Training for a sporty goal, or interested in exploring countries and cultures by bicycle? We do both.
This privacy policy provides detailed information about the handling and processing of your personal data. It applies to the collection, processing, use, and sharing of your data within the entire Active Group AG, which includes the companies Active Travel AG, Bicicletas Mallorca SLU, Mallorca Aktiv GmbH, and Triathlon Holidays GmbH.
The data collection and processing within the Active Group AG is primarily managed by the website operator Active Travel AG, Neugrütstrasse 4b, CH-8610 Uster.
To understand which personal data we collect from you and for what purposes we use it, please review the following information. We primarily adhere to the legal requirements of Swiss data protection law, particularly the Federal Data Protection Act ("DSG"), as well as the European General Data Protection Regulation ("GDPR"), where certain data processing activities fall under its scope. The specification of the legal basis under GDPR is only relevant if the GDPR applies to the specific data processing activity.
1. What is this privacy policy about?
2. Who are we?
3. What are "personal data" and what does "processing" mean?
4. For whom and for what purpose is this privacy policy intended?
5. Which personal data do we process for which purposes?
6. To whom do we disclose your personal data?
7. When do we transfer your personal data abroad?
8. Do we perform profiling and automated individual decisions?
9. How do we protect your personal data?
10. How long do we store your personal data?
11. What rights do you have in relation to the processing of your personal data?
12. Contact
13. Changes to this privacy policy
Data protection is a matter of trust, and your trust and privacy are important to us. We want to ensure that you are fully informed about the processing of your personal data.
This privacy policy explains which personal data we process, how, and for what purposes. Specifically, it details:
“Huerzeler - The Cycling Experience” is a registered trademark and an offering by the tour operator Active Travel AG. The use of this trademark by third parties is not permitted.
For each data processing activity, a specific company within the Active Group AG, consisting of Active Travel AG, Bicicletas Mallorca SLU, Mallorca Aktiv GmbH, and Triathlon Holidays GmbH, is legally responsible for data protection. Typically, it is the company that decides whether a specific processing activity should take place (e.g., processing within the context of a service, when using the website, etc.), the purposes for which it will be conducted, and the principles that should apply. If these decisions are made jointly by multiple companies within Active Group AG, they may also be jointly responsible.
For the data processing activities covered by this privacy policy, the following company is primarily responsible (hereinafter referred to as “we” or “us”):
Active Travel AG
Neugrütstrasse 4b
CH-8610 Uster
Phone +41 44 500 37 37
info@huerzeler.com
www.huerzeler.com
Company number: CH-020.3.032.021-7
VAT number: CHE-114.079.008
Mallorca Aktiv GmbH
Ursprungweg 32
DE-71263 Weil der Stadt
Phone: +49 703 369 28 30
info@mallorca-aktiv.de
Register number: HRB 252233
If you are dealing with services under the brand “Huerzeler - The Cycling Experience,” Active Travel AG is generally responsible for data protection, unless you are explicitly informed otherwise in individual cases, or a different responsibility is clear from the context. Scenarios where a different company within the Active Group AG, other than Active Travel AG, is responsible for data protection include the following:
If another company within the Active Group AG is responsible for data protection, different privacy policies of the respective company may apply. In such cases, you will be informed of these privacy policies. Otherwise, the present privacy policies apply, with “we” or “us” referring to the relevant company.
Data protection law regulates the processing of personal data. Personal data (or “personally identifiable information”) refers to all information that can be associated with a specific natural person (human). This includes, for example, the following information:
Information related to contact persons within a legal entity (e.g., the phone number and email address of the contact person in the marketing department) is considered personal data of a natural person.
We generally collect your personal data directly from you, for example, when you communicate with us at the travel agency, use an online or app-based service, or visit one of our websites. However, your personal data may also be collected indirectly, for example, through business partners, when a traveler provides information about fellow travelers, or when other persons are mentioned in communication with us. Additionally, we may acquire supplementary information from third-party data sources (e.g., social media or address traders).
We do not necessarily process all categories of personal data mentioned in this section. Specific information about the personal data we process can be found under Section 5. “Processing” (or “handling”) refers to any interaction with your personal data.
This includes, for example, the following actions:
This privacy policy informs you about how we, Active Travel AG, process your personal data.
Specific services may also be subject to additional privacy policies.
Our data processing activities may particularly affect the following individuals (referred to as "data subjects"):
Depending on the occasion and purpose, we process very different personal data. Among other things, we may process personal data – in some cases also particularly sensitive personal data – in the following situations for the following purposes:
When you visit our websites, our servers temporarily store every access in a log file.
