Last updated: 08 July 2025
This translation is provided for convenience only. In case of any discrepancies, the legally binding version of this Privacy Policy is the German original.
Protecting your privacy is important to us. We respect your personality and privacy. We ensure the protection of your personal data as well as its processing in accordance with applicable laws.
Personal data means any information relating to an identified or identifiable person. In addition to your contact details, such as name, phone number, address or e-mail address, this includes further information that you provide to us.
Within the limits of the law, you may decide how your data is processed (see also the section 'Your Rights' below). In principle, we use the data in the context of providing services to you and in order to offer you added value (e.g. customised offers, support in the event of disruptions). Your data will only be used for the development, provision, optimisation and evaluation of our services or for maintenance of the customer relationship.
We guarantee that we will not sell your data to third parties. Your data will only be disclosed to selected third parties listed in this data privacy statement and only for the purposes explicitly stated. If we commission third parties to carry out data processing, they will be required to comply with our data protection standards.
We guarantee the careful handling of customer data. We ensure the necessary organisational and technical precautions for this purpose.
Below you will find detailed information on how we handle your data.
We are committed to handling your personal data responsibly and guarantee compliance with the Swiss Federal Act on Data Protection (FADP), the Ordinance on Data Protection (DPO) and other relevant provisions of Swiss law as well as the provisions of the EU General Data Protection Regulation (EU GDPR). In the following, we also refer to the corresponding legal basis in the GDPR.
“Processing of your personal data” refers to any operation performed on your personal data (as defined under both the FADP and GDPR).including storage, processing, use, erasure, and other forms of handling.
This data privacy statement covers not only data processing in connection with the website www.aletscharena.ch and all other websites for which Aletsch Arena AG is responsible, but also the processing of personal data at the information centres and other points of sale of Aletsch Arena AG.
This data privacy statement constitutes an integral part of the General Terms and Conditions (GTC) of Aletsch Arena AG.
Aletsch Arena AG is responsible for the processing of your personal data.
Joint responsibility exists where you purchase/order services or products from third parties (service providers) through Aletsch Arena AG. Joint responsibility applies in particular to services provided by Aletsch Bahnen AG.
Please do not hesitate to contact our in-house data protection officer at any time with any questions or suggestions regarding data protection.
By post to:
Aletsch Arena AG
Data Protection Officer
Furkastrasse 39
3983 Mörel-Filet
Switzerland
By e-mail to: datenschutz@aletscharena.ch
Based on Art. 27 GDPR, Aletsch Arena AG has appointed an EU data protection representative.
For any questions relating to European data protection, please contact our EU data protection representative:
EU Data Protection Representative
ADVOVOX Rechtsanwalts GmbH Sven Krüger
Großbeerenstraße 2-10
D-12107
Berlin
Phone: +49 - 30 - 22 48 75 28
Fax: +49 - 30 - 22 48 75 29
E-mail: gdpr@advovox.de
Website: www.advovox.de
Business ID no.: DE 253207773
If you have any questions, please contact Aletsch Bahnen AG
Aletsch Bahnen AG
Hauptstrasse 12
3992 Bettmeralp
Switzerland
Email: info@aletschbahnen.ch
Why do we collect your data
We collect personal data in order to keep you informed about news and updates (such as products, events, etc.) and to make your stay in the Aletsch Arena holiday region as pleasant as possible.
We understand how important the careful handling of your personal data is to you. All data processing takes place only for specific purposes. These may arise, for example, from technical necessity, contractual requirements, legal regulations, legitimate interest—that is, from lawful grounds—or your express consent. We collect, store and process personal data where necessary.
In the following, we outline for each use case which personal and usage data we collect, for what purpose, how long we retain it, and where your data is stored. In all use cases, no personal data will be collected by Aletsch Arena AG without your active consent.
Note: The legal basis pursuant to the GDPR is aimed at guests from the EU. For guests from Switzerland, the Swiss Federal Act on Data Protection (FADP) applies and with regard to processing Art. 12 and Art. 13 in conjunction with the principles of Art. 4 et seq. FADP.
What personal data is stored?
If you provide this information over the phone.
What technical data is stored?
For what purpose?
How long is the data stored?
Without consent and without interaction with us, for a maximum of 2 years.
Where is the data stored?
HubSpot, Amazon Web Services (USA) and Google Cloud Platform (Frankfurt, Germany). You can find more details about HubSpot's cloud infrastructure in the HubSpot Cloud Infrastructure and Data Hosting FAQ.
What is the legal basis for data processing?
Consent of the guest (Art. 6 (1) (a) GDPR)
The contact form on the websites of Aletsch Arena AG enables you to contact us conveniently.
What personal data is stored?
The mandatory information is marked with (*).
What technical data is stored?
For what purpose?
How long is the data stored?
Without consent and without interaction with us, for a maximum of 2 years.
Where is the data stored?
HubSpot, Amazon Web Services (USA) and Google Cloud Platform (Frankfurt, Germany). You can find more details about HubSpot's cloud infrastructure in the HubSpot Cloud Infrastructure and Data Hosting FAQ.
What is the legal basis for data processing?
