Privacy Policy

Table of Contents

1. Controller And Content Of This Privacy Policy

We, Glacier AG, Grindelhomes AG, and Grindellodge AG, Endweg 55, Grindelwald, Switzerland, are the operators of Boutique Hotel & Restaurant Glacier (Hotel), Grindelhomes (Holiday Apartments), Grindellodge (Bed & Breakfast), and the website www.hotel-glacier.ch, and unless otherwise stated in this privacy policy, we are responsible for the data processing described in this privacy policy.

Please take note of the information below to understand what personal data we collect from you and for what purposes we use it. When it comes to data protection, we primarily adhere to the legal requirements of Swiss data protection law, in particular the Federal Act on Data Protection (FADP), as well as the EU General Data Protection Regulation (GDPR), which may be applicable in individual cases.

Please note that the following information may be reviewed and amended from time to time. Therefore, we recommend regularly checking this privacy policy for any updates. Furthermore, for individual data processing listed below, other companies may be responsible under data protection law or jointly responsible with us, so in these cases, the information provided by those companies is also relevant.

2. Contact Person For Data Protection

If you have any questions regarding data protection or wish to exercise your rights, please contact our Data Protection Officer by emailing: privacy@hotel-glacier.ch.

For inquiries related to the EU, you can reach our EU Data Protection Representative at:

Hotel Restaurant Glacier AG
Endweg 55, Grindelwald, Switzerland
privacy@hotel-glacier.ch

privacy@hotel-glacier.ch

3. Scope And Purpose Of The Collection, Processing, And Use Of Personal Data

Data Processing when contacting us

If you contact us through our contact addresses and channels (e.g., by e-mail, phone, contact form, or chat), your personal data will be processed. We process the data you provide, such as your name, email address, phone number, and your request. Additionally, the time of receipt of the request will be documented. Mandatory fields in contact forms are marked with an asterisk (*). We process this data to address your inquiry (e.g., providing information about our Hotel, assisting with contract processing such as booking questions, incorporating your feedback to improve our services, etc.).

For handling contact requests through a contact form, we use a software application provided by Hotel & Restaurant Glacier AG, Endweg 55, Grindelwald, Switzerland. Therefore, your data may be stored in a database of Hotel & Restaurant Glacier AG, which may allow Hotel & Restaurant Glacier AG to access your data if necessary for providing and supporting the software. Information about data processing by third parties and any transfers abroad can be found in Section 5 of this Privacy Policy.

The legal basis for this data processing is our legitimate interest under Article 6(1)(f) of the GDPR in addressing your request, or, if your request is aimed at the conclusion or performance of a contract, the implementation of necessary measures within the meaning of Article 6(1)(b) of the GDPR.

Hotel & Restaurant Glacier AG may also wish to use some of this data for its own purposes (e.g., delivering marketing emails or conducting statistical analysis). For these data processing operations, Hotel & Restaurant Glacier AG is the controller and must ensure compliance with data protection laws. Information about data processing by Hotel & Restaurant Glacier AG can be found at https://www.hotel-glacier.ch/terms-conditions/.

Data Processing for Customer Account Registration

If you create a customer account on our website, we collect the following data, with mandatory fields in the corresponding form marked with an asterisk (*):

  • Personal information: Salutation, Surname, First name, Billing and, if applicable, Delivery address, Date of birth, Company name, Company address, and UID for corporate customers
  • Login data: Email address, Password
  • Other information: Language, Gender
 

We use your personal data to verify your identity and confirm the requirements for registration. Your email address and password together serve as login credentials to ensure that the correct person accesses the website based on the provided details. We also use your email address to verify and confirm the creation of your account and for future communication, which is necessary for executing the contract. Additionally, this data is stored in the customer account for future bookings or contract agreements. We also allow you to store additional information in the account (e.g., your preferred payment method).

This data helps provide an overview of your bookings and related services (please see Section 4) and facilitates the management of your personal data. It is used to administer our website and contractual relationships, including establishing, defining the content of, processing, and amending the contracts concluded with you through your customer account (e.g., related to your bookings with us).

The language and gender information is processed to display personalized offers on the website based on your profile and needs, conduct statistical analysis of selected offers, and optimize our recommendations and offers.

The legal basis for this data processing is your consent under Article 6(1)(a) of the GDPR. You can withdraw your consent at any time by removing the information from your customer account, deleting the account, or requesting deletion by notifying us.

To prevent misuse, please keep your login data confidential, log out after each session, and clear your browsing history, especially when using a shared device.

Data Processing for Orders placed on our Online Shop

On our website, you can order products, services, and vouchers. For this purpose, we collect the following data. Mandatory fields during the ordering process are marked with an asterisk (*):

  • Salutation
  • First name
  • Last name
  • Billing and delivery address
  • Phone number
  • Email
  • Payment method
  • Shipping method
  • Marketing email subscription details
  • Confirmation of the accuracy of provided information
  • Confirmation of acceptance of the terms and conditions and privacy policy
 

We use this data to verify your identity before concluding a contract. We need your email address to confirm your order and for future communication necessary for the execution of the contract. We store your data along with relevant order details (e.g., designation, price, and characteristics of the ordered products), payment information (e.g., selected payment method, payment confirmation, and time of payment; see also Section 3.7.2), and information regarding the execution and performance of the contract (e.g., receipt and handling of complaints) in our CRM database (see Section 4) to ensure correct order processing and contract performance.

The legal basis for this data processing is the performance of a contract with you under Article 6(1)(b) of the GDPR.

