With this privacy policy, we inform you about which personal data we process in connection with our activities and operations, including our
For specific or additional activities and operations, further privacy policies and other legal documents such as general terms and conditions (GTC), terms of use, or participation conditions may apply.
We are subject to Swiss data protection law and, if applicable, other foreign data protection laws, such as the European Union's General Data Protection Regulation (GDPR).
The European Commission recognized on July 26, 2000 that Swiss data protection law ensures adequate data protection. On January 15, 2024, the European Commission confirmed this adequacy decision.
Responsible for the processing of personal data:
AG Hotel Waldhaus Sils
Via da Fex 3
7514 Sils/Segl Maria
Switzerland
In individual cases, there may be other responsible parties for the processing of personal data or joint responsibility with at least one other responsible party.
We have the following data protection officer or data protection advisor as a contact point for data subjects and authorities for inquiries related to data protection:
Patrick Dietrich
AG Hotel Waldhaus Sils
Via da Fex 3
7514 Sils/Segl Maria
Switzerland
We have the following data protection representation according to Art. 27 GDPR:
VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
The data protection representation serves as an additional contact point for data subjects and authorities in the European Union (EU) and the rest of the European Economic Area (EEA) for inquiries related to the GDPR.
Personal Data: All information relating to an identified or identifiable natural person.
Special Category Personal Data: Data concerning trade union membership, political opinions, religious or philosophical beliefs, health, intimate sphere, racial or ethnic origin, genetic data, biometric data that uniquely identify a natural person, data concerning criminal convictions or administrative sanctions, and data concerning social assistance measures.
Processing: Any handling of personal data, regardless of the means and procedures used, such as querying, matching, adapting, archiving, storing, reading, disclosing, obtaining, recording, collecting, deleting, making available, arranging, organizing, storing, modifying, disseminating, linking, destroying, and using personal data.
Data Subject: Natural person whose personal data we process.
European Economic Area (EEA): Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.
Note: The European General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data and the processing of special category personal data as the processing of special categories of personal data (Art. 9 GDPR).
We process personal data in accordance with Swiss data protection law, particularly the Federal Act on Data Protection (Data Protection Act, FADP) and the Ordinance to the Federal Act on Data Protection (Data Protection Ordinance, DPO).
We process – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data in accordance with at least one of the following legal bases:
We process the personal data that is necessary to be able to perform our activities and operations permanently, user-friendly, securely, and reliably. Such personal data can fall into the categories of inventory and contact data, browser and device data, content data, meta or marginal data, and usage data, location data, sales data, and contract and payment data.
We process personal data for the duration necessary for the respective purpose(s) or as required by law. Personal data whose processing is no longer necessary is anonymized or deleted.
We may have personal data processed by third parties. We may process personal data jointly with third parties or transfer it to third parties. Such third parties are particularly specialized providers whose services we use. We ensure data protection even with such third parties.
We generally process personal data only with the consent of the data subjects. Insofar as and to the extent that the processing is permissible for other legal reasons, we may refrain from obtaining consent. For example, we may process personal data without consent to fulfill a contract, comply with legal obligations, or protect overriding interests.
We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, insofar as and to the extent that such processing is legally permissible.
We process personal data to be able to communicate with third parties. In this context, we particularly process data that a data subject provides when contacting us, for example, by mail or email. We may store such data in an address book or similar tools.
Third parties who transmit data about other people are required to ensure data protection for such data subjects. This includes ensuring the accuracy of the transmitted personal data.
We process personal data about applicants to the extent necessary to assess their suitability for an employment relationship or to conduct a future employment contract. The necessary personal data is particularly derived from the requested information, for example, in a job posting. We may publish job postings with the help of suitable third parties, for example, in electronic and print media or on job portals and job platforms.
We also process personal data that applicants voluntarily provide or publish, particularly as part of cover letters, resumes, other application documents, and online profiles.
We process – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data about applicants particularly in accordance with Art. 9 para. 2 lit. b GDPR.
We use selected services from suitable third parties to post jobs using e-recruitment and to enable and manage applications.
We take appropriate technical and organizational measures to ensure data security commensurate with the respective risk. With our measures, we particularly ensure the confidentiality, availability, traceability, and integrity of the processed personal data, without, however, being able to guarantee absolute data security.
Access to our website and other online presence is via transport encryption (SSL / TLS, particularly with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn against visiting websites without transport encryption.
