Our data protection and how we use data
We consider data protection important, which is why we explain below how we collect data and what we do with it. As a rule, we use general data—such as website visits, origin, or language preferences—to analyse our customer base so that we can strategically plan new products or marketing activities. We use detailed data—such as addresses or dates of birth—only when needed for a specific purpose (registrations, newsletters, contest participation). We do not share any of this data with third parties unless it is required for the intended purpose, for example sending the list of winners in a competition. Wherever we collect or store data, we provide transparent information about it.
1. General Data Protection
Based on Article 13 of the Swiss Federal Constitution and the federal data protection regulations, every person has the right to protection of their privacy and protection against the misuse of their personal data. At the cantonal level, data protection is governed by the Act on Public Information, Data Protection and Archiving (IDAG) of 24 October 2006 and the corresponding Ordinance (VIDAG) of 26 September 2007. In the city of Baden, the Ordinance on Public Information, Data Protection and Archiving (VIDA) of 22 December 2008 (KER, 150.100 Information, Data Protection and Archiving) has also been in force since 1 January 2009. It contains supplementary and implementing provisions to cantonal law.
TourismusRegion Baden AG complies with the applicable data protection regulations of the city of Baden as well as the relevant federal and cantonal data protection laws. Personal data is treated with strict confidentiality and is neither sold nor passed on to third parties.
2. Technical Data Protection
In close cooperation with our hosting providers, we protect our databases with the utmost care against unauthorized access, loss, misuse, or falsification. Systems for detecting intrusion attempts are also used to better safeguard the integrity of published data as well as data transferred between users and the website. To the extent permitted by law, no guarantee is provided for the integrity and confidentiality of the data.
When accessing the websites of TourismusRegion Baden AG, the following data is stored in log files: IP address, date, time, browser request, and general information about the operating system and browser used by the device. These usage data form the basis for statistical, anonymous analyses that help identify trends, enabling continuous optimisation of TourismusRegion Baden AG’s online services. At the same time, the data is used for the further development and expansion of the city’s marketing activities.
3. Plugins
3.1 Metaverse Plugins
Facebook Plugins
The websites of TourismusRegion Baden AG include plugins from the social network Metaverse. Facebook plugins are identifiable by the Facebook logo or the "Like" button. An overview of the Facebook plugins used can be found at: developers.facebook.com/docs/plugins/.
When our websites are visited, the plugin establishes a direct connection between the browser and the Facebook server. Through this, Facebook receives the information that the website www.deinbaden.ch was accessed from the respective IP address. If the Facebook “Like” button is clicked while the user is logged into a Facebook account, content from our pages can be linked to the user’s Facebook profile. This enables Facebook to associate the visit to www.deinbaden.ch with the corresponding user account.
We would like to point out that TourismusRegion Baden AG has no knowledge of the content of the transmitted data or how Facebook uses it. Further information can be found in Facebook’s privacy policy at www.facebook.com/about/privacy/. To prevent Facebook from associating visits to our pages with a Facebook user account, users must log out of their Facebook account.
Instagram Plugins
Functions of the Instagram service are integrated into our website. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If an Instagram account is used and the user is logged in, clicking the Instagram button allows content from our pages to be linked to the corresponding Instagram profile. This enables Instagram to associate visits to our pages with the relevant user account.
We point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data or how Instagram uses it. Further information can be found in Instagram’s privacy policy: instagram.com/about/legal/privacy/
3.2 Airtable
The website uses forms provided by Airtable, which complies with GDPR standards and is ISO/IEC 27001 and SOC 2 certified. Data collected through these forms is used exclusively for the intended purpose and is regularly deleted. Airtable does not use or share any data or information collected through the forms. More information can be found at: https://support.airtable.com/docs/gdpr-at-airtable
3.3 Google Maps
This website uses the map service Google Maps, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
To enable the use of Google Maps, it is necessary to process the IP address. This information is generally transmitted to and stored on a server operated by Google in the United States.
The use of Google Maps is based on consent in accordance with Art. 6(1)(a) GDPR and the revised Swiss Federal Act on Data Protection (revFADP), where applicable.
The transfer of data to the United States is based on the Standard Contractual Clauses approved by the European Commission.
Further information on data processing by Google can be found in Google’s privacy policy:
https://policies.google.com/privacy
Consent can be withdrawn at any time via the website’s cookie or consent settings.
4. Analytics Tools
4.1 Google Analytics
General Information
The websites of TourismusRegion Baden AG used features of the web analytics service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies,” which are text files stored on the user’s device and which enable an analysis of website usage. The information generated by the cookie about the use of this website is generally transmitted to a Google server in the USA and stored there in anonymised form.
IP Anonymisation
We activated IP anonymisation on this website. This means that Google shortens the IP address within member states of the European Union or other contracting states of the Agreement on the European Economic Area before transferring it to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google uses this information to evaluate website usage, compile reports on website activities and provide other services related to website and internet usage. The IP address transmitted by the browser as part of Google Analytics will not be merged with other Google data.
