Zürich Tourism is an association with its headquarters at Gessnerallee 3, 8001 Zurich, Switzerland, and registered in the Commercial Register of the Canton of Zurich under number CHE-105.846.358. It is the operator of the website www.zuerich.com, its subdomains, and the Zürich City Guide App.

When collecting, processing and using your personal data, Zürich Tourism deems it a matter of course to comply with the requirements of Swiss data protection legislation (in particular, the Swiss Federal Act on Data Protection, FADP, and the Ordinance to the Federal Act on Data Protection, OFADP), as well as any other applicable data protection provisions of Swiss and European law (in particular the EU General Data Protection Regulation (GDPR)). This data protection policy is an integral component of the General Terms & Conditions, which can be found here

Zürich Tourism takes data protection very seriously. In this data protection policy, we provide you with information about our company’s data processing practices.

1. Visiting the website and using Zurich Tourism apps

When you visit the website or use Zürich Tourism apps (including without registering or logging in), Zürich Tourism may receive information that allows it to draw conclusions about the surfing behavior of visitors and users and thereby determine which information and offers attract particular interest. Zürich Tourism uses both standard data, which is stored in a log file, as well as cookies (see item 19 below), web analytics and remarketing tools, and social plugins (see item 20 and following,. below), if you have consented to these. As is generally the case whenever you connect to a web server, the log file information is temporarily recorded in a log file and stored by us for 26 months, after which it is automatically deleted. This concerns the following data:

  • IP address of the requesting computer,
  • name of the owner of the IP address block (usually your Internet service provider)
  • date and time of access,
  • website from which the access originated (“referrer URL”), including any keywords used,
  • country from which the access originated,
  • name and URL of the accessed file,
  • operating system of the device,
  • browser used (type, version, and language),
  • name of your Internet service provider.

This data is collected and processed for the purpose of enabling the use of our websites and apps (establishing a connection), ensuring ongoing system security and stability, optimizing our offer, and for internal statistical purposes. This data is not combined or saved with personal data.

Only in the event of an attack on the website/app’s network infrastructure, or if it is suspected that the website/app is being misused or otherwise used unlawfully, will the IP address be analyzed for clarification and defense purposes, and if necessary used to identify or take civil or legal action against the user concerned.

Our overriding legitimate interest within the meaning of Art. 6 para 1(f) GDPR therefore constitutes the lawful basis for processing of the data.

2. Bookings or reservations on the website and apps of Zürich Tourism

You can make certain bookings or reservations on our website and our app. We will usually require the desired travel dates as well as the following details:

  • Title
  • First name, last name
  • Date of birth
  • Street, postcode, country
  • Email address
  • Telephone number
  • Credit card information

The details necessary to complete a booking are marked with an asterisk (*). The provision of other information is optional and will not affect the use of our websites and apps or your booking.

In the app, you can also enter the names and dates of birth of additional travelers for the booking. If you are logged in, this data is stored in your profile (discover.swiss). Alternatively, it may be stored locally by Zürich Tourism.

Depending on the type of service booked, the details entered by you will either be collected directly from the provider in question or forwarded to the provider by us. In the latter case, the data protection policy of the provider will apply. The data is also transferred to our systems (see item 31 below), and therefore remains visible in your customer profile.

The booking platforms and solutions are operated by the following companies and/or we rely on these companies for service processing:

  • Switzerland Travel Center, Binzstrasse 38, 8045 Zurich, Switzerland. Its data protection policy can be found via the following link: https://switzerlandtravelcentre.ch/en/privacy-policy/
  • TouristDataShop AG, Rue du Midi 3, 1860 Aigle, Switzerland. Its data protection policy can be found via the following link: https://touristdatashop.ch/de/imprint.html
  • Cooperative Society discover.swiss, Schaffhauserstrasse 14, 8006 Zurich, Switzerland. Its data protection policy can be found via the following link: https://discover.swiss
  • Binarium GmbH, Erlachstrasse 22, 8003 Zurich, Switzerland

Unless specified otherwise in this data protection policy, or where you have not specifically provided consent, we will use and, in particular, share the data in order to supply the requested services, provide the desired functionality, process your order and ensure correct payment. For details of how your credit card information is processed and shared, see item 14 below.

The performance of a contract pursuant to Art. 6 para 1(b) GDPR therefore forms the legal basis for processing of the data.

3. Contacting us through our contact form

On our website, you have the option of contacting us through our contact form. To do so, you must provide the following details:

  • Your message
  • Title
  • First name
  • Last name
  • Country
  • Email
  • Acceptance of General Terms and Conditions and Data Protection Policy

You also have the option of sending us the following additional details:

  • Telephone number
  • Subscription to our newsletter

The time of receipt of the query is also recorded and transferred to our system (see item 31 below).

We process your contact request to give you a personalized answer to your question. If your query contains a booking request or questions about events, etc., we will forward the query to the appropriate internal office (e.g. our Convention Bureau) and track its status. We pursue these purposes based on our overriding legitimate interest within the meaning of Art. 6 para 1(f) GDPR or, if your question concerns the formation or processing of a contract, on Art. 6 para 1(b) GDPR. You may object to this data processing at any time if there are grounds relating to your particular situation based on which the data should not be processed.

