Logo Art Deco Hotel Montana Book now

Personal data and user rights

5. Personal Data Abroad

In principle, we process personal data in Switzerland and in the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, in particular in order to process them or have them processed there.

We may export personal data to all states and territories on Earth as well as elsewhere in the universe, provided that the law there ensures adequate data protection in accordance with the decision of the Swiss Federal Council and – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – in accordance with the decision of the European Commission.

We may transfer personal data to countries whose law does not ensure adequate data protection, provided that data protection is guaranteed for other reasons, in particular on the basis of standard data protection clauses or with other appropriate guarantees. By way of exception, we may export personal data to countries without adequate or appropriate data protection if the specific requirements under data protection law are met, such as the express consent of the data subjects or a direct connection with the conclusion or performance of a contract. We will be happy to provide information on any guarantees to data subjects on request or provide a copy of any guarantees.


6. Rights of Data Subjects

6.1 Data protection rights

We grant data subjects all rights under applicable data protection law. Data subjects have the following rights in particular:

  • Information: Data subjects can request information as to whether we process personal data about them and, if so, what personal data is involved. Data subjects shall also receive the information necessary to assert their claims under data protection law and to ensure transparency. This includes the personal data processed as such, but also, among other things, information on the purpose of processing, the duration of storage, any disclosure or export of data to other countries and the origin of the personal data.
  • Correction and restriction: Data subjects can have inaccurate personal data corrected, incomplete data completed and the processing of their data restricted.
  • Erasure and right to object: Data subjects can have personal data deleted ("right to be forgotten") and object to the processing of their data with effect for the future.
  • Data portability and data transmission: Data subjects may request the receipt of their personal data or the transfer of their data to another data controller.

We may suspend, restrict or refuse the exercising of data subjects' rights to the extent permitted by law. We can point out to data subjects any requirements they may have to fulfil in order to exercise their rights under data protection law. We may, for example, refuse to provide information in whole or in part on the grounds of commercial confidentiality or the protection of others. We may also, for example, refuse to erase personal data in whole or in part with reference to statutory retention obligations.

We may exceptionally provide for costs for the exercising of the rights. We will inform data subjects in advance about any costs.

We are obliged to take reasonable steps to identify data subjects who request information or assert other rights. Data subjects are obliged to cooperate.

6.2 Right to object

Data subjects have the right to enforce their data protection claims through legal channels or to lodge a complaint with a competent data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

If and to the extent that the General Data Protection Regulation (GDPR) is applicable, data subjects have the right to lodge a complaint with a competent European data protection supervisory authority.


7. Data Security

We take suitable technical and organisational measures to ensure data security appropriate to the respective risk. However, we cannot guarantee absolute data security.

Access to our website is via transport encryption (SSL/TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated as HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.

Our digital communications – like all digital communications in principle – are subject to mass surveillance without cause or suspicion and other surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA) and other countries. We cannot directly influence the corresponding processing of personal data by secret services, police agencies and other security authorities.


8. Use of the Website

8.1 Cookies

We may use cookies. Cookies – our own cookies (first-party cookies) as well as cookies from third parties whose services we use (third-party cookies) – are data that are stored in the browser. Such stored data need not be limited to traditional cookies in text form.

Cookies can be stored in the browser temporarily as "session cookies" or for a certain period of time as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage period. In particular, cookies make it possible to recognise a browser the next time it visits our website and thus, for example, measure the reach of our website. However, permanent cookies can also be used for online marketing, for example.

Cookies can be completely or partially deactivated and deleted at any time in the browser settings. Without cookies, our website may no longer be fully available. We actively request – at least if and to the extent necessary – explicit consent to the use of cookies.

For cookies used for performance and reach measurement or for advertising, a general objection ("opt-out") is possible for many services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

8.2 Server log files

We may collect the following information for each access to our website, provided that this information is transmitted by your browser to our server infrastructure or can be determined by our web server: Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed including amount of data transferred, website last accessed in the same browser window (referrer).

We store such information, which may also constitute personal data, in server log files. The information is required in order to provide our website in a permanent, user-friendly and reliable manner and to be able to ensure data security and thus, in particular, the protection of personal data – also by third parties or with the help of third parties.

8.3 Tracking pixels

We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – also from third parties whose services we use – are small, usually invisible images that are automatically retrieved when you visit our website. Tracking pixels can be used to collect the same information as server log files.