Privacy policy

Privacy policy

Last update on 9 April 2025

1. What do we do?
2. What do we inform about?
3. Definition of terms
4. Contact
5. Data security
6. Rights of data subjects
7. General principles
8. Individual data processing operations
9. Does our privacy policy always remain the same?

What do we do?

Weber Enterprises (Grabaweg 4, 7050 Arosa) operates the website www.discoverarosa.ch (hereinafter referred to as "we").

The protection of your personal data is very important to us. In this privacy policy, we provide you with transparent and comprehensible information about what data we collect via our website and how we handle it.

For this reason, we use the icons of the PRIVACY ICONS association, among others. They are intend-ed to help you get a quick overview of how we process your data.

What do we inform about?

• Who is responsible for data processing;
• What data is collected;
• The purpose for which this data is collected;
• The legal basis on which we collect this data;
• To whom we pass on this data;
• How you can object to data processing;
• What rights you have and how you can assert them.

Definition of terms

What is personal data?

Personal data is all information that relates to an identified or identifiable natural person. This includes, for example, name, address, date of birth, e-mail address or telephone number as well as the IP ad-dress. Personal data also includes data about personal preferences such as leisure activities or memberships.

What are special categories of personal data?

Special categories of personal data are:

• Data on religious, ideological, political or trade union views or activities;
• Data relating to health, privacy, racial or ethnic origin, sex life and sexual orientation;
• Data on administrative or criminal prosecutions and sanctions, as well as data on social assistance measures;
• Genetic data and biometric data that uniquely identify a person.

If necessary and if you disclose this data to us yourself, we may process data belonging to a special category of personal data. In this case, their processing is subject to stricter confidentiality.

What is the processing of personal data?

Processing is any handling of personal data, regardless of the means and procedures used, in particular the procurement, storage, retention, use, modification, disclosure, archiving, erasure or destruction of personal data.

What is the disclosure of personal data?

This is the transmission or making available of personal data, e.g. publication or disclosure to a third party.

Contact

If you have any questions or concerns about the protection of your data by us, you can contact our data protection officer:

Weber Enterprises
Laura Weber
Grabaweg 4
7050 Arosa
laura@discoverarosa.ch

Data security

We will keep your data secure and take all reasonable steps to protect your data from loss, access, misuse or alteration.

Our contractual partners and employees who have access to your data are obliged to comply with data protection regulations. In some cases, it will be necessary for us to pass on your enquiries to our affiliated companies as part of order processing. Your data will also be treated confidentially in these cases.

Within our website, we use the SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser.

Rights of data subjects

Right to information

You can request information about the data we have stored about you at any time. Please send your request for information together with credible proof of identity to laura@discoverarosa.ch.

The information will be provided in writing or in another form, including electronically if necessary. If you so request, we can also provide you with the information verbally, provided that you can prove your identity in another form. If you submit the request for information electronically, we will provide the information in a standard electronic format, unless you specify otherwise.

As a rule, information is provided free of charge. If additional copies are requested, a reasonable fee may be charged.

The right to obtain a copy of the processed data must not adversely affect the rights and freedoms of other persons.

In the event of manifestly unfounded or excessive requests for information, we reserve the right to re-fuse to provide information within the limits of the law or to charge an appropriate fee.

The processing of your application is subject to the statutory deadline of one month. Due to the complexity and high number of requests, we may extend this period by a further two months if necessary. You will be informed of the extension within one month of submitting the request for information. You will also be informed of the reasons for the extension.

Cancellation and rectification

You have the option of requesting the deletion, correction or completion of your data at any time, provided that there are no statutory retention obligations or a legal authorization requirement to the contrary.

Please note that the exercise of your rights may be in conflict with contractual agreements and may have corresponding effects on the execution of the contract (e.g. premature cancellation of the contract or cost consequences).

Restriction of processing

You also have the right to request a restriction of processing if you dispute the accuracy of this data, the processing is unlawful, the data is no longer required or you have objected to the processing.

If the processing of the data is restricted, it may only be stored. Further processing may only take place with your consent, for the establishment, exercise or defence of legal claims, for the protection of the rights of another person or for reasons of important public interest. You will be notified if the restriction is lifted.

Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and the processing is carried out by automated means. You also have the right to request that the personal data be transmitted directly by us to another controller, insofar as this is technically feasible.

