Data Privacy Aletsch Arena AG

Aletsch Arena AG

  • Last updated: 08 July 2025

Table of Contents

  1. General (customer promise)
  2. Applicable Laws
  3. Controller/contact data
  4. Processing of your data
  5. Shared responsibility in public transport
  6. Cookies
  7. Third-party social networks and services
  8. Analogue data collection
  9. Data processors/Third-party service providers
  10. Your rights in relation to your data
  11. Data security
  12. Adjustments

 

 

1. General (Customer Promise)

Protecting your privacy is important to us. We respect your personality and privacy. We ensure the protection of your personal data as well as its processing in accordance with applicable laws.

Personal data means any information relating to an identified or identifiable person. In addition to your contact details, such as name, phone number, address or e-mail address, this includes further information that you provide to us.

Within the limits of the law, you may decide how your data is processed (see also the section 'Your Rights' below). In principle, we use the data in the context of providing services to you and in order to offer you added value (e.g. customised offers, support in the event of disruptions). Your data will only be used for the development, provision, optimisation and evaluation of our services or for maintenance of the customer relationship.

We guarantee that we will not sell your data to third parties. Your data will only be disclosed to selected third parties listed in this data privacy statement and only for the purposes explicitly stated. If we commission third parties to carry out data processing, they will be required to comply with our data protection standards.

We guarantee the careful handling of customer data. We ensure the necessary organisational and technical precautions for this purpose.

Below you will find detailed information on how we handle your data.

 

2. Applicable Laws

We are committed to handling your personal data responsibly and guarantee compliance with the Swiss Federal Act on Data Protection (FADP), the Ordinance on Data Protection (DPO) and other relevant provisions of Swiss law as well as the provisions of the EU General Data Protection Regulation (EU GDPR). In the following, we also refer to the corresponding legal basis in the GDPR.

“Processing of your personal data” refers to any operation performed on your personal data (as defined under both the FADP and GDPR).including storage, processing, use, erasure, and other forms of handling.

This data privacy statement covers not only data processing in connection with the website www.aletscharena.ch and all other websites for which Aletsch Arena AG is responsible, but also the processing of personal data at the information centres and other points of sale of Aletsch Arena AG.

This data privacy statement constitutes an integral part of the General Terms and Conditions (GTC) of Aletsch Arena AG.

 

3. Controller/Contact Data

Aletsch Arena AG is responsible for the processing of your personal data.

Joint responsibility exists where you purchase/order services or products from third parties (service providers) through Aletsch Arena AG. Joint responsibility applies in particular to services provided by Aletsch Bahnen AG.

Please do not hesitate to contact our in-house data protection officer at any time with any questions or suggestions regarding data protection.

By post to:

Aletsch Arena AG
Data Protection Officer
Furkastrasse 39
3983 Mörel-Filet
Switzerland

By e-mail to: datenschutz@aletscharena.ch

Based on Art. 27 GDPR, Aletsch Arena AG has appointed an EU data protection representative.

For any questions relating to European data protection, please contact our EU data protection representative:

EU Data Protection Representative
ADVOVOX Rechtsanwalts GmbH Sven Krüger
Großbeerenstraße 2-10
D-12107
Berlin

Phone: +49 - 30 - 22 48 75 28
Fax: +49 - 30 - 22 48 75 29

E-mail: gdpr@advovox.de

Website: www.advovox.de 

Business ID no.: DE 253207773

If you have any questions, please contact Aletsch Bahnen AG

Aletsch Bahnen AG
Hauptstrasse 12
3992 Bettmeralp
Switzerland

Email: info@aletschbahnen.ch 

 

4. Processing of your data

Why do we collect your data 

We collect personal data in order to keep you informed about news and updates (such as products, events, etc.) and to make your stay in the Aletsch Arena holiday region as pleasant as possible.

We understand how important the careful handling of your personal data is to you. All data processing takes place only for specific purposes. These may arise, for example, from technical necessity, contractual requirements, legal regulations, legitimate interest—that is, from lawful grounds—or your express consent. We collect, store and process personal data where necessary.

In the following, we outline for each use case which personal and usage data we collect, for what purpose, how long we retain it, and where your data is stored. In all use cases, no personal data will be collected by Aletsch Arena AG without your active consent.

