• slide

Privacy Policy

This Privacy Policy explains which personal data we process when carrying out our activities and tasks, including our https://www.bnbwyler.ch website. It contains specific information on the reason for processing personal data as well as how and where we do so. It further contains details on the rights of persons whose data we process (data subjects).

Additional privacy policies and other legal documents, such as general terms and conditions (GTC), conditions of use or terms and conditions of participation, may apply to individual or additional activities and tasks.

We are governed by Swiss data protection law and any other applicable foreign data protection laws, such as, in particular, the General Data Protection Regulation (GDPR) of the European Union (EU). The European Commission acknowledges that Swiss data protection law provides adequate data protection.

1. Contact details

Data Processing Officer:
Lilo Wyler
Stockmatten 967A
3855 Brienz

2. Terminology and legal bases

2.1 Terminology

Personal data includes all information relating to a specific or determinable natural person. A data subject is a person whose personal data we process.

Processing comprises any form of handling of personal data, regardless of the means and methods applied, such as the querying, reconciling, adjusting, archiving, storing, reading, publishing, procuring, recording, collecting, deleting, disclosing, sorting, organising, saving, modifying, distributing, linking, destroying and using of personal data.

The European Economic Area (EEA) comprises the member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) describes working with personal data as the processing of personal data.

2.2 Legal bases

We process personal data in compliance with Swiss data protection laws such as, in particular, the Federal Act on Data Protection (Data Protection Act – FADP) and the Ordinance on Data Protection (Data Protection Ordinance – DPO).

Whenever the General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with one of the following legal bases at a minimum:

Art. 6 (1) lit. b) GDPR for personal data processing required for fulfilling a contract with a data subject and for implementing pre-contractual measures.

Art. 6 (1) lit. ) GDPR for personal data processing required to maintain the legitimate interests of ourselves and third parties, unless the basic freedoms and rights as well as interests of the data subject outweigh those. Legitimate interests are, in particular, our interest in carrying out our activities and tasks in a sustainable, user-friendly, secure and reliable manner and to be able to communicate about this, assurance of information security, protection against misuse, the enforcement of our own legal claims and compliance with Swiss law.

Art. 6 (1) lit. c) GDPR for personal data processing required for fulfilling legal obligations to which we are subject in accordance with any applicable laws of member states of the European Economic Area (EEA).

Art. 6 (1) lit. e) GDPR for personal data processing required for performing tasks that are in the interest of the general public.

Art. 6 (1) lit. a) GDPR for personal data processing with consent from the data subject.

Art. 6 (1) lit. d) GDPR for personal data processing required for protecting vital interests of the data subject or other natural persons.

3. Type, scope and purpose

We process personal data that is required for carrying out our activities and tasks in a permanent, user-friendly, secure and reliable manner. Such personal data may, in particular, fall into the categories of existing and contact data, browser and device data, content data, meta and/or ranking data as well as use, location, sales, contractual and payment data.

We process personal data during the period required for the respective purpose(s) or stated by law. Personal data that is no longer required for processing is anonymised or deleted.

We may engage third parties to process personal data. We may process personal data in collaboration with third parties or transfer it to third parties. Such third parties are, in particular, specialised providers whose services we use. We also assure data protection when engaging such third parties.

We only ever process personal data with consent from the data subjects. If and insofar as processing is permitted due to other legal reasons, we may choose not to obtain consent. We may, for example, process personal data without consent for fulfilling a contract, meeting legal obligations or maintaining prevailing interests.

We also process personal data that we receive from third parties, procure from public sources or collect whilst carrying out our activities and tasks if and insofar as such processing is permitted on legal grounds.

4. Communication

We process data to communicate with third parties. In this context, we particularly process data that is transferred by a data subject when contacting us, such as by letter or email. We may store such data in an address book or similar tools.

Third parties that transfer data relating to other persons must assure data protection to such data subjects. To do so, the accuracy of the transferred personal data must be ensured, amongst other things.

5. Data security

The implement suitable technical and organisational measures to assure data security that adequately accounts for the respective risk. With our measures, we assure, in particular, the confidentiality, availability, traceability and integrity of the processed personal data without, however, being able to assure total data security.

Access to our website and other online presences is encrypted (SSL / TLS, particularly the Hypertext Transfer Protocol Secure – HTTPS). Most browsers indicate encrypted access with a small padlock in the address bar.

Our digital communications – like all digital communications – are subject to mass surveillance without cause and suspicion by security agencies in Switzerland, the rest of Europe, the United States of America (USA) and other countries. We are unable to directly influence the respective processing of personal data by secret services, police units and other security agencies. We also cannot rule out that individual data subjects are targets of surveillance.

6. Personal data abroad

We process personal data only in Switzerland and the European Economic Area (EEA). However, we may also export and/or transfer personal data to other countries, particularly for processing it there or engaging third parties to do so.

We may export personal data to all countries and territories on earth as well as to other locations in the universe as long as the Swiss Federal Council resolves that adequate data protection is in place in these locations and that they assure adequate data protection as resolved by the European Commission if and insofar as the General Data Protection regulation (GDPR) applies.

We may transfer personal data to countries whose laws do not provide adequate data protection if data protection is assured due to other reasons, in particular on the basis of standard protection clauses or other suitable guarantees. In exceptional circumstances, we may export personal data to countries without adequate or suitable data protection if the special data protection requirements for this purpose are met, such as explicit consent from the data subject or a direct link to the conclusion or performance of a contract. We will be pleased to provide data subjects with information about any guarantees or provide copies of any guarantees upon request.

