Menu

Privacy policy

This privacy policy informs you about what personal data we process, the reason, how and where we process it, in particular in connection with our website www.urs-lehmann.ch and our other offers. This privacy policy also informs you about the rights of the individuals whose data we process.

Special, supplementary or additional privacy policies as well as other legal documents such as General Terms and Conditions (GTC), Terms of Use or Conditions of Participation may apply to individual or additional offers and services.

Our offer is subject to Swiss data protection law as well as any applicable foreign data protection law, such as that of the European Union (EU) with the General Data Protection Regulation (GDPR) in particular. The European Commission acknowledges that Swiss data protection law ensures adequate data protection.

1. Contact addresses

Responsibility for the processing of personal data:

Urs Lehmann
Augenweidstrasse 46
8966 Oberwil-Lieli

urs.lehmann[at]swiss-ski.ch

Please be aware that there may be other parties responsible for processing personal data in individual cases.

2. Processing personal data

2.1 Terms

Personal data is any information that relates to an identified or identifiable individual. A data subject is a person whose personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the retention, disclosure, acquisition, collection, deletion, storage, modification, destruction and use of personal data.

The European Economic Area (EEA) comprises the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) refers to the handling of personal data as the processing of personal data.

2.2 Legal basis

We process personal data in accordance with Swiss data protection law, such as the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (OFADP).
Provided that the General Data Protection Regulation (GDPR) applies, we process personal data in accordance with at least one of the following legal bases:

Provided that the General Data Protection Regulation (GDPR) applies, we process personal data in accordance with at least one of the following legal bases:

  • Art. 6 para. 1 letter b GDPR (German only) for the necessary processing of personal data for the performance of a contract with the data subject as well as the implementation of pre-contractual measures.
  • Art. 6 para. 1 letter f GDPR for the necessary processing of personal data to protect our legitimate interests or those of third parties, except where such interests are overridden by the fundamental rights and freedoms and interests of the data subject. Legitimate interests are, in particular, our interest in being able to provide our offer permanently, in a user-friendly, secure and reliable manner and being able to advertise it as required, information security and protection against misuse and unauthorised use, the enforcement of our own legal claims and compliance with Swiss law.
  • Art. 6 para. 1 letter c GDPR for the necessary processing of personal data to comply with a legal obligation to which we are subject under any applicable law of Member States in the European Economic Area (EEA).
  • Art. 6 para. 1 letter e GDPR for the necessary processing of personal data for the performance of a task carried out in the public interest.
  • Art. 6 para. 1 letter a GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6 para. 1 letter d GDPR for the necessary processing of personal data to protect the vital interests of the data subject or of another natural person.

2.3 Nature, scope and purpose

We process personal data that is necessary to provide our offer permanently, in a user-friendly, secure and reliable manner. This kind of personal data may fall into the categories of basic personal and contact data, browser and device data, content data, meta or secondary data and usage data, location data, sales, contract and payment data.

We process personal data for the period of time necessary for the relevant purpose or purposes or as required by law. Personal data which we no longer need for processing is anonymised or deleted. As a matter of principle, individuals whose data we process have the right to have their data deleted.

 As a matter of principle, we only process personal data with the consent of the data subject, unless the processing is permitted for other legal reasons – for example to fulfil a contract with the data subject and for corresponding pre-contractual measures, to protect our overriding legitimate interests, because the processing is evident from the circumstances or after prior information.

In this context, we process information that a data subject submits of their own volition to us in particular when contacting us – for example, by letter, email, contact form, social media or telephone – or when registering for a user account and we may store this kind of information in an address book or using similar tools, for example. If you transmit personal data to us relating to third parties, you are obliged to guarantee data protection vis-à-vis these third parties and to ensure the accuracy of such personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the course of providing our services, provided that this kind of processing is permitted for legal reasons.

2.4 Processing of personal data by third parties, including those abroad

We may commission third parties to process personal data or we may process it jointly with third parties or with the help of third parties, or transmit it to third parties. These third parties are primarily providers whose services we use. We also guarantee appropriate data protection when using such third parties.

