Data Protection Policy
Andermatt Swiss Alps AG, Gotthardstrasse 2, 6490 Andermatt is the operator of the website www.andermatt-swissalps.ch and is thus responsible for the collection, processing, and use of your personal data and for the compatibility of data processing with applicable data protection law.
Data protection pursuant to the legal bases
Because your trust is important to us, we take data protection very seriously and pay special attention to security. We comply with the statutory provisions of the Swiss Federal Act on Data Protection (Bundesgesetz über den Datenschutz, DSG), the Swiss Ordinance to the Federal Act on Data Protection (Verordnung zum Bundesgesetz über den Datenschutz, VDSG), the Swiss Telecommunications Act (Fernmeldegesetz, FMG), and all other applicable data protection provisions of Swiss or EU law, including the EU General Data Protection Regulation (GDPR). We ask that you take note of the following information so that you will know what personal data we collect from you and the purposes for which we use them.
A. Data processing in connection with our website
1. Using our website
When our website is visited, our servers temporarily store each access in a log file. In the process, as is generally the case with any connection with a web server, the following technical data are collected and then stored by us until they are automatically deleted:
the IP address of the computer submitting the request
the name of the owner of the IP address range
the date and time of access
the website from which our website is being accessed
the name and URL of the retrieved file
the status code
the operating system
the browser that you are using
the transmission protocol being used
if applicable, your username from a registration/authentication
These data are collected and processed for the purpose of facilitating the use of our website, ensuring continuous system security and stability, and facilitating the optimisation of our website, as well as for statistical purposes.
In addition, in the event of attacks on the network infrastructure or other unauthorised use or misuse of our website, the IP address is analysed together with other data for the purpose of investigation and defence and, if necessary, is also used in connection with criminal proceedings for the purpose of identifying the user in question and holding him or her civilly or criminally liable. This is to be considered our legitimate interest in data processing within the meaning of Article 6(1)(f) GDPR.
2. Use of our contact form
You have the ability to contact us by using the contact form. To do so, we require the following information:
First and last name
We use these data only in order to be able to respond to your contact enquiry as best as possible and in a personalised manner. The processing of these data is therefore necessary in order to take steps prior to entering into a contract or is to be considered our legitimate interest within the meaning of Article 6(1)(f) GDPR.
3. Subscription to our newsletter
On our website, you have the ability to subscribe to our newsletter. In order to do so, registration is necessary. In connection with registration, the following data must be provided:
First and last name
The foregoing details are necessary for data processing. In addition, you may voluntarily provide additional data. We process these data solely in order to personalise the information and offers that we send you and to tailor them better to your interests.
By registering, you grant us your consent to the processing of the provided data for sending regular newsletters to you at the address you provided and for the statistical analysis of user behaviour, as well as for optimising the newsletter. This consent constitutes the legal basis for the processing of your email address within the meaning of Article 6(1)(a) GDPR. We are entitled to engage third parties for technical implementation of promotional activities and to disclose your data to them for this purpose (see Clause 11).
At the end of each newsletter, you will find a link through which you can unsubscribe to the newsletter at any time. When unsubscribing, you can voluntarily notify us of the reason for doing so. After unsubscribing, your personal data will be erased. They will continue to be processed only in anonymised form in order to optimise our newsletter.
4. Booking on the website, by correspondence, or by phone
If you make bookings on our website, by correspondence (email or postal mail), or by phone, we require the following data in order to process the contract:
First and last name
Date of birth
Credit card information
We will use these data and other information voluntarily provided by you (e.g. expected arrival time, vehicle number plate, preferences, comments) only for processing the contract, unless this Data Protection Policy specifies otherwise or you have not given your separate consent for this purpose. We will process the data particularly in order to record your booking in accordance with your wishes, to provide the booked services, to contact you in the event that something is unclear or problems arise, and to ensure correct payment.
The legal basis for data processing for this purpose is the performance of a contract pursuant to Article 6(1)(b) GDPR.
Among many other things, cookies help to make your visit to our website easier, more convenient, and more meaningful. Cookies are information files that your web browser automatically stores on your computer’s hard drive when you visit our website.
Most internet browsers automatically accept cookies. However, you can configure your browser in such a way that no cookies are stored on your computer or that a message is displayed when you receive a new cookie. Complete deactivation of cookies may mean that you will be unable to use all features of our website.
