Data protection

Please read the following Privacy Policy carefully before proceeding. We kindly ask anyone who visits the website https://tschuggencollection.ch to take note of the following information.

Tschuggen Collection AG (Tschuggentorweg 1, 7050 Arosa) is the operator of the Tschuggen Grand Hotel, Valsana Hotel, Carlton Hotel and Hotel Eden Roc as well as the website https://tschuggencollection.ch and is therefore responsible for processing and using your personal data and ensuring that any data processing used is compatible with applicable data protection law.

Your trust is important to us, which is why we take the subject of data protection seriously and endeavour to ensure an appropriate level of security. We are committed to handling your personal data in a responsible manner. It goes without saying that we comply with the legal provisions of the Federal Data Protection Act (DPA), the Ordinance to the Federal Act on Data Protection (VDSG), the Telecommunications Act (FMG) and any other applicable data protection provisions under Swiss or EU law, in particular the General Data Protection Regulation (GDPR).

We have appointed a Data Protection Officer for our company. If you have any questions regarding data protection in general or on matters related to your personal data, please contact the managers of our hotels. Questions regarding data protection should be sent to [email protected].

The address of our data protection representative pursuant to Art. 27 GDPR in the EU is: VGS Datenschutzpartner GmbH

Am Kaiserkai 69 20457 Hamburg Germany

[email protected]

To find out which personal data we collect from you and why, please take note of the information provided below.

Data processing in connection with our website

1. Visits to our website

Each time you visit our website, our servers temporarily store information about each visit in a log file. As with any connection to a web server, the following technical data is recorded without your intervention, stored by us, and automatically deleted after no more than 12 months:

  • the IP address of the requesting computer

  • the name of the owner of the IP address range (generally your Internet access provider)

  • the date and time of access

  • the website from which access took place (referrer URL) including the search word used, if applicable

  • the name and URL of the file accessed

  • the status code (e.g. error message)

  • your computer’s operating system

  • which browser you use (type, version and language)

  • the transmission protocol used (e.g. HTTP/1.1) and

  • if applicable, the username used for registration/authentication

This data is collected and processed for the purpose of enabling the use of our website (to establish a connection), to permanently guarantee system security and stability, to enable the optimisation of our Internet offer as well as for internal statistical purposes. This is where our legitimate interest in data processing lies within the meaning of the applicable data protection legislation.

The IP address is also evaluated together with the other data in the event of attacks on the network infrastructure or other unauthorised or abusive use of the website for the purpose of investigating and preventing attacks and may be used in the course of criminal proceedings to identify and prosecute the users concerned under civil and criminal law. This is where our legitimate interest in data processing lies within the meaning of the applicable data protection legislation.

2. Using our contact form

You have the option of using a contact form for general enquiries to get in touch with us. To respond to such enquiries, we usually need the following information (mandatory *):

  • First name*

  • Surname*

  • Phone number*

  • Message*

You also have the option of using a contact form to get in touch with us to enquire about events and find out about the organisation of events. To respond to such enquiries, we usually need the following information (mandatory *):

  • First name*

  • Surname*

  • E-mail address*

  • Phone number*

  • Date*

  • Hotel

  • Type of event

  • Number of guests*

  • Comments*

We will only use this data in order to provide you with the best possible, personalised response to your contact request. The processing of such data is therefore necessary in order to take steps prior to entering into a contract within the meaning of the applicable data protection legislation and/or is based on our legitimate interest in such processing pursuant to it.

3. Orders through our Voucher Shop

In our voucher shop, you have the option of using the contact form to send us orders. We collect the following information for this purpose (mandatory *):

  • Title*

  • First name*

  • Surname*

  • Company

  • House number and street*

  • Additional address field

  • Postcode*

  • Town/city*

  • Country*

  • Telephone*

  • E-mail*

  • Payment method*

  • Dispatch method*

  • Yes, I would like to subscribe to your newsletter. In connection with this, I consent to the collection and processing of my e-mail address for the purpose of sending the newsletter. I have the right to withdraw my consent at any time.

  • I confirm that the details I have provided are correct and that I have read and accept the GTC and the data protection provisions.*

Alternatively, you can personalise the voucher. To do this, we collect the following information in addition to the above:

  • Voucher for

  • Voucher from

  • Dedication/message

In connection with our voucher shop, we work with the e-guma voucher and ticket system, Idea Creation GmbH, Walchestrasse 15, 8006 Zurich, Switzerland. The data is stored by Idea Creation GmbH on a server at Amazon in Ireland.

We only use this data and any other data you voluntarily provide in order to process your order according to your wishes. The processing of such data is therefore necessary in order to take steps prior to entering into a contract as well as to perform a contract within the meaning of the applicable data protection legislation.