4. Event queries

You can send queries about events through our website. To do so, you must provide the following details:

  • Type of event
  • Date of event
  • Number of participants
  • Title
  • Company
  • Last name
  • First name
  • Email
  • Subscription to our newsletter
  • Acceptance of General Terms and Conditions and Data Protection Policy

You also have the option of sending us the following additional details:

  • Your message
  • Telephone number

If your event query is about events we organize, it is processed in our system (see item 31 below) so that we can make you a personalized offer. If the event query is about an event held by one of our partners, your query is forwarded directly to the partner and processed by them. We pursue these purposes based on our overriding legitimate interest within the meaning of Art. 6 para 1(f) GDPR or, if your question concerns the formation or processing of a contract, on Art. 6 para 1(b) GDPR. You may object to this data processing at any time if there are grounds relating to your particular situation based on which the data should not be processed.

5. Queries from the media

You can make media queries on our website (e.g. about media trips). To do so, you must provide the following details:

  • Title
  • Country
  • Company
  • Last name
  • First name
  • Email
  • Publication
  • Acceptance of General Terms and Conditions and Data Protection Policy

You also have the option of sending us the following additional details:

  • Telephone number
  • Your message
  • Media newsletter

Your media query is processed by our Convention Bureau or another appropriate internal office so we can offer you a personalized answer to your question and assist you in the organization of your media trip. We pursue these purposes based on our overriding legitimate interest within the meaning of Art. 6 para 1(f) GDPR. You may object to this data processing at any time if there are grounds relating to your particular situation based on which the data should not be processed.

6. Travel trade contact

You can contact us through the Travel Trade contact form on our website. To do so, you must provide the following details:

  • Your message
  • Title
  • Company
  • First name
  • Last name
  • Country
  • Email
  • Acceptance of General Terms and Conditions and Data Protection Policy

You also have the option of sending us the following additional details:

  • Telephone number
  • Subscription to our newsletter

We process your contact request to give you a personalized answer to your question. If your query contains a booking request or questions about events, etc., we will forward the query to the appropriate internal office (e.g. our Convention Bureau). We pursue these purposes based on our overriding legitimate interest within the meaning of Art. 6 para 1(f) GDPR. You may object to this data processing at any time if there are grounds relating to your particular situation based on which the data should not be processed.

7. Contacting us through an email address or telephone number published on our website or in our apps

Our website and apps offer the option of contacting us by email or telephone. You can contact us and ask questions about website/app functionalities, our products or our services.

You are responsible for the messages and content that you communicate to us by email or telephone. We advise you not to communicate any sensitive information. We only collect personal data you voluntarily disclose to us. You control what information you give us. To answer your questions, we may ask you to provide us with more information, such as your address, telephone number, email address, etc. We will only collect the personal data that is necessary to answer your questions and provide the services you desire.

Processing your query provides the basis for our overriding legitimate interest within the meaning of Art. 6 para 1(f) GDPR. You may object to this data processing at any time if there are grounds relating to your particular situation based on which the data should not be processed.

8. Subscriptions to our newsletter

You can subscribe to our newsletter on our website and our apps. You must register for this purpose and provide the following details:

  • Title
  • First name, last name
  • Language
  • Country
  • Email address

You also have the option of sending us the following additional details:

  • Date of birth

By explicitly subscribing to the newsletter on the website or apps of Zürich Tourism, you consent to our use of the personal data you have provided for marketing purposes and to send you emails with personalized marketing content. To prevent abuse and to ensure that the owner of an email address has actually consented, we use a “double opt-in” for subscribing. After sending the subscription request, you will receive an email from us containing a confirmation link. You must click the link to subscribe to the newsletter. If you do not click the confirmation link within the stated time period, your data will be erased and our newsletter will not be sent to that address. You have the option to unsubscribe from the newsletter at any time by clicking on the corresponding link in the newsletter. After you have unsubscribed, your personal data will be erased.

Consent within the meaning of Art. 6 para 1(a) GDPR forms the legal basis for processing of your email address.

In addition, we have the right to commission third parties to handle the technical processing of marketing campaigns and the right to provide third parties with your personal data for this purpose.

We use email marketing services provided by Microsoft Dynamics 365 for Marketing (see item 31 below) to send our newsletter.

Our newsletter may contain a web beacon (tracking pixel) or similar technical tools. A web beacon is a 1x1 pixel-sized, invisible graphic associated with the user ID of the newsletter subscriber.

Every newsletter sent out is connected to information about the address file used, the subject, and the number of newsletters sent. In addition, it is possible to view which addresses have not yet received the newsletter, which address the newsletter was sent to, and for which addresses delivery failed. The opening rate, including which addresses opened the newsletter and which addresses unsubscribed, can also be determined. We use this data for statistical purposes and to optimize the newsletter's content and structure. This allows us to better align the information and offers in our newsletters with the individual interests of recipients. The tracking pixel is deleted when you delete the newsletter.

To prevent the use of a web beacon in our newsletter, please configure the settings of your email not to display HTML in messages if this is not already the default setting.

