Data protection policy

We are delighted that you have taken an interest in our organisation. In principle, it is possible to use the Ostschweiz Tourismus website without providing any personal data. However, if a data subject wishes to make use of specific services offered by our organisation via our website, the processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally request the consent of the data concerned.

1. Terms and definitions

This data protection policy is based on the terms used by the European legislators and regulators when enacting the General Data Protection Regulation (GDPR).

2. Name and address of the data protection officer

The data protection officer within the meaning of the General Data Protection Regulation (GDPR) is:
Ostschweiz Tourismus
Fürstenlandstrasse 53
CH-9000 St. Gallen

3. Cookies

The Ostschweiz Tourismus website uses cookies. Cookies are text files that are placed and stored on a computer system via a web browser.

4. Collection of general data and information

The Ostschweiz Tourismus website collects a range of general data and information each time a data subject or an automated system accesses the website. This general data and information is stored in the server’s log files.

5. Registration on our website

The data owner has the option to register on the data controller’s website by providing personal data.

6. Newsletter subscription

The Ostschweiz Tourismus website offers visitors the opportunity to subscribe to our company’s newsletter.

7. Routine deletion and blocking of personal data

The data protection officer shall process and store the data subject’s personal data only for the period necessary to fulfill the purpose of storage, or where this is provided for by the European legislator or another legislator in laws or regulations to which the data protection officer is subject.

8. Rights of the data owner

1. Right to confirmation
2. Right of information
3. Right to correction
4. Right to deletion (right to be forgotten)
5. Right to restriction of processing
6. Right to data portability
7. Right to disagree
8. Automated decisions in individual cases, including profiling
9. Right to withdraw consent under data protection law

9. Data protection policy regarding the use of Google Analytics

The data protection officer has integrated the Google Analytics component into this website.

10. Legal basis for processing

Art. 6 I lit. a of the GDPR serves as the legal basis for our company’s processing operations where we obtain consent for a specific processing purpose.

11. Legitimate interests in processing pursued by the data protection officer or a third party

Where the processing of personal data is based on Article 6 I lit. f of the GDPR, our legitimate interest is the conduct of our business activities for the benefit of all our employees and shareholders.

12. The period for which personal data is stored

The criteria for the duration of storage of personal data correspond to the respective statutory retention periods.

13. Legal or contractual requirements regarding the provision of personal data; requirements for the conclusion of a contract; the data subject’s obligation to provide personal data; possible consequences of failure to provide such data

We inform you that the provision of personal data is in some cases required by law (e.g. tax regulations) or may also arise from contractual provisions (e.g. details of the contracting party).

14. Presence of automated decision-making

As a responsible organisation, we do not use automated decision-making or profiling.

15. Privacy Policy on the Use of Social Media

The data protection officer has integrated social media components into this website.

16. Amendments to the Privacy Policy

We reserve the right to amend this privacy policy at any time to ensure that it remains in line with current legal requirements or to reflect changes to our services in the privacy policy.