The following data is collected by us without your intervention and stored until automated deletion after a maximum of twelve months:
The collection and processing of this data is carried out for the purpose of enabling the use of the websites (connection establishment), ensuring the long-term security and stability of the system, optimizing the Internet offering, and for internal statistical purposes. The aforementioned information is not linked to or stored with personal data.
Only in the case of an attack on the network infrastructure of the websites or if there is a suspicion of other unauthorized or abusive website usage will the IP address be evaluated to clarify and avert the attack, and, if necessary, used within the framework of a criminal proceeding to identify and take civil and criminal action against the relevant users.
The legal basis for the aforementioned data processing is our legitimate interest according to Art. 6 para. 1 lit. f GDPR. In particular, we have a legitimate interest in ensuring IT security.
If you contact us via the contact form on the website, we collect the following data from you:
The fields marked with * are mandatory.
If you provide us with personal data, you must ensure that this personal data is correct.
We use this data to answer your inquiries or to provide the services you requested and to contact you by phone if necessary. The processing of your contact inquiry is based on our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time (contact details are provided below). Our legitimate interest lies particularly in good customer care, maintaining contact, and other communication with customers, even outside of a contract, as well as in improving products and services and developing new ones. If your inquiry is aimed at concluding or processing a contract, the legal basis is the fulfillment of the contract within the meaning of Art. 6 para. 1 lit. b GDPR.
We use our own software application to handle contact inquiries via the contact form. Information about data processing by third parties and any transfer abroad can be found in Section 7 of this privacy policy.
We offer various options on our websites, and possibly also in mobile apps provided by us, to book or reserve services online. During the booking process, you will be transparently informed which personal data we need from you. This may include, for example, the following data:
Depending on the service, additional specific information may be required (e.g., when booking a round trip, the passport number, see also Section 3 above). We transparently indicate in the input fields which data is mandatory (usually marked with a *).
You may also want or need to provide us with personal data of third parties, e.g., fellow travelers. We would like to point out that you are obliged to inform these individuals about this data transfer and this privacy policy and to ensure the accuracy of the personal data concerned.
Unless otherwise stated in this privacy policy or unless you have separately consented to it, we will only use the aforementioned data to fulfill the contract, namely to provide the services you have ordered or booked, to process your orders, to deliver the ordered products, and to ensure proper payment.
Please note that certain services that can be booked via our website are not provided by us directly. For example, if you book a rental bike for your holiday in Mallorca, the respective service is provided by Bicicletas Mallorca SLU. To handle and deliver the service, we forward the personal data you entered in the booking form to the relevant service providers.
The legal basis for processing your data for the aforementioned purposes is the fulfillment of a contract according to Art. 6 para.1 lit. b GDPR. If particularly sensitive data is also transmitted in connection with the booking of certain services, e.g., data about your health or physical problems when booking bike tours, you consent to the data processing for service provision by submitting this information (Art. 9 para. 2 lit. a GDPR). You can generally revoke this consent at any time. However, revocation during ongoing service provision is not possible.
Cookies and DOM Storage ("Supercookies") help in many ways to make your visit to our website easier, more pleasant, and more meaningful. Cookies are information files that your web browser automatically stores on the hard drive of your computer when you visit our website.
We use cookies for various purposes that are required for the intended use of the website, i.e., "technically necessary." For example, we use cookies to temporarily store your selected services and inputs when filling out a form on the website, so that you do not have to re-enter the data when accessing another subpage. Additionally, cookies also perform other technical functions required for the operation of the website, such as load balancing, i.e., the distribution of the page load on various web servers to relieve the servers. Cookies are also used for security purposes, e.g., to prevent unauthorized posting of content. Finally, we use cookies as part of the design and programming of our website, e.g., to enable the uploading of scripts or codes.
Most internet browsers automatically accept cookies. However, you can configure your browser to prevent cookies from being stored on your computer or to always display a warning before a new cookie is saved. The following pages provide explanations on how to configure the processing of cookies in the most common browsers:
Disabling cookies may result in you not being able to use all the features of our website.
You can prevent the use of HTML5 storage objects by using the private mode in your browser.
Our legal basis for data processing through cookies is our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR. Our legitimate interests are particularly in the smooth operation and further development of our website. The possibility of objection or opt-out was mentioned above.