Consent of the guest (Art. 6 (1) (a) GDPR)
Our chatbot offers you the opportunity to get in touch with us directly and comfortably. Please note that this is an automated chatbot that uses a Large Language Model (LLM), i.e., an AI language model, to answer your questions.
What personal data is stored?
What technical data is stored?
For what purpose?
How long is the data stored?
Without additional consent and in the absence of further interaction with us, your data will be stored for a maximum of two years.
Where is the data stored?
Your data is stored on servers in Switzerland provided by aiaibot.
What is the legal basis for data processing?
Consent of the guest (Art. 6 (1) (a) GDPR)
With the newsletter, we inform you regularly by e-mail or post about exciting news, special offers, etc. from the destination.
What personal data is stored?
The mandatory information is marked with (*).
What technical data is stored?
For what purpose?
How long is the data stored?
If you consent to receive the newsletter, the data will be stored in our marketing tool for as long as the subscription is active. If you have been inactive for 2 years, your data will be erased unless you have already opted out of all subscriptions in advance.
Where is the data stored?
HubSpot, Amazon Web Services (USA) and Google Cloud Platform (Frankfurt, Germany). You can find more details about HubSpot's cloud infrastructure in the HubSpot Cloud Infrastructure and Data Hosting FAQ.
Where can I manage my subscription?
An unsubscribe link is included in every marketing email you receive from us. You can manage your subscription on the relevant website.
What is the legal basis for data processing?
Consent of the guest (Art. 6 (1) (a) GDPR)
Your personal data are automatically transferred to the service provider's database via a secure connection using the registration form on aletscharena.ch. We use the newsletter software “HubSpot” to send out our newsletter. At the end of all newsletters, you will find an unsubscribe link through which you can unsubscribe from the newsletter.
The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from our service provider's server when the newsletter is opened, enabling us to analyse the use of the newsletter.
What technical data is stored?
For what purpose?
How long is the data stored?
If you consent to receive the newsletter, the data will be stored in our marketing tool for as long as the subscription is active. If you have been inactive for 2 years, your data will be erased unless you have already opted out of all subscriptions in advance.
Where is the data stored?
HubSpot, Amazon Web Services (USA) and Google Cloud Platform (Frankfurt, Germany). You can find more details about HubSpot's cloud infrastructure in the HubSpot Cloud Infrastructure and Data Hosting FAQ.
What is the legal basis for data processing?
Consent of the guest (Art. 6 (1) (a) GDPR)
In order to prevent the use of web beacons, please configure your email program so that no HTML is displayed in your messages.
Various offers such as accommodation, experiences, event tickets and souvenirs can be ordered via the online shop shop.aletscharena.ch. If such services are provided by third parties, we will forward your data to the relevant service providers. Aletsch Arena AG acts as an intermediary between you and the service provider for bookings or enquiries. Accordingly, certain data required in order to draw up an offer or fulfil the contract must be forwarded to the service provider. Insofar as the service provider independently further processes the collected data, the data protection policy of the respective service provider will apply. We kindly ask you to consult these as well. However, we will also include your data in our central database and process it for marketing purposes if you have consented to this.
What personal data is stored?
The mandatory information is marked with (*). The required fields differ depending on the product.
The information marked (**) is only required for individual products.
For what purpose?
How long is the data stored?
Where is the data stored?
Alturos Destinations GmbH, Gabelsbergerstraße 50a, 9020 Klagenfurt, Austria
What is the legal basis for data processing?
Consent of the guest (Art. 6(1)(a) GDPR); Performance of a contract (Art. 6(1)(b) GDPR)
In addition to the offers listed above, mountain railway tickets can also be purchased via the online shop, shop.aletscharena.ch. Aletsch Arena AG acts as an intermediary between you and Aletsch Bahnen AG when booking mountain railway tickets. Accordingly, the data required for contractual performance and technical processing must be passed on to Aletsch Bahnen AG. Insofar as Aletsch Bahnen AG independently processes the collected data, the data protection provisions of Aletsch Bahnen AG shall apply. We kindly ask you to consult these as well. However, we will also include your data in our central database and process it for marketing purposes if you have consented to this.
What personal data is stored?
The mandatory information is marked with (*).
For what purpose?
How long is the data stored?
Where is the data stored?
Alturos Destinations GmbH, Gabelsbergerstraße 50a, 9020 Klagenfurt, Austria
What is the legal basis for data processing?
Consent of the guest (Art. 6(1)(a) GDPR); Performance of a contract (Art. 6(1)(b) GDPR)
Please note that when making bookings for third parties, the details you provide about those third parties will be processed in the manner specified by you. By making the booking, you confirm that you have informed the persons whose personal data is transmitted of this fact and that they agree to the type and extent of the use of their data by Aletsch Arena AG. This applies to all bookings made via shop.aletscharena.ch or shop.aletschbahnen.ch.
In order to create a SwissPass login, you will be redirected to the SwissPass website. There, you must open a customer account (cf. also www.swisspass.ch/datenschutz); in such cases, SwissPass will bear sole responsibility for such processing.
You can find out how the data is processed in their privacy policy.
What personal data is stored?
For what purpose?
Identity verification.
The SwissPass Card is personal, and the customer's identity must be verified when the card is acquired for the first time or when changing customer data (surname, first name, date of birth, gender). The verification of identity is carried out either directly at the ticket counter, by means of a copy of ID in the case of travelcard orders through the SBB Contact Centre, or online.
