Logo

Booking Best available rates

Titolo per booking in mobile del gruppo

Request

Data protection

Please read the following Privacy Policy carefully before proceeding. Individuals who visit the website of the Tschuggen Hotel Group, the Tschuggen Grand Hotel, the Valsana Hotel & Appartements, the Carlton Hotel or the Hotel Eden Roc are requested to take note of the following information.

Tschuggen Hotel Group AG (Tschuggentorweg 1, 7050 Arosa) is the operator of the websites tschuggenhotelgroup.ch, tschuggen.ch, valsana.ch, carlton-stmoritz.ch, edenroc.ch and therefore responsible for processing and using your personal data and ensuring that such data processing is in accordance with applicable data protection law (see also our legal notice with an overview of all group members).

Your trust is important to us, which is why we take the subject of data protection seriously and endeavour to ensure an appropriate level of security. We are committed to handling your personal data in a responsible manner. It goes without saying that we comply with the legal provisions of the Federal Data Protection Act (DPA), the Ordinance to the Federal Act on Data Protection (VDSG), the Telecommunications Act (FMG) and any other applicable data protection provisions under Swiss or EU law, in particular the General Data Protection Regulation (GDPR).

We have appointed a Data Protection Officer for our company. If you have any questions regarding data protection in general or on matters related to your personal data, please contact the managers of our hotels. Questions regarding data protection should be sent to [email protected].

The address of our data protection representative pursuant to Art. 27 GDPR in the EU is:

Invit Travel GmbH / Data protection representative
Radlkoferstrasse 2
81373 Munich
Germany

[email protected]
ihr-datenschutz-vertreter.ch
Phone: +49 89 210 940 26

To find out which personal data we collect from you and why, please take note of the information provided below.

Data processing in connection with our website

1. Visits to our website

Each time you visit our website, our servers temporarily store information about each visit in a log file. As with any connection to a webserver, the following technical data is recorded without your intervention, stored by us, and automatically deleted after no more than 12 months:

  • the IP address of the requesting computer
  • the name of the owner of the IP address range (generally your Internet access provider)
  • the date and time of access
  • the website from which access took place (referrer URL) including the search word used, if applicable
  • the name and URL of the file accessed
  • the status code (e.g. error message)
  • your computer’s operating system
  • which browser you use (type, version and language)
  • the transmission protocol used (e.g. HTTP/1.1) and
  • if applicable, the username used for registration/authentication

This data is collected and processed for the purpose of enabling the use of our website (to establish a connection), to permanently guarantee system security and stability, to enable the optimisation of our Internet offer as well as for internal statistical purposes. This is where our legitimate interest in data processing lies within the meaning of Art. 6 (1) (f) GDPR.

The IP address is also evaluated together with the other data in the event of attacks on the network infrastructure or other unauthorised or abusive use of the website for the purpose of investigating and preventing attacks and may be used in the course of criminal proceedings to identify and prosecute the users concerned under civil and criminal law. This is where our legitimate interest in data processing lies within the meaning of Art. 6 (1) (f) GDPR.

2. Use of our contact form

You have the option of using a contact form to contact us with enquiries both regarding events or of a general nature. To respond to such enquiries, we usually need the following information (mandatory *):

  • I am especially interested in*
  • Title*
  • First name*
  • Surname*
  • Street
  • Town/city, postcode
  • Country
  • Email address*
  • Phone number
  • Comment
  • I am interested in
  • I am not a robot
  • I have read and accept the data protection guidelines

We will only use this data in order to provide you with the best possible, personalised response to your contact request. The processing of such data is therefore necessary in order to take steps prior to entering into a contract within the meaning of Art. 6 (1) (b) GDPR and/or is based on our legitimate interest in such processing pursuant to Art. 6 (1) (f) GDPR.

3. Orders through our Voucher Shop

You have the option of using the contact form to send orders to us in our Voucher Shop. We collect the following information for this purpose (mandatory *):

  • Title*
  • First name*
  • Surname*
  • Company
  • House number and street*
  • Additional address field
  • Postcode*
  • Town/city*
  • Country*
  • Phone number*
  • Email*
  • Payment method*
  • Dispatch method*
  • Yes, I would like to subscribe to your newsletter.
  • I confirm that the details I have provided are correct and that I have read and accept the GTC and the data protection provisions*

We only use this data and any other data you voluntarily provide in order to process your order according to your wishes. The processing of such data is therefore necessary in order to take steps prior to entering into a contract as well as to perform a contract within the meaning of Art. 6 (1) (b) GDPR.

