Privacy Policy

Privacy Policy of Nomady AG

Nomady AG is committed to providing you with the highest level of confidentiality and security. In this context, you will find below information regarding the processing of your personal data.

Unless otherwise specified, the provision of your personal data is neither legally nor contractually required. You are not obligated to provide this data. The exact scope of data processing may vary depending on the services used, meaning not all processing activities listed in this statement may apply.

Depending on the location and type of user, Swiss or European data protection law applies. Therefore, these privacy notices include information on both the Swiss Data Protection Act (DSG) and the General Data Protection Regulation (GDPR).

Controller Information

The controller responsible for data processing on this website is: Nomady AG Eisenbahnstrasse 7 8840 Einsiedeln Contact: hello@nomady.camp ("Nomady")

Representative in the EU pursuant to Article 27 GDPR: SIDD Datenschutz Deutschland UG (haftungsbeschränkt) Schellingstr. 109a DE-80798 München

Categories of Data Subjects

Depending on the desired service, individual persons, in part or in full, may be affected by the scope of data processing outlined in these privacy notices. The affected groups of persons include:

  • Visitors to our website
  • Campers and hosts
  • Job applicants

Hereinafter, these affected persons are collectively referred to as "users."

Purposes of Processing

The purposes of processing personal data on our websites include:

  • Providing the online offering, its features, and content. This includes all services related to the hosting of accommodations, matchmaking between hosts and campers, and billing for services.
  • Responding to contact inquiries and communicating with users
  • Security measures
  • Audience measurement and marketing (email, ads, social media)

Legal Bases

In the case of purely Swiss references, the provisions of the DSG in accordance with Articles 12 and 13 apply. Consequently, your data is processed in accordance with data processing principles and is legally compliant. In this case, no legal basis is required.

As a legal basis for processing personal data under the scope of the GDPR, our legitimate interests in conducting our business processes and providing targeted information to potential customers generally apply. This also includes the regular use of cookies to display content of interest to the user. Furthermore, we reserve the right to process user data for the purpose of spam detection based on our legitimate interests.

Consents are obtained in accordance with Article 6(1)(a) GDPR, among others, for sending newsletters. In the context of contract execution and initiation, Article 6(1)(b) GDPR applies as the legal basis. When contacting us (e.g., via contact form, email, telephone, or social media), user information is processed for the purpose of processing the contact inquiry and its handling pursuant to Article 6(1)(b) GDPR. In rare cases, we process personal data to fulfill our legal obligations pursuant to Article 6(1)(c) GDPR. If the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.

Retention and Deletion

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies or storage is no longer necessary. Personal data is also retained for a period during which claims can be asserted against our company. The necessity of data retention is regularly reviewed at intervals. Storage may also occur if regulations, laws, or other provisions require longer retention. Corresponding documentation and storage obligations arise, among other things, from the Swiss Code of Obligations (Article 958f). The retention periods are typically ten years. The storage of personal usage data and cookies, including IP addresses, is limited to the period necessary to fulfill the purpose. Information about cookies can be found in the Cookies and Technologies section.

Transfers to Third Countries

In most cases, your personal data is only processed within Switzerland and the EU. However, if processing takes place outside the EU in certain applications, transmission occurs in accordance with the conditions of Article 44 ff. GDPR or Article 6 GDPR. This means that processing is based, for example, on special guarantees such as the officially recognized determination of a data protection level equivalent to that of the EU or Switzerland or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

Data Processing

Server Log Files

Usage data is transmitted by your internet browser to our website's server log files with each access and is stored there. This data includes, for example, the name of the accessed page, date and time of access, data volume transmitted, and the requesting provider, as well as IP addresses. This data is processed based on our legitimate interests and is used exclusively to ensure the smooth operation of our website and to improve our offerings.

Web Hosting

We host our website with the help of Amazon Web Services EMEA SARL (AWS), 38 Avenue John F. Kennedy, L-1855 Luxembourg. As part of providing the server infrastructure, log files are created. Log files store, among other things, the IP address, the browser used, the time and date, and the system used by a page visitor. We only store anonymized IP addresses of website visitors. This is done at the web server level, where, in the log file, instead of the actual IP address of the visitor, an IP address like 123.123.123.XXX is stored, where XXX is a random value between 1 and 254. Establishing a personal reference is no longer possible. We have entered into a contract for data processing with AWS.

Collection and Processing When Using the Contact Form

When using the contact form, we collect your personal data (name, email address, message text) only to the extent provided by you. The data processing serves the purpose of contacting and initiating a contractual relationship. Processing is based on Article 6(1)(f) GDPR under the legitimate interests in efficient communication and, if relevant contractually, under Article 6(1)(b) GDPR. We use your email address to process your request or the subsequent execution of contractual services.