Regardless of the channel selected, surname, first name, date of birth and gender are read and stored. All other data required for the online identity check are irretrievably deleted after the verification process.
Further information on the online identity check can be found in the GTC.
In the control of services.
Customer and subscription data are required and processed for revenue protection (checking the validity of tickets or reduced-fare tickets, collection, combating misuse). Transport companies and networks are therefore entitled to process all data (ticket and inspection data and, where applicable, particularly sensitive data in connection with all types of travel without a valid ticket, such as passengers with a partially valid ticket, passengers with an invalid ticket or travellers with forgotten tickets and reduced-fare tickets and any misuse) of travellers or contracting parties, store them for the periods defined under data protection law and exchange them with other transport companies and networks (including across borders in the case of international tickets or reduced-fare tickets).
The following provisions shall apply to individual services or carrier media:
SwissPass Card
When the physical SwissPass Card is used as a wallet, no inspection data is stored (exception see SwissPass Mobile).
SwissPass Mobile.
When using the SwissPass Mobile application, the provisions acknowledged when activating SwissPass Mobile apply. In this regard, the following data is processed: Registration, activation and inspection data generated when using SwissPass Mobile. As soon as SwissPass Mobile is used, this data is also collected from the SwissPass Card.
Registration data are retained for up to 18 months after deactivation of SwissPass Mobile or expiry of the SwissPass Card. The activation and inspection data for SwissPass Mobile and the SwissPass Card are stored on the inspection devices for one day and in the inspection database for thirty days. If there are indications of misuse, the maximum retention period for activation and control data is ninety days. Travellers who commit misuse using SwissPass Mobile will be banned from SwissPass Mobile for twelve months. After that, the use of SwissPass Mobile is possible again. After a further twelve months, the traveller's exclusion file will be deleted.
Insofar as the EU GDPR applies, our legitimate interest and the fact that it is required for the performance of a contract constitute the legal basis for this processing of personal data.
Data in the event of misuse of tickets.
In the event of travel without a valid ticket, the data will be stored in a separate database and in a jointly operated register. Travellers or contracting parties acknowledge that, in the event of any misuse or falsification, the transport companies are authorised to provide the relevant personal data to all internal units affected by the misuse as well as to other transport companies so that any misuse can be ruled out or confirmed and further misuse can be prevented. Pursuant to the Swiss Federal Act on Passenger Transport (PBG), different deadlines apply to the processing of the aforementioned data. The data shall be erased as soon as it is established that the person concerned has not caused a loss of revenue and after two years if the person concerned has paid the surcharges and has demonstrably no longer travelled without a valid ticket during this period. The data may be retained for a maximum of ten years if it is required for enforcing claims against this person.
Insofar as the EU GDPR is applicable, Art. 20a PBG and Art. 58a VPB provide the legal basis for this processing of personal data.
Partner Services.
When registering with a partner or purchasing or using partner services, your card and customer data (card ID, customer number, title, form of address, surname and first name, address, date of birth, travelcard information and photo) are transmitted to SwissPass Plus partners for the purpose of processing transactions. If any partner services are purchased, SBB stores the service data. SBB shall inform SwissPass partners in the event of loss, theft, misuse, forgery or card replacement.
In order to use certain partner services (e.g. SwissPass Parking), you must deposit a valid means of payment with a transport company.
In order to enable you to take advantage of discounted services, Swiss Pass partners are authorised to retrieve directly required subscription data.
SwissPass customer account.
You do not need a SwissPass Card or a public transport travelcard in order to issue a SwissPass account. You can access your data at any time in your customer account on swisspass.ch. With a SwissPass login, you have access to various online public transport services and selected partners. This allows you to log in to websites, online shops and apps without further registration. We need at least the following information from you in order to create a SwissPass account:
Your data will be stored in Switzerland.
Inactive customer accounts are deleted after 18 months.
Data exchange via single sign-on (SSO).
During authentication, login and customer data (name, address, date of birth, gender, title, correspondence email address, login email address, landline and mobile numbers, language, card information, technical customer ID) are exchanged between the central login infrastructure of the Public Transport Association and the partner platform (e.g. swisspass.ch, SBB.ch, SBB Mobile, Helvetic Motion, etc.).
Insofar as the EU General Data Protection Regulation (EU GDPR) is applicable, the legal basis for this processing of personal data is the requirement for the performance of a contract.
Website swisspass.ch.
You can visit the swisspass.ch websites without having to provide any personal information. If you agree, we analyse usage data, such as the last page visited, click behaviour, frequency of access, browser used, date, time, etc., in an anonymised manner in order to identify trends and improve our online content. In doing so, we do not draw any conclusions about your person.
Passenger rights.
Your personal data will be processed by SBB AG on behalf of the Swiss public transport authority in connection with compensation claims for the following purposes and stored for 13 months:
Your personal data will not be disclosed to third parties outside Switzerland and will not be used for marketing purposes.
What is the legal basis for data processing?
