Skip to content
W Kunsthaus Wanderwege
Legal & Data Protection

Privacy Policy

How we handle your personal data at Kunsthaus Wanderwege GmbH — transparently, minimally, and in accordance with the Swiss Federal Act on Data Protection (FADP / revDSG) and the EU General Data Protection Regulation (GDPR) where applicable to our readers in the European Union.

1. Who We Are

This privacy policy applies to the website my-kunshaus.sbs and all related services operated by:

Kunsthaus Wanderwege GmbH
Löwenstrasse 29
8001 Zürich, Switzerland
VAT: CHE-417.682.305 MWST
Company Registry: CHE-417.682.305
Phone: +41 44 218 76 40
Email: [email protected]

Kunsthaus Wanderwege GmbH is the data controller for all personal data processed through this website. We are an independent travel guide focused on Switzerland's mountain railways, alpine lakes, national parks, art museums, old towns, and seasonal festivals. We are not affiliated with any railway operator, cantonal tourism office, or museum institution mentioned in our editorial content.

For questions about how we use your data, you may contact our data protection contact at the email address above. We aim to respond to all data-related enquiries within ten business days.

2. Scope of This Policy

This policy covers personal data collected when you visit my-kunshaus.sbs, when you submit an enquiry via our contact form, and when you otherwise interact with us electronically. It does not cover third-party websites or services that we may link to editorially — for example, links to the official SBB timetable, Jungfraubahn ticket pages, or the Kunsthaus Zürich visitor information. Those services operate under their own privacy policies.

We keep this policy up to date. The current version date is noted in Section 13. If you use our guide to plan a trip — to catch the Gornergrat Bahn at sunrise, to time the Montreux Jazz Festival visit, or to compare Swiss Travel Pass options on our travel passes page — you do so as an anonymous reader and we do not collect any data in the course of ordinary browsing.

3. What Personal Data We Collect

3.1 Contact Form Data

The only mechanism through which we collect personal data is our voluntary contact form. When you submit an enquiry, we collect the following information that you provide directly:

  • Full name — so we can address you appropriately in our reply.
  • Email address — the sole channel through which we correspond with you. We do not call, SMS, or add you to any mailing list.
  • Phone number — optional field, provided at your discretion if you prefer a callback.
  • Enquiry type — selected from a dropdown (route planning, travel pass question, editorial feedback, partnership, other), which helps us direct your message to the right person.
  • Message text — the body of your enquiry, in your own words.

We do not collect any sensitive categories of personal data as defined under Article 5 of the Swiss revDSG or Article 9 of the GDPR (such as health data, religious beliefs, political opinions, or biometric data). We do not ask for passport numbers, payment card details, or booking references.

3.2 Automatically Collected Technical Data

Our web server generates standard access logs as part of normal server operation. These logs may contain your IP address, the URL you requested, the date and time of access, the HTTP status code returned, and your browser's user-agent string. This is a technical necessity for operating any website and is not used by us to profile, track, or identify individual visitors. Server logs are retained for a maximum of 30 days and then deleted automatically by our hosting provider's log rotation policy.

We do not install any analytics software, tracking pixels, session recording tools, heatmap scripts, or third-party tag managers. There is no Google Analytics, no Meta Pixel, no GTM container, no Hotjar, no Clarity, and no advertising network code of any kind on this website. When you browse our reviews of alpine lakes, read about the Swiss National Park in the Engadine, or explore our guide to Swiss art museums, your reading behaviour is not recorded or transmitted anywhere.

3.3 Cookies

This website does not set any cookies. We do not use session cookies, persistent cookies, first-party analytics cookies, or third-party advertising cookies. The absence of a cookie consent banner on this website is not an oversight — it reflects the fact that there are genuinely no cookies to consent to. You can verify this by inspecting your browser's developer tools on any page of this site.

4. Legal Basis for Processing

Under Swiss law (the Federal Act on Data Protection, FADP, fully revised version in force from 1 September 2023, also referred to as revDSG or nDSG), data processing must be based on a legitimate purpose. We process personal data submitted through the contact form on the basis of your explicit, voluntary consent (Article 6 revDSG), which you give by completing and submitting the form. Submission is entirely voluntary; there is no service or access conditioned on providing personal data.

For visitors resident in the European Union, Article 6(1)(a) of the GDPR provides the same basis: your consent, freely given, specific, informed, and unambiguous at the point of form submission.

Server access logs are processed on the basis of our legitimate interest (Article 31 revDSG; Article 6(1)(f) GDPR) in operating a stable and secure web service, diagnosing technical faults, and detecting abuse such as denial-of-service attempts. This interest is proportionate and does not override individual privacy rights given the short retention period and absence of individual profiling.