4. Subscriptions to our newsletter

You have the option of subscribing to our newsletter on our website. You must register first before subscribing. To register, you must specify the following details (mandatory *):

  • Title
  • First name*
  • Surname*
  • Email address*
  • I have read and accept the data protection guidelines.*

After entering the aforementioned information, we will sign you up to the newsletter. We use a double opt-in process for this. After submitting the registration details, you will receive an email from us containing a confirmation link. You need to click on this link to register for the newsletter as the final step. If you do not click on the confirmation link, your email address will be deleted again permanently from our temporary list of potential newsletter subscribers after 24 hours and your subscription to the newsletter will not be successful. To send our newsletter, we use email marketing software offered by Campaign Monitor, Lea Avenue 9, TN 37210 Nashville, United States. You can find Campaign Monitor's Privacy Policy here. Further information on the transfer of personal data to third parties can be found in Section 19.

We use your data to send you the newsletter until you withdraw your consent. You may withdraw your consent with future effect at any time or click on the unsubscribe link in the newsletter emails.

Our newsletter contains a web beacon or similar technical means (tracking pixels). A web beacon is a 1x1 transparent pixel image linked to the user ID of the newsletter subscriber in question. The web beacon provides us with the following information pertaining to the newsletter:

  • address file used
  • subject and number of newsletters sent
  • information about which addresses have received or not received the newsletter and the addresses to which sending has failed
  • information about which addresses have opened the newsletter
  • information about which addresses have unsubscribed and
  • technical information (e.g. time the newsletter was opened, IP address, browser type and operating system)

This information is used to perform statistical analyses of our newsletter campaigns. The results of these analyses may be used to better adapt future newsletters to recipients’ interests. The web beacon is deleted when you delete the newsletter.

To prevent the use of web beacons, please change your email settings such that messages do not show HTML (if not already the case as a matter of standard). You can find explanations on how to change this setting in the most common email programs on the following pages.

By registering for the newsletter, you give us your consent to process the data provided for the purpose of sending regular newsletters to the address indicated and for performing statistical analyses of usage behaviour and to optimise the newsletter. This consent constitutes our legal basis for the processing of your data within the meaning of Art. 6 (1) (a) GDPR. You may withdraw your consent with future effect at any time.

5. Booking online, by post or by phone

If you use either our website, a means of correspondence (email or letter post) or a phone call to make bookings or order vouchers, we need the following data in order to perform the contract (mandatory *):

  • Title*
  • First name*
  • Surname*
  • House number and street*
  • Postcode*
  • Town/city*
  • Country*
  • Date of birth
  • Email address*
  • Phone number*
  • Language
  • Credit card information*

Unless otherwise stated in this Privacy Policy or you have given your explicit consent, we will only use this data and other information you provide voluntarily (expected time of arrival, motor vehicle number plate, preferences, comments, etc.) for the purpose of performing the contract. We will process the data in order to record your booking as requested, to provide the booked services, to contact you if something is unclear or in the case of problems and to ensure correct payment.

We will automatically delete your credit card details after you leave us.

The legal basis of data processing for this purpose is the performance of a contract pursuant to Art. 6 (1) (b) GDPR and/or your consent pursuant to Art. 6 (1) (a) GDPR. You may withdraw your consent with future effect at any time.

6. Data processing when you contact us by phone 

You can contact us by phone and ask us questions about website functions, bookings or services.

We will only collect the personal data you disclose to us. You are therefore responsible for the content of the message and are in control of which information you provide to us. We recommend that you do not disclose any sensitive information. So that we can answer your questions, we may ask you to provide additional information (e.g. your address, your email address). We will only process the personal data relating to you that we need to answer your questions or provide you with the desired services.

We have a legitimate interest in processing your telephone query within the meaning of Art. 6 (1) (f) GDPR.

7. Data processing when you contact us by email

You can contact us by email and ask us questions about website functions, bookings or services.

We will only collect the personal data you disclose to us. You are therefore responsible for the content of the message and are in control of which information you provide to us. We recommend that you do not disclose any sensitive information. To answer your questions, we may ask you to provide additional information (e.g. your address, your telephone number). We will only process the personal data relating to you that we need to answer your questions or provide you with the desired services.

We have a legitimate interest in processing your email query within the meaning of Art. 6 (1) (f) GDPR.

