General Contract and Travel conditions
Praettigau Tourism operates an Internet portal on shop.graubuenden.ch/Praettigau which makes it easier for customers to book tourist services from Praettigau online.
Data Protection Policy Prättigau Tourism
Prättigau Tourism runs the website www.praettigau.info and is responsible for the collection, processing and use of your personal data. Prättigau Tourism is therefore also responsible that all data processing complies with applicable law.
We care about the protection of your personal data. We take the issue of data protection seriously and we care about the security of your data. We comply with all applicable legal requirements, in particular of the Swiss Federal Data Protection act (DSG) and the respective Federal Ordinance (VDSG) as well as the Swiss Federal Telecommunication Act (FMG). Where applicable, we also respect the provisions of the General Data Protection Regulation (GDPR) of the European Union.
It is important to us that you know which of your personal data we collect, how this is done, how the data is processed and for which purposes this is done. With your use of our website you declare your consent with all these acts of data processing, pursuant to art. 6 para. 1 lit. a GDPR. Please read the following information very carefully.
I Which data do we process when you visit our website?
When you visit our website, our servers temporarily save every access in a protocol file. The following data is automatically collected:
- The IP address of the computer accessing the website
- Date and time of access
- Name and URL of the accessed file
- Website, from which access is made
- Operating System of your computer and your browser
- Country from which you access our website and the language settings of your browser
- Name of your internet access provider
We collect and process this data to enable you to access our website (to establish a connection), to ensure safety and stability of our systems, to optimize our website for you and for statistical purposes. In particular, we use your IP address to localize your country of domicile and to optimize settings of the website (e.g. to adapt the language). The IP address is also used to be able to react to attacks against our network infrastructure. All these data processing activities are based on these legitimate interests (art. 6 para. 1 lit. f GDPR).
We would also like to point out that we use so-called cookies, tracking tools and social media plug-ins (see below sections V to VIII). We may also transfer data to third parties and/or abroad (see below sections IX and X).
II Which data do we process if you subscribe to our Newsletter?
You have the possibility on our website to subscribe to our Newsletter. For this, a registration is required. In this context, the following data must be provided:
- Sir/Madam (optional)
- Name (optional)
- Email address (mandatory)
- Country (optional)
We exclusively process this data to personalize the information and offers we send to you and to adapt them better to your needs.
In order to send our Newsletters, we use the E-Marketing software of mailingwork. Our Newsletter may contain a so-called Web Beacon or similar technical tools. These are small, invisible graphics of the size of 1x1 pixel, which are linked to the user ID of the addressee of the Newsletter.
Our use of such services and technologies allows us to analyze whether you opened the Newsletter and how you read it. This helps us to assess whether or how the contents of our Newsletters could be improved or further customized and to compile statistics about our Newsletters. If you delete the Newsletter, also these small graphics will be deleted. If you would like to prevent Tracking Pixels from being active, please adjust your email program so that Newsletters are not shown in HTML format.
If you subscribe for Newsletters, you express your consent to receiving the respective information and that we may use these technologies and process data for statistical assessment of your use and our optimization of the Newsletter. Our legal permission to do this accordingly consists of your consent (art. 6 para. 1 lit. a GDPR). Furthermore, the described analytical purposes constitute our legitimate interests in these data processing activities (art. 6 para. 1 lit. f GDPR).
At the end of each Newsletter, you will find a link, through which you can de-register from Newsletters at all times. You can de-register for the entire Newsletter or for certain channels. If you de-register from the entire Newsletter, we will delete all your respective data from our system.
III What happens to your data if you make a booking, order or reservation with third parties through our website?
Our website gives you several possibilities to make bookings or reservations, to request informational material or other services. The respective services are, as a general rule, provided by third parties. Insofar as necessary, the data which is collected in this process is forwarded to these third parties, for example the following data:
- Sir/Madam or Company
- Name/First Name
- Address (street, number, postal code, place, country)
- Additional contact information (Email address, telephone number)
- Credit card or other payment information
Information that is mandatory will be indicated as such. This is information, which is required to be able to render the booking services. Other information is optional and has no impact on your use of our website or the booking services. We would also like to indicate that the data you insert is, in general, also collected directly by the party offering the booking services and saved by, and/or transferred to, this third party. If the party offering the booking services further processes the data, the respective privacy policies of this party will be applicable, and we kindly ask you to consult these as well. Our legal permission for these acts of data processing is the fulfilment of a contract pursuant to art. 6 para. 1 lit. b GDPR.
IV Which of your data is collected and processed for promotional purposes?
In the following section, we would like to explain to you which of your data is collected and processed for promotional purposes and how this is done. All these data processing activities are based on our legitimate interest, pursuant to art. 6 para. 1 lit. f GDPR. Our interest lies in particular in direct marketing purposes and in the analysis and assessment of the use of our website. By using our website you are moreover consenting to these data processing activities, pursuant to art. 6 para. 1 lit. a GDPR.
