Privacy Policy

Privacy Policy

With this Privacy Policy, we inform you about the personal data we process in connection with our activities and operations, including our We provide information about what personal data we process, why, how, and where we process it. We also inform you about the rights of individuals whose data we process.

For specific or additional activities and operations, additional privacy policies and other legal documents such as Terms and Conditions (T&C), Terms of Use, or Participation Terms may apply.

We are subject to Swiss data protection law as well as any applicable foreign data protection law, especially that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission acknowledges that Swiss data protection law ensures adequate data protection.

1. Contact Addresses

Responsibility for the processing of personal data:

Alpine Hospitality (Switzerland) AG
Via dal Corvatsch 76
7513 Silvaplana-Surlej

In individual cases, there may be other responsible parties for the processing of personal data or joint responsibility with at least one other responsible party.

1.1 Data Protection Officers or Data Protection Advisors

We have the following data protection officer or data protection advisor as a point of contact for affected individuals and authorities regarding data protection inquiries:

Niculin Manzoni
Alpine Hospitality (Switzerland) AG
Via dal Corvatsch 76
7513 Silvaplana-Surlej

1.2 Data Protection Representation in the European Economic Area (EEA)

We have the following data protection representation in accordance with Article 27 GDPR:

VGS Datenschutz­partner GmbH
Am Kaiserkai 69
20457 Hamburg

The data protection representation serves as an additional point of contact for inquiries related to the GDPR for affected individuals and authorities in the European Union (EU) and the rest of the European Economic Area (EEA).

2.1 Terms

Personal data refers to any information that relates to a specific or identifiable natural person. A data subject is a person about whom we process personal data.

Processing includes any handling of personal data, regardless of the means and methods used, such as collecting, comparing, adapting, archiving, retaining, retrieving, disclosing, obtaining, recording, gathering, deleting, disclosing, organizing, storing, modifying, disseminating, linking, destroying, and using personal data.

The European Economic Area (EEA) includes the Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.

We process personal data in accordance with Swiss data protection law, particularly the Federal Data Protection Act (Data Protection Act, DPA) and the Data Protection Ordinance (Data Protection Ordinance, DPO).

If and to the extent that the General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with at least one of the following legal bases:

  • Art. 6(1)(b) GDPR for the necessary processing of personal data to fulfill a contract with the data subject and for pre-contractual measures.
  • Art. 6(1)(f) GDPR for the necessary processing of personal data to protect our legitimate interests or those of third parties, unless the fundamental rights and interests of the data subject prevail. Legitimate interests include our interest in conducting our activities and operations in a permanent, user-friendly, secure, and reliable manner and being able to communicate about them, ensuring information security, protecting against misuse, enforcing our legal claims, and complying with Swiss law.
  • Art. 6(1)(c) GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject under the law of Member States in the European Economic Area (EEA).
  • Art. 6(1)(e) GDPR for the necessary processing of personal data to perform a task carried out in the public interest.
  • Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6(1)(d) GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.

3. Type, Scope, and Purpose

We process personal data that is necessary to conduct our activities and operations in a permanent, user-friendly, secure, and reliable manner. Such personal data may fall into categories of inventory and contact data, browser and device data, content data, meta or marginal data, and usage data, location data, sales data, and contract and payment data.

We process personal data for the duration required for the respective purpose or purposes or as required by law. Personal data that is no longer necessary for processing will be anonymized or deleted.

We may have personal data processed by third parties. We may process or transmit personal data jointly with third parties. Such third parties include specialized providers whose services we use. We also ensure data protection with such third parties.

We generally process personal data only with the consent of the data subjects. If and to the extent that processing is permissible for other legal reasons, we may refrain from obtaining consent. For example, we may process personal data without consent to fulfill a contract, comply with legal obligations, or protect overriding interests.

We also process personal data that we receive from third parties, obtain from publicly available sources, or collect in the course of our activities and operations, if and to the extent that such processing is permissible for legal reasons.

