Privacy

Browsing the website www.ascona-locarno.com and using the resources mentioned therein – such as e-mail addresses (in particular: info@ascona-locarno.com, web@ascona-locarno.ch and privacy@ascona-locarno.com), the virtual assistant (chatbot), telephone numbers (in particular: 0848 091 091) and the newsletter (hereinafter collectively the “Website”) – involves the collection and processing of information about the user (hereinafter the “Personal Data”) by the Lake Maggiore and Valleys Tourism Organization, a public law entity under Art. 3 of the Tourism Law of the Republic and Canton of Ticino(LTur) (hereinafter the “Tourism Organization”).

By making personal data available or by using the Website (including contact information provided therein), the user (hereinafter the “User”) acknowledges that personal data is processed lawfully and in the manner and for the purposes and in the manner set forth herein or inferable therefrom (hereinafter the “Data Protection Information”).

The purpose of this document is to inform you about what personal data are collected, what processing activities are carried out within the Website and related resources, what purposes are pursued, who the recipients of the personal data are, and whether a transfer abroad takes place.

The Data Protection Information is divided into a general part with information that applies to the use of the Website and related resources, as well as special parts with information that applies to the use of specific resources.

Aspects of the processing of personal data in relation to the use of goods and/or services are governed by law and/or by any contracts entered into between the parties, or-if necessary-are the subject of special notices made available to the User through appropriate digital channels (Website and e-mail) or through paper documents (sent by mail or available at the physical counters indicated in the “Contact” section).

The e-commerce area under the “SHOP” icon on the Website can be reached at https://shop.ascona-locarno.com. It is outside the scope of this information. The User is referred to the information published on the shop homepage as well as the legal and contractual conditions.

OFFICER RESPONSIBLE FOR THE WEBSITE │ CONTACTS
Responsible for the Website-as the owner of the content and the office that determines the purpose and method of processing personal data-is theLake Maggiore and Valleys Tourist Organization, a Ticino public law body.

Important notice: to protect the security of the Tourist Organization and its employees, filters are used. An electronic message is considered to have been received only if there is a reply or confirmation of receipt. Otherwise, the User must assume that the message has not been delivered.

Contact:
– Postal address: Via Luigi Lavizzari 10c, Casella Postale, 6601 Locarno (Switzerland) (offices and counters)
– E-mail:
– General requirements: info@ascona-locarno.com
– Digital themes: web@ascona-locarno.com
– Data protection: privacy@ascona-locarno.com
– Physical counters (information on accessibility and opening hours: Contacts | Ascona-Locarno):
– Via Bartolomeo Papio 5, 6612 Ascona
– Piazza Stazione / SBB Station, 6600 Locarno-Muralto
– Via Leoncavallo 25, 6614 Brissago
– Valley Point Center, 10 Via Vallemaggia, 6670 Avegno
– Via Brere 3, 6598 Tenero
– Via Cantonale 29, 6574 Vira Gambarogno

OUR DATA PROCESSING PHILOSOPHY
The Tourism Organization collects and uses personal data to operate the Website and the tools and resources mentioned therein in a simple and secure manner. In addition, it collects and processes personal data necessary to fulfill the tasks transferred to regional tourism organizations (RTOs) in Article 14 of the Tourism Law of the Republic and Canton of Ticino(LTur) (Reference).

The Tourism Organization profiles users for the purpose of creating aggregate (anonymized) statistics and – subject to the explicit consent of data subjects – for the creation of behavior-based advertising messages.

The Tourism Organization does not sell, rent, trade or lend personal data to third parties.

In order to expand and improve the services and products offered, the Tourism Organization analyzes the use of the Website and mentioned resources in aggregate form, thus ensuring the anonymity of users, with the exception of personal data provided as part of newsletter registration. Personalized analysis of user behavior occurs only with the user’s consent.

The Tourism Organization gives preference, where permitted and necessary (in particular, if there is no legal basis justifying the processing), to the explicit consent of the data subject as the justifying ground for processing, and entrusts the performance of processing only to carefully selected suppliers of goods and services-particularly in the IT sector-who have assumed appropriate obligations regarding the protection of personal data.