4. Subscriptions to our newsletter

If you sign up to our e-mail newsletter (e.g. when you open your customer account or within your account), the following data is collected. Mandatory information is marked with an asterisk (*) on the registration form:

  • Select title*

  • First name*

  • Surname*

  • E-mail address*

To prevent misuse and to ensure that the owner of an e-mail address has actually given their consent, we use a double opt-in method for registration. After submitting the registration details, you will receive an e-mail from us containing a confirmation link. To sign up for the newsletter, you must click on this link. If you do not click on the confirmation link within the specified period, your data will be deleted again and our newsletter will not be sent to this address.

By signing up, you consent to the processing of this data in order to receive news about our hotel and related information about our products and services. This may also include invitations to participate in competitions or to review one of the aforementioned products and services. The collection of your title and name allows us to verify whether the new registration is associated with an existing customer account, and to personalise the content of e-mails. Linking to a customer account helps us make the offers and content contained in the newsletter more relevant to you and better tailor them to your potential needs.

We will use your data to send you e-mails until you withdraw your consent. You can withdraw your consent at any time, in particular via the unsubscribe link in all our marketing e-mails.

Our marketing e-mails may contain a web beacon or 1x1 pixel (tracking pixel) or similar technical aids. A web beacon is an invisible graphic linked to the user ID of the respective newsletter subscriber. For each marketing e-mail sent, we receive information about which addresses have not yet received the e-mail, to which addresses it was sent and which addresses failed to send. It also shows which addresses have opened the e-mail, for how long and which links they clicked on. Finally, we also receive information about which addresses have unsubscribed. We use this data for statistical purposes and to optimise promotional e-mails with regard to the frequency, timing, structure and content of the e-mails. This allows us to better tailor the information and offers in our e-mails to the individual interests of the recipients.

Our tool is called Campaign Monitor (404/3-5 Stapleton Avenue Sutherland, NSW 2232, Australia). For more information on data protection, please visit the Campaign Monitor website at: https://www.campaignmonitor.com/policies/#privacy-policy.

The web beacon is deleted when you delete the e-mail. To prevent the use of the web beacon in our marketing e-mails, please adjust the settings of your e-mail program so that HTML is not displayed in messages – unless this is already the case by default. See the help sections of your e-mail software for information on how to configure this setting, e.g. here for Microsoft Outlook.

By subscribing to the newsletter, you also consent to the statistical analysis of user behaviour for the purpose of optimising and adapting the newsletter. This consent constitutes our legal basis for the processing of the data within the meaning of the applicable data protection legislation.

We use Campaign Monitor e-mail marketing software by Campaign Monitor Pty Ltd (11 Lea Ave, Nashville, USA) for marketing e-mails. Therefore, your data is stored in a Campaign Monitor database, allowing Campaign Monitor to access your data when necessary to provide the software and support when using the software. The legal basis for this processing is our legitimate interest in the use of third-party services within the meaning of the applicable data protection legislation.

5. Booking online, by post or by phone

If you make bookings or order vouchers via our website, by means of correspondence (e-mail or letter post) or by phone, we require the following data (mandatory *) to process the order:

  • Title*

  • First name*

  • Surname*

  • E-mail address*

  • Phone number*

  • Street and no.

  • Postcode*

  • Town/city*

  • Country

  • Password*

  • Credit card information*

  • Yes, I have read and accepted the General Terms and Conditions and the Privacy Policy.*

Unless otherwise stated in this Privacy Policy or you have given your explicit consent, we will only use this data and other information you provide voluntarily (expected time of arrival, motor vehicle number plate, preferences, comments, etc.) for the purpose of performing the contract. We will process the data in order to record your booking as requested, to provide the booked services, to contact you if something is unclear or in the case of problems and to ensure correct payment.

We will automatically delete your credit card details after you leave us.

The legal basis of data processing for this purpose is the performance of a contract pursuant to the applicable data protection legislation and/or your consent pursuant to the applicable data protection legislation. You may withdraw your consent with future effect at any time.

6. Data processing when you contact us by phone

You can contact us by phone and ask us questions about website functions, bookings or services.

We will only collect the personal data you disclose to us. You are therefore responsible for the content of the message and are in control of which information you provide to us. We recommend that you do not disclose any sensitive information. So that we can answer your questions, we may ask you to provide additional information (e.g. your address, your e-mail address). We will only process the personal data relating to you that we need to answer your questions or provide you with the desired services.

We have a legitimate interest in processing your telephone query within the meaning of the applicable data protection legislation.

7. Data processing when you contact us by e-mail

You can contact us by e-mail and ask us questions about website functions, bookings or services.

We will only collect the personal data you disclose to us. You are therefore responsible for the content of the message and are in control of which information you provide to us. We recommend that you do not disclose any sensitive information. To answer your questions, we may ask you to provide additional information (e.g. your address, your telephone number). We will only process the personal data relating to you that we need to answer your questions or provide you with the desired services.

We have a legitimate interest in processing your e-mail query within the meaning of the applicable data protection legislation.

