Data protection declaration

1. Privacy Policy

This privacy policy applies to Luftseilbahn Pfingstegg AG, Rybigässli 25, 3818 Grindelwald, pfingstegg.ch.

With this privacy policy, we inform you about which data we process from you, what we require this data for, and how you may object to the collection of data.

The protection of your personality and your privacy is an important concern for us and for the companies of public transportation. We guarantee that your personal data will be processed in compliance with the applicable provisions of data protection law.

The companies of the tourism and public transport sector are committed to the following principles for the trustworthy handling of your data.

You decide on the processing of your personal data.

Within the framework of the law, you may object to data processing at any time, withdraw your consent, or request deletion of your data. You always have the option of travelling anonymously, i.e., without your personal data being recorded.

We provide added value when processing your data.

Public transport companies use your personal data in order to provide you with added value along the mobility chain (e.g., tailored offers and information, assistance, or compensation in the event of disruptions). Your data is therefore used solely for the development, provision, optimization, and evaluation of our services or for maintaining customer relationships.

Your data will not be sold.

Your data will only be disclosed to selected third parties listed in this privacy policy and only for explicitly stated purposes. If we commission third parties to process data, they are contractually obliged to comply with our data protection standards.

We guarantee security and protection for your data.

Public transport companies guarantee the careful handling of customer data as well as the security and protection of your data. We ensure the necessary organizational and technical measures for this purpose.

1.1. Who Is Responsible for Data Processing

Luftseilbahn Grindelwald-Pfingstegg AG (“LGP”) is responsible for processing your data. As a company operating within the tourism and public transport sector, we are legally obliged to participate in so-called Direct Transport Services (“Direkte Verkehre”, DV). For this purpose, certain data is exchanged and centrally stored within databases jointly operated by all transport companies (TU) and public transport associations, as well as by third parties distributing public transport products. Therefore, for certain data processing activities, we share responsibility jointly with these transport companies and associations. Further information on the individual data processing activities can be found in the section “What does joint responsibility in public transport mean?”.

If you have any questions or suggestions regarding data protection, you may contact our operational Data Protection Officer at any time.

Operational Data Protection Officer of the Pfingstegg Cableway

Remo Spieler
Luftseilbahn Grindelwald-Pfingstegg AG
Rybigässli 25
CH-3818 Grindelwald
E-mail: info@pfingstegg.ch

1.2. Why We Collect Personal Data

We are aware of how important the careful handling of your personal data is to you.

All data processing is carried out only for specific purposes. These may arise, for example, from technical necessity, contractual requirements, legal obligations, overriding legitimate interests, or your explicit consent.

We collect, store, and process personal data insofar as this is necessary, for example for managing customer relationships, distributing our products and providing our services, processing orders and contracts, sales and invoicing, responding to questions and concerns, providing information about our products and services as well as marketing them, assisting with technical matters, and evaluating and further developing services and products.

For more detailed information on which data is processed for which purposes, please refer to the following sections.

a) When visiting www.pfingstegg.ch

When you visit our website, our servers temporarily store each access in a log file.

The following data is collected without your intervention and stored by us until it is automatically deleted after no more than twelve months:

• the IP address of the requesting device

• the date and time of access

• the name and URL of the retrieved file

• the website from which the access was made (referrer URL)

• the operating system of your device and the browser used

b) When subscribing to our newsletter

You may subscribe to our newsletter on our website. Registration is required for this purpose. During registration, the following data must be provided:

• title

• first and last name

• email address

• mobile number

The above data is necessary for processing. We use it exclusively to personalise the information and offers sent to you and to better tailor them to your interests. By explicitly confirming after registration, you consent to the processing of the data provided for the regular sending of the newsletter to the address you provided and for statistical analysis of user behaviour as well as optimisation of the newsletter.

This consent constitutes, within the meaning of Art. 6 para. 1 lit. a GDPR, our legal basis for processing your email address. We are entitled to commission third parties with the technical handling of marketing measures and may pass your data on to them for this purpose (see section 5). At the end of each newsletter, you will find a link allowing you to unsubscribe at any time. After unsubscribing, your personal data will be deleted. Further processing will only take place in anonymised form for the purpose of optimising our newsletter. We expressly refer to the data analyses carried out as part of newsletter distribution (see section 5).

c) When booking, ordering, or making reservations with third parties

Various options are available on our website for making bookings or reservations or requesting informational material or other services. These services are provided by third parties. Depending on the service, different data is collected, for example:

• title and/or company name

• first and last name

• address (street, house number, postal code, city, country)

• additional contact details (email address, telephone number)

• if applicable, credit card details

We will mark mandatory fields accordingly; if this information is not provided, it may hinder the provision of booking services. Providing other information is optional and does not affect the use of our website.