These third parties are generally located in Switzerland and in the European Economic Area (EEA). However, they may also be located in other states and territories around the world as well as elsewhere in the universe, provided that their data protection law guarantees adequate data protection in accordance with the Assessment of the Federal Data Protection and Information Commissioner (FDPIC) and, if the General Data Protection Regulation (GDPR) applies, with the Assessment of the European Commission, or if adequate data protection is guaranteed for other reasons, such as by means of a corresponding contractual agreement, in particular based on standard contractual clauses, or by corresponding certification. By way of exception, such third party may be located in a country without adequate data protection, provided that the conditions under data protection law – such as the explicit consent of the data subject – are met.

3. Rights of data subjects

Data subjects whose personal data we process have the rights under Swiss data protection law. This includes the right to access as well as the right to rectification, deletion or blocking of the processed personal data.

Data subjects whose personal data we process may – provided the General Data Protection Regulation (GDPR) applies – request confirmation free of charge as to whether we are processing their personal data and, if this is the case, request information about the processing of their personal data, have the processing of their personal data restricted, exercise their right to data portability and have their personal data rectified, deleted (“right to be forgotten”), blocked or completed.

Data subjects whose personal data we process may at any time – provided the GDPR applies – revoke consent given with effect for the future and object to the processing of their personal data.

Data subjects whose personal data we process have a right to lodge a complaint with a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

4. Data security

We take appropriate and suitable technical and organisational measures to ensure data protection and in particular data security. However, despite these measures, the processing of personal data on the Internet can always involve security gaps and, therefore, we cannot guarantee absolute data security.

Access to our online offer is provided by means of transport encryption (SSL/TLS, in particular with the Hypertext Transfer Protocol Secure – abbreviation HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.

Access to our online offer is subject – as is the use of the Internet in principle – to mass surveillance without cause and without suspicion, as well as other surveillance by security authorities in Switzerland, the European Union (EU), the United States of America (US) and other countries. We cannot directly influence the corresponding processing of personal data by secret services, police agencies and other security authorities.

5. Use of the website

5.1 Cookies

We may use cookies for our website. Cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data that are stored in your browser. This stored data need not be limited to traditional textual cookies. Cookies cannot run programs or transmit malware such as Trojans and viruses.

Cookies can be stored temporarily in your browser as “session cookies” when you visit our website or for a certain period of time as permanent cookies. “Session cookies” are automatically deleted when you close your browser, while permanent cookies have a specific storage period and specifically enable us to recognise your browser the next time you visit our website and, in this way, measure the reach of our website. Permanent cookies can also be used for online marketing, for example.

You can partially or completely deactivate cookies in your browser settings at any time and delete them. However, our website may no longer be fully available without cookies. If and when required, we actively seek your explicit consent for the use of cookies.

In the case of cookies that are used for performance and reach measurement or for advertising, a general objection (“opt-out”) is possible for numerous services via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

5.2 Server log files

We may collect the following information each time our website is accessed, provided this information is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed including the amount of data transferred, website last accessed in the same browser window (referrer).

We store this information – which may also contain personal data – in server log files. The information is required to provide our online offer permanently, in a user-friendly and reliable manner as well as to be able to guarantee data security and thus in particular the protection of personal data – including by third parties or with the help of third parties.

5.3 Tracking pixels

We may use tracking pixels on our website. Tracking pixels are also known as web beacons and are small, usually invisible images that are automatically retrieved when you visit our website and are also used by third parties whose services we use. Tracking pixels can be used to collect the same information as server log files.

6. Social Media

We have a presence on social media platforms and other online platforms to communicate with interested individuals and provide information about our offer. Personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The General Terms and Conditions (GTC) and Terms of Use as well as privacy policies and other provisions of the individual operators of these online platforms also apply in each case. In particular, these provisions provide information about the rights of data subjects, especially with regard to right of access.

