The website operator Active Travel AG, Neugrütstrasse 4b, CH-8610 Uster, shall be responsible for the data collection and data processing within Active Group AG.

The website operator takes your data protection very seriously and shall handle your personal data confidentially and in accordance with the statutory directives. This Data Protection Declaration may be modified over the course of time–particularly if we alter our data processing or if new legal guidelines become applicable.

Data Protection Declaration of Active Travel AG
Version 2.0, as of June 26, 2018
1. What does this Data Protection Declaration encompass?
2. Who are we?
3. What are “personal data” and what does “processing” mean?
4. For whom and for what is this Data Protection Declaration intended?
5. What personal data do we process for what purposes?
6. To whom do we pass on your personal data?
7. When do we disseminate your personal data abroad?
8. Do we conduct profiling and automated decision-making?
9. How do we protect your personal data?
10. How long do we store your personal data?
11. What rights do you have in conjunction with the processing of your personal data?
12. Contact
13. Changes to this Data Protection Declaration

1. What does this Data Protection Declaration encompass?
Data protection is a confidential matter and your trust and your private sphere are important to us. It is also an important concern to us that you be comprehensively informed regarding the processing of your personal data. With a focus on the new European General Data Protection Regulation (“GDPR”), this Data Protection Declaration discusses which personal data we shall process in what manner and for what purposes. This means in detail:

• What personal data of yours we shall collect and process
• When we shall collect your personal data
• For what purpose we shall use your personal data
• How long we shall retain your personal data
• Who has access to your personal data
• What rights you have with regards to your personal data
   

2. Who are we?
“Huerzeler" is a registered trademark and an offering from the tour operator Active Travel AG. The usage of this trademark by third parties shall not be permitted.
For each data processing, a designated company of Active Group AG, consisting of the companies of Active Direct Service SL, Active Travel AG, Bicicletas Mallorca SLU, Mallorca Aktiv GmbH as well as Triathlon Holidays GmbH shall be responsible for the data protection issues. In each case, that company shall determine whether a designated processing should be undertaken (e.g. the processing during the course of the rendering of a service, during the usage of the website, etc.), for which purposes it is supposed to be undertaken and which principles are supposed to be valid for it. If these decisions are collectively made by multiple companies of Active Group AG, they may also be collectively responsible.

For the processing of the data in accordance with this Data Protection Declaration, the following company shall in principle be responsible (hereafter, “we” or “us”):

Active Travel AG
Neugrütstrasse 4b
CH-8610 Uster
Telephone +41 44 500 37 37
info@huerzeler.com
www.huerzeler.com

Company No.: CH-020.3.032.021-7
VAT No.: CHE-114.079.008

Authorised Recipient for Accepting Service / Representative in the EU

Mallorca Aktiv GmbH
Ursprungweg 32
DE-71263 Weil der Stadt
Telephone: +49 703 369 28 30
info@mallorca-aktiv.de

Register No.: HRB [Commercial Register, Section B] 252233

Insofar as you have dealings with the services under the trademark “Huerzeler Bicycle Holidays”, Active Travel AG shall in principle be responsible for the data protection issues insofar as you have not explicitly been referred to another responsibility respectively in the individual case or this deviating responsibility is not clear from the context. Constellations in which another company of Active Group AG than Active Travel AG is responsible for the data protection issues shall be, for example, the following:

• If you come into contact with another company of Active Group AG, in the specific case, this company shall be responsible for the data processing–unless this Data Protection Declaration prescribes something to the contrary for the affected processing.
• Your personal data may be passed on to all companies of Active Group AG so that these recipients can process the personal data for their own purposes (thus not by mandate from Active Travel AG) as well as to external companies/institutions, government agencies, business partners and service providers such as airlines, hotels, etc. In such cases, the affected recipient shall respectively be considered to be the responsible party. You can find additional information in this regard in this Data Protection Declaration under Clause 6.
   

Insofar as another company of Active Group AG is responsible for the data protection, deviating data protection guidelines of the affected company may be applicable. In this case, you shall be referred to these data protection guidelines. Otherwise, these data protection guidelines shall be valid whereby, in this case, “we” or “us” shall refer to the affected company.

3. What are “personal data” and what does “processing” mean?
The data protection law regulates the processing of personal data. Personal data (or “personal data”) shall be considered to be all information which can be associated with a designated natural person (human being). This can include, for example, the following information:
 

• Contact information, e.g. surname, forename, postal address, e-mail address, telephone number
• Additional personal data, e.g. gender, birthday, age, family status, nationality, passport data, etc.
• Personal data for the supplying of the requested piece of sports equipment: Physical size/frame size, preferred rental bike models, special requests and data regarding rented or purchased pieces of sports equipment in the past (refers to the guest card)
• Data regarding the trips such as trip data, trip route/destination, airline, hotel, price, customer requests, information or data regarding travel companions
• Health data, e.g. data regarding health-related special needs or ailments and accidents during a trip, data regarding the service level
• Financial data, e.g. payment information, credit card numbers, account data, creditworthiness, financial assets and income
• Records of your visits to websites
• Data which you provide us during the communication with us
   

In addition, in accordance with Swiss data protection law which shall be applicable to companies of Active Group AG with their commercial residence in Switzerland in addition to the GDPR, information shall also be considered to be personal data which refer to a designated juridical person (e.g. data regarding a contractual agreement with a company or an institution). Information regarding the contact persons within a juridical person (e.g. the telephone number and the e-mail address of the contact person in the Marketing Division) shall also be considered to be the personal data of a natural person.

