDPR. Please therefore read the following information carefully.

When you visit our website, our servers temporarily store every access in a log file. The following data is recorded automatically:

• the IP address of the requesting computer
• the date and time of access
• the name and URL of the retrieved file
• the website from which the access was made
• the operating system of your computer and the browser you are using
• the country from which you accessed the site and the language settings of your browser
• the name of your Internet access provider

This data is collected and processed to enable the use of our website (connection setup), to ensure system security and stability, to optimize our website and for internal statistical purposes. In particular, the IP address is used to record your country of residence and to make appropriate settings (e.g. language). The IP address is also stored in order to be able to react appropriately to attacks on our network infrastructure. Our legitimate interest in this data collection and data processing within the meaning of Art. 6 para. 1 lit. f GDPR lies in all these purposes.

Finally, we would like to point out that we also use cookies, tracking tools and social media plug-ins when you visit our website (you can find more information on this in sections 5 to 8) and that data collected may be forwarded to third parties and/or abroad (you can find more information on this in sections 4 and 5).

You have the option of using a contact form on our website to get in touch with us. The entry of certain data is mandatory, for other data this is voluntary:

• First and last name (mandatory)
• Telephone number (optional)
• E-mail address (mandatory)

We will mark the mandatory data as such. If this information is not provided, this may hinder the provision of our services. The provision of other information is voluntary and has no influence on the use of our website. We only use this data to answer your contact request in the best possible and personalized way. This is also our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time. This is explained in more detail in section 8.

You have the option of subscribing to our newsletter on our website. Registration is required for this. The following data must be provided as part of the registration process:

• E-mail address (mandatory)

This information is required for data processing.

We use CleverReach, www.cleverreach.com, to send our newsletter. You can find CleverReach's privacy policy at https://www.cleverreach.com/de/datenschutz/. Please also read this privacy policy carefully. Our newsletter may also contain a so-called web beacon (tracking pixel) or similar technical means. A web beacon is a 1x1 pixel, invisible graphic that is associated with the user ID of the respective newsletter subscriber.

The use of corresponding services makes it possible to evaluate whether the emails containing our newsletter have been opened. In addition, the click behavior of newsletter recipients can also be recorded and evaluated. We use this data for statistical purposes and to optimize the content and structure of the newsletter. This enables us to better tailor the information and offers in our newsletter to the individual interests of each recipient. The tracking pixel is deleted when you delete the newsletter. To prevent tracking pixels in our newsletter, please set your mail program so that no HTML is displayed in messages.

By registering, you give us your consent to process the data provided for the regular sending of the newsletter to the address you have provided and for the statistical evaluation of usage behavior to optimize the newsletter. This consent constitutes our legal basis for the processing of the aforementioned personal data within the meaning of Art. 6 para. 1 lit. a GDPR. Our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR also lies in the aforementioned evaluation purposes.

There is a link at the end of each newsletter that you can use to unsubscribe at any time.

There are various options on our website for making purchases, requesting information material or other services. The corresponding services are generally provided by third parties. If necessary, the data collected in the process is forwarded to these third parties. This includes the following data, for example:

• Salutation and/or company
• First and last name
• Address (street, house number, zip code, town, country)
• Further contact details (e-mail address, telephone number)
• Credit card or other payment data

Mandatory entries are marked as such. This is information that is required in order to be able to provide the booking services. The provision of other information is voluntary and has no influence on the use of our website or the booking services. We would also like to point out that the data you enter is generally also collected directly by the provider of a store service provider and stored by them and/or forwarded to them by us. If the provider of a store service provider then processes the collected data independently, the data protection provisions of the respective provider apply and we ask you to consult these as well. The legal basis for this data processing is the fulfillment of a contract within the meaning of Art. 6 para. 1 lit. b GDPR.

In the following section, we would like to show you which of your data is collected and processed for advertising purposes and how this is done. This data processing is all based on a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR, whereby our interest lies in particular in direct marketing and the analysis and evaluation of the use of our website. By using our website, you also give us your consent to this data processing within the meaning of Art. 6 para. 1 lit. a GDPR.

