Tickets
Area Clienti

DATA PROTECTION POLICY

With this data protection declaration, we inform you about what personal data we process in connection with our activities and operations. In particular, we provide information on what personal data we process, for what purpose, how and where. We also provide information on the rights of the persons whose data we process. Individual or further activities and operations may be subject to additional data protection declarations and other legal documents such as general terms and conditions (GTC), conditions of use or conditions of participation. We are subject to Swiss data protection law and any applicable foreign data protection laws, in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission acknowledges that the Swiss Data Protection Act ensures adequate data protection.

Personal data is any information relating to an identified or identifiable natural person. A data subject is a person about whom we process personal data.

Processing includes any processing of personal data, irrespective of the means and procedures used, such as querying, matching, adapting, storing, preserving, reading, disclosing, acquiring, recording, collecting, erasing, disclosing, arranging, organising, storing, modifying, disseminating, linking, destroying and using personal data.

We process personal data in accordance with the Swiss Data Protection Act, in particular the Federal Data Protection Act (Data Protection Act, DSG) and the Data Protection Ordinance (Data Protection Ordinance, DSV).

If and insofar as the General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with at least one of the following legal bases:

We process personal data that is necessary for us to be able to carry out our activities in a permanent, easily accessible, secure and reliable manner. Such personal data may fall into the following categories: inventory and contact data, browser and device data, content data, metadata or marginal data and usage data, location data, contract data, sales and payment data.

We process personal data for the period necessary to fulfil the relevant purpose(s) or as required by law. Personal data, the processing of which is no longer necessary, are anonymised or deleted.

We may entrust the processing of personal data to third parties, or process them in cooperation with or with the help of third parties, or pass them on to third parties. Such third parties are in particular specialised providers whose services we use. We also guarantee adequate data protection for such third parties.

Basically, we process personal data only with the consent of the data subject, except where processing is permissible for other legal reasons, e.g. for the fulfilment of a contract with the data subject and related pre-contractual measures, in order to safeguard our interests.

In this context, we process in particular information that the data subject voluntarily transmits to us when making contact – e.g. by post, e-mail, instant messaging, via a contact form, on social media or over the phone – or when registering for a user account, or when entering a competition. We may, for example, store such information in an address book or by similar means. If personal data of third parties is transmitted to us, the sender is obliged to protect the personal data vis-à-vis these third parties and to ensure that this personal data is correct.

We also process personal data that we receive from third parties, that we collect from publicly accessible sources or that we record during the preparation of our offer, if and to the extent that such processing is permitted for legal reasons.

Information: data subjects may request information on whether personal data concerning them is being processed and, if so, what personal data is being processed. Data subjects also receive the information they need to assert their data protection rights and to ensure transparency. This includes the personal data processed as such, but also, among other things, information on the purpose of the processing, the duration of storage, whether the data are disclosed or exported to other countries, and the origin of the personal data. Correction and restriction: data subjects may have incorrect personal data corrected, incomplete data completed and restrict the processing of their data. Deletion and objection: data subjects may have their personal data deleted (‘right to be forgotten’) and object to the processing of their data with future effect. Release and transfer of data: Data subjects may request the release of personal data or the transfer of their data to another data controller.

We may suspend, limit or refuse the exercise of data subjects’ rights to the extent permitted by law. We may draw the attention of data subjects to any requirements that must be met in order to exercise their rights under the Data Protection Act. For example, we may refuse to provide information, in whole or in part, with regard to business secrets or the protection of other persons. We may also, for example, refuse to delete personal data in whole or in part with reference to legal retention obligations.

We are required to take appropriate measures to identify data subjects who request information or assert other rights.

Data subjects are required to cooperate. Data subjects have the right to assert their data protection rights through the courts or to lodge a complaint with a competent data protection supervisory authority. The data protection supervisory authority for private data controllers and federal agencies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC). Data subjects have the right – if and insofar as the General Data Protection Regulation (GDPR) applies – to lodge a complaint with a competent European data protection supervisory authority.

We take appropriate and adequate technical and organisational measures to ensure the protection and in particular the security of data. However, despite these measures, we cannot guarantee absolute data security.

Access to our online offer is via Transport Layer Security encryption (SSL / TLS, in particular Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate this type of encryption with a padlock in the address bar.

We may use cookies on our website. Cookies – both our own (first-party cookies) and those of third parties whose services we use (third-party cookies) – are data that are stored in your browser. This type of stored data is not necessarily limited to traditional cookies in text format.