Note: The legal basis pursuant to the GDPR is aimed at guests from the EU. For guests from Switzerland, the Swiss Federal Act on Data Protection (FADP) applies and with regard to processing Art. 12 and Art. 13 in conjunction with the principles of Art. 4 et seq. FADP.

5. Shared responsibility in public transport

Aletsch Arena AG and Aletsch Bahnen AG are jointly responsible for processing your data in connection with the use of public transport. As the Aletsch Arena, together with the Aletsch Railways, we are part of public transport and are obliged by law to provide transport services jointly with other transport companies and networks (“Direct Service”, Articles 16 and 17 of the Swiss Passenger Transport Act). In order to make this possible, for example, data from contacting you or from your purchased services is passed on at the national level within the Swiss Direct Transport Association (Nationaler Direkter Verkehr, NDV), an association of more than 240 transport companies (Transportunternehmen, TUs) and public transport networks. Access the data privacy information of Alliance SwissPass for more details about the individual transport companies and networks.

The data are stored in the central network-wide public transport connection (NOVA [Netzweite ÖV-Anbindung] database), which is managed by SBB on behalf of the NDV and for which we, together with the other NDV companies and networks, are responsible. NOVA is a technical platform for the distribution of public transport offers. It contains all key elements for the sale of public transport services, such as the customer database. The scope of access to the common databases by the individual transport companies and networks shall be governed by a joint agreement. The transfer of data and its processing by the transport companies and networks that take place with the centralised storage is limited to the following purposes:

Provision of the transport service
To ensure that your journey runs smoothly, your travel and purchase data will be forwarded within the network-wide public transport connection (Nationaler Direkter Verkehr, NDV).

Contract processing
We process this data for the initiation, management and processing of contractual relationships.

Maintenance of customer relationship and support
We process your data for purposes related to communication with you, in particular to respond to enquiries and to exercise your rights, to identify you across different public transport systems in case of concerns or issues and provide you with the best possible support, as well as to process any potential compensation claims.

Ticket inspection and revenue protection
Customer and subscription data are required and processed for revenue protection (checking the validity of tickets or reduced-fare tickets, collection, combating misuse).

Incidents of journeys without a valid or partially valid ticket can be registered via the national fare evader register.

Distribution of revenue
The Alliance SwissPass office, managed by ch-integral, performs the statutory mandate of collecting travel data for the proper distribution of revenue defined in the Swiss Passenger Transport Act (PBG). The office acts as an agent for the distribution of revenues in the NDV on behalf of the companies that are members of the NDV.

Identification as part of the authentication of the SwissPass login (SSO)
For services that you purchase using the SwissPass login, the data is then stored in the central customer database (NOVA). In order to enable single sign-on (SSO) (one login for all applications that offer the use of their services with the SwissPass login), the aforementioned login, card, customer and service data are also exchanged between the central login infrastructure of the SwissPass and us during authentication.

Joint marketing and market research activities
Furthermore, the data collected in connection with the purchase of public transport services is also processed for marketing purposes in certain cases. If you have given your consent and if processing has been carried out or you are contacted for this purpose, this will generally only be carried out by the transport company or transport network from which you purchased the corresponding public transport service. Processing or contacting by the other transport companies and networks participating in the NDV will only take place in exceptional cases and under strict requirements, and only if the analysis of the data reveals that a particular public transport offer could provide added value for you as a customer. This does not apply to processing and initiating contact by SBB. SBB carries out the marketing mandate for the NDV services (e.g. GA travelcard and Half-Fare travelcard) on behalf of the NDV and may contact you regularly in this role. In addition, we process your data for the purpose of market research, to improve our services and for product development.

Further development of public transport systems with anonymous data
We evaluate your data anonymously in order to be able to further develop the entire public transport system in line with your needs.

Customer information
For cross-border journeys, we will notify you via e-mail or SMS about your upcoming journey and any delays or cancellations. You can unsubscribe from these notifications. For group travel, we will notify you via SMS about your group reservation and any delays or cancellations. You can decide whether you wish to receive these notifications when booking a group trip.