Provision of data not marked as mandatory is voluntary. We process this data to tailor our offerings to your needs, facilitate contract execution, contact you through alternative means if necessary for contract performance, or for statistical analysis to optimize our offerings.

The legal basis for this data processing is your consent under Article 6(1)(a) of the GDPR. You can withdraw your consent at any time by notifying us.

To operate the online shop, we use software provided by Simplebooking, Via Lucca, 52-50142 Florence, Italy. Your data may be stored in a database of Simplebooking, which may allow Simplebooking to access your data if necessary for providing and supporting the software. Information about data processing by third parties and any potential transfer abroad can be found in Section 5 of this Privacy Policy.

The legal basis for this data processing is the performance of a contract with you under Article 6(1)(b) of the GDPR.

Hotel & Restaurant Glacier AG may use some of this data for its own purposes (e.g., sending marketing emails or conducting statistical analysis). For these data processing activities, Simplebooking is the controller and must ensure compliance with data protection laws. Information about data processing by Simplebooking can be found at Simplebooking Privacy Policy.

Data Processing during Bookings

1. Booking through our website

On our website, you can book an overnight stay. For this purpose, we collect the following data. Mandatory fields during the booking process are marked with an asterisk (*):

  • Salutation
  • First name
  • Last name
  • Billing address
  • Date of birth
  • Company, company address, and UID for corporate customers
  • Phone number
  • Email address
  • Payment method
  • Booking details
  • Comments
  • Confirmation of the accuracy of provided information
  • Confirmation of acceptance of the terms and conditions and privacy policy
 

We use this data to establish your identity before entering into a contract. We need your email address to confirm your booking and for future communication necessary for the execution of the contract. We store your data along with relevant booking details (e.g., room category, duration of stay, and characteristics of the services), payment information (e.g., selected payment method, payment confirmation, and time of payment; see also Section 3.7.2), and information regarding the execution and performance of the contract (e.g., receipt and handling of complaints) in our CRM database (see Section 4) to ensure correct booking processing and contract performance.

To the extent necessary for contract performance, we may also disclose the required information to third-party service providers (e.g., organizers or transport companies).

The legal basis for this data processing is the performance of a contract with you under Article 6(1)(b) of the GDPR.

Provision of data not marked as mandatory is voluntary. We process this data to tailor our offerings to your personal needs, facilitate contract execution, contact you through alternative means if necessary for contract performance, or for statistical analysis to optimize our offerings.

The legal basis for this data processing is your consent under Article 6(1)(a) of the GDPR. You can withdraw your consent at any time by notifying us.

To process bookings through our website, we use software provided by MEWS, TNW City, Singel 542, 1017 AZ Amsterdam, Netherlands. Your data may be stored in a database of MEWS, which may allow MEWS to access your data if necessary for providing and supporting the software. Information about data processing by third parties and any potential transfer abroad can be found in Section 5 of this Privacy Policy.

The legal basis for this data processing is the performance of a contract with you under Article 6(1)(b) of the GDPR.

There is a possibility that MEWS may use some of this data for its own purposes (e.g., sending marketing emails or conducting statistical analysis). For these data processing activities, MEWS is the controller and must ensure compliance with data protection laws. Information about data processing by MEWS can be found at MEWS Privacy Policy.

2. Booking through a booking Platform

If you make bookings through a third-party platform (e.g., ExploreTock, Michelin, Booking.com, Escapio, Expedia, HolidayCheck, HotelTonight, HRS, Kayak, Mr. & Mrs. Smith, Splendia, Tablet Hotels, TripAdvisor, Trivago, Weekend4Two, etc.), we receive various personal data related to the booking from the respective platform operator. This data usually includes the information listed in Section 3.7.2 of this Privacy Policy. Additionally, any inquiries regarding your booking may be forwarded to us. We will process this data to accurately record your booking and provide the booked services as requested.

The legal basis for this data processing is the implementation of pre-contractual measures and the performance of a contract under Article 6(1)(b) of the GDPR.

We may also exchange personal data with platform operators in connection with disputes or complaints related to a booking, to the extent necessary to protect our legitimate interests. This may include data related to the booking process on the platform, or data regarding the booking, provision of services, and your stay with us.

Your data is stored in the databases of the platform operators, which allows them to access your data. Information regarding data processing by third parties and any potential transfer abroad can be found in Section 5 of this Privacy Policy.

The legal basis for this data processing is our legitimate interest under Article 6(1)(f) of the GDPR.

Data Processing when Reserving a Table

On our website, you can make a table reservation at a restaurant listed on our site. For this purpose, we collect – depending on the specific offering – the following data. Mandatory fields for reservations via the website are marked with an asterisk (*):

  • First name
  • Last name
  • Number of guests
  • Email address
  • Phone number
  • Menu or offer type
  • Comment
  • Date and time of the reservation
  • Allergies

We collect and process this data to handle your reservation, specifically to process your reservation request according to your preferences and to contact you in case of any uncertainties or issues. We store your data along with relevant reservation details (e.g., date and time of the request), reservation information (e.g., assigned table), and information regarding the execution and performance of the contract (e.g., receipt and handling of complaints) in our CRM database (see Section 4) to ensure accurate reservation processing and contract performance.

To process table reservations, we use a software application provided by Tock, Chicago, 406 N Sangamon St #2, United States. Therefore, your data may be stored in Tock’s database, which may allow Tock to access your data if necessary for providing and supporting the software. Information about data processing by third parties and any potential transfer abroad can be found in Section 5 of this Privacy Policy.