By subscribing to our newsletter, you also consent to the statistical analysis of user behavior for purposes of optimizing and customizing the newsletter. This consent constitutes the lawful basis for processing of the data within the meaning of Art. 6 para 1(a) GDPR. You may withdraw your consent at any time with effect for the future.

9. Participation in our competitions

On our website and in our apps, you have the option of taking part in competitions. If you would like to take part in a competition offered by us, but you are not registered or do not wish to register, you need to provide the following details at the time of entering the competition:

  • Title
  • First name, last name
  • Postal address, place, country
  • Email address

You also have the option of sending us the following additional details:

  • Subscription to the newsletter
  • Date of birth

This data is processed in our system for the purpose of holding the competition (see item 31 below). Your data will be used for other purposes (e.g. marketing) only if you provide your explicit consent.

Our overriding legitimate interest within the meaning of Art. 6 para 1(f) GDPR and your consent pursuant to Art. 6 para 1(a) GDPR form the legal basis for the processing of the data for the purposes of the competition. You may object to the processing of data at any time if there are grounds relating to your particular situation based on which the data should not be processed. You may also revoke your consent with effect for the future.

10. Use of our chat function

On our website and our apps, you have the option of contacting us via a chat function. The chat works both online and offline. Offline means that your chat inquiry will be sent to us as an email and we can then contact you likewise by email. This gives you the opportunity to ask questions about the website's/app's functions or content. You are responsible for the messages and content that you send to us via the chat function. We advise you not to send any sensitive information via the chat function.

In connection with the chat function, we work with Userlike, a service provided by Userlike UG, Probsteigasse 44-46, 40670 Cologne, Germany. If you access the chat online, you do not have to enter any details. However, Userlike will temporarily retrieve your IP address in order to determine from which country you are starting the chat. The IP address will be retrieved exclusively for this purpose and will not be stored permanently by Userlike. Userlike will also store the chat history and content on a server in the EU (Germany). If you access the chat offline, you must enter the following details:

  • First or last name
  • Email address
  • Message

To enable us to answer your questions offline or online, we may request additional information from you, such as your telephone number. We collect personal data from you that is necessary only to answer your questions or provide the requested services.

Our overriding legitimate interest within the meaning of Art. 6 para 1(f) GDPR forms the legal basis for the processing of your chat inquiry and data.

11. Applications for job advertisements

On our website, you have the option of applying for job vacancies. The following information must be provided when applying:

  • Gender
  • First name
  • Last name
  • Email address
  • Telephone number
  • Comment
  • Upload of application documents
  • Consent to Data Protection Policy

Providing additional information is voluntary in each case.

We reserve the right to store application documents for a maximum of 2 years after completion of the application process so that we can contact applicants again when other interesting positions become vacant. If applicants do not consent to this practice, they are requested to inform us accordingly.

We work with the tool CVdropper, provided by Ostendis AG, Seetalstrasse 35, 5706 Boniswil AG, Switzerland, to process your online application. Datawire AG stores the data on a server in Switzerland.

We need this information to review your application and contact you about it where appropriate. The lawful basis for processing your personal data is the performance of a contract and steps prior to entering into a contract within the meaning of Art. 6 para 1(b) GDPR.

12. Registration and processing in the Customer Portal for business customers

As a business customer of Zürich Tourism, you can register in our Customer Portal. Registration is only possible if you have already entered into or are entering into a user agreement with us. You can enter into the user agreement online. Entering into the user agreement causes the data identified below as well as your full IP address to be stored as evidence of the formation of contract. We need to collect the following data for registration and use of the Customer Portal:

  • Title
  • Name
  • Email address
  • Password (hash)
  • Preferred language
  • Contact, order and order processing details

You also have the option of sending us the following additional details:

  • Telephone number
  • Fax number
  • Mobile phone number

As a business customer of Zürich Tourism, you independently determine which of your employees uses the Portal. Users can be named and created even during registration. The administrator of the company customer account can add more user accounts as needed. We store the data for the mandatory statutory retention period. You and the employees you have named can change or erase the data at any time, as long as mandatory statutory retention periods do not bar such erasure.

The live chat tool and social media plugins are not used in the Customer Portal.

We process this data to implement pre-contractual steps and for performance of a contract within the meaning of Art. 6 para 1(b) GDPR.

The Customer Portal also contains a configurator. We analyze this configurator in order to generate user statistics. We analyze how often the configurator is used by each of the customer's employees. Our legitimate interest within the meaning of Art. 6 para 1(f) GDPR therefore constitutes the lawful basis for generation of the user statistics.

13. Data processing outside the offers described above

In addition to the processing of personal data described above, we also engage in data processing outside the website and apps. This includes, in particular, customer, vendor, contract partner, and prospective customer data. Below, we explain what data is involved and how we handle this data.

As part of the contractual relationship outside the website and apps (especially to initiate the contract), we process the following personal data:

  • Your contact data (including first and last name, name prefixes or suffixes, company names, addresses, telephone numbers, email addresses)
  • Job-related data (including role within the company, department, etc.)
  • If applicable, bank details (including first and last name of account holder)
  • If applicable, preferred payment system
  • If applicable, information about creditworthiness and credit behavior
  • If applicable, additional data provided of your own accord.