We shall in principle collect your personal data directly from you, e.g. whenever you communicate with us at the travel agency, utilise an offer online or via an app or visit one of our websites. However, your personal data may also be collected indirectly, e.g. via commercial partners if a traveller provides data about travel companions or if other persons are mentioned in the communication with us as well as through the purchase of supplemental data from third-party data sources (e.g. from social media or from address dealers).
We shall not absolutely process all categories of personal data mentioned in this clause. You can find concrete data regarding the personal data that we process in Clause 5. “Processing” (or also “handling”) then means any handling of your personal data.

This includes, for example, the following actions:
 

• The collection and retention
• The usage and application
• The dissemination and disclosure
• The deletion and destruction
   

4. For whom and for what is this Data Protection Declaration intended?
This Data Protection Declaration shall inform you regarding how we at Active Travel AG process your personal data.
For certain services, supplemental data protection guidelines may also be valid.
Our data processing may also affect particularly the following persons (so-called “affected persons”):
 

• Persons who write us or otherwise contact us or are mentioned in the communication with us
• Persons who book trips and/or events with us
• Travel companions
• Persons who commission other services from us or come into contact with our services, e.g. rent a bicycle at our holiday destinations of Mallorca, Andalusia, Lanzarote, Greece or on a tour and/or long-distance trip. In these constellations–at least if the contacting is undertaken on-site, other companies of Active Group AG may be responsible for the data protection issues.
• Visitors to our websites and our social media channels
• Recipients of information and marketing communication
• Contact person of our suppliers, consumers and other business partners
• Job applicants
   

5. What personal data do we process for what purposes?
Based upon the occasion and the purpose, we process very diverse personal data. Among others, we process personal data–possibly also particularly personal data worthy of protection–in the following situations for the following purposes:

5.1 Data processing on our website
5.1.1 During the visit to our websites
Whenever you visit our websites, our servers shall temporarily store each access in a log file.

In this regard, we shall collect the following data without any action being required upon your part and we shall store them until they are automatically deleted after by no later than twelve months:
 

• The IP address of the querying computer,
• Date and time of day of the access,
• Name and URL of the retrieved data,
• The website from which our domain was accessed,
• The operating system of your computer and the browser that you use

The collection and processing of these data shall be undertaken for the purpose which enables the usage of the websites (connection set-up), guarantees the system security and system stability over the long-term and optimises the Internet site as well as for internal statistical purposes. The aforementioned information shall not be commingled with personal data or stored with such personal data.

Only in the case of an attack on the network infrastructure of the websites or in the case that suspicion exists regarding any other impermissible or improper website usage shall the IP address be evaluated for the purposes of clarifying and warding off the attack and, as required, used within the parameters of a criminal investigation for identification purposes and for taking legal action against the affected users under civil and criminal law.

For the aforementioned data processing, our legal basis shall lie in our rightful interest in accordance with Art. 6 Para. 1 lit. f GDPR. In this regard, we shall have a rightful interest in particularly the guaranteeing of IT security.

5.1.2 When using the contact form
Insofar as you contact us via the contact form on the website, we shall collect the following data from you:
 

• Forename*
• Surname*
• Street*
• Postal code*
• City*
• Country*
• Telephone*
• E-mail adress*
• Subject*
• Your opinion / requests / questions / suggestions*

The data fields marked with * are mandatory.

If you provide us with your personal data, you must ensure that these personal data are correct.

We shall use these data in order to answer your questions or to render the services which you have requested and, if necessary, to contact you by telephone. Our rightful interest lies in the processing of your inquiry in accordance with Art. 6 Para. 1 lit. f EU-GDPR. You may at any time object to this data processing (see contact data below). In this regard, our rightful interest lies particularly in the interest in providing good customer support, in contact maintenance and other communication with customers–including outside the parameters of a contractual agreement–as well as in improving and redeveloping our products and services.

5.1.3 When booking services
We provide various options–on our websites and, where applicable, also on our mobile apps–for booking or reserving services online. During the booking process, you shall be respectively transparently informed of which personal data we require from you. This may encompass, for example, the following data:
 

• Form of address
• Forename
• Surname
• Street
• Postal code
• City
• Country
• Telephone
• E-mail adress
• Date of birth
• Body height
• Travel date
• Payment information

Depending on the service, additional specific information may also be requested (e.g. when booking a tour, the passport number, see also in this regard Clause 3 above). In the input mask, we shall respectively transparently state which data are mandatorily required (frequently marked with a *).

