We use cookies

We use cookies on this website. By using our website you agree to the usage of cookies. More information on how we use cookies and how you can change your browser settings:

Privacy Policy

With this privacy policy, we inform you about which personal data we process in connection with our activities and operations, including our waldhaus-sils.ch website. In particular, we inform you about the purposes, methods, and locations where we process personal data. We also inform you about the rights of individuals whose data we process.

For specific or additional activities and operations, further privacy policies and other legal documents such as general terms and conditions (GTC), terms of use, or participation conditions may apply.

We are subject to Swiss data protection law and, if applicable, other foreign data protection laws, such as the European Union's General Data Protection Regulation (GDPR).

The European Commission recognized on July 26, 2000 that Swiss data protection law ensures adequate data protection. On January 15, 2024, the European Commission confirmed this adequacy decision.

1. Contact Addresses

Responsible for the processing of personal data:

AG Hotel Waldhaus Sils
Via da Fex 3
7514 Sils/Segl Maria
Switzerland

datenschutz@waldhaus-sils.ch

In individual cases, there may be other responsible parties for the processing of personal data or joint responsibility with at least one other responsible party.

1.1 Data Protection Officer or Data Protection Advisor

We have the following data protection officer or data protection advisor as a contact point for data subjects and authorities for inquiries related to data protection:

Patrick Dietrich
AG Hotel Waldhaus Sils
Via da Fex 3
7514 Sils/Segl Maria
Switzerland

datenschutz@waldhaus-sils.ch

1.2 Data Protection Representation in the European Economic Area (EEA)

We have the following data protection representation according to Art. 27 GDPR:

VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany

info@datenschutzpartner.eu

The data protection representation serves as an additional contact point for data subjects and authorities in the European Union (EU) and the rest of the European Economic Area (EEA) for inquiries related to the GDPR.

2. Terms and Legal Bases

2.1 Terms

Personal Data: All information relating to an identified or identifiable natural person.

Special Category Personal Data: Data concerning trade union membership, political opinions, religious or philosophical beliefs, health, intimate sphere, racial or ethnic origin, genetic data, biometric data that uniquely identify a natural person, data concerning criminal convictions or administrative sanctions, and data concerning social assistance measures.

Processing: Any handling of personal data, regardless of the means and procedures used, such as querying, matching, adapting, archiving, storing, reading, disclosing, obtaining, recording, collecting, deleting, making available, arranging, organizing, storing, modifying, disseminating, linking, destroying, and using personal data.

Data Subject: Natural person whose personal data we process.

European Economic Area (EEA): Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.

Note: The European General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data and the processing of special category personal data as the processing of special categories of personal data (Art. 9 GDPR).

2.2 Legal Bases

We process personal data in accordance with Swiss data protection law, particularly the Federal Act on Data Protection (Data Protection Act, FADP) and the Ordinance to the Federal Act on Data Protection (Data Protection Ordinance, DPO).

We process – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data in accordance with at least one of the following legal bases:

  • Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data to fulfill a contract with the data subject and to carry out pre-contractual measures.
  • Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data to safeguard the legitimate interests of us or third parties, provided that the fundamental freedoms, fundamental rights, and interests of the data subject do not outweigh. Legitimate interests include, in particular, our interest in being able to perform our activities and operations permanently, user-friendly, securely, and reliably, as well as communicate about them, ensure information security, protect against misuse, enforce our own legal claims, and comply with Swiss law.
  • Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject according to the applicable law of the member states in the European Economic Area (EEA).
  • Art. 6 para. 1 lit. e GDPR for the necessary processing of personal data to perform a task carried out in the public interest.
  • Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.

3. Nature, Scope, and Purpose

We process the personal data that is necessary to be able to perform our activities and operations permanently, user-friendly, securely, and reliably. Such personal data can fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data, and usage data, location data, sales data, and contract and payment data.

We process personal data for the duration necessary for the respective purpose(s) or as required by law. Personal data whose processing is no longer necessary is anonymized or deleted.

We may have personal data processed by third parties. We may process personal data jointly with third parties or transfer it to third parties. Such third parties are particularly specialized providers whose services we use. We ensure data protection even with such third parties.