 

6. Cookies

Cookies are also used when visiting websites. Cookies help, among other things, to make your visit to our websites easier, more enjoyable and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our websites. Cookies do not damage your computer's hard drive, nor do they transmit your personal data to us.

Cookies are small files that are stored on your computer or mobile end device when you visit or use one of our websites. Cookies store certain settings via your browser as well as data about how you interact with the website via your browser. When a cookie is activated, it can be assigned an identification number through which your browser is identified and the information contained in the cookie can be used. You can configure your browser to display a warning on the screen before a cookie is stored. You can also opt out of the benefits of personal cookies. In this case, certain services cannot be used.

We use cookies to carry out an evaluation of general user behaviour. The aim is to optimise the digital presence and to make it more user-friendly, with content that is easier to find intuitively. The digital platforms should be structured and organised in a more comprehensible way. It is important to us to design our digital presence in a user-friendly manner in accordance with your needs. This enables us to optimise the website with targeted content or information on the website that may be of interest to you.

Most web browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie. On the following pages, you will find explanations on how you can configure the processing of cookies:

If you deactivate cookies, you may not be able to use all the functions of our website. The legal basis for the data processing described is our legitimate interest.

The cookies are provided by our marketing tool.

What technical data is stored?

  • Domain
  • User token (utk)
  • First time stamp (of the first visit)
  • Last timestamp (last visit)
  • Current timestamp (for this visit)
  • Number of sessions (increases with each subsequent session)

For what purpose?

  • To technically improve the services
  • To improve our offers
  • To identify your reading habits and adapt the content accordingly

How long is the data stored?
The cookie is valid for 13 months, i.e. the data is stored for a period of 13 months.

Where is the data stored?
HubSpot, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland

What is the legal basis for data processing?
Consent of the guest (Art. 6 (1) (a) GDPR)

 

7. Third-party social networks and services

8. Analogue data collection

Aletsch Arena AG also collects personal data from you outside the website, e.g. if you contact us by e-mail or phone independently of the website and if we need to collect data from you (e.g. your e-mail address or telephone number) in order for us to contact you.

We also collect your personal data if you register for an event or book an experience with us at one of our information centres. We generally obtain the same data as for booking via the website (see “When making a booking via the online shop”). The guest's consent forms the legal basis for this data processing (Art. 6(1)(a) GDPR). In the case of third-party services, we are only an intermediary and carry out bookings on behalf of the service providers. We forward the data for processing the booking to the relevant service providers. These service providers are responsible for further processing of the data under data protection law. Unless otherwise informed, the service providers will process the data for the purpose of processing the booking. They may also engage third parties to process the data on their behalf. Hoteliers, holiday homeowners and campsite operators are also required by law to register you and your fellow travellers with the authorities (see “For digital registration”).

In the case of third-party services, we transfer the data to the corresponding service providers, who then become responsible for data processing. Responsibility then passes to Aletsch Bahnen AG, in particular where public transport tickets are booked. Aletsch Arena AG is not responsible for data processing by the service providers. However, in the case of an analogous referral of services, among other things, the booking data and all other data that we collect from you in connection with the services remain stored in our central database and, if you consent to this, the data is also evaluated for marketing purposes (see “Storing your personal data in a central database of Aletsch Arena AG”). The legal basis for this data processing is the performance of a contract (Art. 6(1)(a) and (b) GDPR).

We process personal data only for as long as is necessary for the respective purpose or as required by law. If you have set up a user account with us, we will retain the master data you provide for an unlimited period of time. However, you may request the deletion of your user account at any time (see “Your rights in relation to your data?”). We will delete the master data unless we are required by law to retain it.

Contract data, which may also include personal data, is retained until the expiry of the 10-year statutory retention period. Obligations to retain data arise, among other things, from accounting and tax regulations as well as the retention obligation in relation to electronic communications. To the extent we no longer need this data to perform the services, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.

If we wish to refuse further business contacts with a data subject due to misuse, payment defaults or other legitimate reasons, we retain the corresponding personal data for five years or, in the event of a recurrence, for ten years.

We will only disclose your personal data with your express consent, if we are required to do so by law or if this is necessary in order to enforce our rights, in particular to enforce claims arising under the contractual relationship.