8. Data processing when you apply for a job vacancy

You can apply for job vacancies on our website. We collect the following information when you apply (mandatory *):

  • Personal data:

    • Photo

    • Title*

    • Title before name

    • First name*

    • Surname*

    • Date of birth*

    • Postcode*

    • E-mail address*

    • Password*

    • User language*

  • Contact details:

    • Street*

    • Postcode*

    • Town/city*

    • Country*

    • Telephone*

  • Educational qualifications

  • Documents (upload):

    • Cover letter*

    • CV*

    • Other documents

  • Relationship to our company:

    • I am currently an employee of your company

    • I have previously worked for your company

  • Other information:

    • How did you find out about us?

    • Additional notes about you

  • Data release*:

    • I consent to my data being stored beyond the scope of a specific job vacancy and to being notified about other vacancies that may be of interest to me.

    • I would like my data to be deleted after the current application process.

  • I agree to the Privacy Policy*

In connection with your online application we use the tool Umantis by Haufe-Lexware GmbH & Co. KG, Munzinger Strasse 9, 79111 Freiburg, Germany. Data is stored by Umantis on a server in Germany.

We need this information to review your application and if necessary to contact you in relation to this. The legal basis for processing your personal data is the necessity to take steps prior to entering into a contract, and the performance of a contract within the meaning of the applicable data protection legislation; it is based on our legitimate interest within the meaning of the applicable data protection legislation. You may object to this data processing at any time if there are reasons pertaining to your specific situation for data processing not to take place.

9. Cookies

Cookies help in many ways to make your visit to our website simpler, more pleasant and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our website.

For example, we use cookies to temporarily save your selected services and the entries you make when filling out a form on the website, so that you do not have to re-enter the information when you access another subpage. Cookies may also be used to identify you as a registered user after you log into the website so that you do not have to log in again when accessing another subpage.

Most Internet browsers accept cookies automatically. However, you can configure your browser to prevent cookies from being stored on your computer or to display a message whenever you receive a new cookie. You will find explanations on how to configure cookie processing in the most common browsers on the following pages:

If you disable cookies, you may not be able to use all the functions of our website.

Our website uses the cookie consent technology provided by Termly Inc., 522 W. Riverside Ave., Suite 4296, Spokane, WA 99201, USA. The purpose of the service is to obtain your consent to the storage of certain cookies on your device and to document them in accordance with data protection regulations.

When you visit our website, a connection Termly’s servers is established in order to obtain your consent and other declarations regarding the use of cookies. Termly then stores a cookie in your browser in order to be able to assign the consents granted or refused to you. The data collected in this way is stored until you ask us to delete it, delete the cookie yourself or the purpose for storing the data no longer applies.

Termly is used to obtain your consent to the use of cookies in accordance with the applicable data protection legislation.

Further information on data protection and the cookies used can be found on the Termly website at: https://termly.io/our-privacy-policy/.

10. Tracking tools

10.1 Google Analytics

On our website, we use Google Analytics 4 with Google Signals, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses methods that enable the use of the website to be analysed, such as cookies (see section 9). The information generated by the cookie relating to use of our website, such as

  • the navigation path that a visitor follows on the website

  • time spent on the website or a subpage

  • last subpage visited before leaving the website

  • the country, region or city from where the website was accessed

  • terminal (type, version, colour depth, resolution, width and height of the browser window)

  • recurring or new visitor

  • browser type/version

  • operating system used

  • referrer URL (i.e. the previously visited website),

  • host name of the computer accessing the website (IP address) and

  • time of the server request

is generally transmitted to and stored on a Google server in the USA. The IP address is truncated by the default and automatic activation of IP anonymisation (“anonymizeIP”) on this website before transmission within the member states of the European Union or other signatory states to the Agreement on the European Economic Area or Switzerland. The masked IP address sent by your browser within the context of Google Analytics will not be combined with any other Google data according to Google. The full IP address will only be transmitted to a Google server in the USA before truncation in exceptional circumstances. In such cases, we have contractual guarantees in place to ensure that Google maintains an adequate level of data privacy.

This information is used to evaluate how this website is used, to compile reports on activities performed on the website and to provide further services associated with the use of the website and the Internet for the purpose of conducting market research and to design our website to better meet its users' needs. As the circumstances require, this information may also be transferred to third parties if required by law or to the extent that a third party is instructed to process this data.

The legal basis for processing this data for this purpose is your consent pursuant to the applicable data protection legislation. Consent may be withdrawn with future effect at any time.

Users may prevent Google from recording and processing data generated by the cookie linked to their use of the website (including the IP address) by downloading and installing the browser plugin available at: http://tools.google.com/dlpage/gaoptout?hl=em

Further information about Google and how Google processes data can be found here.

10.2 Microsoft Clarity

For analytical testing purposes, we use Microsoft Clarity for the website and the hotel booking engine for a limited period of time. Microsoft Clarity is a web analytics service provided by Microsoft Corporation, Redmond WA 98052, USA. Microsoft Clarity enables user analysis on the basis of a pseudonymous user ID and thus on the basis of pseudonymous data, such as the analysis of data via mouse movements or performance data via certain Internet presentations. In particular, we process usage data (e.g. visited Internet presentations, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (information on the geographical location of a device or a person), movement data (mouse movements, scrolling movements) in pseudonymised form. We have set the corresponding settings in such a way that data is collected on and by Microsoft alone in a pseudonymised manner, in particular in the form of IP masking (pseudonymisation of the IP address). The aim of the tool is to improve the website appearance.