Web Analytics Services

We use web analytics services to analyze the general usage of the website and obtain insights for improving our services. Web analytics services use cookies to collect data. The information generated, such as IP address and browser type, can be transferred to and stored on a server of the web analytics service, either in the country or abroad. The installation of cookies can be prevented.

We use web analytics services from the following providers: Google Analytics, Google Tag Manager, Facebook Pixel, and Hotjar.

Google Analytics and Google Tag Manager are web analytics services provided by Google Ireland Limited ("Google") (Gordon House, Barrow Street, Dublin 4, Ireland). We use Google Analytics to analyze website usage. The data obtained is used to optimize our website and advertising campaigns. During your visit to the website, the following data is recorded: pages accessed, bookings including revenue and booked offers, the achievement of "website goals" (e.g., contact inquiries and newsletter registrations), your behavior on the pages (e.g., duration, clicks, scrolling behavior), your approximate location (country and city), your IP address (in shortened form to prevent unique identification), technical information such as browser, internet provider, device, and screen resolution, and the source of your visit (i.e., which website or advertising medium led you to us). Personal data such as names, addresses, or contact details are never transmitted to Google Analytics. This data is transferred to Google servers in the United States. Please note that data protection regulations in the United States may not provide the same level of protection as within the EU. Google Analytics stores cookies in your web browser for up to two years since your last visit. These cookies contain a randomly generated user ID that can be used to recognize you on future visits to the website. The data recorded is stored together with the randomly generated user ID, allowing for the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely. If you do not agree to the collection, you can prevent it by installing the Google Analytics Opt-out Browser Add-on or by refusing cookies in our cookie settings dialog. Information about the Opt-out Plug-in can be found here: https://tools.google.com/dlpage/gaoptout; information on Google's privacy policies can be found here: https://www.google.com/intl/en/policies/technologies/ and for Google Tag Manager here: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

Facebook Pixel is used for conversion measurement of visitor action pixels from Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the United States and other third countries. This allows tracking of the behavior of page visitors after they have been redirected to the provider's website by clicking on a Facebook ad. This enables the evaluation of the effectiveness of Facebook ads for statistical and market research purposes and the optimization of future advertising campaigns. The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, Facebook stores and processes the data so that it can be linked to the respective user profile and used by Facebook for its own advertising purposes, in accordance with Facebook's data usage policy. This allows Facebook to display ads on Facebook pages and outside of Facebook. We, as website operators, have no influence on this use of data. The use of Facebook Pixel is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If consent is requested (e.g., consent to store cookies), processing is based solely on Article 6(1)(a) GDPR, and consent can be revoked at any time. The data transfer to the United States is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EUdatatransferaddendum and https://www.facebook.com/policy.php. Additional information on Facebook's data privacy practices can be found here: https://www.facebook.com/about/privacy/. You can also deactivate the "Custom Audiences" remarketing function in the ad settings at https://www.facebook.com/ads/preferences/?entryproduct=adsettingsscreen, provided you are logged into Facebook. If you do not have a Facebook account, you can disable Facebook's usage-based advertising on the website of the European Interactive Digital Advertising Alliance at http://www.youronlinechoices.com/de/praferenzmanagement/.

Hotjar is a web analytics service provided by Hotjar Ltd. ("Hotjar") (3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe), which enables us to analyze the use of the platform and optimize the website's offerings and user experience. Hotjar works with cookies and other technologies to collect data about user behavior and their devices, including IP address (collected and stored in anonymized form only during website use), screen size, device type (unique device identifiers), information about the browser used, location (country only), and the preferred language for displaying our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf. Hotjar stores this data on servers in Europe (Ireland). Information about the Opt-Out Plug-in can be found here: https://www.hotjar.com/opt-out.

Plugins

We use the Google Maps mapping service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The operator of this site has no influence on this data transmission. The use of Google Maps is in the interest of an attractive presentation of our offers and an easy location of places mentioned on the website. This represents a legitimate interest within the meaning of Article 6(1)(f) GDPR. If consent has been requested, processing is based solely on Article 6(1)(a) GDPR; consent can be revoked at any time. The data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/. More information on how user data is handled can be found in Google's privacy policy: https://policies.google.com/privacy?hl=en.

Customer Accounts

When opening a customer account, we collect your personal data to the extent specified. The data processing serves the purpose of simplifying your booking experience and order processing. Processing is based on Article 6(1)(b) GDPR for contract fulfillment. The continued retention of the user account occurs after the transaction in accordance with our legitimate interests in simplifying future booking processes, in accordance with Article 6(1)(f) GDPR. These legitimate interests only apply if we process your data outside of contract fulfillment.

