Data Privacy Policy

Status: May 2021

Hotel Waldhaus Sils AG, Via da Fex 3, 7514 Sils-Maria (CH) manages the Hotel Waldhaus Sils and operates the website www.waldhaus-sils.ch and is therefore responsible for the collection, processing and use of your personal data and for ensuring compliance of data processing with applicable data privacy law.

Your trust is important to us, which is why we take the issue of data privacy seriously and ensure appropriate security. We undertake to handle personal data responsibly. We comply with the legal provisions of the Swiss Federal Data Protection Act (FDPA), the Ordinance to the Federal Data Protection Act (OOFDPA), the Telecommunications Act (TCA) and other data privacy provisions that may apply under Swiss or EU law, especially the General Data Protection Regulation (GDPR).

So that you are aware of what personal data we collect from you and for what purposes we use such data, please take note of the following information.

A. Data processing in connection with our website

1. Accessing our website

When you visit our website, our servers temporarily store each access in a log file. As with any connection to a web server, the following technical data is collected, without any action on your part, and stored by us until automatic deletion after six (6) months at the latest:

  • the IP address of the requesting computer,
  • the name of the owner of the IP address range (typically your Internet access provider),
  • the date and time of access,
  • the website from which access originated (referrer URL) with search term used, if applicable,
  • the name and URL of accessed file,
  • the status code (e.g. error message),
  • your computer’s operating system,
  • the browser you used (type, version and language),
  • the transmission protocol used (e.g. HTTP/1.1) and
  • if applicable, your user name from registration/authentication.

The data is collected and processed to allow the use of our website (establishing a connection), to permanently ensure system security and stability and to optimize our Internet offer as well as for internal statistical purposes. This is our legitimate interest in the processing of data within the meaning Art. 6 (1) f) GDPR.

Furthermore, if there are attacks on the network infrastructure or other prohibited or abusive uses of the website, the IP address is used together with other data for clarification and defense and may be used to identify and take civil and criminal action against the users concerned as part of a criminal proceeding. This is our legitimate interest in the processing of data within the meaning of Art. 6 (1) f) GDPR.

2. Use of our contact form

You can use a contact form to get in touch with us. For this purpose, we require the following information (mandatory *):

  • Mr/Mrs/Ms*
  • First name*
  • Last name*
  • E-mail address*
  • Street and no.
  • Postal code and city
  • Telephone number*
  • Message*

We only use this data to answer your contact query in the best possible and most personalized manner. Processing of this data is therefore required in order to take steps prior to entering into a contract pursuant to Art. 6 (1) b) GDPR or falls within our legitimate interest in the processing of data within the meaning of Art. 6 (1) f) GDPR, respectively.

3. Contacting us by telephone

You can contact us by telephone and ask questions about our website functionalities, reservations or services.

We only process the personal data which you provide. You are therefore responsible for the contents of your message and control what information you provide to us. We recommend that you do not convey any sensitive information. To answer your questions, we may request additional information (e.g. your address, e-mail address, etc.). We will only request the personal information from you which is needed to answer your questions and to provide the requested services.

In processing your telephone request, our legitimate interest in the processing of data falls within the meaning of Art. 6 (1) f) GDPR.

4. Contact by e-mail

You can contact us by e-mail and ask questions about website functionalities, reservations or services.

We only process the personal data which you provide. You are therefore responsible for the contents of your message and control what information you provide to us. We recommend that you do not convey any sensitive information. To answer your questions, we may request additional information (e.g. your address, e-mail address, etc.). We will only request the personal information from you which is needed to answer your questions and to provide the requested services.

In processing your e-mail request, our legitimate interest in the processing of data falls within the meaning of Art. 6 (1) f) GDPR.

5. Registering for our newsletter

You can subscribe to our newsletter on our website. To do so, you will need to register. The following data must be provided in the context of a registration (mandatory *):

  • Mr/Mrs/Ms
  • First name
  • Last name
  • E-mail address*

Upon entering the above information, you are registered for the requested newsletter. In this case, we use a double-opt-in mechanism. After entering the information noted above, you will receive an e-mail from us, which contains a confirmation link. To definitively register for the newsletter, you have to confirm this link. If you do not confirm the link, your e-mail address will be deleted from our temporary list of those requesting the newsletter within the next 24 hours, and you will not be registered. Additional information about the transfer of personal data to third parties can be found in Section 19.