When registering for services, for profiling activities, for inclusion in databases, management systems and the like, or for sending forms – for example, when subscribing to the newsletter or “Pardy” initiatives – the Tourism Organization, to the extent that the processing is not prescribed or permitted by law, obtains the consent of data subjects via the Website and sends an e-mail to confirm the consent given (“Double-Opt-In”).

The consent given can be revoked at any time – in general or specifically – by clicking, where possible, on the content received (e.g., “Here you can unsubscribe” at the end of the newsletter), by managing your own data protection settings via the panel on the homepage of the Website (cookies and other tracking tools), or by writing to privacy@ascona-locarno.com.

The Tourism Organization also gives priority to data processing in Switzerland. Processing abroad is limited to states whose legislation adequately guarantees the protection of personal data according to the Federal Council’s findings underAnnex 1 of the Federal Council’s Ordinance on Data Protection (OPDa).

ACCEPTANCE OF INFORMATION │ ACCEPTANCE │ CHANGES
The version valid at the time of access to the Website or use of the resources mentioned therein shall prevail. The current version can be accessed via the corresponding link in the footer of each page of the Website. Since changes are published online only, it is the User’s responsibility to carefully check the status of the information before using the Website or contacts. The Tourism Organization reserves the right to update the information at any time, particularly in accordance with developments in applicable law, functionality as well as services and products offered to the User.

REFERENCE TO EUROPEAN DATA PROTECTION LAW
Switzerland is not a member state of the European Union (EU); therefore, European law is not directly applicable. Article 3(2) of the General Data Protection Regulation (EU) 2016/679 (hereinafter “GDPR”) provides that the regulation applies to offices outside the EU if data processing is based on (i) offering goods or services to individuals in the EU or (ii) observing the behavior of individuals in the EU.

The Tourism Organization does not direct its activities to the EU through the content of the Website and does not monitor the behavior of people in the EU; in this regard, it is limited to collecting anonymized or pseudonymized data (without an attribution table) for the creation of aggregate statistics. The GDPR is therefore not applicable. The adequacy of Swiss law with European law was confirmed by the European Commission in its decision of January 15, 2024(Adequacy Decision).

For the (exceptional) case of applicability of the RGPD, this document serves as information under Articles 13 and 14 RGPD. In addition to all the protective rights of the RGPD, the User may assert against the Tourism Organization the rights mentioned in Articles 15, 16, 17, 18, 19, 20, 21, 22 RGPD. The User has – within the limits and conditions of the law – at any time the right to obtain information about his or her personal data, to request its rectification or deletion, to request the restriction of processing, to object to processing as well as to exercise the right to data portability. If the processing is based on Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, the User has the right to revoke his consent at any time. He/she also has the right to lodge a complaint with the competent supervisory authority. In the case of data portability, the Tourism Organization shall make available personal data about the User – subject to Art. 20 para. 3 and 4 RGPD – in a structured, commonly used and machine-readable format.

Without prejudice to further administrative and judicial remedies, if you believe that the processing of personal data about you violates the RGPD, you have the right to lodge a complaint with the competent data protection supervisory authority (EU: List of national authorities).

References to the RGPD should in no case be construed as a voluntary submission to that regulation or to the supervision and/or decision-making power of any foreign authority (in relation to Switzerland).

LEGAL FRAMEWORK │ BASIC CONCEPTS │ USER OBLIGATIONS │ SERVICE PROVIDERS
Applicable law. The processing of personal data via the Website and the contacts mentioned therein is in principle subject to cantonal data protection law(DPA). This is without prejudice to the Federal Data Protection Act(DPA) in relation to the processing of personal data in the context of an economic activity that is not derived from public authority.

What is meant by personal data according to the LPDP? Indications or information that enable, directly or indirectly, the identification of a person-individual or legal entity.

What is meant by personal data according to the DPA? All information concerning an identified or identifiable natural person, such as first name, last name, address, date of birth, e-mail, phone number, IP address(what is that?), personal preferences and interests, purchases made, websites visited, geolocation and movement data, etc.

Who is an interested person? The natural person whose personal data are being processed.