Consent of the guest (Art. 6(1)(a) GDPR); Performance of a contract (Art. 6(1)(b) GDPR)
Via the Aletsch Arena App, you can retrieve up-to-date information such as summer and winter sports reports, events, tour suggestions, webcams, etc. In addition, the app offers GPS navigation for the ski area in winter.
We use web analysis services for the purpose of designing and continuously optimising our websites, apps and e-mails in line with your needs. The legal basis for the described data processing is our legitimate interest.
We use the tracking tool Google Analytics to analyse user behaviour. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The information generated by the Aletsch Arena App about your use of this app is usually transmitted to a Google server in the USA and stored there. Information on the handling of user data by Google Analytics can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245
In order for the integrated navigation to be used, the application needs access to the current location. Also, in background mode. The location of the device is used exclusively on an anonymous basis for navigation within the Aletsch Arena App region, and the data is not stored on a server or forwarded to third parties.
Further information on which data is collected here can be found in the corresponding section “Google Analytics”.
Guests as well as owners and long-term tenants of chalets, holiday homes and second homes who stay overnight in the Aletsch Arena destination are subject to the tourist tax (SGS 935.1 – Tourism Act of 1996). The tourist tax is settled on the basis of a registration form. This means that the holders of an operating licence to host guests must have a completed registration form and must keep a control register of their guests. The registration data may be entered electronically by the guest (quick check-in) or by the accommodation provider itself.
What personal data is stored?
The mandatory information is marked with (*).
The information marked (**) is also mandatory for fellow travellers.
For what purpose?
How long is the data stored?
We are required by law to retain a guest's registration data for at least 10 years. The data is automatically stored in the reporting system and deleted after 10 years.
Where is the data stored?
Alturos Destinations GmbH, Gabelsbergerstraße 50a, 9020 Klagenfurt, Austria
What is the legal basis for data processing?
Legal obligation (Art. 6 (1) (c) GDPR)
Guests, owners and long-term tenants of chalets, holiday homes and second homes who pay tourist taxes are entitled to a (digital) guest card. With the digital guest card, you can enjoy numerous reduced and included services. You will receive the guest card directly from your landlord via quick check-in before your arrival.
What personal data is stored?
The mandatory information is marked with (*).
The information marked (**) is also mandatory for fellow travellers.
For what purpose?
How long is the data stored?
Where is the data stored?
Alturos Destinations GmbH, Gabelsbergerstraße 50a, 9020 Klagenfurt, Austria
What is the legal basis for data processing?
Consent of the guest (Art. 6 (1) (a) GDPR)
When you visit the websites of Aletsch Arena AG, data is stored on the server of our web agency.
What technical data is stored?
On our websites, we only collect data that is stored on your respective device (computer, smartphone, tablet) in the picture gallery and in the quick search of the booking platform.
For what purpose?
How long is the data stored?
The data will only be stored for as long as you keep the browser data.
Where is the data stored?
Locally on your device (computer, smartphone, tablet)
What is the legal basis for data processing?
Consent of the guest (Art. 6 (1) (a) GDPR)
For third-party websites that are linked to websites of Aletsch Arena AG, no guarantee is given for compliance with data protection regulations.
If you give your consent, we use your customer data (name, gender, date of birth, address, customer number, email address), your performance data (data concerning services purchased such as subscriptions or individual tickets) and your browsing habits on our websites or in emails that you have received from us for marketing purposes. Please also refer to the section on tracking tools in relation to analysing click behaviour.
We analyse this data in order to further develop our offers in line with your needs and to provide you with or display to you information and offers that are as relevant as possible (by email, letter, SMS, push messages in the app and personalised teasers on the web, in person at the counter). For this purpose, we only use data that we can clearly assign to you, for example, because you have registered or identified yourself on our website using your SwissPass login and purchased a ticket. We also use methods that predict potential future purchasing behaviour based on your current purchasing behaviour. The legal basis for this processing is our legitimate interest. In certain cases, SBB or another company involved in direct service may also contact us under strict conditions. Please refer to the information in the section on “joint responsibility in public transport”.
You can opt out of contact by the Aletsch Arena, SBB (e.g. in connection with your GA travelcard or Half-Fare travelcard) and other public transport companies at any time. The following options are available to you:
Please also note the information on the right to object in relation to the analysis of click behaviour in the section on tracking tools.
How long is the data stored?
The data are retained for a maximum of 2 years since the last use.
Where is the data stored?
The data are generally stored in Switzerland.
What is the legal basis for data processing?
Consent of the guest (Art. 6(1)(a) GDPR).
You can open a customer account in the online shop shop.aletscharena.ch or when visiting the Aletsch Arena app.
What personal data are stored?
The mandatory information is marked (*):
For what purpose?
We use the personal details to determine your identity and to verify the requirements for registration. The e-mail address and password serve together as login data and are used to ensure that the right person uses the website under your details. We also need your e-mail address in order to verify and confirm the account opening and for future communication with you as necessary to process the contract. In addition, this data is stored in the customer account for future contracts. For this purpose, we also enable you to store further information in the account (e.g. your preferred means of payment).
We also use the data to provide an overview of the orders placed and services purchased and to provide a simple way of managing your personal data, administering our website and contractual relationships, i.e. establishing, designing the content, processing and amending the contracts concluded with you via your customer account (e.g. in connection with your order with us).
How long is the data stored?
