Privacy Policy

Zürich Tourismus is an association with its headquarters at Gessnerallee 3, 8001 Zurich, Switzerland, and registered in the Commercial Register of the Canton of Zurich under number CHE-105.846.358. It is the operator of the website

When collecting, processing and using your personal data, Zürich Tourismus deems it a matter of course to comply with the requirements of Swiss data protection legislation (in particular, the Swiss Federal Act on Data Protection, FADP, and the Ordinance to the Federal Act on Data Protection, VDSG), as well as any other applicable data protection provisions of Swiss and European law (in particular the EU General Data Protection Regulation (GDPR)).

Zürich Tourismus takes data protection very seriously. In this data protection policy, we provide you with information about our company’s data processing practices.

1. Visits to the website of Zürich Tourismus

When you visit this website, Zürich Tourismus receives information that allows it to draw conclusions about your surfing behavior and thereby determine which information and offers are of particular interest to you. Cookies, web analysis tools, remarketing tools and social plugins (see item 11 et seq. below) are used in this connection. As is generally the case with connection to a web server, this data is temporarily recorded in a log file and stored by us until it is automatically deleted. This concerns the following data:

  • IP address of the requesting computer
  • Name of the owner of the IP address block (usually your internet service provider)
  • Date and time of access
  • Website from which the access originated (referrer URL), including any keywords used
  • Country from which the access originated
  • Name and URL of the accessed file
  • Operating system of the computer
  • Browser used (type, version, and language)
  • Name of your internet service provider

This data is collected and processed for the purpose of enabling the use of our website (establishing a connection), ensuring ongoing system security and stability, optimizing the website, and for internal statistical purposes. This data is not combined or saved with personal data.

Only in the event of an attack on the website’s network infrastructure, or if it is suspected that the website is being misused or otherwise used unlawfully, will the IP address be analyzed for clarification and defense purposes, and if necessary used to identify or take civil or legal action against the user concerned.

Our legitimate interest within the meaning of Art. 6 para 1(f) GDPR therefore constitutes the lawful basis for processing of the data.

2. Sharing your data with third parties

We will share your data with third parties if this is necessary in connection with use of the website.

Your data may be shared with third parties for other purposes only if you have provided your explicit consent, if we are legally obliged to do so (e.g. request by a law enforcement agency) or if necessary in order to assert our rights under the contractual relationship (e.g. debt collection measures).

We require our employees and third parties that we use to provide our services to comply with the legal data protection provisions, and we have issued the necessary directives for employees and concluded data processing agreements with third parties for this purpose.

Your data may also be shared if you use social plugins.

3. Transfer of personal data abroad

We have the right to send your personal data to companies based outside Switzerland, the EU and the European Economic Area should this be necessary for the above-mentioned purposes. The legal provisions governing the sharing of information with third parties are of course observed in such cases. These third parties are subject to the same data protection obligations as ourselves. If the level of data protection in a certain country is lower than the level of protection provided under Swiss or EU data protection laws, we take contractual measures to ensure that your personal data is afforded the same level of protection as in Switzerland or the European Economic Area (EEA) at all times.

In the interest of completeness, we point out to users based or resident in Switzerland that monitoring measures in the US by the US authorities generally permit the storage of all personal data of anyone whose data is sent from Switzerland to the US. This is done without differentiation, restriction or exception on the basis of the pursued objective and without any objective criteria that would restrict access to the data and its subsequent use by the US authorities to very specific and limited purposes that would justify the intervention associated with access and use of this data. We also wish to point out that no legal remedies are available in the US for people concerned from Switzerland that would enable them to access their data or request that it is corrected or erased, and that no effective legal protection against the general access rights of the US authorities exists. We expressly make the persons concerned aware of these laws and circumstances, in order that they can make an informed decision about consent to the use of their data.

We make residents of EU member states aware that compared with the EU, the US does not offer an adequate level of data protection due, inter alia, to the reasons mentioned in this section. In the case of the US-based recipients of data (e.g. Google) mentioned in this data protection policy, we ensure that your data is adequately protected; we do so either by means of contractual regulations with these companies or by ensuring that they are certified under the EU or Swiss-US Privacy Shield.

4. Data security

We take the appropriate measures to protect your personal data. We take the technical and organizational measures prescribed under Swiss and European data protection law to prevent unauthorized processing. This includes the following risks in particular:

  • Unauthorized or accidental destruction
  • Accidental loss
  • Technical errors
  • Forgery, theft or misappropriation

Unauthorized modification, copying, access or other use.

Our security measures are continuously updated in line with technological advances. We also take data protection within our own company very seriously. Our employees and contractual service providers are required to maintain confidentiality and comply with the provisions of the data protection laws.

5. Your rights as a user (access, erasure, correction)

You have the right to request information on the processing of your data. Furthermore, you are entitled to request that incorrect data is deleted or that your personal data is erased completely. Any such requests should be sent in writing or by email to web(at) Sample texts for this purpose are available on the website of the Federal Data Protection and Information Commissioner. We advise you that we reserve the right to request proof of identity and that you may no longer be able to use our services (or not to the full extent) if your data is deleted.

If you have provided your consent to processing of your data in a certain way, you may withdraw your consent to future processing of this data.

Please note that certain data is subject to statutory retention periods and we are required to store such data until expiry of these periods. We lock these files in our system and use them solely for the purpose of fulfilling our legal obligations.

6. Cookies

Cookies are small text files that your browser stores automatically on your hard drive when you visit a website. These cookies enable storage of your settings (e.g. language or currency), so that our website is easier to use. Cookies cannot harm your hard drive. Furthermore, no new personal data is sent to us by the cookies. Most web browsers accept cookies automatically. However, you also have the option of disabling cookies in your browser.

7. Amendments to the data protection policy

Zürich Tourismus reserves the right to occasionally amend its data protection policy as required (e.g. in light of new legislation, technical developments). Any changes come into effect after they have been introduced. We therefore recommend that you check this data protection policy regularly.

8. Contact

If you have any questions about our website or data protection policy, or for inquiries relating to data access or erasure, please contact mail(at)

Zurich, 06.06.2019