Brokerage Services

We process the data of our users in order to provide our contractual or pre-contractual services to them. The data processed, the type, scope, and purpose, and the necessity of their processing are determined by the underlying order. This basically includes inventory and master data of customers (name, address, etc.), as well as contact data (email address, telephone, etc.), contract data (content of the order, fees, durations, information about the companies/insurers/services mediated), and payment data (commissions, payment history, etc.). We may also process information about the characteristics and circumstances of persons or property belonging to them, if this is the subject of our order. This may include, for example, information about personal circumstances, mobile or immobile property. As part of our engagement, it may also be necessary for us to process special categories of data in accordance with Article 9(1) GDPR, especially information about a person's health. To do so, we will obtain the explicit consent of the individuals concerned if necessary. If necessary for the fulfillment of the contract or legally required, we will disclose or transmit customer data in the course of coverage requests, contract conclusions, and contract processing to providers of the mediated services/objects, insurers, reinsurers, broker pools, technical service providers, and other service providers, such as cooperating associations, as well as financial service providers, credit institutions, and asset management companies, as well as social security agencies, tax authorities, tax consultants, legal consultants, auditors, insurance ombudsmen, and the Swiss Financial Market Supervisory Authority (FINMA) or the Federal Financial Supervisory Authority (BaFin). Furthermore, we may commission subcontractors, such as sub-brokers. We will obtain the consent of customers if the disclosure/transmission of customer data requires the customer's consent.

Collection, Processing, and Use of Personal Data for Orders

When booking, we only collect and use your personal data to the extent necessary to fulfill and process your booking and to process your inquiries. The provision of data in fields marked as mandatory is required for the conclusion of the contract. Failure to provide this data will result in the contract not being concluded. Processing is based on Article 6(1)(b) GDPR and is required for the performance of a contract with you. Your data will not be disclosed to third parties without your explicit consent. Excluded from this are our service partners whom we need to process the contractual relationship or service providers we use within the scope of order processing. In addition to the recipients mentioned in the respective clauses of this data protection declaration, these may include recipients in the following categories:

  • Shipping service providers
  • Payment service providers
  • Service providers for order processing
  • Web hosts, IT, and communication service providers
  • Marketing service providers

In all cases, we strictly adhere to legal requirements. With service providers, we have concluded corresponding order processing contracts to ensure data protection.

Comment Functions

For the comment function on our website, we store not only your comment but also information about the time the comment was created, your email address, and, if you do not post anonymously, the username you selected. Our comment function stores the IP addresses of users who write comments. Since we do not check comments on our site before they are activated, we need this data to be able to take action against the author in the event of violations such as insults or propaganda. As a user, you can subscribe to comments after registering. You will receive a confirmation email to check whether you are the owner of the provided email address. You can unsubscribe from this function at any time via a link in the info emails.

Newsletter Delivery & Tracking

We use your email address, in addition to contract processing, for our own promotional purposes when sending newsletters, provided you have explicitly consented to this. Processing is based on Article 6 (1) lit. a GDPR with your consent. You can revoke your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the distribution list. If you register for an email newsletter, the personal data and information you provide to us will be electronically captured and stored by us. The purpose of this processing is primarily to carry out the so-called double opt-in procedure, which allows you to consent to receiving regular email newsletters. This means that after submitting your data and information, we will send an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your subscription, your data will be deleted. After your confirmation, we will store your IP address and the time of confirmation. The purpose of this procedure is to verify your subscription to the email newsletter and, if necessary, to detect and prevent any potential misuse of your personal data. The legal basis for this is the legitimate interests mentioned as well as a legal obligation (UWG). The newsletters are sent using the "MailChimp" mailing service, a newsletter delivery platform provided by the US-based Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA, as a subsidiary of Intuit Inc. (USA). You can view the privacy policy of the mailing service provider here: https://www.intuit.com/privacy/statement/, including "Country and Region-Specific Terms." In addition, transactional emails are sent using the "SendGrid" service provided by Twilio Inc./Twilio Ireland Limited (25 - 28 North Wall Quay, North Wall, Dublin 1, D01 H104, Ireland). You can find their privacy policy here: https://www.twilio.com/en-us/legal/privacy. SendGrid is linked to our internal database using "Make" by Celonis, Inc. (One World Trade Center, 87th Floor, New York, NY, 10007, USA). You can find their privacy policy here: https://www.make.com/en/privacy-notice. The mailing service providers are used on the basis of our legitimate interests pursuant to Article 6 (1) lit. f GDPR and a data processing agreement pursuant to Article 28 (3) sentence 1 GDPR. The mailing service providers may use recipient data in pseudonymous form, i.e., without assignment to a user, to optimize or improve their own services, for example, for the technical optimization of delivery and the presentation of newsletters or for statistical purposes. However, the mailing service providers do not use the data of our newsletter recipients to contact them directly or to pass the data on to third parties. We would like to inform you that we evaluate the behavior of readers of our email newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels. These web beacons or tracking pixels are one-pixel image files that are stored on our website. For the evaluation, we link the web beacons or tracking pixels to your email address and an individual ID. With the data obtained in this way, we create a user profile to tailor the newsletter to your interests. We record which links you click on in the newsletter when you read it and use this information to infer your personal interests. We link this data to the actions you take on our websites. The purpose of this processing is to improve the quality of the newsletter, optimize our offerings, and delete recipients who do not read our newsletters. The legal basis for processing is Article 6 (1) lit. f GDPR. This tracking does not take place if you have deactivated the display of images in your email program by default. In this case, the newsletter will not be displayed in full, and you may not be able to use all the functions. Once you display the images, the tracking described above is activated.