We will use your data to send the newsletter until you cancel your subscription. You can cancel at any time with effect for the future or unsubscribe via the link in our newsletter e-mails.

Our newsletter contains a web beacon or similar technical tool (tracking pixels). A web beacon is an invisible 1×1 pixel graphic image which is associated with the user ID of the relevant newsletter subscriber. The web beacon provides us with the following information about newsletter distribution:

  • the address data used;
  • the subject and number of newsletters sent;
  • information about which addresses received or did not receive the newsletter and which addresses failed;
  • information about which addresses opened the newsletter;
  • information about which addresses have cancelled their subscriptions; and
  • technical information (e.g. when the newsletter was called up, IP address, browser type and operating system).

This information helps us statistically analyze our newsletter campaign. The results of these analyses are used to better meet the interests of the recipients. The web beacon is deleted when you delete the newsletter.

To prevent the use of the web beacon, set up your e-mail program, if this is not already the default mode, so that no HTML is displayed in your messages. On the following pages you will find instructions for how to change this setting for the most common e-mail programs.

By registering, you consent to our processing of the data provided for the regular delivery of the newsletter to the address you provided and for statistical analysis of user behavior and for optimization of the newsletter. This consent constitutes our legitimate interest in the processing of data within the meaning of Art. 6 (1) a) GDPR. You can revoke your consent with effect for the future at any time.

6. Orders via our online shop

You can choose from a wide range of products and vouchers on our website. To process your order, we need the following information (mandatory *):

  • First name*
  • Last name*
  • Company name
  • Country*
  • Street and house number*
  • Postal code*
  • Place/city*
  • Telephone number*
  • E-mail address*
  • Order information
  • Method of payment*
  • I have read the General Terms and Conditions*

We only use this data and any other information you may voluntarily provide to execute the contract, unless stipulated otherwise in this data privacy policy or you have given us your separate consent. We will process this data to carry out your order as requested, to contact you in case of questions or problems and to ensure correct payment.

The legal basis for the processing of data for this purpose is the performance of a contract pursuant to Art. 6 (1) b) GDPR and your consent within the meaning of Art. 6 (1) a) GDPR. You can revoke your consent with effect for the future at any time.

7. Booking on the website, by correspondence or by telephone

If you make a booking via our website, by correspondence (e-mail or letter), or by telephone, we require the following information in order to execute the contract: (mandatory *):

  • Mr/Mrs/Ms*
  • First name*
  • Last name*
  • Company
  • E-mail address*
  • Telephone number*
  • Country*
  • Street*
  • No.*
  • Postal code*
  • City*
  • Comments
  • Date of birth
  • Language
  • Credit card information

We use this data and any other information you voluntarily provide (e.g. expected arrival time, license plate number, your preferences, comments) solely for the execution of the contract, unless stipulated otherwise in this data privacy policy or unless you have given your explicit consent. We will in particular process the data to record your booking as requested, to provide the services booked, to contact you in case of questions or problems and to ensure correct payment.

The legal basis for the processing of data for this purpose is the performance of a contract pursuant to Art. 6 (1) b) GDPR or your consent within the meaning of Art. 6 (1) a) GDPR. You can revoke your consent with effect for the future at any time.

8. Applying for an open position

You can apply for a specific job posting spontaneously or via a corresponding e-mail address. We collect the following data and documents (mandatory *):

  • First name*
  • Last name*
  • E-mail address*
  • Application documents (e.g. CV, cover letter, certificates, etc.)*

We use this data and other data you voluntarily provide to consider your application. Application documents from job applicants not under consideration will be deleted upon conclusion of the application process, unless you have explicitly requested us to keep the documents for a longer period or we are legally obliged to keep the documents for a longer period.

The legal basis for the processing of data for this purpose is the performance of a contract (pre-contractual period) pursuant to Art. 6 (1) b) GDPR.