We generally process personal data only with the consent of the data subjects. Insofar as and to the extent that the processing is permissible for other legal reasons, we may refrain from obtaining consent. For example, we may process personal data without consent to fulfill a contract, comply with legal obligations, or protect overriding interests.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, insofar as and to the extent that such processing is legally permissible.

4. Communication

We process personal data to be able to communicate with third parties. In this context, we particularly process data that a data subject provides when contacting us, for example, by mail or email. We may store such data in an address book or similar tools.

Third parties who transmit data about other people are required to ensure data protection for such data subjects. This includes ensuring the accuracy of the transmitted personal data.

5. Applications

We process personal data about applicants to the extent necessary to assess their suitability for an employment relationship or to conduct a future employment contract. The necessary personal data is particularly derived from the requested information, for example, in a job posting. We may publish job postings with the help of suitable third parties, for example, in electronic and print media or on job portals and job platforms.

We also process personal data that applicants voluntarily provide or publish, particularly as part of cover letters, resumes, other application documents, and online profiles.

We process – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data about applicants particularly in accordance with Art. 9 para. 2 lit. b GDPR.

We use selected services from suitable third parties to post jobs using e-recruitment and to enable and manage applications.

6. Data Security

We take appropriate technical and organizational measures to ensure data security commensurate with the respective risk. With our measures, we particularly ensure the confidentiality, availability, traceability, and integrity of the processed personal data, without, however, being able to guarantee absolute data security.

Access to our website and other online presence is via transport encryption (SSL / TLS, particularly with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn against visiting websites without transport encryption.

Our digital communication is subject to – as is generally the case with all digital communication – mass surveillance without cause and suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence on the corresponding processing of personal data by intelligence services, police authorities, and other security authorities. We also cannot exclude that individual data subjects are specifically monitored.

7. Personal Data Abroad

We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, particularly to process or have it processed there.

We may export personal data to all states and territories on Earth, provided that the local law ensures adequate data protection according to the decision of the Swiss Federal Council and – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – also according to the decision of the European Commission.

We may transfer personal data to countries whose laws do not ensure adequate data protection, provided that data protection is ensured for other reasons, particularly based on standard data protection clauses or other appropriate safeguards. Exceptionally, we may export personal data to countries without adequate or appropriate data protection if the specific data protection requirements are met, such as the explicit consent of the data subjects or a direct connection with the conclusion or execution of a contract. We are happy to provide information on request about any guarantees or provide a copy of any guarantees.

8. Rights of Data Subjects

8.1 Data Protection Rights

We grant data subjects all rights according to applicable data protection law. Data subjects, in particular, have the following rights:

  • Information: Data subjects can request information about whether we process personal data about them and, if so, which personal data is involved. Data subjects also receive the information necessary to assert their data protection rights and ensure transparency. This includes the processed personal data itself, but also information about the processing purpose, the duration of storage, any disclosure or export of data to other states, and the origin of the personal data.
  • Correction and Restriction: Data subjects can correct inaccurate personal data, complete incomplete data, and restrict the processing of their data.
  • Deletion and Objection: Data subjects can have personal data deleted ("right to be forgotten") and object to the processing of their data with effect for the future.
  • Data Release and Data Transfer: Data subjects can request the release of personal data or the transfer of their data to another controller.

We may delay, restrict, or refuse the exercise of data subjects' rights within the legally permissible framework. We may point out any conditions to be met for the exercise of their data protection rights. For example, we may refuse to provide information with reference to business secrets or the protection of other persons. We may also refuse to delete personal data with reference to legal retention obligations.

We may exceptionally charge costs for the exercise of rights. We inform data subjects in advance about any costs.

We are required to identify data subjects who request information or assert other rights using appropriate measures. Data subjects are required to cooperate.

8.2 Legal Protection

Data subjects have the right to enforce their data protection rights in court or to file a complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal agencies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – are organized as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), data protection supervisory authorities are federally structured, especially in Germany.

9. Use of the Website

9.1 Cookies

We may use cookies. Cookies – both first-party cookies and cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data does not have to be limited to traditional text-form cookies.

Cookies can be stored temporarily as "session cookies" or for a certain period as so-called permanent cookies in the browser. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies enable, in particular, recognizing a browser on the next visit to our website and thus, for example, measuring the reach of our website. However, permanent cookies can also be used, for example, for online marketing.