What are data particularly worthy of protection under the LPDP? Information on religious, philosophical or political opinions or activities, the private sphere, mental, mental or physical state as well as crimes committed, sentences imposed and measures taken. Taking into account the current revision of the law, this definition will presumably be expanded as follows: a) religious, philosophical, political or trade union opinions or activities; b) membership in a race or ethnic group; c) physical, mental or psychic state; d) private sphere; e) genetic data; f) biometric data; g) data on administrative, criminal and civil proceedings, prosecutions and penalties; and h) data on social welfare measures.

What are personal data particularly worthy of protection under the DPA? Personal data particularly worthy of protection are (i) indications of religious, philosophical, political, or trade union opinions or activities, (ii) data relating to health, privacy, or membership in a race or ethnic group, (iii) genetic data, (iv) biometric data that uniquely identify a natural person, (v) data relating to administrative and criminal prosecutions and sanctions, and (vi) data relating to social welfare measures.

What is profiling? An automated processing of personal data consisting of using such data to evaluate certain personal aspects of a natural person, particularly to analyze or predict aspects of that person’s job performance, economic situation, health, preferences, interests, trustworthiness, behavior, whereabouts, and movements.

What is high-risk profiling? Profiling that, due to data linkage that enables the assessment of essential aspects of a natural person’s personality, poses a high risk to his or her personality or fundamental rights.

Obligation to protect access data and personal devices. The use of the Internet and e-mail is exposed to security risks. The User is obliged to adequately protect his/her devices and confidential data (such as user name, password and PIN) and to implement the security recommendations of experts. In this regard, the User indemnifies and holds the Tourism Organization harmless.

Obligation to report corrected data as well as changes. The User is responsible for the correctness of the personal data communicated to the Tourist Organization. Likewise, the User is obliged to communicate spontaneously and immediately (by counter, mail, or telephone; for confidential information, if possible not by e-mail) any changes in personal data, so that the records and databases of the Tourist Organization can always be up-to-date. The legal obligations of communication and filing of official documents shall prevail.

Legal basis of data processing. A processing of personal data is unlawful if it constitutes a violation of fundamental rights or personality. Depending on the case, the violation may be justified by the consent of the data subject, the performance of a public task, an overriding public or private interest (if the DPA is applicable), or by law (e.g., in the case of systematic processing under the DPA).
Where permitted and/or required by law-for example, for marketing or advertising activities within the meaning of the DPA that include profiling of the User, the use of automated individual decisions, or the processing of data particularly worthy of protection-the Tourism Organization obtains the User’s informed consent through electronic (online or via e-mail) or analog (mail) channels.

General disclaimer │ User’s obligations in case of electronic communication. Given the nature of the Internet as an “open network,” the Tourism Organization cannot guarantee that data transmitted or received by the User will not be falsified, intercepted, or obtained by unauthorized third parties. The User undertakes to verify by telephone all electronic communications and documents of the Tourist Organization (including electronic communications and invoices) that do not validly bear a qualified electronic signature or electronic seal attributable to the Tourist Organization or its employees and that involve payments, the execution of instructions or the transmission of confidential documents, before fulfilling the request. Your choice of your e-mail service provider as well as the proper and secure handling of your personal information outside of the Website is your sole responsibility.

Authorization to use e-mail. The User is advised that electronic mail does not guarantee the confidentiality, authenticity, and integrity of data being transmitted. It is therefore possible for unauthorized persons to access the information and modify its contents or otherwise manipulate it. It is recommended not to send confidential information and data via e-mail. By indicating your e-mail address, you authorize-unless explicitly provided otherwise-the Tourism Organization to transmit the requested documents and information, including any personal or confidential or secret information, via uncertified and unencrypted e-mail and you assume the associated risks.

Retention period of personal data. The tourism organization retains personal data for as long as necessary in relation to the purposes for which it was collected (e.g., as part of tourism promotion and destination marketing) or to the extent that there is a legal obligation or authorization to retain it. If the purpose for which the data were collected ceases to exist or the legal obligation or authorization to retain the data ceases to exist, the tourism organization will immediately delete the data or irreversibly anonymize them, subject to any obligations or retention rights contractually granted to the tourism organization in non-sovereign economic contexts. Personal data related to the newsletter is retained until the user deletes it. The user may request detailed information from the tourist organization about the retention policy for a specific processing.