4. Communication

We process personal data to communicate with third parties. In this context, we process data that a data subject provides when contacting us, for example, by postal mail or email. We may store such data in an address book or similar tools.

Third parties who transmit data about other persons are obliged to ensure data protection for such data subjects. This includes, among other things, ensuring the accuracy of the transmitted personal data.

We use selected services from suitable providers to communicate better with third parties.

We use, in particular:

5. Data Security

We implement appropriate technical and organizational measures to ensure data security that is appropriate to the respective risk. With our measures, we ensure the confidentiality, availability, traceability, and integrity of the processed personal data, although we cannot guarantee absolute data security.

Access to our website and our other online presence is secured through transport encryption (SSL / TLS, especially with the Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers indicate transport encryption with a small padlock icon in the address bar.

Our digital communication is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, other European countries, the United States of America (USA), and other countries, as is generally the case with any digital communication. We cannot exert direct influence on the corresponding processing of personal data by intelligence agencies, law enforcement agencies, and other security authorities. We also cannot exclude that individual data subjects are specifically monitored.

6. Personal Data Abroad

We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may export or transmit personal data to other countries, especially to process or have them processed there.

We may export personal data to all countries and territories on Earth as well as elsewhere in the Universe, provided that the local law, according to the decision of the Swiss Federal Council, ensures adequate data protection and â€“ if and to the extent that the General Data Protection Regulation (GDPR) applies â€“ according to the decision of the European Commission, guarantees adequate data protection.

We may transmit personal data to countries where the law does not ensure adequate data protection if data protection is ensured for other reasons, especially based on standard data protection clauses or other suitable guarantees. In exceptional cases, we may export personal data to countries without adequate or suitable data protection if the specific data protection requirements are met, such as the explicit consent of the data subjects or a direct connection to the conclusion or execution of a contract. Upon request, we will provide data subjects with information about any guarantees or provide a copy of any guarantees.

7. Rights of Data Subjects

7.1 Data Protection Claims

We grant data subjects all rights under applicable data protection law. Data subjects have the following rights in particular:

  • Information: Data subjects can request information about whether we process personal data about them and, if so, what personal data is involved. Data subjects also receive the information necessary to assert their data protection claims and ensure transparency. This includes the processed personal data as such, but also information about the purpose of processing, the duration of storage, any disclosure or export of data to other countries, and the origin of the personal data, among other things.
  • Correction and Restriction: Data subjects can have incorrect personal data corrected, incomplete data completed, and the processing of their data restricted.
  • Deletion and Objection: Data subjects can have personal data deleted ("right to be forgotten") and object to the processing of their data with effect for the future.
  • Data Disclosure and Data Portability: Data subjects can request the disclosure of personal data or the transfer of their data to another controller.

We may postpone, restrict, or refuse the exercise of data subjects' rights within legally permissible limits. We may inform data subjects in advance of any conditions that must be met to exercise their data protection claims. For example, we may refuse to provide information in whole or in part, citing business secrets or the protection of other individuals. For example, we may also refuse to delete personal data, citing legal retention obligations, in whole or in part.

We may, in exceptional cases, impose costs for exercising data subjects' rights. We will inform data subjects in advance of any potential costs.

We are obligated to identify data subjects who request information or assert other rights with appropriate measures. Data subjects are obliged to cooperate.

Data subjects have the right to enforce their data protection claims in court or lodge a complaint with a competent data protection supervisory authority.

The data protection supervisory authority for complaints by data subjects against private controllers and federal authorities in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities for complaints by data subjects â€“ if and to the extent that the General Data Protection Regulation (GDPR) applies are organized as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), data protection supervisory authorities are federally structured, especially in Germany.

8. Website Usage

8.1 Cookies

We may use cookies. Cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data may not be limited to traditional text-based cookies.

Cookies can be temporarily stored in the browser as "session cookies" or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies, in particular, allow us to recognize a browser on the next visit to our website and, for example, measure the reach of our website. However, permanent cookies can also be used for online marketing.

