Data protection
This privacy policy provides information about the processing of personal data in connection with our activities at www.hotelchalavaina.ch-Website, including organizations accessible via links, and our other online offerings (collectively referred to as “online offerings”). 
 

1. Contact details
Responsibility for the online offering:

Chasa Chalavaina Foundation and press contact
T 081 858 54 68 - info@hotelchalavaina.ch

2. Processing of personal data
2.1 Definitions
Personal data is any information relating to an identified or identifiable person. A data subject is a person whose personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, procurement, collection, deletion, saving, modification, destruction, and use of personal data.

2.2 Legal basis
We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (FADP).

2.3 Type, scope, and purpose
We process the personal data that is necessary to provide our online services in a permanent, user-friendly, secure, and reliable manner. Such personal data may fall into the categories of inventory and contact data, content data, usage data, and marginal data, as well as contract data and payment data.

We process personal data for the period of time required for the respective purpose or purposes or as required by law. Personal data that no longer needs to be processed is anonymized or deleted.

We only process personal data with the consent of the data subject, unless processing is permitted for other legal reasons, for example to fulfill a contract with the data subject and for corresponding pre-contractual measures, to protect our overriding legitimate interests, because processing is apparent from the circumstances, or after prior notification.

In this context, we process in particular information that a data subject voluntarily and personally provides to us when contacting us—for example, by letter, email, contact form, social media, or telephone—or when registering for a user account. We may store such information in an address book or similar tools, for example. If you transmit personal data from third parties to us, you are obliged to ensure data protection vis-à-vis such third parties and to ensure the accuracy of such personal data.

We also process personal data that we receive from third parties, obtain from publicly available sources, or collect when providing our online services, provided that such processing is permitted for legal reasons.

Personal data based on job applications is only processed if it relates to suitability for employment or is necessary for the subsequent execution of an employment contract. The personal data required for an application is based on the information requested or provided, for example in the job description. Applicants have the option of voluntarily providing additional information for their respective applications.

2.4 Processing of personal data by third parties, including abroad
We may have personal data processed by third parties, in particular contract processors, or process it jointly with third parties or with the help of third parties, or transfer it to third parties. Such third parties are in particular providers whose services we use. We also ensure adequate data protection with such third parties.

Such third parties are generally located in Switzerland and in the European Economic Area (EEA), including the European Union (EU). However, such third parties may also be located in other countries on Earth and elsewhere in the universe, provided that their data protection laws guarantee adequate data protection in the opinion of the Federal Data Protection and Information Commissioner (FDPIC), or if, for other reasons, such as a corresponding contractual agreement, in particular based on standard contractual clauses, or corresponding certification, ensures adequate data protection. For third parties in the United States of America (USA), certification under the Privacy Shield can ensure adequate data protection. In exceptional cases, such a third party may be located in a country without adequate data protection, provided that the data protection requirements, such as the express consent of the data subject, are met.

3. Rights of data subjects
Data subjects whose personal data we process have rights under Swiss data protection law. These include the right to information and the right to correction, deletion, or blocking of the processed personal data

Data subjects whose personal data we process have the right to lodge a complaint with a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

4. Data security
We take appropriate and suitable technical and organizational measures to ensure data protection and, in particular, data security. However, despite such measures, the processing of personal data on the Internet can always be subject to security vulnerabilities. We therefore cannot guarantee absolute data security.

Access to our online offering is provided via transport encryption (SSL/TLS with HTTPS).

Access to our online offering is subject—as is all Internet use—to mass surveillance without cause or suspicion, as well as other surveillance by security authorities in Switzerland, the European Union (EU), the United States of America (USA), and other countries. We cannot directly influence the processing of personal data by secret services, police agencies, and other security authorities.

5. Use of the website
5.1 Cookies
We may use cookies for our website. Cookies—including those from third parties whose services we use (third-party cookies)—are text files that are stored in your browser. Cookies cannot execute programs or transmit malware such as Trojans and viruses.