In addition, you may possibly want or have to provide us with personal data of third parties, e.g. of travel companions. However, we wish to point out that, in this case, you shall be obliged to inform the affected persons of this provision of data and of this Data Protection Declaration and to verify the correctness of the affected personal data.

Insofar as nothing to the contrary is stated in this Data Protection Declaration and/or you have not separately approved this, we shall use the aforementioned data only in order to implement the contractual agreement–namely in order to render your ordered or your booked services to you, to process your orders, to deliver the ordered products and to ensure the correct processing of the payment.

Please keep in mind that certain services, which may be booked via our website, are not rendered by us ourselves. If you, for example, book a rental bicycle for your holiday in Mallorca, the corresponding service shall be rendered by Bicicletas Mallorca SLU. For the rendering and/or the implementation of the service, we shall forward your personal data, which you have entered on the booking form, to the affected service providers.

The legal basis for the processing of your data for the aforementioned purposes shall lie in the fulfilment of a contractual agreement in accordance with Art. 6 Para. 1 lit. b EU-GDPR. Insofar as, in conjunction with the booking of certain services, particularly data worthy of protection are provided, e.g. data regarding your health status or physical problems during the booking of bicycling tours, you hereby consent to the transmission of this information for the purpose of data processing in order to render the services (Art. 6 Para. 1 lit. a GDPR). You may in principle revoke this consent at any time. However, it is not possible to revoke this consent during the on-going rendering of services.

5.1.4 Cookies and dom storage ("Super Cookies")
Cookies and DOM storage ("super cookies") help, among many aspects, to design your visit to our website to be easier, more pleasant and more beneficial. Cookies are information files which your web browser automatically stores on your computer’s hard disk whenever you visit our website.

We utilise cookies, for example, in order to temporarily store your selected services and inputted data when filling out a form on the website so that you do not have to repeat the inputting when visiting another subpage.

Most Internet browsers accept cookies automatically. However, you can configure your browser in such a manner so that no cookies are stored on your computer or a notification message always appears whenever you receive a new cookie. On the following pages, you will find detailed information regarding how the processing of cookies can be configured for the most popular browsers:

Microsoft’s Windows Internet Explorer
Microsoft’s Windows Internet Explorer Mobile
Mozilla Firefox
Google Chrome for Desktop
Google Chrome for Mobile
Apple Safari for Desktop
Apple Safari for Mobile

The deactivation of cookies may have the result that you may not be able to use all functions of our website.

You can prevent the usage of HTML5 storage objects by utilising the private mode on your browser.

Our legal basis for the data processing via cookies shall be our rightful interests in accordance with Art. 6 Para. 1 lit. f GDPR. Our rightful interests shall lie particularly in the seamless operation and the continued development of our website. The right of lodging an objection and/or opting-out was referenced above.

5.1.5 Google Analytics
For the purpose of the requirements-based design and on-going optimisation of our website, we use the web analysis service Google Analytics from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In this context, pseudonymised usage profiles are created and small text files are used which are stored on your computer (“cookies”). The information generated by the cookie regarding your usage of this website such as
 

• Browser type/browser version
• Operating system used
• Referrer URL (the previously-visited page)
• Host name of the accessing computer (IP address)
• Time of day of the server query
• Device
   

shall be transmitted to servers of Google, a company of the Alphabet Inc. holding company, in the USA and stored there. In so doing, the IP address shall be shortened by means of the activation of IP anonymisation (“anonymizeIP”) on this website before transmission within the member countries of the European Union or within other contracting states to the European Economic Area Convention and/or Switzerland. The anonymised IP address that is transmitted by your browser within the parameters of Google Analytics shall not be commingled with other data by Google. Only in exceptional cases shall the entire IP address be transmitted to a Google server in the USA and shortened there. In these cases, we shall ensure through contractual guarantees that Google fulfils a satisfactory data protection level.

The information shall be used in order to evaluate the usage of the website, in order to generate reports regarding the website activities and in order to render additional services associated with the usage of the website and the Internet for the purposes of market research and the requirements-based design of these Internet sites. Where applicable, this information shall also be provided to third parties insofar as this is statutorily prescribed or insofar as third parties process these data within the parameters of contracted data processing. According to Google’s own statements, in no case shall the IP address be commingled with other user data.

Users may prevent the collection of the data (including the IP address) generated by the cookie and referring to the website usage by the affected user from being transmitted to Google as well as the processing of these data by Google by means of the users downloading and installing the browser plug-in that is available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=en

For the sake of completeness, we wish to state that the U.S. authorities may undertake surveillance measures in accordance with U.S. law whereby it is possible to generally store all data transmitted from the European Union to the USA. This shall occur without making any differentiations, restrictions or exceptions upon the basis of the goal being pursued and without objective criteria which would enable the restriction of the U.S. authorities with regards to personal data and their related usage to specific, strictly-limited purposes which would justify the access to these data.