9. Cookies

In many ways, cookies help to make your visit to our website easier, more enjoyable and more useful. Cookies are information files your web browser automatically saves to your computer’s hard drive when you visit our website.

For example, we use cookies to temporarily store your chosen services and input when you fill out a form on our website, so that you do not need to reenter this information when accessing a different sub-page. Cookies may also be used to enable our system to identify you as a registered user after you have registered on our website, so that you do not need to log in again when you access another sub-page.

Most Internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a notice always appears before you receive a new cookie. Instructions for how to configure the processing of cookies in the most commonly used browsers can be found on the following pages:

Disabling cookies may prevent you from using some of the features of our website.

10. Tracking tools

a. Google Analytics

We use the web analysis service Google Analytics, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses methods to analyze use of a website, e.g. cookies (see Section 9). Information generated by the cookie about your use of our website, such as

  • navigation path a user takes through the website,
  • time spent on the website or sub-page,
  • sub-page from which the website was exited,
  • country, region or city from which access originates,
  • end device (type, version, color depth, resolution, width and height of browser window),
  • returning or new user,
  • browser type/ version,
  • operating system used,
  • referrer URL (i.e. the website visited before our website),
  • host name of the accessing computer (IP address) and
  • when server request was made,

is generally transferred to a Google server in the USA and stored there. Before the data is transmitted to the provider, the IP address is abbreviated inside the Member States of the European Union and in other contracting parties to the Agreement on the European Economic Area including Switzerland by activating IP anonymization (“anonymizeIP”) on this website. According to Google, the anonymized IP address transmitted by your browser in the context of Google Analytics will not be linked to other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and abbreviated there. In such cases, we use contractual guarantees to ensure that Google maintains an adequate level of data privacy.

This information is used to analyze the use of our website, to compile reports about the activities on our website and for services connected with use of our website and the Internet for the purposes of market research and for needs-based design. This information may also be shared with third parties if required by law or to the extent third parties process this data at our request.

The legal basis for processing data for this purpose is defined by your consent within the meaning of Art. 6 (1) a) GDPR. You can revoke your consent with effect for the future at any time.

Users can prevent Google from processing user-related data (including IP address) generated by the cookie and used by the website by downloading and installing the browser plug-in with the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Additional information about Google and how Google processes data can be found here.

b. Google Tag Manager

We use Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) on our website. Google Tag Manager enables marketers to manage website tags via an interface. The Tag Manager tool is a non-cookie domain and does not record any personal data. This tool triggers other tags, which for their part may record personal data. According to Google, Google Tag Manager does not access such data. If tags are deactivated at the domain or cookie level, it applies to all tracking tags implemented by Google Tag Manager. You can prevent tags from being set at any time (see Section 10).

The legal basis for processing data for this purpose is our legitimate interest within the meaning of Art. 6 (1) f) GDPR.

Additional information about Google and how Google processes data can be found here.

c. Google Ads Remarketing

We use Google Ads Remarketing on our website. Google Ads Remarketing is an online advertising program from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). We use their remarketing function. With the help of our users’ cookies, this enables us to present ads based on their interests. Interaction between the user and our website is analyzed, e.g. indicating which offers the user was interested in, so that other targeted ads can be shown on sub-pages during their next visit to our website. The cookies used serve to clearly identify a web browser on a specific computer but not a person’s identity. According to Google, no personal data is stored.

The legal basis for processing data for this purpose is defined by your consent within the meaning of Art. 6 (1) a) GDPR. You can revoke your consent with effect for the future at any time.

You can deactivate the use of cookies by Google by using the following link to download and install the plugin noted there: https://tools.google.com/dlpage/gaoptout?hl=en.

For additional information about Google and how Google processes data, see here.

d. Google DoubleClick

Our website uses DoubleClick from Google, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google uses the DoubleClick cookie, which allows recognition of a user’s browser upon visits to other websites. Information about visits to these websites (including IP addresses) generated by the cookie is transferred to a Google server in the US and is stored there.

Google uses this information to analyze use of the website in terms of the ads to be tagged/untagged in order to compile reports about website activities and ads for the website operator and to provide additional services connected with use of the website and Internet. Google may also share this information with third parties, if this is required by law or if third parties process this data for Google. According to Google, users’ IP addresses will not, under any circumstances, be associated with any other Google data.

