DATA PROTECTION STATEMENT


Below you will find our information on data protection. We ask you to read through it carefully, as we want you to know what happens to your data with us.

Every person is entitled to protection of their privacy as well as protection against misuse of their personal data (Art. 13 BV, Federal Act on Data Protection (CH)). MORYAK strictly complies with these provisions. It doesn't matter to us whether you live in Switzerland, the EU or anywhere else in the world: The protection of your data has special priority for us. Therefore, even though we are based in Switzerland, we comply with the EU Data Protection Regulation (DSGVO) 2016/679.

1. Data processor

This data protection information concerns data processing by:

MORYAK Premium Sea Kayaking
Berchtoldtsr. 60
3012 Bern
Switzerland
www.moryak.ch
info@moryak.ch

Abbreviated to “MORYAK” in the following.

A data protection officer is not required in the present case, as fewer than 9 people are regularly involved in the processing of data as defined in Art. 4 of the GDPR.

2. Collection and storage of personal data as well as the manner and purpose of their use

2.1 When visiting our website

The server on which our website is hosted belongs to Hostpoint AG and is located in Switzerland. As with any connection to a web server, this server automatically logs and stores certain technical data in what is called a log file. The following information is automatically collected during this process and stored until it is automatically deleted:

- IP address of the requesting computer/device
- date and time of access
- name and URL of the file retrieved
- website from which the access is made (referrer URL)
- the browser used and, if applicable, your computer’s operating system and the name of your access provider.

To the extent that we process personal data during this process, we do so for the following purposes:

- to ensure the establishment of a trouble-free connection of the website
- to ensure that our website provides a convenient user experience
- to evaluate system security and stability, and
- for other administrative purposes

The legal basis for this is Art. 6(1)(1) f of the GDPR. Our legitimate interest derives from the purposes of data collection listed above. Under no circumstances do we use the data collected to draw conclusions about you as an individual.

Google fonts:
We use fonts from Google LLC "Google" (Google Fonts) on our website. In order to integrate the fonts from Google Fonts into the website, your browser establishes a connection to the Google server. In the process, the IP address of your device is transmitted to Google. Google logs records of font file queries and protects this data from unauthorised access. Google analyses aggregated data in order to optimise Google Fonts and to identify which websites use Google Fonts. You can find more information on Google Fonts here: https://fonts.google.com. Information about how Google handles personal data can be found here.

2.2 When booking our services

When registering for our programmes via our booking form "Book-a-Moryak", you must first of all provide us with the following data:

- First name and surname
- Address
- Telephone number
- Email address

We also ask you to provide us with details of any second person with whom you would like to register for the programme in question, as well as details regarding your age, height, weight etc. and the equipment you will need. The latter information is not obligatory, but helps us to put together the equipment you need in the appropriate sizes.

At this stage, we also ask you to confirm that you can swim and that you are not afraid of water. This is part of our safety concept and is absolutely necessary, as fulfilling these two factors is the basic prerequisite for participation in all our services. You will not be able to send the registration form without providing this confirmation.

On submitting your registration by clicking the “Submit registration” button, you are confirming that you have read this data protection policy. After booking, we receive your personal data directly by email and incorporate it into our customer database. This is located on our local computer, which is protected by a firewall. A backup copy of this database, which is updated at regular intervals, is also stored on our own server, which is located in Switzerland and protected from third-party access.

We store our customer data for ten years, starting from your most recent customer activity. After this, we delete it. This deletion takes place once a year, at the end of the year. Exception: if claims against you are pending, proceedings are underway, or legal regulations force us to keep your data for longer, we reserve the right to keep your data for longer than ten years.

Immediately after the registration process described above, you will receive a confirmation of receipt by email with a link to another online questionnaire. You must fill this in and return it to us within 14 days (or, in the case of bookings at short notice, one week before the start of the programme at the latest) for each person you have registered. This is done online by clicking on the “Send form” button.

By means of this questionnaire, we collect information about you and about a contact person designated by you, as well as information about your state of health, any fears, your personal fitness and your existing paddling experience. We mainly need this data in order to better assess whether you are fit and experienced enough for the programme you have chosen. Using the questionnaire, we collect information which is extremely important in the event of any emergency which might take place during a tour or course, and which helps us to avoid problems and emergencies in advance. We therefore have a legitimate interest in collecting this data, which is an essential component of our safety concept.

We are aware that this is sensitive data, which requires particular care when it comes to storage and destruction. In order to fulfil this responsibility, we have decided to take the following approach:

If you send us your completed questionnaire by email, we will print out the questionnaire twice and then delete the email and attachment immediately. No digital copy of the questionnaire will remain on our computers or servers.
Whilst a backup copy of the printed questionnaires will remain in the office in a place which is protected from unauthorised access, the second copy will accompany the guide team, forming part of the safety dossier, together with the rest of the tour or course documents. The guide team is required to ensure that no one has access to the questionnaires, especially the other participants. Only in the event of an emergency will certain data be shared, e.g. with the emergency services. This is done in your interest.
After the tour has ended, both printed copies of the questionnaire will be destroyed by a GDPR-compliant shredder at the end of each month. Exception: if certain events, such as accidents, have occurred, it may be important for us to continue to hold your data. In this case, we reserve the right to retain your data, until the case is closed, for example.