We wish to point out to users with their place of residence in a member country of the EU that the USA, from the perspective of the European Union–among others, based upon the themes specified in this section–does not maintain a satisfactory data protection level. Insofar as we have discussed in detail in this Data Protection Declaration that recipients of data (e.g. Google) have their commercial residence in the USA, we shall ensure–either through contractual provisions with these companies or through the attainment of certification by these companies in accordance with the EU-US Privacy Shield–that your data are protected by our partners via an appropriate data protection level.

We shall support this data processing based upon our rightful interest in accordance with Art. 6 Para. 1 lit. f GDPR. The right of lodging an objection and/or opting-out was referenced above. In this regard, our rightful interests shall encompass the interest in good customer support, the interest in advertising and marketing activities, the interest in getting to know our customers and other persons better as well as the interest in improving and redeveloping our products and services as well as our website.

5.1.6 Facebook pixel
On our website, we use the Facebook pixel from Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (“Facebook”).

With its help, we can track the actions of users after they have seen or clicked on a Facebook advertisement. For example, the bounce rate and the stay are measured. Thus, we can determine the effectiveness of the Facebook advertisements for statistical and market research purposes. The data collected in this manner have been anonymised for us; that is to say, we do not see the personal data of individual users. However, these data are stored and processed by Facebook whereby we are informing you in this regard based upon our limited level of knowledge regarding Facebook’s data protection practices. Facebook may link these data to your Facebook account and also use them for its own advertising purposes in accordance with Facebook’s data protection guidelines https://www.facebook.com/about/privacy/. They can also enable Facebook as well as its partners to display advertisements on and outside of Facebook. Moreover, a cookie may be stored on your computer for these purposes.

You can at any time prevent this tracking by rejecting and/or deactivating the affected cookies via your web browser’s menu bar (see in this regard Section 5.1.4 above).

We support this data processing based upon our rightful interest in accordance with Art. 6 Para. 1 lit. f GDPR. The right of lodging an objection and/or opting-out was referenced above.

5.1.7 Social media linking
On our website, you will find links to social media networks such as Facebook, Twitter, YouTube and Google Plus. In this regard, this does not concern plug-ins supplied by the provider which, without the users’ influence, already transmit data to the provider when the page is loaded.

Behind the buttons to the social media networks, there lies merely a link to the social media network including the transmission of the respective webpage to be shared. No user data shall be transmitted from the website to the social media network.

Whenever you click on a link to one of our social media profiles, a direct connection is created between your browser and the server of the affected social network. Thus, the network receives the notification via your IP address that you have visited our website and clicked on the link. Whenever you click on a link to a network while you are logged-in to your account at the affected network, the contents of our website may be linked to your profile in the network which means that the network can categorise your visit to our website directly to your user account. If you would like to prevent this, you should log out before you click on the corresponding links. A categorisation shall in any case be undertaken if you log in to the affected network after clicking on the link.

If you click on the button for Facebook, you will be guided to an Internet site of Facebook Inc., 1601 S. California Ave., Palo Ave, CA 04304, USA. You can find information regarding the collection, storage and usage of your data by Facebook Inc. in the provider’s Data Protection Guidelines:
https://www.facebook.com/about/privacy/

If you click on the button for Twitter, you will be guided to an Internet site of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. You can find information regarding the collection, storage and usage of your data by Twitter Inc. in the provider’s Data Protection Guidelines:
https://twitter.com/privacy?lang=en

If you click on the button for YouTube, you will be guided to an Internet site of YouTube LCC, 901 Cherry Ave., San Bruno, CA 94066, USA. You can find information regarding the collection, storage and usage of your data by YouTube in the provider’s Data Protection Guidelines:
https://www.youtube.com/static?gl=DE&template=term...

If you click on the button for Google Plus, you will be guided to an Internet site of Google LCC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can find information regarding the collection, storage and usage of your data by Google Plus in the provider’s Data Protection Guidelines:
https://policies.google.com/privacy

Through your click, you hereby approve the data processing in accordance with Art. 6 Para. 1 lit. a GDPR. In addition, we have a rightful interest in this data processing in accordance with Art. 6 Para. 1 lit. f GDPR. Please keep in mind that we have no control over the subsequent data processing by the social networks. We merely place the link to the social network.

5.1.8 Guestbook
On our website, we offer you the option of informing us and other website visitors of your experiences with our services, depicting your adventures on our tours, etc.

If you provide us with data via this functionality, this shall occur completely voluntarily. You shall decide whether you want to provide personal data. We recommend that you provide particularly no data worthy of protection and particularly also no personal data of third parties. Insofar as you provide personal data from third parties, you shall assure that these third parties have been informed of this data processing and have approved it as well. Otherwise, you shall be forbidden from providing these personal data.

Through this usage of this functionality, you hereby approve that we publish the information provided by you in the guestbook on our website and thus that all other users of our website may read the information.

Our legal basis for this data processing shall lie in your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You may revoke this consent at any time.

5.2 Data processing outside of the website
5.2.1 Communication
We shall process personal data whenever you contact us or we contact you, e.g. whenever you call our travel agency, write us or visit our bicycling sport stations, rental or bicycling sport boutiques at the bicycling sport destinations.
 