The legal basis for this data processing is the performance of a contract with you under Article 6(1)(b) of the GDPR.

There is a possibility that Tock may use some of this data for its own purposes (e.g., sending marketing emails or conducting statistical analysis). For these data processing activities, Tock is the controller and must ensure compliance with data protection laws. Information about data processing by Tock can be found at Tock Privacy Policy.

Data Processing during Payment Processing

1. Payment Processing at the Hotel

When you purchase products, receive services, or make payments for your stay at our hotel using electronic payment methods, the processing of personal data is required. By using the payment terminals, you transmit information stored in your payment instrument, such as the cardholder’s name and card number, to the respective payment service providers (e.g., payment solution providers, credit card issuers, and credit card acquirers). They also receive information that the payment instrument was used at our hotel, including the transaction amount and time. In return, we receive only the credit for the amount of the completed payment, which we can associate with the respective receipt number, or we receive information if the transaction was not possible or was canceled. Always consider the information provided by the respective company, especially their privacy policy and terms and conditions.

For processing payments through the contact form, we use a software application provided by Datatrans AG, Kreuzbühlstrasse 26, 8008 Zürich, Switzerland. Therefore, your data may be stored in Datatrans AG’s database, which may allow Datatrans AG to access your data if necessary for providing and supporting the software. Information about data processing by third parties and any transfers abroad can be found in Section 5 of this Privacy Policy.

The legal basis for this data processing is the performance of a contract with you under Article 6(1)(b) of the GDPR.

Datatrans AG may use some of this data for its own purposes (e.g., sending marketing emails or conducting statistical analysis). For these data processing activities, Datatrans AG is the controller and must ensure compliance with data protection laws. Information about data processing by Datatrans AG can be found at Datatrans Privacy Policy.

2. Online Payment Processing

If you make chargeable bookings, order services, or purchase products on our website, you may need to provide additional details such as credit card information or login credentials for your payment service provider, depending on the product, service, and preferred payment method. This information, as well as the fact that you have purchased a service from us, will be forwarded to the respective payment service providers (e.g., payment solution providers, credit card issuers, or credit card acquirers). Please review the information provided by the respective company, particularly their privacy policy and general terms and conditions.

The legal basis for this data processing is the performance of a contract under Article 6(1)(b) of the GDPR.

We reserve the right to retain a copy of the credit card information as a security measure. To avoid payment defaults, it may also be necessary to transmit the required data, including your personal data, to a credit agency for an automated assessment of your creditworthiness. The credit agency may assign a score value to you, which is an estimate of the future risk of payment default based on mathematical-statistical methods and data from other sources. Based on the information received, we may decide not to offer you the “invoice” payment method.

The legal basis for this data processing is our legitimate interest under Article 6(1)(f) of the GDPR in the prevention of payment defaults.

For credit checks through the contact form, we use a software application provided by Hotel & Restaurant Glacier AG, Endweg 55, Grindelwald, Switzerland. Therefore, your data may be stored in Hotel & Restaurant Glacier AG’s database, which may allow Hotel & Restaurant Glacier AG to access your data if necessary for providing and supporting the software. Information about data processing by third parties and any transfers abroad can be found in Section 5 of this Privacy Policy.

The legal basis for this data processing is our legitimate interest under Article 6(1)(f) of the GDPR in the prevention of payment defaults.

Hotel & Restaurant Glacier AG may use some of this data for its own purposes (e.g., sending marketing emails or conducting statistical analysis). For these data processing activities, Hotel & Restaurant Glacier AG is the controller and must ensure compliance with data protection laws. Information about data processing by Hotel & Restaurant Glacier AG can be found at Hotel & Restaurant Glacier Privacy Policy.

Data Processing related to the recording and Invoicing of rendered Services

If you receive services during your stay (e.g., additional nights, wellness, restaurant services, activities), we will collect and process booking data (e.g., time of booking, comments) as well as data related to the services provided (e.g., nature of the service, price, time of service receipt). This is done for the purpose of handling the service, as described in Sections 3.5 and 3.6.

Legal Basis: The legal basis for this data processing is the performance of a contract under Article 6(1)(b) of the GDPR.

Data Processing related to Email Marketing

If you register for our marketing emails (e.g., when registering, within your customer account, or as part of an order, booking, or reservation), we collect the following data. Mandatory fields are marked with an asterisk (*):

  • Email address
  • Salutation
  • First and last name
 

To prevent misuse and ensure that the owner of an email address has genuinely given consent to receive marketing emails, we use a double opt-in process during registration. After submitting your registration, you will receive an email containing a confirmation link. To finalize your registration, you must click this link. If you do not confirm your email address by clicking the confirmation link within the specified timeframe, your data will be deleted, and no marketing emails will be sent to that address.

By registering, you consent to the processing of this data to receive marketing emails from us about our hotel and related products and services. These emails may also include invitations to participate in contests, provide feedback, or rate our products and services. Collecting the salutation, first, and last name helps us associate the registration with any existing customer account and personalize the content of the marketing emails. Linking to a customer account allows us to make the offers and content in the marketing emails more relevant and tailored to your needs.

We will use your data to send marketing emails until you withdraw your consent. You can withdraw your consent at any time, particularly by using the unsubscribe link included in all marketing emails.

