Data privacy

Brigels Resort AG manages the Pradas Resort and operates the website www.pradasresort.ch and is therefore responsible for the collection, processing and use of your personal data and the compatibility of data processing with the applicable data protection law.

Your trust is important to us, which is why we take the subject of data protection seriously and pay close attention to taking appropriate security measures. Of course, we comply with the legal provisions of the Federal Data Protection Act (DSG), the Ordinance to the Federal Data Protection Act (VDSG), the Telecommunications Act (FMG) and other applicable data protection provisions of Swiss or EU law, in particular the General Data Protection Regulation (GDPR).

In order for you to know what personal data we collect from you and for what purposes we use it, please take note of the information below.

A. Data processing in connection with our website

1. Visiting our website

When visiting our website, our servers temporarily store every access in a log file. As with any connection to a web server, the following technical data is recorded without your intervention and stored by us after 38 months at the latest until it is automatically deleted:

IP address of the requesting computer,
the name of the owner of the IP address range (usually your Internet access provider),
the date and time of access,
the website from which the access was made (referrer URL), if applicable with the search term used,
name and URL of the retrieved file,
the status code (for example, error message),
the operating system of your computer,
the browser you are using (type, version and language),
the transmission protocol used (e.g. HTTP/1.1) and
if necessary your username from registration/authentication.

This data is collected and processed for the purpose of enabling the use of our websites (connection establishment), to permanently guarantee system security and stability and to enable the optimisation of our Internet offer as well as for internal statistical purposes. This is our legitimate interest in data processing within the meaning of Art. 6 para. 1 (f) GDPR.

The IP address is also evaluated together with the other data in the event of attacks on the network infrastructure or other unauthorised or abusive use of the website for explanatory and defensive purposes and may be used in the course of criminal proceedings to identify and prosecute the users concerned under civil and criminal law. This is our legitimate interest in data processing within the meaning of Art. 6 para. 1 (f) GDPR.

2. Use of our enquiry form

You have the possibility to use an enquiry form to request a personal quote. For this we absolutely need the following information:

Title
First and last name
Street, postcode, city, country
Phone number
Email address
Arrival and departure date
Number of adults and children
Number of apartments and type of apartment

We use this data only to be able to answer your contact enquiry in the best possible and personalised way. In addition, you can voluntarily provide further data (desired special offer, comments). The processing of this data is therefore required within the meaning of Art. 6 para. 1 (b) GDPR for the implementation of pre-contractual measures or is in our legitimate interest pursuant to Art. 6 para. 1 (f) GDPR.

3. Subscribing to our newsletter

On our website you have the possibility to subscribe to the Pradas Resort newsletter. This requires registration. The following data must be provided during registration:

First and last name
Email address

These details serve to personalise the newsletter and so that we can send you offers, news and information by email.

By registering, you give us your consent to the processing of the data provided for the regular dispatch of the newsletter to the address you have provided and for the statistical evaluation of usage behaviour and optimisation of the newsletter. This consent constitutes, within the meaning of Art. 6 para. 1 (a) of the GDPR, our legal basis for processing your email address. We are entitled to commission third parties with the technical handling of advertising measures and are entitled to pass on your data for this purpose (cf. below no. 13).

a. Double Opt-In and Logging

Subscription to our newsletter takes place using a process known as double opt-in. This means that upon registration, you will receive an email requesting confirmation of the subscription. The confirmation is required to ensure that no one else subscribes using another person's email address.

A record of subscriptions to the newsletter is kept to fulfil the legal requirements for recording the subscription process. The record contains the time of subscription and confirmation as well as the relevant IP address. Changes to your data stored with MailChimp are also logged.

b. Use of the MailChimp distribution service

The newsletter is sent via "MailChimp", a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, US.

The email addresses of our newsletter recipients, as well as their further data described in the context of these notes, are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, MailChimp can use this data along with its own information to optimise or improve its own services, e.g. to technically optimise the sending and presentation of the newsletter or for business purposes, in order to determine from which countries the recipients originate. However, the service does not use the data of our newsletter recipients to approach recipients directly, nor do they pass the information on to third parties.