Third-party suppliers of goods and services as recipients of personal data. As part of the management of the website and associated resources (in particular: administration, management systems, e-mail, chatbots, telephony, web design, maintenance and hosting), the tourism organization uses external service providers. These have access to the data only to the extent that this is strictly necessary for the performance of their tasks, subject to contractual assumption of appropriate confidentiality and destination constraint obligations.
Personal data and service providers may only be established in Switzerland or – where permitted – in foreign states by an adequacy decision of the Federal Council (see Annex 1 of the Federal Council Ordinance on Data Protection – OPD).
The complete and up-to-date list of service providers can be consulted at the tourist organization. For data and systems security reasons, some information may be anonymized or masked.

DETAILED INFORMATION ON TREATMENT ACTIVITIES

Navigation on www.ascona-locarno.com
Subject to legally mandated processing, as well as exceptions, waivers, and limitations to the duty to inform, processing can be summarized as follows:
– Data processed: (i) IP address of the user’s device(what is it?); (ii) pages visited by the user; (iii) browser settings and properties (name, language, plug-ins installed); (iv) approximate location based on IP address (usually location of Internet access provider); (v) cookies/chatbot conversations/form content (see corresponding sections).
– Purposes: (i) to enable navigation; (ii) technical diagnosis/monitoring, analysis and aggregate statistics on the use of the website for the verification and optimization of security, user-friendliness and quality of services and content, as well as for the introduction of new content, products, services, functions and interfaces.
– Recipient: website hosting service provider.
– Overseas transfers: none.
– Transparency additions: (i) users’ IP addresses are automatically and permanently deleted after 30 days; (ii) website hosting is provided by a Swiss company based in the Canton of Ticino and redundant computer centers in Switzerland; hosting is configured so that data is stored in Switzerland; (iii) the tourism organization is not able to trace the identity of the user through the IP address.

E-mail (various e-mail addresses published on the website).
Subject to legally obligatory processing, as well as exceptions, derogations and limitations of the obligation to provide information:
– Data processed: (i) e-mail/phone number of the sender; (ii) identity of the sender; (iii) content of the communication; (iv) IP address of the user’s device(what is it?); (v) telecommunications data and metadata.
– Purposes: (i) correspondence with the user; (ii) inclusion in files when fulfilling a legal or contractual obligation (including attachments); (iii) archiving; (iv) accounting support, if the correspondence is relevant for tax or accounting purposes.
– Recipients: the tourism organization’s e-mail service is operated in the (public) cloud; the relevant personal data are accessible to the cloud service provider as part of the e-mail service, as well as to two companies based in Switzerland that are responsible for the administration and maintenance of the service.
– Transfers abroad: none.
– Transparency integrations: (i) messages are stored in Switzerland; (ii) the e-mail service is provided by a U.S.-based group of companies registered with the US-Swiss Privacy Framework, active in Switzerland through a subsidiary in Dublin, Ireland, and operates redundant data centers in Switzerland; (iii) backups are created and maintained in encrypted form by an IT company based in Ticino on servers in Switzerland; deletion from backups occurs within 18 months.

Virtual Assistant (Chatbot)
Subject to legally mandated processing, as well as exceptions, waivers and limitations to the duty to inform:
Data processed: (i) IP address of the user’s device(what is it?); (ii) telecommunication data and metadata, including date and time of each application and number of sessions; (iii) browser and browser language; (iv) personal data entered by the user into the virtual assistant; (v) chat content (input and output).
– Purposes: (i) provision of the virtual assistant service; (ii) performance of analysis and statistics on usage and risks, quality assurance and service improvement, reporting.
– Recipients: the virtual assistant is a (public) cloud service of a U.S.-based business group registered with the US-Swiss Privacy Framework, operating in Switzerland through a branch office in Dublin, Ireland, and operating redundant data centers in Switzerland; also accessed by three Swiss-based companies for evaluation, administration, and maintenance of the service.
– Transfers abroad: none.
– Transparency integrations: (i) employees of the tourism organization, cloud service provider, Swisscom, and IT service and support providers have access to (anonymous) chat content; (ii) the assistant’s user is not identified or identifiable, unless he or she discloses information in the chat that makes him or her identifiable; (iii) data is stored in Switzerland; (iv) chats are automatically deleted after 6 months; (v) data (especially chats) are not used for AI model training.

