With this Privacy Policy, we inform you about the personal data we process in connection with our activities and operations including our hotelschlossragaz.ch website. In particular, we inform you about the purposes, methods, and locations of our personal data processing activities. We also inform you about the rights of individuals whose data we process.
For certain or additional activities and operations, further privacy policies and other legal documents such as General Terms and Conditions (GTC), Terms of Use, or Participation Terms may apply.
We are subject to Swiss data protection law and any applicable foreign data protection law, such as the European Union's (EU) General Data Protection Regulation (GDPR).
The European Commission recognized in its decision of July 26, 2000, that Swiss data protection law ensures adequate data protection. In its report of January 15, 2024, the European Commission confirmed this adequacy decision.
1. Contact Addresses
Responsibility for the processing of personal data:
Hotel Schloss Ragaz AG
Schloss-Strasse 1
7310 Bad Ragaz
In individual cases, other responsible parties for the processing of personal data or joint responsibility with at least one other responsible party may exist.
Data Protection Officer or Data Protection Advisor
We have the following Data Protection Officer or Data Protection Advisor as a contact point for affected individuals and authorities for inquiries related to data protection:
Patrick Zettel
Hotel Schloss Ragaz AG
Schloss-Strasse 1
7310 Bad Ragaz
2. Terms and Legal Basis
2.1 Terms
Personal Data is all information relating to an identified or identifiable natural person.
Particularly Sensitive Personal Data includes data on union membership, political, religious, or ideological views and activities, data on health, intimacy, or ethnicity, genetic data, biometric data that uniquely identify a natural person, data on criminal and administrative sanctions or prosecutions, and data on social assistance measures.
Processing encompasses any handling of personal data, regardless of the means and procedures used, such as querying, comparing, modifying, archiving, storing, reading, disclosing, acquiring, recording, collecting, deleting, disclosing, organizing, organizing, storing, modifying, disseminating, linking, destroying, and using personal data.
An affected person is a natural person whose personal data we process.
The European Economic Area (EEA) includes the member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.
The General Data Protection Regulation (GDPR) refers to the processing of personal data as processing personal data and the processing of particularly sensitive personal data as processing special categories of personal data (Art. 9 GDPR).
We process personal data in accordance with Swiss data protection law, especially the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).
We process personal data – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – based on at least one of the following legal grounds:
We process the personal data necessary to carry out our activities and operations permanently, user-friendly, securely, and reliably. Such personal data may particularly fall into the categories of inventory and contact data, browser and device data, content data, metadata and marginal data, usage data, location data, sales data, as well as contract and payment data.
We process personal data for the duration necessary for the respective purpose or purposes or as required by law. Personal data that is no longer necessary is anonymized or deleted.
We may have personal data processed by third parties. We may process personal data jointly with third parties or transfer it to third parties. Such third parties are, in particular, specialized providers whose services we use. We ensure data protection even with such third parties.
We generally process personal data only with the consent of the affected persons. Insofar as and to the extent that processing is permitted for other legal reasons, we may waive obtaining consent. For example, we may process personal data without consent to fulfill a contract, comply with legal obligations, or safeguard overriding interests.
We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, insofar as and to the extent that such processing is legally permissible.
We process personal data to be able to communicate with third parties. In this context, we particularly process data that an affected person provides when contacting us, for example, by mail or email. We may store such data in an address book or similar tools.
Third parties who transmit data about other persons are obliged to ensure data protection vis-à-vis such affected persons. This includes ensuring the accuracy of the transmitted personal data.
We use selected services from suitable providers to improve communication with third parties.
We take appropriate technical and organizational measures to ensure a level of data security appropriate to the respective risk. Our measures ensure the confidentiality, availability, traceability, and integrity of processed personal data, though absolute data security cannot be guaranteed.
Access to our website and other online presence is made using transport encryption (SSL / TLS, particularly with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a small padlock in the address bar.
Our digital communication is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, other parts of Europe, the United States of America (USA), and other countries – just as all digital communication generally is. We have no direct influence on the processing of personal data by intelligence agencies, police departments, and other security authorities. We also cannot rule out that individual affected persons may be specifically monitored.
We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transmit personal data to other countries, particularly for processing or having it processed there.