Our marketing emails may contain a web beacon (1×1 pixel), or similar tracking tools. A web beacon is an invisible graphic linked to the user ID of the subscriber. For each email sent, we receive information about delivery success, undelivered emails, open rates, time spent viewing, and which links were clicked. This data helps us optimize the frequency, timing, structure, and content of our emails to better match recipients’ interests.

The web beacon is deleted when you delete the marketing email. You can prevent the use of web beacons by adjusting your email program settings to not display HTML messages. For information on configuring this setting, refer to your email software’s help documentation, e.g., for Microsoft Outlook.

By subscribing to marketing emails, you also consent to the statistical analysis of user behavior for optimizing and customizing our marketing communications.

We use MailChimp, a service provided by Intuit Inc., 2632 Marine Way, Mountain View, CA 94043, USA, to manage and send our newsletters. The data required for emailing will be sent to Intuit’s servers in the United States and stored there. Further information about MailChimp’s data protection practices can be found at MailChimp Privacy Policy.

For sending marketing emails, we also use a software application provided by Hotel & Restaurant Glacier AG, Endweg 55, Grindelwald, Switzerland. Therefore, your data may be stored in a database of Hotel & Restaurant Glacier AG, which may allow Hotel & Restaurant Glacier AG to access your data if necessary for providing and supporting the software. Information about data processing by third parties and any transfers abroad can be found in Section 5 of this Privacy Policy.

Legal Basis: The legal basis for this data processing is your consent under Article 6(1)(a) of the GDPR. You can withdraw your consent at any time.

There is a possibility that Hotel & Restaurant Glacier AG may use some of this data for its own purposes (e.g., sending marketing emails or conducting statistical analysis). For these data processing activities, Hotel & Restaurant Glacier AG is the controller and must ensure compliance with data protection laws. Information about data processing by Hotel & Restaurant Glacier AG can be found at Hotel & Restaurant Glacier Privacy Policy.

Data Processing when Submitting Reviews

To help other users in their decision-making and support our quality management (especially in handling negative feedback), you have the opportunity to rate your stay with us on our Website. The data you provide, including your review, any attached comments, and the name you provided, may be processed and published on the Website.

Legal Basis: The legal basis for this data processing is your consent under Article 6(1)(a) of the GDPR. You can withdraw your consent at any time and request the anonymization of your review.

We reserve the right to delete unlawful reviews and contact you if there are any suspicions requiring clarification.

Additional Legal Basis: The legal basis for this processing is our legitimate interest under Article 6(1)(f) of the GDPR in providing a lawful and unaltered comment and review function and preventing misuse.

Data Processing when Submitting Guest Feedback

During or after your stay, you have the opportunity to provide feedback (e.g., positive feedback, criticism, suggestions for improvement) using a form. We collect the following data, with mandatory fields marked with an asterisk (*) in the respective form:

  • First and last name
  • Age
  • Nationality
  • Duration of stay
  • Feedback
 

We process your data for quality management to better tailor our services and products to guest needs. Specifically, this includes:

  • Clarifying your request (e.g., obtaining input from employees or supervisors, seeking further information)
  • Evaluating and analyzing feedback (e.g., compiling satisfaction statistics, comparing services)
  • Taking organizational measures based on findings (e.g., addressing deficiencies, providing training, issuing praise or warnings to employees)
 

We use a software application provided by Hotel & Restaurant Glacier AG, Endweg 55, Grindelwald, Switzerland, for guest feedback. Therefore, your data may be stored in Hotel & Restaurant Glacier AG’s database, which may allow Hotel & Restaurant Glacier AG to access your data if necessary for providing and supporting the software. Information about data processing by third parties and any transfers abroad can be found in Section 5 of this Privacy Policy.

Legal Basis: The legal basis for this data processing is your consent under Article 6(1)(a) of the GDPR. You can withdraw your consent at any time.

There is a possibility that Hotel & Restaurant Glacier AG may use some of this data for its own purposes (e.g., sending marketing emails or conducting statistical analysis). For these data processing activities, Hotel & Restaurant Glacier AG is the controller and must ensure compliance with data protection laws. Information about data processing by Hotel & Restaurant Glacier AG can be found at Hotel & Restaurant Glacier Privacy Policy.

Data Processing in connection with Video Surveillance

To ensure the safety of our guests, employees, and property, and to prevent and address unlawful behavior (e.g., theft and property damage), the entrance area and publicly accessible areas of our hotel, excluding sanitary facilities, may be monitored by cameras. The recorded images will only be viewed if there is suspicion of unlawful behavior; otherwise, the images will be automatically deleted after [288] hours.

To provide the video surveillance system, we rely on Hotel & Restaurant Glacier AG, Endweg 55, Grindelwald, Switzerland. Hotel & Restaurant Glacier AG has access to the data as necessary for providing the system. If unlawful behavior is confirmed, the data may be disclosed to enforce claims or report to consulting firms (e.g., law firms) and authorities. Information about data processing by third parties and any transfers abroad can be found in Section 5 of this Privacy Policy. Further information about data processing by Hotel & Restaurant Glacier AG can be found at Hotel & Restaurant Glacier Privacy Policy.

Legal Basis: The legal basis for this data processing is our legitimate interest under Article 6(1)(f) of the GDPR in protecting our guests, employees, and property, and safeguarding and enforcing our rights.

Data Processing when Using our Wi-Fi Network

In our hotel, you have the option to use our Wi-Fi network free of charge. To prevent misuse and address unlawful behavior, prior registration is required. During the registration process, you will provide us with the following data:

  • Phone number
  • MAC address of the device (automatically)
 

Each time the Wi-Fi network is used, data regarding the time and date of usage, the network used, and the device employed are also collected.