Together with Facebook Ireland Limited in Ireland and provided GDPR applies, we are jointly responsible for our social media presence on Facebook including Page Insights. Page Insights provide information about how visitors interact with our Facebook presence. We use Page Insights to help us provide our social media presence on Facebook in an effective and user-friendly manner.

Further information on the nature, scope and purpose of data processing, information on the rights of data subjects and the contact details of Facebook as well as the Facebook data protection officer can be found in Facebook’s privacy policy (“Data Policy”). We have signed the “Controller Addendum” with Facebook and therefore have agreed in particular that Facebook is responsible for guaranteeing the rights of data subjects. For the Page Insights, the corresponding information can be found on Facebook’s“Information on Page Insights” including “Page Insights supplement regarding the Controller” and “Information about Page Insights Data”.

7. Performance and reach measurement

We use services and programs to determine how our online offer is used. For example, in this context, we can measure the success and reach of our online offer as well as the effect of third-party links to our website. However, we can also, for example, test and compare how different versions of our online offer or parts of our online offer are used (“A/B testing” method). Based on the results of the performance and reach measurement, we can in particular correct errors, strengthen content that is especially popular or make improvements to our online offer.

The Internet Protocol (IP) addresses of individual users must be stored when using services and programs for performance and reach measurement. IP addresses are in principle shortened in order to follow the principle of data economy through the corresponding pseudonymisation and to improve the data protection of visitors to our website (“IP masking”).

Cookies may be used and user profiles may be created when using services and programs for performance and reach measurement. User profiles include, for example, the pages visited or content viewed on our website, information on the size of the screen or browser window and the location, at least approximately. In principle, user profiles are created exclusively on the basis of pseudonymisation and we do not use user profiles to identify individual visitors to our website. Individual services for which you are registered as a user may assign the use of our online offer to your profile with the respective service, and you usually have to give your consent to this assignment in advance.

In particular, we use:

8. Third party services

We use third party services to be able to provide our offer permanently, in a user-friendly, secure and reliable manner. These services are also used to embed content into our website. These kind of services – for example, hosting and storage services, video services and payment services – require your Internet Protocol (IP) address, otherwise these services cannot deliver the relevant content. These services may be located outside Switzerland and the European Economic Area (EEA), provided that adequate data protection is guaranteed.

For their own security-related, statistical and technical purposes, third parties whose services we use may also process data in connection with our offer and from other sources – including by using cookies, log files and tracking pixels – in aggregated, anonymous or pseudonymous form.

8.1 Digital infrastructure

We use third parties services to be able to make use of the required digital infrastructure for our offer. These include, for example, hosting and storage services from specialist providers.

8.2 Social media functions and social media content

LinkedIn

We use the option of embedding functions and content from LinkedIn with the help of plugins for our website. For example, we can use it so you can use LinkedIn's “Share” feature on our website. Cookies are also used in this process. You can find more information on the Page about LinkedIn plugins.

Plugins are offered by LinkedIn Ireland Unlimited Company in Ireland or the American LinkedIn Corporation. If you are registered as a user with LinkedIn, LinkedIn can assign use of our online offer to your profile. Further information on the nature, scope and purpose of data processing can be found in LinkedIn’s Privacy Policy, Cookie Policy and Privacy policy portal. Furthermore, it is possible to object to personalised advertising.

8.3 Entertainment

We use YouTube to embed videos on our website. Cookies are also used in this process. YouTube is a service of the American company Google LLC. For users in the European Economic Area (EEA) and in Switzerland, the Irish company Google Ireland Limited is responsible. Further information on the nature, scope and purpose of data processing can be found in Google's Privacy and Security Principles and Privacy Policy, in the “Google Product Privacy Guide” (including YouTube), Information about how Google uses data from sites that use Google services and Information about cookies at Google. Furthermore, it is possible to object to personalised advertising.

9. Final provisions

We have created this privacy policy with the Data protection generator (German only) from Datenschutzpartner (German only).

We may amend and supplement this privacy policy at any time. We will provide information about any amendments and additions in a suitable manner, in particular by publishing the respective current data protection declaration on our website.