We may export personal data to all states and territories on Earth as well as elsewhere in the universe, provided the law in those places ensures adequate data protection according to a decision by the Swiss Federal Council or, if applicable, according to a decision by the European Commission.
We may transfer personal data to countries whose law does not ensure adequate data protection, provided data protection is guaranteed for other reasons, particularly based on standard data protection clauses or other suitable safeguards. Exceptionally, we may export personal data to countries without adequate or appropriate data protection if the specific data protection requirements are met, such as the explicit consent of the affected persons or a direct connection with the conclusion or performance of a contract. We are happy to provide affected persons with information about any guarantees or supply a copy of any guarantees upon request.
We grant affected persons all rights to which they are entitled under applicable data protection law. Affected persons have the following rights, in particular:
We may postpone, restrict, or refuse the exercise of the rights of affected persons within the legally permissible framework. We may inform affected persons about any conditions that need to be met to exercise their data protection rights. For example, we may refuse to provide information with reference to trade secrets or to protect other persons entirely or partially. We may also refuse to delete personal data, for example, by referring to legal retention obligations.
We may charge a fee for the exercise of rights in exceptional cases. We will inform affected persons in advance about any potential costs.
We are obliged to identify affected persons who request information or assert other rights with reasonable measures. Affected persons are required to cooperate.
Affected persons have the right to enforce their data protection claims through legal means or to file a complaint with a competent data protection supervisory authority.
The data protection supervisory authority for complaints from affected persons against private entities and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
European data protection supervisory authorities for complaints from affected persons – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – are organized as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), data protection supervisory authorities are federally structured, particularly in Germany.
We may use cookies. Cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data does not necessarily have to be limited to traditional text-form cookies.
Cookies can be stored in the browser temporarily as "session cookies" or for a certain period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies make it possible, in particular, to recognize a browser on the next visit to our website and thereby, for example, measure the reach of our website. However, permanent cookies can also be used for online marketing.
Cookies can be deactivated and deleted entirely or partially at any time in the browser settings. Without cookies, our website may no longer be fully available. We request explicit consent for the use of cookies – at least as far as required.
For cookies used for success and reach measurement or advertising, a general objection ("opt-out") is possible via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
We may log the following information for each access to our website and other online presence, provided these are transmitted to our digital infrastructure: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, the specific sub-page of our website accessed including data volume transmitted, the last website accessed in the same browser window (referrer).
We log such information, which may also include personal data, in log files. The information is necessary to provide our online presence permanently, user-friendly, and reliably. The information is also necessary to ensure data security – even by third parties or with the help of third parties.
We may embed counting pixels in our online presence. Counting pixels are also referred to as web beacons. Counting pixels – even those from third parties whose services we use – are usually small, invisible images or scripts formulated in JavaScript that are automatically retrieved when accessing our online presence. With counting pixels, at least the same information as in log files can be recorded.
We send notifications and communications by email and other communication channels such as instant messaging or SMS.
Notifications and communications may contain web links or counting pixels that record whether a single communication was opened and which web links were clicked. Such web links and counting pixels may also record the use of notifications and communications on a personal basis. We need this statistical recording of usage to measure success and reach, to send notifications and communications effectively and user-friendly, as well as permanently, securely, and reliably based on the needs and reading habits of the recipients.
You must generally consent to the use of your email address and other contact addresses unless the use is permissible for other legal reasons. For obtaining double-confirmed consent, we may use the "Double Opt-in" procedure. In this case, you will receive a notification with instructions for double confirmation. We may log consents obtained, including IP address and timestamp, for evidence and security reasons.
You can generally object to receiving notifications and communications such as newsletters at any time. By objecting, you can also simultaneously object to the statistical recording of usage for success and reach measurement. Required notifications and communications related to our activities and operations are exempt.
We send notifications and communications with the help of specialized service providers.
We use in particular:
We are present on social media platforms and other online platforms to communicate with interested parties and inform about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).
The general terms and conditions (GTC) and terms of use, as well as privacy policies and other provisions of the respective operators of such platforms, also apply. These provisions inform, in particular, about the rights of affected persons directly vis-à-vis the respective platform, which includes the right to information.