- Creation of pseudonymised user profiles
In order to present personalized services and information on our website (on-site-targeting), we use and analyse the data which we collect about you when you visit our website. In this context, so-called cookies can be used (see section VI).The analysis of your behaviour as a user can lead to the creation of a so-called user profile. However, your user data is only used together with pseudonyms, but never with non-pseudonymized, personal data.
In order to enable personalized marketing in social networks, we implement so-called remarketing pixel of Facebook and Twitter on our website. If you have an account with one of these social networks and if you are logged in while visiting our website, this pixel links your use of our website with your account. If you would like to prevent this link, you need to log out from your social media account before visiting our website. You can change further settings concerning advertisement in your user profile of the respective social network.
We use so-called retargeting technologies on our website. These technologies analyze your behavior on our website, so that it will be possible to offer you customized advertisements also on partner websites. Your behavior as a user is saved on an anonymous basis. Most retargeting technologies work with so-called cookies (see section VI).
Please find further information on the retargeting technologies which are being used and the respective acts of data processing here:
You can always prevent retargeting technologies if you de-activate the respective Cookies in your browser settings (see section VI). You can also apply for an opt-out for these advertising and retargeting tools via the website of the Digital Advertising Alliance (optout.aboutads.info).
V What are Cookies and what are they used for?
VI What are tracking tools and for which purpose are they used?
We use various tracking tools on our website. These tools analyze your behavior on our website. We use this information to optimize and customize our website. In the context of these tracking tools, user profiles based on pseudonyms may be created, and it is also possible that cookies are set (see above).
Please find further information on these tracking tools and the relevant data processing here:
VII Is data shared with third Parties?
We only share your personal data based on your consent, a legal permission or if this is needed to execute our rights, for example to enforce rights and obligations out of the legal relationship between you and Prättigau Tourism. In addition, we share your data with third parties if this is necessary in the context of your use of our website to provide the requested services or to analyse your use of our website, as described further above. Insofar as necessary for these purposes, data may also be transferred abroad. In case our website contains links to websites of third parties, Prättigau Tourism has no influence on the collection, processing, storing or use of personal data by these third parties and it rejects, insofar as permitted by the law, no responsibility or liability in this respect.
VIII Is data transferred abroad?
1. General Remarks
2. Data transfers to the United States
For the sake of completeness, we would also like to inform you specifically that in the United States, surveillance mechanisms may exist which can broadly save and/or monitor all the data transferred to the United States. This may happen without a detailed differentiation, limitation or exception and/or not based on objective criteria, which would restrict access of US authorities to your data to specific and clearly defined purposes, which could justify access to such data or the impact caused by its use. We would also like to inform you that in the United States, you may not have similar legal remedies to protect your data as they may exist in Switzerland and/or the European Union to gain access to your data, request a deletion or correction thereof or legal remedies against access to your data by authorities.
We would also like to inform users domiciled in a Member State of the European Union that the United States does not have – among others for the reasons mentioned in this section – a data protection level which would be considered adequate from the perspective of the European Union.
Insofar as we have explained in this document that recipients of personal data (as for example Google, Facebook or Twitter) have their legal seat in the US, we will make sure that your personal data is adequately protected by contractual agreements or by making sure that these companies are certified under the EU-US Privacy Shield.
IX Security and Confidentiality
We use adequate technical and organisational security measures to protect the personal data saved with us against manipulation, partial or total loss or unauthorized access by third parties. Our security measures are regularly updated to meet the current state of the art.
It is important that you treat payment information (in particular credit card information) as confidential at all times. We recommend you to close the browser window after you have completed communication with us, in particular if you use a computer together with other persons.
We also take internal data protection very seriously. Our employees and the third party services providers we use are obliged to respect secrecy and the data protection provisions we establish.
X Storing of Data
We store personal data only as long as it is necessary
- To use the mentioned tracking, advertising and analysing services in the context of our legitimate interest;
- To provide services of the mentioned type and extent, which you requested or for which you have given us your consent;
- To meet our legal obligations.
Data in the context of the conclusion or execution of a contract is stored for a longer period of time because we are obliged to do this by statutory documentation obligations, for example in the context of accounting or tax law. These rules oblige us to store communication, contracts and accounting documents for up to 10 years. When we no longer use such data to provide services to you, it will in principle be blocked. This means that this data will as from then exclusively be used for purposes of accounting and tax law.
XI Your rights
You have the right to receive free of charge information about the personal data that we store about you upon request. In addition, you have the right to correct inaccurate data and the right to delete your personal data, as far as there is no statutory requirement or another legal permission to store and/or record data. In addition, you have the right, in accordance with Articles 18 and 21 GDPR, to demand a restriction of data processing and to oppose to data processing. You also have the right to reclaim from us the data you have given us (right to data portability). On request, we also pass the data on to a third party of your choice. You have the right to receive the data in a common file format.
If a data processing is based on your consent, you can revoke this consent at any time.
You can reach us for the aforementioned purposes via the e-mail address email@example.com. You can also tell us what to do with your information after you pass away by giving us instructions. We may, at our sole discretion, require proof of identity to process your requests. When you contact us, we will do our best to provide you with a response as soon as possible and to take the appropriate steps.
If you live in an EU country, you have the right to complain to a data protection supervisory authority at any time.