Our digital communication is subject to – as is generally the case with all digital communication – mass surveillance without cause and suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We have no direct influence on the corresponding processing of personal data by intelligence services, police authorities, and other security authorities. We also cannot exclude that individual data subjects are specifically monitored.
We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, particularly to process or have it processed there.
We may export personal data to all states and territories on Earth, provided that the local law ensures adequate data protection according to the decision of the Swiss Federal Council and – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – also according to the decision of the European Commission.
We may transfer personal data to countries whose laws do not ensure adequate data protection, provided that data protection is ensured for other reasons, particularly based on standard data protection clauses or other appropriate safeguards. Exceptionally, we may export personal data to countries without adequate or appropriate data protection if the specific data protection requirements are met, such as the explicit consent of the data subjects or a direct connection with the conclusion or execution of a contract. We are happy to provide information on request about any guarantees or provide a copy of any guarantees.
We grant data subjects all rights according to applicable data protection law. Data subjects, in particular, have the following rights:
We may delay, restrict, or refuse the exercise of data subjects' rights within the legally permissible framework. We may point out any conditions to be met for the exercise of their data protection rights. For example, we may refuse to provide information with reference to business secrets or the protection of other persons. We may also refuse to delete personal data with reference to legal retention obligations.
We may exceptionally charge costs for the exercise of rights. We inform data subjects in advance about any costs.
We are required to identify data subjects who request information or assert other rights using appropriate measures. Data subjects are required to cooperate.
Data subjects have the right to enforce their data protection rights in court or to file a complaint with a data protection supervisory authority.
The data protection supervisory authority for private controllers and federal agencies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
European data protection supervisory authorities – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – are organized as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), data protection supervisory authorities are federally structured, especially in Germany.
We may use cookies. Cookies – both first-party cookies and cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data does not have to be limited to traditional text-form cookies.
Cookies can be stored temporarily as "session cookies" or for a certain period as so-called permanent cookies in the browser. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies enable, in particular, recognizing a browser on the next visit to our website and thus, for example, measuring the reach of our website. However, permanent cookies can also be used, for example, for online marketing.
Cookies can be fully or partially disabled and deleted at any time in the browser settings. Without cookies, our website may no longer be fully available. We request – at least as far as necessary – the express consent to use cookies.
For cookies used for success and reach measurement or advertising, a general objection ("opt-out") is possible for many services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
We may log at least the following information for each access to our website and our other online presence, provided it is transmitted to our digital infrastructure: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual sub-page of our website including transmitted data volume, last website accessed in the same browser window (referer or referrer).
We log such information, which may also be personal data, in log files. The information is necessary to provide our online presence permanently, user-friendly, and reliably. The information is also necessary to ensure data security – also by third parties or with the help of third parties.
We may embed counting pixels in our online presence. Counting pixels are also referred to as web beacons. Counting pixels – also from third parties whose services we use – are usually small, invisible images or scripts formulated in JavaScript that are automatically retrieved when accessing our online presence. With counting pixels, at least the same information as in log files can be recorded.
We send notifications and communications via email and other communication channels such as instant messaging or SMS.
Notifications and communications may contain web links or counting pixels that capture whether an individual notification was opened and which web links were clicked. Such web links and counting pixels may also capture the use of notifications and communications in a personalized manner. We need this statistical recording of usage for success and reach measurement to be able to send notifications and communications effectively and user-friendly according to the needs and reading habits of the recipients and permanently, securely, and reliably.
You must generally consent to the use of your email address and other contact addresses unless the use is permissible for other legal reasons. For obtaining double confirmed consent, we may use the "Double Opt-in" procedure. In this case, you will receive a notification with instructions for double confirmation. We may log obtained consents, including IP address and timestamp, for evidence and security reasons.
You can generally object to receiving notifications and communications such as newsletters at any time. With such an objection, you can simultaneously object to the statistical recording of usage for success and reach measurement. Required notifications and communications related to our activities and operations remain reserved.
We send notifications and communications with the help of specialized service providers.
We are present on social media platforms and other online platforms to communicate with interested persons and inform them about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).
The general terms and conditions (GTC), terms of use, privacy policies, and other provisions of the respective platform operators apply. These provisions inform particularly about the rights of data subjects directly vis-à-vis the respective platform, including the right to information.
For our social media presence on Facebook including so-called page insights, we are – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta companies (among others in the USA). Page insights provide insights into how visitors interact with our Facebook presence. We use page insights to provide our social media presence on Facebook effectively and user-friendly.