Browser Plugin
The storage of cookies can be prevented by adjusting the browser settings. However, we would like to point out that in this case not all functions of this website may be fully usable. Users may prevent the collection of cookie-generated data related to their website usage (including IP address) and the processing of such data by Google by downloading and installing the browser plugin available at the following link:
tools.google.com/dlpage/gaoptout?hl=de
Objection to Data Collection
Users can prevent Google Analytics from collecting their data via the following link. An opt-out cookie will be set, which prevents future data collection when visiting this website: Disable Google Analytics.
Further information on how Google Analytics handles user data can be found in Google’s privacy policy:
support.google.com/analytics/answer/6004245?hl=de
Demographic Features in Google Analytics
This website used the “demographic features” function of Google Analytics. This allows the creation of reports containing information about the age, gender, and interests of website visitors. These data originate from Google’s interest-based advertising and from third-party visitor data. These data cannot be attributed to any specific individual. This function can be deactivated at any time via the ad settings in the user’s Google account, or users can generally prevent the collection of data by Google Analytics as described in the section “Objection to Data Collection.”
4.2 Plausible Analytics (until February 2026)
We use the analytics software Plausible Analytics ("Plausible") on our own servers in order to continuously optimise our website—both technically and in terms of content. Plausible is a GDPR-compliant open-source software provided by Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia. By using Plausible on our servers, we follow a particularly privacy-friendly approach to analysing website visits. For this purpose, Plausible collects, among other things, the following information:
Date and time of the visit
Title and URL of the pages visited
Referring links
Current country of residence
User agent of the browser software
Plausible does not use or store cookies on the user’s device. All personal data (e.g., IP addresses) are fully anonymised and stored in the form of a so-called hash. A hash is an encrypted data format that cannot be reversed or decrypted. This allows us to analyse individual visits without storing personal data in a form that would be readable by us or others. The legal basis for this processing is consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent may be withdrawn at any time with effect for the future.
5. Newsletter via Brevo
When subscribing to the newsletter, an email address is required, as well as information that allows us to verify that the provided email address belongs to the respective owner and that they consent to receiving the newsletter. No additional data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
For sending our newsletter, we use the newsletter tool Brevo (formerly Sendinblue), operated by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Brevo provides extensive analytics on how newsletters are opened and used. These analyses are group-based and are not used by us for individual evaluation. Further information can be found in Brevo’s privacy policy.
Data Processing
The processing of data entered into the newsletter subscription form is based on consent (Art. 6 para. 1 lit. a GDPR). Consent given for the storage of data, the email address, and its use for sending the newsletter may be revoked at any time, for example via the “unsubscribe” link in the newsletter. The lawfulness of data processing already carried out remains unaffected by the withdrawal of consent.
Storage Duration
Data stored for the purpose of sending the newsletter will be retained until the user unsubscribes and will be deleted after cancellation. Data stored for other purposes remain unaffected.
6. Online Shop
6.1 Peppershop E-Commerce
Our online shop is operated using the Peppershop E-Commerce product by Glarotech, based in 9500 Wil, and is a certified Trusted Shop. No derived values, such as price calculations, are transferred via forms; instead, they are recalculated each time based on customer-modifiable data. Furthermore, identifiers for access (customer identification, session identification, etc.) are selected from a value range with sufficiently high entropy so that they cannot be guessed. Peppershop has been available internationally since 2001 and has continually been updated to comply with current legal requirements, including the EU General Data Protection Regulation (GDPR).
We collect, store, and process data in the online shop that is necessary for processing the purchase order, any subsequent warranty handling, and for sending information regarding offers, updates, etc. Personal data is collected when it is voluntarily provided to us during the ordering of goods or services or when opening a customer account. Personal data is only passed on to service providers involved in fulfilling the order, such as SIX, PostFinance, Swiss Post, or Datatrans.
If payment conditions are not met (e.g., delayed payment of an invoice issued by us), order-related data may be forwarded to the relevant debt collection agency to initiate the collection process. Payment data is encrypted during transmission to the payment provider as part of the ordering process.
Further information can be found at: https://www.peppershop.com/de/datenschutz/
7. Online Payments
We use specialised service providers to process payments from our customers securely and reliably. For the processing of payments, the legal texts of the individual service providers—such as their Terms and Conditions (T&Cs) or Privacy Policies—apply in addition to our own.
Processing payments in Switzerland
Provider: TWINT AG (Switzerland)
Privacy information: “Data Protection for TWINT Apps”, “Website Privacy Policy”, “General Terms and Conditions for the Use of TWINT”, including the section on “Data Protection”.
Worldline (formerly SIX Payment Services)
Processing mobile and online payments
Providers:
Worldline Schweiz AG (Switzerland)
Worldline Financial Services (Europe) S.A. (Luxembourg)
Worldline Payment Services (Germany) GmbH (Germany)
Worldline Financial Services (Europe) S.A., Austrian branch
Privacy information: Privacy Policy, “Customer Information on Data Protection”.
8. Information and Enquiries
If you have any questions regarding the collection, processing, or use of personal data, or if you wish to request information, correction, blocking, or deletion of data, or to withdraw consent that has been granted, you can reach us as follows:
TourismusRegion Baden AG
Badstrasse 31
5400 Baden
Phone: +41 56 200 15 30
Email: info@deinbaden.ch
Updated: December 2025