8. Data processing when you apply for a job vacancy

You can apply for job vacancies on our website. We collect the following information when you apply (mandatory *):

  • Personal data:
    • Photo
    • Title*
    • First name*
    • Surname*
    • Date of birth*
    • Postcode*
    • Email address*
    • Password*
    • User language*
  • Contact details:
    • Street*
    • Postcode*
    • Town/city*
    • Country*
    • Telephone*
    • Educational qualification
  • Documents (upload):
    • Cover letter*
    • CV*
    • Other documents
  • Relationship to our company:
    • I am currently an employee of your company
    • I have previously worked for your company
  • Other information:
    • How did you find out about us?
    • Comments about your person
  • Data release*:
    • I consent to my data being stored beyond the scope of a specific job vacancy and to being notified about other vacancies that may be of interest to me.
    • I would like my data to be deleted after the current application process.
    • I agree to the Privacy Policy*

In connection with your online application we use the tool Umantis by Haufe-Lexware GmbH & Co. KG, Munzinger Strasse 9, 79111 Freiburg, Germany. Data is stored by Umantis on a server in Germany.

We need this information to review your application and if necessary to contact you in relation thereto. The legal basis for processing your personal data is the necessity to take steps prior to entering into a contract and perform a contract within the meaning of Art. 6 (1) (b) GDPR, and is based on our legitimate interest within the meaning of Art. 6 (1) (f) GDPR. You may object to this data processing at any time if there are reasons pertaining to your specific situation for data processing not to take place.

9. Data processing when you use the chat function on tschuggen.ch, carlton-stmoritz.ch and valsana.ch

You can contact us via the chat function and ask us questions about website functions, bookings or services. When you do so, we collect the following information (mandatory *):

  • Contact details (name, email address)*
  • Message

Beside this, we will only collect the personal data you disclose to us. You are therefore responsible for the content of the message and are in control of which information you provide to us. We recommend that you do not disclose any sensitive information. To answer your questions via chat, we may ask you to provide additional information. We will only process the personal data relating to you that we need to answer your questions or provide you with the desired services.

In connection with the chat function, we use a tool provided by Zendesk, Inc., 989 Market Street, San Francisco, CA 94103, USA. Data from the chat is stored on servers at the following location: EAA.

We have a legitimate interest in processing your chat query or message within the meaning of Art. 6 (1) (f) GDPR.

10. Cookies

Cookies help in many ways to make your visit to our website simpler, more pleasant and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our website.

For example, we use cookies to temporarily save your selected services and entries you make when filling out a form on the website, so that you do not have to re-enter the information when you access another subpage. Cookies may also be used to identify you as a registered user after you log into the website so that you do not have to log in again when accessing another subpage.

Most Internet browsers accept cookies automatically. However, you can configure your browser to prevent cookies from being stored on your computer or to display a message whenever you receive a new cookie. You will find explanations on how to configure cookie processing in the most common browsers on the following pages:

If you disable cookies, you may not be able to use all the functions of our website.

11. Tracking tools

11.1 Google Analytics

Our website uses Google Analytics, a web analytics service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses methods designed to analyse how you use the website, such as cookies (see Section 10). The information generated by the cookie relating to use of our website, such as

  • how a visitor navigates through the website
  • time spent on the website or a subpage
  • last subpage visited before leaving the website
  • the country, region or city from where the website was accessed
  • terminal (type, version, colour depth, resolution, width and height of the browser window)
  • recurring or new visitor
  • browser type/version
  • operating system used
  • referrer URL (i.e. the website visited before accessing our website)
  • host name of the computer accessing the website (IP address) and
  • time of the server request

is generally transmitted to and stored on a Google server in the USA. When IP anonymisation (“anonymizeIP”) is enabled on this website, the IP address is truncated within the Member States of the European Union or in other countries party to the Agreement on the European Economic Area or Switzerland before any data is sent. The masked IP address sent by your browser within the context of Google Analytics will not be combined with any other Google data according to Google. The full IP address will only be transmitted to a Google server in the USA before truncation in exceptional circumstances. In such cases, we have contractual guarantees in place to ensure that Google maintains an adequate level of data privacy.

This information is used to evaluate how this website is used, to compile reports on activities performed on the website and to provide further services associated with the use of the website and the Internet for the purpose of conducting market research and to design our website to better meet its users' needs. As the circumstances require, this information may also be transferred to third parties if required by law or to the extent that a third party is instructed to process this data.

The legal basis for processing this data for this purpose is your consent pursuant to Art. 6 (1) (a) GDPR. Consent may be withdrawn with future effect at any time.

