Privacy policy and terms of use
General Contract Conditions
Chur sports and event facilities maintains an online ticket shop which enables customers to make online bookings for tickets of Chur sports and event facilities. Payments are accepted only with Debit/Credit Cards (VISA or MasterCard), PayPal- or PostFinance-Account.
Copyrights
Chur sports and event facilities endeavors to observe the copyrights of the graphics, sound documents, video sequences and texts used in all publications, to use graphics, sound documents, video sequences and texts created by itself or to use unlicensed graphics, sound documents, video sequences and texts.
All brand names and trademarks mentioned within the internet offer and possibly protected by third parties are subject without restriction to the provisions of the applicable trademark law and the ownership rights of the respective registered owners. On the mere mention, it can not be concluded that trademarks are not protected by third party rights.
The copyright for published objects created by the author remains solely with the author of the pages. Reproduction or use of such graphics, sound documents, video sequences and texts in other electronic or printed publications is not permitted without the express consent of the author.
Imagery
Chur sports and event facilities photo archive, various regional photographers and courtesy of our partners.
Privacy Policy
With this Privacy Policy, we inform you about the processing of personal data in connection with our activities and operations including our sportanlagenchur.ch website. In particular, we inform you about the purposes, methods, and locations of our data processing activities. We also inform you about the rights of individuals whose data we process.
Additional or specific privacy policies or information may apply to individual or supplementary activities and operations.
We are subject to Swiss data protection law, as well as potentially applicable foreign data protection laws, such as the General Data Protection Regulation (GDPR) of the European Union (EU).
The European Commission recognized in its decision of July 26, 2000, that Swiss data protection law provides adequate protection. The European Commission confirmed this adequacy decision in its report of January 15, 2024.
1. Contact Addresses
Responsibility for the processing of personal data:
Sport- und Eventanlagen Chur
Sport- und Eventanlagen Chur
Grossbruggerweg 6
7000 Chur
Switzerland
In individual cases, third parties may be responsible for processing personal data, or there may be joint responsibility with third parties.
Data Protection Officer or Data Protection Advisor
We have the following Data Protection Officer or Data Protection Advisor as a contact point for individuals and authorities with inquiries related to data protection:
Fabio Wellenzohn
Sport- und Eventanlagen Chur
Grossbruggerweg 6
7000 Chur
Switzerland
2. Terms and Legal Bases
2.1 Terms
Data Subject: A natural person whose personal data we process.
Personal Data: Any information relating to an identified or identifiable natural person.
Special Categories of Personal Data: Data relating to trade union activities, political, religious or philosophical beliefs, health, private life, ethnic or racial origin, genetic data, biometric data that uniquely identifies a natural person, data on criminal and administrative sanctions or prosecutions, and data on social welfare measures.
Processing: Any handling of personal data, regardless of the means and procedures applied, such as querying, matching, modifying, archiving, storing, reading, disclosing, acquiring, recording, collecting, deleting, revealing, ordering, organizing, storing, altering, disseminating, linking, destroying, and using personal data.
European Economic Area (EEA): Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.
Note: The European General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data and the processing of special categories of personal data as the processing of special categories of personal data (Art. 9 GDPR).
2.2 Legal Bases
We process personal data in accordance with Swiss data protection law, particularly the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).
We process – where and to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data or personal data in accordance with at least one of the following legal bases:
- Art. 6(1)(b) GDPR for the processing of personal data necessary for the performance of a contract with the data subject or for the implementation of pre-contractual measures.
- Art. 6(1)(f) GDPR for the processing of personal data necessary to protect legitimate interests – including the legitimate interests of third parties – provided that the fundamental rights and freedoms, as well as the interests of the data subject, do not prevail. Such interests include, in particular, the permanent, human-friendly, secure, and reliable conduct of our activities and operations, the assurance of information security, protection against misuse, the enforcement of our own legal claims, and compliance with Swiss law.
- Art. 6(1)(c) GDPR for the processing of personal data necessary to fulfill a legal obligation to which we are subject under applicable law in the European Economic Area (EEA).