Right of objection

If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation affects the permissibility of the processing of your personal data after you have expressed your objection to us.

Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if, in particular, the processing is not necessary for the fulfilment of a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the ba-sis of which we will continue the processing.

You can object to the processing of your personal data for advertising and data analysis purposes at any time. You can contact us about your objection to advertising using the contact details provided in this privacy policy.

Right of appeal

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

General principles

What data do we process from you and from whom do we receive this data?

First and foremost, we process personal data that you transmit to us or that we collect when operating our website. We may also receive personal data about you from third parties. This may include the following categories:

• Personal master data (name, address, date of birth, etc.);
• Contact details (mobile phone number, e-mail address, etc.);
• Financial data (e.g. account details);
• Online identifiers (e.g. cookie identifiers, IP addresses);

This data can come from the following sources:

• Information from publicly accessible sources (e.g. media, Internet);
• Information from public registers (e.g. commercial register, debt collection register, land register);
• Information in connection with official or legal proceedings;
• Information regarding your professional functions and activities (e.g. professional networks);
• Information about you in correspondence and meetings with third parties;
• Credit information (insofar as we process personal transactions with you);
• Information about you that people from your environment give us so that we can conclude or process contracts with you;
• Data in connection with the use of the website.

Under what conditions do we process your data?

We process your data in accordance with the applicable data protection laws, in particular the GDPR. The processing is carried out for the purposes specified in this privacy policy. We pay attention to transparency and proportionality.

The processing of your data is lawful as long as a GDPR authorization is fulfilled. The following are possible grounds for authorization:

• Your consent (Art. 6 para. 1 lit. a GDPR);
• The fulfillment of a contract or pre-contractual measures (Art. 6 para. 1 lit. b GDPR);
• The fulfillment of legal obligations to which we are subject (Art. 6 para. 1 lit. c GDPR);
• The protection of vital interests of the data subject or another natural person (Art. 6 para. 1 lit. d GDPR);
• The performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 6 para. 1 lit. e GDPR);
• Our legitimate interests, provided that your interests do not outweigh ours (Art. 6 para. 1 lit. f GDPR).

It may be necessary for you to provide us with certain personal data so that we can fulfil our contractual obligations. Without such data, we are normally unable to fulfil a contract.

Under normal circumstances, the website cannot be used if certain information to secure data traffic, such as your IP address, is not disclosed.

In which cases can we pass on your data to third parties?

a. Principle

We may need to use the services of third parties or affiliated companies and commission them to process your data (so-called processors). The categories of recipients are as follows:

• Accounting, fiduciary and auditing company;
• Consultancy firms (legal advice, taxes, etc.);
• IT service provider (web hosting, support, cloud services, website design, etc.);
• Payment service provider;
• Provider of tracking, conversion and advertising services.

We ensure that these third parties and our affiliated companies comply with the requirements of data protection and treat your personal data confidentially.

We may also be obliged to disclose your personal data to authorities.

b. Passing on to partners and co-operation companies

We sometimes work together with different companies and partners who place their offers on our web-site. It is recognisable to you that this is a third-party offer (marked as "advertising").

If you take advantage of such an offer, we will transfer your personal data to the relevant partner or co-operation company (e.g. name, function, communication, etc.) whose offer you wish to take advantage of. These partners and co-operation companies are independently responsible for the personal data they receive. Once the data has been transmitted, the data protection provisions of the respective part-ner apply.

c. Transfer abroad

Under certain circumstances, your personal data may be transferred to companies abroad as part of order processing. These companies are obliged to protect data to the same extent as we are. The transfer may take place worldwide.

If the level of data protection does not correspond to that of the EEA area, we carry out a prior risk assessment and contractually ensure that the same level of protection is guaranteed as in the EEA area (e.g. by means of the standard contractual clauses of the EU Commission or other legally prescribed measures). If our risk assessment is negative, we will take additional technical measures to protect your data. You can access the EU Commission's standard contractual clauses at the following link.

How long do we store your data?

We only store personal data for as long as is necessary to fulfil the individual purposes for which the da-ta was collected.

We store contract data for longer, as we are obliged to do so by law. In particular, we must store business communications, concluded contracts and accounting documents for up to 10 years. If we no longer need such data from you to provide the services, the data will be restricted for further processing and we will only use it for accounting and tax purposes.