6. Tracking tools
a. In general
We use the web analysis service of Google Analytics for the purpose of designing our website in line with demands and optimising it on a continual basis. In this regard, pseudononymised user profiles are created, and small text files are used, which are stored on your computer (“cookies”). The information generated by the cookie about your use of this website is transmitted to servers of the providers of these services, where it is stored and processed for us. In addition to the data listed under Clause 1, we receive the following information under certain circumstances:
navigation path that a visitor travels to reach the website,
time spent on the website or a subpage
the country, region, or city from which access takes place,
returning or new visitor
The information is utilised in order to analyse the use of the website, compile reports about website activities, and provide other services associated with website use and internet use for the purposes of market research and designing this website in line with demands. In some cases, this information is also transmitted to third parties if this is required by law or these data are processed on behalf of another.
b. Google Analytics
The provider of Google Analytics is Google Inc., a subsidiary of the holding company Alphabet Inc. with headquarters in the U.S. By activation of IP anonymisation on this website (anoymizeIP), the IP address is shortened within the Member States of the European Union or in other Contracting States of the Agreement on the European Economic Area prior to transmission of the data to the provider. Only in exceptional cases is the full IP address transferred to a Google server in the U.S. and shortened there. In these case, we ensure through contractual guarantees that Google Inc. maintains an adequate level of data protection. According to Google Inc., the IP address is never associated with other data relating to the user.
You can find further information about the web analysis service we use on the website of Google Analytics.
c. Data protection provisions concerning the application and use of Google Remarketing
Andermatt Swiss Alps AG has integrated the services of Google Remarketing on this website. Google Remarketing is a feature of Google AdWords, which enables a company to have advertising displayed to those internet users who have previously visited the company’s website. The integration of Google Remarketing thus permits a company to create user-specific advertising and consequently to have advertising displayed to the internet user that is relevant to his or her interests.
Google Remarketing is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google Remarketing is to display advertising relevant to the user’s interests. Google Remarketing enables us to display advertising through the Google advertising network, or to have it displayed on other websites, that is tailored to the individual needs and interests of internet users.
Google Remarketing sets a cookie on the data subject’s IT system. An explanation of cookies was provided above. The setting of the cookie enables Google to recognise the visitor to our website when he or she thereafter visits websites that are also members of the Google advertising network. Each time a website is accessed on which the Google Remarketing service has been integrated, the internet browser of the data subject automatically notifies Google. As part of this technical process, Google obtains knowledge of personal data, such as the user’s IP address or surfing behaviour, which it uses to display advertising relevant to the user’s interests, among other things.
The cookie is used to store personal information, such as the websites visited by the data subject. Accordingly, each time our website is visited, personal data, including the IP address of the internet connection used by the data subject, are transferred to Google in the United States. These personal data are stored and processed by Google in the United States. In some cases, these personal data, which are collected through the technical process, are disclosed by Google to third parties.
As described above, the data subject may at any time prevent our website from setting cookies by appropriately configuring the web browser being used and thereby permanently refuse the setting of cookies. Such a configuration of the web browser being used would also prevent Google from setting a cookie on the data subject’s IT system. Moreover, a cookie that has already been set by Google may at any time be deleted through the web browser or other software programs.
In addition, the data subject may object to receiving advertising from Google relevant to his or her interests. To do so, the data subject must visit this link with each web browser he or she uses and select the desired settings there.
Further information and the applicable data protection provisions of Google can be viewed on the website of Google.
c. Data protection provisions concerning the application and use of Google AdWords
Andermatt Swiss Alps AG has integrated the services of Google AdWords on this website. Google AdWords is a service for internet advertising that permits advertisers to place advertisements both in Google search engine results and in the Google advertising network. Google AdWords enables an advertiser to specify keywords in advance, by means of which an advertisement is displayed in Google search engine results only if the user clicks on a keyword-relevant search result with the search engine. In the Google advertising network, advertisements are distributed to topic-relevant websites by means of an automated algorithm, taking into account the previously specified keywords.
Google AdWords is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
We use Google AdWords in order to promote our website through the displaying of relevant advertising on the websites of other companies and in the results returned by Google’s search engine and through the displaying of third-party advertising on our website.
If a data subject reaches our website through a Google advertisement, Google sets what is known as a “conversion cookie” on the data subject’s IT system. An explanation of cookies was provided above. A conversion cookie loses its validity after 30 days, and it is not used to identify the data subject. If the conversion cookie has not yet expired, it tracks whether certain subpages on our website have been accessed, such as the shopping cart for our online store. The conversion cookie enables both us and Google to track whether a sale was generated by the data subject who reached our website through a Google AdWords advertisement, i.e. whether or not he or she made a purchase.