- Art. 6(1)(e) GDPR for the processing of personal data necessary for the performance of a task carried out in the public interest.
- Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
- Art. 6(1)(d) GDPR for the processing of personal data necessary to protect the vital interests of the data subject or another natural person.
- Art. 9(2) GDPR for the processing of special categories of personal data, particularly with the consent of the data subjects.
3. Nature, Scope, and Purpose of Processing Personal Data
We process personal data that is necessary to carry out our activities and operations in a permanent, human-friendly, secure, and reliable manner. The processed personal data may fall into categories such as browser and device data, content data, communication data, metadata, usage data, master data, including inventory and contact data, location data, transaction data, contract data, and payment data.
We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect during the exercise of our activities and operations, to the extent that such processing is permitted for legal reasons.
We process personal data, where necessary, with the consent of the data subjects. We may also process personal data without consent in many cases, such as to fulfill legal obligations or to protect overriding interests. We may also request consent from data subjects even if their consent is not necessary.
We process personal data for the duration required for the respective purpose. We anonymize or delete personal data, particularly in accordance with statutory retention and limitation periods.
4. Disclosure of Personal Data
We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties are, in particular, specialized providers whose services we use.
We may disclose personal data, for example, to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and economic information agencies, logistics and shipping companies, marketing and advertising agencies, media, organizations and associations, social institutions, telecommunications companies, and insurance companies.
5. Communication
We process personal data to communicate with third parties. In this context, we particularly process data that a data subject transmits to us when contacting us, for example, by postal mail or email. We may store such data in an address book or similar tools.
Third parties who transmit data about other persons are obliged to ensure data protection for such data subjects. This includes ensuring the accuracy of the transmitted personal data.
We use selected services from suitable providers to improve communication with third parties.
6. Data Security
We take appropriate technical and organizational measures to ensure data security that is appropriate to the respective risk. With our measures, we ensure, in particular, the confidentiality, availability, traceability, and integrity of the processed personal data, although we cannot guarantee absolute data security.
Access to our website and our other online presence is provided via transport encryption (SSL / TLS, especially with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn against visiting websites without transport encryption.
Our digital communication is subject to – like virtually all digital communication – mass surveillance without cause or suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence on the corresponding processing of personal data by intelligence agencies, police departments, and other security authorities. We also cannot rule out that a data subject may be specifically monitored.
7. Personal Data Abroad
We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, particularly to process it there or have it processed.
We may export personal data to all countries and territories on Earth, provided that the local law guarantees adequate data protection under the decision of the Swiss Federal Council and – where and to the extent that the General Data Protection Regulation (GDPR) is applicable – also under the decision of the European Commission.
We may transfer personal data to countries whose laws do not guarantee adequate data protection, provided that data protection is ensured for other reasons, particularly based on standard data protection clauses or other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the specific data protection requirements are met, such as the express consent of the data subjects or a direct connection with the conclusion or performance of a contract. We are happy to provide information on request about any guarantees in place or provide a copy of any such guarantees.
8. Rights of Data Subjects
8.1 Data Protection Claims
We grant data subjects all claims under applicable data protection law. Data subjects have, in particular, the following rights:
- Access: Data subjects can request access to whether we process personal data about them and, if so, what personal data is being processed. Data subjects will also receive the information necessary to assert their data protection claims and ensure transparency. This includes the processed personal data itself, but also information on the purpose of processing, the duration of storage, any disclosure or transfer of data to other countries, and the origin of the personal data.
- Correction and Restriction: Data subjects can correct inaccurate personal data, complete incomplete data, and have the processing of their data restricted.
- Deletion and Objection: Data subjects can request the deletion of personal data ("right to be forgotten") and object to the processing of their data with effect for the future.
- Data Portability and Transfer: Data subjects can request the release of personal data or the transfer of their data to another controller.
We may delay, restrict, or refuse to exercise the rights of data subjects within the legally permissible framework. We may also inform data subjects of any conditions that must be met to exercise their data protection claims. For example, we may refuse to provide information in whole or in part with reference to business secrets or the protection of other persons. We may also refuse to delete personal data, for example, by referring to statutory retention obligations.