The legal basis for processing this data for this purpose is your consent pursuant to the applicable data protection legislation. Consent may be withdrawn with future effect at any time.

10.3 Google Tag Manager

Our website uses Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Tag Manager is a solution that allows distributors to manage website tags via an interface. The Tag Manager tool is a cookieless domain and does not record any personal data. The tool is used to deploy other tags that record personal data. Google Tag Manager does not access this data according to Google. If Google Tag Manager is disabled at the domain or cookie level, this will apply to all tracking tags implemented using Google Tag Manager. You can prevent tags from being placed at any time (see Section 9).

The legal basis for processing data for this purpose is our legitimate interest pursuant to the applicable data protection legislation.

10.4 Google DoubleClick

Our website uses DoubleClick by Google, a service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). For this, Google uses the DoubleClick cookie, which allows the website to recognise the browser used by the user when visiting other websites. The information generated by the cookie about visits to this website (including IP address) is transferred to and stored on a Google server in the USA.

Google uses this information to evaluate the use of the website with regard to advertisements to be displayed, to compile reports about website activities and advertisements for the website operator and to provide other services related to use of the website and the Internet. As the circumstances require, Google may also transfer this information to third parties if required to do so by law or to the extent that a third party is instructed to process this data by Google. According to Google, users’ IP addresses will not be linked to other Google data under any circumstances.

Because of the marketing tools used, your browser will automatically establish a direct connection to the Google server. We therefore have no influence on the scope and further use of data collected by Google through this tool and as such this information is based on the current state of our knowledge: DoubleClick tells Google that you have accessed the corresponding part of our website or clicked on an advertisement displayed by us. If you have registered for a Google service, Google may link the visit to your account. Even if you are not registered with Google or have not logged in, the provider may have knowledge of and store your IP address.

Further information on DoubleClick by Google is available at: https://marketingplatform.google.com/about/enterprise/ and on data protection at Google in general: https://policies.google.com/privacy?hl=en&gl=en.

To create pseudonymised user profiles for advertising and analysis purposes, we require your consent within the meaning of the applicable data protection legislation. Consent granted may be withdrawn with future effect at any time.

You may prevent the aforementioned data processing in various ways:

1. by changing the corresponding settings on your browser, in particular by blocking third-party cookies, which will ensure that you do not receive any advertisements from third-party providers;

2. by disabling cookies for conversion tracking by blocking cookies from the domain in your browser, https://www.google.en/settings/ads (this setting will be deleted when you delete your cookies);

3. by disabling advertisements linked to your interests from providers participating in the self-regulation campaign “About Ads”, via https://optout.aboutads.info/?c=2&lang=EN (this setting will be deleted when you delete your cookies);

4. by permanently deactivating it in your browser: Firefox, Internet Explorer or Google Chrome at https://support.google.com/ads/answer/7395996.

10.5 Google Ads

On our website, we use the online advertising program “Google Ads” and, as part of Google Ads, conversion tracking from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). We use the offer of Google Ads to draw attention to our attractive offers with the help of advertising materials (Google Adwords) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. In doing so, we aim to show you advertisements that are of interest to you, make our website more interesting to you and achieve a fair calculation of advertising costs.

The conversion tracking cookie is used when a user clicks on an advert placed by Google. The cookie allows us and Google to recognise that the user has clicked on the ad and has been redirected to our website. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked via the websites of Google Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. Customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. If you do not wish to participate in tracking, you can block its use by deactivating the Google Conversion Tracking cookie via your Internet browser under User Settings. You will then not be included in the conversion tracking statistics.

You can find further information about Google’s privacy policy at the following website: https://policies.google.com/privacy?hl=en-US.

The legal basis for the aforementioned data processing is our legitimate interest in targeted advertising in accordance with the applicable data protection legislation.

10.6 Microsoft Bing Ads

Our website uses conversion tracking from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. In this case, Microsoft Bing Ads places a cookie on your computer if you have accessed our website via a Microsoft Bing advertisement. This means Microsoft Bing and we can detect that someone has clicked on an ad, was redirected to our website, and reached a previously specified destination page (conversion page). We only get the total number of users who clicked on a Bing ad and were then redirected to the conversion page

If you do not want information about your behaviour to be used by Microsoft as described above, you can refuse the necessary use of a cookie – for example, by using a browser setting that generally disables the automatic setting of cookies. You can also prevent the collection of the data generated by the cookie and related to your use of the website and the processing of this data by Microsoft by clicking on the following link: http://choice.microsoft.com/en-US/opt-out Explain your objection. For more information about privacy and the cookies used by Microsoft and Bing Ads, please visit the Microsoft website at https://privacy.microsoft.com/en-US/privacystatement.

