Skip to main content

Data Privacy Policy


This data privacy policy was drawn up together with datenschutzpartner.ch with regard to the New Federal Act on Data Protection (nFADP). This is an automated translation which might not be perfect (please refer to the original version).

 

With this Privacy Policy, we provide information on the processing of personal data in connection with our activities and services, including our website under the domain name pradasresort.ch. In particular, we inform about the purposes, methods, and locations of processing, as well as the rights of individuals whose data we process.

For specific or additional activities and services, we may publish further privacy statements or other information on data protection.

We are subject to Swiss data protection law and, where applicable, foreign data protection law, such as that of the European Union (EU) with the General Data Protection Regulation (GDPR).

The European Commission recognized with its decision of 26 July 2000 that Swiss data protection law ensures adequate protection. With the report of 15 January 2024, the European Commission confirmed this adequacy decision.

1. Contact Details

Responsibility for processing personal data:

Brigels Resort AG
Via Plaun Rueun 44
7165 Brigels

info@pradasresort.ch

In certain cases, third parties may be responsible for processing personal data or share joint responsibility with us.

1.1 Data Protection Officer or Advisor

We have appointed the following data protection officer or advisor as a point of contact for individuals and authorities regarding privacy inquiries:

Gérard Carigiet
Brigels Resort AG
Via Plaun Rueun 44
7165 Brigels

info@pradasresort.ch

1.2 Data Protection Representation in the European Economic Area (EEA)

We have appointed the following data protection representative in accordance with Art. 27 GDPR:

VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany

info@pradasresort.ch

The data protection representation serves as an additional contact point for individuals and authorities within the EU and the rest of the EEA for inquiries related to GDPR.

2.1 Definitions

Data Subject: An individual whose personal data we process.

Personal Data: All information relating to an identified or identifiable natural person.

Special Categories of Personal Data: Data concerning union memberships, political, religious, or philosophical beliefs, health, intimate life, ethnic origin, genetic data, biometric data used to uniquely identify an individual, data on administrative or criminal proceedings and sanctions, and data on social welfare measures.

Processing: Any handling of personal data, regardless of the tools and methods applied, such as querying, comparing, adapting, archiving, storing, reading, disclosing, acquiring, recording, collecting, deleting, making available, organizing, linking, destroying, and using personal data.

European Economic Area (EEA): Member states of the European Union (EU) as well as Liechtenstein, Iceland, and Norway.

We process personal data in compliance with Swiss data protection law, including the Swiss Federal Data Protection Act and the Data Protection Ordinance.

Where the European General Data Protection Regulation (GDPR) applies, we process personal data in accordance with at least one of the following legal grounds:

  • Art. 6 para. 1 lit. b GDPR for the processing of personal data necessary to perform a contract with the data subject or to carry out pre-contractual measures.
  • Art. 6 para. 1 lit. f GDPR for the processing of personal data to protect legitimate interests – including those of third parties – as long as the fundamental rights and freedoms of the data subject do not override them. Such interests include the sustainable, user-friendly, secure, and reliable exercise of our activities, ensuring information security, protection from misuse, enforcement of our own legal claims, and compliance with Swiss law.
  • Art. 6 para. 1 lit. c GDPR for the processing of personal data necessary to comply with a legal obligation to which we may be subject under the applicable laws of EEA member states.
  • Art. 6 para. 1 lit. e GDPR for the processing of personal data in the public interest.
  • Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6 para. 1 lit. d GDPR for the processing of personal data to protect the vital interests of the data subject or another natural person.
  • Art. 9 para. 2 GDPR for processing special categories of personal data, especially with the consent of the data subjects.

The GDPR refers to the processing of personal data as the processing of personal data and the processing of special categories of personal data as the processing of special categories of personal data (Art. 9 GDPR).

3. Type, Scope, and Purpose of Processing Personal Data

We process the personal data that is necessary to carry out our activities and services sustainably, user-friendly, securely, and reliably. Processed personal data may fall into categories such as browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and services, to the extent that such processing is legally permitted.

We process personal data as necessary with the consent of the data subjects. In many cases, we may process personal data without consent, such as to fulfill legal obligations or to safeguard overriding interests. We may also ask for consent if it is not required.

We process personal data for the duration necessary for each purpose. We anonymize or delete personal data, particularly in accordance with legal retention and limitation periods.

4. Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties are specialized service providers whose services we use.

We may disclose personal data, for example, to banks and other financial service providers, authorities, educational and research institutions, consultants and attorneys, representative organizations, IT service providers, partners, credit and creditworthiness agencies, logistics and shipping companies, marketing and advertising agencies, media, organizations, associations, social institutions, telecommunications companies, and insurers.

5. Communication

We process personal data in order to communicate with third parties. We specifically process data provided by an individual upon contacting us, for instance, via postal mail or email. Such data may be stored in an address book or similar tools.

Third parties that transmit data concerning other individuals are obligated to ensure data protection for these affected individuals. This includes ensuring the accuracy of the transmitted personal data.

We use selected services from appropriate providers to facilitate communication with third parties.

