Privacy policy

1. Controller

Swiss-Sailplane GmbH, Sandrainstrasse 2, 3007 Bern, Switzerland (email: info@swiss-sailplane.ch, phone: +41 79 390 19 68) is the controller for the data processing described in this privacy policy.

This policy is based on the Swiss Federal Act on Data Protection (FADP). For visitors from the European Economic Area or the United Kingdom, the General Data Protection Regulation (GDPR) applies additionally where relevant.

2. What data we process

Enquiries and contact: when you contact us or use one of our request forms (contact, sailplane enquiries, coaching or custom departures, product support), we process your name, contact details and the content of your message.

Shop orders: for purchases in our equipment shop we process your name, email address, billing and shipping address, the ordered items, prices and the payment status. Card details are processed exclusively by our payment provider Stripe; we never see or store full card numbers.

Flight bookings: for Stemme passenger flights we process the passenger's name, email address and, where provided, phone number, year of birth and body weight. Year of birth and body weight are used solely for flight preparation (weight-and-balance calculation and safety). For minors we process the name of the consenting legal guardian.

Voluntary health and mobility notes: you may tell us about mobility restrictions or health conditions relevant to the flight. This information is sensitive personal data. We process it only with your consent and only to prepare and conduct your flight safely.

Vouchers: when you buy or redeem an Alpine Experience voucher we process the purchaser's details, the recipient name shown on the voucher and the redemption code (stored in hashed form), together with its validity.

Quotes: for individual quotes (coaching, custom departures) we process the request details and the acceptance of the quote.

Invoicing: we process the data required to issue invoices, including Swiss QR-bill payment references.

Technical data: when you visit this website our infrastructure processes technical access data (IP address, date and time, browser information) to deliver the site and keep it secure. Page statistics are collected without cookies in aggregated form (see section 5).

3. Purposes of processing

We process personal data to conclude and perform contracts (orders, flight bookings, vouchers, quotes and courses), to prepare and conduct flights safely, to issue invoices and keep our accounts, to answer enquiries, to operate and protect this website, and to comply with statutory retention and reporting obligations under commercial, tax and aviation law.

4. Disclosure to service providers

We share personal data only with service providers that need it to perform their task for us, and only to the extent required:

Stripe (Stripe Payments Europe, Ltd., Ireland, and Stripe, Inc., USA) — processing of card payments on Stripe's hosted checkout page.

Vercel Inc. (USA) — hosting of this website and cookieless, aggregated page analytics.

Supabase — database and file storage for orders, bookings, vouchers and website content.

Resend (USA) — dispatch of transactional emails such as order confirmations, boarding passes and vouchers.

KLARA Business AG (Switzerland) — accounting. Only customer, invoice and accounting data required for bookkeeping is transferred; technical telemetry is not.

Banks and the Swiss payment system — processing of bank-transfer payments (QR-bill).

Postal and courier services — name and delivery address for shipping orders.

5. Cookies and web analytics

This website sets no advertising or tracking cookies and uses no cross-site profiling. Page statistics are collected with Vercel Web Analytics, which works without cookies and without persistent identifiers and only yields aggregated figures.

We additionally run our own anonymous reach measurement to see which pages are viewed, how long visitors stay and how they navigate the site. It uses no cookies; a random session identifier is kept only in your browser's temporary session storage and deleted when you close the tab. We store no IP address and record location only at country and region level. The data is anonymous, is not linked to you, and is retained for at most 14 months. We honour “Do Not Track” and Global Privacy Control signals and then record nothing.

Details are set out in our cookie policy, available under Legal → Cookie policy.

6. Transfers abroad

Some of the service providers listed above process data outside Switzerland, in particular in the European Economic Area and the USA. Where data is transferred to a country without an adequate level of data protection, we rely on recognised safeguards — in particular certification under the Swiss–U.S. Data Privacy Framework or the standard contractual clauses recognised by the Swiss Federal Data Protection and Information Commissioner (FDPIC).

7. Retention

Contract, invoice and accounting records are retained for ten years in line with Swiss commercial law (Art. 958f of the Code of Obligations). Enquiry data is kept as long as needed to handle the enquiry and any follow-up. Technical log data is kept for a short period for security purposes. Data that is no longer required is deleted or anonymised.

8. Data security

All connections to this website are encrypted (TLS). Access to personal data is restricted to authorised persons who need it for their work; the administration area is protected by authentication and role-based access.

9. Your rights

You have the right to request information about the personal data we hold about you, to have inaccurate data corrected, to request deletion, to object to specific processing and to request the release of data you provided to us in a common electronic format.

Where processing is based on consent (for example voluntary health notes or photo consent), you may revoke that consent at any time with effect for the future.

To exercise your rights, contact info@swiss-sailplane.ch. You may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC). If you are in the EEA or the UK, you may additionally contact your local supervisory authority.

10. Legal bases for persons in the EEA and the UK

Where the GDPR applies, we process personal data on the following legal bases: performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR) for orders, bookings, vouchers and quotes; compliance with legal obligations (Art. 6(1)(c) GDPR) for retention duties; legitimate interests (Art. 6(1)(f) GDPR) for site operation, security and aggregated statistics; and consent (Art. 6(1)(a) and Art. 9(2)(a) GDPR) for voluntary health notes and photo consent.

11. Changes to this policy

We may update this privacy policy when our services or the legal situation change. The version published on this page applies.