Logo Art Deco Hotel Montana Book now

General conditions

2. Terms and legal bases

2.1 Terms

Personal data is any information relating to an identified or identifiable natural person. A data subject is a person about whom we process personal data.

Processing includes any handling of personal data, irrespective of the means and procedures used, such as querying, matching, adapting, archiving, retaining, reading out, announcing, procuring, recording, collecting, deleting, disclosing, arranging, organising, storing, modifying, disseminating, linking, destroying and using personal data.

The European Economic Area (EEA) comprises the member states of the European Union (EU) plus the Principality of Liechtenstein, Iceland and Norway. The General Data Protection Regulation (GDPR) refers to the handling of personal data as the processing of personal data.

2.2 Legal basis

We process personal data in accordance with Swiss data protection law such as, in particular, the Federal Act on Data Protection (FADP) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).

If and to the extent that the General Data Protection Regulation (GDPR) is applicable, we process personal data in accordance with at least one of the following legal bases:

  • Art. 6(1)(b) GDPR for the necessary processing of personal data for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract.
  • Art. 6(1)(f) GDPR for the necessary processing of personal data for the purposes of the legitimate interests pursued by the use or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Legitimate interests are, in particular, our interest in being able to carry out our activities and operations in a sustainable, user-friendly, secure and reliable manner and to communicate about them, to guarantee information security, protect against misuse, enforce our own legal claims and comply with Swiss law.
  • Art. 6(1)(c) GDPR for the necessary processing of personal data for compliance with a legal obligation to which we are subject under any applicable law of member states in the European Economic Area (EEA).
  • Art. 6(1)(e) GDPR for the necessary processing of personal data for the performance of a task carried out in the public interest.
  • Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
  • Art. 6(1)(d) GDPR for the necessary processing of personal data to protect the vital interests of the data subject or of another natural person.


3. Nature, scope and purpose

We process the personal data that is necessary to carry out our activities and operations in a sustainable, user-friendly, secure and reliable manner. Such personal data may, in particular, fall into the categories of inventory and contact data, browser and device data, content data, metadata and usage data, location data, sales data and contract and payment data.

We process personal data for the period of time necessary for the relevant purpose(s) or as required by law. Personal data whose processing is no longer necessary is anonymised or deleted.

We may have personal data processed by third parties. We may process personal data jointly with third parties or transfer it to third parties. Such third parties are, in particular, specialised providers whose services we use. We also ensure data protection with such third parties.

In principle, we only process personal data with the consent of the data subjects. If and to the extent that processing is permitted for other legal reasons, we may waive the need to obtain consent. For example, we may process personal data without consent in order to perform a contract, to comply with legal obligations or to protect overriding interests.

In this context, we process, in particular, information that a data subject voluntarily provides to us when contacting us – for example, by letter, email, instant messaging, contact form, social media or telephone – or when registering for a user account. We may store such information, for example, in an address book, in a customer relationship management (CRM) system or with comparable tools. If we receive data about other persons, the transmitting persons are obliged to ensure data protection with regard to these persons as well as to ensure the accuracy of this personal data.

We also process personal data that we receive from third parties, obtain from publicly available sources or collect in the course of our activities and operations, if and to the extent that such processing is permitted for legal reasons.


4. Applications

We process personal data about applicants to the extent that it is necessary to assess suitability for an employment relationship or to subsequently implement an employment contract. The required personal data results, in particular, from the information requested, for example in the context of a job advertisement. We also process personal data that applicants voluntarily provide or publish, in particular as part of cover letters, CVs and other application documents as well as online profiles.

If and insofar as the General Data Protection Regulation (GDPR) is applicable, we process personal data about applicants in particular in accordance with Art. 9(2)(b) GDPR.

We may allow applicants to submit their details to our talent pool to be considered for future vacancies. We may also use such information to maintain contact and provide news. If we believe that an applicant is eligible for a vacancy based on the information provided, we may inform the applicant accordingly.

We use third-party services to advertise jobs via e-recruitment and to enable and manage applications.