Imprint & data protection
Via Nova 38
CH-7017 Flims Dorf
A product of Shared Services by Graubünden Ferien, developed in cooperation with CLUS AG
Tel. +41 81 254 24 99
Design & Implementation
CLUS AG Werbeagentur
Hotel Vorab, represented by Beatrice Meiler, operates the website hotelvorab.ch and is responsible for the collection, processing and use of your personal data. Therefore, Hotel Vorab is likewise responsible for ensuring that all processing takes place in accordance with applicable law.
The protection of your personal data is our big concern. We take data protection seriously and pay attention to the safety of your data. We adhere to all applicable laws, in particular, Swiss Data Protection Act (FADP) and the regulations to this law (OFADP), as well as the regulations of the Telecommunications Law (TCA). Insofar as applicable, we also adhere to the regulations of the Basic Data Protection Regulations (GDPR) of the European Union.
It is important to us that you know which personal data we collect from you, how these data are collected and processed, and for which purpose these are obtained. With the use of our website, you consent to the processing of all the data within the meaning of Art. 6, 1 lit. a GDPR. Please, take a moment to read the following information.
I. Which data will we process when you visit our website?
If you visit our Website, our servers store each access temporarily in a log file. In the process, the following data are collected automatically:
• the IP address of the inquiring computer
• the date and the time of the access
• the name and the URL of the called up file
• the website, which initialises the access
• the operating system of your computer and the browser used by you
• the country from which you have accessed the website and the language settings of your browser
• the name of its internet access providers.
The collection and processing of these data take place to allow the access to our website (dial-up), to ensure the system security and stability, for the optimisation of our internet offers, as well as for internal statistic purposes. The IP address is used in particular to capture your country of residence and to set appropriate default settings (e.g. language). The IP address is also stored to enable us to react appropriately to attacks on our internet infrastructure. All these reasons justify our interest in this data acquisition and processing in the sense of Art. 6, 1 lit. a GDPR.
Finally, we would like to point out that we use so-called cookies, tracking tools and Social Media plug-ins at the time of your visit of our website (more detailed information in sections V to VIII), and that raised data may be passed on to third parties and/or abroad (more detailed information in sections IX and X).
II. Which data will we process, if you use our contact form?
You have the opportunity to use a contact form on our website in order to get in touch with us. The input of certain data is mandatory, while the input of other data is voluntary:
• title (mandatory)
• first name and surname (mandatory)
• address (street, house number, place, postal code (voluntary)
• telephone number (voluntary)
• e-mail address (mandatory)
• arrival and departure (mandatory)
We will highlight all mandatory data as such. If this information is not made available, the delivery of our services may be obstructed. The provision of other information is voluntary and has no influence on the use of our website. We use these data only to answer your contact inquiry personalised and in the best possible way. This also justifies our interest in the sense of Art. 6, 1 lit. a GDPR. You may object to this data processing at any time. This is described more detailed in section XIII.
III. Which data will we process, when you subscribe to our newsletter?
You have the option of subscribing to our newsletter on our website. This requires a registration. The registration process requires the provision of the following data:
• address (mandatory)
• first and surname (mandatory)
• e-mail address (mandatory)
These data are necessary for data processing. In addition, you may indicate voluntarily other data (date of birth and country). We use these data exclusively to personalise forwarded information and offers according to your interests.
For the dispatch our newsletter we use E-Marketing Suite [software]. The data protection regulations [software] are specified under [link to data protection regulations of this software]. Please take a moment to read these data protection regulations. Our newsletter may also contain a so-called Web Beacon (tracking pixel) or similar technical means. A Web Beacon is a 1×1 pixel sized, non-visible graphic, which is connected to the user ID of the respective newsletter subscriber.
The access to relevant services allows for the evaluation whether the e-mails with our newsletter were opened. Additionally, we may also collect and evaluate the clicking behaviour of the newsletter recipient. We use this data for statistic purposes and the optimisation of the newsletters in terms of content and structure. This will help us to tailor the information and offers in our newsletter to the individual interests of the respective receiver. The counting pixel will be deleted once you delete the newsletter. In order to prevent tracking pixels in our newsletter, you will have to adjust please your e-mail program in such a way that messages do not indicate HTML.
With the registration, you consent to the processing of the indicated data for the regular dispatch of the newsletters to the address indicated by you, and for the statistic evaluation of the use behaviour for the optimisation of the newsletters. This consent constitutes our legal basis for the processing of the indicated personal data in the sense of Art. 6, 1 lit. a GDPR. The stated purposes for analysis also constitute our justified interest in the sense of Art. 6, 1 lit. a GDPR.
At the end of each newsletter, we specify a link which allows you to cancel the newsletter at any time. Thereby, you may unsubscribe from the entire newsletter or only from certain channels. If you decide to unsubscribe from newsletter as the whole, all your relevant data in our system are going to be deleted.
