data protection law
Brigels Resort AG manages the Pradas Resort and operates the website www.pradasresort.ch and is therefore responsible for the collection, processing and use of your personal data and the compatibility of data processing with the applicable data protection law.
Your trust is important to us, which is why we take the subject of data protection seriously and pay close attention to taking appropriate security measures. Of course, we comply with the legal provisions of the Federal Data Protection Act (DSG), the Ordinance to the Federal Data Protection Act (VDSG), the Telecommunications Act (FMG) and other applicable data protection provisions of Swiss or EU law, in particular the General Data Protection Regulation (GDPR).
In order for you to know what personal data we collect from you and for what purposes we use it, please take note of the information below.
A. Data processing in connection with our website
1. Visiting our website
When visiting our website, our servers temporarily store every access in a log file. As with any connection to a web server, the following technical data is recorded without your intervention and stored by us after 38 months at the latest until it is automatically deleted:
- IP address of the requesting computer,
- the name of the owner of the IP address range (usually your Internet access provider),
- the date and time of access,
- the website from which the access was made (referrer URL), if applicable with the search term used,
- name and URL of the retrieved file,
- the status code (for example, error message),
- the operating system of your computer,
- the browser you are using (type, version and language),
- the transmission protocol used (e.g. HTTP/1.1) and
- if necessary your username from registration/authentication.
This data is collected and processed for the purpose of enabling the use of our websites (connection establishment), to permanently guarantee system security and stability and to enable the optimisation of our Internet offer as well as for internal statistical purposes. This is our legitimate interest in data processing within the meaning of Art. 6 para. 1 (f) GDPR.
The IP address is also evaluated together with the other data in the event of attacks on the network infrastructure or other unauthorised or abusive use of the website for explanatory and defensive purposes and may be used in the course of criminal proceedings to identify and prosecute the users concerned under civil and criminal law. This is our legitimate interest in data processing within the meaning of Art. 6 para. 1 (f) GDPR.
2. Use of our enquiry form
You have the possibility to use an enquiry form to request a personal quote. For this we absolutely need the following information:
- First and last name
- Street, postcode, city, country
- Phone number
- Email address
- Arrival and departure date
- Number of adults and children
- Number of apartments and type of apartment
We use this data only to be able to answer your contact enquiry in the best possible and personalised way. In addition, you can voluntarily provide further data (desired special offer, comments). The processing of this data is therefore required within the meaning of Art. 6 para. 1 (b) GDPR for the implementation of pre-contractual measures or is in our legitimate interest pursuant to Art. 6 para. 1 (f) GDPR.
3. Subscribing to our newsletter
On our website you have the possibility to subscribe to the Pradas Resort newsletter. This requires registration. The following data must be provided during registration:
- First and last name
- Email address
These details serve to personalise the newsletter and so that we can send you offers, news and information by email.
By registering, you give us your consent to the processing of the data provided for the regular dispatch of the newsletter to the address you have provided and for the statistical evaluation of usage behaviour and optimisation of the newsletter. This consent constitutes, within the meaning of Art. 6 para. 1 (a) of the GDPR, our legal basis for processing your email address. We are entitled to commission third parties with the technical handling of advertising measures and are entitled to pass on your data for this purpose (cf. below no. 13).
a. Double Opt-In and Logging
Subscription to our newsletter takes place using a process known as double opt-in. This means that upon registration, you will receive an email requesting confirmation of the subscription. The confirmation is required to ensure that no one else subscribes using another person's email address.
A record of subscriptions to the newsletter is kept to fulfil the legal requirements for recording the subscription process. The record contains the time of subscription and confirmation as well as the relevant IP address. Changes to your data stored with MailChimp are also logged.
b. Use of the MailChimp distribution service
The newsletter is sent via "MailChimp", a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, US.
