Privacy Policy

 A. Data Controller

The entity responsible for the processing of personal data and thus the controller within the meaning of this Privacy Policy is Arosa Kulm-Hotel AG, Poststrasse 269, 7050 Arosa, Switzerland (“Arosa Kulm Hotel”). The person responsible for data protection can be contacted at the above postal address, by email at datenschutz@arosakulm.ch, or by telephone at +41 81 378 88 88.

We have appointed the following representative in the European Union: Kevin Hinder, Property One Partners AG, Seestrasse 455, 8038 Zurich, kevin.hinder@propertyone.ch.

B. Personal Data and Definitions

Personal data means information relating to an identified or identifiable natural person (i.e. a person who can be identified directly or indirectly), such as name, address, telephone number, email address, date of birth, etc. (“Personal Data”).

Any handling of Personal Data, irrespective of the means and procedures used, in particular the collection, procurement, storage, use, processing, disclosure, archiving or deletion of data, constitutes processing (“Processing” or “processed”).

A data subject is any natural person whose Personal Data is processed (“Data Subject”).

A controller is any private individual or federal body that, alone or jointly with others, determines the purposes and means of the processing (“Controller”).

A processor is a natural or legal person, public authority, agency or other body that processes Personal Data on behalf of the Controller (“Processor”).

C. Collection of Personal Data

Some of the Personal Data is provided to us directly by you or the Data Subjects themselves, for example when you provide it to us, make use of our services, purchase property from us, or contact us by email, telephone or in person. This includes, for example, name, contact details, date of birth, professional and business functions, financial situation, etc. We also process Personal Data that we receive from applicants for employment.

We may also collect Personal Data ourselves, for example when you or the company for which you work makes use of our services, or when we obtain data from publicly accessible sources (e.g. debt enforcement registers, land registers, commercial registers, press, internet, media, social media), such as information from media and the internet, creditworthiness information, your addresses and, where applicable, interests and other sociodemographic data.

Furthermore, we may receive data from other companies (including those within the corporate group), from authorities and other third parties ([credit agencies], [address brokers]), from your environment, or when you use our website (see section I). The data mentioned in this section is collected for the purposes set out in section D, unless otherwise stated.

Where you have given us consent to process your Personal Data for specific purposes (for example, when subscribing to a newsletter), we process your Personal Data within the scope of and on the basis of this consent. Where necessary, we may also rely on other legal bases for processing, such as the performance of a contract, the implementation of pre-contractual measures, or the safeguarding of other legitimate interests (see section D).

If you act on behalf of a third party or provide us with information relating to a third party, you declare that you are an authorised representative or agent of that third party and/or that you have obtained all necessary consents from that third party for the collection, processing, use and disclosure of their Personal Data by and to us in accordance with this Privacy Policy.

D. Purpose of Processing

We use Personal Data in particular to fulfil the purposes of our organisation, to provide our services, to initiate and perform agreements with our guests, business partners, interested parties and residential property owners, and to comply with our legal obligations. If you act for our guests, business partners, interested parties or residential property owners, you may also be affected in this capacity with your Personal Data.

In addition, we process Personal Data of you and other persons, where permitted and where we deem it appropriate, for the following purposes:

  • Provision and further development of our offers, services and websites, apps and other platforms on which we are present;
  • Communication with third parties and processing of their enquiries (e.g. job applications, media enquiries);
  • Acquisition;
  • Advertising and marketing (including the organisation of events), provided you have not objected to the use of your data;
  • Market and opinion research, media monitoring;
  • Ensuring the operation of our business, in particular IT, our websites, apps and other platforms;
  • Purchase and sale of residential property, business units, companies or parts thereof, and other corporate transactions, including the transfer of Personal Data associated therewith.

E. Retention Period

Unless an explicit retention period is stated at the time of collection or in this Privacy Policy, we process and store Personal Data only for as long as it is necessary to fulfil the purpose, unless statutory retention obligations (e.g. under commercial or tax law) prevent deletion.