Various third-party service providers are explicitly mentioned in this data privacy statement (see “What data is collected by us, for what purpose, how long and where is it stored?”). Another service provider to whom personal data is disclosed or who has or could have access to personal data is our web host, neusta destination solutions GmbH, Leopoldsstr. 16, 80802 Munich, Germany (www.neusta-ds.de). The websites are hosted on servers in Germany at neusta infastructure Services GmbH, Konsul-Smidt-Strasse 24, 28217 Bremen, Germany, www.neusta-is.de.

 

9. Data processors/third party service providers

We use third-party service providers to process personal data on our behalf. This may be used for a variety of purposes, such as sending advertising content or verifying the email address you provided to us during the booking process. All third-party service providers are subject to confidentiality and contract data agreements, i.e. they are not authorised to process your personal data for purposes other than those specified by Aletsch Arena AG.

Payment providers
When you make a credit card payment on the website, we forward your credit card information to your credit card issuer as well as to the credit card acquirer. If you decide to pay by credit card, you will be asked in each case to enter all necessary information. With regard to the processing of your credit card information by third parties, we invite you to also read the General Terms and Conditions and the Privacy Statement of Datatrans AG and your credit card issuer.

Skiline
You have the option of registering directly via our website for Skiline services (ski day tracking, giant slalom with ski movie, speed course with photo, etc.). When you decide to use Skiline services, you will be asked to enter all mandatory information (KeyCard number, first name, last name, etc.). With regard to the processing of your personal data by third parties, please also read the General Terms and Conditions and the privacy policy of Alturos Destinations GmbH.

Braze
We use the services of “Braze” for marketing automation. Data are stored exclusively on servers located within the European Union. Learn more about Braze at: https://www.braze.com/legal/

Alturos Destinations AG
The following service providers shall have access to personal data in the context of the agreements: Providers of online shops, reporting and Skiline services: Alturos Destinations AG, Churerstrasse 54, 8808 Pfäffikon, Switzerland.

Alturos Destinations GmbH (Austria) has a contract for order data processing with Anexia Internetdienstleistungs GmbH, Feldkirchnerstrasse 140, 9020 Klagenfurt, Austria on the Wörthersee.

Competent authorities
We disclose personal data for law enforcement purposes if this is required by law (e.g. reporting system), is urgently necessary to prevent, detect or prosecute criminal acts or fraud or if we are otherwise legally obliged to do so. In addition, we may share personal data with the competent authorities in order to protect our rights and those of service or business partners.

SwissPass (see also chapter 4, letter i)
As a guest, you have the option of using SwissPass as a wallet for various services (mountain railway tickets, guest card, etc.). Once you have consented to the SwissPass Disclaimer, data will be exchanged between SBB Swiss Federal Railways (SBB AG) and Aletsch Arena AG. Aletsch Arena AG will send information concerning the validity period, item name, date of purchase, reference number and additional information to SBB AG. Conversely, SBB AG will only supply the attributes required for providing the service (see “When booking mountain rail tickets through the online shop” and “When using the digital guest card”). If you consent to the SwissPass Disclaimer, you also accept the relevant provisions of SBB AG. SBB AG stores the data for a maximum period of 10 years; the retention period at Aletsch Arena AG is specified under the applicable data processing (see “What data do we collect, for what purpose, how long and where are they stored?”).

The personal data referred to in the preceding sections are centrally stored, processed and analysed by Aletsch Arena AG. These evaluations may generate user profiles about you. By using the above-referenced functionalities, you agree that we may store your personal data in our central database and analyse it for advertising purposes. You agree that user profiles about you may be created as a result. You can object to the analysis of your personal data for advertising purposes and the creation of user profiles at any time (see “What rights do you have?”).

We use HubSpot's marketing tool for our central database. HubSpot is an integrated software solution that covers different aspects of our digital marketing, sales and customer relationship management. We also use the tool for the purpose of analysing our web offers in order to optimise them and to provide you with the best possible and user-friendly service.