The email addresses of our newsletter recipients, as well as their further data described in the context of these notes, are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, MailChimp can use this data along with its own information to optimise or improve its own services, e.g. to technically optimise the sending and presentation of the newsletter or for business purposes, in order to determine from which countries the recipients originate. However, the service does not use the data of our newsletter recipients to approach recipients directly, nor do they pass the information on to third parties.
c. Statistical surveys and analyses
The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file, which is retrieved from MailChimp's server when opening the newsletter. As part of this access attempt, technical information such as your browser and operating system, as well as your IP address and the time of the download, are collected. This information is used for technical improvement of the service using technical data or of target group data and their reading behaviour using their download locations (identifiable through IP addresses), or download times.
Statistical data collection also includes a determination of whether the newsletters are opened, when they are opened and which links are clicked on. For technical reasons, this information can be assigned to the individual newsletter recipients. However, we and MailChimp are not interested in monitoring individual users. Data analysis is more importantly used to recognise patterns in the reading behaviour of our users, and to adapt contents accordingly or send different content according to the interests of our users.
d. Online access and data management
You can cancel your subscription to our newsletter at any time, i.e. revoke your consent. At the same time your consent to the newsletter's dispatch via MailChimp, your personal data and the statistical analyses expires. A separate cancellation of either the dispatch via MailChimp or the statistical evaluation is unfortunately not possible. Further processing will only take place in anonymous form to optimise our newsletter.
4. Booking on the website, by correspondence or by telephone call
If you make bookings either via our website, by correspondence (email or letter) or by telephone call, we require the following data to process the contract:
- Arrival date
- Departure date
- Type of apartment or offer
- First and last name
- Email address
We will only use this data and other information you voluntarily provide (e.g. title, street, postcode, city, country, telephone, fax, comments such as expected time of arrival and wishes/preferences) to process the contract, unless otherwise stated in this data protection declaration or unless you have given your separate consent. We will process the data in order to record your booking as requested, to make the booked services available, to contact you in case of ambiguities or problems and to ensure correct payment.
The legal basis of data processing for this purpose is the performance of a contract pursuant to Art. 6 para. 1 (b) of the GDPR.
5. Customer account
After the booking, the guests receive the confirmation number for access to the individual guest website (online guest folder, guest invoice, recorded guest data). Guests can change the following data:
- First and last name
- Postal address
- Telephone number / mobile phone number
- Email address
It is possible to open a customer account. When registering for a customer account, we collect the following mandatory data:
- Email address
The collection of this and other data you voluntarily provide (e.g. company name) is for the purpose of providing you with password-protected direct access to your basic data stored by us. You can view your previous and current bookings or manage or change your personal data there.
The legal basis of the processing of the data for this purpose is the consent given by you pursuant to Art. 6 para. 1 (a) GDPR.
Cookies help in many ways to make your visit to our website easier, more pleasant and more meaningful. Cookies are information files which your web browser automatically stores on your computer’s hard disc when you visit our website.
Most internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer, or a message always appears before a new cookie is created. On the following pages you will find explanations on how you can configure the processing of cookies with the most common browsers:
- Microsoft's Windows Internet Explorer
- Microsoft's Windows Internet Explorer Mobile
- Mozilla Firefox
- Google Chrome for Desktop
- Google Chrome for Mobile
- Apple Safari for Desktop
- Apple Safari for Mobile
Disabling cookies may prevent you from using all the features of our website.
7. Tracking Tools
We use the web analysis service of Google Analytics for the purpose of demand-oriented design and continuous optimisation of our website. In this context, pseudonymous user profiles are created and small text files stored on your computer ("cookies") are used. The information generated by the cookie about your use of this website is transmitted to the servers of the providers of these services, stored there and processed for us. In addition to the details set out under no. 1, we may receive the following information:
- Navigation path that a visitor takes on the site,
- Duration of stay on the website or subpage,
- The subpage on which the website is left,
- The country, region or city from which it is accessed,
- Terminal (type, version, colour depth, resolution, width and height of the browser window) and
- Returning or new visitor.