Further information about the nature, scope, and purpose of data processing, information on the rights of data subjects, and the contact details of Facebook and Facebook's data protection officer can be found in the Facebook privacy policy. We have concluded the so-called "Controller Addendum" with Facebook, particularly agreeing that Facebook is responsible for ensuring the rights of data subjects. For the so-called page insights, the corresponding information can be found on the "Information about Page Insights" page, including "Information about Page Insights Data".
We use services from specialized third parties to perform our activities and operations permanently, user-friendly, securely, and reliably. With such services, we can, among other things, embed functions and content into our website. When embedding, the services used must at least temporarily capture the IP addresses of the users for technical reasons.
For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data in connection with our activities and operations in an aggregated, anonymized, or pseudonymized manner. This includes, for example, performance or usage data to provide the respective service.
We use, in particular:
We use services from specialized third parties to use the necessary digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.
We use specialized services for audio and video conferences to communicate online. This allows us to hold virtual meetings or conduct online classes and webinars. The legal texts of the individual services, such as privacy policies and terms of use, apply additionally to participation in audio and video conferences.
We recommend, depending on your living situation, to mute the microphone by default during participation in audio or video conferences and to blur the background or display a virtual background.
We use, in particular:
We use services from third parties to enable online collaboration. In addition to this privacy policy, the directly visible conditions of the services used, such as terms of use or privacy policies, also apply.
We use, in particular:
We use services from specialized third parties to enable the direct playback of digital audio and video content such as music or podcasts.
We use, in particular:
We operate e-commerce and use services from third parties to successfully offer services, content, or goods.
We use, in particular:
We use specialized service providers to process our customers' payments securely and reliably. For payment processing, the legal texts of the individual service providers, such as general terms and conditions (GTC) or privacy policies, apply additionally.
We use, in particular:
We use the option of displaying advertising with third parties such as social media platforms and search engines for our activities and operations.
We particularly want to reach people with such advertising who are already interested in our activities and operations or who might be interested (remarketing and targeting). For this purpose, we may provide corresponding – potentially also personal – information to third parties that enable such advertising. We may also determine whether our advertising is successful, meaning whether it leads to visits to our website (conversion tracking).
Third parties with whom we advertise and with whom you are registered as a user may associate the use of our website with your profile there.
We use, in particular:
We use extensions for our website to utilize additional functions. We may use selected services from suitable providers or use such extensions on our own digital infrastructure.
We try to determine how our online offer is used. In this context, we may measure the success and reach of our activities and operations, as well as the impact of third-party links to our website. We may also test and compare how different parts or versions of our online offer are used ("A/B test" method). Based on the results of success and reach measurement, we can, in particular, fix errors, strengthen popular content, or make improvements to our online offer.
For success and reach measurement, the IP addresses of individual users are generally stored. In this case, IP addresses are generally shortened ("IP masking") to follow the principle of data minimization through corresponding pseudonymization.
Cookies may be used in success and reach measurement, and user profiles may be created. Any created user profiles include, for example, the individual pages visited or viewed content on our website, information about the size of the screen or browser window, and the – at least approximate – location. Generally, any created user profiles are only pseudonymized and not used to identify individual users. Individual services from third parties, where users are registered, may associate the use of our online offer with the user account or user profile at the respective service.
We use, in particular:
We use video surveillance to prevent crimes, secure evidence in case of crimes, exercise and enforce our own legal claims, defend against foreign legal claims, and exercise our property rights. In this context – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – it is a matter of overriding legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, in the case of special category personal data with reference to Art. 9 para. 2 lit. f GDPR.
We store recordings from our video surveillance for as long as they are necessary for securing evidence or another stated purpose.
We may secure recordings from our video surveillance and transmit them to relevant authorities, particularly judicial or law enforcement authorities, provided that the transmission is necessary for a stated purpose, in our other overriding legitimate interest, or due to legal obligations.
We have created this privacy policy using the privacy policy generator from Datenschutzpartner. The present privacy policy is an unofficial translation from the original German version.
We may adjust and supplement this privacy policy at any time. We will inform about such adjustments and supplements in an appropriate manner, particularly by publishing the current privacy policy on our website.
Status: June 2024
Cookies are small text pieces, which are saved by our browser. Persistent cookies are available on following visits even if you close your browser in between. We use cookies to be able to connect a shopping cart to your browser session and to set your language, currency, shipping country and more based on your once chosen preference. In most browsers you find dedicated cookie settings where you can view and delete cookies.