Privacy Policy

AVES Management AG, Poststrasse 29, 7050 Arosa, operates the Hotel AVES Arosa and is the operator of the website www.aves-arosa.ch, and is therefore responsible for the collection, processing, and use of your personal data and the compatibility of data processing with applicable data protection law.
Your trust is important to us, which is why we take data protection seriously and pay attention to appropriate security. Of course, we comply with the legal provisions of the Federal Data Protection Act (DSG), the Ordinance to the Federal Data Protection Act (VDSG), the Telecommunications Act (FMG), and other applicable data protection provisions of Swiss or EU law, in particular the General Data Protection Regulation (GDPR).

To ensure you know what personal data we collect from you and for what purposes we use it, please take note of the following information.

A. Data Processing in Connection with Our Website

Accessing Our Website

When you visit our website, our servers temporarily store every access in a log file. The following technical data is collected without your intervention and stored by us for up to 30 days before being automatically deleted:

The IP address of the requesting computer,
The name of the owner of the IP address range (usually your Internet access provider),
The date and time of access,
The website from which the access was made (Referrer URL), if applicable, with the search term used,
The name and URL of the retrieved file,
The status code (e.g., error message),
Your computer’s operating system,
The browser you use (type, version, and language),
The transmission protocol used (e.g., HTTP/1.1), and
Your username from a registration/authentication, if applicable.

The collection and processing of this data is carried out for the purpose of enabling the use of our website (establishing a connection), ensuring long-term system security and stability, and allowing the optimization of our internet offering as well as for internal statistical purposes. This constitutes our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR.
The IP address is further evaluated together with the other data in cases of attacks on the network infrastructure or other unauthorized or abusive website uses for clarification and defense, and if necessary, used in criminal proceedings for identification and civil and criminal prosecution against the users concerned. This constitutes our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR.

Use of Our Contact Form

You have the option to use a contact form to get in touch with us. For this, we require the following information:

First and Last Name
Email Address
Message

We use this data, as well as a telephone number you voluntarily provide, only to answer your contact request in the best possible and personalized way. The processing of this data is therefore necessary in the sense of Art. 6 para. 1 lit. b GDPR for the implementation of pre-contractual measures or is in our legitimate interest according to Art. 6 para. 1 lit. f GDPR.

Registration for Our Newsletter

You have the option to subscribe to our newsletter on our website. Registration is required for this. As part of the registration, the following data must be provided:

Form of address
First and Last Name
Email Address

The above data is necessary for data processing. We process this data exclusively to personalize the information and offers sent to you and to better align them with your interests. By registering, you give us your consent to process the provided data for the regular sending of the newsletter to the address you have given and for the statistical evaluation of usage behavior and optimization of the newsletter. This consent constitutes our legal basis for processing your email address in the sense of Art. 6 para. 1 lit. a GDPR. We are entitled to commission third parties with the technical handling of advertising measures and are entitled to pass on your data for this purpose (see below point 13).
At the end of each newsletter, there is a link through which you can unsubscribe from the newsletter at any time. When unsubscribing, you can voluntarily inform us of the reason for unsubscribing. After unsubscribing, your personal data will be deleted. Further processing will only take place in anonymized form to optimize our newsletter.

Booking on the website, by correspondence, or by phone call

When you make bookings either through our website, by correspondence (email or postal mail), or by phone call, we require the following data for contract processing:

Form of address
First and Last Name
Postal address
Date of Birth
Phone number
Language
Credit card information
Email Address

We will only use this data and any additional information you voluntarily provide (e.g., expected arrival time, vehicle license plate, preferences, remarks) for contract processing, unless otherwise stated in this privacy policy or you have given separate consent. We will process the data specifically to record your booking as requested, provide the booked services, contact you in case of uncertainties or problems, and ensure correct payment.
The legal basis for data processing for this purpose is the fulfillment of a contract according to Art. 6 Para. 1 lit. b GDPR.

Cookies

Cookies help in many aspects to make your visit to our website easier, more pleasant, and more meaningful. Cookies are information files that your web browser automatically saves on your computer’s hard drive when you visit our website.