The data you enter is usually collected directly by the respective provider or, in some cases, forwarded by us to them. In such cases, the privacy policy of the respective provider applies. The legal basis for processing the above-mentioned data is the performance of a contract within the meaning of Art. 6 para. 1 lit. b GDPR. Apart from the cases mentioned above, no further data processing or disclosure takes place.

1.3. Data Security

We use appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss, and against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

You should always treat your payment information as confidential and close your browser window once you have finished communicating with us, especially if you are using a shared computer. We also take internal data protection very seriously. Our employees and the service providers we engage are obliged to maintain confidentiality and to comply with data protection regulations.

We take reasonable precautions to protect your data. However, the transmission of information over the internet and other electronic means always involves certain security risks, and we cannot guarantee the security of information transmitted in this way.

1.4. What “Joint Responsibility” Means

Luftseilbahn Grindelwald-Pfingstegg AG is responsible for processing your data. As a public transport company, we are legally required to provide transport services jointly with other transport companies and associations (“direct transport”, Art. 16 and 17 of the Passenger Transport Act).

To enable this, data arising from your interactions with us or from purchased services is shared within the National Direct Transport system (NDV), a network of over 240 transport companies and associations in public transport at a national level. The individual transport companies and associations involved are listed here.

The data is stored in the central database NOVA (National Networked Public Transport System), which is operated by SBB on behalf of the NDV, and for which we share responsibility with the other companies and associations within the NDV. NOVA is a technical platform for the distribution of public transport services. It includes all central components required for the sale of public transport services, such as the customer database. Access rights to the shared databases by individual transport companies and associations are governed by a joint agreement.

The sharing and processing of data via this central storage is limited to the following purposes:

Provision of transport services

To ensure your journey runs smoothly, your travel and purchase data is shared within the NDV.

Contract fulfilment

We process this data for the establishment, administration, and execution of contractual relationships.

Customer service and relationship management

We process your data for communication purposes, in particular to respond to inquiries, exercise your rights, and identify and support you across public transport services in case of requests or difficulties, as well as to handle any compensation claims.

Ticket inspection and revenue protection

Customer and subscription data is required for revenue protection (verification of ticket and discount validity, debt collection, and fraud prevention). Incidents of travel without a valid or fully valid ticket may be recorded in the national fare evasion register.

Revenue distribution

The Alliance SwissPass office, operated by ch-integral, fulfils the legal mandate defined in the Swiss Passenger Transport Act to collect travel data for the correct distribution of revenues. It acts as the mandated body for revenue allocation in the National Direct Transport system on behalf of the participating companies.

Identification via SwissPass login (SSO)

For services purchased using the SwissPass login, data is stored in the central customer database (NOVA). To enable single sign-on (SSO)—a single login for all services using SwissPass authentication—login, card, customer, and service data are exchanged between the SwissPass authentication infrastructure and us.

Joint marketing and market research activities

In certain cases, data collected when purchasing public transport services may also be used for marketing purposes. If you have given consent, any processing or contact for this purpose will generally be carried out only by the transport company or association where you purchased the service.

Other participating companies may only process or contact you in exceptional cases and under strict conditions, and only if data analysis suggests that a specific public transport offer may be of interest to you. An exception applies to marketing activities carried out by SBB, which manages marketing for NDV services (e.g. GA and Half-Fare Travelcard) and may contact you regularly in this role.

We also process your data for market research, service improvement, and product development.

Further development of public transport systems using anonymised data

We analyse your data in anonymised form in order to further develop the public transport system in a user-oriented way.

1.5. Cookies

Cookies are small files that are stored on your computer or mobile devices when you visit or use one of our websites. Cookies store certain settings about your browser and data relating to the exchange with the website via your browser. When a cookie is activated, it may be assigned an identification number through which your browser can be recognised and the information contained in the cookie can be used.

Cookies help, in many respects, to make your visit to our website easier, more pleasant, and more useful. Cookies do not damage your computer’s hard drive, and they do not transmit personal data about users to us. We use cookies, for example, to better tailor the information, offers, and advertising shown to you to your individual interests. Their use does not result in us obtaining new personal data about you as an online visitor.

Most internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that you are always notified when you receive a new cookie.

When visiting our website, however, you must accept the use of cookies before you can use our website. By clicking the confirmation button, you explicitly agree to the use of cookies.

1.6. Use of Own Cookies

When visiting certain pages, a so-called “session cookie” is set. This is a small text file that is automatically deleted from your computer after the browser session ends. This file is used exclusively to enable the use of certain applications.

With most web browsers, you can change the settings so that your browser does not accept new cookies or so that cookies are deleted automatically.