5.1.5 Tracking and Web Analysis Tools
5.1.5.1 General Information on Tracking
To design and continuously optimize our website according to your needs, we use the web analysis services listed below. In this context, pseudonymized usage profiles are created, and cookies are used (please also refer to Section 5.1.4). The information generated by the cookie about your use of this website is usually transmitted to a server of the service provider, where it is stored and processed. This may also involve a transfer to servers abroad, e.g., in the USA (see Section 7 for details, including the lack of an adequate level of data protection and the safeguards provided).
Through the processing of the data, we obtain, among other things, the following information:
On our behalf, the provider will use this information to evaluate the use of the website, in particular to compile reports on website activities and to provide further services related to website usage and internet usage for market research and to design these websites according to your needs. For these processes, we and the providers may be considered as joint controllers under data protection law to a certain extent.
The legal basis for this data processing with the following services is your consent under Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time or reject the processing by refusing or disabling the relevant cookies in your web browser settings (see Section 5.1.4) or by using the service-specific options described below.
For further processing of the data by the respective provider as a data controller, in particular, any potential disclosure of this information to third parties, such as to authorities based on national legal requirements, please refer to the respective provider’s privacy policy.
We use the web analysis service Google Analytics by Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).
In contrast to the description in Section 5.1.5.1, IP addresses are not logged or stored in Google Analytics (in the version used here, "Google Analytics 4"). For accesses originating from the EU, IP address data is only used to derive location data and then immediately deleted. All IP searches are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing. Regional data centers are used in Google Analytics. When a connection to the nearest available Google data center is established in Google Analytics, the measurement data is sent to Analytics via an encrypted HTTPS connection. In these centers, the data is further encrypted before being forwarded to the processing servers of Analytics and made available on the platform. Based on IP addresses, the most suitable local data center is determined. This may also involve data transmission to servers abroad, e.g., in the USA (see Section 7 for details, including the lack of an adequate level of data protection and the safeguards provided).
Users can prevent the collection of data generated by the cookie and related to their use of the website (including the IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link:
http://tools.google.com/dlpage/gaoptout?hl=de
5.1.5.3 Crazy Egg
We use the web analysis service Crazy Egg on our website, provided by Crazy Egg, Inc., 16220 E. Ridgeview Lane, La Mirada CA 90638, USA ("Crazy Egg"). Crazy Egg allows us to understand how you navigate our website and what you have viewed or clicked on in detail. The tracked usage behavior is subject to systematic and anonymous analysis, i.e., the user affected by the analysis is not identifiable. The selection of users whose behavior is analyzed is also subject to a random principle. The use of Crazy Egg provides us with valuable information to make our website faster and more user-friendly.
The following information is processed by Crazy Egg:
The information generated by the cookies or generated by the user in Crazy Egg is anonymized and transmitted to and stored on Crazy Egg's servers hosted in the USA (see Section 7).
For more information on data protection and Crazy Egg, please refer to Crazy Egg's privacy policy at http://www.crazyegg.com/privacy.
You can object to the processing of your data by Crazy Egg directly with the provider at http://www.crazyegg.com/opt-out or prevent the storage of cookies by configuring the settings in your browser (see Section 5.1.4).
5.1.6 Online Advertising and Targeting
5.1.6.1 In General
We use services from various companies to present you with interesting offers online. In doing so, your user behavior on our website and websites of other providers is analyzed to display customized online advertising for you.
Most tracking technologies that track your user behavior and target advertising (targeting) work with cookies (see Section 5.1.4), with which your browser can be recognized across different websites. Depending on the service provider, it may also be possible for you to be recognized online even when using different devices (e.g., laptop and smartphone). This can happen, for example, if you have registered with a service that you use on multiple devices.
In addition to the data mentioned above that is collected when accessing websites (log file data, see Section 5.1.1) and when using cookies (Section 5.1.4) and which may be passed on to companies involved in advertising networks, the following data, in particular, is included in the selection of the potentially most relevant advertising for you:
We and our service providers use this data to recognize whether you belong to the target group we are addressing and take this into account when selecting the advertisements. For example, after visiting our site, you may be shown advertisements for the products or services you have viewed when accessing other sites (re-targeting). Depending on the extent of the data, a user profile may also be created, which is evaluated automatically, with the advertisements selected based on the information stored in the profile, such as belonging to certain demographic segments or potential interests or behaviors. Such advertisements can be displayed to you on various channels, including our website or app (as part of on-site and in-app marketing) and advertising provided through the online advertising networks we use, such as Google.