6. Applications

We process personal data concerning applicants, as necessary, to assess their suitability for employment or the later execution of an employment contract. The required personal data stems primarily from requested information, such as during a job listing. We may publish job listings using appropriate third parties, such as in electronic and print media or on job portals and job boards.

We also process any personal data voluntarily shared or published by applicants, particularly as part of cover letters, resumes, and other application documents as well as online profiles.

If and to the extent that the General Data Protection Regulation (GDPR) is applicable, we process personal data concerning applicants in accordance with Art. 9 para. 2 lit. b GDPR.

We use selected services from suitable third parties to advertise positions through e-recruitment and to manage applications.

7. Data Security

We implement appropriate technical and organizational measures to ensure data security commensurate with the respective risk. Our measures specifically ensure the confidentiality, availability, traceability, and integrity of processed personal data, although we cannot guarantee absolute data security.

Access to our website and other online presences is provided through transport encryption (SSL/TLS, particularly HTTPS). Most browsers issue warnings when visiting websites without transport encryption.

Our digital communication is subject to the mass surveillance of security authorities in Switzerland, Europe, the United States of America (USA), and other countries. We cannot directly influence how intelligence services, police, or other security authorities handle personal data. We also cannot rule out that an affected person may be specifically monitored.

8. Personal Data Abroad

We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries for processing.

We may export personal data to all countries on Earth and elsewhere in the universe if the respective legal framework ensures adequate data protection as determined by a decision of the Swiss Federal Council or – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – by a decision of the European Commission.

We may transfer personal data to countries that do not ensure adequate data protection if other safeguards are in place, such as standard contractual clauses or other appropriate guarantees. In exceptional cases, we may export personal data to countries without adequate protection if specific data protection conditions are met, such as the explicit consent of the data subject or a direct connection to the conclusion or execution of a contract. Upon request, we gladly provide information on any guarantees in place or provide copies of these guarantees to data subjects.

9. Rights of Data Subjects

9.1 Data Protection Claims

We grant data subjects all rights in accordance with applicable data protection law. Data subjects, in particular, have the following rights:

  • Access: Data subjects may request information as to whether we process personal data about them and, if so, what personal data is involved. Data subjects also receive information necessary to assert their data protection rights and to ensure transparency. This includes the processed personal data itself, but also details regarding the processing purpose, retention period, any disclosure or export of data to other countries, and the source of the personal data.
  • Correction and Restriction: Data subjects may have inaccurate personal data corrected, incomplete data completed, and their data processing restricted.
  • Deletion and Objection: Data subjects may request the deletion of personal data ("right to be forgotten") and object to the processing of their data with future effect.
  • Data Portability: Data subjects may request that personal data be released or transferred to another controller.

We may defer, restrict, or refuse the exercise of data subject rights as permitted by law. We may also inform data subjects of any conditions that must be met to exercise their data protection rights. For instance, we may refuse access based on confidentiality obligations, overriding interests, or the protection of others. We may also refuse deletion of personal data, especially if required by law.

We may charge fees for exercising rights in exceptional cases. We inform data subjects of any fees in advance.

We are required to take reasonable measures to identify data subjects who request information or assert other rights. Data subjects must cooperate in this process.

Data subjects have the right to assert their data protection claims in court or file a complaint with a data protection supervisory authority.

The supervisory authority for private controllers and federal agencies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities are organized as members of the European Data Protection Board (EDPB). In some EEA countries, supervisory authorities are federally structured, notably in Germany.

10. Website Use

10.1 Cookies

We may use cookies. Cookies – our own cookies (first-party cookies) as well as third-party cookies whose services we use (third-party cookies) – are data stored in the browser. Stored data is not limited to traditional cookies in text form.

Cookies can be stored temporarily in the browser as "session cookies" or for a specific duration as so-called persistent cookies. "Session cookies" are automatically deleted when the browser is closed. Persistent cookies have a set storage duration. Cookies, in particular, allow a browser to be recognized on a future visit to our website, for example, to measure the reach of our website. Persistent cookies can also be used for online marketing.

Cookies can be disabled or deleted at any time in the browser settings. Without cookies, our website may no longer be fully accessible. If necessary, we actively request consent to the use of cookies.

For cookies used for reach measurement or advertising, a general objection ("opt-out") can be made for many services through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

10.2 Logging

We may log the following data for each access to our website and other online presences, provided that such data is transmitted to our digital infrastructure: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed, including data volume transferred, and the last website visited in the same browser window (referrer).

We log such data, which may also constitute personal data, in log files. The data is necessary to provide our online presence sustainably, user-friendly, and reliably. The data is also necessary to ensure data security, whether by ourselves or by third parties.

10.3 Tracking Pixels

We may embed tracking pixels in our online presence. Tracking pixels, also known as web beacons, are usually small, invisible images or JavaScript scripts that are automatically retrieved when accessing our online presence. With tracking pixels, at least the same data as in log files can be collected.

11. Notifications and Messages

11.1 Success and Reach Measurement

Notifications and messages may contain web links or tracking pixels that capture whether a particular message was opened and which links were clicked. Such links and tracking pixels can capture the use of notifications and messages on a personal basis. This statistical measurement of usage is necessary for success and reach measurement to send notifications and messages effectively and sustainably based on recipients' needs and reading habits.