We use cookies, for example, to temporarily store your selected services and inputs when filling out a form on the website, so you don’t have to repeat the input when calling up another subpage. Cookies may also be used to identify you as a registered user after registration on the website without having to log in again when calling up another subpage.

Most internet browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears when you receive a new cookie. On the following pages, you will find explanations on how to configure the processing of cookies for the most common browsers:

Deactivating cookies may result in you not being able to use all functions of our website.

Tracking Tools / General

For the purpose of demand-oriented design and continuous optimization of our website, we use the web analysis service Google Analytics. In this context, pseudonymized user profiles are created and small text files stored on your computer (‘cookies’) are used. The information generated by the cookies about your use of this website is transmitted to the servers of the providers of these services, stored there, and processed for us. In addition to the data listed under point 1, we may receive the following information:

Navigation path a visitor takes on the site,
Time spent on the website or subpage,
The subpage on which the website is exited,
The country, region, or city from where access occurs,
Device (type, version, color depth, resolution, width and height of the browser window) and
Returning or new visitor.

The information is used to evaluate the use of the website, to compile reports on website activities, and to provide other services related to website and internet use for market research purposes and demand-oriented design of this website. This information may also be transferred to third parties if required by law or if third parties process this data on behalf.

Google Analytics

The provider of Google Analytics is Google Inc., a company of the holding company Alphabet Inc., based in the USA. Before transmitting the data to the provider, the IP address is shortened within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area by activating IP anonymization (‘anonymizeIP’) on this website. The anonymized IP address transmitted by your browser within the scope of Google Analytics is not combined with other data from Google. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. In these cases, we ensure through contractual guarantees that Google Inc. maintains an adequate level of data protection. According to Google Inc., the IP address will not be associated with any other data concerning the user under any circumstances.

You can find further information about the web analysis service used on the Google Analytics website. Instructions on how to prevent the processing of your data by the web analysis service can be found at http://tools.google.com/dlpage/gaoptout?hl=en

Use of juicer.io for Social Media Fan Channel

We use www.juicer.io to display various posts from social media portals. Juicer itself does not collect any personal data of visitors who visit this feed. You can read details in Juicer’s Privacy Policy: www.juicer.io/privacy

B. Data Processing in Connection with Your Stay

Data Processing to Fulfill Legal Reporting Obligations

Upon arrival at our hotel, we may need the following information from you and your accompanying persons:

First and Last Name
Postal Address and Canton
Date of Birth
Place of Birth
Nationality
Official Identification Document and Number
Arrival and Departure Date
Room Number

We collect this information to fulfill legal reporting obligations, which arise in particular from hospitality or police law. To the extent that we are obligated to do so under the applicable regulations, we forward this information to the responsible police authority.
Our legitimate interest in fulfilling the legal requirements is in accordance with Art. 6 Para. 1 lit. f GDPR.

Recording of Services Used

If you use additional services during your stay (e.g., use of the mini-bar or pay-TV offer), we record the service item and the time of service use for billing purposes. The processing of this data is necessary for the execution of the contract with us in accordance with Art. 6 Para. 1 lit. b GDPR.

C. Storage and Exchange of Data with Third Parties

Booking Platforms

If you make bookings through a third-party platform, we receive various personal information from the respective platform operator. This usually includes the data listed in Section 5 of this privacy policy. In addition, inquiries about your booking may be forwarded to us. We will process this data in particular to record your booking as requested and to provide the booked services. The legal basis for data processing for this purpose is the fulfillment of a contract according to Art. 6 Para. 1 lit. b GDPR.
Finally, we may be informed by the platform operators about disputes in connection with a booking. In this case, we may also receive data about the booking process, which may include a copy of the booking confirmation as proof of the actual booking conclusion. We process this data to protect and enforce our claims. This constitutes our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR.
Please also note the privacy policy of the respective provider.

Central Storage and Linking of Data

We store the data specified in Sections 2-5 and 8-10 in a central electronic data processing system. Your data is systematically recorded and linked for the processing of your bookings and the execution of contractual services. For this purpose, we use software from Protel Hotelsoftware GmbH, 44269 Dortmund, Germany. We base the processing of this data within the framework of the software on our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR in customer-friendly and efficient customer data management.