5. How We Use Your Data

Personal data submitted via the contact form is used exclusively to respond to your specific enquiry. We will reply to your question about Swiss Travel Pass coverage, a walking route suggestion near Lake Lucerne, or a correction to one of our editorial reviews, and then we stop. We do not use your contact details for any of the following:

  • Sending newsletters, promotional emails, or marketing communications.
  • Building audience profiles or behavioural segments.
  • Retargeting you with advertising on other platforms.
  • Sharing your contact details with sponsors, commercial partners, or advertisers (we have none).
  • Selling or renting your data to any third party.
  • Combining your data with information from other sources.

Once your enquiry is resolved and any reasonable follow-up period has elapsed, your contact data is deleted as described in Section 6 below.

6. Retention Periods

We apply the data minimisation principle strictly. Personal data is not kept longer than necessary for the purpose for which it was collected.

  • Contact form submissions: Email correspondence containing your name, email address, and enquiry details is retained for a maximum of 24 months from the date of your last message in the thread. This period covers reasonable follow-up needs (for example, if you write to us again about the same route question). After 24 months, the correspondence is permanently deleted from our email system.
  • Server access logs: Retained for a maximum of 30 days, after which they are automatically deleted by log rotation.
  • Backups: Our email provider may retain encrypted backups for up to 90 days after the data is deleted from the primary system. After 90 days, the data is absent from all backup media.

You may at any time request earlier deletion of your personal data. See Section 10 for the procedure to exercise this right.

7. No Tracking, No Analytics, No Advertising

We want to be unusually transparent about this because it is genuinely unusual. This website earns no advertising revenue. We do not participate in affiliate programmes with railway operators, hotel booking platforms, or tour agencies. We are not compensated by the Jungfraubahn, SBB, Swiss Tourism, the Fondation Beyeler, or any other entity mentioned in our editorial content. Our operational costs — hosting, the domain, editorial time — are funded by the founders of Kunsthaus Wanderwege GmbH out of pocket.

As a direct consequence, there is no commercial incentive for us to track readers, build audience segments, or share data with advertisers. The absence of tracking is not a privacy-compliance gesture; it is a structural feature of how this publication works. You can browse every page of this guide — our mountain railways reviews, our family attractions guide, our coverage of Swiss seasonal events like Basel Fasnacht or the Montreux Jazz Festival — and leave no personal trace other than the ephemeral server log entry described above.

8. Third Parties and Data Sharing

We do not sell, rent, licence, or otherwise transfer personal data to third parties for their own purposes. The only circumstances under which personal data might be shared are:

8.1 Hosting Infrastructure

Our website is hosted on servers operated by our web hosting provider. That provider processes server access logs on our behalf as a data processor. We have a data processing agreement in place consistent with Article 9 revDSG and Article 28 GDPR. The hosting provider is contractually prohibited from using access log data for its own purposes.

8.2 Email Service

Enquiries submitted via our contact form are received in our corporate email system. The email service provider acts as a data processor and stores email content on our behalf. We have reviewed the provider's data protection terms and they are consistent with Swiss and EU requirements.

8.3 Legal Obligations

If we are required by applicable Swiss law, a court order, or a legally binding request from a competent Swiss authority to disclose personal data, we will comply with that obligation. We will, where legally permitted, notify the affected person prior to disclosure.

In all other circumstances, your personal data stays within the systems described above and is not shared with any other party — including advertisers, analytics vendors, social media platforms, travel booking services, or any other commercial entity.

9. International Data Transfers

Kunsthaus Wanderwege GmbH is based in Zürich, Switzerland. Switzerland is recognised by the European Commission as providing an adequate level of data protection for the purposes of GDPR Article 45. Within Switzerland, the FADP (revDSG) governs data protection to a standard equivalent to European requirements.

Our hosting infrastructure is located in Switzerland or within the European Economic Area (EEA). We do not transfer personal data to countries outside Switzerland or the EEA unless they are recognised by the Swiss Federal Data Protection and Information Commissioner (FDPIC) as providing adequate protection, or unless appropriate safeguards (such as standard contractual clauses) are in place. At the date of this policy, no personal data processed by Kunsthaus Wanderwege GmbH is transferred to a jurisdiction without adequate protection.

10. Your Rights Under Swiss FADP and GDPR

You have the following rights regarding your personal data. Swiss law (revDSG) grants these rights to all data subjects in Switzerland; GDPR grants equivalent or extended rights to data subjects in the European Union.

10.1 Right of Access

You have the right to request confirmation of whether we process personal data about you and, if so, to receive a copy of that data together with information about its source, purpose, and recipients. Under the revDSG (Article 25) this right is free of charge. We will provide the information within 30 days of your request.

10.2 Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. If you gave us a misspelled name or changed your email address, simply contact us and we will update our records promptly.

10.3 Right to Erasure

You have the right to request deletion of your personal data before the end of the retention period described in Section 6. We will action such requests within 10 business days unless we are legally obligated to retain the data (for example, to comply with a court order). Given the narrow scope of data we hold — only your name, email, and enquiry message — erasure is straightforward.

10.4 Right to Restriction of Processing

Under GDPR Article 18, you may request that we restrict processing of your data in certain circumstances — for example, while you contest the accuracy of the data or object to our processing. During the restriction period we will store your data but not actively use it.