In addition, we will enter your contact and other personal data (such as body, shoe and clothing size, as well as your weight) in handwriting on a tour or course list. This will be given to the guide team for them to use. This is standard practice, and is necessary in order to pack the right equipment, confirm the presence of all participants, and to be able to respond in the event of delays or other problems. After the end of the programme, we statistically evaluate the lists. If necessary, they are then filed, stored in a safe place and destroyed at the end of the year in accordance with the GDPR.

3. Group conversations by email

MORYAK will never disclose your email address, telephone number or other personal information to third parties, except in the following cases, and subject to your consent:

On the questionnaire sent to you following registration, you will be asked to tick whether you agree to us using your email address in group conversation with the other programme participants. Participation in these group conversations is entirely voluntary; we usually use them before the programme begins to clarify organisational details about travel, accommodation, etc., to answer questions about content, or to exchange other important information. Therefore, they are very useful for us and are usually also found to be very useful by the participants. However, before you make your choice, you should be aware that MORYAK has no control over what the other participants do with your email address.

If you give us your consent to use your email address in the group conversation, we will only share it with the other group participants and the guide team responsible, never with anyone else.

4. Photography, image rights, sharing photos

Before the start of each programme, we will ask you to give us your explicit consent, by ticking the box and signing the form,
- to be permitted to photograph you (e.g. out on the water or during group activities in camp etc.),
- to be allowed to share these photos with the other group participants after the end of the programme,
- To store photos of you in our photo database, whether taken by us or provided by other group participants,
- To be able to use pictures of you in which you may be recognisable, whether taken by us or provided to us by other group members, for our website and for promotional purposes,
- To use pictures of you on our Facebook page and on Instagram, regardless of whether they were taken by us or provided to us by other group participants.

MORYAK has no influence over whether other group participants take pictures of you, nor over what they do with these pictures.

5. Passing on data

MORYAK will never sell or transfer your data to third parties, except in the following cases, which are in accordance with Art. 6(1) of the GDPR:

- If, in accordance with Art. 6(1) (a) of the GDPR, you have given us your express permission;
- To protect your vital interests in accordance with Art. 6(1) (d) DSGVO of the GDPR (e.g. in the event of an accident);
- If, in accordance with Art. 6(1) (f) of the GDPR, it is necessary to pass on the data in order to assert, exercise, or defend of legal claims and there is no reason to assume that you have an overriding interest, which is worthy of protection, in the non-disclosure of your data;
- If, according to Art. 6(1) (c) of the GDPR, we are legally obliged to pass on the data;
- If, according to Art. 6(1) (b) of the GDPR, is necessary in order to handle contractual relationships and general organisational matters together with you (e.g. in the context of the implementation of a programme).

6. Newsletter

We send out an informative newsletter up to six times a year. After your voluntary registration you will receive it by email. The legal basis for the processing of the data is your consent, Art. 6(1) (a) of the GDPR.

To send our newsletter, we use MailChimp, a service of The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA, hereinafter referred to as “The Rocket Science Group”.

Through certification by the EU-US Privacy Shield, the Rocket Science Group guarantees that the data protection requirements of the EU are also complied with when the data is processed in the USA. The Rocket Science Group’s data protection information can be found at https://mailchimp.com/legal/privacy/.

After registering for our newsletter, the data requested during the registration process (your email address and name) will be processed by The Rocket Science Group. In addition, your IP address and the date and time of your registration will be saved.

The newsletter sent via The Rocket Science Group contains what is termed a tracking pixel or web beacon. Using this tracking pixel, MORYAK can evaluate whether you have read our newsletter and when, and which of the links it contains you may have followed. This data is automatically stored and may be evaluated by us in order to make our newsletter even better and more informative.

In accordance with Art. 7(3) of the GDPR you can revoke your consent to receive the newsletter at any time with future effect. To do so, simply click on the unsubscribe link contained in each newsletter.

7. Cookies

Just like every modern website, moryak.ch also makes use of cookies. Cookies are harmless little files which are placed on your computer when you use certain features of a website. They ensure that your experience of using the website is as convenient as possible. In accordance with the strict requirements of the EU GDPR, you will be asked to agree to this before viewing content from other pages (such as YouTube videos or weather widgets).

Even though our cookies are absolutely harmless, we want to make sure that you have been informed about them, and that you can decide what you will allow and what you will not.

You will find an automatically generated and updated list of cookies used by this website here. If you wish to delete one of the cookies we have put on your computer, or all of them, simply click on "Delete" or "Delete All Cookies".

8. Analysis Tools

We use the following analysis tools on our website:
At present, none.

In order to respect your privacy as much as we can, we have set our website settings to anonymise all requests to third party servers.

Hello!
Please select your language