On the following pages you will find explanations on how to configure cookie handling:

• Google Chrome for Desktop

• Google Chrome for Mobile

• Microsoft Windows Internet Explorer

• Apple Safari for Mobile

1.7. Social Media Plugins

We use social media plugins (Facebook, Instagram, and Tripadvisor) on our website. When these plugins are activated, your browser establishes a direct connection with the servers of the respective social network as soon as you access one of our webpages. The content of the plugin is transmitted directly from the social network to your browser and integrated into the website by it.

Further information can be found in the respective privacy policies.

1.8. Analysis of Newsletter Usage

For sending our newsletter, we use email marketing services provided by third parties. Our newsletter may therefore contain a so-called web beacon (tracking pixel) or similar technical tools.

A web beacon is a 1x1 pixel invisible graphic that is associated with the user ID of the respective newsletter subscriber.

The use of such services allows us to analyse whether emails containing our newsletter have been opened. In addition, click behaviour of newsletter recipients can be recorded and evaluated. We use this data for statistical purposes and to optimise the newsletter in terms of content and structure. This enables us to better tailor the information and offers in our newsletter to the individual interests of each recipient.

The tracking pixel is deleted when you delete the newsletter. To prevent tracking pixels in our newsletter, please configure your email program so that HTML content is not displayed in messages.

1.9. Note on Data Transfers to the USA

For users residing or based in Switzerland, we would like to point out, for the sake of completeness, that in the United States there are surveillance measures by US authorities which generally allow the storage of all personal data of all individuals whose data has been transferred from Switzerland to the US. This is done without differentiation, limitation, or exception based on the intended purpose, and without any objective criteria that would allow access by US authorities to be restricted to specific, narrowly defined purposes that could justify the interference associated with access to and use of such data.

Furthermore, we note that in the United States there are no legal remedies available to affected individuals from Switzerland that would allow them to obtain access to their data, or to request correction or deletion, nor is there effective judicial protection against general access rights of US authorities.

We explicitly draw the attention of data subjects to this legal and factual situation in order to enable an informed decision regarding consent to the use of their data.

Users residing in a member state of the EU are informed that, from the perspective of the European Union — among other reasons due to the issues mentioned in this section — the United States does not provide an adequate level of data protection.

1.10. Tracking Tools

For the purpose of demand-oriented design and continuous optimisation of our websites, apps, and emails, we use web analytics services provided by Google Analytics, Google Optimize, and Google Search Console. For the data processing described below, our legitimate interest forms the legal basis.

Tracking on websites

In connection with our websites, pseudonymised usage profiles are created, and small text files (“cookies”) stored on your computer are used (see below “What are cookies and when are they used?”). The information generated by cookies about your use of these websites is transmitted to the servers of the service providers, stored there, and processed for us.

In addition to the data listed above (see “Which data is processed when using our websites?”), we also receive the following information:

• navigation path taken by a visitor on the website

• time spent on the website or subpages

• subpage from which the website is exited

• country, region, or city from which access occurs

• end device (type, version, colour depth, resolution, width and height of the browser window)

• returning or new visitor

• browser type/version

• operating system used

• referrer URL (previously visited page)

• hostname of the accessing device (IP address)

• time of server request

This information is used to evaluate website usage.

Tracking in email communications

When sending emails, we use email marketing services provided by third parties. Our emails may therefore contain a so-called web beacon (tracking pixel) or similar technical tools. A web beacon is a 1x1 pixel invisible graphic associated with the user ID of the respective email subscriber.

For each newsletter sent, information is available regarding the mailing list used, the subject line, and the number of newsletters sent. In addition, it can be seen which addresses have not yet received the newsletter, to which addresses it has been sent, and where delivery has failed. Furthermore, open rates can typically be analysed, including which addresses opened the newsletter and which unsubscribed from the mailing list.

The use of such services enables the evaluation of the above-mentioned information. It also allows analysis of click behaviour. We use this data for statistical purposes and to optimise the content of our communications. This enables us to better tailor information and offers in our emails to the individual interests of each recipient. The tracking pixel is deleted when you delete the email.

If you wish to prevent the use of web beacons in our emails, please configure your email program (if not already the default setting) so that HTML is not displayed in messages.

Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses cookies (text files stored on your computer) which enable an analysis of your use of the website (see section 2.5).

Google uses this information on behalf of the website operator to evaluate your use of the website, to compile reports on website activity, and to provide further services relating to website and internet usage. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data.

You may prevent the storage of cookies or delete them via your browser settings.

Google has committed to ensuring appropriate data protection in accordance with the US–EU and US–Swiss Privacy Shield frameworks.

Further information can be found in Google’s privacy policy.

