In this data protection declaration you will find out:
The person responsible for data processing at our company
What data we collect and process
Purposes of data processing and legal basis
Obligation to provide personal data
Duration of retention of personal data
Rights of the data subject
1. Person responsible for data processing
Corinna Kasper is responsible for the data processing that we describe here. If you have any data protection concerns, you can let us know at the following contact address:
CB Guesthouse, Via Cantonale 36, 6647 Mergoscia,email@example.com.
2. What data we collect and process
Below is an overview of the data we may collect:
De-identified and non-identifiable information that you provide during the registration process or that is collected through the use of our Services (“Non-Personal Information”). Non-personal data does not allow any conclusions to be drawn as to who collected it. Non-personal information that we collect consists primarily of technical and aggregate usage information.
Individually identifiable information, i.e. all that through which you can be identified or could be identified with reasonable effort (“personal data”). The personal information we collect through our Services includes voluntarily entered information such as names, email addresses, addresses, phone numbers, and more. If we combine personal information with non-personal information, we will treat it as personal information as long as it is in combination.
If necessary, we collect data related to the use of the website (e.g. IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of visit, pages and content accessed, functions used, referring website, location information).
We primarily process personal data that we collect as part of our business activities and the operation of our websites and apps, or that are communicated and transmitted to us by the users themselves. All personal information voluntarily submitted to us will be treated confidentially and will not be sold to third parties. We may share your information with our service providers in order to operate our services (e.g. storing data via third party hosting services, security-related matters, investigating illegal activities or other misconduct, providing technical support, etc.).
3. Purposes of data processing and legal basis
We use the personal data we collect primarily to fulfill our obligations to our customers as part of our business activities.
In addition, we process personal data, to the extent permitted and deemed appropriate to us, for the following purposes:
Offer and further development of our offers, services and websites, apps and other platforms on which we are present;
Communication with third parties and processing their inquiries (e.g. applications, media inquiries);
Examination and optimization of procedures for needs analysis for the purpose of direct customer contact;
Advertising and marketing (including the organization of events), insofar as you use it
have not objected to your data (if we send you advertising as an existing customer, you can object to this at any time);
Market and opinion research, media monitoring;
Assertion of legal claims and defense in connection with legal disputes and governmental proceedings;
Preventing and solving crimes and other misconduct (e.g. conducting internal investigations, data analysis to combat fraud);
Warranties of our operations, in particular IT, our websites, apps and other platforms;
If you have given us your consent to process your personal data for specific purposes (e.g. when you register to receive newsletters, apply, etc.), we will process your personal data within the framework and based on this consent, unless we have another legal basis and we need one. Consent given can be revoked at any time, but this has no effect on data processing that has already taken place.
User has a blog or forum
Please note that our Services enable social interactions (e.g. publicly posting content, information and comments and chatting with other users). Please be aware that any content or data you provide in these areas may be read, collected and used by other people. We advise against posting or sharing information that you do not wish to be made public. If you upload content to our Digital Assets or otherwise make it available as part of using a Service, you do so at your own risk. We cannot control the actions of other users or members of the public who have access to your data or content. You acknowledge and hereby acknowledge that copies of your data may remain accessible on cached and archived pages even after they have been deleted or after a copy/storage of your content has been created by a third party.
Cookies and similar technologies
When you visit or access our Services, we authorize third parties to use web beacons, cookies, pixel tags, scripts and other technologies and analytics services (“Tracking Technologies”). These tracking technologies may allow third parties to automatically collect your data to improve the navigation experience on our digital assets, optimize their performance and ensure a tailored user experience, as well as for security and fraud prevention purposes.
4. Obligation to provide personal data
As part of our business relationship, you must provide the personal data that is necessary for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations (you generally do not have a legal obligation to provide us with data). Without this data, we will generally not be able to enter into or process a contract with you (or the entity or person you represent). The website cannot be used if certain information to ensure data traffic (such as IP address) is not disclosed.
5. Duration of retention of personal data
We process and store your personal data for as long as it is necessary to fulfill our contractual and legal obligations or for other purposes pursued by the processing, i.e. for example for the duration of the entire business relationship (from initiation, processing to termination of a contract) as well as in accordance with the legal retention and documentation obligations. It is possible for personal data to be retained for the period in which claims can be asserted against our company and to the extent that we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidentiary and documentation purposes).
As soon as your personal data is no longer required for the purposes mentioned above, it will generally be deleted or anonymized as far as possible. For operational data (e.g. system protocols, logs), shorter retention periods of twelve months or less apply.
6. Data Security
We take appropriate technical and organizational security precautions to protect your personal data from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and access restrictions, encryption of data carriers and transmissions, controls.
7. Rights of the data subject
Within the scope of the data protection law applicable to you and to the extent provided for therein, you have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to our data processing, in particular those for direct marketing purposes.
Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to store or process certain data, have an overriding interest in doing so (to the extent that we are entitled to rely on this) or use them for the assertion of requirements. If you incur any costs, we will inform you in advance. We have already provided information about the possibility of revoking your consent in Section 3. Please note that exercising these rights may conflict with contractual agreements and this may have consequences such as early termination of the contract or cost consequences. We will inform you in advance if this is not already contractually stipulated.
The exercise of such rights generally requires that you provide clear proof of your identity (e.g. by providing a copy of your ID, where your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address given in Section 1.
Every data subject also has the right to enforce their claims in court or to file a complaint with the responsible data protection authority. The responsible data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).