Book now

Data protection

Version dated 2 December 2024

Thank you for your interest in our website. Protecting your privacy and your personal data is very important to us.

This privacy policy describes how we, Europa Suites Hotel AG, Via Suot Chesas 9, CH-7512 Champfèr-St. Moritz (hereinafter “Hotel Europa”, “we” or “us”), as the operator of this website, process personal data.

Personal data is any information relating to an identified or identifiable person. This includes, for example, your name, email address, home address, telephone number or date of birth. The term ‘process’ encompasses all handling of personal data, regardless of the means and procedures applied, in particular the collection, storage, use, alteration, disclosure, archiving or destruction of personal data.

You can visit our websites and take advantage of many of our offers without having to tell us who you are. However, for some of our offers, it may be necessary for you to provide us with personal data. The personal data that we collect from you depends on the specific offer or the respective interaction with us. This data protection declaration contains more detailed information. If you decide not to provide the personal data we request, this may mean that you are unable to use certain offers or that we are unable to process your request.

1. Changes

This data protection declaration is not a final regulation. It can be adapted by us at any time by publication on this website. The current version published on this website applies.

2. Contact details

Europa Suites Hotel AG is responsible for the data processing described in this privacy policy. Inquiries from supervisory authorities and data subjects are possible by e-mail or letter post to:

Europa Suites Hotel AG
Via Suot Chesas 9
7512 Champfèr – St. Moritz
info@hotel-europa.ch

3. Data processing in general

3.1 Purposes of data processing

We process personal data in order to offer and deliver products and services, for advertising and marketing (unless you object), to enable full access to our websites, to operate, improve and further develop our websites, to analyse the use of our websites and our offers, to detect, investigate and avert attacks on our websites and our infrastructure, to communicate with you and to defend against and enforce legal claims.

These processing purposes are described in more detail and supplemented in section 4.

3.2 Legal basis for data processing

We process personal data in accordance with Swiss data protection law. In addition, we process personal data – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – on the following legal bases, which may be added to the legal bases listed in section 4:

  • Art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of personal data for which we obtain the consent of the data subject.
  • Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data necessary for the performance of a contract with the data subject and for the implementation of corresponding pre-contractual measures.
  • Art. 6 (1) (c) GDPR serves as the legal basis for the processing of personal data necessary for compliance with a legal obligation to which we are subject under any applicable law of the EU or under any applicable law of an EEA state.
  • Art. 6 (1) (d) GDPR serves as the legal basis for the processing of personal data necessary to protect the vital interests of the data subject or of another natural person.
  • Art. 6 (1) (f) GDPR serves as the legal basis for the processing of personal data necessary to safeguard the legitimate interests of us or third parties, except where such interests are overridden by the fundamental freedoms and rights or interests of the data subject. Legitimate interests include, in particular, our commercial interest in being able to provide, analyze and further develop our websites, advertising and marketing, the sale of goods and provision of services, information security, defense and enforcement of legal claims and compliance with Swiss law.

3.3 Disclosure of personal data to third parties

As part of our business activities and the processing and purposes described in this data protection declaration, we will – where permissible – transfer personal data to third parties or disclose personal data to these third parties. These third parties, which process this data for us or for their own purposes or which may become aware of it in the course of their work for us, include in particular:

  • (IT) service providers and processors employed by us (these include, for example, the providers of website hosting, newsletter distribution, analysis, social media, map and web fonts services mentioned in section 4.
  • Credit institutions for payment processing.
  • persons authorized by us (e.g. employees commissioned to process data);
  • other recipients with your permission or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship with you.

Third parties may be located in Switzerland or abroad. In principle, we only transfer personal data abroad

  1. to countries in the European Union or the European Economic Area,
  2. to countries that, according to the Federal Data Protection Commissioner or the European Commission, have an adequate level of data protection, which may also be the case based on a Privacy Shield self-certification, or
  3. 3. to countries for which we have provided appropriate safeguards, in particular by ensuring an adequate level of protection by means of standard contractual clauses of the European Commission (which can be downloaded here) or by means of recognised Binding Corporate Rules. You can request a copy of such contractual guarantees using our contact details. However, we reserve the right to redact such copies for reasons of confidentiality or to provide only excerpts.

