Data Privacy Statement
Andermatt Swiss Alps AG, Gotthardstrasse 2, 6490 Andermatt is the operator of the website alpine.apartments and is thus responsible for the collection, processing, and use of your personal data and for processing data in compliance with applicable data protection laws.
Your trust is important to us; therefore, we take data protection seriously and take care to provide proper security. In doing so, we comply with the legal provisions of the Swiss Federal Act on Data Protection (FADP), the Swiss Ordinance to the Federal Act on Data Protection (OFADP), the Swiss Telecommunications Act (TCA) and other applicable data protection provisions under Swiss or EU law, in particular the General Data Protection Regulation (GDPR).
Please read the following information to know what personal information we collect from you and for what purpose we use it.
A. Data processing in connection with our website
1. Visiting our website
When visiting our website, our servers temporarily store each access in a log file. The following technical data will be recorded by us, as usual with every connection with a web server, without your intervention, and stored by us until automatic deletion:
The IP address of the requested computer, the name of the owner of the IP address range, the date and time of access, the website from which the access was made, the name and URL of the requested file, the status code the operating system the browser you use the transmission protocol you use your user name for registration / authentication, if applicable
The collection and processing of this data is done for the purpose of enabling the use of our website, continuously ensuring system security and stability, optimising our website, and for internal statistical purposes. This is our legitimate interest in the processing of data in the sense of Art. 6 Par. 1 lit. f DSGVO.
Furthermore, the IP address will be evaluated, together with other data, in case of attacks on the network infrastructure or other unauthorized use or misuse of the website, for the purpose of intelligence and protection, and, if appropriate, used in criminal proceedings for identification and civil and criminal proceedings against the relevant users. This is our legitimate interest in the processing of data in the sense of Art. 6 Par. 1 lit. f GDPR. 1 lit. f DSGVO.
2. Use of our contact form
You have the option to use a contact form to contact us. For this we require the following information:
Title, first and last name, postal address, telephone number, e-mail address, your message
We use this data, along with a telephone number you may voluntarily give, only in order to answer your contact question in the best possible and personalized manner. Therefore, in accordance with Art. 6 Par. 1 lit. b GDPR, the processing of this data is required in order to conduct pre-contractual activities or is in our legitimate interest in accordance with Art. 6 Par. 1 lit. f GDPR.
3. Registration for our newsletter
You have the option to subscribe to our newsletter through our website. This requires registration. The following data must be provided in order to register:
Title, first and last name, e-mail address
The above is necessary for data processing. You may voluntarily provide additional information as well. We process this data exclusively to personalise the information and offers we send you and to better align it with your interests.
By registering, you give us your consent to process the given data in order to periodically send the newsletter to the address you have given and for the statistical evaluation of user behaviour and optimisation of the newsletter. This consent constitutes the legal basis for our processing of your e-mail address in the sense of Art. 6 Par. 1 lit. a GDPR. We are entitled to commission third parties with the technical handling of promotional measures and are entitled to pass on your data for this purpose (cf. cipher. 11).
At the end of each newsletter a link is provided by means of which you can unsubscribe at any time. When unsubscribing, you may voluntarily give us the reason. After unsubscribing, your personal data will be deleted. Further processing will be done in anonymous form only in order to optimise our newsletter.
4. Reservations via the website, correspondence, or telephone
When you place a reservation through our website, by mail (e-mail or postal mail), or by telephone, we need the following data in order to execute the agreement:
Title, first and last name, postal address, date of birth, telephone number, language, e-mail address.
We will use this information as well as other information you voluntarily provide (e.g. expected arrival time, vehicle license plate number, preferences, comments) only in order to execute the agreement, unless otherwise stated in this Data Privacy Statement or you have not specifically consented thereto. We will process the data by name in order to record your reservation as you have requested, to make available the booked services, to contact you in case of a question or problem, and to ensure correct payment.
The legal basis for data processing for this purpose lies in the fulfilment of an agreement in accordance with Art. 6 Par. 1 lit. b GDPR.
Cookies help in many ways to make your visit to our website easier and more convenient and sensible. Cookies are information files that your web browser automatically saves on your computer’s hard drive when you visit our website.
Most internet browsers accept cookies automatically. However, you can configure your browser so that no cookies will be stored on your computer or that a message will appear every time you receive a new cookie. Disabling cookies can result in preventing you from using all the functions of our website.