1.11. Rights Regarding Your Personal Data

You have the right to obtain information free of charge, upon request, about the personal data we store about you. In addition, you have the right to have incorrect data corrected and the right to have your personal data deleted, provided that no legal retention obligation or legal basis permitting us to process the data prevents this.

In accordance with Articles 18 and 21 of the GDPR, you also have the right to request restriction of data processing and to object to data processing.

You further have the right to request the data you have provided to us (data portability). Upon request, we will also transfer the data to a third party of your choice. You have the right to receive the data in a commonly used file format.

You may contact us for the above purposes at the email address info@pfingstegg.ch. For processing your requests, we may, at our discretion, require proof of identity. You may also inform us of what should happen to your data after your death by providing appropriate instructions.

You have the right to have incorrect or incomplete personal data corrected and to be informed about the correction. You have the right to object to the use of your data for marketing purposes. You have the right to withdraw your consent at any time with effect for the future.

Every person also has the right to enforce their claims in court or to lodge a complaint with the competent data protection authority. The competent Swiss data protection authority is the Federal Data Protection and Information Commissioner (FDPIC) (www.edoeb.admin.ch).

1.12. Data Retention

We store personal data only for as long as it is necessary:

• to use the tracking, advertising, and analytics services described above within the scope of our legitimate interests;

• to perform services requested by you or for which you have given your consent (e.g. newsletter subscriptions);

• to comply with our legal obligations.

Contract data is stored for longer periods because it is subject to statutory retention requirements. These retention obligations arise from accounting regulations and tax laws. According to these provisions, business correspondence, concluded contracts, and accounting records must be retained for up to 10 years, or up to 5 years for users residing in France.

Once the data is no longer required for the provision of services, it is blocked. This means that the data may then only be used for accounting and tax purposes.

1.13. Will your data be shared with third parties?

Your data will not be sold by us. Your personal data will only be shared with selected service providers and only to the extent necessary for providing the service. These include IT support providers, issuers of subscription cards, shipping service providers (such as Swiss Post), service providers responsible for allocating transport revenue among participating transport companies (particularly in connection with the creation of so-called allocation keys under the Swiss Passenger Transport Act), our hosting provider (see section “Use of the Website”), and the providers named in the sections relating to tracking tools, social plug-ins, and advertisements. With regard to service providers located abroad, please also refer to the information in the section “Where is your data stored”.

In addition, your data may be disclosed if we are legally obliged to do so or if this is necessary to safeguard our rights, particularly for enforcing claims arising from our relationship with you.

Your personal data will not be disclosed to other third parties outside public transport. The only exceptions are SwissPass partners and companies that have been contractually authorized by public transport companies to mediate public transport services. These intermediaries will only gain access to your personal data if you wish to obtain a public transport service through them and if you have given your consent for such access. Even in this case, they will only receive access to the extent necessary to determine whether, for the planned travel period, you already hold tickets or subscriptions relevant to your journey and to the third party’s requested service. The legal basis for this data processing is therefore your consent. You may revoke your consent at any time with future effect (see section 2.9).

If you use offers from a SwissPass partner with your SwissPass, data about services you may have purchased from us (e.g. a GA Travelcard, Half Fare Travelcard, or regional route subscription) may be transmitted to the SwissPass partner in order to verify whether you qualify for a specific offer from that partner (e.g. a discount for GA holders). In the event of loss, theft, misuse, forgery, or card replacement after purchasing a service, the relevant partner will be informed. This data processing is necessary for the performance of the contract governing the use of the SwissPass and is therefore based on that legal basis. Further information can be found in the privacy policy on:

SwissPass

as well as in the privacy policy of the respective SwissPass partner.

1.14. Use of Chatbase (AI Chatbot)

An AI-powered chatbot provided by Chatbase is integrated into our website. The service is based on technologies from OpenAI (USA) and is used to enable automated conversations with website visitors, for example to answer questions or assist with navigation.

When using the chatbot, the following data may be processed:

• content entered by the user (text inputs),

• technical information (e.g. IP address, timestamp, browser type),

• location data (if transmitted by the browser).

This data may be transferred to servers operated by Chatbase or OpenAI located in the United States. Use of the chatbot is voluntary. By starting a conversation, you consent to the transfer and processing of your data in accordance with Chatbase’s privacy policy.

Further information can be found at:

Chatbase Privacy Policy

1.15. Right to lodge a complaint with a data protection supervisory authority

You generally have the rights of access, rectification, deletion, restriction of processing, data portability, withdrawal of consent, and objection. If you reside in an EU member state, you also have the right to lodge a complaint at any time with a data protection supervisory authority.

You can contact us using the following contact details: during the summer season (see opening hours) from 9:00 a.m. to 5:00 p.m. at +41 33 853 26 26, or at any time by email at info@pfingstegg.ch.

Grindelwald, 13 February 2026