• Forename
• Surname
• Telephone
• E-mail adress
• Content of the message
• Time when message sent

We shall use these data so that we can provide you with information, send messages, handle your issue and communicate with you as well as for quality assurance and training. We shall also forward messages within Active Group AG to competent company offices, e.g. if your issue pertains to another company.

If you provide us with information, you must ensure that they are correct.

Our legal basis for this data processing lies in our rightful interest in accordance with Art. 6 Para. 1 lit. f GDPR. You may at any time object to the data processing (for contact data, see below). However, we can then no longer process your inquiry or no longer render any services which you have requested.

5.2.2 Booking trips, tours and events
We shall also process personal data if you utilise our services outside of the website, e.g. if you book a trip directly from us or from one of our commercial partners. In this regard, we shall process your personal data (especially also the trip information mentioned in Clause 3) particularly for the implementation of the booking or for the invoicing. During the course of the booking process, you shall be respectively informed of which data are mandatorily required for the booking. In this context, we shall routinely process the following data:
 

• Form of address
• Forename
• Surname
• Postal code
• City
• Country
• Telefphone
• E-mail adress
• Date of birth
• Body height
• Travel date
• Payment information

In addition, you may possibly want or have to provide us with personal data of third parties, e.g. of travel companions. However, we wish to point out that, in this case, you shall be obliged to inform the affected persons of the provision of this data and of this Data Protection Declaration and to verify the correctness of the affected personal data.

Our legal basis for this data processing shall be the fulfilment of a contractual agreement in accordance with Art. 6 Para. 1 lit. b GDPR.

5.2.3 Information and direct marketing
We shall process personal data (particularly your name and your e-mail address) in order to send information and advertisements.

Sending the e-mail newsletter to existing customers: If you have provided us with your e-mail address when purchasing services and/or goods, we reserve the right to send you offers upon a regular basis via e-mail regarding services and/or goods which are similar to the services and/or goods that you have already purchased from our product assortment.

For this, we must, in accordance with § 7 Para. 3 of the Unfair Competition Act, obtain no special consent from you. In this regard, the data processing shall be undertaken solely upon the basis of our rightful interest in personalised direct advertising in accordance with Art. 6 Para. 1 lit. f GDPR. If you have from the outset objected to the usage of your e-mail address for this purpose, we shall send no e-mails to you. You shall be entitled to any time object to the usage of your e-mail address for the aforementioned advertising purpose with effectiveness for the future by sending a notification in this regard to the responsible party mentioned at the outset. For this, you must pay merely the transmission costs based upon the basic rates. Upon the receipt of your objection, the usage of your e-mail address for advertising purposes shall be promptly discontinued.

Apart from this e-mail marketing to existing customers, we shall use your e-mail address only then for marketing purposes if you have approved this data processing. In this case, our legal basis shall be your consent in accordance with Art. 6 Para. 1 lit. a GDPR.

If you should want no informational messages and advertisements, please contact info@activetravel.ch or Active Travel AG, Neugrütstrasse 4B, 8610 Uster. In addition, in each informational and advertising e-mail, you will also find a link so that you can opt out. With regards to the newsletter, you will also have the option of cancelling and/or unsubscribing from the newsletter via our website.

We shall be entitled to commission third parties with the technical implementation of the marketing campaigns and thus accordingly we have the right to provide third parties with your personal data for this purpose. For the sending of our newsletter, we shall use the e-mail marketing service from Newsletter2go GmbH, Köpenicker Str. 126, DE-10179 Berlin, www.newsletter2go.de.

Our newsletter may contain a so-called web beacon (tracking pixel) or similar technical resources. A web beacon is a graphic which is a 1x1 pixel in size and not visible which is categorised to the user ID of the respective newsletter subscriber. For each newsletter that is sent, there is information regarding the address file used, the subject line and the number of newsletters sent. Moreover, it can be viewed which addresses have not yet received the newsletter, to which addresses it was sent and to which addresses the sending of the newsletter was unsuccessful. In addition, there is still the opening rate including the information regarding which addresses opened the newsletter. Lastly, there is still the information regarding which addresses have unsubscribed. We shall use these data for statistical purposes and in order to optimise the newsletter with regards to content and structure. This enables us to better tailor the information and offers in our newsletter to the individual interests of the recipients. The tracking pixel shall be deleted if you delete the newsletter.

In order to prevent the utilisation of the web beacon in our newsletter, if this is not already the standard default setting, please ensure that your e-mail programme’s settings are adjusted in such a manner that that no HTML is displayed in messages. On the following pages, you will find detailed information regarding how you can adjust these settings for the most popular e-mail programmes.