Personal Data may also be retained for the period during which claims may be asserted and insofar as we are otherwise legally obliged to do so or legitimate business interests require it (e.g. for evidentiary and documentation purposes).

F. Rights of the Data Subject

Any consent given may be withdrawn at any time; this does not affect processing that has already taken place. In addition, depending on the circumstances and applicable data protection law, you have in particular the right to access, rectification, erasure or restriction of the processing of Personal Data, the right to object to processing, and the right to data portability.

Please note that exercising these rights may conflict with contractual agreements and may have consequences such as early termination of the contract or cost implications. We will inform you in advance where this is not already contractually regulated.

We are also entitled to assert statutory restrictions on Data Subject rights, for example where we are obliged to retain or process certain data, have an overriding interest in doing so, or require it for the assertion of claims.

Each Data Subject also has the right to enforce their claims before a court or to lodge a complaint with the competent data protection authority, insofar as the applicable data protection law provides for such a right. The data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

For questions regarding your rights or for further questions, suggestions or comments on data protection, please contact the person responsible for data protection using the contact details provided above (see section A).

G. Security

We protect Personal Data against loss, misuse, unauthorised access, disclosure, alteration or destruction through appropriate measures. For this purpose, we implement suitable technical and organisational measures. However, we cannot guarantee absolute data security.

Unless otherwise agreed, we accept no liability for breaches of these security provisions unless caused intentionally or by gross negligence.

H. Data Disclosure

In the course of our business activities, and where permitted and deemed appropriate, we may disclose Personal Data to third parties, either because they process data on our behalf or because they use the data for their own purposes. This includes in particular:

Our service providers (e.g. banks, insurers), including processors (such as newsletter, cloud or IT providers);

  • Dealers, suppliers, subcontractors and other business partners;
  • Members or customers;
  • Domestic and foreign authorities, offices or courts;
  • Media;
  • The public, including visitors to websites and social media;
  • Competitors, industry organisations, associations and other bodies;
  • Acquirers or parties interested in acquiring residential property, business units, companies or other parts of the corporate group;
  • Former residential property owners;
  • Other parties in potential or actual legal proceedings;
  • Other companies within the corporate group.

In this context, your Personal Data may be stored in Switzerland as well as in other European countries and the United States, where our service providers are located (e.g. Google Analytics).

If Personal Data is processed outside Switzerland or the European Economic Area, we take the steps required by applicable data protection law to ensure that your Personal Data is treated as securely and protected as in Switzerland or within the EEA, unless an exception applies. Exceptions may apply, for example, in the case of foreign legal proceedings, overriding public interests, where contract performance requires such disclosure, or where you have consented.

I. Data Processing through Use of the Website

During your visit to the website, general information is automatically collected (e.g. date of visit, time zone, type of web browser and its settings, version and language, IP address, MAC address of the device used, operating system, content accessed and the domain name of your internet service provider).

We use this data for the purposes set out in section D, in particular for marketing and administrative purposes and to ensure the functionality of the website. This data is also required to deliver and optimise website content, to ensure the long-term functionality of our IT systems and website, and to provide law enforcement authorities with information necessary for criminal prosecution in the event of a cyberattack. Certain services of the website can be activated or deactivated individually.

1. SSL Encryption

This website uses SSL encryption for security reasons and to protect the transmission of confidential content. You can recognise an encrypted connection by the change from “http://” to “https://” in the browser address line.

2. Server Log Files

The provider of this website automatically collects and stores information in so-called “server log files”, which your browser automatically transmits to us. This includes in particular the information listed at the beginning of section I.

3. Use of Cookies
3.1 Definition

“Cookies” are small files stored on users’ devices. Cookies can store various types of information. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after a visit to an online service. Temporary cookies (“session cookies” or “transient cookies”) are deleted after a user leaves an online service and closes their browser. Permanent or persistent cookies remain stored after the browser is closed. These may store login status or user interests for reach measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than the controller operating the online service (otherwise referred to as “first-party cookies”). We may use temporary and permanent cookies.