With reference to the customer account, for as long as it is active.
For as long as the statutory retention obligations apply.
Where is the data stored?
On systems of Alturos Destinations AG (see below for details).
What is the legal basis for data processing?
Consent of the guest (Art. 6(1)(a) GDPR).
Video cameras are set up at various locations in the Aletsch Arena in order to provide webcam images on the website www.aletscharena.ch. The cameras are placed in such a way that the recognisability of individual persons is excluded as much as possible. However, it cannot be ruled out with absolute certainty that you will be recognised by certain viewers of the webcam images when you are in the camera’s field of vision. In this regard, your personal data may be processed in rare cases, specifically the recording and publication of film recordings, when you move within the Aletsch Arena.
How long is the data stored?
Any images temporarily stored by us will be overwritten no later than when the next image is delivered to us.
Where is the data stored?
Webcam images are either only displayed or temporarily stored at METANET AG, Josefstrasse 218, 8005 Zurich.
What is the legal basis for data processing?
Legitimate interest within the meaning of (Art. 6 (1) (f) GDPR) in the online marketing of our region.
Various offers for individual workstations, entire locations and individual conference rooms can be booked via the booking system workation.aletscharena.ch. If such services are provided by third parties, we will forward your data to the relevant service providers. In the event of bookings or enquiries, Aletsch Arena AG acts as a provider or intermediary between you and a potential service provider. Accordingly, certain data required in order to prepare an offer or fulfil the contract must be forwarded to the service provider. Insofar as the service provider independently further processes the collected data, the data protection policy of the respective service provider will apply. We kindly ask you to consult these as well. However, we will also include your data in our central database and process it for marketing purposes if you have consented to this.
What personal data is stored?
The mandatory information is marked with (*). The required fields differ depending on the product.
For what purpose?
How long is the data stored?
Where is the data stored?
Upstream – Agile GmbH, Harzer Str. 39, 12059 Berlin, Germany
Further information
Privacy Policy | Cobot
What is the legal basis for data processing?
Consent of the guest (Art. 6(1)(a) GDPR); Performance of a contract (Art. 6(1)(b) GDPR)
Aletsch Arena AG and Aletsch Bahnen AG are jointly responsible for processing your data in connection with the use of public transport. As the Aletsch Arena, together with the Aletsch Railways, we are part of public transport and are obliged by law to provide transport services jointly with other transport companies and networks (“Direct Service”, Articles 16 and 17 of the Swiss Passenger Transport Act). In order to make this possible, for example, data from contacting you or from your purchased services is passed on at the national level within the Swiss Direct Transport Association (Nationaler Direkter Verkehr, NDV), an association of more than 240 transport companies (Transportunternehmen, TUs) and public transport networks. Access the data privacy information of Alliance SwissPass for more details about the individual transport companies and networks.
The data are stored in the central network-wide public transport connection (NOVA [Netzweite ÖV-Anbindung] database), which is managed by SBB on behalf of the NDV and for which we, together with the other NDV companies and networks, are responsible. NOVA is a technical platform for the distribution of public transport offers. It contains all key elements for the sale of public transport services, such as the customer database. The scope of access to the common databases by the individual transport companies and networks shall be governed by a joint agreement. The transfer of data and its processing by the transport companies and networks that take place with the centralised storage is limited to the following purposes:
Provision of the transport service
To ensure that your journey runs smoothly, your travel and purchase data will be forwarded within the network-wide public transport connection (Nationaler Direkter Verkehr, NDV).
Contract processing
We process this data for the initiation, management and processing of contractual relationships.
Maintenance of customer relationship and support
We process your data for purposes related to communication with you, in particular to respond to enquiries and to exercise your rights, to identify you across different public transport systems in case of concerns or issues and provide you with the best possible support, as well as to process any potential compensation claims.
Ticket inspection and revenue protection
Customer and subscription data are required and processed for revenue protection (checking the validity of tickets or reduced-fare tickets, collection, combating misuse).
Incidents of journeys without a valid or partially valid ticket can be registered via the national fare evader register.
Distribution of revenue
The Alliance SwissPass office, managed by ch-integral, performs the statutory mandate of collecting travel data for the proper distribution of revenue defined in the Swiss Passenger Transport Act (PBG). The office acts as an agent for the distribution of revenues in the NDV on behalf of the companies that are members of the NDV.
Identification as part of the authentication of the SwissPass login (SSO)
For services that you purchase using the SwissPass login, the data is then stored in the central customer database (NOVA). In order to enable single sign-on (SSO) (one login for all applications that offer the use of their services with the SwissPass login), the aforementioned login, card, customer and service data are also exchanged between the central login infrastructure of the SwissPass and us during authentication.
Joint marketing and market research activities
Furthermore, the data collected in connection with the purchase of public transport services is also processed for marketing purposes in certain cases. If you have given your consent and if processing has been carried out or you are contacted for this purpose, this will generally only be carried out by the transport company or transport network from which you purchased the corresponding public transport service. Processing or contacting by the other transport companies and networks participating in the NDV will only take place in exceptional cases and under strict requirements, and only if the analysis of the data reveals that a particular public transport offer could provide added value for you as a customer. This does not apply to processing and initiating contact by SBB. SBB carries out the marketing mandate for the NDV services (e.g. GA travelcard and Half-Fare travelcard) on behalf of the NDV and may contact you regularly in this role. In addition, we process your data for the purpose of market research, to improve our services and for product development.
