Logo

Titolo per booking in mobile del gruppo

Privacy Policy

Important legal notices

Please read the following terms and conditions carefully before proceeding. Individuals who visit the website of the Tschuggen Hotel Group, the Tschuggen Grand Hotel, the Valsana Hotel & Appartements, the Carlton Hotel, the Hotel Eden Roc or the Albergo Carcani hereby consent to the following terms and conditions.

The Tschuggen Hotel Group AG (Tschuggentor 1, 7050 Arosa) maintains the websites www.tschuggenhotelgroup.ch, www.tschuggen.ch, www.valsana.ch, www.carlton-stmoritz.ch, www.edenroc.ch, www.carcani.ch, www.safaridelgusto.ch and, as such, is responsible for collecting, processing and using your personal data and ensuring that such data processing is compatible with applicable data protection law.

Your trust is important to us, which is why we take the subject of data protection seriously and endeavour to ensure an appropriate level of security. It goes without saying that we comply with the legal provisions of the Federal Data Protection Act (DPA), the Ordinance to the Federal Act on Data Protection (VDSG), the Telecommunications Act (FMG) and any other applicable data protection provisions under Swiss or EU law, in particular the General Data Protection Regulation (GDPR).

We have appointed a Data Protection Officer for our company. If you have any questions regarding data protection in general or on matters related to your personal data, please contact the managers of our hotels. Questions regarding data protection should be sent to [email protected].

To find out which personal data we collect from you and why, please take note of the information provided below.

Data processing in connection with our website

1. Visits to our website

Each time you visit our website, our servers temporarily store information about each visit in a log file. As with any connection to a webserver, the following technical data is recorded without your intervention, stored by us, and automatically deleted after no more than 12 months:

  • the IP address of the requesting computer
  • the name of the owner of the IP address range (generally your Internet access provider)
  • the date and time of access
  • the website from which access took place (referrer URL) including the search word used, if applicable
  • the name and URL of the file accessed
  • the status code (e.g. error message)
  • your computer’s operating system
  • which browser you use (type, version and language)
  • the transmission protocol used (e.g. HTTP/1.1) and
  • if applicable, the username used for registration/authentication

This data is collected and processed for the purpose of enabling the use of our website (to establish a connection), to permanently guarantee system security and stability, to enable the optimisation of our Internet offer as well as for internal statistical purposes. This is where our legitimate interest in data processing lies within the meaning of Art. 6 (1) (f) GDPR.

The IP address is also evaluated together with the other data in the event of attacks on the network infrastructure or other unauthorised or abusive use of the website for the purpose of investigating and preventing attacks and may be used in the course of criminal proceedings to identify and prosecute the users concerned under civil and criminal law. This is where our legitimate interest in data processing lies within the meaning of Art. 6 (1) (f) GDPR.

2. Use of our contact form

You have the option of using a contact form to contact us with inquiries both regarding events or of a general nature. To respond to such inquiries, we usually need the following information:

  • first name and surname
  • postal address
  • email address
  • phone number
  • message

We will only use this data in order to provide you with the best possible, personalised response to your contact request. As a result, the processing of such data within the meaning of Art. 6 (1) (b) GDPR is necessary in order to take steps prior to entering into a contract and/or we have a legitimate interest in such processing pursuant to Art. 6 (1) (f) GDPR.

3. Orders through our Voucher Shop

You have the option of using the contact form to send orders to us in our Voucher Shop. For this purpose, we collect the following mandatory information:

  • title
  • first name
  • surname
  • company
  • department
  • postal address
  • phone number
  • email
  • payment method
  • dispatch method

We only use this data and any other data you voluntarily provide in order to process your order according to your wishes.

4. Subscriptions to our newsletter

You have the option of subscribing to our newsletter on our website. You must register first before subscribing. To register, you must specify the following details:

  • title
  • first name & surname
  • email address

The data specified above are required for data processing. By registering, you give us your consent to process the data provided for the purpose of sending regular newsletters to the address indicated and for performing statistical analyses of usage behaviour and to optimise the newsletter. This consent constitutes our legal basis for the processing of your e-mail address within the meaning of Art. 6 (1) (a) GDPR. We are entitled to commission third parties with the technical handling of advertising activities and are entitled to pass on your data for this purpose (see Section 15 below).