Legal Basis: The legal basis for this data processing is your consent under Article 6(1)(a) of the GDPR. You can withdraw your consent at any time.

For providing our Wi-Fi network, we collaborate with Hotel & Restaurant Glacier AG, Endweg 55, Grindelwald, Switzerland. Therefore, your data may be stored in Hotel & Restaurant Glacier AG’s database, which may allow Hotel & Restaurant Glacier AG to access your data if necessary for providing and supporting the software. Information about data processing by third parties can be found in Section 5 of this Privacy Policy. Further information about data processing by Hotel & Restaurant Glacier AG can be found at Hotel & Restaurant Glacier Privacy Policy.

Data Processing for Fulfilling Legal Reporting Obligations

Upon arrival at our hotel, we may require the following information from you and your accompanying persons; mandatory fields are marked with an asterisk (*) in the respective form:

  • Salutation
  • First and last name
  • Billing address
  • Date of birth
  • Nationality
  • Identity card or passport
  • Date of arrival and departure
 

We collect this information to fulfill legal reporting obligations arising from hospitality or police regulations. As required by applicable laws, we may forward this information to the competent authority.

Legal Basis: The legal basis for this data processing is our legitimate interest under Article 6(1)(c) of the GDPR in complying with our legal obligations.

Data Processing in Job Applications

You can apply for a position in our company either spontaneously or in response to a specific job advertisement. In both cases, we will process the personal data you provide.

We use the data provided to assess your application and suitability for employment. Application documents from unsuccessful applicants will be deleted at the end of the application process, unless you explicitly agree to a longer retention period or we are legally required to retain them longer.

For processing applications, we use a software application provided by Hotel & Restaurant Glacier AG, Endweg 55, Grindelwald, Switzerland. Therefore, your data may be stored in a database of Hotel & Restaurant Glacier AG, which may allow Hotel & Restaurant Glacier AG to access your data if necessary for providing and supporting the software. Information about data processing by third parties and any transfers abroad can be found in Section 5 of this Privacy Policy.

Legal Basis: The legal basis for this data processing is the execution of a contract (pre-contractual phase) under Article 6(1)(b) of the GDPR.

4. Central Data Storage And Analysis In The CRM System

If we can clearly identify you, we will store and link your personal data, contact details, contract data, and browsing behavior on our Website in a central CRM database. This centralized storage enables efficient management of customer data, facilitates the processing of your requests, and ensures the effective provision of the services you requested, as well as the execution of related contracts.

The legal basis for this data processing is our legitimate interest in the efficient management of user data under Article 6(1)(f) of the GDPR.

We also analyze this data to improve our offerings based on your needs and to provide you with relevant information and offers. This includes predicting possible interests and future orders based on your use of our Website.

For central storage and analysis of data in the CRM system, we use a software application provided by Hotel & Restaurant Glacier AG, Endweg 55, Grindelwald, Switzerland. Therefore, your data may be stored in a database of Hotel & Restaurant Glacier AG, which may access your data as necessary for providing and supporting the software. Information about data processing by third parties and any transfers abroad can be found in Section 5 of this Privacy Policy. Further details about data processing by Hotel & Restaurant Glacier AG can be found at Hotel & Restaurant Glacier Privacy Policy.

5. Disclosure And Cross-Border Transfer

Disclosure to Third Parties and Third-Party Access

To deliver our services effectively, we may need to share your personal data with third-party service providers. This disclosure is limited to what is necessary for optimal service provision.

The legal basis for this data processing is the performance of a contract under Article 6(1)(b) of the GDPR.

Your data may also be disclosed to fulfill the services you have requested, such as reservations made through us. The legal basis for these disclosures is the necessity for the performance of a contract under Article 6(1)(b) of the GDPR. For these processing activities, the third-party service providers are considered independent data controllers. They are responsible for informing you about their own data processing practices and ensuring compliance with data protection laws.

Additionally, your data may be disclosed to authorities, legal advisors, or debt collection agencies if legally required or necessary to protect our rights, including enforcing claims related to our relationship with you. Data may also be disclosed in connection with the sale or acquisition of our company or parts thereof, as necessary for due diligence or transaction completion.

The legal basis for this data processing is our legitimate interest under Article 6(1)(f) of the GDPR in protecting our rights, fulfilling our obligations, and in the sale or acquisition of our company.

Transfer of Personal Data to Third Countries

We may transfer your personal data to third parties located abroad when necessary for the data processing described in this Privacy Policy. Specific data transfers are outlined in Section 3. We ensure that such transfers comply with applicable legal requirements for disclosing personal data to third parties.

Data may be transferred to countries deemed to have adequate data protection by the Federal Council and the European Commission (such as EEA member states or Switzerland), as well as to countries with less stringent data protection (such as the USA). For countries with inadequate protection levels, we implement appropriate safeguards to ensure your data is protected. These safeguards may include standard contractual clauses as described in Article 46(2)(c) of the GDPR. Details about these safeguards can be found on the websites of the Federal Data Protection and Information Commissioner (FDPIC) and the EU Commission.

If you have any questions regarding these measures, please contact our data protection officer (see Section 2).

Information on Data Transfers to the USA

Some of the third-party service providers mentioned in this Privacy Policy are based in the USA. For users residing or based in Switzerland or the EU, it is important to note that certain third-party service providers mentioned in this privacy statement are located in the USA.