Retention Period

We store personal data only for as long as necessary to use the above-mentioned tracking services and other processing within the scope of our legitimate interest. We retain contract data for a longer period as required by statutory retention obligations. Retention obligations that require us to store data arise from regulations on registration law, accounting, and tax law. According to these regulations, business communications, concluded contracts, and booking records must be retained for up to 10 years. If we no longer need this data to provide services to you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.

Disclosure of Data to Third Parties

We only share your personal data if you have expressly consented, if there is a legal obligation to do so, or if it is necessary to enforce our rights, particularly to enforce claims arising from the contractual relationship. In addition, we share your data with third parties insofar as this is necessary within the scope of using the website and contract processing (including outside the website), namely the processing of your bookings.
A service provider to whom the personal data collected via the website is transferred or who has or may have access to it is our web host Hoststar – Multimedia Networks AG, 3312 Fraubrunnen, Switzerland. The website is hosted on servers in Switzerland. The data is transferred for the purpose of providing and maintaining the functionality of our website. This constitutes our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
Finally, when you make a credit card payment on the website, we forward your credit card information to your credit card issuer and the credit card acquirer. If you choose to pay by credit card, you will be asked to enter all necessary information. The legal basis for the transfer of data is the fulfillment of a contract pursuant to Art. 6 para. 1 lit. b GDPR. Regarding the processing of your credit card information by these third parties, please also read the general terms and conditions and the privacy policy of your credit card issuer.
Please also note the information in sections 7-8 and 10-11 regarding the transfer of data to third parties.

Transfer of Personal Data Abroad

We are entitled to transfer your personal data to third-party companies (commissioned service providers) abroad for the purposes of data processing described in this privacy policy. These are obligated to data protection to the same extent as we are. If the level of data protection in a country does not correspond to that of Switzerland or the European Union, we ensure contractually that the protection of your personal data corresponds to that in Switzerland or the EU at all times.

D. Further Information

Right to Information, Rectification, Deletion and Restriction of Processing; Right to Data Portability

You have the right to request information about the personal data we store about you upon request. In addition, you have the right to correct inaccurate data and the right to delete your personal data, as long as there is no legal retention obligation or legal basis that allows us to process the data.

You also have the right to reclaim from us the data you have provided to us (right to data portability). On request, we will also pass the data on to a third party of your choice. You have the right to receive the data in a common file format.

You can contact us for the aforementioned purposes via the email address homebase@aves-arosa.ch. We may, at our own discretion, require proof of identity to process your requests.

Data Security

We use appropriate technical and organizational security measures to protect your personal data stored with us against manipulation, partial or complete loss, and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

You should always treat your access data confidentially and close the browser window when you have finished communicating with us, especially if you share the computer with others.

We also take internal company data protection very seriously. Our employees and the service providers commissioned by us have been obligated to maintain confidentiality and comply with data protection regulations.

Note on Data Transfers to the USA

For the sake of completeness, we inform users residing or based in Switzerland that surveillance measures exist in the USA by US authorities, which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This occurs without differentiation, restriction, or exception based on the pursued goal and without an objective criterion that would allow limiting the access of US authorities to the data and its subsequent use to very specific, strictly limited purposes that could justify the associated intervention with both access to this data and its use. Furthermore, we point out that there are no legal remedies available in the USA for affected persons from Switzerland that would allow them to gain access to the data concerning them and to obtain its correction or deletion, or that there is no effective judicial legal protection against general access rights of US authorities. We explicitly inform those affected about this legal and factual situation in order to make an appropriately informed decision to consent to the use of their data.

We inform users residing in a member state of the EU that the USA does not have an adequate level of data protection from the European Union’s perspective – among other things due to the issues mentioned in this section. Insofar as we have explained in this privacy policy that recipients of data (such as Google) have their headquarters in the USA, we will ensure either through contractual arrangements with these companies or by ensuring the certification of these companies under the EU or Swiss-US Privacy Shield that your data is protected at an appropriate level by our partners.