Individual data processing operations

Provision of the website and creation of log files

If you merely visit www.kangaroo.design, i.e. if you do not register or otherwise disclose information, only the data that your browser automatically transmits to our server will be collected. The data is technically necessary for the operation of the website.

What data do we process?

The following data in particular is processed for the provision of the website and the creation of log files:

• Name of the internet service provider
• IP address
• Technical information such as browser, operating system or screen resolution
• the date and time of access
• Referrer URL

This data cannot be assigned to a specific person and is not merged with other data sources.

For what purpose do we process the data?

The log files are processed in order to guarantee the functionality of the website and to ensure the security of our information technology systems.

On what basis do we process the data?

The legal basis for this data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interests are set out in the purpose of the data processing.

Who do we pass the data on to?

The forwarding of data by us is based on our statements on data forwarding.

How can you prevent data processing?

The data is only stored for as long as is necessary to fulfil the purpose for which it was collected. Accordingly, the data is deleted at the end of each session. The storage of log files is absolutely necessary for the operation of the website; you therefore have no option to object to this unless you do not visit our website.

Contact us

You can contact us in several ways. If you contact us and provide personal data, we will process your data. This refers to any verbal, written or other form of contact with us.

What data do we process? When you contact us, we process any data that you provide to us. This includes in particular:

• Name
• E-mail address
• Content and timing of their contact
• Contact details

It may happen that you have to provide certain mandatory data in order to contact us, for example when contacting us via a contact form or if you request a callback.

For what purpose do we process the data?

The purpose for which we use the data is determined by the nature of the contact. However, we never use the data for unforeseeable or unexpected purposes. The most common purposes are communication and feedback, customer service and the processing of business enquiries.

On what basis do we process the data?

The legal basis for this data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interests are set out in the purpose of the data processing.

Who do we share the data with?

The forwarding of data by us is governed by our statements on data forwarding. If the purpose of your contact requires us to pass on your data to third parties, we will pass on the data to the extent necessary.

How can you prevent data processing?

Insofar as you contact us, data processing cannot be prevented. Consequently, you must refrain from contacting us if you do not want your data to be processed.

Cookies

Our website uses cookies. Cookies are text files that are stored on the operating system of your device with the help of the browser when you visit our website. Cookies do not cause any damage to your computer and do not contain viruses. Some cookies are technically necessary for the website to function. Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them or their expiry date.

For what purpose do we process the data?

We use cookies so that we can use the data collected to make our website more user-friendly, effective and secure. In particular, we use cookies to save your preferences (e.g. language and location set-tings), to ensure the fast provision and attractive presentation of website content (e.g. through the use of fonts and content delivery networks) and to analyze the use of this website for statistical evaluation and continuous improvement (usually using third-party cookies). The purposes for which we use the (technically unnecessary) cookies in detail can be found in the following explanations in this privacy policy.

On what legal basis do we process the data?

The legal basis for this processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Insofar as technically necessary cookies are concerned, our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR forms the legal basis.

Who do we pass the data on to?

The forwarding of data by us is governed by our statements on data forwarding. In addition, the follow-ing information on individual data processing in this privacy policy must be observed.

How can you prevent data processing?

A cookie banner is displayed when the website is accessed. Cookies that require your consent in accordance with Art. 6 para. 1 lit. a GDPR are only activated if you give your consent. If you refuse con-sent, no data will be collected by the cookies requiring consent.

You cannot prevent the collection of data by cookies, which we use on the basis of our legitimate inter-est in accordance with Art. 6 para. 1 lit. f GDPR, by using the cookie banner. These cookies, which are technically necessary for the operation of the website, are stored on your computer. You can delete them completely or deactivate or restrict their transmission by changing the settings in your browser. If you deactivate these cookies, you may no longer be able to use all functions of the website to their full extent.

Instructions for the most common browsers can be found here:

• For Chrome from Google
• For Safari from Apple
• For Edge from Microsoft
• For Firefox from Mozilla

For cookies that are used to measure success and reach or for advertising, a general objection ("opt-out") is possible for numerous services via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA)

Comments

You have the option of commenting on certain content on our website.

What data do we process?

To publish a comment, you must provide us with the following information:

• Content of the commentary
• Name
• E-mail address (will not be published)

For what purpose do we process the data?

