1. Contact addresses
Responsible for the online offering:
Stiftung Pro Kloster St. Johann and press contact
T +41 81 858 56 62
stiftung@muestair.ch 

2. Processing of personal data

2.1 Definitions

Personal data is any information relating to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, collection, deletion, storage, modification, destruction and use of personal data.

2.2 Legal basis

We process personal data in accordance with Swiss data protection law, in particular the Swiss Federal Data Protection Act (FADP) and the Ordinance on Data Protection (DPO).

2.3 Type, scope and purpose

We process the personal data that is necessary to provide our online services in a permanent, user-friendly, secure and reliable manner. Such personal data may fall into the categories of inventory and contact data, content data, usage data and marginal data, as well as contract data and payment data.

We process personal data for the period necessary for the relevant purpose or purposes or as required by law. Personal data that no longer needs to be processed is anonymised or deleted.

We process personal data only with the consent of the data subject, unless the processing is permitted for other legal reasons, for example to fulfil a contract with the data subject and for corresponding pre-contractual measures, to protect our overriding legitimate interests because the processing is evident from the circumstances or after prior information.

In this context, we process in particular information that a data subject voluntarily and personally transmits to us when contacting us – for example by letter post, email, contact form, social media or telephone – or when registering for a user account. We may store such information, for example, in an address book or with comparable tools. If you provide us with personal data of third parties, you are obliged to guarantee data protection to such third parties and to ensure the accuracy of such personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources or collect when providing our online services, if and to the extent that such processing is permitted for legal reasons.

Personal data provided in job applications will only be processed if it relates to suitability for an employment relationship or is necessary for the subsequent performance of an employment contract. The personal data required for an application is derived from the information requested or provided, for example in the context of the job description. Applicants have the option of voluntarily providing further information for their respective applications.

2.4 Processing of personal data by third parties, including those abroad

We may have personal data processed by third parties, in particular by processors, or process it together with third parties and with the help of third parties, or transfer it to third parties. Such third parties are in particular providers whose services we use. We also ensure that such third parties provide an adequate level of data protection.

Such third parties are generally located in Switzerland and in the European Economic Area (EEA), including the European Union (EU). However, such third parties may also be located in other countries around the world and elsewhere in the universe, provided that their data protection law guarantees adequate data protection in the opinion of the Federal Data Protection and Information Commissioner (FDPIC), or if adequate data protection is guaranteed for other reasons, such as a corresponding contractual agreement, in particular on the basis of standard contractual clauses, or a corresponding certification. For third parties in the United States of America (USA), certification under the Privacy Shield can ensure adequate data protection. Exceptionally, such a third party may be located in a country without adequate data protection provided that the data protection requirements, such as the express consent of the data subject, are met.

3. Rights of data subjects

Data subjects whose personal data we process have rights under Swiss data protection law. These include the right of access and the right to rectification, erasure or blocking of the personal data processed.

Data subjects whose personal data we process have the right to appeal to a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

4. Data security

We take appropriate and suitable technical and organisational measures to ensure data protection and, in particular, data security. However, despite such measures, the processing of personal data on the internet can always be subject to security vulnerabilities. We are therefore unable to guarantee absolute data security.

Access to our online services is protected by transport encryption (SSL/TLS with HTTPS).

Access to our online services is subject – as is basically all internet use – to mass surveillance without cause or suspicion and other surveillance by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries. We have no direct influence on the corresponding processing of personal data by secret services, police forces and other security authorities.

5. Use of the website

5.1 Cookies

We may use cookies for our website. Cookies – including those from third parties whose services we use (third-party cookies) – are data in text form that are stored in your browser. Cookies cannot execute any programs or transmit malware such as Trojans and viruses.

When you visit our website, cookies may be stored in your browser temporarily as so-called session cookies or for a certain period of time as so-called permanent cookies. Session cookies are automatically deleted when you close your browser. Permanent cookies enable us, in particular, to recognise your browser the next time you visit our website and thus, for example, to measure the reach of our website. However, permanent cookies can also be used for online marketing, for example.

You can disable cookies in your browser settings at any time, either completely or partially, and you can delete them. Without cookies, however, our online services may no longer be fully available. We ask for your consent – if and to the extent necessary – to the use of cookies.

For cookies used for performance or reach measurement or for advertising, a general opt-out is possible for numerous services via the Networking Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

5.2 Log files

We may collect the following information each time our website is accessed, provided that it is transmitted by your browser to our server infrastructure or can be determined by our web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual pages accessed and the amount of data transferred, last website visited (referrer).

We store such information, which may also constitute personal data, in log files. The information is necessary to provide our online services in a permanent, user-friendly and reliable manner and to ensure data security and thus, in particular, the protection of personal data – including by or with the help of third parties.

5.3 Web beacons

We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – including those from third parties whose services we use – are small images that are retrieved when you visit our website. Tracking pixels can be used to collect the same information as in server log files.

6. Third-party services

We may use third-party services to provide our online services in a sustainable, user-friendly, secure and reliable manner. Such services also serve to embed content in our online services. These services – such as hosting and storage services, video services and payment services – require your Internet Protocol (IP) address, as such services would otherwise be unable to transmit the corresponding content. Such services may be located outside Switzerland and the European Economic Area (EEA), including the European Union (EU), provided that an adequate level of data protection is ensured.

For their own security-related, statistical and technical purposes, third-party services may also process data in connection with our online offering and from other sources in aggregated, anonymised or pseudonymised form, including cookies, log files and tracking pixels. Such data is not used to directly contact data subjects in connection with our online offering.

6.1 Map material

We use Google Maps to embed maps into our website. This also involves the use of cookies. Google Maps is a service of the American company Google LLC; Google Ireland Limited, based in Ireland, is responsible for users in the European Economic Area (EEA) and Switzerland. Further information about the type, scope and purpose of data processing can be found in the Google privacy and security principles and in the Google privacy policy, in the guide to data protection in Google products (including Google Maps), in the information on how Google uses data from websites on which Google services are used and in the information about cookies at Google. It is also possible to object to personalised advertising.

6.2 Fonts

We use Google Fonts to embed selected fonts in our website. No cookies are used in this process. This is a service provided by the American company Google LLC that is offered independently of other Google services. Google Ireland Limited, based in Ireland, is responsible for users in the European Economic Area (EEA) and Switzerland. Further information about the type, scope and purpose of data processing can be found in the Google data protection and security principles and in the Google privacy policy.

6.3 Performance and reach measurement

Google Analytics

We use Google Analytics to analyse how our website is used, which also allows us, for example, to measure the reach of our website and the success of links from third parties to our website. This is a service provided by the American company Google LLC, while Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland.

Google also tries to track individual visitors to our website when they use different browsers or devices (cross-device tracking). Cookies are also used for this purpose. Google Analytics requires your Internet Protocol (IP) address, but this is not merged with other Google data.

In any case, we have your Internet Protocol (IP) address anonymised by Google before the analysis. As a result, your full IP address is not transferred to Google in the USA.

Further information about the type, scope and purpose of data processing can be found in the Google Privacy and Security Principles and in the Google Privacy Policy, in the Google Privacy Guide for Products (including Google Analytics), in the Information on how Google uses data from websites on which Google services are used and in the Information about cookies at Google. You also have the option of using the Browser Add-on to disable Google Analytics and to object to personalised advertising.

7. Final provisions

We may amend and supplement this privacy policy at any time. We will provide information about such amendments and supplements in a suitable form, in particular by publishing the current privacy policy on our website.