Based on the marketing tools used, your browser automatically sets up a direct link with the Google server. We thus have no influence over the scope and the further processing of data, which Google collects by using this tool. According to what we currently know, by integrating DoubleClick, Google receives information that you have called up on our website or have clicked on one of our ads. If you are registered for a Google service, Google can link your visit to your account. Even if you are not registered by Google or you are not logged in at Google, the provider still has the possibility to find out and store your IP address.

For additional information about DoubleClick from Google, see: https://marketingplatform.google.com/intl/en_uk/about/enterprise/, and Google’s general data privacy policy at https://policies.google.com/privacy?hl=en.

To create a pseudonymized user profile for advertising and analysis purposes, we refer to your consent within the meaning of Art. 6 (1) a) GDPR. You can revoke your consent with effect for the future at any time.

You have various options for preventing data processing as described above:

  1. via your browser settings, particularly by blocking third-party cookies, which ensures that you do not receive ads from third-parties;
  2. by deactivating cookies for conversion-tracking, by ensuring that your browser settings block cookies from the domain, https://www.google.com/settings/ads. Note: this setting is deleted when you delete your cookies;
  3. by deactivating interest-related ads from your provider, which are part of the self-regulating campaign “About Ads” via the link https://www.aboutads.info/choices. Note: this setting is deleted when you delete your cookies;
  4. by permanently deactivating cookies in your Firefox, Internet Explorer or Google Chrome browsers with the link https://www.google.com/settings/ads/plugin.

e. Google Ads Conversion-Tracking

We use Google Ads from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) on our website. Google Ads is an Internet ad service which enables marketers to place ads in Google search engine results and on the Google advertising network. Google Ads enables marketers to determine key words in advance which can be used to ensure that an ad in Google search results is only shown when the user calls up a key word related search in the search machine. The ads in the Google advertising network are shown based on an automatic algorithm, taking into account the previously set key words on targeted websites.

Google Ads is aimed at promoting our website by inserting targeted advertising on third-party websites and in Google’s search engine. When a targeted person lands on our website via GoogleAds, Google sets a Conversion-Cookie on that person’s computer or mobile device. A Conversion-Cookie becomes invalid after thirty days and is not used to identify the targeted person. The Conversion-Cookie, if not deleted, is used to see which if any of our sub-pages were called up. With the Conversion-Cookie, we and Google can see whether a targeted person who reached our website via an ad, generated any revenue.

The legal basis for processing data for this purpose is defined by your consent within the meaning of Art. 6 (1) a) GDPR. You can revoke your consent with effect for the future at any time.

You can deactivate the use of cookies by Google by using the following link to download and install the plugin noted there: https://tools.google.com/dlpage/gaoptout?hl=en.

For additional information about Google and how Google processes data, see here.

f. MyFonts Counter

Our website uses MyFonts Counter, a service of MyFonts Inc., 500 Unicorn Park Drive, Woburn, MA 01801, USA. MyFonts Counter is a web analysis service which enables page view tracking by counting the number of visits to our website for statistical purposes and passing this information on to MyFonts. MyFonts collects anonymized data for this purpose. Data is transmitted by activating a JavaScript code on your browser. To prevent JavaScript code from being activated, you can install a JavaScript blocker (e.g. www.noscript.net).

The legal basis for processing data for this purpose is defined by your consent within the meaning of Art. 6 (1) a) GDPR. You can revoke your consent with effect for the future at any time.

You can find additional information on MyFonts data privacy here.

11. Additional tools

a. Trustscore widget

On our website, we use the Trustscore widget of TrustYou, Agnes-Pockels-Bogen 1, 80992 Munich, Germany. Trustscore is an online reputation management tool that collects guest reviews of hotels. Trustscore widgets serve to help you find a suitable hotel and also provide information about our hotel. We use data from Trustscore to provide our visitors with an independent opinion on our services.

The legal basis for processing data for this purpose falls within our legitimate interest within the meaning of Art. 6 (1) f) GDPR.

