Important legal notices
Please read the following terms and conditions carefully before proceeding. Individuals who visit the website of the Tschuggen Hotel Group, the Tschuggen Grand Hotel, the Valsana Hotel & Appartements, the Carlton Hotel, the Hotel Eden Roc or the Albergo Carcani hereby consent to the following terms and conditions.
The Tschuggen Hotel Group AG (Tschuggentorweg 1, 7050 Arosa) maintains the websites www.tschuggenhotelgroup.ch, www.tschuggen.ch, www.valsana.ch, www.carlton-stmoritz.ch, www.edenroc.ch, www.carcani.ch, www.safaridelgusto.ch and, as such, is responsible for collecting, processing and using your personal data and ensuring that such data processing is compatible with applicable data protection law.
Your trust is important to us, which is why we take the subject of data protection seriously and endeavour to ensure an appropriate level of security. It goes without saying that we comply with the legal provisions of the Federal Data Protection Act (DPA), the Ordinance to the Federal Act on Data Protection (VDSG), the Telecommunications Act (FMG) and any other applicable data protection provisions under Swiss or EU law, in particular the General Data Protection Regulation (GDPR).
We have appointed a Data Protection Officer for our company. If you have any questions regarding data protection in general or on matters related to your personal data, please contact the managers of our hotels. Questions regarding data protection should be sent to [email protected].
The address of our data protection representative in the EU is:
Invit Travel GmbH / Datenschutzvertreter
Telephone: +49 89 210 940 26
To find out which personal data we collect from you and why, please take note of the information provided below.
Data processing in connection with our website
1. Visits to our website
Each time you visit our website, our servers temporarily store information about each visit in a log file. As with any connection to a webserver, the following technical data is recorded without your intervention, stored by us, and automatically deleted after no more than 12 months:
- the IP address of the requesting computer
- the name of the owner of the IP address range (generally your Internet access provider)
- the date and time of access
- the website from which access took place (referrer URL) including the search word used, if applicable
- the name and URL of the file accessed
- the status code (e.g. error message)
- your computer’s operating system
- which browser you use (type, version and language)
- the transmission protocol used (e.g. HTTP/1.1) and
- if applicable, the username used for registration/authentication
This data is collected and processed for the purpose of enabling the use of our website (to establish a connection), to permanently guarantee system security and stability, to enable the optimisation of our Internet offer as well as for internal statistical purposes. This is where our legitimate interest in data processing lies within the meaning of Art. 6 (1) (f) GDPR.
The IP address is also evaluated together with the other data in the event of attacks on the network infrastructure or other unauthorised or abusive use of the website for the purpose of investigating and preventing attacks and may be used in the course of criminal proceedings to identify and prosecute the users concerned under civil and criminal law. This is where our legitimate interest in data processing lies within the meaning of Art. 6 (1) (f) GDPR.
2. Use of our contact form
You have the option of using a contact form to contact us with inquiries both regarding events or of a general nature. To respond to such inquiries, we usually need the following information:
- first name and surname
- postal address
- email address
- phone number
We will only use this data in order to provide you with the best possible, personalised response to your contact request. As a result, the processing of such data within the meaning of Art. 6 (1) (b) GDPR is necessary in order to take steps prior to entering into a contract and/or we have a legitimate interest in such processing pursuant to Art. 6 (1) (f) GDPR.
3. Orders through our Voucher Shop
You have the option of using the contact form to send orders to us in our Voucher Shop. For this purpose, we collect the following mandatory information:
- first name
- postal address
- phone number
- payment method
- dispatch method
We only use this data and any other data you voluntarily provide in order to process your order according to your wishes.
4. Subscriptions to our newsletter
You have the option of subscribing to our newsletter on our website. You must register first before subscribing. To register, you must specify the following details:
- first name & surname
- email address
The data specified above are required for data processing. By registering, you give us your consent to process the data provided for the purpose of sending regular newsletters to the address indicated and for performing statistical analyses of usage behaviour and to optimise the newsletter. This consent constitutes our legal basis for the processing of your e-mail address within the meaning of Art. 6 (1) (a) GDPR. We are entitled to commission third parties with the technical handling of advertising activities and are entitled to pass on your data for this purpose (see Section 15 below).
At the end of each newsletter you will find a link to unsubscribe at any time. When unsubscribing, you can voluntarily inform us of your reason for unsubscribing. Your personal data will be deleted after you have unsubscribed. Further processing will only take place in anonymised form to optimise our newsletter.
5. Booking online, by post or by phone
If you use either our website, a means of correspondence (email or letter post) or a phone call to make bookings or order vouchers, we need the following data in order to perform the contract:
- First name and surname
- postal address
- date of birth
- phone number
- credit card information
- email address
We will automatically delete your credit card details after you leave us.
The legal basis of data processing for this purpose is the performance of a contract pursuant to Art. 6 (1) (b) GDPR.