3.2 Necessary Cookies

Necessary cookies are files sent to the browser on your computer’s hard drive to ensure the functionality of the website and enable certain features. These cookies do not require user consent.

3.3 Statistics Cookies

Statistics cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously.

3.4 Unclassified Cookies

Unclassified cookies are cookies that we are currently attempting to classify together with providers of individual cookies.

3.5 Enabling, Disabling and Deleting Cookies

All web browsers allow users to enable, disable or delete cookies by configuring the browser settings accordingly. If cookies are disabled or deleted in whole or in part, not all website functions may be available.

3.6 Cookies and Personal Data

As a rule, the cookies we use do not store Personal Data. However, Personal Data that we or third-party providers commissioned by us store about you (e.g. if you have a user account with us or such providers) may be linked to technical data or information stored in cookies and thus possibly to your person.

 

Name Funktion (Zweck) Anbieter Dauer Origin/Domain Kategorie Rechtsgrundlage
_ga Distinguishing users (client ID) Google (GA4) 2 years .arosakulm.ch Statistics Consent (analytics_storage=granted)
_ga_4H6CPE80RB Session/event status for stream 13363969412 (Measurement ID G-4H6CPE80RB) Google (GA4) 2 years .arosakulm.ch Statistics Consent
_gid Distinguishing users per day Google (GA4) 24 hours .arosakulm.ch Statistics Consent

 

4. Pixel

We may use visible and invisible image elements on our website, newsletters and other marketing emails, which allow us to determine if and when you opened the website or email. This helps us measure and better understand how our offers are used and tailor them to you. You can block this in your email program.

5. Web Analytics Services

Wir We use Google Analytics analysis services on our websites. These services are provided by third parties, which may be located in Switzerland or another country. The service provider in this case is Google Ireland Limited, Dublin, Ireland. If you have registered with the service provider yourself, the provider may also know you. The processing of your Personal Data by the provider is then carried out under the provider’s responsibility in accordance with its privacy policy. The provider only informs us how our website is used (no personal information about you).

6. Integration of Google Services

We use Google services on our website: Analytics and Tag Manager. The relevant Google company is based in Ireland. Google Ireland relies on Google LLC (USA) as a processor (together “Google”). Although we assume that the data accessed and stored by Google when using our website does not constitute Personal Data, it is possible that Google may draw conclusions about the identity of visitors and link this data with Google accounts. Processing then takes place under Google’s responsibility in accordance with its privacy policy.

For Google Analytics, we have configured the service so that IP addresses of visitors are truncated in Europe before any possible transfer to the USA. We have disabled “Data Sharing” and “Signals”. We only receive aggregated usage information.

7. Links to Other Websites

The website contains links to other websites. We have no influence over whether their operators comply with applicable data protection regulations and disclaim any responsibility or liability for third-party websites accessible via links.

8. Social Media Plugins and Presence
8.1 Plugins

Our website contains social media plugins from networks such as Facebook and Instagram, usually embedded as graphic files. These elements are configured to be deactivated by default. When activated, the respective social network operators may register that you are visiting our website and may use this information for their own purposes. Processing takes place under their responsibility. We receive no personal data about you.

8.2 Presence

We may operate online presences on social networks and other third-party platforms. We receive data from you and the platforms when you interact with us there. The platforms also analyse your usage and link it with other data known to them. They process this data for their own purposes, particularly marketing.

Content published by you may be further disseminated by us. Content may also be deleted or restricted in accordance with usage guidelines.

We currently use the following platforms:

  • Instagram
  • Facebook
  • LinkedIn

J. Final Provisions

This Privacy Policy does not form part of a contract with you. We reserve the right to amend this Privacy Policy at any time without notice. The version published on our website at the relevant time shall apply. We therefore recommend consulting this Privacy Policy regularly.

In addition to this Privacy Policy, we may inform you separately about the processing of your data, for example through additional specific privacy notices relating to particular relationships, where applicable.