We may exceptionally provide for costs associated with exercising rights. We will inform data subjects of any potential costs in advance.
We are required to take appropriate measures to identify data subjects requesting access or asserting other rights. Data subjects are required to cooperate.
8.2 Legal Protection
Data subjects have the right to enforce their data protection claims through legal channels or to file a complaint with a data protection supervisory authority.
The data protection supervisory authority for private controllers and federal agencies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
European data protection supervisory authorities are organized as members of the European Data Protection Board (EDPB). In some member states in the European Economic Area (EEA), data protection supervisory authorities are structured federally, particularly in Germany.
9. Use of the Website
9.1 Cookies
We may use cookies. Cookies – including both first-party cookies and third-party cookies from services we use – are data stored in the browser. Such stored data does not have to be limited to traditional text-form cookies.
Cookies may be stored temporarily in the browser as "session cookies" or for a certain period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage period. Cookies, in particular, allow us to recognize a browser on its next visit to our website, thereby measuring our website's reach, for example. Permanent cookies can also be used for online marketing.
Cookies can be completely or partially disabled or deleted in the browser settings at any time. Without cookies, our website may no longer be fully accessible. We request – at least where and to the extent necessary – explicit consent for the use of cookies.
For cookies used for success and reach measurement or advertising, a general opt-out is possible for numerous services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
9.2 Logging
We may log the following data for each access to our website and other online presence, provided that such data is transmitted to our digital infrastructure during such access: Date and time, including time zone, IP address, access status (HTTP status code), operating system, including user interface and version, browser, including language and version, specific sub-pages accessed on our website, including transferred data volume, and the last website accessed in the same browser window (referrer).
We log such data, which may also constitute personal data, in log files. The data is necessary to provide our online presence permanently, human-friendly, and reliably. The data is also necessary to ensure data security – including through third parties or with the help of third parties.
9.3 Web Beacons
We may integrate web beacons into our online presence. Web beacons are also known as tracking pixels. Web beacons – including those from third parties whose services we use – are usually small, invisible images or scripts written in JavaScript that are automatically retrieved when accessing our online presence. Web beacons can collect at least the same data as log files.
10. Notifications and Communications
10.1 Success and Reach Measurement
Notifications and communications may contain web links or tracking pixels that record whether an individual message was opened and which web links were clicked. Such web links and tracking pixels can also track the use of notifications and communications on a personal basis. We need this statistical tracking to measure success and reach, so we can send notifications and communications effectively, user-friendly, permanently, securely, and reliably based on the needs and reading habits of the recipients.
10.2 Consent and Objection
You must generally consent to the use of your email address and other contact details unless the use is permitted for other legal reasons. For obtaining double-confirmed consent, we may use the "double opt-in" process. In this case, you will receive a notification with instructions for double confirmation. We may log obtained consents, including the IP address and timestamp, for evidentiary and security purposes.
You may generally object to receiving notifications and communications, such as newsletters, at any time. By doing so, you may also object to the statistical tracking of usage for success and reach measurement. Necessary notifications and communications related to our activities and operations are excluded.
10.3 Service Providers for Notifications and Communications
We send notifications and communications with the help of specialized service providers.
We use in particular:
- Mailchimp: Communication platform; provider: The Rocket Science Group LLC DBA Mailchimp (USA), a subsidiary of Intuit Inc. (USA); data protection information: Privacy Statement (Intuit) including "Country and Region-Specific Terms", "Mailchimp Intuit Privacy FAQ", "Mailchimp and European Data Transfers", "Security", Cookie Statement, "Privacy Rights Requests", "Legal Terms".
11. Social Media
We are present on social media platforms and other online platforms to communicate with interested parties and inform them about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).
The general terms and conditions (GTC) and usage terms, as well as privacy policies and other terms of the individual operators of such platforms, also apply. These terms inform individuals about their rights directly against the respective platform, such as the right to access data.
For our social media presence on Facebook, including so-called Page Insights, we – where and to the extent that the General Data Protection Regulation (GDPR) is applicable – are jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta Companies (including the USA). Page Insights provide insights into how visitors interact with our Facebook presence. We use Page Insights to provide our social media presence on Facebook effectively and user-friendly.