We may also base our transfer abroad on statutory exceptions, which include, in particular, your consent, the performance of a contract with you, important grounds of public interest, the establishment, exercise or defense of legal claims or the protection of vital interests.

3.4 Duration of the retention of personal data

We process personal data for the period of time necessary to achieve the respective purposes. In addition, we process and/or store personal data in order to comply with legal storage and documentation obligations or if our legitimate business interests require it (in particular for the assertion, exercise or defense of legal claims).

Personal data is deleted or anonymized as soon as it is no longer required for the purposes of processing or storage stated in this privacy policy.

3.5 Data security

We take appropriate technical and organizational security measures to protect the personal data we process, in particular against manipulation, partial or complete loss or unauthorized access by third parties.

Access to our websites is protected by transport encryption (SSL/TLS).

3.6 Rights of data subjects

If provided for by the applicable data protection law and if the relevant conditions are met, you may have the following rights with respect to us regarding your personal data:

  1. A right to confirm as to whether we are processing your personal data and, if so, a right to information about this personal data and how it is processed.
  2. A right to rectification or erasing your personal data.
  3. A right to restrict the processing.
  4. A right to object to the processing.
  5. A right to the transferability of the personal data you have provided.
  6. A right to revoke your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. In the event of a revocation, it may not be possible for us to conclude a contract with you or to fulfil an existing contract. This may lead to premature termination of the contract or to costs.
  7. A right to complain to the relevant supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC; https://www.edoeb.admin.ch).

Please use the contact details listed in section 2 to contact us regarding your rights. We reserve the right to assert any statutory grounds for refusal or exemption. For identification purposes, we may also request additional information from you (such as a copy of a valid ID).

4. Data processing in connection with our websites

4.1 Provision and operation of the websites

When you visit our website, a range of general information is transmitted from your browser to the website hosting server and stored in log files each time you access the website.

The information collected includes, for example, your Internet Protocol address (IP address), the date and time of your visit, the referring website and the website you are heading to, your browser, operating system and Internet service provider, certain cookies (see also Section 4.6), location data and other similar information used to avert danger in the event of attacks on our information technology systems.

The purpose of processing this general information is to (a) display our website, its content and offers correctly and to ensure data traffic, (b) optimise our website, content and offers, (c) ensure the stability and security of our websites and systems in the long term, and (d) to enable the investigation, defence against and prosecution of cyber attacks, spam and other unlawful acts in relation to our websites and systems and to enforce claims in this regard. This is our legitimate interest in the processing within the meaning of Art. 6 para. 1 lit. f GDPR.

For the hosting of the website, we may use the services of third parties in Switzerland and abroad to carry out the above-mentioned processing on our behalf. Currently, our websites are hosted exclusively by Swiss hosting providers and on servers in Switzerland.

4.2 Contact forms and making contact

Our website offers you the opportunity to contact us using the contact forms or contact details provided. When you contact us using a contact form, you will be asked to provide all the necessary information that we need to process your enquiry and communicate with you. Without this necessary information, it will not be possible for us to communicate with you. We store and process the information that you enter yourself in the input forms or that you provide to us in other ways. When you contact us by email, we store the information transmitted by email. To combat abuses such as identity theft and spam in particular, we also store your IP address and the time and date of your contact.

If you use contact forms on our websites, these are encrypted. If you contact us by e-mail or provide your e-mail address in the contact form, you agree that we may also communicate with you by e-mail. Please note that our e-mail messages are not encrypted.

By contacting us, you consent to the processing of your personal data for the purpose of communicating with you and dealing with your request. Your contract establishes a legal basis for the processing in accordance with Art. 6 (1) (a) GDPR. Furthermore, our legitimate interest in the processing of data in the sense of Art. 6 para. 1 lit. f GDPR consists in communicating with you, dealing with your concerns and combating abuses. If the purpose of establishing contact is to conclude a contract, Art. 6 para. 1 lit. b GDPR provides an additional legal basis for the processing.