At the end of each newsletter you will find a link to unsubscribe at any time. When unsubscribing, you can voluntarily inform us of your reason for unsubscribing. Your personal data will be deleted after you have unsubscribed. Further processing will only take place in anonymised form to optimise our newsletter.

5. Booking online, by post or by phone

If you use either our website, a means of correspondence (email or letter post) or a phone call to make bookings or order vouchers, we need the following data in order to perform the contract:

  • title
  • First name and surname
  • postal address
  • date of birth
  • phone number
  • language
  • credit card information
  • email address

Unless otherwise stated in this Privacy Policy or you have given your explicit consent, we will only use this data and other information you provide voluntarily (expected time of arrival, motor vehicle number plate, preferences, comments, etc.) for the purpose of performing the contract. We will process the data in order to record your booking as requested, to provide the booked services, to contact you if something is unclear or in the case of problems and to ensure correct payment.

We will automatically delete your credit card details after you leave us.

The legal basis of data processing for this purpose is the performance of a contract pursuant to Art. 6 (1) (b) GDPR.

6. Cookies

Cookies help in many ways to make your visit to our website simpler, more pleasant and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our website.

For example, we use cookies to temporarily save your selected services and entries you make when filling out a form on the website, so that you do not have to re-enter the information when you access another subpage. Cookies may also be used to identify you as a registered user after you log into the website so that you do not have to log in again when accessing another subpage.

Most Internet browsers accept cookies automatically. However, you can configure your browser to prevent cookies from being stored on your computer or to display a message whenever you receive a new cookie. You will find explanations on how to configure cookie processing in the most common browsers on the following pages:

If you disable cookies, you may not be able to use all the functions of our website.

7. Tracking tool

a. General information

We use the web analytics service from Google Analytics for the purpose of designing our website to better meet its users' needs and for the continuous optimisation of our website. In this context, pseudonymous user profiles are created and small text files are stored on your computer ("cookies"). Cookie-generated information regarding your use of this website is sent to the servers of the providers of those services where they are stored and preprocessed for us. In addition to the data listed in Section 1, we may receive the following information:

  • how a visitor navigates through the site
  • time spent on the website or subpage
  • last subpage visited before leaving the website
  • the country, region or city from where the site was accessed
  • terminal (type, version, colour depth, resolution, width and height of the browser window) and
  • recurring or new visitor.

This information is used to evaluate how this website is used, to compile reports on website activities and to provide further services associated with the use of the website and the Internet for the purpose of conducting market research and to design our website to better meet its users' needs. As the circumstances require, this information may also be transferred to third parties if required to do so by law or to the extent that a third party is instructed to process this data.

b. Google Analytics

Google Analytics is provided by Google Inc., which belongs to the US-based holding company Alphabet Inc. When IP anonymisation (“anonymizeIP”) is enabled on this website, the IP address will be truncated within the Member States of the European Union or in other countries party to the Agreement on the European Economic Area before any data is sent to the provider. The anonymised IP address sent by your browser within the context of Google Analytics will not be combined with any other Google data. The full IP address will only be transmitted to a Google server in the USA before truncation in exceptional circumstances. In such cases, we have contractual guarantees in place to ensure that Google Inc. maintains an adequate level of data privacy. According to Google Inc., the IP address will not be linked to other user-related data under any circumstances.

You will find additional information about the website analytics service on the Google Analytics website. For instructions on how to prevent the website analytics service from processing your data, go to http://tools.google.com/dlpage/gaoptout?hl=de

8. Links to our social media pages

We have incorporated links to our social media profiles into our websites. These links may lead to the following networks:

  • Facebook Inc., 1601 S California Ave, Palo Alto, CA 94304, USA,
  • Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA,
  • Instagram Inc., 1601 Willow Road, Meno Park, CA 94025, USA,
  • YouTube, a service operated by Google Inc.,
  • Tripadvisor Inc., 400 1st Avenue, Needham, 02494 MA, USA,
  • Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA,

If you click on the icons that correspond to any of these social networks, you will be automatically forwarded to our profiles in the respective networks. In some cases, you must first log into your user account before being able to use the features offered by each network. Whenever you activate a link to our social media profiles, this will establish a direct link between your browser and the server of the social network in question. This informs the network that you are visiting our webpages with your IP address and have activated the link. If you access a link to a network while logged into your account with that network, the contents of our site may be linked to your profile on the network, which means that the network may match your visit to our webpages directly to your user account. If you want to prevent this from happening, you should log out first before clicking such links. Your visit will definitely be matched to your account if you log into the respective network after clicking the link.