The legal basis for the aforementioned data processing is our legitimate interest in targeted advertising in accordance with the applicable data protection legislation.

10.7 Cloudflare

On our website, we use “Cloudflare” from Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA, to make the website faster and more secure. Cloudflare uses cookies and processes user data for this purpose. Cloudflare, Inc. is a US-based provider of a content delivery network and various security services. These services are located between the user and our web hosting provider.

Cloudflare is a content delivery network (CDN) consisting of interconnected servers. Cloudflare operates servers around the world that make websites appear faster on your screen. For this purpose, Cloudflare makes copies of our website, which are stored on the company’s servers. Therefore, when you visit our website, a load distribution system ensures that the main part of our website is loaded by a server that can provide you with our website as quickly as possible. The CDN shortens the transmission path of data to your browser considerably. Cloudflare delivers the content of our website not only from our web hosting server, but also from our own servers distributed around the world. Cloudflare has a particularly positive effect on users abroad, as the pages can be loaded from a nearby server. In addition to the quick setup of websites, Cloudflare also offers various security services, such as DDoS protection or the web application firewall.

Cloudflare generally only transmits data controlled by the website operator. This means that the content is not determined by Cloudflare, but by the website operator itself. In addition, Cloudflare may collect certain information about your use of our website and process data that we send or for which Cloudflare has received specific instructions. Essentially, Cloudflare receives data such as IP addresses, contacts and log information, security fingerprints and performance data from websites. The log data helps cloudflare, for example, to detect new threats. This enables Cloudflare to ensure a high level of security for our website.

Cloudflare also uses a cookie for security reasons. This cookie identifies individual users behind a common IP address and sets individual security settings for each individual user. The cookie is useful if, for example, you visit our website in a restaurant where there are several infected computers. We can then use the cookie to determine that your computer is trustworthy. This allows you to visit our website freely and without worry even though there are infected PCs around you. The cookie is an essential part of Cloudflare’s security features and cannot be disabled.

The legal basis for processing data for this purpose is our legitimate interest in accordance with the applicable data protection legislation.

10.8 Contentful

On our website, we use the content management system “Contentful” from the provider Contentful GmbH., Max-Urich-Strasse 3, 13355 Berlin, Germany, in order to ensure the proper provision of the content of our website. For this purpose, Contentful uses cookies and processes user data.

The tool used helps to provide content from our online offer more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Contentful servers, transmitting your IP address and, if applicable, browser data such as your user agent. This data is processed solely for the purposes mentioned above and to maintain the security and functionality of Contentful.

The legal basis for processing data for this purpose is our legitimate interest in accordance with the applicable data protection legislation.

10.9 Pinterest tag

Our website uses the conversion tracking technology “Pinterest Tag” from Pinterest Europe Ltd. Palmerston House, Fenian Street, Dublin 2, Ireland. The pixel allows us to collect, store and evaluate information about the search behaviour of website visitors in a pseudonymised form, which enables us to display advertising and offers relevant to them on Pinterest to our website visitors who have already been interested in our website and our content/offers and are Pinterest members. For this purpose, a conversion tracking pixel from Pinterest is integrated into our website, which informs Pinterest when you visit our website that you have accessed our website and which parts of our offer you are interested in. For example, if you were interested in our subscriptions on our website, you can see an ad about our subscriptions on Pinterest.

If the user is redirected to our website by a pin on Pinterest and the cookies used have not yet expired, the tag records certain user actions predefined by us and can track them (e.g. completed transactions, search queries on the website, visits to subpages). When carrying out such an action, your browser sends an HTTP request from the cookie via the Pinterest tag to the Pinterest server with specific information about the action (e.g. type of action, time, browser type of device). Through this transmission, Pinterest may compile statistics on user behaviour on our website, which serve to optimise our offering.

If you do not want information about your behaviour to be used by Pinterest as described above, you can refuse the necessary setting of a cookie – for example, by setting your browser to generally disable the automatic setting of cookies.

The legal basis for the aforementioned data processing is your consent pursuant to the applicable data protection legislation. Consent granted may be withdrawn with future effect at any time.

Further information on data protection and the cookies used by Pinterest can be found on the Pinterest website at https://policy.pinterest.com/en/privacy-policy.

10.10 Creation of pseudonymised user profiles

To provide you with personalised services and information on our website (on-site targeting), we use and analyse the data we collect about you when you visit the website. Cookies may be also used during the processing of this data (see Section 9 above). Usage data is only collated with pseudonymised data, and never with non-pseudonymised personal data.

The legal basis for processing this data for this purpose is our legitimate interest in optimising and personalising our online offering and advertising communications pursuant to the applicable data protection legislation.

11. Links to our social media pages

Our website contains links to social media networks. These are not plugins provided by social media networks, which start sending data to the provider when the site is loaded without user input. The social media network buttons conceal a simple link to our page on the social media network. No user data is transmitted from the website to the social media network.