The data can then be evaluated for billing with the service provider and assessing the effectiveness of advertising measures to better understand the needs of our users and customers and improve future campaigns. This may also include information that performing an action (e.g., visiting specific sections of our websites or submitting information) is attributable to a particular advertisement. Furthermore, we receive aggregated reports from the service providers on advertising activities and information on how users interact with our website and our advertisements.
The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by rejecting or disabling the relevant cookies in your web browser settings (see Section 5.1.4). Additional options for blocking advertising can also be found in the information provided by the respective service provider, such as Google.
5.1.6.2 DoubleClick
This website uses the online marketing tool DoubleClick by Google Ireland Limited, Gordon House Barrow Street Dublin 4, Ireland (hereinafter: Google). DoubleClick uses cookies to show users relevant advertisements, improve campaign performance reports, or avoid showing the same advertisement multiple times. Using a cookie ID, Google records which advertisements are shown in which browser and can prevent them from being displayed multiple times. In addition, DoubleClick can record so-called conversions related to advertisement requests using cookie IDs. This happens, for example, when a user sees a DoubleClick advertisement and later visits the advertiser's website with the same browser and makes a purchase there. According to Google, DoubleClick cookies do not contain any personally identifiable information.
Due to the marketing tools used, your browser automatically connects directly to the Google server. We have no influence on the extent and further use of the data collected by using this tool by Google and therefore inform you according to our level of knowledge: By integrating DoubleClick, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will obtain and store your IP address.
You can prevent participation in this tracking process in various ways:
For more information about DoubleClick by Google, please visit https://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090, as well as general information on privacy at Google: https://www.google.de/intl/de/policies/privacy. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.
5.1.6.3 Google Dynamic Remarketing
We use the service Google Dynamic Remarketing by Google Ireland Limited, Gordon House Barrow Street Dublin 4, Ireland (hereinafter: Google), on our website.
This service enables us to display our advertisements to you during your further internet usage after visiting our website. This is done using cookies stored in your browser, through which your usage behavior when visiting various websites is tracked and analyzed by the provider. This allows the provider to recognize your previous visit to our website. According to the provider, the data collected during remarketing is not merged with your personal data stored by the provider. In particular, according to the provider, pseudonymization is used during remarketing.
We use the service for marketing and optimization purposes, specifically to display relevant and interesting advertisements to you and improve our offering, making it more interesting for you as a user and avoiding annoying advertisements.
5.1.7 Social Media Links
We have included links to our profiles on the social networks of the following providers on our website:
When you click on the social network icons, you will be automatically redirected to our profile in the respective network. A direct connection is established between your browser and the server of the respective social network. This allows the network to receive the information that you have visited our website with your IP address and clicked on the link. This may also involve data transmission to servers abroad, e.g., in the USA (see Section 7 for details, including the lack of an adequate level of data protection and the safeguards provided).
If you click on a link to a network while logged into your user account on that network, the content of our website can be linked to your profile, allowing the network to directly associate your visit to our website with your account. If you want to prevent this, you should log out before clicking on the respective links. A connection between your access to our website and your user account will occur if you log in to the respective network after clicking the link. The respective provider is responsible for the data processing associated with this connection under data protection law. Therefore, please refer to the privacy policies on the network's website.
The legal basis for any data processing attributable to us is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in using and promoting our social media profiles.
If you interact with us on our social media profile (e.g., by indicating that you like a product or service from us), corresponding information may also be published on the social network and potentially displayed to other users of the social network. The provider of the social network may use this information for advertising purposes and tailoring its offerings to meet user needs. For this purpose, usage, interest, and relationship profiles could be created, e.g., to evaluate your use of our website concerning the advertisements displayed on the social network, inform other users about your activities on our website, and provide other services related to the use of the social network. For details on the scope of data collection, further processing, and use of data by the providers of the social networks, as well as your rights and settings options to protect your privacy, please refer to the respective provider's privacy policy.
5.1.8 Google Tag Manager
We use the Google Tag Manager service from Google on our website.
This service allows us as marketers to manage website tags through a single interface. The tool that implements the tags is a cookieless domain and does not itself collect personal data. The service ensures the triggering of other tags that may collect data. The service does not access this data. If deactivation has been carried out on the domain or cookie level, it remains in effect for all tracking tags implemented using this service.
5.1.9 SecurImage
We use the SecurImage service on our website.
We use this service to verify whether the input is made by a human or abusively by automated, machine processing. The process directly serves to prevent spam, DDoS attacks, and similar automated malicious access. Therefore, the use of the service directly ensures the integrity and functionality of our systems.