Data processing in connection with your stay

9. Data processing for compliance with legal notification obligations

When you arrive in our hotel, we need the following information from you and anybody accompanying you:

  • first name and surname
  • postal address and canton
  • date of birth
  • nationality
  • official form of identification and number
  • arrival and departure dates

We collect this information to comply with legal notification obligations, which arise in particular in connection with the hospitality industry or police law. Where we are required to do so by applicable regulations, we will forward this information to the appropriate police authority.

We have a legitimate interest in the fulfilment of the legal requirements within the meaning of Art. 6 (1) (f) GDPR.

10. Recording of purchased services

If you purchase additional services during your stay (wellness, restaurant, activities, etc.), we will record the product/service as well as the time at which you receive it for billing purposes. The processing of this data is necessary within the meaning of Art. 6 (1) (b) GDPR for the purpose of performing the contract with us.

11. Guest feedback

If you specified your e-mail address when making your booking, you will be sent an electronic form after departure. We use this form to collect the following data:

  • first name and surname
  • age
  • nationality
  • duration of stay

Provision of this information is voluntary and helps us continuously improve our offer and our services to better meet your needs. Unless otherwise stated in this Privacy Policy or you have given your explicit consent, we will only use the information you provide for statistical purposes. We will process the data in connection with your name in order to contact you if any aspects are unclear.

Data processing in connection with marketing activities

As a guest or former guest at a hotel in the Tschuggen Hotel Group, we will send you mailings by post to provide you up-to-date information on our activities. To do so, we use the data mentioned in Section 9. This information is usually sent by post. You may unsubscribe from this information at any time. To do so, contact the respective hotel or the head office at [email protected].

Storage and exchange of data with third parties

12. Booking platforms (e.g. booking.com)

If you make your bookings via a third-party platform, we receive various personal information from the respective platform operator. This information generally comprises the data listed in Section 4 of this Privacy Policy. Inquiries regarding your booking might also be forwarded to us. We will process this data in connection with your name in order to record your booking as requested and to provide the booked services. The legal basis of data processing for this purpose is the performance of a contract pursuant to Art. 6 (1) (b) GDPR.

Finally, we may be informed by the platform operators of any disputes connected to a booking. For this, we may also receive information about the booking process, which may include a copy of the booking confirmation as proof that the booking was actually made. We process this data to safeguard and enforce our claims. This is where our legitimate interest lies within the meaning of Art. 6 (1) (f) GDPR.

Please also note the information on data protection provided by the respective provider.

13. Central storage and linking of data

We store the specified data in a central electronic data processing system. Data related to you will be systematically recorded and linked in order to process your bookings and handle the contractually agreed services. To this end, we use the following software: protel hotelsoftware GmbH, Europaplatz 8, 44269 Dortmund (D) / Bookatable GmbH & Co. KG, Deichstrasse 48-50, 20459 Hamburg (D) / gastronovi GmH, Buschhöhe 6, 28357 Bremen (D) / TAC Informationstechnologie GmbH, Schildbach 111, 8230 Hartberg (A).

The processing of this data within the framework of the software is based on our legitimate interest in customer-friendly and efficient customer data management within the meaning of Art. 6 (1) (f) GDPR.

14. Retention period

We only store personal data for as long as necessary in order to use the tracking services mentioned above and for any further processing in which we have a legitimate interest. We keep contractual data for a longer period of time, as this is prescribed by legal storage obligations. Storage obligations, which oblige us to store data, result from regulations concerning the right to report, accounting and tax law. According to these regulations, business communications, contracts concluded and accounting records must be kept for up to 10 years. If we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.

15. Disclosure of data to third parties

We will only disclose your personal data if you have expressly consented to such disclosure, if there is a legal obligation to do so or if this is necessary for the enforcement of our rights, in particular for the enforcement of claims arising from the contractual relationship. Furthermore, we disclose your data to third parties to the extent that this is necessary within the context of website usage and contract processing (also outside the website), namely to process your bookings.

Webhosting

One service provider to whom the personal data collected via the website is passed on or who has or can have access to it, is our web hosting service provider (iWay AG, Badenerstrasse 569, 8048 Zürich). The website is hosted on servers in Switzerland. The data is passed on for the purpose of providing and maintaining the functionalities of our website.