The content of the comment must be collected in order for the comment to be possible at all. The name is collected for the purpose of being able to assign a rating to a specific user. If you do not want your name to be published, we ask you to use an alias name. We use the e-mail address to verify you or to contact you if your comment is responded to, or to contact you if a third party objects to your comment as unlawful. To prevent the unauthorised use of e-mail addresses and to ensure the security of your data, we use the so-called double opt-in procedure, i.e. you will receive an e-mail in which you must confirm that you are the owner of this e-mail address and wish to receive the notifications. You can un-subscribe from the notifications at any time by clicking on the link contained in the e-mail. We will store your personal data, including your e-mail address, the time you registered for the service and your IP address, until you unsubscribe from the notification service.

On what legal basis do we process the data?

The legal basis for this processing is your consent in accordance with Art. 6 para. 1 lit a GDPR. By publishing a comment, you consent to the data processing.

Who do we pass the data on to?

The forwarding of data by us is based on our statements on data forwarding.

How can you prevent data processing?

You can only prevent the collection of your data via the comment function by not publishing a comment. If you wish to publish a comment, data processing cannot be prevented.

Tracking pixel

We may use tracking pixels on our website or in our emails. Tracking pixels are also known as web beacons. Tracking pixels are small, usually invisible images that are automatically retrieved when you visit our website or open our emails.

What data do we process?

Counting pixels can be used to collect the same data as log files. In addition, movement profiles of the entire session can be collected. In particular, tracking pixels are used by third parties whose services we use. Detailed information about these third-party services is provided below in this statement.

For what purpose do we process the data? Tracking pixels are used by various tracking services to analyse the use of this website and for statistical evaluation and continuous improvement. Tracking pixels can also be used for email tracking.

On what legal basis do we process the data?

The legal basis for the dissemination is your consent in accordance with Art. 6 para. 1 lit a GDPR.

Who do we pass the data on to?

The transfer of data by us is based on our statements on data transfer. Please also note the information in this privacy policy on the individual tracking services.

How can you prevent data processing? To prevent data processing using tracking pixels, you can install suitable browser extensions such as uBlockOrigin and block external graphics in your e-mail programme or by not giving your consent for processing.

Google Analytics

We use Google Analytics on our website, a service of the provider Google Ireland Ltd, Google Building Gordon House, Barrow St, Dublin 4, Ireland with headquarters at Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, both together "Google".

What data do we process?

Google Analytics is an analysis service for websites to collect information about the use of the website. In particular, the following information may be collected:

• IP address
• Technical information such as browser, operating system or screen resolution
• Interactions on the website
• Duration of the visit
• Time and date of the website visit
• Referrer URL

The IP address is anonymised by Google Analytics so that a personal reference is no longer possible. When a visitor visits our website for the first time, Google Analytics can generate an identifier to recog-nise the visitor when they visit the website again. If you are logged in with your Google account, data processing can also take place across devices.

For what purpose do we process the data?

Your IP address is used to determine your approximate location. We can use the information obtained from this to measure the relevance of our offers in different regions. We also use the IP address to de-termine where website visitors have come to our website from. The technical information is processed so that the website can be displayed satisfactorily on every device. The interactions, duration, time and date are collected so that we can use this data to evaluate and optimise our marketing campaigns and offers. We can also use this data to determine how visitors interact with our website, i.e. which content is popular with which visitors. The referrer URL is processed for the purpose of measuring the effec-tiveness and analysing various marketing channels.

On what basis do we process the data?

The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Who do we share the data with?

The transfer of data by us is governed by our statements on data transfer. As Google is a transnational company, your data may be transferred by Google to anywhere in the world. In particular, it may be transferred to Google's headquarters in the USA. A country in which the legislation does not guarantee adequate data protection.

Google Tag Manager

We use Google Tag Manager on our website, a service of the provider Google Ireland Ltd, Google Building Gordon House, Barrow St, Dublin 4, Ireland with headquarters at Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, both together "Google".

Google Tag Manager is a service for centralised management of various tracking tags (e.g. Facebook Pixel, Google Analytics, Hotjar etc.). Google Tag Manager itself does not collect any data. The tags that collect the data that we manage using Google Tag Manager are listed in this privacy policy.

Google Web Fonts

How does Google Web Fonts work?