Additional information about the Trustscore widget can be found in the TrustYou data privacy policy: https://www.trustyou.com/wp-content/uploads/2018/05/2017-01-19-TY-Privacy-Policy.pdf

b. Google Maps

On our website, we use Google Maps API (Application Programming Interface, “Google Maps”) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to provide a visual representation of geographic information. When you use Google Maps, information about the use of our website including IP addresses is sent to a Google server in the USA and is stored there.

The legal basis for processing data for this purpose falls within our legitimate interest within the meaning of Art. 6 (1) f) GDPR.

You can deactivate Google Maps services and prevent transfer of data to Google if you deactivate JavaScript. Please note that if you do so, you will be unable to display maps.

More information about the collection, processing and use of your data by Google and your related rights can be found in Google’s data privacy policy at:  https://policies.google.com/privacy, and in the additional terms of use for Google Maps and Google Earth at https://www.google.com/intl/en_en/help/terms_maps/.

c. YouTube

We have embedded plugins of the YouTube video portal of YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”) in our website. YouTube is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Each time you visit a sub-page which offers one or more YouTube video clips, a direct connection between your browser and a YouTube server in the US is set up. Information about your visit and your IP address is stored. By interacting with YouTube plugins (e.g. clicking the start button), this information is also sent to and stored by YouTube.

The legal basis for processing data for this purpose is defined by your consent within the meaning of Art. 6 (1) a) GDPR. You can revoke your consent with effect for the future at any time.

Additional information about the collection and processing of data by YouTube can be found in the data privacy policy of YouTube and Google: https://policies.google.com/privacy.

If you have a YouTube user account and you do not want YouTube to collect data about this website or link it to your user account, log out of YouTube before visiting our website.

YouTube uses an I-frame to call up videos via Google Analytics (see Section 10.a). This is a YouTube tracking tool which is beyond our control. You can deactivate Google Analytics tracking by using the deactivation tools provide by Google for specific Internet browsers.

12. Links to our social media presence

You can find links to our social media networks on our website. These links are not plugins provided by the social media network, and so do not transmit data to the provider without your consent when you load the page. The button to open a social media network on our website is only a link to our own presence on the social media network. No user data is sent from our website to the social media network.

The links connect with our presence on the following networks:

  • Facebook, from Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; and
  • Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.

If you call up a link to one of our social media profiles, a direct link is set up between your browser and the server of the relevant social network. This means the network receives information that you with your IP address have visited our website and have called up the link. If you click on a link to a network, while you are logged into your account at the relevant network, the contents of our website can be linked to your profile at the network, which means that the network can assign your visit to our website directly with your user account. To prevent this, you should log out of the social network before clicking on links to our website. If you log in to your account after clicking on the social network link, the information will still be linked to your account.

13. Social plugins

We use social plugins (“plugins”) provided by social networks on our website. To protect your data when you visit our website, the plugins are embedded so that when you call up a sub-page from our website, which displays such plugins, no link is made to the provider of the social network server. Only if you activate the plugin, thereby consenting to a data transfer, will your browser directly link to the server of the respective social network. In such a case, the contents of the respective plugin will be transmitted from the provider directly to your browser and embedded in the website. By clicking on the social network symbol, you will be linked to the relevant social network in order to be able to use the selected functionality, e.g. to share the contents on Facebook. To do so, however, you must log in or already be logged into your user account.

We provide plugins for the following social networks:

  • Facebook from Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
  • LinkedIn from LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA; and
  • Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.

If you call up one of the available functionalities and click on the symbol of the relevant social media network, a direct link is set up between your browser and the server of the relevant social network. This means the network receives information that you with your IP address have visited our website and have called up the link. If you click on a link to a network, while you are logged into your account at the relevant network, the contents of our website can be linked to your profile at the network, which means that the network can assign your visit to our website directly with your user account. To prevent this, you should log out of the social network before clicking on links to our website. If you log in to your account after clicking on the social network link, the information will still be linked to your account.

More information about the purpose and scope of data collection and further processing and use of your data by the relevant social network and about your related rights and settings options for protecting your privacy can be found in the data privacy policy of the social network concerned.