The information is used to evaluate the use of the website, to compile reports regarding website activity and to provide other services related to website activity and Internet usage for the purposes of market research and needs-based design of these websites. This information may also be transferred to third parties, provided this is legally required, or to the extent that such third parties are commissioned to process the information.
You can prevent the data that is generated by cookies about your use of the website from being passed on to Google, and the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
Alternatively, you can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set that prevents your data from being collected on future visits to this site: to disable Google Analytics.
Google Tag Manager
Google (Invisible) reCAPTCHA
CDN - Content Delivery Networks (e.g. Google Web Fonts)
8. Social Plugins
Social plugins are used on our websites.
You can recognise the plugins by the fact that they are marked with the corresponding logo. These plugins may be used to send information to the service provider for its use. Said information may possibly include personal data. We prevent the unconscious and unintentional collection and transmission of data to the service provider by merely linking to the corresponding services via the buttons on our website. We do not collect any personal data ourselves using the social plugins or about how they are used.
We have no influence on which data an activated plugin collects and how it is used by the provider. Currently, one must assume that direct connections are established to the services of the respective provider and your IP address and specific usage information will be recorded and used. Service providers may also try to save cookies on the computer used. Please refer to the data protection information of the respective service provider to find out which specific data is collected and how it is used. NB: If you are logged in to Facebook when you visit our site, Facebook can identify you as a visitor to a particular site.
We have included social media buttons from the following companies on our site:
- Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA
- Facebook Inc, 1601 Willow Road Menlo Park, CA 94025, USA
- Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA
9. Other Third-Party Tools
Our website uses functions, widgets or plugins from
- Holidaycheck (Icon): HolidayCheck AG, Bahnweg 8, 8598 Bottighofen, CH
- Tripadvisor (Icon): TripAdvisor LLC, 400 1st Avenue, Needham, MA 02494, USA
- TrustYou (Valuation widget): TrustYou Europe HQ, 80992 Munich, DE
- Walls.io (Social media widget): Social Software Development GmbH, Andreasgasse 6, Top 1, 1070 Vienna, AT
The IP address is transmitted to these third-party tools to ensure their functionality. We have no influence on whether the third party providers store the IP address for statistical purposes or similar. You can find more information on this in the data protection declarations of the respective services.
B. Data processing in connection with your stay
10. Data processing for the fulfilment of legal reporting obligations
The reporting obligation is regulated in the Hospitality Act for the Canton of Grisons (GWG, BR 945.100). According to Article 11, the government regulates the reporting obligation. Details are set out in the implementation provisions of the Federal Law on the Hospitality Industry (BR 945.110). As of January 1, 2015, only foreign persons or guests are required to register.
The completed registration forms must be kept by the proprietor for one year from the date of departure or the last entry. Where we are required to do so by applicable regulations, we will forward this information to the appropriate police authority.
We have a legitimate interest in the fulfilment of the legal requirements within the meaning of Art. 6 para. 1 (f) GDPR.
11. Recording of purchased services
If you receive additional services during your stay (e.g. massages, ski passes, bread roll service), we will record the subject matter of the service and the time when you receive it for billing purposes. The processing of this data is required within the meaning of Art. 6 para. 1 (b) GDPR for processing the contract with us.
C. Storage and exchange of data with third parties
12. Booking platforms
Finally, we may be informed by the platform operators of any disputes in connection with a booking. We may also receive information about the booking process, which may include a copy of the booking confirmation as proof of the actual booking completion. We process this data to protect and enforce our claims. This is our legitimate interest within the meaning of Art. 6 para. 1 (f) GDPR.
Please also note the information on data protection of the respective provider.
13. Central storage and linking of data
We store the data specified in nos. 2-5 and 8-10 in a central electronic data processing system. The data concerning you is systematically recorded and linked in order to process your bookings and the contractual services. For this we use software from REBAGDATA AG, Einsiedlerstrasse 533, P.O. Box 426, 8810 Horgen, Switzerland. The processing of this data within the framework of the software is based on our legitimate interest within the meaning of Art. 6 Para. 1 (f) GDPR in customer-friendly and efficient customer data management.