Payment Service Providers

Our website uses external payment service providers through whose platforms users and we can conduct payment transactions. For example, through:

  • PostFinance (https://www.postfinance.ch/en/detail/legal-information-and-accessibility.html)
  • Visa (https://usa.visa.com/legal/global-privacy-notice.html)
  • Mastercard (https://www.mastercard.co.uk/en-gb/vision/terms-of-use/commitment-to-privacy/privacy.html)
  • Paypal (https://www.paypal.com/webapps/mpp/ua/privacy-full)
  • Stripe (https://stripe.com/privacy)

In fulfilling contracts and the payment method chosen by the user, we use payment service providers. In all other respects, we use external payment service providers on the basis of our legitimate interests, as necessary, pursuant to Article 6 (1) lit. f. EU GDPR, to offer our users effective and secure payment options. The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract, sum, and recipient-related information. This information is required to process the transactions. However, the entered data is processed only by the payment service providers and stored by them. Nomady does not receive any information about (bank) accounts or credit cards but only information for confirming (accepting) or rejecting the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit reporting agencies. This transmission serves the purpose of identity and creditworthiness checks. For this, we refer to the terms and privacy policies of the payment service providers. For payment transactions, the terms and privacy policies of the respective payment service providers apply, which can be accessed within their respective websites, transaction applications, or similar.

Rights of the Data Subject

Depending on the applicable law under the GDPR or DSG, you may have the following rights as a data subject:

Right to Information

You can request confirmation from the controller as to whether personal data concerning you is being processed. If such processing is taking place, you can request information from the controller about the following:

  • the purposes of the processing;
  • the categories of personal data being processed;
  • the recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly to recipients in third countries or international organizations;
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
  • the existence of a right to correct or delete personal data concerning you, or to restrict processing by the controller or a right to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • if the personal data was not collected from the data subject, all available information about the origin of the data;
  • the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  • If personal data is transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards in connection with the transfer.

Right to Withdraw Consent

You have the right to withdraw your data protection consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to Rectification

You have the right to request the rectification and/or completion of personal data concerning you from the controller if the personal data processed concerning you is incorrect or incomplete. The controller shall make the rectification without undue delay.

Right to Erasure

You can request that personal data concerning you be deleted without undue delay if one of the following reasons applies:

  • The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You withdraw your consent on which the processing pursuant to Article 6 (1) lit. a GDPR or Article 9 (2) lit. a GDPR is based, and there is no other legal basis for the processing. You object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR.
  • The personal data concerning you has been unlawfully processed.
  • The erasure of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
  • The personal data concerning you has been collected in relation to the offer of information society services pursuant to Article 8 (1) GDPR.

Right to Restriction of Processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

  • The accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead.
  • The controller no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise, or defense of legal claims.
  • You have objected to processing pursuant to Article 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

If processing of the personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Right to Data Portability

According to the law, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. Furthermore, you have the right to transmit this data to another controller, provided that the processing is based on consent pursuant to Article 6 (1) lit. a GDPR or Article 9 (2) lit. a GDPR or on a contract pursuant to Article 6 (1) lit. b GDPR and the processing is carried out by automated means.

Right to Object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data concerning you, which is based on Article 6 (1) lit. e or lit. f GDPR. We will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes. You have the option to exercise your right to object in connection with the use of information society services, using automated means using technical specifications.

Automated Individual Decision-Making

You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for entering into, or the performance of, a contract between you and us, is authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is based on your explicit consent. Nomady does not use automated decision-making.

Right to Lodge a Complaint

In addition to your rights mentioned above, you also have the right to lodge a complaint with a supervisory authority. The competent supervisory authority is determined in accordance with Article 77 GDPR.

Amendments to Privacy Notice

We reserve the right to amend this privacy statement within the scope of legal requirements. The changes are binding.

Einsiedeln, September 12, 2023