Cookies help in many ways to make your visit to our website simpler, more pleasant and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our website.
Most Internet browsers accept cookies automatically. However, you can configure your browser to prevent cookies from being stored on your computer or to display a message whenever you receive a new cookie. You will find explanations on how to configure cookie processing in the most common browsers on the following pages:
- Microsoft’s Windows Internet Explorer
- Microsoft’s Windows Internet Explorer Mobile
- Mozilla Firefox
- Google Chrome for PC
- Google Chrome for mobile
- Apple Safari for PC
- Apple Safari for mobile
If you disable cookies, you may not be able to use all the functions of our website.
7. Tracking tool
a. General information
We use the web analytics service from Google Analytics for the purpose of designing our website to better meet its users' needs and for the continuous optimisation of our website. In this context, pseudonymous user profiles are created and small text files are stored on your computer ("cookies"). Cookie-generated information regarding your use of this website is sent to the servers of the providers of those services where they are stored and preprocessed for us. In addition to the data listed in Section 1, we may receive the following information:
- how a visitor navigates through the site
- time spent on the website or subpage
- last subpage visited before leaving the website
- the country, region or city from where the site was accessed
- terminal (type, version, colour depth, resolution, width and height of the browser window) and
- recurring or new visitor.
This information is used to evaluate how this website is used, to compile reports on website activities and to provide further services associated with the use of the website and the Internet for the purpose of conducting market research and to design our website to better meet its users' needs. As the circumstances require, this information may also be transferred to third parties if required to do so by law or to the extent that a third party is instructed to process this data.
b. Google Analytics
Google Analytics is provided by Google Inc., which belongs to the US-based holding company Alphabet Inc. When IP anonymisation (“anonymizeIP”) is enabled on this website, the IP address will be truncated within the Member States of the European Union or in other countries party to the Agreement on the European Economic Area before any data is sent to the provider. The anonymised IP address sent by your browser within the context of Google Analytics will not be combined with any other Google data. The full IP address will only be transmitted to a Google server in the USA before truncation in exceptional circumstances. In such cases, we have contractual guarantees in place to ensure that Google Inc. maintains an adequate level of data privacy. According to Google Inc., the IP address will not be linked to other user-related data under any circumstances.
You will find additional information about the website analytics service on the Google Analytics website. For instructions on how to prevent the website analytics service from processing your data, go to http://tools.google.com/dlpage/gaoptout?hl=de
8. Links to our social media pages
We have incorporated links to our social media profiles into our websites. These links may lead to the following networks:
- Facebook Inc., 1601 S California Ave, Palo Alto, CA 94304, USA,
- Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA,
- Instagram Inc., 1601 Willow Road, Meno Park, CA 94025, USA,
- YouTube, a service operated by Google Inc.,
- Tripadvisor Inc., 400 1st Avenue, Needham, 02494 MA, USA,
- Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA,
If you click on the icons that correspond to any of these social networks, you will be automatically forwarded to our profiles in the respective networks. In some cases, you must first log into your user account before being able to use the features offered by each network. Whenever you activate a link to our social media profiles, this will establish a direct link between your browser and the server of the social network in question. This informs the network that you are visiting our webpages with your IP address and have activated the link. If you access a link to a network while logged into your account with that network, the contents of our site may be linked to your profile on the network, which means that the network may match your visit to our webpages directly to your user account. If you want to prevent this from happening, you should log out first before clicking such links. Your visit will definitely be matched to your account if you log into the respective network after clicking the link.
Data processing in connection with your stay
9. Data processing for compliance with legal notification obligations
When you arrive in our hotel, we need the following information from you and anybody accompanying you:
- first name and surname
- postal address and canton
- date of birth
- official form of identification and number
- arrival and departure dates
We collect this information to comply with legal notification obligations, which arise in particular in connection with the hospitality industry or police law. Where we are required to do so by applicable regulations, we will forward this information to the appropriate police authority.
We have a legitimate interest in the fulfilment of the legal requirements within the meaning of Art. 6 (1) (f) GDPR.
10. Recording of purchased services
If you purchase additional services during your stay (wellness, restaurant, activities, etc.), we will record the product/service as well as the time at which you receive it for billing purposes. The processing of this data is necessary within the meaning of Art. 6 (1) (b) GDPR for the purpose of performing the contract with us.
11. Guest feedback
If you specified your e-mail address when making your booking, you will be sent an electronic form after departure. We use this form to collect the following data:
- first name and surname
- duration of stay
Data processing in connection with marketing activities
As a guest or former guest at a hotel in the Tschuggen Hotel Group, we will send you mailings by post to provide you up-to-date information on our activities. To do so, we use the data mentioned in Section 9. This information is usually sent by post. You may unsubscribe from this information at any time. To do so, contact the respective hotel or the head office at [email protected].