Microsoft Outlook
Mail for Mac

5.2.4 Business partners
We cooperate with various companies and business partners, e.g. with transport companies, hotels, other service providers and service companies, commercial partners (travel agencies which fulfil the statutorily-prescribed customer deposit protection fund), rental car companies, etc., with cooperation partners and service providers (e.g. in the IT segment). You can find a list of the priority partners at https://www.huerzeler.com/en/service/partner

In this regard, we shall–for the purposes of contractual negotiations and the implementation of contractual agreements, planning, accounting and training purposes, for customer and/or supplier relationship management and for additional purposes associated with the contractual agreement–respectively also process personal data regarding the contact persons at these companies. In so doing, we shall routinely process the following data:
 

• Name
• Function
• Title
• Telephone
• E-mail
• Communication with us

Based upon the sphere of activities, we shall also be obliged to carefully audit the affected company and its employees, e.g. through a security inspection. In this case, we shall collect and process additional data. We can also process personal data in order to improve our customer orientation, customer satisfaction and customer loyalty.

Our legal basis for this data processing shall thus lie, on the one hand, in the implementation of a contractual agreement in accordance with Art. 6 Para. 1 lit. b GDPR as well as, on the other hand, in our rightful interest in accordance with Art. 6 Para. 1 lit. f GDPR. Insofar as this does not encompass the implementation of a contractual agreement, you may at any time object to the affected data processing.

5.2.5 Administration
We shall process personal data for our own and the Active Group AG-internal administration. We shall also process personal data for accounting and archiving purposes and generally for the auditing and improvement of internal processes.

For this data processing, employee data are also routinely affected. We shall process them for the purpose of the implementation of the employment agreement.

Our legal bases for the aforementioned data processing shall be diverse. We shall process the employee data for the fulfilment of an agreement (employment agreement) in accordance with Art. 6 Para. 1 lit. b GDPR as well as for the fulfilment of statutory obligations (e.g. social insurance administration) and / or within the parameters of our rightful interest in accordance with Art. 6 Para. 1 lit. f GDPR. Data processing in conjunction with the operation of the company–particularly in conjunction with the accounting–shall likewise be justified either through the statutory obligations or Art. 6 Para. 1 lit. f GDPR.

5.2.6 Company transactions

We may also process personal data for the purposes of preparing for and implementing company acquisitions and company sales and of the acquisitions and sales of assets. The object and the scope of the collected or provided data shall be dependent on the stage and the object of the transaction.

The legal basis for this data processing shall be our rightful interest in accordance with Art. 6 Para. 1 lit. f GDPR. You may, subject to the proviso of a prevailing interest upon our part, object to this data processing at any time.

5.2.7 Job applications
We shall also process personal data if you submit a job application to us in order to examine your suitability for the relevant job position, to speak with you regarding any possible hiring and, where applicable, to prepare for and conclude a contractual agreement. As a rule, for this, we require the information and documents which are customary and specified in a job announcement, e.g. application, family status, children, residency status, curriculum vitae, skills and abilities, interests, references, qualifications, work testimonials, etc. This may also include particularly personal data worthy of protection, e.g. health data or data regarding union affiliation.

Our legal basis shall lie, on the one hand, in the contractual negotiations that you have requested in accordance with Art. 6 Para. 1 lit. b GDPR. On the other hand, you hereby consent to the transmission of the affected data for processing for the purpose of recruitment.

5.2.8 Fulfilment of legal requirements
We shall process personal data in order to fulfil legal standards, e.g. ensuring the fulfilment of legal obligations–including orders issued by a court or a government agency, for ensuring compliance as well as for identifying and clarifying misuses. That shall, for example, then be the case if we receive and handle complaints and notifications of misuses or if a government agency demands documents which contain your name and your contact information or it conducts an investigation of us. It is also possible that we may conduct internal investigations whereby your personal data may likewise be processed.

The legal basis for this data processing shall lie either in the fulfilment of the statutory obligation and/or in our rightful interest in accordance with Art. 6 Para. 1 lit. f GDPR.

5.2.9 Safeguarding rights
We shall process personal data in various constellations in order to safeguard our rights, e.g. in order to assess claims of ours, of affiliated companies, of employees or of contractual and business partners and, as required, to assert them in court, during the pre-trial stage or out-of-court, and before government agencies domestically and abroad and/or to defend ourselves against claims. For example, we may have the legal situations of cases clarified or submit documents to a government agency. In this regard, we may process your personal data or pass them on to third parties domestically and abroad insofar as this is required and permissible.

The legal basis for this data processing shall lie in our rightful interest in accordance with Art. 6 Para. 1 lit. f GDPR.

5.2.10 Credit check
Insofar as we render services in advance, e.g. for a purchase on account, in order to safeguard our rightful interests, we may obtain credit information from a credit agency upon the basis of mathematical-statistical procedures. In this regard, we shall provide the personal data required for a credit check to a credit agency and shall use the information received regarding the statistical probability of a payment default in order to make a carefully-considered decision regarding the substantiation, implementation or ending of the contractual relationship. Upon request, we would be glad to inform you of which credit agencies we use in this regard.

For this data processing, we have a rightful interest in accordance with Art. 6 Para. 1 lit. f GDPR (prevention of misuse). In addition, this data processing shall be done in conjunction with the fulfilment of a contractual agreement in accordance with Art. 6 Para. 1 lit. b GDPR.