We trust in the reliability and IT and data security of MailChimp. MailChimp is certified under the US-EU data protection agreement "Privacy Shield", and thus commits itself to comply with EU data protection regulations. Furthermore, we have concluded a data processing agreement with MailChimp. This is a contract in which MailChimp undertakes to protect our users' data, to process it on our behalf in accordance with our data protection regulations, and, in particular, not to pass it on to third parties. You can view MailChimp's privacy policy here.

c. Statistical surveys and analyses

The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file, which is retrieved from MailChimp's server when opening the newsletter. As part of this access attempt, technical information such as your browser and operating system, as well as your IP address and the time of the download, are collected. This information is used for technical improvement of the service using technical data or of target group data and their reading behaviour using their download locations (identifiable through IP addresses), or download times.

Statistical data collection also includes a determination of whether the newsletters are opened, when they are opened and which links are clicked on. For technical reasons, this information can be assigned to the individual newsletter recipients. However, we and MailChimp are not interested in monitoring individual users. Data analysis is more importantly used to recognise patterns in the reading behaviour of our users, and to adapt contents accordingly or send different content according to the interests of our users.

d. Online access and data management

There are cases where we direct the newsletter recipients to the web pages of MailChimp. For example, if our newsletters contain a link with which the newsletter recipients can view the newsletters online (e.g. in case of display problems in the email program). Furthermore, newsletter recipients can subsequently correct their data, e.g. email address. Likewise, the Privacy Policy of MailChimp is only available on their site.

In this context, we point out that cookies are used on the websites of MailChimp and thus personal data is processed by MailChimp, its partners and service providers (e.g. Google Analytics). We do not have any control whatsoever over this data collection. Further information can be found in the privacy policy of MailChimp. In addition, we would like to draw your attention to the possibilities of objecting to the collection of data for advertising purposes on the websites http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/ (for the European area).

e. Cancellation/Revocation

You can cancel your subscription to our newsletter at any time, i.e. revoke your consent. At the same time your consent to the newsletter's dispatch via MailChimp, your personal data and the statistical analyses expires. A separate cancellation of either the dispatch via MailChimp or the statistical evaluation is unfortunately not possible. Further processing will only take place in anonymous form to optimise our newsletter.

4. Booking on the website, by correspondence or by telephone call

If you make bookings either via our website, by correspondence (email or letter) or by telephone call, we require the following data to process the contract:

Arrival date
Departure date
Type of apartment or offer
First and last name
Email address

We will only use this data and other information you voluntarily provide (e.g. title, street, postcode, city, country, telephone, fax, comments such as expected time of arrival and wishes/preferences) to process the contract, unless otherwise stated in this data protection declaration or unless you have given your separate consent. We will process the data in order to record your booking as requested, to make the booked services available, to contact you in case of ambiguities or problems and to ensure correct payment.

The legal basis of data processing for this purpose is the performance of a contract pursuant to Art. 6 para. 1 (b) of the GDPR.

5. Customer account

After the booking, the guests receive the confirmation number for access to the individual guest website (online guest folder, guest invoice, recorded guest data). Guests can change the following data:

Title
First and last name
Postal address
Telephone number / mobile phone number
Email address

It is possible to open a customer account. When registering for a customer account, we collect the following mandatory data:

Email address
Password

The collection of this and other data you voluntarily provide (e.g. company name) is for the purpose of providing you with password-protected direct access to your basic data stored by us. You can view your previous and current bookings or manage or change your personal data there.

The legal basis of the processing of the data for this purpose is the consent given by you pursuant to Art. 6 para. 1 (a) GDPR.

6. Cookies

Cookies help in many ways to make your visit to our website easier, more pleasant and more meaningful. Cookies are information files which your web browser automatically stores on your computer’s hard disc when you visit our website.

For example, we use cookies to temporarily save your selected services and entries when you fill out a form on the website, so that you do not have to repeat the entry when you access another subpage. Cookies may also be used to identify you as a registered user after registering on the website, without you having to log in again when accessing another subpage.

Most internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer, or a message always appears before a new cookie is created. On the following pages you will find explanations on how you can configure the processing of cookies with the most common browsers:

Disabling cookies may prevent you from using all the features of our website.