Generally, you must consent to the use of your email address and other contact information unless otherwise permitted by law. We may use a double opt-in procedure to obtain confirmation, in which case you will receive instructions for double confirmation. We may record obtained consent, including IP address and timestamp for evidence and security purposes.

Generally, you may object at any time to receiving notifications and messages, such as newsletters. By objecting, you can also opt out of statistical measurement of success and reach. Necessary notifications and messages related to our activities remain unaffected.

11.3 Providers for Notifications and Messages

We send notifications and messages using specialized service providers.

We specifically use:

12. Social Media

We are present on social media and other online platforms to communicate with interested individuals and inform them about our activities. Personal data may be processed outside Switzerland and the EEA in connection with such platforms.

Each platform’s terms and privacy policies apply, which include the data subject’s rights with the respective platform, such as the right to access.

For our social media presence on Facebook, including so-called page insights, we are jointly responsible with Meta Platforms Ireland Limited (Ireland) – if and to the extent GDPR applies. Meta Platforms Ireland Limited is part of the Meta group of companies (including in the USA). Page insights provide insights on how visitors interact with our Facebook presence. We use page insights to offer our Facebook social media presence effectively and sustainably.

Further information on the type, scope, and purpose of data processing, information on data subjects' rights, and the contact information of Facebook and Facebook’s data protection officer can be found in the Facebook Privacy Policy. We have entered into the so-called "Controller Addendum" with Facebook, agreeing that Facebook is responsible for data subjects’ rights. Information on page insights is available at "Information about Page Insights" and "Information about Page Insights Data".

13. Services from Third Parties

We use services from specialized third parties to provide our activities and services sustainably, user-friendly, securely, and reliably. These services allow us to embed functions and content on our website. To do so, third parties may temporarily collect users' IP addresses for technical reasons.

For essential security, statistical, and technical purposes, third parties may process aggregated, anonymized, or pseudonymized data in connection with our activities. This may include performance or usage data to provide the respective service.

We specifically use:

13.1 Digital Infrastructure

We use services from specialized third parties to provide necessary digital infrastructure for our activities. These include hosting and storage services from selected providers.

13.2 Automation and Integration of Apps and Services

We use specialized platforms to integrate and connect third-party apps and services. We can also automate processes and workflows with these “no-code” platforms.

We specifically use:

  • Zapier: Automation and integration of apps and services; Provider: Zapier Inc. (USA); Privacy information: Privacy Policy.

13.3 Audio and Video Conferences

We use specialized services for audio and video conferences to communicate online. For participation, the privacy policies and terms of the individual services apply.

We specifically use:

13.4 Online Collaboration

We use third-party services to enable online collaboration. These services’ terms, such as privacy policies, apply in addition to this privacy policy.

We specifically use:

13.5 Maps

We use third-party services to embed maps on our website.

We specifically use:

13.6 Digital Content

We use services from specialized third parties to embed digital content on our website, including images, video material, music, and podcasts.

We specifically use:

13.7 Fonts

We use services from third parties to embed selected fonts and icons, logos, and symbols on our website.

We specifically use:

  • Adobe Fonts: Fonts; Providers: Adobe Inc. (USA) for users in North America / Adobe Systems Software Ireland Limited (Ireland) for users elsewhere; Privacy information: Adobe Privacy Center.

13.8 E-Commerce

We operate e-commerce and use third-party services to offer services, content, or products effectively.

13.9 Payments

We use specialized providers to process payments securely and reliably. The terms, such as terms of service or privacy policies, of each provider apply in addition.

We specifically use:

13.10 Advertising

We use third-party advertising to display ads for our activities and services, such as on social media and search engines.

We specifically use:

14. Website Extensions

We use extensions to add features to our website. We may use selected services from appropriate providers or such extensions on our digital infrastructure.

We specifically use:

  • Google reCAPTCHA: Spam protection (distinguishing desired human content from unwanted bot content and spam); Provider: Google; reCAPTCHA-specific information: What is reCAPTCHA?.

15. Success and Reach Measurement

We try to measure the success and reach of our activities. In this context, we may also measure the effectiveness of references from third parties or test how various parts or versions of our online offer are used (“A/B test” method). Based on the results, we can fix issues, strengthen popular content, or make improvements.

In most cases, IP addresses of individual users are recorded. IP addresses are generally truncated (“IP masking”) to comply with data minimization principles.

Success and reach measurement may involve cookies and user profiles. Profiles may include individual visited pages or viewed content on our website, screen size, or browser window dimensions, and at least approximate location. Generally, created profiles are only pseudonymized and not used to identify individual users. Third-party services where users are logged in may assign the use of our online offerings to the user’s account or profile on the service.

We specifically use:

16. Final Notes on this Privacy Policy

This privacy policy was created using the Privacy Policy Generator from Datenschutzpartner. The present privacy policy is an unofficial translation from the original German version.

We may update this privacy policy at any time. We inform users of updates in a suitable manner, particularly by publishing the current privacy policy on our website.