Users may prevent Google from recording and processing data generated by the cookie linked to their use of the website (including IP address) by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=de 

Further information about Google and how Google processes data can be found here.

11.2 Google Tag Manager

Our website uses Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Tag Manager is a solution that allows distributors to manage website tags via an interface. The Tag Manager tool is a cookieless domain and does not record any personal data. The tool is used to deploy other tags that record personal data. Google Tag Manager does not access this data according to Google. If Google Tag Manager is disabled at the domain or cookie level, this will apply to all tracking tags implemented using Google Tag Manager. You can prevent tags from being placed at any time (see Section 10).

The legal basis for processing data for this purpose is our legitimate interest pursuant to Art. 6 (1) (f) GDPR.

11.3 Google DoubleClick

Our website uses DoubleClick by Google, a service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). For this, Google uses the DoubleClick cookie, which allows the website to recognise the browser used by the user when visiting other websites. The information generated by the cookie about visits to this website (including IP address) is transferred to and stored on a Google server in the USA.

Google uses this information to evaluate the use of the website with regard to advertisements to be displayed, to compile reports about website activities and advertisements for the website operator and to provide other services related to use of the website and the Internet. As the circumstances require, Google may also transfer this information to third parties if required to do so by law or to the extent that a third party is instructed to process this data by Google. According to Google, users’ IP addresses will not be linked to other Google data under any circumstances.

Because of the marketing tools used, your browser will automatically establish a direct connection to the Google server. We therefore have no influence on the scope and further use of data collected by Google through this tool and as such this information is based on the current state of our knowledge: DoubleClick tells Google that you have accessed the corresponding part of our website or clicked on an advertisement displayed by us. If you have registered for a Google service, Google may link the visit to your account. Even if you are not registered with Google or have not logged in, the provider may have knowledge of and store your IP address.

Further information about DoubleClick by Google is available at: https://marketingplatform.google.com/about/enterprise/, and information about data protection at Google generally can be found here: https://www.google.de/intl/de/policies/privacy.

To create pseudonymised user profiles for advertising and analysis purposes, we require your consent within the meaning of Art. 6 (1) (a) GDPR. Consent granted may be withdrawn with future effect at any time.

You may prevent the aforementioned data processing in various ways:

  1. by changing the corresponding settings on your browser, in particular by blocking third-party cookies, which will ensure that you do not receive any advertisements from third-party providers;
  2. by disabling cookies for conversion tracking by blocking cookies from the domain in your browser, https://www.google.de/settings/ads (this setting will be deleted when you delete your cookies);
  3. by disabling advertisements linked to your interests from providers participating in the self-regulation campaign “About Ads”, via http://www.aboutads.info/choices (this setting will be deleted when you delete your cookies);
  4. by permanently disabling this setting in your Firefox, Internet Explorer or Google Chrome browsers via http://www.google.com/settings/ads/plugin.

11.4 Zendesk (formerly Zopim)

Our website uses technologies offered by Zendesk Inc., 1019 Market St, San Francisco, USA, to collect and store pseudonymised data for web analytics purposes and for the purpose of operating the live chat system, which is used to respond to live support queries. This pseudonymised data may be used to create usage profiles under a pseudonym. Cookies may be used for this purpose.

Further information on how Zendesk processes personal data can be found here: https://www.zendesk.de/company/customers-partners/privacy-policy/

If the information collected contains references to persons, data processing is based on our legitimate interest in providing effective customer support and conducting statistical analyses of user behaviour for optimisation purposes pursuant to Art. 6 (1) (f) GDPR.

The data collected using Zendesk technologies is not used to personally identify visitors to this website without the specific consent of the person concerned and is not collated with personal data about the person behind the pseudonym. To prevent the storage of Zendesk cookies, you can change the settings in your Internet browser to prevent any further cookies from being stored on your computer in future and/or delete any existing cookies.

11.5 Facebook Custom Audience

Our website uses the “Facebook pixel” from the social network Facebook, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The Facebook pixel allows Facebook to identify visitors to our website as a target group for advertisements (“Facebook ads”). As such, we use the Facebook pixel to ensure that the Facebook ads we display are only shown to Facebook users that have shown an interest in our website or have certain characteristics (e.g. an interest in certain topics or products determined according to websites visited), which we provide to Facebook (known as “Custom Audiences”).

We also use the Facebook pixel to ensure that our Facebook ads correspond to the potential interest of our users and do not cause a nuisance. The Facebook pixel also helps us to understand the effectiveness of Facebook ads for statistical and market research purposes, as we are able to see whether users were redirected to our website after clicking on a Facebook ad (known as conversion).