Storage and exchange of data with third parties
12. Booking platforms (e.g. booking.com)
Finally, we may be informed by the platform operators of any disputes connected to a booking. For this, we may also receive information about the booking process, which may include a copy of the booking confirmation as proof that the booking was actually made. We process this data to safeguard and enforce our claims. This is where our legitimate interest lies within the meaning of Art. 6 (1) (f) GDPR.
Please also note the information on data protection provided by the respective provider.
13. Central storage and linking of data
We store the specified data in a central electronic data processing system. Data related to you will be systematically recorded and linked in order to process your bookings and handle the contractually agreed services. To this end, we use the following software: protel hotelsoftware GmbH, Europaplatz 8, 44269 Dortmund (D) / Bookatable GmbH & Co. KG, Deichstrasse 48-50, 20459 Hamburg (D) / gastronovi GmH, Buschhöhe 6, 28357 Bremen (D) / TAC Informationstechnologie GmbH, Schildbach 111, 8230 Hartberg (A).
The processing of this data within the framework of the software is based on our legitimate interest in customer-friendly and efficient customer data management within the meaning of Art. 6 (1) (f) GDPR.
14. Retention period
We only store personal data for as long as necessary in order to use the tracking services mentioned above and for any further processing in which we have a legitimate interest. We keep contractual data for a longer period of time, as this is prescribed by legal storage obligations. Storage obligations, which oblige us to store data, result from regulations concerning the right to report, accounting and tax law. According to these regulations, business communications, contracts concluded and accounting records must be kept for up to 10 years. If we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.
15. Disclosure of data to third parties
We will only disclose your personal data if you have expressly consented to such disclosure, if there is a legal obligation to do so or if this is necessary for the enforcement of our rights, in particular for the enforcement of claims arising from the contractual relationship. Furthermore, we disclose your data to third parties to the extent that this is necessary within the context of website usage and contract processing (also outside the website), namely to process your bookings.
One service provider to whom the personal data collected via the website is passed on or who has or can have access to it, is our web hosting service provider (iWay AG, Badenerstrasse 569, 8048 Zürich). The website is hosted on servers in Switzerland. The data is passed on for the purpose of providing and maintaining the functionalities of our website.
Booking via our websites
If you make a booking via our websites, the personal data collected in this context will be passed on to HotelNetSolutions GmbH, Berlin (D) and TRUST International Hotel Reservation Services GmbH, Frankfurt a.M. (D). The data is passed on for the purpose of recording and registering your booking.
Credit card information
We forward any data collected in connection with feedback provided by our guests to our partners IRC-Swiss GmbH, Ebikon (CH); Medallia, San Mateo, CA (USA); and Trustyou GmbH, Munich (D). The data will only be passed on for storage purposes. Any processing of this data will only take place on behalf of Tschuggen Hotel Group AG.
Guest tickets, ski passes
The Wifi network provided in our hotels is operated by Swisscom (Switzerland) Ltd. The Swisscom data protection statement can be viewed at https://www.swisscom.ch/en/about/legal-information/data-protection.html.
16. Transmission of personal data abroad
17. Right to access data, have it rectified or erased and restrict its processing; right to data portability
You have the right to request information about the personal data that we store about you. In addition, you have the right to have incorrect data rectified and to have your personal data erased, provided that this does not conflict with any legal obligation to store data or where the processing of such data is permitted by law.
You also have the right to request that we disclose to you any data you have provided to us (right of data portability). Upon request, we will also pass the data on to a third party of your choice. You have the right to receive the data in a commonly used file format.
For matters related to the purposes specified above, you can reach us through the following email address: [email protected]. We may, at our discretion, require proof of identity in order to process your requests.
18. Data security
We use appropriate technical and organisational security measures to protect any personal data we have stored concerning you against manipulation, partial or complete loss and against unauthorised third-party access. Our security measures are improved on a continuous basis to keep up with technological developments.
You should keep your login details confidential at all times and close your browser window after communicating with us, especially if you share your computer with other people.
We also take in-house data protection very seriously. Our employees and the service providers commissioned by us have been obliged by us to maintain confidentiality and to comply with data protection regulations.
19. Note regarding data transmissions to the USA
For the sake of completeness, we would like to point out to users residing or domiciled in Switzerland that the US authorities have monitoring measures in place in the USA which generally allow the storage of all personal data of all persons whose data was transmitted from Switzerland to the USA. This is done without differentiation, restrictions or exceptions in terms of the objective pursued and without an objective criterion which would make it possible to restrict the US authorities’ access to the data and its subsequent use to very specific, strictly limited purposes that could justify the intrusion constituted by both access to such data and its use. Furthermore, we would like to point out that there are no legal remedies available in the USA for data subjects from Switzerland which would allow them to gain access to the data related to them and to have such data rectified or erased, and that there is no effective judicial protection against the general access rights of US authorities. We explicitly point out this legal and factual situation to data subjects to help them make an appropriately informed decision on whether to grant their consent for the use of their data.
20. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority at any time.
As at: Arosa, June 2018