Further information on the type, scope, and purpose of data processing, as well as information on the rights of data subjects and the contact details of Facebook and Facebook's Data Protection Officer, can be found in the Facebook Privacy Policy. We have entered into the so-called "Controller Addendum" with Facebook, agreeing that Facebook is responsible for ensuring the rights of data subjects. For so-called Page Insights, the relevant information can be found on the "Information about Page Insights" page, including "Information about Page Insights Data".
12. Services from Third Parties
We use services from specialized third parties to carry out our activities and operations in a permanent, human-friendly, secure, and reliable manner. With such services, we can, among other things, embed functions and content into our website. In such cases, the services used may, for technical reasons, at least temporarily collect the IP addresses of users.
For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in aggregated, anonymized, or pseudonymized form. This may include performance or usage data necessary to provide the respective service.
We use in particular:
- Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; general data protection information: "Privacy and Security Principles", "Information on how Google uses personal data", Privacy Policy, "Google is committed to complying with applicable data protection laws", "Product Privacy Guide for Google Products", "How we use data from websites or apps where our services are used", "Types of Cookies and Similar Technologies used by Google", "Advertising you can control" (Personalized Advertising).
12.1 Digital Infrastructure
We use services from specialized third parties to utilize the digital infrastructure required for our activities and operations. This includes hosting and storage services from selected providers.
We use in particular:
- exigo: Hosting; provider: exigo ag (Switzerland); data protection information: Privacy Policy, "Data Protection / Security".
12.2 Scheduling
We use services from specialized third parties to schedule appointments online, such as meetings. In addition to this Privacy Policy, any directly visible conditions of the services used, such as terms of use or privacy policies, may also apply.
We use in particular:
- Doodle: Online scheduling; provider: Doodle AG (Switzerland) as a subsidiary of TX Group AG (Switzerland); data protection information: Privacy Policy, "General Terms and Conditions of the Processing of Personal Data".
12.3 Audio and Video Conferencing
We use specialized services for audio and video conferencing to communicate online. We may use these services to hold virtual meetings or conduct online classes and webinars. In addition to this Privacy Policy, the legal texts of the individual services, such as privacy policies and terms of use, apply to participation in audio and video conferences.
We recommend that depending on the situation, when participating in audio or video conferences, you mute your microphone by default and either blur the background or use a virtual background.
12.4 Map Services
We use services from third parties to embed maps into our website.
We use in particular:
- map.geo.admin.ch: Map service; provider: Coordination Office for Federal Geoinformation (GKG); data protection information: Privacy Policy, "Legal Bases".
- OpenStreetMap (OSM): Map service; provider: OpenStreetMap Foundation (United Kingdom); data protection information: Privacy Policy.
12.5 Digital Content
We use services from specialized third parties to embed digital content into our website. Digital content includes, in particular, images and videos, music, and podcasts.
We use in particular:
- YouTube: Video platform; provider: Google; YouTube-specific information: "Privacy and Security Center", "My Data on YouTube".
12.6 E-Commerce
We operate e-commerce and use services from third parties to successfully offer services, content, or goods.
12.7 Payments
We use specialized service providers to process payments from our customers securely and reliably. In addition to this Privacy Policy, the legal texts of the individual service providers, such as general terms and conditions (GTC) or privacy policies, apply to payment processing.
We use in particular:
- Apple Pay: Payment processing; providers: Apple Inc. (USA) / Apple Distribution International Limited (Ireland) for persons in the EEA, the United Kingdom, and Switzerland; data protection information: "Apple Privacy Policy", "Apple Customer Privacy Policy", Transparency Report.
- PostFinance: Payment processing; provider: PostFinance AG (Switzerland); data protection information: "Legal Notices and Accessibility", "Privacy" (including privacy policies).
- TWINT: Payment processing in Switzerland; provider: TWINT AG (Switzerland); data protection information: Privacy Policy, "Security by Swiss Standards".