B. Data processing in connection with your stay

14. Data processing to comply with legal reporting obligations

On arrival at our hotel, we require the following information from you and your travel companion(s) (mandatory *):

  • First name*
  • Last name*
  • Postal address*
  • Date of birth*
  • Nationality*
  • Government ID card and number*
  • Credit card number, if applicable
  • E-mail address
  • Number of persons*
  • Arrival and departure dates*
  • Vehicle license plate number*

We collect this information in order to comply with legal reporting obligations, which arise in particular from the hospitality industry or from police regulations or which are needed to fulfil the desired service at our hotel. If we are obliged to do so under the applicable provisions, we will forward this information to the relevant police authority.

We have a legitimate interest in the fulfilment of the legal requirements within the meaning of Art. 6 (1) c) GDPR.

15. Records of services purchased

If you purchase additional services during your stay (e.g. use the mini-bar or Pay-TV offer), we will record the service and time of purchase of the service for billing purposes. The processing of this data is necessary for the performance of a contract pursuant to Art. 6 (1) b) GDPR.

16. Guest book

You have the option of providing feedback in our guest book. In such cases, we collect the following data:

  • Name
  • Feedback

The information provided is voluntary and enables us to continuously improve our offer and our services and to adjust them to your needs. We use the information furnished for statistical purposes, unless otherwise indicated in this data privacy policy or unless you have given your separate consent. If you have given your consent, your feedback in our guest book including the above information may be published on our website.

The legal basis for processing data for this purpose is defined by your consent within the meaning of Art. 6 (1) a) GDPR. You can revoke your consent with effect for the future at any time.

C. Storage and exchange of data with third parties

17. Bookings via booking platforms

If you make bookings via a third-party platform (Agoda, booking.com, Expedia, Synxis, HRS, NetAffinity, STC), we receive various personal information connected with your booking from the respective platform operator. As a rule, this information is listed in Section 7 of this data privacy policy. Questions concerning your booking may also be forwarded to us. We will process this data to record your booking as requested and to provide the services booked. The legal basis for processing of data for this purpose is the performance of a contract pursuant to Art. 6 (1) b) GDPR.

Finally, the platform operator may notify us of disputes in relation to a booking. In such circumstances, we may receive data about the booking process, which may include a copy of the booking confirmation as proof of the actual booking transaction. We process this data to protect and assert our claims. This constitutes our legitimate interest within the meaning of Art. 6 (1) f) GDPR.

Please also note the data privacy information of the relevant booking platform.

18. Central storage and linking of data

We store the data specified in this data privacy policy in a central electronic data processing system (CRM). The data relating to you is systematically recorded and linked in the system for the processing of your bookings and to perform contractual services. In accordance with data privacy regulations, we also enrich this data with publicly available sources (e.g. media or Internet). To do so, we use Protel software, rebagdata AG, Einsiedlerstr. 533, P.O. Box 426, 8810 Horgen (CH).

For processing this data in accordance with the software, we rely on our legitimate interest in customer-friendly and efficient customer data management within the meaning of Art. 6 (1) f) GDPR.

19. Storage period

We store personal data only for as long as is necessary to use the tracking services noted above and for any further processing in line with our legitimate interest. We keep contract data for a longer period, as this is required by statutory retention requirements. Retention obligations, requiring us to store data, arise from regulations concerning reporting systems, accounting and tax law. According to these regulations, business communications, concluded contracts and account records must be retained for up to 10 years. If we no longer need this data to furnish services for you, the data will be blocked. This means that the data can only be used for accounting and tax purposes.

20. Disclosure of data to third parties

We only pass on your personal data, if you have explicitly consented to our doing so, or a legal requirement for us to do so exists, or it is necessary to enable us to assert our rights, particularly to assert claims arising from the relationship between you and Hotel Waldhaus Sils AG (e.g. collection agencies, authorities or lawyers). We also pass on your data to third parties if this is necessary for using our website and contract performance, for furnishing the services you desire and analyzing your user behavior. The use of the forwarded data is strictly limited to the purposes noted.

A service provider to whom the personal data collected via our website is forwarded or who has or may have access to such data is our webhoster (ah, ja! Andreas Jacomet, Monbijoustrasse 27, 3011 Berne). This website is hosted on servers in Switzerland. Data is transferred for the purposes of preparing and maintaining the functionalities of our website. The legal basis for processing data for this purpose is in our legitimate interest within the meaning of Art. 6 (1) f) GDPR.