The IP address transmitted as part of the service is not merged with other data from the provider unless you are logged into your account with the provider at the time of using the service. If you want to prevent this transmission and storage of data about you and your behavior on our website by the provider, you must log out from the provider before visiting our site or using the service.
The service transmits personal data to the USA (see Section 7).
The legal basis is our legitimate interest under Art. 6 para. 1 lit. f GDPR.
Our website uses so-called web fonts or icons, provided by Fonticons, Inc., 307 S Main St Ste 202 Bentonville, AR, 72712-9214, United States, to ensure a uniform representation of fonts or icons. When you access a page, your browser loads the necessary web fonts or icons into your browser cache to display texts, fonts, and icons correctly.
For this purpose, the browser you are using must connect to the servers of Fonticons, Inc. This allows Fonticons, Inc. to know that your IP address has accessed our website. The use of Font Awesome is in the interest of a consistent and appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
If your browser does not support Font Awesome, a standard font from your computer will be used. For more information about Font Awesome, please visit https://fontawesome.com/help and the privacy policy of Fonticons, Inc.: https://fontawesome.com/privacy.
You can order our Huerzeler Newspaper on the website (or view it online).
If you order the newspaper using the form on the website, we collect the following data from you:
The fields marked with * are mandatory.
If you provide us with personal data, you must ensure that this personal data is correct.
We use this data to process your order and to send you the newspaper, and to contact you by phone if necessary. Our legal basis is the necessity for contract fulfillment within the meaning of Art. 6 para. 1 lit. b GDPR.
5.2 Data Processing Outside of the Website
5.2.1 Communication
We process personal data when you contact us, or we contact you, e.g., when you call our travel agency, write to us, or visit our cycling stations, rentals, or cycling boutiques at the travel destinations. Generally, the following information is sufficient for us:
We use this data to provide you with information, make notifications, process your request, and communicate with you, as well as for quality assurance and training. We also forward communications within the Active Group AG to the relevant departments, e.g., if your request concerns another company.
If you provide us with information, you must ensure that it is correct.
Our legal basis for this data processing is our legitimate interest under Art. 6 para. 1 lit. f GDPR. You can object to the data processing at any time (contact details are provided below). However, we may then no longer be able to process your request or provide the services you requested.
We also process personal data when you use our services outside the website, e.g., when you book a trip directly with us or one of our business partners. In this context, we process your personal data (including the information mentioned in Section 3 regarding travel) mainly for handling the booking or for invoicing purposes. During the booking process, you will be informed about which data is mandatory. In this context, we regularly process the following data:
You may also want or need to provide us with personal data of third parties, e.g., fellow travelers. We would like to point out that you are obliged to inform these individuals about this data transfer and this privacy policy and to ensure the accuracy of the personal data concerned.
Our legal basis for this data processing is the fulfillment of a contract within the meaning of Art. 6 para. 1 lit. b GDPR.
5.2.3 Information and Direct Marketing
We process personal data (particularly your name and email address) for sending information and marketing communications.
Email newsletter to existing customers: If you have provided us with your email address when purchasing services or goods, we reserve the right to send you regular offers for similar services or goods from our range via email.
In this respect, we do not need to obtain separate consent from you under § 7 para. 3 UWG. The data processing is solely based on our legitimate interest in personalized direct advertising according to Art. 6 para. 1 lit. f GDPR. If you initially objected to the use of your email address for this purpose, no email will be sent by us. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying the responsible party mentioned at the beginning. You will only incur transmission costs according to the basic rates. Upon receipt of your objection, the use of your email address for advertising purposes will be stopped immediately.
Apart from this email marketing to existing customers, we only use your email address for marketing purposes if you have consented to this data processing. In this case, our legal basis is your consent according to Art. 6 para. 1 lit. a GDPR.
If you do not wish to receive information and marketing communications, please contact info@activetravel.ch or Active Travel AG, Neugrütstrasse 4B, 8610 Uster. You will also find a link to unsubscribe in every information and marketing email. For the newsletter, you can also unsubscribe via our website.
We are entitled to commission third parties with the technical implementation of marketing campaigns and, therefore, have the right to make your personal data available to third parties for this purpose. We use the email marketing service provided by Newsletter2go GmbH, Köpenicker Str. 126, DE-10179 Berlin, www.newsletter2go.de, to send our newsletter.
