Privacy policy
This data protection declaration provides information about how we process personal data in connection with our activities and operations, including our website under the domain name campingberneroberland.ch. In particular, we provide information about why, how and where we process which personal data. We also provide information about the rights of individuals whose data we process.
We may publish further data protection declarations or other information on data protection for individual or additional activities and operations.
We are subject to Swiss data protection law and any applicable foreign data protection law, such as in particular that of the European Union (EU) with the European General Data Protection Regulation (GDPR).
In its decision of 26 July 2000, the European Commission recognised that Swiss data protection law ensures an adequate level of data protection. In its report of 15 January 2024, the European Commission confirmed this adequacy decision.
1. Contact addresses
Responsibility for the processing of personal data:
Verband Camping Berner Oberland
Association of campsites in the Bernese Oberland, Switzerland
3800 Interlaken
In individual cases, third parties may be responsible for processing personal data or there may be joint responsibility with third parties.
2. Definitions and legal bases
2.1 Definitions
Data subject: natural person about whom we process personal data.
Personal data: any information relating to an identified or identifiable natural person.
Particularly sensitive personal data: Data about union, political, religious or ideological views and activities, data about health, privacy or membership of an ethnic group or race, genetic data, biometric data that uniquely identifies a natural person, data about criminal or administrative sanctions or prosecutions, and data about social assistance measures.
Processing: Any kind of handling of personal data, irrespective of the means and procedures used, for example querying, synchronising, adapting, archiving, storing, reading out, disclosing, collecting, recording, deleting, organising, storing, modifying, disseminating, linking, destroying and using personal data.
European Economic Area (EEA): Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway.
2.2 Legal basis
We process personal data in accordance with Swiss data protection law, in particular the Federal Data Protection Act (Data Protection Act, DSG) and the Ordinance on Data Protection (Data Protection Ordinance, DSV).
If and to the extent that the European General Data Protection Regulation (GDPR) is applicable, we process personal data on the basis of at least one of the following legal principles:
- Art. 6 (1) (b) GDPR for the processing of personal data necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data to protect legitimate interests, including the legitimate interests of third parties, provided that the fundamental freedoms and rights and interests of the data subject do not prevail. Such interests are, in particular, the long-term, humane, safe and reliable performance of our activities and operations, ensuring information security, protection against misuse, the enforcement of our own legal claims and compliance with Swiss law.
- Art. 6 para. 1 lit. c GDPR for the processing of personal data necessary for compliance with a legal obligation to which we are subject under any applicable law of member states in the European Economic Area (EEA).
- Art. 6 para. 1 lit e GDPR for the processing of personal data necessary for the performance of a task carried out in the public interest.
- Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
- Art. 6 para. 1 lit. d GDPR for the processing of personal data necessary to protect the vital interests of the data subject or of another natural person.
- Art. 9 para. 2 ff. GDPR for the processing of special categories of personal data, in particular with the consent of the data subjects.
The European General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data and the processing of particularly sensitive personal data as the processing of special categories of personal data (Art. 9 GDPR).
3. Nature, scope and purpose of the processing of personal data
We process the personal data that is required for us to carry out our activities and operations in a sustainable, humane, safe and reliable manner. The personal data processed may fall into the following categories in particular: browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data and payment data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect in the course of our activities and operations, provided that such processing is permitted by law.
We process personal data, where required, with the consent of the data subjects. We may process personal data in many cases without consent, for example to fulfil legal obligations or to protect overriding interests. We may also request the consent of data subjects where their consent is not required.
We process personal data for the duration of the period required for the respective purpose. We anonymise or delete personal data in particular in accordance with statutory retention and limitation periods.
4. Disclosure of personal data
We may disclose personal data to third parties, have it processed by third parties or process it jointly with third parties. Such third parties are, in particular, specialised providers whose services we use.
For example, we may disclose personal data to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and business information bureaus, logistics and shipping companies, marketing and advertising agencies, media, organisations and associations, social institutions, telecommunications companies and insurance companies.
5. Communication
We process personal data in order to communicate with individuals as well as with authorities, organisations and companies. In doing so, we process in particular data that a data subject transmits to us when contacting us, for example by letter post or e-mail. We may store such data in an address book or with comparable tools.
Third parties who provide us with data about other persons are obliged to ensure the data protection of these data subjects independently. In particular, they must ensure that such data is correct and may be transmitted.
6. Data security
We take appropriate technical and organisational measures to ensure data security appropriate to the respective risk. In particular, our measures ensure the confidentiality, availability, traceability and integrity of the personal data processed, but we cannot guarantee absolute data security.
Access to our website and our other online presence is protected by transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn against visiting websites without transport encryption.
Our digital communication is subject – as is basically all digital communication – to mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries. We have no direct influence on the corresponding processing of personal data by secret services, police forces and other security authorities. We also cannot rule out the possibility that a data subject may be monitored specifically.