The links lead to our pages on the following networks:

  • Facebook of Meta Platforms Inc., One Hacker Way Menlo Park, CA 94025, USA, or, if you live in the EU or Switzerland, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

  • Instagram from Meta Platforms Inc., One Hacker Way Menlo Park, CA 94025, USA, or, if you live in the EU or Switzerland, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

  • LinkedIn Corporation, 1000 West Maude Avenue Sunnyvale, CA 94085, USA; if you reside in the EU or Switzerland, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

  • Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA; if you live in the EU or Switzerland, Pinterest Europe Ltd. Palmerston House, Fenian Street, Dublin 2, Ireland.

Whenever you activate a link to our social media profiles, this will establish a direct link between your browser and the server of the social network in question. This informs the network that you have visited our website with your IP address and have activated the link. If you access a link to a network while logged into your account with that network, the contents of our site may be linked to your profile on the network, which means that the network may match your visit to our website directly to your user account. If you want to prevent this from happening, you should log out first before clicking such links. Your visit will definitely be matched to your account if you log into the respective network after clicking the link.

Data processing in connection with your stay

12. Data processing for compliance with legal notification obligations

When you arrive at our hotel, we need the following information from you and anybody accompanying you (mandatory *):

  • First name and surname*

  • Postal address and canton*

  • Date of birth*

  • Nationality

  • Official form of identification and number*

  • Arrival and departure dates*

We collect this information to comply with legal notification obligations, which arise in particular in connection with the hospitality industry or police law. Where we are required to do so by applicable regulations, we will forward this information to the appropriate police authority.

The processing of such data is based on a legal obligation within the meaning of the applicable data protection legislation.

13. Recording of purchased services

If you purchase additional services during your stay (wellness, restaurant, activities, etc.), we will record the product/service as well as the time at which you receive it for billing purposes. The processing of this data is necessary within the meaning of the applicable data protection legislation for the purpose of performing the contract with us.

14. Guest feedback

If you provided your e-mail address when making your booking, you will be sent an electronic form after departure. We use this form to collect the following data (mandatory *):

  • First name and surname

  • age

  • Nationality

  • duration of stay

Provision of this information is voluntary and helps us continuously improve our offer and our services to better meet your needs. Unless otherwise stated in this Privacy Policy or you have given your explicit consent, we will only use the information you provide for statistical purposes. We will process the data in connection with your name in order to contact you if any aspects are unclear. The legal basis for processing such data for the aforementioned purposes is our legitimate interest within the meaning of the applicable data protection legislation.

Data processing in connection with marketing activities

As a guest or former guest of a Tschuggen Collection AG hotel, we will send you mailings by post to keep you up to date on our activities. To do so, we use the data mentioned in Section 14. This information is usually sent by post. You may unsubscribe from this information at any time. To do so, contact the respective hotel or the head office at[email protected].

Storage and exchange of data with third parties

15. Bookings via booking platforms

If you make bookings via a third-party platform (i.e. Booking.com, Ecohohtels, Expedia, Kind Traveller, Leading Hotels of the World, Swiss Deluxe Hotels, Weekend4Two, Google, HolidayCheck, Escapio, Kayak, Mr & Mrs Smith, Ski.com, Splendia, Powderbyrne, Travel Leaders, Tripadvisor, Trivago, Virtuoso, etc.), we will receive various personal information from the respective platform operator in connection with the booking made. This information generally comprises the data listed in Section 5 of this Privacy Policy. Enquiries regarding your booking might also be forwarded to us. We will process this data in connection with your name in order to record your booking as requested and to provide the booked services. The legal basis of data processing for this purpose is the necessity to take steps prior to entering into a contract, and the performance of a contract pursuant to the applicable data protection legislation.

Finally, we may be informed by the platform operators of any disputes connected to a booking. For this, we may also receive information about the booking process, including a copy of the booking confirmation as proof that the booking was actually made. We process this data to safeguard and enforce our claims. This is where our legitimate interest lies within the meaning of the applicable data protection legislation.

Please also note the information on data protection provided by the respective booking platform.

16. Central storage and linking of data

We store the data specified in this Privacy Policy in a central electronic data processing system (CRM). Data related to you will be systematically recorded and linked in order to process your bookings and handle the contractually agreed services. Within the scope of data protection law, we also enrich the data with data from public sources (e.g. press or Internet). To this end, we use the following software: protel hotelsoftware GmbH, Europaplatz 8, 44269 Dortmund (D) / Bookatable GmbH & Co. KG, Deichstrasse 48-50, 20459 Hamburg (D) / gastronovi GmbH, Buschhöhe 6, 28357 Bremen (D) / TAC Informationstechnologie GmbH, Schildbach 111, 8230 Hartberg (A).

The processing of this data within the framework of the software is based on our legitimate interest in customer-friendly and efficient customer data management within the meaning of the applicable data protection legislation as well as on taking contractual measures pursuant to it.