The Facebook pixel is triggered by Facebook as soon as you access our website and may store a cookie on your device. If you then log into Facebook or visit Facebook while logged in, the visit to our website will be noted in your profile. Data collected about you is anonymous to us, meaning that there is no way for us to link this data to a user’s identity. However, as the data is stored and processed by Facebook, it may be linked to the user profile in question. The data may therefore be used by Facebook for its own market research and advertising purposes.

Should we send data to Facebook for cross-checking purposes, this data will be locally encrypted on the browser before being sent to Facebook via a secure https connection. The sole purpose of this is to cross-check this data against Facebook data, which is likewise encrypted.

Facebook processes data in line with its data protection guidelines. You can find specific information and details regarding the Facebook pixel and how it works in Facebook’s help area.

You may prevent your data from being recorded by the Facebook pixel and used to display Facebook ads. To choose which types of advertisements are shown to you within Facebook, simply go to the relevant Facebook page and follow the instructions on changing the settings for usage-based advertisements. In addition, you may prevent the use of cookies used to measure reach and cookies used for advertising purposes via the opt-out page of the Network Advertising Initiative. Further opt-out options can be found here: http://www.aboutads.info/choices und http://www.youronlinechoices.com/uk/your-ad-choices/.

The legal basis for the aforementioned data processing is your consent pursuant to Art. 6 (1) (a) GDPR. Consent granted may be withdrawn with future effect at any time.

11.6 Facebook Connect

If you have a Facebook profile, you can create a customer account or register for our website using the social plugin “Facebook Connect”, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), as part of the “single sign-on” technology. The “Facebook Connect” social plugins on our website are recognisable by the button with the Facebook logo and the text “Connect with Facebook”, “Log in with Facebook” or “Sign in with Facebook”.

When you visit our website, which contains such a plugin, your browser will establish a direct connection to the Facebook servers. The content of the plugin will be sent by Facebook directly to your browser and embedded into the site. This tells Facebook that your browser has visited the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged into Facebook. This information (including your IP address) is transferred to and stored on a Facebook server in the USA.

Using this “Facebook Connect” button on our website also allows you to log into or register for our website using your Facebook user data. When you use the “Facebook Connect” button, depending on your individual data protection settings on Facebook we will only receive the general, publicly accessible information stored in your profile if you gave your express consent to your data being exchanged with Facebook pursuant to Art. 6 (1) (a) GDPR prior to the registration process. This information includes user ID, name, profile picture, age and gender. Consent granted may be withdrawn with future effect at any time.

Please note that, following changes to the data protection provisions and terms and conditions of use of Facebook, when you grant your consent your profile pictures, the user IDs of your friends and your friend list may also be transferred if these are labelled as “public” in your Facebook privacy settings. We use and process data sent by Facebook to create a user account containing the necessary data, if you have shared this data with Facebook (title, first name, surname, address details, country, email address, date of birth). Conversely, data (e.g. information about your surfing or purchasing behaviour) collected via our website may be transferred to your Facebook profile on the basis of your consent.

The purpose and scope of the data collection and further processing and use of the data by Facebook, as well as your rights in this regard and the settings you can configure to protect your privacy, can be found in Facebook’s Data Policy: https://www.facebook.com/policy.php.

If you do not want Facebook to link data collected via our website to your Facebook profile, you need to log out of Facebook before visiting our website.

11.7 Google reCaptcha

Our website uses Google reCaptcha, a service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The aim of reCaptcha is to check whether data entered on our website (e.g. on a contact form) stems from a human or an automatised program. For this, reCaptcha analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor uses the website and is based on various information, in particular IP address, time spent by the website visitor on the website and the user’s mouse movements. The data collected during the analysis is forwarded to Google.

The legal basis for processing this data for this purpose is our legitimate interest in preventing cyber attacks pursuant to Art. 6 (1) (f) GDPR.

reCaptcha analyses run in the background. Further information on Google reCaptcha and the Google Privacy Policy can be found at: https://policies.google.com/privacy?hl=de and https://www.google.com/recaptcha/about/.

11.8 Creation of pseudonymised usage profiles

To provide you with personalised services and information on our website (on-site targeting), we use and analyse the data we collect about you when you visit the website. Cookies may be also used during the processing of this data (see Section 10 above). Usage data is only collated with pseudonymised data, and never with non-pseudonymised personal data.