As a rule, we obtain your personal data during initiation of the contract or throughout the course of the contractual relationship.

Your personal data is processed exclusively to implement pre-contractual steps, such as the preparation of personalized offers of our products and services, and for performance of the contract, such as the provision of the service or payment processing. The lawful basis of the processing is Art. 6 para 1(b) GDPR.

If we use your data in any additional way, we will notify you of the additional purposes of processing and, if necessary, obtain your consent for data processing within the meaning of Art. 6 para 1(a) GDPR. You can withdraw your consent at any time with effect for the future.

14. Sharing your data with third parties

We will share your data with third parties if this is necessary in connection with use of the website and apps or fulfillment of the contract, such as when booking hotels, tours, or the Zürich Card (see item 2). This data also includes credit card information when making card payments, which we will forward to your credit card issuer or to the credit card acquirer. If you choose to pay by credit card, you will be asked to enter all essential information in each case. For the processing of your credit card information by third parties, please also read the General Terms & Conditions and the data protection policy of your credit card provider.

For payments when purchasing the Zürich Card, we use the payment services provider Stripe, 185 Berry Street, Suite 550, San Francisco, CA 94107, USA. You can find more information about Stripe's data protection here.

Your data may be shared with third parties for other purposes only if you have provided your explicit consent, if we are legally obliged to do so (e.g. request by a law enforcement agency) or if necessary in order to assert our rights under the contractual relationship (e.g. debt collection measures).

We require our employees and third parties that we use to provide our services to comply with the legal data protection provisions, and we have issued the necessary directives for employees and entered into data processing agreements with third parties for this purpose.

Your data may also be shared if you use social plugins (see items 23 to 25).

15. Transfer of personal data abroad

We have the right to send your personal data to third parties based abroad if this is necessary to carry out the data processing described in this Data Protection Policy. The legal provisions governing the disclosure of information with third parties are observed in such cases as a matter of course. If the country in question does not provide a sufficient level of data privacy, we will guarantee through contractual provisions that your data is adequately protected by these companies.

16. Data security

We take the appropriate measures to protect your personal data. We take the technical and organizational measures prescribed under Swiss and European data protection law to prevent unauthorized processing. This includes the following risks in particular:

  • Unauthorized or accidental destruction
  • Accidental loss
  • Technical errors
  • Forgery, theft or misappropriation
  • Unauthorized modification, copying, access or other use.

Our security measures are continuously updated in line with technological advances. We also take data protection within our own company very seriously. Our employees and contractual service providers are required to maintain confidentiality and comply with the provisions of the data protection laws.

17. Your rights

If the statutory requirements are met, you have the following rights as a data subject:

Right of access: You have the right to access your personal data that we store at any time free of charge if we are processing this data. You have the opportunity to check which of your personal data we process and that we comply with the applicable data protection regulations.

Right to rectification: You have the right to have incorrect or incomplete personal data rectified and to be notified of the rectification. In this case, we notify the recipients of the data of any changes made, unless this is impossible or would be unreasonably difficult.

Right to erasure: You have the right to erasure of your personal data in certain circumstances. It may not be possible to exercise the right to erasure in certain situations, especially when there are statutory retention periods. In this case, the data may be blocked instead of erased if requirements are met.

Right to restriction of processing: You have the right to request restriction of the processing of your personal data.

Right to data portability: You have the right to receive from us the personal data you have provided to us in a readable format free of charge.

Right to object: You can object to data processing at any time, especially data processing related to direct advertising (such as advertising emails).

Right to withdraw consent: You have the right to withdraw consent at any time. Processing activities based on your past consent are not made unlawful by your revocation.

Right to lodge a complaint: You have the right to lodge a complaint with a responsible supervisory authority, e.g., about the type or means of processing of your personal data.

To exercise these rights, please send us an email to the following address: [web(at)zuerich.com]

18. Retention period

Zürich Tourism only stores personal data as long as is needed to carry out the processing within the limits of our legitimate interest as described in this Data Protection Policy. For contract-related data, storage is required by statutory data retention obligations. Provisions that obligate us to retain data arise from reporting and tax regulations. Under these provisions, business correspondence, contracts entered into, and accounting records must be retained for up to 10 years. If we no longer need this data to perform services for you, the data is blocked. This means the data can only be used if necessary to meet retention obligations or to protect and enforce our legitimate interests. The data is erased as soon as a retention obligation or legitimate interest in retention no longer exists.

19. Cookies

Cookies are information files your web browser stores on the hard drive or in the RAM of your computer when you visit our website. Cookies are assigned identification numbers that allow your browser to be recognized and allow information contained in the cookie to be read out.

Cookies allow us to make your visits to our website easier, more comfortable, and more useful. We use cookies for various purposes, provided you have consented to them. For example, we use cookies for operation of technical functions required for the website, such as load balancing, i.e. the distribution of the page's load among different web servers to relieve pressure on individual servers. Cookies are also used for security purposes, such as to prevent unauthorized posting of content. Finally, we also use cookies in the design and programming of our website, for example to enable upload of scripts or codes.