6. Tracking tools
For the purpose of needs-oriented design and continuous optimisation of our website, we use the web analysis service of Google Analytics. In this context, pseudonymised usage profiles are created and small text files (“cookies”) are stored on your computer. The information generated by the cookie about your use of this website is transmitted to the server of the provider, stored there, and processed for us. In addition to the data listed under cipher 1, we may receive the following information:
Navigation path that a visitor takes on the website, length of stay on the website or webpage, country, region, or city from which the access is made, end device, returning or new user.
The information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage for purposes of market research and needs-based design of this website. This information may also be transferred to third parties if required by law or if the third parties are contracted for processing the data.
6.2 Google Analytics
The provider of Google Analytics is Google Inc., an enterprise of the holding company Alphabet Inc, domiciled in the USA. Before the data is transmitted to the provider, the IP address will be abbreviated by activating IP anonymisation (“anonymizeIP”) on this website within the member states of the European Union or in other contracting states of the agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and abbreviated there. In these cases, we provide contractual guarantees to ensure that Google Inc. maintains a sufficient level of data protection. According to Google Inc., under no circumstances will the IP address be associated with any other user-related data.
More information about the web analytics service used is available at the website of Google Analytics.
6.3 Data protection provisions about the application and use of Google Remarketing
On this website, Andermatt Swiss Alps AG has integrated Google Remarketing services. Google Remarketing is a feature of Google AdWords, which allows an enterprise to display advertising to Internet users who have previously resided on the enterprise’s Internet site. The integration of Google Remarketing therefore allows an enterprise to create user-based advertising and thus shows relevant advertisements to interested Internet users.
The operating company of the Google Remarketing services is the Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
The purpose of Google Remarketing is the insertion of interest-relevant advertising. Google Remarketing allows us to display ads on the Google network or on other websites, which are based on individual needs and matched to the interests of Internet users.
Google Remarketing sets a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google enables a recognition of the visitor of our website if he calls up consecutive web pages, which are also a member of the Google advertising network. With each call-up to an Internet site on which the service has been integrated by Google Remarketing, the web browser of the data subject identifies automatically with Google. During the course of this technical procedure, Google receives personal information, such as the IP address or the surfing behaviour of the user, which Google uses, inter alia, for the insertion of interest relevant advertising.
The cookie is used to store personal information, e.g. the Internet pages visited by the data subject. Each time we visit our Internet pages, personal data, including the IP address of the Internet access used by the data subject, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google may be deleted at any time via a web browser or other software programs.
In addition, the data subject has the possibility of objecting to the interest-based advertising by Google. For this purpose, the data subject must call up the link to www.google.de/settings/ads and make the desired settings on each Internet browser used by the data subject.
Further information and the actual data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/.
6.5 Data protection provisions about the application and use of Google-AdWords
On this website, Andermatt Swiss Alps AG has integrated Google AdWords Google AdWords is a service for Internet advertising that allows the advertiser to place ads in Google search engine results and the Google advertising network. Google AdWords allows an advertiser to pre-define specific keywords with the help of which an ad on Google’s search results only then displayed, when the user utilizes the search engine to retrieve a keyword-relevant search result. In the Google Advertising Network, the ads are distributed on relevant web pages using an automatic algorithm, taking into account the previously defined keywords.
The operating company of Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.
The purpose of Google AdWords is the promotion of our website by the inclusion of relevant advertising on the websites of third parties and in the search engine results of the search engine Google and an insertion of third-party advertising on our website.
If a data subject reaches our website via a Google ad, a conversion cookie is filed on the information technology system of the data subject through Google. The definition of cookies is explained above. A conversion cookie loses its validity after 30 days and is not used to identify the data subject. If the cookie has not expired, the conversion cookie is used to check whether certain sub-pages, e.g, the shopping cart from an online shop system, were called up on our website. Through the conversion cookie, both Google and the controller can understand whether a person who reached an AdWords ad on our website generated sales, that is, executed or canceled a sale of goods.
The data and information collected through the use of the conversion cookie is used by Google to create visit statistics for our website. These visit statistics are used in order to determine the total number of users who have been served through AdWords ads to ascertain the success or failure of each AdWords ad and to optimize our AdWords ads in the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the data subject.
The conversion cookie stores personal information, e.g. the Internet pages visited by the data subject. Each time we visit our Internet pages, personal data, including the IP address of the Internet access used by the data subject, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a conversion cookie on the information technology system of the data subject. In addition, a cookie set by Google AdWords may be deleted at any time via the Internet browser or other software programs.
In addition, the data subject has the possibility of objecting to the interest-based advertising by Google. Therefore, the data subject must access from each of the browsers in use the link www.google.de/settings/ads and set the desired settings. Further information and the actual data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/.