The legal basis for processing this data for this purpose is our legitimate interest in optimising and personalising our online offering and advertising communications pursuant to Art. 6 (1) (f) GDPR.

12. Links to our social media pages

Our website contains links to social media networks. These are not plugins provided by social media networks, which start sending data to the provider when the site is loaded without user input. The social media network buttons conceal only a link to our page on the social media network. No user data is sent from the website to the social media network.

The links lead to our pages on the following networks:

  • Facebook Inc., 1601 S California Ave, Palo Alto, CA 94304, USA
  • Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
  • Instagram Inc., 1601 Willow Road, Meno Park, CA 94025, USA
  • YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
  • Tripadvisor Inc., 400 1st Avenue, Needham, 02494 MA, USA, and
  • Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA

Whenever you activate a link to our social media profiles, this will establish a direct link between your browser and the server of the social network in question. This informs the network that you have visited our website with your IP address and have activated the link. If you access a link to a network while logged into your account with that network, the contents of our site may be linked to your profile on the network, which means that the network may match your visit to our website directly to your user account. If you want to prevent this from happening, you should log out first before clicking such links. Your visit will definitely be matched to your account if you log into the respective network after clicking the link.

Data processing in connection with your stay

13. Data processing for compliance with legal notification obligations

When you arrive at our hotel, we need the following information from you and anybody accompanying you (mandatory *):

  • First name and surname*
  • Postal address and canton*
  • Date of birth*
  • Nationality
  • Official form of identification and number*
  • Arrival and departure dates*

We collect this information to comply with legal notification obligations, which arise in particular in connection with the hospitality industry or police law. Where we are required to do so by applicable regulations, we will forward this information to the appropriate police authority.

The processing of such data is based on a legal obligation within the meaning of Art. 6 (1) (c) GDPR.

14. Recording of purchased services

If you purchase additional services during your stay (wellness, restaurant, activities, etc.), we will record the product/service as well as the time at which you receive it for billing purposes. The processing of this data is necessary within the meaning of Art. 6 (1) (b) GDPR for the purpose of performing the contract with us.

15. Guest feedback

If you specified your email address when making your booking, you will be sent an electronic form after departure. We use this form to collect the following data (mandatory *):

  • First name and surname
  • Age
  • Nationality
  • Duration of stay

Provision of this information is voluntary and helps us continuously improve our offer and our services to better meet your needs. Unless otherwise stated in this Privacy Policy or you have given your explicit consent, we will only use the information you provide for statistical purposes. We will process the data in connection with your name in order to contact you if any aspects are unclear. The legal basis for processing such data for the aforementioned purposes is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

Data processing in connection with marketing activities

As a guest or former guest at a hotel in the Tschuggen Hotel Group, we will send you mailings by post to provide you with up-to-date information on our activities. To do so we use the data mentioned in Section 15. This information is usually sent by post. You may unsubscribe from this information at any time. To do so, contact the respective hotel or the head office at [email protected].

Storage and exchange of data with third parties

16. Bookings via booking platforms

If you make a booking via a third-party platform (i.e. via Airbnb, Booking.com, EHotel, Escapio, Expedia, Holidaycheck, Hotel Tonight, HRS, Kayak, Mr. & Mrs. Smith, Splendia, Tablet Hotels, Tripadvisor, Trivago, Weekend4Two), we will receive various personal data in connection with the booking made from the platform operator. This information generally comprises the data listed in Section 5 of this Privacy Policy. Enquiries regarding your booking might also be forwarded to us. We will process this data in connection with your name in order to record your booking as requested and to provide the booked services. The legal basis of data processing for this purpose is the necessity to take steps prior to entering into a contract and the performance of a contract pursuant to Art. 6 (1) (b) GDPR.

Finally, we may be informed by the platform operators of any disputes connected to a booking. For this, we may also receive information about the booking process, which may include a copy of the booking confirmation as proof that the booking was actually made. We process this data to safeguard and enforce our claims. This is where our legitimate interest lies within the meaning of Art. 6 (1) (f) GDPR.

Please also note the information on data protection provided by the respective booking platform.

17. Central storage and linking of data

We store the data specified in this Privacy Policy in a central electronic data processing system (CRM). Data related to you will be systematically recorded and linked in order to process your bookings and handle the contractually agreed services. Within the scope of data protection law, we also enrich the data with data from public sources (e.g. press or Internet). To this end, we use the following software: protel hotelsoftware GmbH, Europaplatz 8, 44269 Dortmund (D) / Bookatable GmbH & Co. KG, Deichstrasse 48-50, 20459 Hamburg (D) / gastronovi GmH, Buschhöhe 6, 28357 Bremen (D) / TAC Informationstechnologie GmbH, Schildbach 111, 8230 Hartberg (A).