Further development of public transport systems with anonymous data
We evaluate your data anonymously in order to be able to further develop the entire public transport system in line with your needs.
Customer information
For cross-border journeys, we will notify you via e-mail or SMS about your upcoming journey and any delays or cancellations. You can unsubscribe from these notifications. For group travel, we will notify you via SMS about your group reservation and any delays or cancellations. You can decide whether you wish to receive these notifications when booking a group trip.
Cookies are also used when visiting websites. Cookies help, among other things, to make your visit to our websites easier, more enjoyable and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our websites. Cookies do not damage your computer's hard drive, nor do they transmit your personal data to us.
Cookies are small files that are stored on your computer or mobile end device when you visit or use one of our websites. Cookies store certain settings via your browser as well as data about how you interact with the website via your browser. When a cookie is activated, it can be assigned an identification number through which your browser is identified and the information contained in the cookie can be used. You can configure your browser to display a warning on the screen before a cookie is stored. You can also opt out of the benefits of personal cookies. In this case, certain services cannot be used.
We use cookies to carry out an evaluation of general user behaviour. The aim is to optimise the digital presence and to make it more user-friendly, with content that is easier to find intuitively. The digital platforms should be structured and organised in a more comprehensible way. It is important to us to design our digital presence in a user-friendly manner in accordance with your needs. This enables us to optimise the website with targeted content or information on the website that may be of interest to you.
Most web browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie. On the following pages, you will find explanations on how you can configure the processing of cookies:
If you deactivate cookies, you may not be able to use all the functions of our website. The legal basis for the data processing described is our legitimate interest.
The cookies are provided by our marketing tool.
What technical data is stored?
For what purpose?
How long is the data stored?
The cookie is valid for 13 months, i.e. the data is stored for a period of 13 months.
Where is the data stored?
HubSpot, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland
What is the legal basis for data processing?
Consent of the guest (Art. 6 (1) (a) GDPR)
For the purpose of designing and continuously optimising our websites and the Aletsch Arena App, we use Google Analytics, a web analysis service of Google Inc. In this context, pseudonymised user profiles are created and small text files (see “cookies”) are used.
The information generated by cookies about your use of the websites and the Aletsch Arena App is transmitted to the server of the service provider Google Analytics, stored there and prepared for us. In addition to the data listed above (see “When visiting the websites”), this provides us with the following information:
What data is stored?
For what purpose?
What technical data is stored?
Cookies (user ID, advertising ID)
How long is the data stored?
26 months
Where is the data stored?
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA
What is the legal basis for data processing?
Consent of the guest (Art. 6 (1) (a) GDPR)
The anonymised IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google Inc., the IP address will not under any circumstances be associated with any other data concerning you. Further information about the web analytics service used can be found on the website of Google Analytics.
You can prevent the data generated by the cookie about your website use (including your IP address) from being collected and processed by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en
We have activated the Google signals feature in our web analysis in order to better understand user behaviour across different devices and to optimise our websites and the Aletsch Arena App accordingly. This feature makes it possible to compile aggregated and anonymous statistics about the behaviour of users who are logged in to their Google account and have allowed personalised advertising. Your data will only be processed in anonymised form, and you can adjust this setting at any time in your Google Account by deactivating the option for personalised advertising. Further information on the collection and processing of data and your options for objecting can be found in our privacy policy under the section Google Analytics.
Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate, for example, Google Analytics and other Google marketing services into our online offering. The tag manager itself, which implements the tags, does not process any personal data. With regard to the processing of your personal data, reference is made to the following information about Google services: Usage Policy
Our websites integrate tracking points of Adform, Wildersgade 10B, 1408 Copenhagen, Denmark. This enables Aletsch Arena AG to track users' actions after they have visited and navigated the websites. The data collected remains anonymous. This means that the data of individual users cannot be viewed. However, the collected data is stored and processed by Adform in encrypted form. We cannot assign this data to the individual visitors to our websites. We will inform you on this matter according to our current information. These tracking points enable Aletsch Arena AG to display advertising tailored to their needs to users.
Our websites also use cookies and products of the company Adform A/S (ad server, DSP and DMP) for target group-oriented advertising in joint processing pursuant to Art. 26 GDPR. For this purpose, various parameters (pages accessed, device type, geographical origin, most recently visited websites) are recorded, and visitors are grouped into different segments. Statistical analysis is then used to identify similar users in the global Adform cookie pool in order to address them with targeted advertising from Aletsch Arena AG. More information about Adform.
Links to our social media profiles
On our websites and the Aletsch Arena App, we have incorporated links to our social media profiles of the following social networks:
Social plug-ins are used to make our websites more personal. The plugins are deactivated by default on our websites and therefore do not send any data to social networks. By clicking on the “activate social media” button, you can activate all plugins (so-called 2-click solution). The plugins can, of course, be deactivated again with one click.
If the plug-ins are activated, your browser establishes a direct connection with the servers of the respective social network as soon as you visit our website. The content of the plug-in is transmitted by the social network directly to your browser, which integrates it into the website.