10.5 Right to Data Portability

Where processing is based on consent and carried out by automated means, you have the right under GDPR Article 20 to receive your personal data in a structured, commonly used, machine-readable format (e.g. JSON or CSV) and to transmit it to another controller. In practice, the data we hold — an email thread — can be provided as a plain text or PDF export.

10.6 Right to Object

You may object to processing based on legitimate interests (Article 21 GDPR; Article 30 revDSG). Given that the only processing on this basis is server log retention for 30 days, the practical scope of this right is limited, but it is available to you.

10.7 Right to Withdraw Consent

Where processing is based on your consent (the contact form submission), you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal. To withdraw consent, send an email to [email protected] with the subject line "Withdraw consent" and your request. We will cease processing and delete your data within 10 business days.

10.8 Right to Lodge a Complaint

If you believe we have violated your data protection rights, you have the right to lodge a complaint with the competent supervisory authority:

  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern — www.edoeb.admin.ch
  • EU residents: The data protection authority (DPA) in your country of residence or habitual establishment.

We encourage you to contact us directly first at [email protected]; most issues can be resolved quickly without formal complaint.

11. Data Security

We take technical and organisational measures proportionate to the risks involved in processing personal data. Specifically:

  • Transport encryption: All data transmitted between your browser and our server is encrypted using TLS 1.2 or higher. Our server enforces HTTPS and redirects all HTTP requests.
  • Access control: Access to our email system and server infrastructure is protected by strong passwords and, where available, two-factor authentication. Access is limited to the two founders of Kunsthaus Wanderwege GmbH.
  • Minimal data footprint: Because we collect very little data, the attack surface is correspondingly small. We do not operate a database of user accounts, a CRM, or a mailing list — there is no large repository of personal data that could constitute an attractive breach target.
  • Incident response: In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the FDPIC within 72 hours as required by Article 24 revDSG, and will notify affected individuals directly without undue delay where the breach is likely to result in a high risk.

No data transmission over the internet is completely secure, and we cannot guarantee absolute security. However, the measures described above represent the current state of good practice for a publication of our size and data profile.

12. Children's Privacy

This website and our editorial content — including our family attractions guide covering destinations such as Swiss Adventure Parks, Technorama Winterthur, and the Swiss Museum of Transport in Lucerne — is intended for adult readers planning travel. We do not knowingly collect personal data from children under the age of 16.

If you are a parent or guardian and believe that a child under 16 has submitted personal data through our contact form without your consent, please contact us at [email protected] and we will delete the data promptly. Our contact form does not include a mechanism for verifying the age of the submitter; we rely on parental supervision for this purpose.

13. Changes to This Policy

We will update this privacy policy when our data practices change or when applicable law requires amendments. The current version was last substantively updated on 1 June 2026. Material changes — for example, if we were to introduce an analytics tool, a newsletter subscription, or a new category of data collection — would be reflected here with a new date and, if significant, a notice on the home page.

We recommend reviewing this page occasionally if you use our contact form regularly. Continued use of the website after a policy change constitutes acceptance of the updated terms, but given that the only data collection triggered by use is the contact form and server logs, "use" for browsing purposes involves no personal data and therefore no meaningful consent question.

Previous versions of this policy are available on request by emailing [email protected].

14. Contact for Data Requests

All requests relating to your personal data — access, rectification, erasure, restriction, portability, objection, consent withdrawal — should be directed to:

Data Protection Contact
Kunsthaus Wanderwege GmbH
Löwenstrasse 29, 8001 Zürich, Switzerland
Email: [email protected]
Phone: +41 44 218 76 40
(Monday to Friday, 09:00–17:00 CET)

Please include in your request: your full name, your email address (so we can identify the data we hold), and a clear description of your request. We will acknowledge your request within 3 business days and fulfil it within 30 days. Identity verification may be required before we can action certain requests such as data access or erasure, to ensure we do not inadvertently act on a request made by a third party on your behalf without authorisation.

You are also welcome to use our contact page for general enquiries about this policy, though formal data rights requests sent by email to the address above are processed with priority.

15. Governing Law and Jurisdiction

This privacy policy and any disputes arising from it are governed by Swiss law, in particular the Federal Act on Data Protection (FADP / revDSG, SR 235.1) and its implementing ordinance (ADPO / VDSG, SR 235.11). The exclusive place of jurisdiction for any disputes is Zürich, Switzerland, subject to mandatory provisions of applicable EU law for data subjects habitually resident in the European Union.

For EU residents, the GDPR applies to our processing of your personal data where the GDPR has extraterritorial effect under Article 3(2) — specifically, where we offer goods or services to data subjects in the EU or monitor their behaviour within the EU. We consider our contact form to fall within this scope for EU-resident users who submit enquiries, and we apply GDPR standards (including the rights described in Section 10) accordingly.

Questions about this policy or your data? We are a small, approachable team in Zürich.

Send a data enquiry Back to home