17. Retention period

We only store personal data for as long as necessary in order to use the tracking services mentioned above and for any further processing in which we have a legitimate interest. We keep contractual data for a longer period of time, as this is prescribed by legal storage obligations. Storage obligations, which oblige us to store data, result from regulations concerning the right to report, accounting and tax law. According to these regulations, business communications, contracts concluded and accounting records must be kept for up to 10 years. If we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.

18. Disclosure of data to third parties

We will only disclose your personal data if you have expressly consented to such disclosure, if there is a legal obligation to do so or if this is necessary for the enforcement of our rights, in particular for the enforcement of claims arising from the contractual relationship. In addition, we disclose your data to third parties to the extent necessary within the context of website usage and contract performance, for providing you with the desired services and for analysing your user behaviour or if there is a legal obligation to do so (e.g. order from a law enforcement agency) or if this is necessary for enforcing claims arising from the contractual relationship (e.g. collection efforts). Use of the data disclosed for this purpose is strictly limited to the purposes specified.

Webhosting

One service provider to whom the personal data collected through the Site is shared or who has or may have access to it is our web hosting provider (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). The website is hosted on servers in Switzerland. The data is passed on for the purpose of providing and maintaining the functionalities of our website.

The legal basis for processing this data for this purpose is our legitimate interest pursuant to the applicable data protection legislation.

Booking via our website

When you make a booking via our website, the personal data collected in this context is transferred to OnePageBooking by HotelNetSolutions GmbH, Berlin (D) and TRUST International Hotel Reservation Services GmbH, Frankfurt am Main, Germany. The data is passed on for the purpose of recording and registering your booking.

The legal basis of data processing for these purposes is the taking of steps prior to entering into a contract, and the performance of a contract pursuant to the applicable data protection legislation.

Data processing in the context of e-mail communication

In connection with the sending of e-mails, we use the Airtable service of the company Airtable. (799 Market Street, 8th Floor, San Francisco, CA 94103, USA). Airtable is used to send confirmation e-mails, transaction confirmations and e-mails containing important information about user accounts and the facility.

Further information on Airtable’s privacy policy can be found in the provider’s privacy policy at the following link: https://www.airtable.com/privacy.

The legal basis of data processing for these purposes is the taking of steps prior to entering into a contract, and the performance of a contract pursuant to the applicable data protection legislation.

Credit card information

When you make a credit card payment on the website or via a payment terminal, we forward your credit card information to your credit card issuer and to the credit card acquirer. For this purpose, we work with the software platforms Saferpay offered by SIX Payment Solutions AG, Hardturmstrasse 201, 8005 Zurich, Switzerland and Datatrans Payment Pages offered by Datatrans, Kreuzbühlstrasse 26, 8008 Zurich, Switzerland. If you decide to pay by credit card, you will be asked to enter all the information required for a credit card payment. The legal basis for disclosing data is the performance of a contract pursuant to the applicable data protection legislation. With respect to the processing of your credit card information by these third parties, we ask that you also read the General Terms and Conditions and the Privacy Policy of your credit card issuer. We will automatically delete your credit card details after your departure.

Guest feedback

We forward any data collected in connection with feedback provided by our guests to our partners IRC-Swiss GmbH, Ebikon (CH), Medallia, San Mateo, CA (USA) and Trustyou GmbH, Munich (D). The data will only be passed on for storage purposes. Data may only be processed on behalf of Tschuggen Collection AG.

The legal basis for processing this data for this purpose is our legitimate interest pursuant to the applicable data protection legislation in improving our services based on guest feedback and in securely storing this data.

Online reservations in our hotel restaurants

In connection with online table reservations for our hotel restaurants, we use the For a table reservation service provided by Lunchgate AG, Badenerstrasse 255, 8003 Zurich, Switzerland. When using the reservation service, you send personal data such as your name, telephone number, e-mail address, desired number of guests or comments to Lunchgate via the input fields. This data is necessary for making an online reservation and must therefore be stored by Lunchgate AG.

Further information on data protection at Lunchgate AG can be found in the provider’s terms of use at the following link: https://www.lunchgate.ch/nutzungsbedingungen.

The legal basis of data processing for these purposes is the taking of steps prior to entering into a contract, and the performance of a contract pursuant to the applicable data protection legislation.

Guest tickets, ski passes

Guest tickets (TicinoTicket, Arosa All-Inclusive card, etc.) can be issued to visitors at our destinations. The guest cards are linked to the collection of data for tourist taxes. Unless otherwise stated in this Privacy Policy or you have given your explicit consent, we will only pass on your personal data to the guest card issuer (Engadin St.Moritz Tourismus AG, Arosa Tourismus, Ticino Turismo) to the extent that this is explicitly necessary for issuing the guest card or for charging the tourist tax. Data will also be passed on to the mountain railway or its operator (Arosa Bergbahnen, Bergbahnen Engadin St.Moritz AG) in order to issue some ski passes.