US authorities have surveillance measures that may allow for the storage of personal data transmitted from Switzerland or the EU to the United States. This occurs without differentiation, limitation, or exception based on the purpose for which the data is collected and without objective criteria restricting US authorities’ access to and use of the data. Affected individuals from Switzerland or the EU may not have legal remedies or effective judicial protection against such access rights, which means US authorities can access and use the data without limitations.

This situation is highlighted to ensure that you can make an informed decision regarding your consent to the use of your data.

For users residing in Switzerland or a member state of the EU, the United States is considered not to provide an adequate level of data protection. When data recipients (such as Google) are located in the United States, we will ensure through contractual arrangements with these companies, and if necessary, additional appropriate safeguards, that your data is adequately protected. These safeguards include standard contractual clauses as detailed in Article 46(2)(c) of the GDPR. More information about these clauses can be found on the Federal Data Protection and Information Commissioner (FDPIC) and EU Commission websites.

6. Background Data Processing On Our Website

Data Processing when Visiting our Website (Log File Data)

When you visit our Website, the servers of our hosting provider hostpoint.ch temporarily store every access in a log file. The following data is collected without your intervention and stored by us until automatically deleted:

IP address of the requesting computer; date and time of access; name and URL of the accessed file; website from which the access was made, if applicable, with the search word used; operating system of your computer and the browser you are using (including type, version, and language setting); device type in case of access from mobile phones; city or region from which the access was made; and name of your internet service provider.

The collection and processing of this data is carried out for the purpose of enabling the use of our Website (establishing a connection), ensuring the long-term security and stability of the system, and enabling error and performance analysis and optimisation of our Website (see also Section 6.4 regarding the latter points).

In case of an attack on the network infrastructure of the Website or suspicion of other unauthorised or improper use of the Website, the IP address and other data will be analysed for clarification and defence purposes; if necessary, they may be used in civil or criminal proceedings for the identification of the respective user.

The legal basis for this data processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in the purposes described above.

Finally, when you visit our Website, we use cookies, as well as other applications and tools that rely on the use of cookies. In this context, the data described here may also be processed. For more information, please refer to the subsequent sections of this Privacy Policy, in particular to Section 6.2.

Cookies

Cookies are information files that your web browser stores on the hard drive or in the memory of your computer when you visit our Website. Cookies are assigned identification numbers that enable your browser to be identified, and allow the information contained in the cookie to be read.

Cookies are used to make your visit to our website easier, more enjoyable, and more meaningful. We use cookies for various purposes that are necessary for the desired use of the website, i.e., “technically necessary.” For example, we use cookies to identify you as a registered user after logging in, so you don’t have to log in again when navigating to different subpages. The provision of ordering and booking functions also relies on the use of cookies. Furthermore, cookies perform other technical functions necessary for the operation of the website, such as load balancing, which distributes the workload of the site across various web servers to relieve the servers. Cookies are also used for security purposes, such as preventing the unauthorised posting of content. Finally, we use cookies in the design and programming of our website, for example, to enable the uploading of scripts or codes.

The legal basis for this data processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in providing a user-friendly and up-to-date website.

Most internet browsers accept cookies automatically. However, when accessing our website, we ask for your consent to the use of non-essential cookies, especially for the use of cookies from third parties for marketing purposes. You can adjust your preferences for cookies by using the corresponding buttons in the cookie banner. Details regarding the services and data processing associated with each cookie can be found within the cookie banner and in the following sections of this privacy policy.

You may also be able to configure your browser to prevent cookies from being stored on your computer or receive a notification whenever a new cookie is being sent. On the following pages, you will find instructions on how to configure cookie settings for selected browsers.

 

Google Custom Search Engine

This website uses the Programmable Search Engine of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). This allows us to provide you with an efficient search function on our Website.

By pressing the Enter key or clicking on the search button, the search function is activated, and the search results from Google are displayed on the search results page through embedding (iFrame). When retrieving the search results, a connection is established with Google’s servers and your browser may potentially transmit the Log File Data (including IP address) listed in Section 6.1, as well as the search term you entered, to Google. This may also result in a transfer of data to servers abroad, e.g., the USA (for information on the absence of an adequate level of data protection and the proposed safeguards, see Sections 5.2 and 5.3).

The legal basis for this data processing is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in providing an efficient website search function.

Regarding the further processing of data by Google, please refer to Google’s privacy policy.

Tracking and Web Analytics Tools

General Information about Tracking

For the purpose of customizing and continuously optimizing our Website, we use the web analytics services listed below. In this context, pseudonymized usage profiles are created, and cookies are used (please also see Section 6.2). The information generated by the cookie regarding your use of our Website is usually transmitted to a server of the service provider, where it is stored and processed, together with the Log File Data mentioned in Section 6.1. This may also result in a transfer to servers abroad, e.g., the USA (for information on the absence of an adequate level of data protection and the proposed safeguards, see Sections 5.2 and 5.3).

Through the data processing, we obtain, among other things, the following information:

  • Navigation path followed by a visitor on the site (including content viewed, products selected or purchased, or services booked);
  • Time spent on the Website or specific page;
  • The specific page from which the Website is left;
  • The country, region, or city from where access is made;
  • End device (type, version, color depth, resolution, width, and height of the browser window); and
  • Returning or new visitor.

The provider, on our behalf, will use this information to evaluate the use of the Website, in particular to compile Website activity reports and provide further services related to Website usage and internet usage for the purposes of market research and the customization of the Website. For these processing activities, we and the providers may be considered joint controllers in terms of data protection to a certain extent.