The lawful basis of this data processing is your consent within the meaning of Art. 6 para 1(a) GDPR. You may withdraw your consent at any time with effect for the future.

Most web browsers accept cookies automatically. However, when you access our website, we ask you for your consent to the cookies we use, especially to the use of cookies of third-party providers for marketing purposes. You can choose your desired settings using the control buttons on the cookie banner. You can find details of the services and data processing associated with individual cookies on the cookie banner and in the following sections of this Data Protection Policy.

You can also configure your browser so that no cookies are stored on your computer or a notification appears whenever you receive a new cookie. On the following pages, you can find explanations of how to configure the handling of cookies in most common browsers.:

Microsoft Windows Internet Explorer

Microsoft Windows Internet Explorer Mobile

Mozilla Firefox

Google Chrome for desktop

Google Chrome for mobile

Apple Safari for desktop

Apple Safari for mobile

However, deleting or blocking cookies may restrict the functionality of the website.

20. Plausible Analytics

On our website, we use the analytics software Plausible Analytics (“Plausible”) on our own servers in order to continuously optimize our offer with respect to both technical features and content. Plausible is GDPR-compliant open source software from the company Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia.

By using Plausible on our servers, we are taking an approach to analyzing your visit that affords a high level of data protection. Plausible collects the following information for this purpose:

  • Date and time of your visit
  • Title and URL of the pages visited
  • Incoming links
  • Country in which you are located
  • User agent of your browser software

Plausible does not use or store cookies on your end device. All personal data (such as your IP address) is fully anonymized and stored in the form of a hash. A hash is an encryption of data that is irreversible, i.e. cannot be decrypted again. In this way, we can analyze your visit without storing personal data in a form that is readable to us or others.

You can find more information about the privacy policy of Plausible Analytics on its website.

The lawful basis of this processing is your consent within the meaning of Art. 6 para 1(a) GDPR. You may withdraw your consent at any time with effect for the future.

21. Until the end of 2022: Google Analytics, Google AdWords, Google Remarketing (DoubleClick), and Google Tag Manager

On our website, we use the web analytics service Google Analytics provided by Google Inc. (“Google”), Amphitheatre Parkway, Mountain View CA 94043, USA. We use Google Analytics to continuously improve our website and tailor it to the needs of the users. To this end, Google Analytics uses cookies (see item 19), which are stored on your end device and enable analysis of your use of the website. The information generated by the cookie about your use of this website, in particular

  • Navigation path taken by a visitor to the site,
  • Time spent on the page or a subpage,
  • The subpage from which the visitor leaves the website,
  • The country, region, or city from which the access originated,
  • End device (type, version, color bit depth, resolution, width and height of browser window),
  • Returning or new visitor,
  • Browser type/version,
  • Operating system used,
  • Referrer URL (previously visited website),
  • Hostname of the accessing computer (IP address), and
  • The time of the server request

is transmitted to a Google server in the US and stored there. Google uses this data to analyze how the website is used, to compile reports about website activity for us, and to provide other services associated with use of the website and the Internet. Google may also transfer this information to third parties if legally required to do so or if third parties process this data on behalf of Google. Google will never associate your IP address with other data held by Google. The IP addresses are anonymized (truncated by three digits), so that they can no longer be associated with your identity. Google is listed as a member of Privacy Shield. The Privacy Shield agreement between the EU and the US guarantees minimum standards of data protection.

We also use Google Remarketing (DoubleClick by Google) and Google AdWords for online advertising and to analyze the use of our website. The combined use of first-party and third-party cookies (e.g. DoubleClick cookies) enables analysis of the relationship between ad impressions and website visits in reports. Third-party providers (including Google) have the option of publishing ads on websites, as well as tailoring and optimizing them according to demographic characteristics and interests on the basis of previous visits (e.g. by age, gender, interests). The data may be obtained from Google or from the visitor data of third parties.

To manage the services for user-oriented advertising, we also use Google Tag Manager. The Tag Manager tool itself is a cookie-less domain and does not record any personal data. Rather, it triggers other tags that may collect your personal data under certain circumstances. If you have deactivated it at domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager.

By using this website, you agree to the data that is collected about you being used by Google in the above-mentioned ways and for the above-mentioned purpose.

You can prevent analysis of your data by Google Analytics. If you would prefer this, please follow this link to download and install a browser plugin. You can also disable the use of cookies for Google AdWords Conversion Tracking, Google Remarketing and Tag Manager here.

More information about Google can be found on its website.

The lawful basis of this processing is your consent within the meaning of Art. 6 para 1(a) GDPR. You may withdraw your consent at any time with effect for the future.

22. Google Firebase Analytics

On our website and in our apps, we use the tracking service Firebase offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Firebase uses tracking technologies that enable analysis of your use of our website and apps, e.g. for performance monitoring, error logs, and analysis of user behavior, especially which screens are viewed and which publications are opened how often. The purpose of using Firebase is to analyze use of our website and apps, regularly optimize it, and hence be able to operate them more cost-effectively. The statistics we generate allow us to improve our offer and design it to be more interesting to you.