Various online forms
Subject to legally obligatory processing, as well as exceptions, derogations and limitations of the duty to inform:
– Data processed: (i) personal data requested in the respective online form; (ii) content of the communication; (iii) IP address of the user’s device(what is it?); (iv) telecommunication data and metadata.
– Purposes: (i) identification of the sender; (ii) communication/interaction with the user; (iii) verification of the user’s legitimacy; (iv) inclusion in files in case of fulfilling a legal or contractual obligation (including attachments); (v) archiving; (vi) subscription to the newsletter upon the user’s explicit consent, where required by law; (vii) accounting support, if the correspondence is relevant for tax or accounting purposes.
– Recipients: (i) offices and authorities responsible for tourism promotion and the fulfillment of related tasks under cantonal law, in particular through the cantonal platform for the exchange of tourism information (with related database); (ii) the online forms are integrated services of the following data controllers: (i) Salesforce – SFDC Ireland Limited, Dublin (Ireland), for forms on the platform of the same name(www.salesforce.com/eu/ch), specifically: https://www.ascona-locarno.com/de/newsletter and https://www.ascona-locarno.com/de/newsletter/newsletter-myhome;(ii) Jotform – Jotform Ltd UK, for the modules on the “Jotform” platform(www.jotform.com), for all other modules.
– Overseas transfers: Germany (EU) (Jotform); Ireland (EU) (Salesforce).
– Transparency supplements: mandatory fields are only those marked with an asterisk (*).

Newsletter
Subject to legally obligatory processing, as well as exceptions, derogations and limitations of the obligation to provide information:
– Data processed: (i) e-mail address, first and last name; (ii) children’s names and date of birth (“Pardy” form); (iii) language; (iv) telecommunication data and metadata; (v) information about opening the e-mail, time, duration of reading and activation/viewing of its contents.
– Purposes: (i) sending the newsletter to the user; (ii) consent and refusal management; (iii) statistical analysis of newsletter and website usage for optimization of security, ease of use and quality of services and content, as well as introduction of new content, products, services, features and interfaces; (iv) behavioral advertising and profiled marketing.
– Recipients: Salesforce – SFDC Ireland Limited, Dublin, Ireland, as data controller, provider of the CRM platform and newsletter delivery.
– Overseas transfers: Ireland (EU).
– Transparency supplements: (i) information about opening, time, reading duration and activation/viewing of content is collected and analyzed in a personalized manner only after explicit consent to processing for behavioral advertising and profiled marketing purposes; (ii) the newsletter is a free and optional service with news about Ascona-Locarno activities; (iii) unsubscribing from the mailing list is possible at any time with immediate effect via the link “Here you can unsubscribe” at the bottom of each e-mail; (iv) the data of minors disclosed in connection with the subscription to the newsletter “Pardy” (name and date of birth) are not used for direct and profiled marketing and are automatically deleted when they reach 18 years of age and in case of cancellation; the newsletter will continue to be sent to the address provided by the applicant until cancellation.

Online contests and competitions
If the user participates in a contest posted by the tourism organization on social media, the tourism organization has no control over the data processing of the respective social network with which the user is registered. Therefore, it does not perform any verification and assumes no obligation or responsibility in this regard. It is the sole responsibility of the user to inform themselves prior to participation by consulting the data protection information of the respective social network.

As the organizer of the contest-both on social media and on the website-the tourism organization carries out the following data processing. Any special notices communicated to participants via a link at the bottom of the contest entry are subject to and given priority.