Our newsletter may contain a so-called web beacon (tracking pixel) or similar technical tools. A web beacon is a 1x1 pixel invisible graphic associated with the user ID of the respective newsletter subscriber. For each newsletter sent, there is information about the address file used, the subject, and the number of newsletters sent. Furthermore, it can be seen which addresses have not yet received the newsletter, to which address it was sent, and at which addresses the delivery failed. Additionally, the open rate, including the information about which addresses have opened the newsletter, is visible. Lastly, there is information about which addresses have unsubscribed. We use this data for statistical purposes and to optimize the newsletter in terms of content and structure. This enables us to better tailor the information and offers in our newsletter to the individual interests of the recipients. The tracking pixel is deleted when you delete the newsletter.
To prevent the use of the web beacon in our newsletter, please set your email program, if it is not already set by default, to not display HTML in messages. The following pages provide explanations on how to configure this setting in the most common email programs:
Microsoft Outlook
Mail for Mac
5.2.4 Business Partners
We work with different companies and business partners, such as transportation companies, hotels, other service providers, and suppliers, business partners (travel agencies that meet the legal customer money protection), car rental companies, etc., with cooperation partners and service providers (e.g., in the IT sector). A list of priority partners can be found at https://www.huerzeler.com/de/service/partner.
We process personal data about the contact persons in these companies for contract initiation and execution, planning, accounting, and training purposes, customer or supplier relationship management, and other contract-related purposes. We regularly process the following data in this context:
Depending on the activity area, we may also be required to conduct a closer examination of the company and its employees, such as through a security check. In this case, we collect and process additional information. We may also process personal data to improve our customer orientation, customer satisfaction, and customer loyalty.
Our legal basis for this data processing lies in the performance of a contract under Art. 6 para. 1 lit. b GDPR and in our legitimate interest under Art. 6 para. 1 lit. f GDPR. If it is not about the performance of a contract, you can object to the data processing at any time.
5.2.5 Administration
We process personal data for our own administration and internal administration within Active Group AG. We also process personal data for accounting and archiving purposes and, in general, for reviewing and improving internal processes.
These data processing activities also regularly involve employee data. We process this data for the purpose of executing the employment contract.
Our legal bases for the aforementioned data processing activities are diverse. We process employee data for the performance of a contract (employment contract) within the meaning of Art. 6 para. 1 lit. b GDPR and to fulfill legal obligations (e.g., social security administration) and/or in our legitimate interest under Art. 6 para. 1 lit. f GDPR. Data processing related to business operations, particularly in connection with accounting, is also either justified by legal obligations or by Art. 6 para. 1 lit. f GDPR.
5.2.6 Corporate Transactions
We may also process personal data to prepare and carry out corporate acquisitions and sales and to purchase or sell assets. The subject and scope of the collected or transmitted data depend on the stage and the subject of the transaction.
The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. You can object to this data processing at any time, subject to our overriding interest.
5.2.7 Job Applications
We also process personal data when you apply to us to assess your suitability for the position, discuss potential employment with you, and, if necessary, prepare and conclude a contract. For this purpose, we usually require the usual information and documents mentioned in a job posting, such as application, marital status, children, residency status, resume, skills and abilities, interests, references, qualifications, certificates, etc. This may also include particularly sensitive personal data, such as health data or information about trade union membership.
Our legal basis lies partly in the contract initiation you desire within the meaning of Art. 6 para. 1 lit. b GDPR. On the other hand, you consent to the processing of the respective data for recruitment purposes by submitting them.
5.2.8 Compliance with Legal Requirements
We process personal data to comply with legal requirements, such as ensuring compliance with legal obligations, including court or authority orders, ensuring compliance, and detecting and investigating abuses. This is the case, for example, when we receive and process complaints and reports of misconduct or when an authority requests documents containing your name and contact information or conducts an investigation at our premises. It is also possible that we conduct internal investigations in which your personal data may also be processed.
The legal basis for this data processing is either the fulfillment of legal obligations or our legitimate interest under Art. 6 para. 1 lit. f GDPR.
5.2.9 Legal Protection
We process personal data in various situations to protect our rights, such as to assess claims from us, affiliated companies, employees, or contractual and business partners and, if necessary, to assert them judicially, pre-judicially, or extrajudicially and before authorities at home and abroad, or to defend ourselves against claims. For example, we may assess the chances of success in litigation or submit documents to an authority. In doing so, we may process your personal data or disclose it to third parties at home and abroad, as far as necessary and permitted.
The legal basis for this data processing is our legitimate interest under Art. 6 para. 1 lit. f GDPR.