The processing of this data within the framework of the software is based on our legitimate interest in customer-friendly and efficient customer data management within the meaning of Art. 6 (1) (f) GDPR as well as on taking contractual measures pursuant to Art. 6 (1) (b) GDPR.

18. Retention period

We only store personal data for as long as necessary in order to use the tracking services mentioned above and for any further processing in which we have a legitimate interest. We keep contractual data for a longer period of time, as this is prescribed by legal storage obligations. Storage obligations, which oblige us to store data, result from regulations concerning the right to report, accounting and tax law. According to these regulations, business communications, contracts concluded and accounting records must be kept for up to 10 years. If we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.

19. Disclosure of data to third parties

We will only disclose your personal data if you have expressly consented to such disclosure, if there is a legal obligation to do so or if this is necessary for the enforcement of our rights, in particular for the enforcement of claims arising from the contractual relationship. Furthermore, we send your data to companies with which we are affiliated (see our legal notice). In addition, we disclose your data to third parties to the extent necessary within the context of website usage and contract performance, for providing you with the desired services and for analysing your user behaviour; if there is a legal obligation to do so (e.g. order from a law enforcement agency); or if this is necessary for enforcing claims arising from the contractual relationship (e.g. collection efforts). Use of the data disclosed for this purpose is strictly limited to the purposes specified.

Webhosting

One service provider to whom the personal data collected via the website is passed on or who has or can have access to it is our web hosting service provider (iWay AG, Badenerstrasse 569, 8048 Zurich). The website is hosted on servers in Switzerland. The data is passed on for the purpose of providing and maintaining the functionalities of our website.

The legal basis for processing this data for this purpose is our legitimate interest pursuant to Art. 6 (1) (f) GDPR.

Booking via our websites

If you make a booking via our websites, the personal data collected in this context will be passed on to HotelNetSolutions GmbH, Berlin (D) and TRUST International Hotel Reservation Services GmbH, Frankfurt a.M. (D). The data is passed on for the purpose of recording and registering your booking.

The legal basis of data processing for this purpose is the necessity to take steps prior to entering into a contract and perform a contract pursuant to Art. 6 (1) (b) GDPR.

Credit card information

When you make a credit card payment on the website or via a payment terminal, we forward your credit card information to your credit card issuer and to the credit card acquirer. For this purpose, we work with the software platforms Saferpay offered by SIX Payment Solutions AG, Hardturmstrasse 201, 8005 Zurich, Switzerland and Datatrans Payment Pages offered by Datatrans, Kreuzbühlstrasse 26, 8008 Zurich, Switzerland. If you decide to pay by credit card, you will be asked to enter all the information required for a credit card payment. The legal basis for disclosing data is the performance of a contract pursuant to Art. 6 (1) (b) GDPR. With respect to the processing of your credit card information by these third parties, we ask that you also read the General Terms and Conditions and the Privacy Policy of your credit card issuer. We will automatically delete your credit card details after your departure.

Guest feedback

We forward any data collected in connection with feedback provided by our guests to our partners IRC-Swiss GmbH, Ebikon (CH); Medallia, San Mateo, CA (USA); and Trustyou GmbH, Munich (D). The data will only be passed on for storage purposes. Any processing of this data will only take place on behalf of Tschuggen Hotel Group AG.

The legal basis for processing this data for this purpose is our legitimate interest pursuant to Art. 6 (1) (f) GDPR in improving our services based on guest feedback and in securely storing this data.

Guest tickets, ski passes

Guest tickets (TicinoTicket, Arosa All-Inclusive card, etc.) can be issued to visitors at our destinations. The guest cards are linked to the collection of data for tourist taxes. Unless otherwise stated in this Privacy Policy and provided you have given your explicit consent, we will only pass on your personal data to the guest card issuer (Engadin St.Moritz Tourismus AG, Arosa Tourismus, Ticino Turismo) to the extent that this is explicitly necessary for issuing the guest card or for charging the tourist tax. Data will also be passed on to the mountain railway or its operator (Arosa Bergbahnen, Bergbahnen Engadin St.Moritz AG) in order to issue some ski passes.

The legal basis of data processing for these purposes is the taking of steps prior to entering into a contract and perform a contract pursuant to Art. 6 (1) (b) GDPR.