Firebase collects information about the use of our website and apps and transfers it to Google in Ireland or the USA, where it is stored. According to Google, the data is collected and transferred to Firebase in anonymized form. It is not connected to other user data held by Google. Google will use this information to evaluate your use of our website and apps and to provide us with other services related to use of the website and apps.

You can find more information about Google Firebase and data protection at www.google.com/policies/privacy/ and www.firebase.google.com.

The lawful basis of this processing is your consent within the meaning of Art. 6 para 1(a) GDPR. You may withdraw the consent at any time with effect for the future.

23. Microsoft BingAds

We use BingAds on our website. This is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. BingAds collects and stores data that is then used to create user profiles under pseudonyms. BingAds will place a cookie on your computer for this purpose if you reached our website via a Microsoft Bing ad (see item 19 Cookies). This allows us and Microsoft Bing to see that someone has clicked an ad and been forwarded to our website and a predetermined ‘conversion page’. We see only the total number of users that have clicked a Bing ad and then been forwarded to a conversion page. No personal information about the identity of the user is shared. If you do not want to participate in the tracking process, you may also reject the setting of a cookie required for that purpose (see item 19).

Further information about the data protection of and the cookies used by Microsoft Bing can be found on the Microsoft website.

The lawful basis of this processing is your consent within the meaning of Art. 6 para 1(a) GDPR. You may withdraw your consent at any time with effect for the future.

24. Social plugins

Social plugins may be incorporated in our website and apps. This means it is possible that the IP addresses of all visitors to our website or users of our apps may be forwarded to the servers of the corresponding providers. In such case, the data protection policies of those providers will apply; these can be found via the following links:

  • Pin it button (Pinterest), operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. Its data protection policy can be found via the following link: https://policy.pinterest.com/privacy-policy
  • Twitter, operated by Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. Its data protection policy can be found via the following link: https://twitter.com/privacy
  • YouTube, operated by Google Inc. Amphitheatre Parkway, Mountain View, Ca 94043, USA. Its data protection policy can be found via the following link: https://policies.google.com/privacy
  • Facebook, operated by: Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or if you are based in the EU, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Its data protection policy can be found via the following link: https://www.facebook.com/about/privacy/
  • Instagram, operated by: Instagram Inc., 1601 Willow Road, Meno Park, CA 94025, USA. Its data protection policy can be found via the following link: https://help.instagram.com/155833707900388
  • Tripadvisor operated by: TripAdvisor Inc., 400 1st Avenue, Needham, 02494 MA, USA. Its data protection policy can be found via the following link: https://tripadvisor.mediaroom.com/US-privacy-policy
  • Whatsapp, by Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, or if you are based in the EU, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Its data protection policy can be found via the following link: https://www.whatsapp.com/legal/
  • LinkedIn by LinkedIn Ireland Unlimited Company, Dublin 2, Ireland. Its data protection policy can be found via the following link: https://privacy.linkedin.com

If you click on the symbols of the social networks, you will be connected to the social network to perform the selected function; e.g. to share content on Facebook or to tweet on Twitter. However, you must log into your user account for this purpose if you are not already logged in.

If you choose one of the available functions and click the symbol of the social network, a direct connection is established between your browser and the server of the social network. This informs the server that you have visited our website with your IP address and have clicked on the link. If you click on a link to a network while logged into your account for that network, the content of our pages may be linked to your profile on the network; thus, the network can directly associate your visit to our website with your user account. If you wish to prevent this, you should log out before clicking on any such links. Your visit will definitely be associated with your user account if you log into the network after clicking on the link.

Further information on use of your data and your options and rights to adequately protect your privacy can be found in the data protection policies of these providers.

25. Links to our social media profiles

Our website and our apps contain links to our social media profiles. The links lead to the following networks:

  • Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA
  • Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA
  • YouTube, operated by Google Inc. Amphitheatre Parkway, Mountain View, Ca 94043, USA
  • Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
  • Instagram Inc., 1601 Willow Road, Meno Park, CA 94025, USA
  • TripAdvisor Inc., 400 1st Avenue, Needham, 02494 MA, USA
  • WhatsApp by Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, or if you are based in the EU, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
  • LinkedIn by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
  • TikTok by ByteDance or TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland

If you click on the symbol for a social network, you will be forwarded automatically to our profile on that network. To use the functions of the network there, you may have to log into your user account. When you click on a link to one of our social media profiles, a direct connection is established between your browser and the server of that social network. The network is thereby informed that you have visited our website with your IP address and have clicked on the link. If you click on a link to a network while logged into your account for that network, the content of our pages may be linked to your profile, which means that the network can directly associate your visit to our website or your use of our apps with your user account. If you wish to prevent this, you should log out before clicking on any such links. Your visit will definitely be associated with your user account if you log into the network after clicking on the link.

26. Social Media Management Software

We process the data social media networks provided to us in the social media management software “Hootsuite” of Hootsuite Inc., 5 East 8th Avenue, Vancouver, V5T 1R6, Canada. Hootsuite allows us to manage multiple social media accounts in parallel. Content can be prepared, planned, published, liked, and shared in the software. At the same time, the channels of the different services can be followed within Hootsuite so that we can monitor relevant discussions on the social web about our companies, brands, and services and products.