Creation of pseudonymized user profiles
In order to provide you with personalized services and information on our website (on-site targeting), we use and analyse the data we collect about you when you visit the website. Cookies may also be used for the corresponding processing (see section 6 for more details). The analysis of your user behavior can lead to the creation of a so-called user profile. Usage data is only merged with pseudonyms, but never with non-pseudonymized personal data.

To enable personalized marketing in social networks, we integrate so-called remarketing pixels from Facebook and Instagram on the website. If you have an account with an integrated social network and are logged in there at the time you visit the site, this pixel links the site visit to your account. If you wish to prevent this link, you must log out of your respective account before visiting the site. You can also make further settings for advertising in the respective social networks in your user profile.

Retargeting
We use so-called retargeting technologies on the website. This involves analyzing your user behavior on our website in order to be able to offer you customized advertising on partner websites. Your user behavior is recorded pseudonymously. Most retargeting technologies work with so-called cookies (you can find more information on cookies in section 6).

Further information on the retargeting technologies used and the resulting data processing can be found at the following link:

• Google Tag Manager: https://www.google.com/analytics/terms/us.html
• Facebook: https://www.facebook.com/policies
• Instagram: https://www.instagram.com/kronberg.ch/

You can prevent re-targeting at any time by rejecting or deactivating the relevant cookies in the menu bar of your web browser (for more information on cookies, see section VI). You can also request an opt-out for the aforementioned other advertising and re-targeting tools via the Digital Advertising Alliance website at optout.aboutads.info.

Cookies are information files that your web browser automatically saves on your computer's hard disk when you visit our website. Cookies help us to make your visit to our website easier, more pleasant and more useful. For example, we use cookies to better tailor the information, offers and advertising displayed to your individual interests. Most Internet browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer.

computer or a message always appears when you receive a new cookie. However, deactivating cookies may mean that you cannot use all the functions of our website.

We use various additional tracking tools on our website. These tracking tools are used to monitor your surfing behavior on our website. This monitoring is carried out for the purpose of designing and continuously optimizing our website to meet your needs. In this context, pseudonymized user profiles are created and cookies are also used. Further information on the tracking tools used and the data processing that takes place as a result can be found at the following link: https://www.ghostery.com/

The social media plugins described below are used on our website. The plugins are deactivated on our website by default and therefore do not send any data. You can activate the plugins by clicking on the corresponding social media button. If these plugins are activated, your browser establishes a direct connection with the servers of the respective social network as soon as you visit one of our websites. The content of the plugin is transmitted directly from the social network to your browser, which integrates it into the website. The plugins can be deactivated again with one click. Further important information can be found in the respective privacy policies of the social networks listed below.

Facebook
Social plugins from Facebook are used on our website to make our web presence more personal. This is an offer from the US company Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.
We use the "LIKE" or "SHARE" button. By integrating these plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook account. If you interact with the plugins, for example by clicking the "LIKE" or "SHARE" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.

Facebook can use this information for the purposes of advertising, market research and the needs-based design of Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.

If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website. For the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, please refer to Facebook's privacy policy.

Google Plus
Our website uses the "+1″ button of the social network Google Plus, which is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The button can be recognized by the "+1" sign on a white or coloured background.
If you access a page on our website that contains such a button, your browser will establish a direct connection to Google's servers if you have activated social plugins. The content of the "+1" button is transmitted by Google directly to your browser, which integrates it into the website. We therefore have no influence on the scope of the data that Google collects with the button. According to Google, no personal data is collected without a click on the button. Such data, including the IP address, is only collected and processed for logged-in members.

For the purpose and scope of data collection and the further processing and use of the data by Google, as well as your rights in this regard and settings options for protecting your privacy, please refer to Google's privacy policy. If you are a Google Plus member and do not want Google to collect data about you via our website and link it to your member data stored by Google, you must log out of Google Plus before visiting our website.