4.3 Cookies

We use cookies on our website. Cookies are small text files that are stored by your browser on your computer or mobile device. They are used for collecting certain information while you are navigating a website and to retrieve it during your current browser session or on future visits. Cookies enable us to recognize the browser you are using or to temporarily store the information you have entered. We also use cookies to make our services more user-friendly, effective and secure.

We distinguish between so-called “first-party cookies”, which are set by us, and so-called “third-party cookies”, which are set by third parties, such as web analysis services or social networks. We also distinguish between so-called “session cookies” and “persistent cookies” based on the duration of their existence. Session cookies store information that is used during your current browser session. They are automatically deleted when you close your browser. Persistent cookies are only deleted after a certain period of time or remain stored on your end device until you delete them. Persistent cookies make it possible, for example, to recognize your browser the next time you visit, to support the completion of forms, to store your usage settings or to display advertising and offers tailored to you. We then distinguish between necessary cookies and non-necessary cookies. Necessary cookies are required to provide our websites and the functions they contain (such as web shops). This is our legitimate interest in processing within the meaning of Art. 6 (1) point f GDPR. Most of our first-party cookies are necessary session cookies. Third-party cookies are non-necessary persistent cookies.

When you visit our website, you will be informed about the use of cookies. You have the option of agreeing to the use of all cookies or only allowing necessary cookies and thus refusing the use of persistent third-party cookies. Your consent constitutes a legal basis for the processing within the meaning of Art. 6 (1) point a GDPR. Please note that third-party cookies only become active after you have given your consent to the use of all cookies. You can also set your browser to prevent the setting of cookies and thus permanently object to the setting of cookies. You can then delete cookies that have already been set in your browser. You can usually also configure your browser so that you are informed when cookies are set.

If you disable cookies in your browser or only consent to the use of essential cookies, this may limit the functionality of our websites. However, with a few exceptions, the content of our websites can generally be accessed.

4.4 Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Ireland Limited. If the data controller for this website is located outside the European Economic Area or Switzerland, Google Analytics data processing is carried out by Google LLC. Google LLC and Google Ireland Limited are hereinafter referred to as “Google”.

The statistics obtained help us to improve our offering and make it more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. If you have a Google user account, you can disable the cross-device analysis of your usage in the settings under “My data”, “Personal data”.

The legal basis for the use of Google Analytics is Art. 6 (1) (1) (f) GDPR. The IP address transmitted by your browser in the context of Google Analytics is not associated with any other data held by Google. We would like to point out that on this website Google Analytics has been extended by the code ‘_anonymize Ip();’ in order to ensure an anonymized collection of IP addresses. This means that IP addresses are further processed in abbreviated form, thus excluding the possibility of personal references. Insofar as the data collected about you is personally identifiable, this is therefore immediately excluded and the personal data is thus promptly deleted.

Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity and to provide other services regarding website activity and Internet usage for the website operator. For the exceptional cases in which personal data is transmitted to the USA, Google has submitted to the EU-US Data Privacy Framework, https://www.dataprivacyframework.gov/s/us-businesses

Google Analytics uses cookies. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. You can also disable the use of Google Analytics via the following link: Disable Google Analytics. This stores an opt-out cookie on your data carrier, which prevents the processing of personal data by Google Analytics. Please note that if you delete all cookies on your end device, these opt-out cookies will also be deleted, i.e. you will have to set the opt-out cookies again if you wish to continue to prevent this form of data collection. The opt-out cookies are set per browser and computer/end device and must therefore be set for each browser, computer or other end device.

4.5 Google Tag Manager

Google Tag Manager is a solution that allows us to manage so-called website tags through a single interface and thus integrate Google Analytics and other Google marketing services into our online offering, for example. The Tag Manager itself, which implements the tags, does not process any personal user data. Please refer to the following information about Google services for details about how users’ personal data are processed. Terms of use: https://www.google.com/intl/en/tagmanager/use-policy.html.