The legal basis of data processing for these purposes is the taking of steps prior to entering into a contract, and the performance of a contract pursuant to the applicable data protection legislation.

Video surveillance

In order to prevent misuse and to take action against illegal behaviour (in particular theft and damage to property), the entrance area and the publicly accessible areas of our hotel are monitored by cameras. The image data is only viewed if there is a suspicion of illegal behaviour. The legal basis for this is our legitimate interest in the protection of our property and the protection and enforcement of our rights in accordance with the relevant legislation.

Wifi use

The Wifi network provided in our hotels is operated by Swisscom Ltd. (Tiefenaustrasse 6, 3050 Bern, Switzerland). The following data may be processed: IP address, MAC address of your end device and the name specified. Swisscom may also store certain usage data such as visited websites, date, time and IP address.

Swisscom’s privacy policy can be viewed at https://www.swisscom.ch/en/about/privacy-statement.html.

The legal basis for processing this data for this purpose is our legitimate interest in providing Wifi access during your stay pursuant to the applicable data protection legislation and/or your consent when using the Wifi within the meaning of it. Consent granted may be withdrawn with future effect at any time.

19. Transmission of personal data abroad

We are entitled to transfer your personal data to third parties (commissioned service providers) abroad for the purpose of performing the data processing described in this Privacy Policy. These third parties are subject to the same data protection obligations as us. If the level of data protection in a country does not correspond to that in Switzerland or Europe, we have contractual agreements in place to ensure that the protection of your personal data is equivalent to that in Switzerland or the EU at all times.

20. Note regarding data transmissions to the USA

Some individual third-party service providers mentioned in this Privacy Policy are based in the USA. For the sake of completeness, we would like to point out to users residing or domiciled in Switzerland or the EU that the US authorities have monitoring measures in place in the USA which generally allow the storage of all personal data of all persons whose data was transmitted from Switzerland or the EU to the USA. This is done without differentiation, restrictions or exceptions in terms of the objective pursued and without an objective criterion which would make it possible to restrict the US authorities’ access to the data and its subsequent use to very specific, strictly limited purposes that could justify the intrusion constituted by both access to such data and its use. Furthermore, we would like to point out that there are no legal remedies available in the USA for data subjects from Switzerland or the EU which would allow them to gain access to the data related to them and to have such data rectified or erased, and that there is no effective judicial protection against the general access rights of US authorities. We explicitly point out this legal and factual situation to data subjects to help them make an appropriately informed decision on whether to grant their consent for the use of their data.

Users residing in Switzerland or an EU Member State are advised that, from the standpoint of the European Union and Switzerland, the USA does not have an adequate level of data protection, in part because of the issues mentioned in this section. If we have explained in this Privacy Policy that recipients of data (such as Google) are based in the USA, we will ensure that your data is afforded an appropriate level of protection by our partners through contractual arrangements with these companies as well as through any additional appropriate guarantees required pertaining to the rights of persons whose personal data are sent to a third country.

Additional information

21. Your rights

Provided that the statutory requirements are met, you as a data subject have the following rights:

Right of access: You have the right to view the personal data we have stored about you free of charge and at any time, if we are processing such data. This gives you the opportunity to check which personal data we process about you and check that we use it in accordance with the applicable data protection regulations.

Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed about such rectification. In this case, we will inform the recipient of the data in question about changes made, unless this proves impossible or involves a disproportionate effort.

Right to erasure: You have the right to obtain the erasure of your personal data under certain circumstances. In individual cases, in particular in the case of statutory retention obligations, the right to erasure may be excluded. In this case, the deletion of the data may be replaced by blocking of the data if the conditions are met.

Right to restriction of processing: You have the right to request that the processing of your personal data be restricted.

Right to data portability: You have the right to receive from us the personal data you have provided to us in a readable format free of charge.

Right to object: You may object to data processing at any time, in particular for data processing in connection with direct marketing (e.g. promotional e-mails).

Right to withdraw: In principle, you have the right to withdraw your consent at any time. However, processing activities based on your consent in the past will not become unlawful if you withdraw your consent.

To exercise these rights, please send us an e-mail at the following address:

[email protected]

Right to complain: You have the right to lodge a complaint about how your personal data is being processed with a competent supervisory authority.

22. Data security

We use suitable technical and organisational security measures to protect your personal data stored by us against loss and unlawful processing, in particular unauthorised access by third parties. Our employees and the service providers commissioned by us are obliged by us to maintain confidentiality and to maintain data protection. In addition, such persons are granted access to the personal data only to the extent necessary for the performance of their duties.

Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always entails certain security risks and we cannot give absolute guarantees as to the security of information transmitted in this way.

23. Contact

If you have any questions about data protection on our website, would like information or wish to have your data erased, please send us an e-mail at [email protected].

You can send your request by post to the hotel management of the hotel in question or to the following address:

Tschuggen Collection Ltd. Tschuggentorweg 1 7050 Arosa

Switzerland

Last updated: Zurich, August 2023

Go back

Visit us on Instagram