Cookies can be fully or partially disabled and deleted at any time in the browser settings. Without cookies, our website may no longer be fully available. We request – at least as far as necessary – the express consent to use cookies.

For cookies used for success and reach measurement or advertising, a general objection ("opt-out") is possible for many services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

9.2 Logging

We may log at least the following information for each access to our website and our other online presence, provided it is transmitted to our digital infrastructure: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual sub-page of our website including transmitted data volume, last website accessed in the same browser window (referer or referrer).

We log such information, which may also be personal data, in log files. The information is necessary to provide our online presence permanently, user-friendly, and reliably. The information is also necessary to ensure data security – also by third parties or with the help of third parties.

9.3 Counting Pixels

We may embed counting pixels in our online presence. Counting pixels are also referred to as web beacons. Counting pixels – also from third parties whose services we use – are usually small, invisible images or scripts formulated in JavaScript that are automatically retrieved when accessing our online presence. With counting pixels, at least the same information as in log files can be recorded.

10. Notifications and Communications

We send notifications and communications via email and other communication channels such as instant messaging or SMS.

10.1 Success and Reach Measurement

Notifications and communications may contain web links or counting pixels that capture whether an individual notification was opened and which web links were clicked. Such web links and counting pixels may also capture the use of notifications and communications in a personalized manner. We need this statistical recording of usage for success and reach measurement to be able to send notifications and communications effectively and user-friendly according to the needs and reading habits of the recipients and permanently, securely, and reliably.

10.2 Consent and Objection

You must generally consent to the use of your email address and other contact addresses unless the use is permissible for other legal reasons. For obtaining double confirmed consent, we may use the "Double Opt-in" procedure. In this case, you will receive a notification with instructions for double confirmation. We may log obtained consents, including IP address and timestamp, for evidence and security reasons.

You can generally object to receiving notifications and communications such as newsletters at any time. With such an objection, you can simultaneously object to the statistical recording of usage for success and reach measurement. Required notifications and communications related to our activities and operations remain reserved.

10.3 Service Providers for Notifications and Communications

We send notifications and communications with the help of specialized service providers.

11. Social Media

We are present on social media platforms and other online platforms to communicate with interested persons and inform them about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The general terms and conditions (GTC), terms of use, privacy policies, and other provisions of the respective platform operators apply. These provisions inform particularly about the rights of data subjects directly vis-à-vis the respective platform, including the right to information.

For our social media presence on Facebook including so-called page insights, we are – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta companies (among others in the USA). Page insights provide insights into how visitors interact with our Facebook presence. We use page insights to provide our social media presence on Facebook effectively and user-friendly.

Further information about the nature, scope, and purpose of data processing, information on the rights of data subjects, and the contact details of Facebook and Facebook's data protection officer can be found in the Facebook privacy policy. We have concluded the so-called "Controller Addendum" with Facebook, particularly agreeing that Facebook is responsible for ensuring the rights of data subjects. For the so-called page insights, the corresponding information can be found on the "Information about Page Insights" page, including "Information about Page Insights Data".

12. Services from Third Parties

We use services from specialized third parties to perform our activities and operations permanently, user-friendly, securely, and reliably. With such services, we can, among other things, embed functions and content into our website. When embedding, the services used must at least temporarily capture the IP addresses of the users for technical reasons.

For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data in connection with our activities and operations in an aggregated, anonymized, or pseudonymized manner. This includes, for example, performance or usage data to provide the respective service.

We use, in particular:

12.1 Digital Infrastructure

We use services from specialized third parties to use the necessary digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.

12.2 Audio and Video Conferences

We use specialized services for audio and video conferences to communicate online. This allows us to hold virtual meetings or conduct online classes and webinars. The legal texts of the individual services, such as privacy policies and terms of use, apply additionally to participation in audio and video conferences.

We recommend, depending on your living situation, to mute the microphone by default during participation in audio or video conferences and to blur the background or display a virtual background.

We use, in particular:

12.3 Online Collaboration

We use services from third parties to enable online collaboration. In addition to this privacy policy, the directly visible conditions of the services used, such as terms of use or privacy policies, also apply.