Subject to legally obligatory processing, as well as exceptions, derogations and limitations of the duty to inform:
– Data processed: (i) participants’ profile data (first name, last name, pseudonym, nickname, social network); (ii) contest data (social network, title of the contribution, date and period of publication), data related to the requested activity (e.g. comment to the contribution, date and time of the activity); (iii) data of the winner/winner (first name, last name, date of birth, address, phone number and e-mail address, language).
– Purpose: (i) to enable participation in the contest; (ii) to determine the winner/winner in accordance with the terms of the contest; (iii) to communicate the result to the winner/winner (via private message); (iv) to send/deliver the corresponding prize or title; (v) to communicate the winner’s/winner’s identification data to the prize sponsor upon his/her request (e.g., hotel, organizer, restaurant, cinema, theater, etc.); (vi) to store the contest data for tax, accounting and/or administrative purposes.
– Recipients: none, with the exception of the prize sponsor (limited to data related to the prize and the winner/winner).
– Transfers abroad: none.
– Transparency additions: (i) data source: data subject; participant’s public profile in the respective social network; (ii) automated individual decisions: none; (iii) within 30 days after the prize is awarded, personal data are destroyed or anonymized; data relevant for accounting purposes are retained for 10 years from the end of the relevant fiscal year.

Evidence of telephone connection (website contacts).
Subject to legally required processing, as well as exceptions, derogations and limitations to the obligation to provide information:
Data processed: (i) telephone number (mobile or landline); (ii) time and duration of call; (iii) caller location (area code/roaming); (iv) telecommunications data and metadata.
– Purposes: (i) communication with the user (including the possibility of calling back the data subject and revealing his/her identity/phone number); (ii) inclusion in files in case of fulfilling legal or contractual obligations; (iii) archiving; (iv) creation of statistics on call center activity.
– Recipients: since this is a virtual telephone exchange hosted in the (public) cloud, personal data are accessible to the cloud service provider as well as to two Swiss-based companies in charge of administration and maintenance; in addition, phone numbers, call times and call durations are extracted from the cloud exchange and statistically evaluated for the call center via the QueueMetrics platform(www.queuemetrics.com), operated by a Swiss-based company.
– Transfers abroad: none.
– Transparency integrations: (i) telephone connection evidence (subject to legal retention requirements) is destroyed within 45 days of the call; (ii) the virtual telephone exchange is a cloud service of a U.S.-based business group registered with the US-Swiss Privacy Framework, operating in Switzerland through a subsidiary in Dublin, Ireland, and running redundant data centers in Switzerland; (iii) data (including those in QueueMetrics) are stored in Switzerland; (iv) conversations are not recorded.

General marketing and advertising communications
To the extent permitted by law, the tourist organization uses personal data for sending general marketing and advertising communications, provided that the user has given his or her consent; this is without prejudice to the tourist organization’s right, within the framework of existing or previous contractual relationships, to transmit advertising and offers for its own and similar goods, works and services in compliance with legal requirements.
– Data processed: (i) name/surname; (ii) postal address; (iii) e-mail address; (iv) phone number; (iv) IP address of user’s device(what is it?).
– Purposes: (i) execution of manual and automated direct marketing activities by sending information and advertising materials, surveys, events and initiatives related to products and/or services, including postcard campaigns; (ii) creation of a personal CRM file.
– Communication channels: website, SMS, chat, phone calls with or without collaborators, mail and e-mail.
– For the rest, please refer to the information on the respective product, service or tool used that triggered the data collection (see special sections).

Marketing communications and advertising based on automated analysis of user behavior (profiled marketing)
To the extent permitted by law, the tourist organization uses personal data for profiled marketing purposes if the user has given (explicit) consent; this is without prejudice to the tourist organization’s right, within the framework of existing or previous contractual relationships, to transmit advertising and offers for its own and similar goods, works and services in compliance with legal requirements.