Google uses the data and information collected through the use of the conversion cookie in order to compile visitor statistics for our website. We then use these visitor statistics in order to determine the total number of users who reached us through AdWords advertisements, i.e. in order to determine the success or failure of the relevant AdWords advertisement and to optimise AdWords advertisements for the future. Google does not provide our company or other advertising customers of Google AdWords with information that could be used to identity the data subject.
The conversion cookie is used to store personal information, such as the websites visited by the data subject. Accordingly, each time our website is visited, personal data, including the IP address of the internet connection used by the data subject, are transferred to Google in the United States. These personal data are stored and processed by Google in the United States. In some cases, these personal data, which are collected through the technical process, are disclosed by Google to third parties.
As described above, the data subject may at any time prevent our website from setting cookies by appropriately configuring the web browser being used and thereby permanently refuse the setting of cookies. Such a configuration of the web browser being used would also prevent Google from setting a conversion cookie on the data subject’s IT system. Moreover, a cookie that has already been set by Google AdWords may at any time be deleted through the web browser or other software programs.
In addition, the data subject may object to receiving advertising from Google relevant to his or her interests. To do so, the data subject must visit this AdWords link with each web browser he or she uses and select the desired settings there. Further information and the applicable data protection provisions of Google can be viewed on the website of Google.
B. Data processing in connection with your stay
7. Data processing for the purpose of fulfilling the statutory reporting obligation
When you arrive at one of our lodgings, we require the following information from you and, if applicable, the persons accompanying you:
First and last name
Date of birth
Place of birth
Official identity document
Day of arrival and departure
Name of the lodging
We collect this information for the purpose of fulfilling the statutory reporting obligation, particularly as required by hospitality and police law. To the extent that we are obligated to do so in accordance with the applicable provisions, we forward this information to the responsible police authority.
The fulfilment of legal requirements is to be considered our legitimate interest within the meaning of Article 6(1)(f) GDPR.
8. Recording of services purchased
To the extent that you purchase additional services in the course of your stay, the nature of the service and the time at which it is purchased are recorded by us for billing purposes. The processing of these data is necessary for the purpose of performing the contract with us within the meaning of Article 6(1)(b) GDPR.
C. Storage and exchange of data with third parties
9. Booking platforms
If you make bookings on a third-party platform, we receive various personal information from the platform operator. This normally involves the data listed in Clause 5 of this Data Protection Policy. In addition, enquiries about your booking may be forwarded to us in some cases. We process these data particularly in order to record your booking in accordance with your wishes and to provide the booked services. The legal basis for data processing for this purpose is the performance of a contract pursuant to Article 6(1)(b) GDPR.
Finally, we may be informed by the platform operators about disputes in connection with a booking. In this regard, we might obtain data about the booking procedure, which may include a copy of the booking confirmation as proof of the actual finalisation of the booking. We process these data for the purpose of preserving and enforcing our claims. This is to be considered our legitimate interest within the meaning of Article 6(1)(f) GDPR.
Please also take note of the references concerning data protection by the respective provider.
10. Retention period
We store personal data only for as long as is necessary for using the above-mentioned tracking services and further processing in connection with our legitimate interest. Contract data are stored by us for a longer period, since this is required by statutory retention duties. Retention duties that obligate us to retain data result from the requirements of reporting law and accounting, as well as from tax law. In accordance with these requirements, business communications, concluded contracts, and booking receipts must be retained for a period of up to 10 years. If we no longer need these data for performing the services for you, they are blocked. This means that the data may then be used only for accounting and tax purposes.
11. Disclosure of data to third parties
We disclose your personal data only if you have expressly consented to it, if there is a statutory obligation to do so, or if this is necessary for the purpose of enforcing our rights, including the enforcement of claims under the contractual relationship. In addition, we disclose your data to third parties if this is necessary in connection with use of the website or for contract performance, particularly the processing of your bookings.
One service provider to which personal data collected through this website are disclosed and that has or may have access to them is our web host (Aronet, Willisau). The website is hosted on servers in Switzerland. Data are disclosed for the purpose of providing the features of our website and maintaining them. This is to be considered our legitimate interest within the meaning of Article 6(1)(f) GDPR.
Finally, when you make payments on the website by credit card, we disclose your credit card information to your credit card issuer as well as to the credit card acquirer. If you decide to pay by credit card, you will be asked to enter all mandatory information. The legal basis for data processing for this purpose is the performance of a contract pursuant to Article 6(1)(b) GDPR.