We use, in particular:

12.4 Digital Audio and Video Content

We use services from specialized third parties to enable the direct playback of digital audio and video content such as music or podcasts.

We use, in particular:

12.5 E-Commerce

We operate e-commerce and use services from third parties to successfully offer services, content, or goods.

We use, in particular:

  • PepperShop: Online shop platform; Provider: Glarotech GmbH (Switzerland); Information on data protection: Privacy Policy.

12.6 Payments

We use specialized service providers to process our customers' payments securely and reliably. For payment processing, the legal texts of the individual service providers, such as general terms and conditions (GTC) or privacy policies, apply additionally.

We use, in particular:

12.7 Advertising

We use the option of displaying advertising with third parties such as social media platforms and search engines for our activities and operations.

We particularly want to reach people with such advertising who are already interested in our activities and operations or who might be interested (remarketing and targeting). For this purpose, we may provide corresponding – potentially also personal – information to third parties that enable such advertising. We may also determine whether our advertising is successful, meaning whether it leads to visits to our website (conversion tracking).

Third parties with whom we advertise and with whom you are registered as a user may associate the use of our website with your profile there.

We use, in particular:

  • Google Ads: Search engine advertising; Provider: Google; Google Ads-specific information: Advertising, among other things, based on search queries, using various domain names – particularly doubleclick.net, googleadservices.com, and googlesyndication.com – for Google Ads, "Advertising" (Google), "Manage ads directly in Ad Center".

13. Extensions for the Website

We use extensions for our website to utilize additional functions. We may use selected services from suitable providers or use such extensions on our own digital infrastructure.

14. Success and Reach Measurement

We try to determine how our online offer is used. In this context, we may measure the success and reach of our activities and operations, as well as the impact of third-party links to our website. We may also test and compare how different parts or versions of our online offer are used ("A/B test" method). Based on the results of success and reach measurement, we can, in particular, fix errors, strengthen popular content, or make improvements to our online offer.

For success and reach measurement, the IP addresses of individual users are generally stored. In this case, IP addresses are generally shortened ("IP masking") to follow the principle of data minimization through corresponding pseudonymization.

Cookies may be used in success and reach measurement, and user profiles may be created. Any created user profiles include, for example, the individual pages visited or viewed content on our website, information about the size of the screen or browser window, and the – at least approximate – location. Generally, any created user profiles are only pseudonymized and not used to identify individual users. Individual services from third parties, where users are registered, may associate the use of our online offer with the user account or user profile at the respective service.

We use, in particular:

15. Video Surveillance

We use video surveillance to prevent crimes, secure evidence in case of crimes, exercise and enforce our own legal claims, defend against foreign legal claims, and exercise our property rights. In this context – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – it is a matter of overriding legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, in the case of special category personal data with reference to Art. 9 para. 2 lit. f GDPR.

We store recordings from our video surveillance for as long as they are necessary for securing evidence or another stated purpose.

We may secure recordings from our video surveillance and transmit them to relevant authorities, particularly judicial or law enforcement authorities, provided that the transmission is necessary for a stated purpose, in our other overriding legitimate interest, or due to legal obligations.

16. Final Provisions

We have created this privacy policy using the privacy policy generator from Datenschutzpartner. The present privacy policy is an unofficial translation from the original German version.

We may adjust and supplement this privacy policy at any time. We will inform about such adjustments and supplements in an appropriate manner, particularly by publishing the current privacy policy on our website.

Status: June 2024

Cookies are small text pieces, which are saved by our browser. Persistent cookies are available on following visits even if you close your browser in between. We use cookies to be able to connect a shopping cart to your browser session and to set your language, currency, shipping country and more based on your once chosen preference. In most browsers you find dedicated cookie settings where you can view and delete cookies.

  • PEPPERSESS: Session cookie, which identifies your current session in this shop. This cookie will be deleted if you close your browser (all open browser windows).
    Retention time: Session
  • PPS_LOCALE_INFOS: Permanent cookie, which contains your chosen language, country, currency, the last session-id, the domain binding of the cookie and the version of the cookie structure. With this cookie we can immediately set your preferences for a better experience when you choose to visit us again.
    Retention time: 2 years
  • jsCookieCheck: Stores the consent of the cookie data storage (Consent Management).
    Retention time: 1 year