– Data processed: those collected as part of the basic relationship with the user (see special sections), including: (i) name/surname; (ii) postal address; (iii) e-mail address; (iv) telephone number; (v) IP address; (vi) data provided by the user; (vii) products and services purchased (including third parties), activities; (viii) information about the stay (hotel, travel, family composition, duration, period, type of stay, etc.); (ix) websites visited; (x) links activated in the newsletter; (xi) country of origin, nationality, age, profession, marital status.
– Purposes: automated profiled marketing and behavioral advertising through: (i) sending of informational and advertising materials, surveys, events and initiatives related to products and/or services; (ii) analysis and statistics for optimizing consumption, ease of use and quality of products, services and content, as well as for introducing new suppliers, contests, products, services and content (especially through newsletters and cookies; see special sections); (iii) creation of a personal CRM file.
– For the rest, please refer to the information on the product, service or tool used that gave rise to the data collection (see special sections).

LINKS TO THIRD-PARTY RESOURCES
The website may contain links to third-party websites, services and other Internet resources. The tourism organization assumes no responsibility for the content, security, or usability of such sites and resources; in particular, it does not verify or provide any guarantees regarding the privacy and data policies of such third parties.

SECURITY
The tourism organization shall, in the respective circumstances, take appropriate and proportionate security measures to prevent unauthorized access, unauthorized use, transmission, modification, loss, or destruction of personal data.
These measures include technical, physical, and organizational precautions.
Given the nature of the Internet as an “open network,” the tourism organization cannot guarantee-and does not guarantee-that data will not be intercepted or obtained by unauthorized persons.

USE OF COOKIES AND THEIR MANAGEMENT
What are cookies? Cookies are small text files that, during Internet use, are deposited by servers on the user’s system. Using cookies, servers can recognize the user’s browser during current browsing and on a subsequent visit. Cookies improve the online experience, for example by storing user preferences or avoiding repeated logins when changing pages. Cookies can also be used for online tracking, which has an impact on privacy.

Types of cookies. Cookies are divided into several types.

– If the party depositing the cookie on the user’s system coincides with the website visited, it is a “first-party cookie”; otherwise (third-party server/website integrated into the website visited) it is a “third-party cookie.”
– Session cookies are automatically deleted when the browser is closed, persistent cookies remain stored until their expiration date.
– Technical cookies enable safe and user-friendly browsing and delivery of services and content requested by the user. They serve no other purpose.

These cookies do not require consent, as they are necessary for the secure operation of the website.

– Advertising, analytics, tracking, and/or profiling cookies are used to collect and analyze user’s online behavior (e.g., websites and pages visited, source and destination pages, navigation duration, activated links, language and browser software features, user location, etc.), usually for the purpose of personalized advertising.

These cookies require the prior consent of the data subject, as the processing involves an invasion of privacy.

What cookies does the website use? The website uses cookies listed in a separate, automatically updated statement that appears when the user accesses the website. The detailed and continuously automatically updated list of cookies used, with the relevant information, can also be viewed via the following link: link.
From the perspective of the tourism organization, the information obtained from cookies is anonymous, as it is unable to associate the user’s identity with the cookies. To protect the user’s privacy, advertising, analytics, tracking and/or profiling cookies are blocked by default; their activation requires the explicit and informed consent of the user.

Blocking or deleting cookies, withdrawal of consent, technical consequences. Via the panel on the website homepage, users can define their preferences regarding the processing of their personal data, check and change their selection at any time (withdrawal of consent), and freely decide which cookies to allow or reject (including a general rejection, except for cookies qualified as “necessary”). Users can set their browsers to be informed of receipt of a cookie or to block cookies (in general, by type of cookie or by source page). General blocking – as it also affects technical cookies – can severely limit the use of the website. The user can manually delete cookies from the browser memory or set the browser to automatically delete cookies when closing (recommended).
As a rule, browsers accept cookies. Instructions for deactivation or deletion are available on the respective browser developer’s pages; please refer to the following instructions for the most common browsers: Microsoft Internet Explorer and Edge; Google Chrome; Apple Safari; Mozilla Firefox and Opera.

Other possibilities for reducing online tracking include, among others:

– Activating the “Do Not Track” option (if available);
– Using private/incognito mode (if available), which prevents cookies from remaining on the device after browsing.