5.2.10 Credit Check
If we provide services in advance, e.g., in the case of purchase on account, we may obtain a credit report based on mathematical-statistical procedures from a credit agency to protect our legitimate interests. For this purpose, we transmit the personal data necessary for a credit check to a credit agency and use the information obtained on the statistical probability of a payment default for a balanced decision about the establishment, execution, or termination of the contractual relationship. We are happy to inform you upon request which credit agencies we contact for this purpose.
We have a legitimate interest in this data processing within the meaning of Art. 6 para. 1 lit. f GDPR (prevention of abuse). Additionally, this data processing is related to the performance of a contract according to Art. 6 para. 1 lit. b GDPR.
5.2.11 Analysis of Your Purchasing Behavior
We collect information about which purchases and bookings you make when and how often in which stores or online shops to derive information about your preferences and affinities for certain products or services. This information helps us inform you about further offers and tailor our offer more closely to demand.
Our legal basis for this data processing is the legitimate interest under Art. 6 para. 1 lit. f GDPR. We have an interest in getting to know our customers better to provide them with better-tailored services. We also have an interest in generally optimizing and further developing our services.
We store the aforementioned data in a central electronic data processing system. Your data is systematically recorded and linked to process your bookings and fulfill contractual services and to analyze your purchasing or booking behavior. We use software from Online Travel Services AG, Dorfstrasse 35, 6341 Baar, for this purpose. We base this data processing within the software on our legitimate interest in customer-friendly and efficient customer data management according to Art. 6 para. 1 lit. f GDPR. Additionally, we base this data processing on the performance of a contract according to Art. 6 para. 1 lit. b GDPR.
5.2.13 Huerzeler App
5.2.13.1 Downloading the App
When you download our app, the operator of the respective app store collects and processes the following data:
For more information on data processing by the app store operators:
5.2.13.2 Registering for the App
When you register in the app, we collect and process the following data:
We process this data to administer the user account and facilitate the use of the app. The legal basis is the performance of a contract according to Art. 6 para. 1 lit. b GDPR and our legitimate interest in the best possible administration of the app according to Art. 6 para. 1 lit. f GDPR. For certain features of the app, we may request specific consent according to Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time in the app settings for the future.
5.2.13.3 Using the App
When using the app, the following data is processed:
The comprehensive use of the app requires access permissions to individual features/services of your device for the following purposes:
Location: The app may request access to your location information. As mentioned, this is only required for specific features. We do not collect, store, or process location information ourselves.
When you start the app for the first time or when a service in the app requires access to certain functions of your device, you will be asked for your consent to activate these types of permissions. You can change the permissions at any time in the device settings and allow or deny access as desired. As described above, some permissions are necessary to activate certain functions of the app. If you remove the corresponding permission, the app may not function properly.
Further information about the specific data that can be accessed when allowing access to certain functions and how you can withdraw or confirm your consent can be found in the following links:
For Android (version 6.0 and higher): https://support.google.com/googleplay/answer/6270602?hl=en
For iOS: https://www.apple.com/privacy/manage-your-privacy/
We process your personal data to fulfill our contractual obligations (Art. 6 para. 1 lit. b GDPR). We may also process personal data based on your consent (Art. 6 para. 1 lit. a GDPR) to the extent described in this privacy policy.
The temporary collection of device information by the system is necessary to enable the delivery of the app to your device and ensure its playback. Storage in log files also occurs to ensure the stability and functionality of the app. Moreover, the data serves to optimize the app and secure the information technology systems against possible external attacks. This is where our legitimate interest in data processing under Art. 6 para. 1 lit. f GDPR lies. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, but no later than seven days. The collection of data for the provision of the app and its storage in log files is necessary for the operation of the app, so there is no option for you to object.
5.2.13.4 Push Messages
When installing the app on your device, you can decide whether you want to receive push notifications from us (Apple), or you will be informed that our offer includes push notifications that you can disable (Android). To send push notifications, we collect, store, and use the following data:
This data is required to ensure device-specific delivery of push notifications according to the push configuration in the app. The legal basis for processing this data is your consent under Art. 6 para. 1 lit. a GDPR. You can disable the push notification function at any time by either turning off the push function in the settings of the installed app or configuring the notification settings in the device settings of your mobile device.
Further information about specific services and data processing can be found in the privacy policy of the respective provider.
We work with various companies and business partners in Switzerland and abroad. If we pass on data to recipients abroad, we ensure an adequate level of data protection, which corresponds to the European level of protection. Further information is provided in Section 7.