7. Personal data abroad
We process personal data principally in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular for the purpose of processing it or having it processed there.
We may export personal data to all countries on earth and elsewhere in the universe, provided that the local law guarantees an adequate level of data protection in accordance with the decision of the Swiss Federal Council and – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – also in accordance with the decision of the European Commission.
We may transfer personal data to countries whose laws do not guarantee adequate data protection if data protection is guaranteed for other reasons, in particular on the basis of standard data protection clauses or other suitable guarantees. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the special data protection requirements are met, for example, the express consent of the data subjects or a direct connection with the conclusion or execution of a contract. We will be happy to provide data subjects with information about any guarantees on request or provide a copy of any guarantees.
8. Rights of data subjects
8.1 Claims under data protection law
We grant data subjects all claims under applicable data protection law. In particular, data subjects have the following rights:
- Information: Data subjects can request information as to whether we process personal data about them and, if so, what personal data is involved. Data subjects also receive the information necessary to assert their data protection claims and to ensure transparency. This includes the personal data processed as such, but also, among other things, information on the purpose of the processing, the duration of storage, any disclosure or export of data to other countries and the origin of the personal data.
- Rectification and restriction: Data subjects can rectify inaccurate personal data, complete incomplete data and restrict the processing of their data.
- Erasure and objection: Data subjects can have personal data erased (‘right to be forgotten’) and object to the processing of their data with effect for the future.
- Data disclosure and data transfer: Data subjects can request the disclosure of personal data or the transfer of their data to another controller.
We may postpone, restrict or refuse the exercise of the rights of data subjects to the extent permitted by law. We may draw the attention of data subjects to any conditions to be fulfilled in order for them to exercise their data protection rights. For example, we may refuse to provide information in whole or in part with reference to confidentiality obligations, overriding interests or the protection of other persons. We may also refuse to delete personal data in whole or in part, in particular with reference to statutory retention obligations.
We may charge a fee for exercising rights in exceptional cases. We will inform data subjects in advance of any costs.
We are obliged to take appropriate measures to identify data subjects who request information or assert other rights. Data subjects are obliged to cooperate.
8.2 Legal protection
Data subjects have the right to enforce their data protection claims through the courts or to file a report or complaint with a data protection supervisory authority.
The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
European data protection supervisory authorities are organised as members of the European Data Protection Board (EDPB). In some member states in the European Economic Area (EEA), the data protection supervisory authorities have a federal structure, in particular in Germany.
9. Use of the website
9.1 Cookies
We may use cookies. Cookies – our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data that are stored in the browser. Such stored data need not be limited to traditional cookies in text form.
Cookies can be stored in the browser temporarily as ‘session cookies’ or for a certain period of time as so-called permanent cookies. ‘Session cookies’ are automatically deleted when the browser is closed. Permanent cookies have a certain storage duration. In particular, cookies enable us to recognise a browser the next time you visit our website and thus, for example, measure the reach of our website. However, permanent cookies can also be used for online marketing, for example.
Cookies can be partially or completely disabled and deleted at any time in the browser settings. Without cookies, however, our website may no longer be fully available. We actively request – at least if and insofar as necessary – express consent to the use of cookies.
For cookies used to measure success and reach or for advertising, a general opt-out is possible for numerous services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
9.2 Logging
We may log at least the following information for each access to our website and our other online presence, provided that this information is transmitted to our digital infrastructure during such access: Date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-pages of our website accessed including the amount of data transferred, last website accessed in the same browser window (referrer or referrer).
We log such information, which may also constitute personal data, in log files. The information is necessary to provide our online presence in a permanent, user-friendly and reliable manner. The information is also necessary to ensure data security – including by third parties or with the help of third parties.
9.3 Web beacons
We may integrate tracking pixels into our online presence. Tracking pixels are also referred to as web beacons. Tracking pixels – including those from third parties whose services we use – usually take the form of small, invisible images or scripts formulated in JavaScript that are automatically retrieved when our online presence is accessed. Tracking pixels can be used to collect at least the same information as in log files.
10. Social media
We are present on social media platforms and other online platforms in order to communicate with interested parties and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).
The general terms and conditions (GTC) and terms of use as well as the data protection declarations and other provisions of the individual operators of such platforms also apply. These provisions provide information in particular about the rights of data subjects directly vis-à-vis the respective platform, which includes, for example, the right to information.
We are jointly responsible with Meta Platforms Ireland Limited (Ireland) for our social media presence on Facebook, including Page Insights, insofar as the General Data Protection Regulation (GDPR) is applicable. Meta Platforms Ireland Limited is part of the Meta companies (including in the USA). Page Insights provide information about how visitors interact with our Facebook page. We use Page Insights to provide an effective and user-friendly social media presence on Facebook.