By integrating the plug-ins, the respective provider receives the information that your browser has accessed the corresponding page of our website, even if you do not have an account on this social network or are not currently logged into it. This information (including your IP address) is transmitted by your browser directly to a server of the provider (mostly in the USA) and stored there. We therefore have no influence on the extent of the data that the provider collects with the plug-in.
If you are logged into the social network, it can directly assign your visit to our website to your user account. If you interact with the plugins, the corresponding information is also transmitted directly to a server of the provider and stored there. The information may also be published on the social network and may be displayed to other users of the social network.
The provider of the social network may use this information for the purpose of advertising, market research and needs-based design of the respective offer. For this purpose, usage, interest and relationship profiles may be created, for example, in order to evaluate your use of our website in relation to the advertisements displayed to you on the social network, to inform other users about your activities on our website and to provide other services related to the use of the social network.
For information about the purpose and scope of the data collection and the further processing and use of the data by the providers of the social networks, as well as about your related rights and settings options for protecting your privacy, please refer directly to the privacy policy of the respective provider.
If you do not want the provider of the social network to associate the data collected via our website with your user account, you must log out of the social network before activating the plug-ins.
The legal basis for the data processing described is our legitimate interest.
Social bookmarks labelled with the respective logo are used on our websites. Users of certain social media platforms may use social bookmarks to place links from selected websites on their profile in order to mark them or to share the page with their contacts. By clicking on social bookmarks, you send identification data to the corresponding social media platform. If you do not want this, you should not activate social bookmarks. With regard to the collection, processing and use of your data by social media platforms, please refer to the privacy policies of the individual social media platforms.
On certain websites, you will find content from external providers such as Google Maps, YouTube, Vimeo and Flickr. This means that an external website is accessed in that area of the website. The data processing in these i-frames is beyond our control. The external providers may assign access to your respective account, provided that you are logged in to the relevant provider. The providers set a cookie as soon as the page loads. With regard to the collection, processing and use of your data, please refer to the privacy policies of the individual providers.
Which providers are involved in particular?
Aletsch Arena AG also collects personal data from you outside the website, e.g. if you contact us by e-mail or phone independently of the website and if we need to collect data from you (e.g. your e-mail address or telephone number) in order for us to contact you.
We also collect your personal data if you register for an event or book an experience with us at one of our information centres. We generally obtain the same data as for booking via the website (see “When making a booking via the online shop”). The guest's consent forms the legal basis for this data processing (Art. 6(1)(a) GDPR). In the case of third-party services, we are only an intermediary and carry out bookings on behalf of the service providers. We forward the data for processing the booking to the relevant service providers. These service providers are responsible for further processing of the data under data protection law. Unless otherwise informed, the service providers will process the data for the purpose of processing the booking. They may also engage third parties to process the data on their behalf. Hoteliers, holiday homeowners and campsite operators are also required by law to register you and your fellow travellers with the authorities (see “For digital registration”).
In the case of third-party services, we transfer the data to the corresponding service providers, who then become responsible for data processing. Responsibility then passes to Aletsch Bahnen AG, in particular where public transport tickets are booked. Aletsch Arena AG is not responsible for data processing by the service providers. However, in the case of an analogous referral of services, among other things, the booking data and all other data that we collect from you in connection with the services remain stored in our central database and, if you consent to this, the data is also evaluated for marketing purposes (see “Storing your personal data in a central database of Aletsch Arena AG”). The legal basis for this data processing is the performance of a contract (Art. 6(1)(a) and (b) GDPR).
We process personal data only for as long as is necessary for the respective purpose or as required by law. If you have set up a user account with us, we will retain the master data you provide for an unlimited period of time. However, you may request the deletion of your user account at any time (see “Your rights in relation to your data?”). We will delete the master data unless we are required by law to retain it.
Contract data, which may also include personal data, is retained until the expiry of the 10-year statutory retention period. Obligations to retain data arise, among other things, from accounting and tax regulations as well as the retention obligation in relation to electronic communications. To the extent we no longer need this data to perform the services, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.
If we wish to refuse further business contacts with a data subject due to misuse, payment defaults or other legitimate reasons, we retain the corresponding personal data for five years or, in the event of a recurrence, for ten years.
We will only disclose your personal data with your express consent, if we are required to do so by law or if this is necessary in order to enforce our rights, in particular to enforce claims arising under the contractual relationship.
Various third-party service providers are explicitly mentioned in this data privacy statement (see “What data is collected by us, for what purpose, how long and where is it stored?”). Another service provider to whom personal data is disclosed or who has or could have access to personal data is our web host, neusta destination solutions GmbH, Leopoldsstr. 16, 80802 Munich, Germany (www.neusta-ds.de). The websites are hosted on servers in Germany at neusta infastructure Services GmbH, Konsul-Smidt-Strasse 24, 28217 Bremen, Germany, www.neusta-is.de.
We use third-party service providers to process personal data on our behalf. This may be used for a variety of purposes, such as sending advertising content or verifying the email address you provided to us during the booking process. All third-party service providers are subject to confidentiality and contract data agreements, i.e. they are not authorised to process your personal data for purposes other than those specified by Aletsch Arena AG.