Cookies can be disabled or deleted entirely in the browser settings at any time. Without cookies, our website may not be fully functional. We request – at least if and to the extent necessary – explicit consent for the use of cookies.

For cookies used for tracking success and reach or for advertising, many services offer a general opt-out option through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

8.2 Logging

We may log at least the following information for each access to our website and other online presence, provided that this information is transmitted to our digital infrastructure during such accesses: date and time, including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, specific subpage of our website accessed including transmitted data volume, last website accessed in the same browser window (referer or referrer).

We log such information, which may also constitute personal data, in log files. The information is necessary to provide our online presence permanently, in a user-friendly and reliable manner. The information is also necessary to ensure data security – also by third parties or with the help of third parties.

8.3 Tracking Pixels

We may incorporate tracking pixels into our online presence. Tracking pixels are also known as web beacons. Tracking pixels – including those from third parties whose services we use – are usually small, invisible images or JavaScript scripts that are automatically retrieved when accessing our online presence. Tracking pixels can capture at least the same information as log files.

9. Notifications and Messages

We send notifications and messages by email and through other communication channels such as instant messaging or SMS.

9.1 Success and Reach Measurement

Notifications and messages may contain web links or tracking pixels that determine whether a single message has been opened and which web links were clicked. Such web links and tracking pixels can also capture the use of notifications and messages in a personalized manner. We require this statistical measurement of use for success and reach measurement in order to effectively and user-friendly, as well as permanently, securely, and reliably send notifications and messages based on the needs and reading habits of recipients.

You must, in principle, consent to the use of your email address and other contact addresses, unless the use is permissible for other legal reasons. For obtaining double-confirmed consent, we can use the "Double Opt-in" procedure. In this case, you will receive a notification with instructions for double confirmation. We may log obtained consents, including IP addresses and timestamps, for evidence and security reasons.

You can, in principle, object to receiving notifications and messages such as newsletters at any time. With such an objection, you can also object to the statistical measurement of use for success and reach measurement. Required notifications and messages related to our activities and operations remain reserved.

9.3 Service Providers for Notifications and Messages

We send notifications and messages with the help of specialized service providers.

We use in particular:

10. Social Media

We are present on social media platforms and other online platforms to communicate with interested individuals and to provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The general terms and conditions (AGB) and terms of use, as well as privacy policies and other provisions of the individual operators of such platforms, also apply. These provisions inform, in particular, about the rights of affected individuals directly with respect to the respective platform, including the right to information.

For our Social Media presence on Facebook, including the so-called Page Insights, we are – if and to the extent the General Data Protection Regulation (GDPR) is applicable – jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta Companies (including in the USA). Page Insights provide information about how visitors interact with our Facebook presence. We use Page Insights to effectively and user-friendly provide our Social Media presence on Facebook.

Additional information about the nature, scope, and purpose of data processing, information about the rights of affected individuals, as well as contact details for Facebook and Facebook's data protection officer can be found in the Facebook Privacy Policy. We have concluded the so-called "Controller Addendum" with Facebook, thereby agreeing, among other things, that Facebook is responsible for ensuring the rights of affected individuals. For information about Page Insights, please refer to the "Page Insights Information" page, including "Information about Page Insights Data".

11. Third-Party Services

We use services provided by specialized third parties to carry out our activities and operations on a permanent, user-friendly, secure, and reliable basis. With such services, we can embed functions and content into our website. When such embedding occurs, the used services may, for technical reasons, temporarily capture the IP addresses of users.

For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data needed to provide the respective service.

We use, in particular:

11.1 Digital Infrastructure

We use services provided by specialized third parties to access the required digital infrastructure related to our activities and operations. This includes, for example, hosting and storage services from selected providers.

We use, in particular:

  • Blog hosting and website builder; Providers: Automattic Inc. (USA) / Aut O'Mattic A8C Ireland Ltd. (Ireland) for users in Europe and other regions; Data privacy information: Privacy PolicyCookie Policy.