USE OF PLUG-INS, WIDGETS AND OTHER SOCIAL MEDIA TRACKING TOOLS
What are social media plug-ins and widgets? Social plug-ins are optional software elements that link websites to social media to allow the user easy interaction with online content (e.g., “Like” or “Share”). Social plug-ins include so-called widgets – graphical control elements that are placed in corresponding areas of the website to allow access to the plug-in’s functions. With a click on a widget, the user can, for example, spread content in his or her favorite social network. If the user activates a social plug-in, the browser establishes a direct connection with the provider’s servers. In this way, some personal information – such as IP address and pages visited – is transmitted to the provider.

Active social media plug-ins/widgets. The website currently does not use such tools: the graphical social media icons in the footer of the page are simple hyperlinks to the tourism organization’s social profiles.

THE USER’S RIGHTS IN THE FIELD OF PERSONAL DATA PROTECTION
If the processing is subject to the cantonal data protection provisions(LPDP), i.e., the processing of personal data in the context of the public law relationship between the user and the tourist organization, the user’s rights are governed by Art. 22 ff. LPDP (to which reference is made).
If the processing is subject to the provisions of the Federal Data Protection Act (DPA), i.e. the processing of personal data in the context of an economic activity without a sovereign basis, the user has – within the scope and under the conditions of the Act, as well as subject to the limitations set forth therein – in particular the following rights in relation to his personal data (non-exhaustive list):

– Request rectification of incorrect or outdated personal data;
– To be informed in writing and free of charge if personal data concerning him or her is processed;
– Revoking a previously granted consent to data processing;
– Prevent the disclosure to third parties of personal data particularly worthy of protection;
– Taking a position on an automated individual decision or requesting its verification by an individual;
– Requesting the handover of one’s personal data or its transmission to a third party;
– Request that the processing of data be blocked, that disclosure to third parties be prevented, or that personal data be rectified or destroyed;
– Request that a certain processing of data, a certain disclosure of data to third parties, or the erasure or destruction of personal data be prohibited;
– Demand that, if neither the accuracy nor the inaccuracy of personal data can be proved, a corresponding contested annotation be made;
– Demand that the rectification, destruction, blocking – in particular the blocking of the communication of data to third parties – as well as the contested annotation or a decision be communicated or published to third parties;
– Have it established that a data processing is unlawful.

Legitimation and exercise. Users may exercise their rights – except in an emergency (in which case the tourist organization can be contacted by telephone) – in writing by means of a reasoned request, to be sent by mail or e-mail to the tourist organization, enclosing the necessary documentation and an identity document. You are also free to lodge a complaint against the processing of your data with the Federal Data Protection and Information Commissioner(FDPIC) (in the private sphere) or the Cantonal Data Protection Supervisor (in the public law sphere).

Processing deadline. The tourist organization undertakes to fulfill the request without delay, in any case-except in exceptional cases-within 30 days of its receipt together with all necessary information.

Counseling and inquiries. To promote transparency and trust with users, the tourism organization has appointed an internal data protection officer, who is responsible for responding to inquiries and providing support in exercising users’ rights. The internal data protection officer can be reached by e-mail at privacy@ascona-locarno.com or by telephone at 0848 091 091 (information desk).
Questions about data subjects’ rights in relation to the processing of personal data and their exercise in thecantonal or municipal public sphere can be addressed to the cantonal data protection officer via an online form(Link).
Questions about data subjects’ rights in relation to the processing of personal data in theprivate sphere can be addressed to the Federal Data Protection and Transparency Supervisor (FDPIC) via an online form(Link).

APPLICABLE LAW AND PLACE OF JURISDICTION
The legal relationship between the user and the tourism organization in connection with access to the website (and resources linked to it) as well as its use is subject to Swiss substantive law, subject to applicable cantonal law and excluding the principles of private international law.

The parties elect the Locarno (TI) Magistrate ‘s Court as the exclusive place of jurisdiction for disputes arising from the use of the website (and resources linked to it) or related to it, without prejudice to mandatory provisions on the place of jurisdiction that provide for a different forum.
The tourist organization reserves the right to bring proceedings before the court having jurisdiction over the user’s registered office, branch or domicile.

GERMAN TRANSLATION FOR THE PURPOSE OF LEGAL CLARIFICATION

This language version is provided for guidance purposes; only the Italian text is authentic.

Effective date: 10/15/2025