When you visit our website, cookies may be stored temporarily in your browser as “session cookies” or for a specific period of time as so-called permanent cookies. “Session cookies” are automatically deleted when you close your browser. Permanent cookies enable us to recognize your browser the next time you visit our website and thus measure the reach of our website, for example. Permanent cookies can also be used for online marketing, for example.

You can disable or delete cookies in your browser settings at any time, either completely or partially. Without cookies, our online offering may no longer be available in its entirety. We ask for your consent to the use of cookies where necessary.

For cookies used to measure success and reach or for advertising, a general objection (“opt-out”) is possible for numerous services via the Networking Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

5.2 Log files
We may collect the following information for each access to our website, provided that it is transmitted by your browser to our server infrastructure or can be determined by our web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual pages accessed and amount of data transferred, last website accessed (referrer).

We store such information, which may also constitute personal data, in log files. This information is necessary in order to provide our online services in a permanent, user-friendly, and reliable manner, as well as to ensure data security and, in particular, the protection of personal data—including by third parties or with the help of third parties.

5.3 Tracking pixels
We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels—including those from third parties whose services we use—are small images that are retrieved when you visit our website. Tracking pixels can be used to collect the same information as server log files.

6. Third-party services
We may use third-party services to provide our online offering in a permanent, user-friendly, secure, and reliable manner. Such services also serve to embed content in our online offering. These services—such as hosting and storage services, video services, and payment services—require your Internet Protocol (IP) address, as they would otherwise be unable to transmit the relevant content. These services may be located outside Switzerland and the European Economic Area (EEA), including the European Union (EU), provided that adequate data protection is guaranteed.

For their own security-related, statistical, and technical purposes, third-party services may also process data related to our online offering and from other sources in an aggregated, anonymized, or pseudonymized form, including cookies, log files, and tracking pixels. Such data is not used to directly contact individuals in connection with our online offering.

6.1 Map material
We use Google Maps to embed maps in our website. Cookies are also used for this purpose. Google Maps is a service provided by the American company Google LLC. Google Ireland Limited is responsible for users in the European Economic Area (EEA) and Switzerland. Further information on the type, scope, and purpose of data processing can be found in Google's privacy and security principles and privacy policy, in the guide to data protection in Google products (including Google Maps), in the information on how Google uses data from websites that use Google services, and in the information on cookies at Google. It is also possible to object to personalized advertising.

6.2 Fonts
We use Google Fonts to embed selected fonts in our website. No cookies are used for this purpose. This is a service provided by the American company Google LLC, which is offered independently of other Google services. For users in the European Economic Area (EEA) and Switzerland, Google Ireland Limited is responsible. Further information on the type, scope, and purpose of data processing can be found in Google's privacy and security principles and in Google's privacy policy.

6.3 Measuring success and reach
We use Google Analytics to analyze how our website is used, which also allows us to measure the reach of our website and the success of third-party links to our website, for example. This is a service provided by the American company Google LLC. For users in the European Economic Area (EEA) and Switzerland, Google Ireland Limited in Ireland is responsible.

Google also attempts to track individual visitors to our website when they use different browsers or devices (cross-device tracking). Cookies are also used for this purpose. Google Analytics requires your Internet Protocol (IP) address, but this is not merged with other Google data.

In any case, we anonymize your Internet Protocol (IP) address before Google analyzes it. As a result, your full IP address is never transmitted to Google in the USA

Further information on the type, scope, and purpose of data processing can be found in Google's privacy and security principles and privacy policy, in the guide to data protection in Google products (including Google Analytics), in the information on how Google uses data from websites that use Google services, and in the information on cookies at Google. It is also possible to use the “Browser add-on to deactivate Google Analytics” and to object to personalized advertising.

7. Final provisions
We may amend and supplement this privacy policy at any time. We will provide information about such amendments and supplements in an appropriate form, in particular by publishing the current privacy policy on our website.