11.2 Audio and Video Conferences

We use specialized services for audio and video conferences to communicate online. With these services, we can conduct virtual meetings, online classes, and webinars, among other things. When participating in audio and video conferences, the terms and conditions of the individual services, such as privacy policies and terms of use, also apply.

Depending on your situation, we recommend muting the microphone by default and blurring the background or using a virtual background during audio or video conferences.

We use, in particular:

11.3 Online Collaboration

We use third-party services to enable online collaboration. In addition to this privacy policy, any terms and conditions of the services used, such as terms of use or privacy policies, also apply.

We use, in particular:

11.4 Map Material

We use services from third parties to embed maps into our website.

We use, in particular:

11.5 Fonts

We use services from third parties to embed selected fonts, icons, logos, and symbols into our website.

We use, in particular:

11.6 Advertising

We have the option to display targeted advertising with third parties, such as social media platforms and search engines, for our activities and operations.

With such advertising, we aim to reach individuals who are already interested in or could be interested in our activities and operations (Remarketing and Targeting). For this purpose, we may transmit relevant â€“ possibly also personal â€“ information to third parties that enable such advertising. We can also determine whether our advertising is successful, particularly whether it leads to visits to our website (Conversion Tracking).

Third parties on which we advertise and on which you, as a user, are registered, may potentially associate the use of our website with your profile there.

We use, in particular:

12. Website Extensions

We use extensions for our website to enable additional features. We may use selected services from suitable providers or use such extensions on our own server infrastructure.

We use, in particular:

  • Google reCAPTCHA: Spam protection (distinguishing between desired content from humans and unwanted content from bots and spam); Provider: Google; Google reCAPTCHA-specific information: "What is reCAPTCHA?".

13. Success and Reach Measurement

We attempt to determine how our online offering is used. In this context, we can, for example, measure the success and reach of our activities and operations as well as the impact of third-party links to our website. We may also experiment and compare how different parts or versions of our online offering are used (A/B test method). IP addresses of individual users are typically stored for the success and reach measurement. In this case, IP addresses are generally shortened (IP masking) to comply with the principle of data minimization.

Cookies may be used in the success and reach measurement, and user profiles may be created. Any user profiles created may include, for example, the individual pages visited or content viewed on our website, information about screen size or browser window size, and the â€“ at least approximate â€“ location. Any user profiles are generally created in pseudonymized form only and are not used for identifying individual users. Some third-party services, where users are logged in, may potentially associate the use of our online offering with the user's account or profile with that service.

We use, in particular:

  • Google Analytics: Success and reach measurement; Provider: Google; Google Analytics-specific information: Measurement across different browsers and devices (Cross-Device Tracking) and with pseudonymized IP addresses, which are only transferred to Google in the USA in full in exceptional cases, "Privacy""Browser Add-on to Disable Google Analytics".
  • Google Tag Manager: Integration and management of other services for success and reach measurement as well as other services from Google and third parties; Provider: Google; Google Tag Manager-specific information: "Data Collected with Google Tag Manager"; further privacy information can be found with the individual integrated and managed services.

14. Video Surveillance

We use video surveillance for the prevention of crimes and the preservation of evidence in case of criminal activities, as well as for enforcing our right of access. This constitutes â€“ to the extent that the General Data Protection Regulation (GDPR) is applicable â€“ predominant legitimate interests according to Art. 6 para. 1 lit. f GDPR.

We store recordings from our video surveillance for as long as they are necessary for the preservation of evidence.

We may secure recordings due to legal obligations, for the enforcement of our own legal claims, and in case of suspicion of criminal activities, and transmit them to competent authorities, including but not limited to judicial or law enforcement authorities.

15. Final Provisions

We have created this privacy policy using the Data Protection Generator provided by Datenschutzpartner. The present privacy policy is an unofficial translation from the original German version.

We reserve the right to modify and supplement this privacy policy at any time. We will inform about such modifications and supplements in an appropriate manner, especially by publishing the current privacy policy on our website.