Payment providers
When you make a credit card payment on the website, we forward your credit card information to your credit card issuer as well as to the credit card acquirer. If you decide to pay by credit card, you will be asked in each case to enter all necessary information. With regard to the processing of your credit card information by third parties, we invite you to also read the General Terms and Conditions and the Privacy Statement of Datatrans AG and your credit card issuer.
Skiline
You have the option of registering directly via our website for Skiline services (ski day tracking, giant slalom with ski movie, speed course with photo, etc.). When you decide to use Skiline services, you will be asked to enter all mandatory information (KeyCard number, first name, last name, etc.). With regard to the processing of your personal data by third parties, please also read the General Terms and Conditions and the privacy policy of Alturos Destinations GmbH.
Braze
We use the services of “Braze” for marketing automation. Data are stored exclusively on servers located within the European Union. Learn more about Braze at: https://www.braze.com/legal/
Alturos Destinations AG
The following service providers shall have access to personal data in the context of the agreements: Providers of online shops, reporting and Skiline services: Alturos Destinations AG, Churerstrasse 54, 8808 Pfäffikon, Switzerland.
Alturos Destinations GmbH (Austria) has a contract for order data processing with Anexia Internetdienstleistungs GmbH, Feldkirchnerstrasse 140, 9020 Klagenfurt, Austria on the Wörthersee.
Competent authorities
We disclose personal data for law enforcement purposes if this is required by law (e.g. reporting system), is urgently necessary to prevent, detect or prosecute criminal acts or fraud or if we are otherwise legally obliged to do so. In addition, we may share personal data with the competent authorities in order to protect our rights and those of service or business partners.
SwissPass (see also chapter 4, letter i)
As a guest, you have the option of using SwissPass as a wallet for various services (mountain railway tickets, guest card, etc.). Once you have consented to the SwissPass Disclaimer, data will be exchanged between SBB Swiss Federal Railways (SBB AG) and Aletsch Arena AG. Aletsch Arena AG will send information concerning the validity period, item name, date of purchase, reference number and additional information to SBB AG. Conversely, SBB AG will only supply the attributes required for providing the service (see “When booking mountain rail tickets through the online shop” and “When using the digital guest card”). If you consent to the SwissPass Disclaimer, you also accept the relevant provisions of SBB AG. SBB AG stores the data for a maximum period of 10 years; the retention period at Aletsch Arena AG is specified under the applicable data processing (see “What data do we collect, for what purpose, how long and where are they stored?”).
The personal data referred to in the preceding sections are centrally stored, processed and analysed by Aletsch Arena AG. These evaluations may generate user profiles about you. By using the above-referenced functionalities, you agree that we may store your personal data in our central database and analyse it for advertising purposes. You agree that user profiles about you may be created as a result. You can object to the analysis of your personal data for advertising purposes and the creation of user profiles at any time (see “What rights do you have?”).
We use HubSpot's marketing tool for our central database. HubSpot is an integrated software solution that covers different aspects of our digital marketing, sales and customer relationship management. We also use the tool for the purpose of analysing our web offers in order to optimise them and to provide you with the best possible and user-friendly service.
We use HubSpot for:
For detailed information on the scope of data processing, please refer to the section “What data do we collect, for what purpose, how long and where are they stored?”
The content of our websites, as well as your personal data that you provide, for example, when using our contact form or registering for our newsletter, are stored on servers of our software partner HubSpot.
HubSpot also uses “cookies”, which are stored on your computer and enable us to analyse your use of the website. HubSpot evaluates the information collected (e.g. IP address, geographical location, type of browser, duration of visit and pages accessed) on our behalf so that we can generate reports on the visit and the pages visited and thus improve our website. If you do not want HubSpot to record your activities on our websites in general, you can opt out in the cookie notice that appears the first time you visit our sites.
All information we collect is subject to this data privacy statement. HubSpot is certified under the terms of the “EU - U.S. Data Privacy Frameworks” and is subject to TRUSTe's Privacy Seal and the “Swiss-US Data Privacy Framework”. This means that the processing of personal data by certified companies operating outside Europe complies with European data protection standards.
You can find more information about HubSpot's privacy policies on the HubSpot Privacy page.
You can find more information from HubSpot regarding the EU data protection regulations on the HubSpot EU Data Protection page.
You can find more information about the cookies used by HubSpot on the HubSpot Cookie Policy page.
Where is the data stored?
HubSpot, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland (data storage occurs in AWS Germany)
Ultimately, all this data serves to personalise the information and offers sent to you and to better tailor them to your interests.
You have the following rights in relation to your personal data:
To exercise your rights, please reach out to the contact listed at the beginning of this data privacy statement.
We use appropriate technical and organisational security measures in order to protect your personal data stored with us against manipulation, full or partial loss and unauthorised access by third parties. Our security measures are continuously enhanced in line with technological progress. You should always treat your information as confidential and close the browser window when you have finished communicating with us, particularly if you share your computer with other persons. We also take internal data protection very seriously. Our staff and the service providers with whom we contract have been obligated by us to uphold confidentiality and to comply with the provisions of data protection law.
We reserve the right to amend and supplement this data privacy statement at any time and at our absolute discretion. Please consult this data privacy statement regularly.