Finally, if you pay by credit card on our website, we pass on your credit card information to your credit card issuer and credit card acquirer. In this case, we work with Concardis Schweiz AG, Richtistrasse 17, 8304 Wallisellen, Switzerland. If you decide on paying with your credit card, you will be asked to enter all the mandatory information. The legal basis for forwarding of data for this purpose is the performance of a contract pursuant to Art. 6 (1) b) GDPR. As concerns processing of your credit card information by these third parties, please read the General Terms and Conditions and the data privacy policy of your credit card issuer.

21. Transfer of personal data abroad

For the purpose of data processing specified in this data privacy policy, we have the right to forward your personal data to third parties abroad (contracted providers). They are bound to ensure data privacy to the same extent as we are. If the level of data privacy in a particular country does not correspond to that of Switzerland or the European Union, we shall ensure by contract that the protection of your personal data corresponds to that in Switzerland or the EU at all times.

22. Note on data transmission to the USA

Some of the third-party service providers noted in this data privacy policy have registered offices in the US. For the sake of completeness, we would like to point out to users residing in or having registered offices in Switzerland or the EU that US authorities use surveillance measures which generally allow storage of all personal data of any individual whose data is transmitted to the US from Switzerland or the EU. Data may be stored without differentiation, restriction or exception based on the objective pursued and without any objective criterion that would restrict the US authorities’ access to the data and its later use in line with specific, strictly limited purposes which might justify the access to this data and its use. Please also note that affected persons from Switzerland or the EU have no redress in the US which would permit them access to the relevant data and its correction or deletion and no effective legal protection against general access rights of US authorities. We explicitly point out this legal and factual situation to the data subject so that they can make an informed decision on the use of their data.

Users residing in Switzerland or the EU are advised that it is the opinion of the EU and Switzerland – in view of the issues noted in this section – that the US does not have an adequate level of data privacy. With respect to US-based recipients of data (such as Google) referred to in this data privacy policy, we ensure that your data is protected at an adequate level by our partners, either through contractual agreements with these companies and, if necessary, through appropriate guarantees which protect the rights of persons whose personal data is transferred to third parties.

D. Additional information

23. Your rights

You can object to processing of your data at any time. You also have the following rights:

Right to information: You have the right to request to see your personal data that we have stored at any time, free of charge, so long as we have processed such data. You have the option to see which personal data about you we have processed and that we have used this data in accordance with the applicable data privacy policy.

Right to correction: You have the right to have incorrect or incomplete personal data corrected and to see that such corrections have been made. In this case, we inform the recipient of the data concerned about the corrections made, provided that this is possible and that it does not involve a disproportionate effort.

Right to deletion: In certain circumstances, you have the right to have your personal data deleted. In specific cases, the right to deletion may be prohibited.

Right to restrict processing: In certain circumstances, you have the right to request that processing of your personal data be restricted.

Right to data transfer: In certain circumstances, you have the right to receive the personal data you have furnished us in a readable format at no charge.

Right of appeal: You have the right to submit an appeal about the way in which your personal data has been processed to the competent authorities.

Right of revocation: In principle, you have the right to revoke your given consent with effect for the future. Processing activities based on your past consent do not become illegal as a result of your revocation.

24. Data security

We take appropriate technical and organizational security measures to protect your personal data held by us against tampering, full or partial loss or destruction and unauthorized access by third parties. Our security measures are continuously improved in line with technological advances.

You should always treat your access data confidentially and close the browser window once you have finished communicating with us, especially if you are using a shared computer.

We also take data privacy within our company very seriously. Our employees and service providers contracted by us have been obligated by us to maintain confidentiality and to comply with data privacy regulations.

25. Contact

If you have questions about data privacy on our website, would like to have additional information or have your data deleted, please contact us by sending an e-mail to reception@waldhaus-sils.ch.

If you prefer to write a letter, please send it to:

Hotel Waldhaus Sils AG
Datenschutz
Via da Fex 3
7514 Sils/Segl Maria
Switzerland