We only pass on your personal data if you have expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the relationship between you and Kronberg AG. In addition, we pass on your data to third parties insofar as this is necessary in the context of the use of the website for the provision of the services you have requested and the analysis of your user behavior, as described above. If this is necessary for the aforementioned purposes, the data may also be transferred abroad. If our website contains links to third-party websites, Kronberg AG no longer has any influence on the collection, processing, storage or use of personal data by the third party after clicking on these links and, to the extent permitted by law, assumes no responsibility or liability for this.

General
Kronberg AG is also entitled to transfer your personal data to third parties (i.e. contracted service providers) abroad if this is necessary for the data processing described in this privacy policy. These third parties are obliged to protect data to the same extent as we are. If the level of data protection in a country does not correspond to that in Switzerland or the EU, we contractually ensure vis-à-vis the third party that the protection of your personal data corresponds to that in Switzerland or the EU at all times.

Data transfers to the USA
For the sake of completeness, we would like to point out that in the USA there are surveillance measures by US authorities that generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without differentiation, restriction or exception on the basis of the objective pursued and without an objective criterion that makes it possible to restrict the US authorities' access to the data and its subsequent use to very specific, strictly limited purposes that justify the interference associated with both access to this data and its use. We would also like to point out that there are no legal remedies in the USA that allow you to obtain access to the data concerning you and to obtain its correction or deletion, or that there is no effective legal protection against general access rights of US authorities.

It is important to us to draw your attention to this legal and factual situation so that you can make an appropriately informed decision to consent to the use of your data.

We would also like to point out to users residing in an EU Member State that the USA does not have an adequate level of data protection from the perspective of the European Union - partly due to the issues mentioned in this section.
Insofar as we have explained in this privacy policy that recipients of data (such as Google, Facebook and Twitter) are based in the USA, we will ensure that your data is protected at an appropriate level by our partners either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU-US Privacy Shield.

We use suitable technical and organizational security measures to protect your personal data stored by us against manipulation, partial or complete loss and against unauthorized access by third parties. Our security measures are continuously improved in line with the latest state of the art.

It is important that you always treat your payment information (especially credit card details) confidentially. We recommend that you close the browser window when you have finished communicating with us, especially if you share a computer with other people.

We also take internal company data protection very seriously. Our employees and the service companies commissioned by us have been sworn to secrecy and to comply with data protection regulations.

We only store personal data for as long as is necessary,

• to use the above-mentioned tracking, advertising and analysis services within the scope of our legitimate interest;
• to perform services that you have requested or for which you have given your consent, to the extent specified above;
• to comply with our legal obligations.

We retain data in connection with the conclusion or fulfillment of a contract for a longer period of time, as this is prescribed by statutory retention obligations, for example in accounting regulations and tax law. According to these regulations, business communication, concluded contracts and accounting documents must be stored for up to 10 years. If we no longer need this data to perform the services for you, the data will generally be blocked. This means that the data may then only be used for accounting and tax purposes.

You have the right to receive information about the personal data that we store about you free of charge upon request. In addition, you have the right to rectification of incorrect data and the right to erasure of your personal data, provided that this does not conflict with a statutory retention obligation or a permission that allows us to process the data. In accordance with Articles 18 and 21 GDPR, you also have the right to request the restriction of data processing and to object to data processing. You also have the right to request that we return the data that you have provided to us (right to data portability). On request, we will also pass the data on to a third party of your choice. You have the right to receive the data in a commonly used file format.

If data processing is based on your consent, you can withdraw this consent at any time.

You can contact us for the aforementioned purposes via the e-mail address felix.merz@kronberg.ch. You can also let us know what you would like to happen to your data after your death by giving us appropriate instructions. We may, at our discretion, require proof of identity in order to process your requests.

If you contact us, we will endeavor to provide you with an answer as quickly as possible and to take the desired steps. If you are resident in an EU country, you have the right to lodge a complaint with a data protection supervisory authority at any time.