Booking via our websites

If you make a booking via our websites, the personal data collected in this context will be passed on to HotelNetSolutions GmbH, Berlin (D) and TRUST International Hotel Reservation Services GmbH, Frankfurt a.M. (D). The data is passed on for the purpose of recording and registering your booking.

Credit card information

When you make a credit card payment on the website or via a payment terminal, we forward your credit card information to your credit card issuer and to the credit card acquirer. If you decide to pay by credit card, you will be asked to enter all the information required for a credit card payment. The legal basis for the disclosure of data is the performance of a contract. With respect to the processing of your credit card information by these third parties, we ask that you also read the General Terms and Conditions and the Privacy Policy of your credit card issuer. We will automatically delete your credit card details after your departure.

Guest feedback

We forward any data collected in connection with feedback provided by our guests to our partners IRC-Swiss GmbH, Ebikon (CH); Medallia, San Mateo, CA (USA); and Trustyou GmbH, Munich (D). The data will only be passed on for storage purposes. Any processing of this data will only take place on behalf of Tschuggen Hotel Group AG.

Guest tickets, ski passes

Guest tickets (TicinoTicket, Arosa All-Inclusive card, etc.) can be issued to visitors at our destinations. The guest cards are linked to the collection of data for tourist taxes. Unless otherwise stated in this Privacy Policy or you have given your explicit consent, we will only pass on your personal data to the extent that this is explicitly necessary for issuing the guest card or for charging the tourist tax. Data will also be passed on in order to issue some ski passes.

Wifi use

The Wifi network provided in our hotels is operated by Swisscom (Switzerland) Ltd. The Swisscom data protection statement can be viewed at https://www.swisscom.ch/en/about/legal-information/data-protection.html.

16. Transmission of personal data abroad

We are entitled to transfer your personal data to third parties (commissioned service providers) abroad for the purpose of performing the data processing described in this Privacy Policy. These third parties are subject to the same data protection obligations as us. If the level of data protection in a country does not correspond to that in Switzerland or Europe, we have contractual agreements in place to ensure that the protection of your personal data is equivalent to that in Switzerland or the EU at all times.

Additional information

17. Right to access data, have it rectified or erased and restrict its processing; right to data portability

You have the right to request information about the personal data that we store about you. In addition, you have the right to have incorrect data rectified and to have your personal data erased, provided that this does not conflict with any legal obligation to store data or where the processing of such data is permitted by law.

You also have the right to request that we disclose to you any data you have provided to us (right of data portability). Upon request, we will also pass the data on to a third party of your choice. You have the right to receive the data in a commonly used file format.

For matters related to the purposes specified above, you can reach us through the following email address: [email protected]. We may, at our discretion, require proof of identity in order to process your requests.

18. Data security

We use appropriate technical and organisational security measures to protect any personal data we have stored concerning you against manipulation, partial or complete loss and against unauthorised third-party access. Our security measures are improved on a continuous basis to keep up with technological developments.

You should keep your login details confidential at all times and close your browser window after communicating with us, especially if you share your computer with other people.

We also take in-house data protection very seriously. Our employees and the service providers commissioned by us have been obliged by us to maintain confidentiality and to comply with data protection regulations.

19. Note regarding data transmissions to the USA

For the sake of completeness, we would like to point out to users residing or domiciled in Switzerland that the US authorities have monitoring measures in place in the USA which generally allow the storage of all personal data of all persons whose data was transmitted from Switzerland to the USA. This is done without differentiation, restrictions or exceptions in terms of the objective pursued and without an objective criterion which would make it possible to restrict the US authorities’ access to the data and its subsequent use to very specific, strictly limited purposes that could justify the intrusion constituted by both access to such data and its use. Furthermore, we would like to point out that there are no legal remedies available in the USA for data subjects from Switzerland which would allow them to gain access to the data related to them and to have such data rectified or erased, and that there is no effective judicial protection against the general access rights of US authorities. We explicitly point out this legal and factual situation to data subjects to help them make an appropriately informed decision on whether to grant their consent for the use of their data.

Users residing in an EU Member State are advised that, from the European Union’s standpoint, the US does not have an adequate level of data protection, in part because of the issues mentioned in this section. If we have explained in this Privacy Policy that recipients of data (such as Google) are based in the USA, we will ensure that your data is afforded an appropriate level of protection by our partners, either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU or Swiss-US Privacy Shield.

20. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority at any time.

As at: Arosa, June 2018