7. Tracking-Tools

General

We use the web analysis service of Google Analytics for the purpose of demand-oriented design and continuous optimisation of our website. In this context, pseudonymous user profiles are created and small text files stored on your computer ("cookies") are used. The information generated by the cookie about your use of this website is transmitted to the servers of the providers of these services, stored there and processed for us. In addition to the details set out under no. 1, we may receive the following information:

Navigation path that a visitor takes on the site,
Duration of stay on the website or subpage,
The subpage on which the website is left,
The country, region or city from which it is accessed,
Terminal (type, version, colour depth, resolution, width and height of the browser window) and
Returning or new visitor.

The information is used to evaluate the use of the website, to compile reports regarding website activity and to provide other services related to website activity and Internet usage for the purposes of market research and needs-based design of these websites. This information may also be transferred to third parties, provided this is legally required, or to the extent that such third parties are commissioned to process the information.

Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; "Google"). Google Analytics uses cookies. As a rule, the cookie-generated data regarding your use of this website is forwarded to a Google server in the USA and stored there. Your IP address will be shortened within the European Union and thus anonymised or at least pseudonymised. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. This website uses Google Analytics' "demographic features". This allows reports to be generated containing statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This data cannot be attributed to any specific individual person. The IP address transmitted by your browser as part of Google Analytics is not merged with any other data held by Google. In this context, please also note Google's privacy policy, in particular the information available under the following two links: https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=en.
You can prevent the data that is generated by cookies about your use of the website from being passed on to Google, and the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

Alternatively, you can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set that prevents your data from being collected on future visits to this site: to disable Google Analytics.

Google Tag Manager

We use on our website "Google Tag Manager", a service of Google Inc. Google Tag Manager allows us to manage web page tags from a single interface. The tool "Google Tag Manager", which implements the tags, is a cookie-free domain and does not collect any personal data. Google Tag Manager causes other tags to be activated which may, for their part, collect data themselves under certain circumstances. Google Tag Manager does not access this data. If deactivated at the domain or cookie level, this deactivation will remain in effect for all tracking tags implemented with Google Tag Manager. Google is subject to and certified under the Privacy Shield Agreement between the European Union and the USA. Google therefore undertakes to comply with the standards and regulations of European data protection law. Third party provider information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Further information on data protection can be found on the following Google websites: Privacy Policy: https://policies.google.com/privacy?hl=en FAQ Google Tag Manager: https://www.google.com/intl/de/tagmanager/faq.html, Terms of Use Google Tag Manager: https://www.google.com/intl/de/tagmanager/use-policy.html.

Google (Invisible) reCAPTCHA

We use the reCAPTCHA service from Google Inc. (Google) to protect enquiries you send through the internet. The tool checks whether the input is made by a person or improperly by means of automated machine processing. This service involves sending Google the IP address and any other data required by Google for the reCAPTCHA service. For this purpose your input will be transmitted to Google and used there. Your IP address will be truncated by Google within the member states of the European Union or in other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. Google will use this information to evaluate your use of this service on behalf of the operator of this website. The IP address transmitted by your browser as part of reCAPTCHA is not merged with other Google data. This data is subject to the differing privacy policy of Google. For more information about Google's privacy policy, please visit: https://policies.google.com/privacy?hl=en.

CDN - Content Delivery Networks (e.g. Google Web Fonts)

We use various web fonts on our website. These are provided by various providers and delivered via a content delivery network. These are for example Google Web Fonts, Adobe Typekit etc. When you visit our site, your browser will download the required file into your browser cache. This is necessary so that your browser can also show an optically improved representation of our texts. If your browser does not support this feature, your computer will use a standard font for display. You can prevent this by preventing Javascript from loading in your browser. However, when deactivated, the full functionality of our website will no longer be available.

Google Maps

We use the product Google Maps from Google Inc. By using this website, you consent to the collection, processing, and use of data collected automatically by Google Inc., its representatives, and third parties. You can find the Google Maps terms of use at: http://www.google.com/intl/de_en/help/terms_maps.html.

YouTube

We use YouTube to integrate videos. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. The videos were embedded in the extended data protection mode, if possible. Like most websites, however, YouTube also uses cookies to collect information about the visitors to its website. YouTube uses them, among other things, to collect video statistics, to prevent fraud and to improve user-friendliness. This also leads to a connection with the Google DoubleClick network. Starting the video could trigger further data processing. We have no influence on that. For more information about privacy at YouTube, please see their privacy policy: https://policies.google.com/privacy?hl=de.