5.2.11 Evaluation of your purchasing behaviour
We shall collect information regarding which purchases and bookings you make when and how frequently in what branches or online shops in order to obtain data regarding your preferences and affinities for certain products or services. These data shall help us to inform you in a targeted manner of additional offers and to better tailor our offerings to the demand.

Our legal basis for this data processing shall lie in our rightful interest in accordance with Art. 6 Para. 1 lit. f GDPR. We have an interest in getting to know our customers better in order to more optimally provide them with customised services. In addition, we have an interest in quite generally optimising and continuing to develop our services.

5.2.12 Storage in a central database
We shall store the aforementioned data in a central electronic data processing system. In this regard, your personal data shall be systematically collected and interlinked in order to process your bookings and render the contractual services as well as to analyse your purchasing and/or booking behaviour. For this, we shall use a software from the Online Travel Services AG Company, Dorfstrasse 35, 6341 Baar. We shall support the processing of these data via the software based upon our rightful interest in accordance with Art. 6 Para. 1 lit. f GDPR in customer-friendly and efficient customer data management. In addition, we shall support the processing of these data based upon the contractual fulfilment in accordance with Art. 6 Para. 1 lit. b GDPR.

6. To whom do we pass your personal data?
Our employees shall have access to your personal data insofar as this is required for the aforementioned purposes and the work activities of the affected employees. In this regard, they shall act in accordance with our instructions and shall be obliged to maintain confidentiality and secrecy when handling your personal data.

We may also pass on your personal data to other companies within Active Group AG for the purpose of Active Group AG-internal administration and for various processing purposes. Thus, for the respective purposes, your personal data may also be processed with and interlinked to personal data which originate from other companies of Active Group AG.

Moreover, we shall pass on your personal data only if you have expressly approved this, a statutory obligation exists in this regard or this is required in order to assert our rights–particularly in order to assert claims arising from the contractual relationship.

Furthermore, we shall pass on your data to third parties insofar as this is required for the usage of the websites and for the implementation of the other data processing described in this Data Protection Declaration (“contracted data processing”). The third-party usage of the data passed on in this context shall be restricted to the aforementioned purposes. We shall ensure, through the selection of the contracted data processors and through suitable contractual agreements, that the data protection–including by third parties–is guaranteed during the entire processing of your personal data. Our contracted data processors shall be obliged to process the personal data exclusively by our mandate and in accordance with our instructions.

Various third-party service providers are explicitly mentioned in this Data Protection Declaration (e.g. in the sections “When booking services”, “Tracking tools”). One service provider to whom the personal data collected via the website are passed on and/or has or can have access, shall be our web host METANET AG, Hardstrasse 235, CH-8005 Zurich, www.metanet.ch. The website is hosted on servers in Switzerland.

Moreover, it is possible that we may pass on personal data to other companies (even) for their own purposes. In these cases, the recipient of the data shall be considered to be its own responsible party in accordance with data protection law. This shall affect, for example, the following cases:
 

• If you book trips with us, we shall pass on the personal data, based upon the object of the booking, to transport companies (train, ship, airlines, etc.), lodging establishments (hotels, pensions, etc.), local event organisers and additional service providers (e.g. car rental agencies).
• Particularly for air travel: Upon the request from government agencies in certain countries, it may be necessary to provide specific data to these government agencies regarding your travel to and from these countries for security and travel entry reasons. They shall authorise us and/or the respective airline to, for these purposes, provide personal data regarding you as the passenger, the so-called «Passenger Name Record (PNR)» data to these government agencies insofar as this information is available. This information shall include, for example, your complete name, birthdate, your complete residential address, telephone numbers, information about your travel companions, date of the booking/ticket issuance and intended travel date, all types of payment information, your travel status and your travel route, frequent flyer number, information regarding your luggage, all PNR changes in the past, etc. You acknowledge that these data may be passed on to countries in which the data protection does not fulfil the protection level of the Swiss data protection laws (see Clause 7 in this regard).
• If we broker a trip, we shall pass on the personal data to the respective tour organiser.
• If we analyse or implement transactions such as company mergers or the acquisition or sale of individual divisions of a company or its assets, we must pass on personal data to another company in this context. In these cases, we shall notify you respectively in this regard as early as possible and we shall endeavour to process as little personal data as possible.
• We may disclose your personal data to third parties (e.g. government agencies in Switzerland and abroad) if this is prescribed by law. We also reserve the right to process your personal data in order to fulfil a court order or assert and/or ward off legal claims or we consider it to be necessary for other legal reasons.
• We may pass on your personal data to former employers if you submit a job application to us (reference information) or to future employers if you apply for a new job position.
• If we assign payment claims against you to other companies such as, for example, debt collection agencies.

7. When do we disseminate your personal data abroad?
The recipients of your personal data (see Clause 6 in this regard) may also be respectively located abroad. The affected countries may possibly not have laws which protect your personal data to the same extent as in Switzerland or in the EU and/or the EEA.