We use HubSpot for:

  • initiating contact using the contact form (see “For an enquiry using the contact form”)
  • subscribing to and sending out the newsletter (see “When accessing a newsletter”)
  • the creation of landing pages that are used as part of an advertising campaign and contain interaction options such as making contact or downloading documents
  • the social media linking or social media sharing
  • evaluating the use of our websites (e.g. accesses, pages visited, length of stay, etc.) as well as for evaluating the use of our newsletters, such as opening rate, click-through rate, cancellation of the newsletter, etc. (see “When accessing a newsletter”)

For detailed information on the scope of data processing, please refer to the section “What data do we collect, for what purpose, how long and where are they stored?”

The content of our websites, as well as your personal data that you provide, for example, when using our contact form or registering for our newsletter, are stored on servers of our software partner HubSpot.

HubSpot also uses “cookies”, which are stored on your computer and enable us to analyse your use of the website. HubSpot evaluates the information collected (e.g. IP address, geographical location, type of browser, duration of visit and pages accessed) on our behalf so that we can generate reports on the visit and the pages visited and thus improve our website. If you do not want HubSpot to record your activities on our websites in general, you can opt out in the cookie notice that appears the first time you visit our sites.

All information we collect is subject to this data privacy statement. HubSpot is certified under the terms of the “EU - U.S. Data Privacy Frameworks” and is subject to TRUSTe's Privacy Seal and the “Swiss-US Data Privacy Framework”. This means that the processing of personal data by certified companies operating outside Europe complies with European data protection standards.

You can find more information about HubSpot's privacy policies on the HubSpot Privacy page.


You can find more information from HubSpot regarding the EU data protection regulations on the HubSpot EU Data Protection page.

You can find more information about the cookies used by HubSpot on the HubSpot Cookie Policy page.

Where is the data stored?
HubSpot, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland (data storage occurs in AWS Germany)

Ultimately, all this data serves to personalise the information and offers sent to you and to better tailor them to your interests.

 

10. Your rights in relation to your data 

You have the following rights in relation to your personal data:

  • Right to withdraw consent at any time (Switzerland: general principle; EU: Art. 7(3) GDPR). If you have previously consented to the processing of personal data, you may withdraw your consent at any time.
  • Right to information concerning the data processed (Switzerland: Art. 25 FADP, EU: Art. 15 GDPR). You have the right to request information as to whether your personal data is being processed by the provider, as well as information on individual aspects of the processing and to receive a copy of the data.
  • Right to verification and rectification (Switzerland: Art. 32 FADP, EU: Art. 16 GDPR). You have the right to verify the accuracy of your data and to request that it be updated or corrected.
  • Right to erasure or other removal of personal data (Switzerland: Art. 32 FADP, EU: Art. 17 GDPR). Under certain circumstances, you have the right to request the provider to erase your data.
  • If you have set up a customer account, you can delete it or have it deleted.
  • Right to restriction (blocking) of processing (EU: Art. 18 GDPR). Under certain conditions, you have the right to restrict the processing of your data.
  • Right to data portability (Switzerland: Art. 28 FADP; EU: Art. 20 GDPR). You have the right to receive your data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transmitted to another controller without hindrance.
  • Right to object to the processing of their data (Switzerland: Art. 15 FADP, EU: Art. 21 GDPR). You have the right to object to the processing of your data if the processing is carried out on a legal basis other than consent. You can object to the use of your data for marketing purposes.
  • You can revoke your consent at any time with effect for the future. Right to a claim (Switzerland: Art. 20 FADP) or, in the EU, the right to lodge a complaint (EU: Art. 77 GDPR).

To exercise your rights, please reach out to the contact listed at the beginning of this data privacy statement.

 

11. Data security

We use appropriate technical and organisational security measures in order to protect your personal data stored with us against manipulation, full or partial loss and unauthorised access by third parties. Our security measures are continuously enhanced in line with technological progress. You should always treat your information as confidential and close the browser window when you have finished communicating with us, particularly if you share your computer with other persons. We also take internal data protection very seriously. Our staff and the service providers with whom we contract have been obligated by us to uphold confidentiality and to comply with the provisions of data protection law.

 

12. Adjustments

We reserve the right to amend and supplement this data privacy statement at any time and at our absolute discretion. Please consult this data privacy statement regularly.