Further information about the type, scope and purpose of data processing, the rights of data subjects and the contact details of Facebook and its data protection officer can be found in the privacy policy of Facebook. We have concluded a so-called ‘addendum for controllers’ with Facebook and have thus agreed in particular that Facebook is responsible for guaranteeing the rights of data subjects. For the so-called Page Insights, the corresponding information can be found on the page ‘Information on Page Insights’ including ‘Information on Page Insights Data’.
11. Third-party services
We use specialised third-party services to help us carry out our activities and operations in a sustainable, user-friendly, secure and reliable manner. Among other things, these services allow us to embed functions and content in our website. When embedded in this way, the services used collect the IP addresses of users at least temporarily for technically compelling reasons.
For necessary security-related, statistical and technical purposes, third parties whose services we use may process data in connection with our activities and operations in an aggregated, anonymised or pseudonymised form. This may include, for example, performance or usage data in order to provide the respective service.
In particular, we use:
- Services from Google: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) partly for users in the European Economic Area (EEA) and Switzerland; General information on data protection: ‘Privacy and security principles’, ‘Information on how Google uses personal data’, Privacy Policy, ‘Google is committed to complying with applicable data protection laws’, ‘Guide to privacy in Google products’, ‘How we use data from websites or apps on or in which our services are used’, ‘Types of cookies and similar technologies that Google uses’, ‘Advertising that you influence’ (‘personalised advertising’).
11.1 Digital infrastructure
We use the services of specialised third parties to provide the necessary digital infrastructure in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.
In particular, we use:
- Hetzner: hosting and other infrastructure; providers: Hetzner Online GmbH / Hetzner Cloud GmbH (both in Germany); information on data protection: data protection declaration.
11.2 Map material
We use third-party services to embed maps into our website.
In particular, we use:
- OpenStreetMap (OSM): map service; provider: OpenStreetMap Foundation (United Kingdom); information on data protection: data protection declaration.
11.3 Digital content
We use the services of specialised third parties to integrate digital content into our website. Digital content includes, in particular, image and video material, music and podcasts.
We use, in particular:
- YouTube: video platform; provider: Google; YouTube-specific information: ‘Privacy and security centre’, ‘My data on YouTube’.
11.4 Advertising
We use the option of having targeted advertising for our activities and operations displayed by third parties such as social media platforms and search engines.
In particular, we want to use such advertising to reach people who are already interested in our activities and services or who might be interested in them (remarketing and targeting). To do this, we may transfer the relevant information – which may include personal data – to third parties who enable such advertising. We can also determine whether our advertising is successful, in particular whether it leads to visits to our website (conversion tracking).
Third parties with whom we advertise and with whom you are registered as a user may be able to associate your use of our website with your profile there.
In particular, we use:
- Google Ads: search engine advertising; provider: Google; Google Ads-specific information: advertising based, among other things, on search queries, where various domain names – in particular doubleclick.net, googleadservices.com and googlesyndication.com – are used for Google Ads, privacy policy for advertising, ‘Manage display ads directly via Ads’.
- Meta ads: social media advertising on Facebook and Instagram; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the US); data protection information: targeting, including retargeting, in particular with the Meta pixel and with Custom Audiences including Lookalike Audiences, privacy policy, ‘advertising preferences’ (user registration required).
12. Extensions for the website
We use extensions for our website to enable us to use additional functions. We can use selected services from suitable providers or use such extensions on our own digital infrastructure.
In particular, we use:
- Google reCAPTCHA: spam protection (distinguishing between desirable content from humans and undesirable content from bots and spam); provider: Google; Google reCAPTCHA-specific information: ‘What is reCAPTCHA?’.
13. Performance and reach measurement
We try to measure the success and reach of our activities and operations. In doing so, we may also measure the effect of third-party references or check how different parts or versions of our online offering are used (A/B testing method). Based on the results of the success and reach measurement, we can in particular correct errors, strengthen popular content or make improvements.
In most cases, the IP addresses of individual users are recorded to measure success and reach. In this case, IP addresses are always truncated (‘IP masking’) in order to follow the principle of data economy through the corresponding pseudonymisation.
Cookies may be used and user profiles created to measure success and reach. Any user profiles created include, for example, the individual pages visited or content viewed on our website, information on the size of the screen or browser window and the – at least approximate – location. In principle, any user profiles created are exclusively pseudonymised and are not used to identify individual users. Individual third-party services for which users are registered may associate the use of our online services with the user account or user profile for the respective service.
In particular, we use:
- Matomo: performance and reach measurement; provider: InnoCraft Ltd. (New Zealand, free open source software); data protection information: use on own digital infrastructure and with pseudonymised IP addresses, ‘List of all Matomo features’.
14. Final notes on the data protection declaration
We have created this data protection declaration using the data protection generator from Datenschutzpartner and deepl.com.
We can update this data protection declaration at any time. We will provide information about updates in a suitable form, in particular by publishing the current data protection declaration on our website.
April 2025