The legal basis for this data processing with the following services is your consent within the meaning of Article 6(1)(a) of the GDPR. You can withdraw your consent or oppose processing at any time by rejecting or deactivating the relevant cookies in the settings of your web browser (see Section 6.2) or by using the service-specific options described below.

Regarding the further processing of the data by the respective provider as the (sole) controller, including any potential disclosure of this information to third parties, such as authorities due to national legal regulations, please refer to the respective privacy policy of the provider.

Google Analytics

We use the web analytics service Google Analytics provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, or Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

Contrary to the description in Section 6.4.1, IP addresses are not logged or stored in Google Analytics (in the version used here, “Google Analytics 4”). For accesses originating from the EU, IP address data is only used to derive location data and is immediately deleted thereafter. When collecting measurement data in Google Analytics, all IP searches take place on EU-based servers before the traffic is forwarded to Analytics servers for processing. Google Analytics utilizes regional data centers. When connecting to the nearest available Google data center in Google Analytics, the measurement data is sent to Analytics via an encrypted HTTPS connection. In these centers, the data is further encrypted before being forwarded to Analytics’ processing servers and made available on the platform. The most suitable local data center is determined based on the IP addresses. This may also result in a transfer of data to servers abroad, e.g., the USA (for information on the absence of an adequate level of data protection and the proposed safeguards, see Sections 5.2 and 5.3).

We also use the technical extension called “Google Signals,” which enables cross-device tracking. This makes it possible to associate a single website visitor with different devices. However, this only happens if the visitor is logged into a Google service during the website visits and has activated the “personalized advertising” option in their Google account settings. Even in such cases, we do not have access to any personal data or user profiles; they remain anonymous to us. If you do not wish to use “Google Signals,” you can deactivate the “personalized advertising” option in your Google account settings.

Users can prevent the collection of data related to their Website usage (including IP address) generated by the cookie as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

As an alternative to the browser plugin, users can click on this link to prevent Google Analytics from collecting data on the website in the future. This will place an opt-out cookie on the user’s device. If users delete cookies (see Section 6.2 on Cookies), they will need to click the link again.

Social Media

Social Media Profile

Our Website contains links to our profiles on the social networks of the following providers:

  • Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Privacy Policy
  • Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland, Privacy Policy
  • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, Privacy Policy
 

If you click on the icons of the social networks, you will be automatically redirected to our profile on the respective network. This establishes a direct connection between your browser and the server of the respective social network. As a result, the social network receives information that you have visited our Website with your IP address and clicked on the link. This may also involve the transfer of data to servers abroad, e.g., in the USA (for information on the absence of an adequate level of data protection and the proposed safeguards, see Sections 5.2 and 5.3).

If you click on a link to a social network while you are logged into your user account on that social network, the content of our website can be associated with your profile, allowing the social network to directly link your visit to our website to your account. If you want to prevent this, please log out of your account before clicking on the respective links. A connection between your access to our website and your user account will always be established if you log in to the respective social network after clicking on the link. The data processing associated with this is the responsibility of the respective provider in terms of data protection. Therefore, please refer to the privacy notices on the social network’s website.

The legal basis for any data processing attributed to us is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR in the use and promotion of our social media profiles.

Social Media Plugins

On our website, you can use social media plugins from the following providers:

  • Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Privacy Policy
  • Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland, Privacy Policy
  • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, Privacy Policy
 

We use these social media plugins to make it easier for you to share content from our Website. The plugins help us to increase the visibility of our content on social networks, thereby contributing to better marketing.

The plugins are deactivated by default on our Website, and therefore, no data is sent to the social networks when you simply access our Website. To enhance data protection, we have integrated the plugins in such a way that a connection is not automatically established with the servers of the social networks. Only when you activate the plugins by clicking on them, and thus give your consent to the transmission and further processing of data by the providers of the social networks, does your browser establish a direct connection to the servers of the respective social network.

The content of the plugin is transmitted directly from the social network to your browser and integrated into the Website. As a result, the respective provider receives information that your browser has accessed the corresponding page of our Website, even if you do not have an account with that social network or are not currently logged in. This information (including your IP address) is transmitted from your browser directly to a server of the provider (usually located in the USA) and stored there (for information on the absence of an adequate level of data protection and the proposed safeguards, see Sections 5.2 and 5.3). We have no influence on the scope of data collected by the provider through the plugin, although from a data protection perspective, we may be considered joint controllers with the providers to a certain extent.

If you are logged into the social network, it can assign your visit to our Website directly to your user account. If you interact with the plugins, the corresponding information is also transmitted directly to a server of the provider and stored there. The information (e.g., that you like a product or service from us) may also be published on the social network and displayed to other users. The provider of the social network may use this information for the purpose of displaying advertisements and tailoring the respective offering to your needs. For this purpose, usage, interest, and relationship profiles may be created, e.g., to evaluate your use of our Website with regard to the advertisements displayed to you on the social network, to inform other users about your activities on our Website, and to provide other services associated with the use of the social network. The purpose and scope of the data collection, further processing and use of the data by the providers of the social networks, as well as your rights in this regard and options for protecting your privacy, can be found directly in the privacy policies of the respective providers.

If you do not want the provider of the social network to associate the data collected through our Website with your user account, you must log out of the social network before activating the plugins. The legal basis for the described data processing is your consent within the meaning of Article 6(1)(a) of the GDPR. You can withdraw your consent at any time by notifying the plugin provider in accordance with the instructions provided in its privacy policy.