Cookies can be stored temporarily in the user’s browser as ‘session cookies’, or as so-called permanent cookies for a certain period of time. Session cookies’ are automatically deleted when you close your browser, whereas permanent cookies have a specific storage period. In particular, cookies make it possible to recognise a browser on the next visit to our website and thus, for example, to measure the reach of our website. Permanent cookies can also be used, for example, for online marketing.

You can disable and delete cookies completely or partially at any time in your browser settings. Without cookies, our website may no longer be available in its entirety. We expressly request your explicit consent to the use of cookies to the necessary extent.

With regard to cookies used for measuring performance and the number of users reached, or for advertising, many services provide a general opt-out through AdChoises (Digital Advertising Alliance of Canada), Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

For each access to our website, we may collect the following information, provided that it is transmitted by the user’s browser to our server infrastructure or is detectable by our web server: date and time, including time zone, IP (Internet Protocol) address, access status (HTTP status code), operating system, including user interface and version, browser, including language and version, individual subpage of our website consulted, including the amount of data transmitted, website last consulted in the same browser window (referrer or referrer).

We store this information, which may also include personal data, in server log files. This information is necessary in order to prepare our online offer permanently, easily accessible and reliable, as well as to ensure data security, in particular the protection of personal data – also through third parties or with the help of third parties.

We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels, including those of third parties whose services we use, are small, usually invisible images that are called up automatically when you visit our website. Tracking pixels provide the same information as server log files.

We send notifications and messages, such as newsletters, by e-mail and through other communication channels such as instant messaging. Notifications and messages may contain links or tracking pixels, which record the opening of each individual message and the links selected. Such links and tracking pixels may also track the use of notifications and messages on a personal basis. This statistical recording of usage to measure performance and reach is necessary in order to be able to send notifications and messages in an effective and user-friendly manner according to the recipients’ needs and reading habits, and in a permanent, secure and reliable manner.

The user is basically required to expressly consent to the use of his e-mail address and other contact addresses, except where use is permitted for other legal reasons. For any consent to receive e-mails, we use the ‘double opt-in’ procedure where possible, i.e. the user receives an e-mail with a link that he or she must click to confirm, in order to prevent misuse by unauthorised third parties. For testing and security reasons, we may protocol such consents, IP (Internet Protocol) addresses, as well as the date and time.

Basically, you can unsubscribe from notifications and messages, such as newsletters, at any time. With such an unsubscription, you can simultaneously object to the statistical recording of usage for performance and reach measurement. Necessary notifications and communications in connection with our activities and operations remain confidential.

We are present on social media and other online platforms to communicate with interested parties and to provide information about our activities and operations. In connection with these platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA). In this case, the General Terms and Conditions (GTC) and Terms of Use as well as the data protection declarations and other provisions of the individual operators of these platforms also apply. These provisions inform in particular about the rights of data subjects directly vis-à-vis the respective platform, which include, for example, the right to information.

We use third-party services in order to make our offer permanently, easily accessible, secure and reliable. These services are also used to embed content on our website. In the case of such embedding, the services used register the Internet Protocol (IP) addresses of users, at least temporarily, for technically compelling reasons. For statistical and technical security reasons, the third parties whose services we use may also process data in connection with our offer and from other sources – including through the use of cookies, log files and tracking pixels – in aggregate, anonymised or pseudonymised form.

In particular, we use: Google services: Provider: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General information on data protection: “Privacy and security principles”, Privacy Policy, “Google is committed to complying with applicable data protection laws”, “Privacy guide for Google products”, “How we use data from the websites or apps on which you use our services” (information provided by Google), “Types of cookies and other technologies used by Google”, “Personalized advertising” (activation / deactivation / settings). 11.1 Social media functions and their content We use third-party services and plugins to embed functions and content of social media platforms and to enable sharing of content on social media platforms and in other ways. In particular, we use: Instagram platform: Embed Instagram content; Provider: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Data protection information: Privacy Policy (Instagram), Privacy Policy (Facebook). 11.2 E-commerce We engage in electronic commerce (e-commerce) and use third-party services to successfully provide services, content or goods. In particular, we use: 11.3. Payments We use specialized service providers to process our customers’ payments securely and reliably. The legal texts of the individual service providers, such as the General Terms and Conditions (GTC) or data protection declarations, also apply to payment processing. In particular, we use: Datatrans: Payment processing; Provider: Datatrans AG (Schweiz); Data protection information: Privacy Policy, “Security & Compliance”.

We reserve the right to change and supplement this data protection declaration at any time. We will provide information about such changes and supplements in an appropriate form, in particular by publishing the updated data protection declaration on our website from time to time.