Wifi use

The Wifi network provided in our hotels is operated by Swisscom (Switzerland) Ltd. The following data may be processed: IP address, MAC address of your end device and the name specified. Furthermore, certain usage data may be stored by Swisscom, such as websites visited, date and time and IP address.

Swisscom’s Privacy Policy can be viewed at https://www.swisscom.ch/de/about/datenschutz.html.

The legal basis for processing this data for this purpose is our legitimate interest in providing Wifi access during your stay pursuant to Art. 6 (1) (f) GDPR and/or your consent when using the Wifi within the meaning of Art. 6 (1) (a) GDPR. Consent granted may be withdrawn with future effect at any time.

20. Transmission of personal data abroad

We are entitled to transfer your personal data to third parties (commissioned service providers) abroad for the purpose of performing the data processing described in this Privacy Policy. These third parties are subject to the same data protection obligations as us. If the level of data protection in a country does not correspond to that in Switzerland or Europe, we have contractual agreements in place to ensure that the protection of your personal data is equivalent to that in Switzerland or the EU at all times.

21. Note regarding data transmissions to the USA

Some individual third-party service providers mentioned in this Privacy Policy are based in the USA. For the sake of completeness, we would like to point out to users residing or domiciled in Switzerland or the EU that the US authorities have monitoring measures in place in the USA which generally allow the storage of all personal data of all persons whose data was transmitted from Switzerland or the EU to the USA. This is done without differentiation, restrictions or exceptions in terms of the objective pursued and without an objective criterion which would make it possible to restrict the US authorities’ access to the data and its subsequent use to very specific, strictly limited purposes that could justify the intrusion constituted by both access to such data and its use. Furthermore, we would like to point out that there are no legal remedies available in the USA for data subjects from Switzerland or the EU which would allow them to gain access to the data related to them and to have such data rectified or erased, and that there is no effective judicial protection against the general access rights of US authorities. We explicitly point out this legal and factual situation to data subjects to help them make an appropriately informed decision on whether to grant their consent for the use of their data.

Users residing in Switzerland or an EU Member State are advised that, from the standpoint of the European Union and Switzerland, the USA does not have an adequate level of data protection, in part because of the issues mentioned in this section. If we have explained in this Privacy Policy that recipients of data (such as Google) are based in the USA, we will ensure that your data is afforded an appropriate level of protection by our partners through contractual arrangements with these companies as well as through any additional appropriate guarantees required pertaining to the rights of persons whose personal data is sent to a third country.

Additional information

22. Your rights

You may object to the processing of your data at any time. You also have the following rights:

  • Right of access: You have the right to view the personal data we have stored about you if we are processing such at any time, free of charge. As such, you have the option to check which personal data we are processing about you and that we are using this data in according with valid data protection provisions.
  • Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed about such rectification. In this case, we will inform the recipient of the data in question about changes made, unless this proves impossible or involves a disproportionate effort.
  • Right to erasure: You have the right to obtain the erasure of your personal data under certain circumstances. In individual cases, the right to erasure may be excluded.
  • Right to restriction of processing: Under certain circumstances, you have the right to demand the restriction of processing of your personal data.
  • Right to data portability: Under certain circumstances, you have the right to receive from us the personal data you have provided to us in a readable format, free of charge.
  • Right to complain: You have the right to lodge a complaint about how your personal data is being processed with a competent supervisory authority.
  • Right to withdraw: As a matter of principle, you have the right to withdraw any consent granted with future effect at any time. Any processing based on your past consent will not be rendered unlawful if you withdraw your consent.

23. Data security

We use appropriate technical and organisational security measures to protect any personal data we have stored concerning you against manipulation, partial or complete loss and against unauthorised third-party access. Our security measures are improved on a continuous basis to keep up with technological developments.

You should keep your login details confidential at all times and close your browser window after communicating with us, especially if you share your computer with other people.

We also take in-house data protection very seriously. Our employees and the service providers commissioned by us have been obliged by us to maintain confidentiality and to comply with data protection regulations.

24. Contact

If you have any questions about data protection on our website, would like information or wish to obtain the erasure of your data, please send us an email at [email protected].

You can send your query by letter to the hotel management of the hotel in question or to the following address:

Tschuggen Hotel Group AG
Mr Christian Klein
Tschuggentorweg 1
7050 Arosa
Switzerland

Last updated: Ascona, August 2021

 

 

Tschuggen Hotel Group