MyHotelShop

myhotelshop GmbH, Flossplatz 6, 04107 Leipzig, DE uses tracking pixels to measure the clicks and bookings that are forwarded by Tripadvisor and Trivago directly on the Pradas Resort website. The location / user agent (information about the browser) / time and duration of access are registered. You can find more information about the data protection of MyHotelShop in their data protection declaration at: https://www.myhotelshop.com/de/terms-and-conditions

8. Social Plugins

Social plugins are used on our websites.

You can recognise the plugins by the fact that they are marked with the corresponding logo. These plugins may be used to send information to the service provider for its use. Said information may possibly include personal data. We prevent the unconscious and unintentional collection and transmission of data to the service provider by merely linking to the corresponding services via the buttons on our website. We do not collect any personal data ourselves using the social plugins or about how they are used.

We have no influence on which data an activated plugin collects and how it is used by the provider. Currently, one must assume that direct connections are established to the services of the respective provider and your IP address and specific usage information will be recorded and used. Service providers may also try to save cookies on the computer used. Please refer to the data protection information of the respective service provider to find out which specific data is collected and how it is used. NB: If you are logged in to Facebook when you visit our site, Facebook can identify you as a visitor to a particular site.

We have included social media buttons from the following companies on our site:

Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA
Facebook Inc, 1601 Willow Road Menlo Park, CA 94025, USA

Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA

9. Other Third-Party Tools

Our website uses functions, widgets or plugins from

Holidaycheck (Icon): HolidayCheck AG, Bahnweg 8, 8598 Bottighofen, CH
Tripadvisor (Icon): TripAdvisor LLC, 400 1st Avenue, Needham, MA 02494, USA
TrustYou (Valuation widget): TrustYou Europe HQ, 80992 Munich, DE
Walls.io (Social media widget): Social Software Development GmbH, Andreasgasse 6, Top 1, 1070 Vienna, AT

The IP address is transmitted to these third-party tools to ensure their functionality. We have no influence on whether the third party providers store the IP address for statistical purposes or similar. You can find more information on this in the data protection declarations of the respective services.

B. Data processing in connection with your stay

10. Data processing for the fulfilment of legal reporting obligations

The reporting obligation is regulated in the Hospitality Act for the Canton of Grisons (GWG, BR 945.100). According to Article 11, the government regulates the reporting obligation. Details are set out in the implementation provisions of the Federal Law on the Hospitality Industry (BR 945.110). As of January 1, 2015, only foreign persons or guests are required to register.

The completed registration forms must be kept by the proprietor for one year from the date of departure or the last entry. Where we are required to do so by applicable regulations, we will forward this information to the appropriate police authority.

We have a legitimate interest in the fulfilment of the legal requirements within the meaning of Art. 6 para. 1 (f) GDPR.

11. Recording of purchased services

If you receive additional services during your stay (e.g. massages, ski passes, bread roll service), we will record the subject matter of the service and the time when you receive it for billing purposes. The processing of this data is required within the meaning of Art. 6 para. 1 (b) GDPR for processing the contract with us.

C. Storage and exchange of data with third parties

12. Booking platforms

If you make bookings via a third-party platform, we receive various pieces of personal information from the respective platform operator. As a rule, these are those referred to in no. 4 of this privacy policy. In addition, we may receive enquiries regarding your booking. We will process this data in order to record your booking as requested and to make the booked services available. The legal basis of data processing for this purpose is the performance of a contract pursuant to Art. 6 para. 1 (b) of the GDPR.

Finally, we may be informed by the platform operators of any disputes in connection with a booking. We may also receive information about the booking process, which may include a copy of the booking confirmation as proof of the actual booking completion. We process this data to protect and enforce our claims. This is our legitimate interest within the meaning of Art. 6 para. 1 (f) GDPR.

Please also note the information on data protection of the respective provider.

13. Central storage and linking of data

We store the data specified in nos. 2-5 and 8-10 in a central electronic data processing system. The data concerning you is systematically recorded and linked in order to process your bookings and the contractual services. For this we use software from REBAGDATA AG, Einsiedlerstrasse 533, P.O. Box 426, 8810 Horgen, Switzerland. The processing of this data within the framework of the software is based on our legitimate interest within the meaning of Art. 6 Para. 1 (f) GDPR in customer-friendly and efficient customer data management.