Online Advertising and Targeting

In general

We use services from various companies to provide you with relevant offers online. To do this, your user behavior on our website and other sites is analyzed to show you online advertising that is individually tailored to you.

Most tracking technologies (Tracking) and targeted advertising (Targeting) use cookies (see also Section 6.2), which allow your browser to be recognized across different websites. Depending on the service provider, you may also be recognized across different devices (e.g., laptop and smartphone), particularly if you have registered for a service that you use on multiple devices.

In addition to the data collected from your visit to websites (Log File Data, see Section 6.1) and through cookies (Section 6.2), the following data is used to select the most relevant advertising for you:

  • Information you provided when registering or using a service from advertising partners (e.g., gender, age group); and
  • User behavior (e.g., search queries, interactions with ads, types of websites visited, products or services viewed and purchased, newsletters subscribed to).

We and our service providers use this data to determine if you belong to our target audience and use this information to select advertisements. For example, after visiting our website, you might see ads for products or services you viewed on other sites (Re-targeting). Depending on the data, a user profile may be created and analyzed automatically; ads are then selected based on the profile information, such as demographic segments or interests. These ads may appear on various channels, including our website or app, as well as through online advertising networks like Google.

The data may also be analyzed for billing purposes with the service provider and to evaluate advertising effectiveness, helping us understand user needs and improve future campaigns. This may include information on how specific actions (e.g., visiting certain sections of our website or submitting information) are attributed to specific ads. We also receive aggregated reports from service providers about advertisement activity and user interactions with our website and ads.

The legal basis for this data processing is your consent under Article 6(1)(a) of the GDPR. You can withdraw your consent at any time by rejecting or deactivating the relevant cookies in your browser settings (see Section 6.2). Additional options for blocking advertising can also be found in the information provided by the respective service provider, such as Google.

Google Ads

As explained in Section 6.6.1, this website uses the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (We only store personal data for as long as it is necessary to carry out the processing described in this privacy policy within the scope of our legitimate interests. For contractual data, the storage is stipulated by statutory retention obligations. Requirements that oblige us to retain data arise from the accounting and tax law regulations. According to these regulations, business communication, concluded contracts, and accounting documents must be retained for up to 10 years. If we no longer need this data to provide services for you, the data will be blocked. This means that the data may then only be used if this is necessary to fulfil the retention obligations or to defend and enforce our legal interests. The data will be deleted as soon as there is no longer any legal obligation to retain it and no legitimate interest in its retention exists.) for online advertising. Google uses cookies (see the list here), which allow your browser to be recognized when you visit other websites. The information generated by the cookies about your visit to these websites (including your IP address) is transmitted to and stored by Google on servers in the United States (for information on the absence of an adequate level of data protection and the proposed safeguards, see Sections 5.2 and 5.3). Further information on data protection at Google can be found here.

The legal basis for this data processing is your consent within the meaning of Article 6(1)(a) of the GDPR. You can withdraw your consent at any time by rejecting or deactivating the relevant cookies in the settings of your web browser (see Section 6.2). Further options for blocking advertising can be found here.

7. Retention Periods

We only store personal data for as long as it is necessary to carry out the processing described in this privacy policy within the scope of our legitimate interests. For contractual data, the storage is stipulated by statutory retention obligations. Requirements that oblige us to retain data arise from the accounting and tax law regulations. According to these regulations, business communication, concluded contracts, and accounting documents must be retained for up to 10 years. If we no longer need this data to provide services for you, the data will be blocked. This means that the data may then only be used if this is necessary to fulfil the retention obligations or to defend and enforce our legal interests. The data will be deleted as soon as there is no longer any legal obligation to retain it and no legitimate interest in its retention exists.

8. Data Security

We use appropriate technical and organizational security measures to protect your personal data stored with us against loss and unlawful processing, in particular unauthorized access by third parties. Our employees and the service companies mandated by us are obliged to maintain confidentiality and uphold data protection. Furthermore, these persons are only granted access to personal data to the extent necessary for the performance of their tasks.

Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks, and we cannot, therefore, provide any absolute guarantee for the security of information transmitted in this way.

9. Your Rights

If the legal requirements are met, as a data subject, you have the following rights with respect to data processing:

  • Right of access: You have the right to request access to your personal data stored by us at any time and free of charge if we process such data. This gives you the opportunity to check what personal data concerning you we process and whether we process it in accordance with applicable data protection regulations.

  • Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed about the rectification. In this case, we will also inform the recipients of the data concerned about the adaptations we have made, unless this is impossible or involves disproportionate effort.

  • Right to erasure: You have the right to obtain the erasure of your personal data under certain circumstances. In individual cases, particularly in the case of statutory retention obligations, the right to erasure may be excluded. In this case, the erasure may be replaced by a blocking of the data if the requirements are met.

  • Right to restriction of processing: You have the right to request that the processing of your personal data be restricted.

  • Right to data portability: You have the right to receive from us, free of charge, the personal data you have provided to us in a readable format.

  • Right to object: You have the right to object at any time to data processing, especially with regard to data processing related to direct marketing (e.g., marketing emails).

  • Right to withdraw consent: You have the right to withdraw your consent at any time. However, processing activities based on your consent in the past will not become unlawful due to your withdrawal.

To exercise these rights, please send us an e-mail to the following address: privacy@hotel-glacier.ch.

  • Right of complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g., against the manner in which your personal data is processed.