B. Data processing in connection with your stay
7. Data processing in order to comply with legal reporting obligations
When you arrive at one of our accommodations, we may need the following information about you and the persons accompanying you:
First and last name, postal address, date of birth, place of birth, nationality, a government issued ID, dates of arrival and departure.
We collect this information in order to comply with legal reporting obligations stipulated in particular by hotel-business or police law. Insofar as we are required to do so under the applicable regulations, we will forward this information to the relevant police authorities.
In fulfilling the legal requirements, our legitimate interest is in the sense of Art. 6 Par. 1 lit. f GDPR.
8. Recording of services received
If you receive additional services as part of your stay, the service and the point in time it was received will be recorded by us for invoicing purposes. The processing of this data is in the sense of Art. 6 Par. 1 lit. b GDPR and required for executing the agreement with us.
C. Storage and exchange of data with third parties
9. Reservation platforms
If you place reservations through a third-party platform, we will receive various personal information from the respective platform operator. This is typically the data listed under cipher 5 of this Data Privacy Statement. In addition, enquiries regarding your reservation may be forwarded to us. We will process this data by name in order to record your reservation as requested and to provide the booked services. The legal basis of data processing for this purpose lies in the fulfilment of an agreement as described in Art. 6 1 lit. b GDPR.
Finally, we may be notified by the platform operators about disputes related to a reservation. In this case, we may also receive data on the reservation process, which may include a copy of the booking confirmation as evidence of the actual finalisation of the reservation. We process this data in order to safeguard and enforce our rights. This is our legitimate interest in the sense of Art. 6 Par. 1 lit. f GDPR.
10. Retention period
We store personal data only as long as necessary in order to use the aforementioned tracking services and the further processing within the scope of our legitimate interest. We store contract data for a longer period of time in order to comply with legal obligations for data retention. Data retention requirements that are obligatory for us arise from regulations set forth by reporting, accounting, and tax law. According to these regulations, business communication, closed contracts, and reservation documents must be retained for up to 10 years. Once we no longer require these data to carry out the services for you, the data will be blocked. This means that the data may then be used only for tax and accounting purposes.
11. Passing on data to third parties
We pass on your personal data only if you have expressly consented to it, if we are legally obligated to, or if this is necessary to enforce our rights, especially rights concerning the contractual relationship. Furthermore, we pass on your personal data to third parties insofar as this is required in the context of using the website and in contract processing, specifically, the processing of your reservation.
A service provider to whom the personal data collected via the website is passed on or who has or can have access to it is our web host (domainfactory GmbH, 85737 Ismaning, Germany). The website is hosted on servers in the European Union. The transfer of data is for the purpose of providing and maintaining the functionality of our website. This is our legitimate interest in the sense of Art. 6 Par. 1 lit. f GDPR.
Finally, if you pay by credit card through the website, we forward your credit card information to the credit card issuer and the credit card acquirer. If you choose to pay by credit card, you will be asked to provide all the necessary information. The legal basis for passing on the data lies in the fulfilment of an agreement in the sense of Art. 6 Par. lit. b GDPR.
12. International transfer of personal data
We are also entitled to transfer your personal data to third parties abroad for the purposes of the data processing described in this Data Privacy Statement. They are obliged to protect data privacy to the same extent as we ourselves. If the level of data protection in a given land does not correspond to the Swiss or European level, we contractually ensure that the protection of your personal data corresponds to that in Switzerland or the EU at all times.
D. Further information
13. Rights to information, correction, deletion, and limitation of processing, right to data portability
You have the right to request and receive information about your personal data that we have stored. Furthermore, you have the right to correct inaccurate data and the right to have your personal data deleted, as far as no legal retention obligation stands in the way or a regulatory authorisation that allows us to process the data.
You also have the right to reclaim from us the data you have given us (right to data portability). On request, we will also pass the data on to a third party of your choice. You have the right to receive the data in a commonly used file format.
You can contact us for the aforementioned purposes at the e-mail address email@example.com. We may, at our sole discretion, require proof of identity before processing your request.
We do not want to collect personal information from minors; however, we cannot always verify the age of people who visit and use our websites. If a minor provides us with their information without the consent of their parent or guardian, we will ask the parent or guardian to contact us for the purpose of deleting that information and preventing the minor from receiving any promotional material from us in the future.
15. Data security
We use appropriate technical and organizational security measures to protect your stored personal data against manipulation, partial or complete loss, and unauthorized access by third parties. Our security measures are being continuously improved in line with technical developments.
You should always treat your access data confidentially and close the browser window when you have finished communicating with us, especially if you share your computer with others.