14. Storage period

We only store personal data for as long as it is necessary for using the tracking services mentioned above and the further processing within the scope of our legitimate interest. We keep contractual data for a longer period of time, as this is prescribed by legal storage obligations. Storage obligations, which oblige us to store data, result from regulations concerning the right to report, accounting and tax law. According to these regulations, business communications, contracts concluded and accounting records must be kept for up to 10 years. If we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.

15. Data transfer to third parties.

We only pass on your personal data if you have expressly consented, if there is a legal obligation or if this is necessary for the enforcement of our rights, in particular for the enforcement of claims arising from the contractual relationship. Furthermore, we pass on your data to third parties as far as this is necessary in the context of the use of the website and the contract processing (also outside the website), namely the processing of your bookings.

A service provider to whom the personal data collected via the website is passed on or who has or can have access to it is our web hoster Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The website is hosted on servers in Germany. The data is passed on for the purpose of providing and maintaining the functionalities of our website. This is our legitimate interest within the meaning of Art. 6 para. 1 (f) GDPR.

Finally, we will forward your credit card information to your credit card issuer and acquirer when payment is made by credit card on the website. If you decide to pay by credit card, you will be asked to enter all necessary information. The legal basis for the transfer of the data lies in the fulfilment of a contract in accordance with Art. 6 Para. 1 (b) of the GDPR. Concerning the processing of your credit card information by these third parties, we ask you to also read the General Terms and Conditions and the data protection declaration of your credit card issuer.

Furthermore, with regard to the passing on of data to third parties, please also observe the notices in nos. 7-8 and 10-11.

16. Transmission of personal data abroad

We are entitled to transfer your personal data to third parties (commissioned service providers) abroad for the purpose of the data processing described in this data protection declaration. These are obliged to the same extent as we ourselves to data protection. If the level of data protection in a country does not correspond to that in Switzerland or Europe, we contractually ensure that the protection of your personal data corresponds at all times to that in Switzerland or the EU.

D. Additional information

17. Right of information, rectification, erasure and restriction of processing; right to data portability

You have the right, upon request and free of charge, to receive information about the personal data that we store about you. In addition, you have the right to correct incorrect data and to have your personal data deleted, insofar as this does not conflict with any legal obligation to retain data or an event of authorisation which allows us to process the data.

You also have the right to reclaim from us the data that you have provided to us (right of data portability). Upon request, we will also pass the data on to a third party of your choice. You have the right to receive the data in a common file format.

You can contact us for the above-mentioned purposes by email at info@pradasresort.ch We may, at our sole discretion, require proof of identity to process your requests.

18. Data security

We use appropriate technical and organisational security measures to protect your stored personal data against manipulation, partial or complete loss, as well as against unauthorised access by third parties. Our security procedures are continually enhanced as new technology develops.

You should keep your access data confidential and close the browser window when you have finished your session, especially if your computer is also used by other people.

We also take internal company data protection very seriously. Our employees and the service providers appointed by us are subject to a confidentiality obligation and must comply with data protection regulations.

19. Note on data transmission to the USA

For the sake of completeness, we would like to point out that in the USA, the surveillance measures of US authorities allow the general storage of all personal data of all persons whose data has been transmitted from Switzerland to the USA. This is done without differentiation, restriction or exception with respect to the aim pursued and without an objective criterion that would make it possible to restrict the US authorities' access to data and its subsequent use to very specific, strictly limited purposes which justify the interference associated with both access to, and use, of such data. Furthermore, we would like to point out that, in the USA, there are no legal remedies available to data subjects that would allow them to gain access to the data concerning them and to obtain its correction or deletion, and that there is no effective legal protection against general access rights by US authorities. We explicitly point out this legal and factual situation to the data subject in order to make an appropriately informed decision to consent to the use of their data.

Users residing in an EU Member State are advised that the US does not have an adequate level of data protection from the point of view of the European Union, partly because of the issues mentioned in this section. To the extent that we have stated in this Privacy Policy that recipients of data (such as Google or Facebook) are located in the United States, we will ensure that your data is protected at an appropriate level with our partners either by contractual arrangements with these companies or by ensuring that these companies are certified under the EU/Swiss-US Privacy Shield.

20. The right of appeal to a data protection supervisory authority

You have the right to complain at any time to a data protection supervisory authority.

Version dated: 28.10.2021