12. Transmission of personal data abroad
We are also entitled to transfer your personal data to third-party companies outside of Switzerland for the purpose of the data processing described in this Data Protection Policy. These companies are obligated to protect data to the same extent that we are. If the level of data protection in a country does not correspond to that in Switzerland or the EU, we ensure by contract that the protection of your personal data corresponds to that in Switzerland or the EU.
D. Further information
13. Right of access, rectification, erasure, and restriction of processing, right to data portability
Upon request, you have the right to access the personal data that we are storing about you. In addition, you have the right to rectification of inaccurate data and the right to erasure of your personal data, other than where a statutory retention obligation exists or we have permission to process the data.
Moreover, you have the right to demand that we return to you the data that you have provided to us (right to data portability). Upon request, we also will transfer the data to a third party of your choice. You have the right to receive the data in a commonly used format.
You can reach us at MLL EU-GDPR GmbH, Ganghoferstrasse 33, 80339 Munich, Germany or by email for the aforementioned purposes. If we so choose, we may require proof of identity for processing your request.
We do not wish to collect any personal data of minors. However, we are not always able to verify the age of those who visit and use our website. If a minor transmits his or her data to us without the permission of his or her parent or guardian, we ask the parent or guardian to contact us so that these data can be erased and the minor will no longer receive any advertising material from us in the future.
15. Data security
We make use of appropriate technical and organisational security measures in order to protect your data that are stored with us against manipulation, total or partial loss, and unauthorised access by third parties. Our security measures are continuously improved in keeping with technological developments.
You should always keep your log-in data confidential and close the browser window once you end communication with us, particularly where you share the computer with others.
16. Notice concerning the transmission of data to the United States
For reasons of completeness, we make users with a place of residence or domicile in Switzerland aware of the fact that authorities in the U.S. employ surveillance measures that generally make it possible to store all personal data of all persons whose data were transmitted from Switzerland to the U.S. This takes place without differentiation, restriction, or exception on the basis of the aim pursued and without an objective criterion that makes it possible to restrict the access of U.S. authorities to data and their subsequent use to very specific, strictly limited purposes that are capable of justifying the intrusion associated both with the access to these data and with their use. We also make users aware of the fact that no legal remedies are available in the U.S. for data subjects from Switzerland that enable them to access the data concerning them and to obtain their rectification or erasure and that there is no effective judicial protection against general intrusions by U.S. authorities. We make data subjects explicitly aware of this legal and factual situation in order to allow them to make a correspondingly informed decision concerning consent to the use of their data.
We make users with a place of residence in a Member State of the EU aware of the fact that in the opinion of the European Union – among other things, owing to the issues mentioned in this section – the U.S. does not afford an adequate level of data protection. To the extent that we have explained in this Data Protection Policy that recipients of data (such as Google) are domiciled in the U.S., we will ensure either through contractual arrangements with these companies or through ascertaining the certification of these companies under the EU-US and Swiss-US Privacy Shield that your data are subject to an appropriate level of protection by our partners.
17. Social plug-ins of Facebook
18. Social plug-ins of Twitter
19. Social plug-ins of Instagram
We use social plug-ins of Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA. The plug-ins are identified with an Instagram logo, for example in the form of an “Instagram camera”. If you visit a page on our website that contains such a plug-in, your browser generates a direct connection to Instagram servers. The content of the plug-in is transmitted by Instagram directly to your browser and is embedded in the page. Through such embedding, Instagram receives information that your browser has accessed the corresponding page on our website even if you do not have an Instagram profile or are currently not logged in to Instagram. This information (including your IP address) is transmitted by your browser directly to an Instagram server in the U.S. and stored there. If you are logged in to Instagram, Instagram can directly allocate the visit to our website to your Instagram account. If you interact with the plug-ins, such as by clicking on the “Instagram” button, this information is likewise directly transmitted to an Instagram server and stored there. In addition, the information is published on your Instagram account and displayed there to your contacts. For more information about the purpose and scope of data collection and the further processing and use of the data by Instagram, as well as your rights and configuration options in this respect in order to protect your privacy, please see Instagram’s data policy. If you do not wish to allow Instagram to allocate the data collected through our website to your Instagram account, you must log out of Instagram prior to visiting our website. You can also completely block the loading of Instagram plug-ins with add-ons for your browser, e.g. with the script blocker “NoScript”.
20. Social plug-ins of YouTube
21. Social plug-ins of Pinterest
22. Our contact information
If you have questions or concerns about the processing of your personal data, please contact us by email or postal mail.
MLL EU-GDPR GmbH,
DE - 80339 München