For our social media presence on Facebook including so-called Page Insights, we are – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta Companies (including in the USA). Page Insights provide insights into how visitors interact with our Facebook presence. We use Page Insights to make our social media presence on Facebook effective and user-friendly.
Further information on the type, scope, and purpose of data processing, information on the rights of affected persons, and contact information for Facebook as well as Facebook's Data Protection Officer can be found in the Facebook Privacy Policy. We have concluded the so-called "Controller Addendum" with Facebook, which particularly stipulates that Facebook is responsible for ensuring the rights of affected persons. For Page Insights, the relevant information can be found on the page "Information about Page Insights" including "Information about Page Insights Data".
11. Services from Third Parties
We use services from specialized third parties to carry out our activities and operations permanently, user-friendly, securely, and reliably. With such services, we can, among other things, embed functions and content into our website. When embedding such services, the services used must at least temporarily collect the IP addresses of users for technical reasons.
For required security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. These may include performance or usage data necessary to provide the respective service.
We use in particular:
11.1 Digital Infrastructure
We use services from specialized third parties to utilize the required digital infrastructure in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.
We use in particular:
11.2 Maps
We use services from third parties to embed maps into our website.
We use in particular:
11.3 Fonts
We use services from third parties to embed selected fonts as well as icons, logos, and symbols into our website.
We use in particular:
11.4 E-Commerce
We operate e-commerce and use services from third parties to successfully offer services, content, or goods.
We use in particular:
11.5 Payments
We use specialized service providers to process payments from our customers securely and reliably. For the processing of payments, the legal texts of the individual service providers, such as General Terms and Conditions (GTC) or privacy policies, apply additionally.
We use in particular:
11.6 Advertising
We use the option to display advertising with third parties such as social media platforms and search engines for our activities and operations.
With such advertising, we particularly aim to reach people who are already interested in our activities and operations or who might be interested in them (remarketing and targeting). For this purpose, we may transmit corresponding – possibly also personal – information to third parties who enable such advertising. We may also determine whether our advertising is successful, i.e., particularly whether it leads to visits to our website (conversion tracking).
Third parties where we advertise and where you, as a user, are registered may associate the use of our website with your profile there.
We use in particular:
12. Extensions for the Website
We use extensions for our website to take advantage of additional features. We may use selected services from suitable providers or use such extensions on our own digital infrastructure.
We use in particular:
13. Success and Reach Measurement
We try to determine how our online offering is used. In this context, we can, for example, measure the success and reach of our activities and operations and the impact of third-party links to our website. We can also experiment with and compare how different parts or versions of our online offering are used ("A/B test" method). Based on the results of success and reach measurement, we can particularly fix errors, strengthen popular content , or make improvements to our online offering.
For success and reach measurement, the IP addresses of individual users are usually stored. In this case, IP addresses are generally shortened ("IP masking") to follow the principle of data minimization through corresponding pseudonymization.
Cookies can be used for success and reach measurement, and user profiles can be created. Potential user profiles may include, for example, the individual pages visited or content viewed on our website, information on screen size or browser window, and the – at least approximate – location. Generally, any user profiles created are exclusively pseudonymized and not used to identify individual users. Individual third-party services where users are registered may associate the use of our online offering with the user account or profile at the respective service.
We use in particular:
14. Video Surveillance
We use video surveillance to prevent crimes, secure evidence in case of crimes, exercise and assert our legal claims, defend against third-party legal claims, and enforce our house rules. These are considered – insofar as and to the extent that the General Data Protection Regulation (GDPR) is applicable – overriding legitimate interests under Art. 6 Para. 1 lit. f GDPR, in the case of particularly sensitive personal data with reference to Art. 9 para. 2 lit. f GDPR.
We store recordings from our video surveillance for as long as they are necessary for securing evidence or another stated purpose.
We may secure recordings from our video surveillance and transmit them to competent authorities such as court or law enforcement authorities, provided the transmission is necessary for a stated purpose, in our other overriding legitimate interest, or due to legal obligations.
15. Final Provisions
The present privacy policy is an unofficial translation from the original German version. We have created this privacy policy with the Data Protection Generator from Datenschutzpartner.
We may adapt and supplement this privacy policy at any time. We will inform you about such adaptations and supplements in an appropriate manner, particularly by publishing the current privacy policy on our website.
6