4.6 Web fonts

Our website uses so-called web fonts. Web fonts enable a uniform display of fonts on our websites without the corresponding fonts having to be installed on your end device. This is our legitimate interest in the processing within the meaning of Art. 6 (1) point f GDPR.

We use web fonts provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). When you visit our websites, your browser connects to Google’s servers and loads the required web fonts into your browser cache. In doing so, Google learns that your IP address has been used to access one of our websites.

If your browser does not support web fonts, a standard font will be displayed by your computer instead. Further information about Google Web Fonts and data processing by Google can be found at https://developers.google.com/fonts/faq and at www.google.com/privacypolicy.html.

4.7 Facebook

Our website includes plugins from the social network Facebook, provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You can recognize the Facebook plugins on our website by the Facebook logo or the ‘Like’ button. You can find an overview of the Facebook plugins here.

When you visit our pages, the plug-in establishes a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook ‘Like’ button while you are logged into your Facebook account, you can link the contents of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the data transmitted or how Facebook uses it. For more information, please refer to Facebook’s privacy policy at https://de-de.facebook.com/policy.php.

If you do not want Facebook to be able to assign visits to our pages to your Facebook user account, please log out of your Facebook user account.

4.8 Instagram

We use features of the social media network Instagram, operated by Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA, on our website. We can display images and videos using the features for embedding Instagram content (embed function).

When you access pages that use such functions, data (IP address, browser data, date, time, cookies) is transmitted to Instagram, stored and evaluated. If you have an Instagram account and are logged in, this data is assigned to your personal account and the data stored in it.

The privacy policy, what information Instagram collects and how it is used can be found at https://help.instagram.com/519522125107875.

4.9 Newsletter

You can subscribe to free e-mail newsletters on our websites. We store and process the information that you enter yourself in the input mask during registration. You will be asked to enter all the necessary information. Without this information, we will not be able to send you the newsletter. To combat abuses, such as identity theft and spam in particular, we also store your IP address and the time and date of registration.

By registering, you give us your consent to process the information you have provided for the purpose of sending the newsletter, as well as to evaluate your usage behavior and optimise the newsletter. Your consent constitutes a legal basis for the processing in accordance with Art. 6 (1) (a) GDPR. You can unsubscribe from the newsletter at any time via a link contained in the newsletter. Your email address will be deleted from our newsletter distribution list immediately after you unsubscribe.

We may use the services of third parties in Switzerland and abroad to send the newsletter and may pass on your personal data to these third parties for this purpose. We send our newsletters via the distribution platform of the service provider The Rocket Science Group LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (‘MailChimp’). Please note that your personal data is usually transferred to a MailChimp server in the USA and stored there. In order to protect your personal data in the United States, we have entered into a data processing agreement with MailChimp based on the standard contractual clauses of the European Commission to enable the transfer of your personal data to MailChimp. If you are interested, this data processing agreement can be viewed at the following Internet address: http://mailchimp.com/legal/forms/data-processing-agreement/. In addition, The Rocket Science Group LLC d/b/a MailChimp has received self-certification under the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield.

Our newsletters may, to the extent permitted, contain graphics and/or web links that record on a personal basis whether, when and how often an individual newsletter has been opened in an e-mail application and which web links have been clicked on. Such graphics and/or web links record the use of newsletters to ensure quality and enable improvements to the newsletter. This is our legitimate interest in the processing within the meaning of Art. 6 para. 1 lit. f GDPR. You can block the setting of such graphics and/or web links in your e-mail application.

5. Content and links to other websites

We endeavour to ensure that the information on our websites is correct, but we do not accept any obligation to ensure this, nor do we guarantee that the content is complete, correct and up to date and/or that the websites or their content will remain accessible. Our websites contain links to other websites. We do not accept any responsibility for the content of linked websites or for their data protection standards. To the extent permitted by law, we disclaim all liability to you or any third party for any loss or damage arising out of the use or inability to use our websites or reliance on content on our websites or external websites and content that link to our websites or which are linked to or from our websites by means of links or otherwise.

Book now
Book now