7. Rights of data subjects

7.1 Claims under data protection law

We grant data subjects all claims in accordance with applicable data protection laws. Data subjects have the following rights, in particular:

Information: Data subjects may enquire if we process their personal data and if yes, which of their personal data. Data subjects further receive information that is required for enforcing their claims under data protection law and ensuring transparency. This includes the actual personal data processed, but also information on the processing purpose, storage period, any publication and/or any export of data to other countries as well as origin of the personal data.

Correction and restriction: Data subjects may correct inaccurate personal data, complete incomplete personal data and request for the processing of their data to be restricted.
Erasure and objection: Data subjects may request for personal data to be erased (“right to be forgotten”) and object to the processing of their data with future effect.

Release and transfer of data: Data subjects may request for personal data to be released or for their data to be transferred to another controller.

We may postpone, restrict or reject exercising the rights of data subjects within the legally permitted timeframe. We may inform data subjects of any requirements that must be met for exercising their claims under data protection law. We may, for instance, refuse to provide information with reference to business secrets or the protection of other persons, in whole or part thereof. We may also, for example, refuse to erase personal data with reference to statutory retention periods, in whole or part thereof.

We may, in exceptional circumstances, charge a fee for exercising these rights. We will inform data subjects in advance of any costs incurred.

We must implement adequate measures to identify data subjects who request information or enforce other rights. Data subjects must cooperate.

7.2 Legal protection

Data subjects have the right to take legal recourse to enforce their claims under data protection law or file a report with and/or complain to a responsible data protection agency.

In Switzerland, the data protection agency where data subjects can file reports against private controllers and federal agencies is the Federal Data Protection and Information Commissioner (FDPIC).

Data protection agencies where data subjects may be able to file complaints – if and insofar as the General data Protection regulation (GDPR) applies – are organised as members of the European Data Science Academy (EDSA). In some member states of European Economic Area, the data protection agencies have a federal structure, particularly in Germany.

8. Website use

8.1 Cookies

We may use cookies. Cookies – our own cookies (first-party cookies) as well as cookies used by third parties (third-party cookies) – are files that are stored in the browser. Such stored data does not have to be limited to traditional text-based cookies.

Cookies can be stored temporarily in the browser (session cookies) or for a specific period as so-called permanent cookies. Session cookies are automatically deleted when the browser is closed. Permanent cookies are stored for a specific period. Cookies make it possible, in particular, to recognise a browser on your next website visit and thus to measure the reach of our website, for instance. Permanent cookies may also be used for online marketing, however.

You can deactivate and delete all or some cookies in your browser settings at any time. Without cookies, our website may no longer be fully functional. We actively encourage you to consent to the use of cookies, at least to the extent that this is required.

8.2 Logs

We may log, at a minimum, the following information for each access to our website and other online presences if they are transferred to our digital infrastructure during such access: Date and time, including time zone, IP address, access status (HTTP status code), operating system, including user interface and version, browser, including language and version, individually accessed pages of our website, including transferred data volumes, and the website previously accessed in the same browser window (referrer URL).

We log such information, which may also be classed as personal data, in log files. We require this information for providing a permanent, user-friendly and reliable online presence. The information is further required for assuring data security, including by third parties or with the assistance of third parties.

8.3 Tracking pixel

We may embed tracking pixels in our online presence. Tracking pixels are also called web beacons. Tracking pixels, including those used by third parties whose services we use, are usually small, invisible images or Java scripts that are accessed automatically when accessing our online presence. Tracking pixels can record at least the same information as log files.

9. Third-party services

We use services from specialised third parties for carrying out our activities and tasks in a permanent, user-friendly, secure and reliable manner. These services enable us, amongst other things, to embed functions and contents in our website. When thus embedded, the used services sometimes collect at least the IP addresses of users for compelling technical reasons.

Third parties whose services we use may process aggregated, anonymised or pseudonymised data related to our activities and tasks for necessary security-related, statistical and technical purposes. These are, for instance, service or use data required for providing the respective service.

We use, in particular:

9.1 Digital infrastructure

We use services from specialised third parties to use the required digital infrastructure in connection with our activities and tasks. This includes, for instance, hosting and storage services by selected providers.

We purchase, in particular:

  • Hetzner: Hosting and other infrastructure; providers: Hetzner Online GmbH / Hetzner Cloud GmbH (both in Germany); information on data protection: privacy policy“Data protection FAQ”.
  • Sirvoy Poperty Managment: Sirvoy Ltd, 2nd floor, 13 Upper Baggot Street, Dublin 4, Ireland

9.2 Fonts

We use third-party services to embed selected fonts as well as icons, logos and symbols in our website.

We use, in particular:

10. Website expansions

We use expansions for our website to use additional functions. We may use services from suitable providers or use such expansions on our own server infrastructure.
We use, in particular:

  • Google reCAPTCHA: Spam protection (differentiation between desirable contents by humans and undesirable contents by bots and spam); provider: Google; Google reCAPTCHA-specific information: “What is reCAPTCHA?” (“What is reCAPTCHA?”).

11. Final clauses

We created this Privacy Policy using the Privacy Policy Generator by Datenschutzpartner.
The English text is a translation of the original German text. In the event of any disputes, the original German text shall prevail exclusively.

We may amend and add to this Privacy Policy at any time. We shall announce such amendments and addendums in a suitable manner, particularly by publishing the respective current version on our website.

Brienz, January 2024

Developed by netfuchs.ch for Concrete CMS.