IV. What happens with your data, when you place an order or make a booking or reservation with a third party on our website?
On our website, there are different options to make bookings or reservations or to request information and other services. Third parties usually provide corresponding services. As far as necessary, relevant collected data will be passed to these third parties. This concerns, for example, the following data:
• address and/or company
• first and surname
• address (road, house number, postal code, place, country)
• additional contact data (e-mail address, telephone number)
• credit card or other payment data Mandatory information will be marked as such.
It all concerns information, which is necessary to provide the booking services. The provision of additional information is voluntary and has no influence on the use of our website or the booking services. We would also like to point out that the provided data are usually collected and stored directly by the third party offering a booking service and/or are passed on to third parties by us. Insofar the provider of a booking service keeps processing the raised data independently, the data protection regulations of the respective service provider shall apply, and we would like you to consult these providers as well. The legal basis for this processing of data is to be found in the fulfilment of a contract in the sense of Art. 6, 1 lit. b GDPR.
V. Which of your data are raised and processed for advertising purposes?
In the following section, we would like to point out the data which are raised and processed for advertising purposes, and how this happens. The processing of these data takes place supported by a justified interest in the sense from Art. 6 exp. 1 lit. f GDPR, whereby our interest lies particularly in direct marketing and the analysis and evaluation of the use of our website. With the use of our website, you also consent to the processing of these data in the sense of Art. 6, 1 lit. a GDPR.
1. Creation of pseudonymised user profiles
In order to provide you with personalised services and information on our website (on-site-targeting), we use and analyse the data, which we collect during your visit to the website. With necessary processes, so-called cookies may be employed (more information in section VI). The analysis of your user behaviour may lead to the creation of a so-called use profile. A consolidation of the use data is only conducted with aliases, however, never with personal, non-pseudonymised data.
In order to enable personalised marketing in social networks, we include so-called remarketing pixels from Facebook and Twitter on the website. Should you have an account with any included such social network, and should you be logged on at such network at the time of the website visit, this pixel will link the page visit with your account. To prevent this linkage, you need to log off from any respective account before visiting the website. You can include additional settings concerning advertising in the user profile of all relevant social networks.
We use so-called retargeting technologies on our website. This analyses your user behaviour on our website, to offer you afterwards individually selected and tailormade advertising on partner websites. Your user behaviour is recorded under a pseudonym. Most retargeting technologies work with so-called cookies (more information on cookies in section VI).
Additional information on the used retargeting technologies and the related data processing is available under the following link: [link to the list with retargeting technologies and additional information]
You can prevent the retargeting at any time by rejecting or switching off relevant cookies in the menu bar of your web browser (more information on cookies in section VI). Additionally, you can request from the Digital Advertising Alliance website under optout.aboutads.info an opt-out for the mentioned additional advertising and retargeting tools.
VI. What are Cookies and what are they used for?
VII. What are tracking tools and what are they used for?
We use various additional so-called tracking tools on our website. These tracking tools observe your surfing behaviour on our website. We use this information to facilitate a user-oriented design and ensure the constant optimisation of our website. In this context, we create pseudonymised use profiles as well as cookies. Additional information on the used tracking tools and the related data processing is available under the following link: [link to the list with tracking tools and additional information]
VIII. What are social media plugins and to what are these used for?
The following described social media plugins are used on our website. By default, the plugins are deactivated on our website and won’t send any data. With a click on the respective social media button, plugins are activated. If these plugins are activated, your browser connects directly with the servers of the respective social network, as soon as you call up one of our websites. Contents of the plugins are transmitted directly from the social network to your browser and integrated with the website. The plugins can be deactivated once more with one click. Additional important information is available in the respective data protection statements of the following social networks.
We use social plugins from Facebook on our website to create a more personal web presence. This concerns an offer of the US corporation Facebook Inc.. 1601 S. California Ave, Palo Alto, CA 94304, USA. We use their “LIKE “or “SHARE” button. With the integration of these plugins, Facebook receives the information that your browser called up the relevant page with our web appearance, even if you don’t have a Facebook account, or if you are not logged on to your Facebook account at the time. This information (including your IP address) is sent by your browser directly to a Facebook server in the USA and stored there.
If you are logged on to your Facebook account, Facebook can assign your website visit directly to your Facebook account. If you interact with the plugins, for example, press the “LIKE“ or “SHARE” button, relevant information will be directly submitted to a Facebook server and stored there. The information will also be published on Facebook and shown to your Facebook friends.
Facebook may use this information for the purposes of advertising, market research and needs-based design of Facebook pages. For this purpose, Facebook creates use, interest and relations profiles, e.g. in order to evaluate your use of our website with regards to the visible adverts on Facebook, to inform other Facebook users about your activities on our website, and to provide other services related to the use of Facebook.