16. Notice about data transfer to the USA
In the interest of completeness, we would like to point out to users domiciled in or residing in Switzerland that in the USA there are government surveillance measures that generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without differentiation, limitation, or exception on the basis of the objective pursued and without objective criteria that would limit the access of US authorities to the data and their subsequent use to very specific, strictly limited purposes that could justify both the access to these data and intervention related to their use. Furthermore, we would like to point out that in the USA there are is no right of appeal for affected people in Switzerland that would allow them to gain access to their personal data or to effect their correction or deletion, and there is no effective judicial protection against general access by US authorities. We explicitly inform affected persons of this legal and factual situation in order for them to make an accordingly informed decision concerning consent to the use of their data.
We point out to users domiciled in an EU member state that, in the point of view of the European Union, the USA – partly because of the issues mentioned in this paragraph – does not have a sufficient level of data protection. To the extent we have explained in this Data Privacy Statement that recipients of data (such as Google) are based in the USA, we will ensure that your data is protected at a reasonable level by our partners either through contractual arrangements with these companies or by ensuring the certification of such companies under the EU- or Swiss-US Privacy Shield.
17. Social Plug-ins, Facebook
18. Social Plug-ins, Twitter
We use so-called “social plugins” from twitter.com with Twitter and the re-tweet functions, operated by Twitter Inc. 795 Folsom St., Suite 600, San Francisco, CA 94107. If you use the re-tweet functions , the websites you visit will be disclosed to third parties and connected to your Twitter account. Details on the handling of your data by Twitter as well as your rights and setting options for the protection of your personal data can be found in Twitter’s data protection information: http://twitter.com/privacy.
19. Social Plug-ins, Instagram
We use Instagram social plugins operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA. The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”. An overview of the Instagram plugins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges. When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the Instagram servers. The content of the plugin is transmitted from Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has called up the corresponding page of our website, even if you do not have an Instagram profile or are currently not logged in to Instagram. This information (including your IP address) is sent from your browser directly to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can immediately assign your visit to our website to your Instagram account. If you interact with the plugins, for example by pressing the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there. The information will also be published on your Instagram account and displayed to your contacts there. The purpose and scope of the data collection and the further processing and use of the data by Instagram, as well as your rights and setting options for protecting your privacy, can be found in Instagram’s data protection information: https://help.instagram.com/155833707900388/. If you do not want Instagram to directly associate the data collected via our website with your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent the loading of Instagram plugins with add-ons for your browser, e.g. B. with the script blocker “NoScript” (http://noscript.net).
20. Social Plugins, Youtube
This website contains at least one plugin from YouTube, belonging to Google Inc., located in San Bruno, California, USA. As soon as you visit the pages of our website that are equipped with a YouTube plugin, a connection to the YouTube servers is established. The YouTube server is informed which particular page of our website you have visited. If you were also logged into your YouTube account, you would enable YouTube to assign your surfing behavior directly to your personal profile. You can cancel this assignment option if you log out of your account beforehand. Further information on the collection and use of your data by YouTube can be found in the data protection information there at http://www.youtube.com.
21. Social Plugins, Pinterest
We use social plugins used by Pinterest, which is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA. The plugins are e.g. B. recognizable by buttons with the sign “Pin it” on a white or red background. An overview of the Pinterest plugins and their appearance can be found here: https://developers.pinterest.com/docs/getting-started/introduction. When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the Pinterest servers. The content of the plugin is transmitted from Pinterest directly to your browser and integrated into the page. Through the integration, Pinterest receives the information that your browser has called up the corresponding page of our website, even if you do not have a Pinterest profile or are currently not logged in to Pinterest. This information (including your IP address) is sent from your browser directly to a Pinterest server in the USA and stored there. If you are logged in to Pinterest, Pinterest can directly associate your visit to our website with your Pinterest profile. If you interact with the plugins, for example by pressing the “Pin it” button, the corresponding information is also transmitted directly to a Pinterest server and stored there. The information is also published on Pinterest and displayed to your contacts there. The purpose and scope of the data collection and the further processing and use of the data by Pinterest as well as your rights in this regard and setting options for protecting your privacy can be found in Pinterest’s data protection information: https://about.pinterest.com/de/privacy-policy. If you do not want Pinterest to directly associate the data collected via our website with your Pinterest profile, you must log out of Pinterest before visiting our website. You can also completely prevent the loading of the Pinterest plugins with add-ons for your browser, e.g. B. with the script blocker “NoScript” (http://noscript.net).
22. Our contact details
Please do not hesitate to contact us if you have any questions regarding the data policy and our general terms and conditions:
Andermatt Swiss Alps AG, Gotthardstrasse 12, 6460 Altdorf, Switzerland
Stand 17. Januar 2020