14. Storage period
We only store personal data for as long as it is necessary for using the tracking services mentioned above and the further processing within the scope of our legitimate interest. We keep contractual data for a longer period of time, as this is prescribed by legal storage obligations. Storage obligations, which oblige us to store data, result from regulations concerning the right to report, accounting and tax law. According to these regulations, business communications, contracts concluded and accounting records must be kept for up to 10 years. If we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.
15. Data transfer to third parties.
We only pass on your personal data if you have expressly consented, if there is a legal obligation or if this is necessary for the enforcement of our rights, in particular for the enforcement of claims arising from the contractual relationship. Furthermore, we pass on your data to third parties as far as this is necessary in the context of the use of the website and the contract processing (also outside the website), namely the processing of your bookings.
A service provider to whom the personal data collected via the website is passed on or who has or can have access to it is our web hoster Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The website is hosted on servers in Germany. The data is passed on for the purpose of providing and maintaining the functionalities of our website. This is our legitimate interest within the meaning of Art. 6 para. 1 (f) GDPR.
Finally, we will forward your credit card information to your credit card issuer and acquirer when payment is made by credit card on the website. If you decide to pay by credit card, you will be asked to enter all necessary information. The legal basis for the transfer of the data lies in the fulfilment of a contract in accordance with Art. 6 Para. 1 (b) of the GDPR. Concerning the processing of your credit card information by these third parties, we ask you to also read the General Terms and Conditions and the data protection declaration of your credit card issuer.
Furthermore, with regard to the passing on of data to third parties, please also observe the notices in nos. 7-8 and 10-11.
16. Transmission of personal data abroad
We are entitled to transfer your personal data to third parties (commissioned service providers) abroad for the purpose of the data processing described in this data protection declaration. These are obliged to the same extent as we ourselves to data protection. If the level of data protection in a country does not correspond to that in Switzerland or Europe, we contractually ensure that the protection of your personal data corresponds at all times to that in Switzerland or the EU.
D. Additional information
17. Right of information, rectification, erasure and restriction of processing; right to data portability
You have the right, upon request and free of charge, to receive information about the personal data that we store about you. In addition, you have the right to correct incorrect data and to have your personal data deleted, insofar as this does not conflict with any legal obligation to retain data or an event of authorisation which allows us to process the data.
You also have the right to reclaim from us the data that you have provided to us (right of data portability). Upon request, we will also pass the data on to a third party of your choice. You have the right to receive the data in a common file format.
You can contact us for the above-mentioned purposes by email at firstname.lastname@example.org We may, at our sole discretion, require proof of identity to process your requests.
18. Data security
We use appropriate technical and organisational security measures to protect your stored personal data against manipulation, partial or complete loss, as well as against unauthorised access by third parties. Our security procedures are continually enhanced as new technology develops.
You should keep your access data confidential and close the browser window when you have finished your session, especially if your computer is also used by other people.
We also take internal company data protection very seriously. Our employees and the service providers appointed by us are subject to a confidentiality obligation and must comply with data protection regulations.
19. Note on data transmission to the USA
For the sake of completeness, we would like to point out that in the USA, the surveillance measures of US authorities allow the general storage of all personal data of all persons whose data has been transmitted from Switzerland to the USA. This is done without differentiation, restriction or exception with respect to the aim pursued and without an objective criterion that would make it possible to restrict the US authorities' access to data and its subsequent use to very specific, strictly limited purposes which justify the interference associated with both access to, and use, of such data. Furthermore, we would like to point out that, in the USA, there are no legal remedies available to data subjects that would allow them to gain access to the data concerning them and to obtain its correction or deletion, and that there is no effective legal protection against general access rights by US authorities. We explicitly point out this legal and factual situation to the data subject in order to make an appropriately informed decision to consent to the use of their data.
20. The right of appeal to a data protection supervisory authority
You have the right to complain at any time to a data protection supervisory authority.
Version dated: 29.8.2018