If you did not like the fact that Facebook assigns the data, collected on our web appearance, to your Facebook account, you need to log out of your Facebook account before visiting our website. You can read about the purpose and extent of the data collection, and the further processing and use of the data by Facebook, as well as your relevant rights and setting options for the protection of your privacy, in the Facebook data protection notice.
IX. Are collected data passed on to third parties?
We only share your personal data with your express consent, if we have a legal obligation to do, or if it is deemed to be necessary for the enforcement of our rights, in particular for the enforcement of claims arising from the relationship between you and the Hotel Vorab. Beyond that, we share your data to third parties, as far as this necessary in the context of the use of the website and for the supply of your desired services, as well as the analysis of your user behaviour; details as described above. Insofar as required for the above-mentioned purposes, data may be passing also abroad. Sections on our website containing links to third party websites, Hotel Vorab has no influence on the collection, processing, storage or use of personal data by third parties after clicking on that link and assumes, to the extent permitted by law, no responsibility or liability.
X. Are data transmitted abroad?
1. General information
Hotel Vorab is entitled to the transfer of your personal data to third parties (i.e. assigned service providers) abroad if this is necessary for the processing of data described in this data protection statement. These third parties are obligated to data protection to the same extent as we are. If the data protection level in a country does not comply with Swiss and/or European guidelines, we contractually ensure that the data protection standard of the third party corresponds to the level of protection of your personal data in Switzerland and/or the European Union at any time.
2. Data transfer to the USA
For reasons of completeness, we would like to point that the USA has implemented monitoring measures of US authorities, which generally allow the storage of all personal data of all persons, whose data have been transmitted from Switzerland to the USA. This is applied without differentiation, restriction or exception on the basis the pursued goal, and without an objective criterion, which makes it possible to limit the access of the US authorities to the data and their later use to particular, strictly limited purposes, which in turn would justify both, the access to these data and act related to their use. In addition, we would like to point out you that there are no legal remedies available in the USA, which permit you to obtain access to your personal data and to effect their correction or deletion. There is no adequate judicial legal protection against general rights of access of US authorities at present.
It is important for us to inform you about these facts and legal circumstances, which will enable you to make an informed decision in terms of consent to the use of your data. Users with domicile in a member state of the European Union should know that the USA does not provide, in the view of the European Union – among other things, due to the topics specified in this section – a sufficient data protection level.
As far as we explained in this data protection statement that receivers of data (e.g. Google, Facebook and Twitter) have their seat in the USA, we will ensure by either contractual regulations with these companies, or by securing a certification of these companies under the EU-US-Privacy Shield, that your data are adequately protected with our partners.
XI. Data security and privacy
We use appropriate technical and organisational safety precautions to protect your personal data stored with us against manipulation, partial or complete loss and from unauthorised access of third parties. Our safety precautions are sequentially improved in line with all recent technical developments. It is important to us that you always treat your payment information (in particular, credit card data) confidentially. We recommend closing the browser window once you terminated communication with us, in particular, if you use one computer together with other people. We also take in-house data security very seriously. Our employees and contracted service providers are obligated to discretion and the adherence of the data protection regulations.
XII. Storage of data
We store personal data only as long as necessary;
• in order to use the already specified tracking, advertising and analysis services in the context of our entitled interest;
• in order to implement services to the already specified extent of your requests or within the scope of your consent;
• in order to follow our legal obligations.
We store data connected with the conclusion or the fulfilment of a contract for a more extended period of time since this is prescribed for us by legal retention obligations, such as accounting regulations and the tax law. In accordance with these regulations, business communication, concluded contracts and accounting records have to be stored for up to 10 years. Insofar as we do not need these data any longer for the execution of the services to you, these data will be blocked as a matter of principle. This means that these data may be only used for accounting and tax purposes.
XIII. Your rights
They have the right to request information concerning your personal data, which are stored by us, free of charge. Additionally, you have the right to correction of incorrect data and the right to deletion of your personal data, as far as there are no opposing legal storage obligations or permission facts, permitting us to the processing of the data. According to Art. 18 and 21 GDPR, you have the right to request a restriction of the data processing, as well as to object to the data processing. You have the right to demand the return of those data you have handed to us (right to data portability). On request, we will also share the data with third parties of your choice. You have the right to receive the data in a standard file format.
If data processing is based on your consent, you may recall this consent at any time.
You can contact us for the aforementioned purposes by e-mail – email@example.com. You can also tell us, what has to happen with your data after your death by giving us appropriate instructions. For the processing of your requests, we may require, in our discretion, proof of identity. If you contact us, we strive to respond to you as quickly as possible with an answer and the desired steps.
If your place of residence is in an EU-state, you have the right to file a complaint with a data protection supervisory authority at any time.