Zürich Tourism only has limited access to your user data. The user data we have access to consists primarily of publicly available profile data. You can learn how Hootsuite processes your personal data in Hootsuite's data privacy policy. You can find it here.

Our overriding legitimate interest in marketing to customers under Art. 6 para 1(f) GDPR constitutes the lawful basis for this processing.

27. Hotjar

On our website, we use the Hotjar tool provided by Hotjar Ltd, St. Julian’s Business Centre, Elia Zammit Street 3, St. Julian’s STJ 1000, Malta. Hotjar can be used to generate heatmaps, visitor recordings and funnel charts, conduct form analysis, collect feedback and hold polls and surveys. Heatmaps show in anonymous form which elements of a website are clicked by users. Visitor recordings show which users are actually using the website, and summarize the areas in which they click and move the mouse. All personal information is anonymized. Form analysis shows us at which point in a form the user stops entering information. The tool also enables pop-up polls and surveys about different websites. The information generated by the tracking code and cookie about the use of your website is stored by Hotjar on a European server in Ireland.

If you do not want Hotjar to be used when you visit our website, click here.

The lawful basis of this processing is your consent within the meaning of Art. 6 para 1(a) GDPR. You may withdraw your consent at any time with effect for the future.

28. Facebook Custom Audience (with or without Facebook Pixel)

On our website and apps, we use the “Facebook Pixel” of social network Facebook, operated by Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or if you are based in the EU, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

By using the Facebook Pixel, Facebook can determine whether visitors to our website and apps are a target group for displaying ads (“Facebook ads”). Accordingly, we use the Facebook Pixel in order to display our Facebook ads only to Facebook users who have shown an interest in our website or apps or who have certain characteristics (e.g., interest in certain topics or products determined based on the websites visited) that we transmit to Facebook (“custom audiences”).

By using the Facebook Pixel, we also want to ensure that our Facebook ads match the potential interests of users and are not annoying. The Facebook Pixel also allows us to track the effectiveness of the Facebook ads for statistical and market research purposes, as we can see whether users were directed to our website/app after clicking on a Facebook ad (“conversion”).

When you load our website or app, Facebook immediately embeds the Facebook Pixel, which may store a cookie on your device. When you subsequently log into Facebook or visit Facebook while logged in, your visit to our website and apps is noted in your profile. The data collected about you is anonymous from our perspective, so it is not possible for us to draw conclusions about the identity of the user. However, Facebook stores and processes the data, so it may be linked to a particular user profile. Facebook may use the data for its own market research and advertising purposes.

If we send data to Facebook for matching purposes, this data is locally encrypted and only then sent to Facebook over a secure https connection. This is done solely in order to match the data with Facebook's likewise encrypted data.

When we use the Facebook Pixel, we also use the additional function “advanced matching,” in which encrypted data is sent to Facebook to form target groups (“customer audiences” or “look alike audiences”).

Facebook processes the data within the framework of Facebook's data protection policy. Specific information and details about the Facebook Pixel and its functionality can be found in Facebook's help section.

You can object to data collection by the Facebook Pixel and use of your data to generate Facebook ads. To adjust what kind of advertisements are displayed to you within Facebook, you can load the page set up by Facebook and follow the instructions regarding settings for usage-based advertising.

In addition, you can object to the use of cookies intended for reach measurement and advertising purposes on the deactivation page of the Network Advertising Initiative. Additional opt-out choices are available here:

http://www.aboutads.info/choices

http://www.youronlinechoices.com/uk/your-ad-choices/

More information about how Facebook Pixel works and about the publication of Facebook ads in general can be found in Facebook's data protection policy.

If you wish to object to Facebook Pixel and use of your data to display Facebook ads, click here to access the corresponding Facebook page and follow the instructions relating to settings for user-oriented advertising.

Consent within the meaning of Art. 6 para 1(a) GDPR constitutes the legal basis. You can withdraw your consent at any time with effect for the future.

29. CrowdRiff

We use Crowdriff, a service provided by CrowdRiff Inc, 116 Spadina Ave., Suite 600, Toronto, ON M5KV 2K6, Canada. CrowdRiff is a marketing tool and technical solution that enables us to analyze whether our users like the visual content, in particular the images on our website, or which images are of particular interest. The analysis is performed using the same method as for tracking cookies (logging of IP addresses). To deactivate cookies, see item 19. More information about CrowdRiff can be found here.

Our overriding legitimate interest in optimizing our content under Art. 6 para 1(f) GDPR constitutes the lawful basis for this processing.