If we should transmit your personal data to such a country, we shall be obliged to ensure the protection of your personal data in an appropriate manner. One method for doing this is to conclude data transmission agreements with the recipients of your personal data in non-EU countries which guarantee the required data protection. This shall include contractual agreements which have been approved, issued or acknowledged by the competent government agencies–so-called standard contractual clauses. Likewise, the transmission to recipients shall be permissible who are subject to the so-called «US Privacy Shield Programme». As exceptions, the transmission to countries without appropriate protection shall also be permissible in other cases.

8. Do we conduct profiling and automated individual decision-making?
«Profiling» refers to a process in which personal data are processed in an automated fashion in order to assess, analyse or predict personal aspects, e.g. the job performance, financial situation, health, personal preferences, interests, reliability, behaviour, place of residence or relocations.
Currently, the companies of Active Group AG conduct no profiling.

«Automated individual decision-making» refers to decision-making which is done in an automated fashion, i.e. without relevant human influence and which may have negative legal ramifications or other similarly negative ramifications for you. We shall specially inform you insofar as we utilise automated individual decision-making in individual cases and insofar as this is prescribed by law. For purchases on account, as required, we shall likewise conduct a credit check in order to decide whether this payment method shall be offered to you. The credit check shall encompass automated individual decision-making. However, this is required for the conclusion or the fulfilment of a contractual agreement between the parties and is thus permissible in accordance with Art. 22 GDPR. Moreover, the companies of Active Group AG conduct no automated individual decision-making.

9. How do we protect your personal data?
We undertake appropriate security measures of a technical (e.g. encryption, pseudonymisation, logging, access restriction, data back-up, etc.) and organisational nature (e.g. instructions to our employees, confidentiality agreements, audits, etc.) in order to safeguard the security of your personal data, in order to protect against unauthorised or illegal processing and to counteract the risk of the loss, unintended alteration, unintended disclosure or unauthorised access. However, security risks can generally not be completely eliminated; certain residual risks are unavoidable.

10. How long do we store your personal data?
We shall store your personal data in a person-specific form as long as this is required for the concrete purpose for which we collected them; as a rule, in the case of contractual agreements, at least for the duration of the contractual relationship. Moreover, we shall store personal data if we have a rightful interest in their storage. This can then particularly be the case if we require personal data in order to assert or ward off claims, for archiving purposes, for guaranteeing IT security or if statute of limitations periods for contractual or non-contractual claims are running.

Frequently, for example, a statute of limitations period of ten years shall be valid; in some cases, even such a statute of limitations period of five years or of one year. We shall also store your personal data as long as they are subject to a statutory retention obligation. For certain data, for example, a ten-year retention period shall be valid. For other data, short retention timeframes shall be respectively valid, e.g. for records of certain processes on the Internet (log data). After the lapsing of the aforementioned timeframes, we shall delete or anonymise your personal data.

11. What rights do you have in conjunction with the processing of your personal data?
You may at any time object to the data processing–particularly data processing in conjunction with direct advertising (e.g. objection to advertising e-mails). You shall also have the following rights:

Right of information: You shall have the right to, at any time and upon a free-of-charge basis, demand to review your personal data that we have stored if we process these data. Thus, you shall have the opportunity to examine which personal data we process about you and that we are using these data in accordance with the valid data protection guidelines.

Right of correction: You shall have the right to have incorrect or incomplete personal data corrected and to be notified of the correction. In this case, we shall inform the recipients of the affected data regarding the adjustments that have been made insofar as this is not impossible or associated with disproportionate expenditures.

Right of deletion: You shall have the right to request that your personal data be deleted subject to certain sets of circumstances. In the individual case, the right to deletion may be excluded.

Right of restriction of the processing: Subject to certain requirements, you shall have the right to demand that the processing of your personal data be restricted.

Right of data portability: Subject to certain sets of circumstances, you shall have the right to demand that we provide you with the personal data, which you have made available to us, upon a free-of-charge basis in a readable format.

Right of complaint: You shall have the right to submit a complaint against the art and manner of the processing of your personal data to a competent government supervisory agency.

Right of revocation: You shall in principle have the right at any time to revoke a consent that has been granted. However, any processing work in the past that was supported by your consent shall not be rendered illegal owing to your revocation.

12. Contact
If you have any questions regarding our data protection and our data processing, would like to request information or affect the deletion of your data, please contact us by sending an e-mail to datenschutz@huerzeler.com.

You may send a letter regarding your issue to the following address:
Active Travel AG, Neugrütstrasse 4b, CH-8610 Uster

13. Changes to this data protection declaration
This Data Protection Declaration may be modified over the course of time–particularly if we alter our data processing or if new legal guidelines become applicable.
We shall actively inform persons, whose contact data are registered with us, of substantial changes if this is possible without disproportionate expenditures. Generally, however, the Data Protection Declaration as amended that was valid at the beginning of the affected processing shall be respectively applicable to data processing.

 

Cookies

Cookies used on this website serve only to ease your visit and make it as pleasant as possible. No personal data are stored.