We use so-called web fonts on our website for the uniform display of fonts, which are provided by Google. When you call up one of our pages, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

What information do you share with us and how is it used?

The browser you use establishes a connection to Google's servers. This enables Google to know that our website has been accessed via your IP address. If your browser does not support web fonts, a standard font is used by your computer.

Why are we allowed to use Google Web Fonts?

Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. For more information on Google Web Fonts, see the Google Web Fonts FAQs: https://developers.google.com/fonts/faq.

Webflow

Webflow is a visual web design platform that allows users to design, build, and launch responsive websites without writing code. It combines the flexibility and customization of coding with the intuitive drag-and-drop interface of a website builder. Webflow is used to create visually appealing and functional websites for businesses, organizations, and individuals. Some common uses of Webflow on a website include:

1. Website design and development: Webflow allows users to design and build websites from scratch, making it a popular choice for website designers and developers. Its drag-and-drop interface and customizable templates make it easy to create a unique and professional-looking website.
2. Responsive design: With Webflow, users can create websites that are optimized for all screen sizes, including desktop, tablet, and mobile. This ensures a seamless user experience across different devices.
3. Animation and interactivity: Webflow's built-in animations and interactions allow users to bring their website to life with engaging and interactive elements. This can include hover effects, scroll-based animations, and more.
4. E-commerce: Webflow offers robust e-commerce features, making it a popular choice for businesses looking to sell products or services online. Users can create online stores, manage inventory, and process payments all within the platform.
5. Content management

Cloudflare

Cloudflare is a content delivery network (CDN) and website security service that helps to optimize and protect websites. It works by acting as a middleman between a website and its visitors, routing traffic through its global network of servers. Some of the benefits of using Cloudflare on a website include faster page loading times, improved site security against cyber attacks and DDoS attacks, and increased reliability and uptime. Cloudflare also offers features such as caching, SSL encryption, and a web application firewall (WAF) to further enhance website performance and security.

Google Hosted Libraries

Google Hosted Libraries is a content delivery network (CDN) provided by Google, which hosts common JavaScript libraries and fonts and allows websites to load them from a fast and reliable source. This reduces the load time of a website and improves performance for visitors, particularly for those with slower internet connections or from other regions of the world. By using Google Hosted Libraries, websites can also benefit from the caching and optimization techniques used by the CDN, resulting in a more efficient and stable website. Additionally, using Google Hosted Libraries can save website owners from having to manage and update these libraries themselves, as Google takes care of this.

Cloudflare Turnstile

Cloudflare Turnstile is a tool used to help protect websites from malicious activity and improve user experience. It offers an easy-to-use authentication process to verify user identity and block malicious traffic, and it can also be used to detect and block malicious bots. Additionally, Turnstile can be used to set up two-factor authentication, which can help prevent unauthorized access.

jsDelivr

jsDelivr is a content delivery network (CDN) that is used to deliver static files, such as JavaScript libraries, CSS stylesheets, fonts, and images, to website visitors. It helps websites to load faster by caching these files on servers located around the world, reducing the distance they need to travel to reach visitors. This can improve website performance and user experience.

PrivacyBee

We use PrivacyBee on our website, a service provided by PrivacyBee AG, Laupenstrasse 1, 3008 Bern, Switzerland. PrivacyBee is used to recognize all data protection-relevant services and to generate an individual privacy policy for the website.

What data do we process?
PrivacyBee is a service for generating data protection declarations, which are then integrated into our website via JavaScript. The following data is processed for the provision of this service:

• IP address
• Browser type and version
• Operating system
• Date and time of access to our privacy policy

For what purpose do we process the data? The collection of this data enables us to display the privacy policy correctly on your end device configuration and to ensure that the content is correct and up to date.

Who do we share the data with?
The transfer of data by us is based on our statements on data transfer. The data collected through the use of PrivacyBee remains with PrivacyBee.

How can you prevent the processing of your data?
To prevent PrivacyBee from processing your data, you can disable JavaScript in your browser. Please note, however, that if you deactivate JavaScript, you may not be able to use all the functions of our website to their full extent. We do not offer a specific opt-out option for the PrivacyBee service itself, as the service is essential for the provision of our privacy policy.

Does our privacy policy always remain the same?

We may change this privacy policy at any time. The changes will be published on www.discoverarosa.ch, you will not be informed separately.

‍