30. TikTok Pixel

On our website, we use the TikTok Pixel of TikTok Information Technologies UK Limited, 6th Floor, One London Wall, London EC2Y 5EB, United Kingdom (“TikTok”). This is a code we have implemented on our website. Through the use of this code, if you give your consent, your visit to our website generates a connection to the TikTok servers in order to track your behavior on our website. If, for example, you make a booking on our website, the TikTok Pixel is triggered and stores your actions on our website in one or more cookies. Personal data like your IP address and your email address, as well as other information like device ID, device type, and operating system can also be transferred to TikTok. TikTok uses email or other login or device information to identify users of our website and associate their activities with a TikTok user account. TikTok uses this data to display targeted and personalized advertising to its users and to generate interest-based user profiles. The collected data is anonymous and invisible from our perspective. We are only able to use it to measure the effectiveness of advertising placements.

As a rule, your data is processed within Switzerland, the EU, and the EEA. A data processing agreement has been concluded with TikTok for this purpose. If personal data is transmitted to countries outside Switzerland, the EU, or the EEA, this data transfer is governed by standard contract clauses in accordance with agreements adopted by the European Commission regarding the transfer of personal data to so-called third countries. We implement additional measures where possible. To guarantee an adequate level of data protection, TikTok also performs case-by-case reviews of transfers of personal data to third countries and reviews and analyzes legal regulations in the relevant third countries.

You can find more information about how TikTok processes data on its website.

The lawful basis of this processing is your consent within the meaning of Art. 6 para 1(a) GDPR. You may withdraw your consent at any time with effect for the future.

31. Mapz

On our website, we use the offer of Mapz, a map service of Kober-Kümmerly+Frey Media AG, Rolandstrasse 83, 50677, Cologne, Germany, to display interactive maps to you.

Through your visit to our website, Kober-Kümmerly+Frey receives the information that your IP address has loaded the site and mapz.com has delivered a map graphic to your IP address. In doing this, Kober-Kümmerly+Frey collects the following data, which is technically necessary to display the map on your device and guarantee the stability and security of the map service:

  • IP address
  • Date and time of query with timezone difference from Greenwich Mean Time
  • Content of request
  • Access status (HTTP status code)
  • Transferred data quantity
  • Website from which the request comes
  • Operating system and interface
  • Type, language, and version of browser software.

Kober-Kümmerly+Frey stores your IP address and the information listed above in an anonymized form which does not allow conclusions to be drawn about your person. Kober-Kümmerly+Frey does not transfer data to third parties and operates its server systems exclusively in member states of the European Union.

The lawful basis of this processing is your consent within the meaning of Art. 6 para 1(a) GDPR. You may withdraw your consent at any time with effect for the future.

32. LinkedIn – Insight Tag

On our website, we use the analysis and conversion tracking technology of LinkedIn Inc. (“LinkedIn”), LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. This technology of LinkedIn makes it possible to display more relevant advertising based on your interests.

We also receive aggregated and anonymous reports of ad activities and information about how you interact with our website from LinkedIn. LinkedIn is able to associate a visit to our website with your LinkedIn user account. You can find more information about LinkedIn's data protection here.

You can object to the analysis of your user behavior by LinkedIn and to the display of interest-based recommendations. To do this, click on the field “Opt out on LinkedIn” (for LinkedIn members) or “Opt out” (for other users) at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

The lawful basis of this processing is your consent within the meaning of Art. 6 para 1(a) GDPR. You may withdraw your consent at any time with effect for the future.

33. Microsoft Dynamics 365 for Marketing

On our website, we use the marketing automation system Microsoft Dynamics 365 for Marketing of the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Dynamics 365"). We use Dynamics 365 to carry out marketing activities and campaigns, for analytical purposes, and for target group-specific addressing of customers and potential customers.

In particular, we use Dynamics 365 to send email communications, for event management (e.g., for management of event participants), and to prepare landing pages and contact forms. If an unambiguous association with your person is possible, we will store and link the data described in this Data Protection Policy, i.e. especially your personal details, your contact attempts, your contract data, and your surfing behavior on our website in a central database of Dynamics 365 (a "CRM"). This enables efficient management of customer data, allows us to competently answer your questions, and enables efficient provision of your requested services and processing of the associated contracts. We analyze this data to continue refining our offer based on your needs and to display and recommend to you the most relevant information and offers. We also use methods that predict possible interests and future orders based on your website use.

We use cookies and other tools with Dynamics 365. You can find more information about the use of Dynamics 365 cookies here: https://learn.microsoft.com/en-us/dynamics365/marketing/cookies.

You can find more information about data protection in the Microsoft privacy statement at https://privacy.microsoft.com/en-us/privacystatement.

The use of Dynamics 365, performance of statistical data collection and analysis, and recording of the login procedure for communication by email are based on your consent within the meaning of Art. 6 para 1(a) GDPR. In addition, we also have an interest in the use of a user-friendly and secure system that both serves our business interests and meets user expectations. In this respect, our overriding legitimate interest within the meaning of Art. 6 para 1(f) GDPR constitutes the lawful basis for processing of the data.

34. Amendments to the Data Protection Policy

Zürich Tourism reserves the right to occasionally amend its data protection policy as required (e.g. in light of new legislation, technical developments). Any changes come into effect after they have been introduced. We therefore recommend that you check this data protection policy regularly.

35. Contact

If you have any questions about our website or data protection policy, or for inquiries relating to data access or erasure, please contact web(at)zuerich.com.

Zurich, September 23, 2022