- Worldline: Payment processing, especially with mobile payment solutions; providers: Worldline SA (France), Worldline Switzerland AG (Switzerland), and other Worldline companies worldwide (including the USA); data protection information: Privacy Policy, "Responsible Disclosure Program", Cookie Notice.
12.8 Advertising
We use the option to display advertising on third-party platforms, such as social media platforms and search engines, for our activities and operations.
With such advertising, we aim to reach individuals who are already interested in our activities and operations or might be interested in them (remarketing and targeting). For this purpose, we may share relevant – and potentially also personal – information with third parties that enable such advertising. We may also determine whether our advertising is successful, meaning whether it leads to visits to our website (conversion tracking).
Third parties where we advertise and where you are registered as a user may link your use of our website to your profile on that platform.
We use in particular:
- Google Ads: Search engine advertising; provider: Google; Google Ads-specific information: advertising based on search queries, using various domains – especially doubleclick.net, googleadservices.com, and googlesyndication.com – for Google Ads, Privacy Policy for Advertising, "Manage displayed ads directly through Ads".
- Meta Ads: Social media advertising on Facebook and Instagram; providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including the USA); data protection information: targeting, including retargeting, especially with the Meta Pixel and with Custom Audiences including Lookalike Audiences, Privacy Policy, "Ad Preferences" (login required).
13. Success and Reach Measurement
We attempt to measure the success and reach of our activities and operations. In this context, we may also assess the effectiveness of third-party notices or test the use of different parts or versions of our online offering ("A/B testing"). Based on the results of success and reach measurement, we may fix errors, strengthen popular content, or make improvements.
For success and reach measurement, IP addresses of individual users are typically collected. In this case, IP addresses are generally shortened ("IP masking") to follow the principle of data minimization through the corresponding pseudonymization.
Cookies may be used for success and reach measurement, and user profiles may be created. Any user profiles created may include, for example, individual pages visited or content viewed on our website, information on the screen or browser window size, and the – at least approximate – location. Generally, any user profiles created are exclusively pseudonymized and not used to identify individual users. Individual third-party services where users are registered may link the use of our online offering to the user account or profile with that service.
We use in particular:
- Google Marketing Platform: Success and reach measurement, particularly with Google Analytics; provider: Google; Google Marketing Platform-specific information: measurement across different browsers and devices (cross-device tracking) with pseudonymized IP addresses, which are only exceptionally fully transmitted to Google in the USA, Privacy Policy for Google Analytics, "Browser Add-on to disable Google Analytics".
- Google Tag Manager: Integration and management of Google and third-party services, particularly for success and reach measurement; provider: Google; Google Tag Manager-specific information: Privacy Policy for Google Tag Manager; further data protection information is available from the individual integrated and managed services.
14. Video Surveillance
We use video surveillance for crime prevention, evidence preservation in the event of a crime, exercising and asserting our legal rights, defending against third-party claims, and exercising our property rights. Where and to the extent that the General Data Protection Regulation (GDPR) is applicable, this is based on overriding legitimate interests in accordance with Art. 6(1)(f) GDPR, and in the case of special categories of personal data, with reference to Art. 9(2)(f) GDPR.
We generally do not store recordings from our video surveillance. We may exceptionally store recordings if storage is necessary for evidence preservation or another stated purpose for a limited period.
We may secure recordings from our video surveillance and transmit them to the relevant authorities, such as courts or law enforcement agencies, if the transmission is necessary for a stated purpose, in our otherwise overriding legitimate interest, or due to legal obligations.
15. Final Provisions
We created this Privacy Policy using the Privacy Policy Generator from Datenschutzpartner. The present privacy policy is an unofficial translation from the original German version.
We may update and supplement this Privacy Policy at any time. We will inform you of such updates and supplements in an appropriate manner, particularly by publishing the most current Privacy Policy on our website.
Legal validity of this disclaimer
This disclaimer is to be regarded as part of the internet offer from which this page was referenced. If sections or individual terms of this statement are not legal or correct, the content or validity of the other parts remain uninfluenced by this fact.
Application of law and venue
The use of this website is subject exclusively to Swiss law. Chur, Switzerland is agreed as the sole venue.