We may transfer your personal data to the following categories of recipients in connection with our business activities and the purposes set out in Section 5:
These recipients may be located in Switzerland or abroad. In particular, you must expect your data to be transferred to all countries where Active Group AG is represented by group companies, branches, or other offices, as well as to other countries in Europe and the USA, where our service providers are located (such as Google). If we transfer data to a country without adequate legal data protection, we ensure an adequate level of protection by using appropriate contracts (notably based on the standard contractual clauses of the European Commission), binding corporate rules, or we rely on the legal exceptions of consent, contract fulfillment, the establishment, exercise, or enforcement of legal claims, overriding public interests, published personal data, or because it is necessary to protect the integrity of the affected persons. You can obtain a copy of the mentioned contractual safeguards from the contact person mentioned in Section 2. However, we reserve the right to redact copies for reasons of data protection law or confidentiality reasons, or to deliver only excerpts thereof.
If you use services from third parties or transmit data to third parties yourself (e.g., via links), the third-party data protection regulations apply. In this case, we recommend that you first obtain information about these third-party data protection regulations.
We may transfer your personal data to countries outside of Switzerland and the EU/EEA (including the USA) and process it there.
If a recipient is located in a country without adequate legal data protection, we ensure an adequate level of protection according to legal requirements by using appropriate contracts (notably based on the standard contractual clauses of the European Commission), binding corporate rules, or we rely on the legal exceptions of consent, contract fulfillment, the establishment, exercise, or enforcement of legal claims, overriding public interests, published personal data, or because it is necessary to protect the integrity of the affected persons. You can obtain a copy of the mentioned contractual safeguards from the contact person mentioned in Section 2. However, we reserve the right to redact copies for reasons of data protection law or confidentiality reasons, or to deliver only excerpts thereof.
We process and store your personal data as long as it is necessary for fulfilling our contractual and legal obligations or otherwise for the purposes pursued with the processing, e.g., for the duration of the entire business relationship (from the initiation, performance to the termination of a contract) as well as in accordance with the statutory retention and documentation obligations. It is possible that personal data may be retained for the time during which claims can be made against our company and as far as we are otherwise legally obligated to do so or legitimate business interests require (e.g., for evidence and documentation purposes). As soon as your personal data is no longer required for the aforementioned purposes, it will be deleted or anonymized as a general rule.
We take appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing and to prevent any risk of loss, accidental alteration, unauthorized disclosure, or unauthorized access.
These measures are based on the recognized risks and are continuously adapted in line with technical developments and organizational possibilities. To protect your data from unauthorized access by third parties during transmission, we use SSL (Secure Socket Layer) encryption. This is a standardized encryption method for online services, especially for the web.
However, we would like to point out that, despite these measures, security gaps may occur when transmitting data over the internet. A complete protection of data against unauthorized access by third parties is not possible.
Under the data protection laws applicable to you, and to the extent provided for therein (such as under the GDPR), you have the right to information, rectification, deletion, the right to restrict data processing, and otherwise to object to our data processing, particularly to data processing for direct marketing purposes, profiling carried out for direct marketing purposes, and other legitimate interests in data processing, as well as to the release of certain personal data for transfer to another entity (so-called data portability).
Please note, however, that we reserve the right to enforce the statutory restrictions on our part, for example, if we are obliged to store or process certain data, have an overriding interest in doing so, or require it for asserting claims. If this results in costs for you, we will inform you in advance. We have already informed you of the possibility of revoking your consent in Section 5.1.5 (under the section on Google Analytics). Please note that exercising these rights may conflict with contractual agreements and may have consequences, such as premature termination of the contract or cost consequences. In this case, we will inform you in advance unless it is already contractually regulated.
Exercising such rights generally requires you to clearly prove your identity (e.g., by a copy of your ID if your identity is otherwise unclear or cannot be verified). To assert your rights, you can contact us at the address stated in Section 2.
In addition, every data subject has the right to enforce their claims in court or file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
We may amend this privacy policy at any time without prior notice. The current version published on our website shall apply. If the privacy policy is part of an agreement with you, we will notify you of the change by email or other appropriate means in case of an update.
This privacy policy is based on the EU General Data Protection Regulation (GDPR). Although the GDPR is a regulation of the European Union, it is of importance to us. The Swiss Data Protection Act (DSG) is largely based on the GDPR. Moreover, companies outside the EU or Switzerland must comply with the GDPR under certain circumstances.
If you have any questions regarding data protection on our website, would like to request information, or request the deletion of your data, please contact us via email at info@activetravel.ch. We will endeavor to address your concerns promptly.
Cycling Holidays 
Bicycle Only 
Worldwide Cycling Tours 