Book now

Privacy Policy

With this Privacy Policy, we inform you about the processing of personal data in connection with our activities and operations, including our klarer-zuoz.ch website. We particularly inform you about the purposes, methods, and locations where we process personal data. We also inform you about the rights of individuals whose data we process.

Additional privacy policies or other information regarding data protection may apply to specific or additional activities and operations.

We are subject to Swiss data protection law and, where applicable, foreign data protection law, particularly that of the European Union (EU) under the General Data Protection Regulation (GDPR).

On July 26, 2000, the European Commission recognized that Swiss data protection law ensures adequate data protection. In a report dated January 15, 2024, the European Commission reaffirmed this adequacy decision.

1. Contact Addresses

Responsible for the processing of personal data:

Conda SA
Plaz 2
7524 Zuoz
Switzerland

info@klarer-zuoz.ch

In individual cases, third parties may be responsible for the processing of personal data, or there may be joint responsibility with third parties.

1.1 Data Protection Officer or Data Protection Advisor

We have the following Data Protection Officer or Data Protection Advisor as a point of contact for individuals and authorities regarding inquiries related to data protection:

Rita Klarer
Conda SA
Plaz 2
7524 Zuoz
Switzerland

info@klarer-zuoz.ch

1.2 Data Protection Representation in the European Economic Area (EEA)

We have the following data protection representative in accordance with Art. 27 GDPR:

VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany

info@klarer-zuoz.ch

The data protection representation serves as an additional point of contact for individuals and authorities in the European Union (EU) and the remaining European Economic Area (EEA) regarding inquiries related to the GDPR.

2. Terms and Legal Bases

2.1 Terms

Data Subject: A natural person whose personal data we process.

Personal Data: All information relating to an identified or identifiable natural person.

Special Categories of Personal Data: Data concerning union membership, political, religious, or philosophical beliefs and activities, data concerning health, intimate privacy, ethnicity or race, genetic data, biometric data uniquely identifying a natural person, data concerning criminal convictions or sanctions, and data concerning social assistance measures.

Processing: Any handling of personal data, regardless of the methods and procedures applied, such as querying, comparing, adjusting, archiving, storing, reading, disclosing, obtaining, collecting, deleting, making accessible, organizing, arranging, storing, modifying, disseminating, linking, destroying, and using personal data.

European Economic Area (EEA): Member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.

2.2 Legal Bases

We process personal data in accordance with Swiss data protection law, particularly the Federal Act on Data Protection (Data Protection Act, FADP) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).

We process personal data – where and to the extent that the General Data Protection Regulation (GDPR) is applicable – in accordance with at least one of the following legal bases:

  • Art. 6 para. 1 lit. b GDPR for the processing of personal data necessary for the performance of a contract with the data subject and for pre-contractual measures.
  • Art. 6 para. 1 lit. f GDPR for the processing of personal data necessary to protect legitimate interests – including those of third parties – provided that the fundamental rights and freedoms of the data subject do not override such interests. Such interests include, in particular, the continuous, humane, secure, and reliable operation of our activities, ensuring information security, protection against misuse, enforcement of legal claims, and compliance with Swiss law.
  • Art. 6 para. 1 lit. c GDPR for the processing of personal data necessary for compliance with a legal obligation to which we are subject under the applicable law of the member states in the European Economic Area (EEA).
  • Art. 6 para. 1 lit e GDPR for the processing of personal data necessary for the performance of a task carried out in the public interest.
  • Art. 6 para. 1 lit. a GDPR for the processing of personal data based on the data subject’s consent.
  • Art. 6 para. 1 lit. d GDPR for the processing of personal data necessary to protect the vital interests of the data subject or another natural person.
  • Art. 9 para. 2 ff. GDPR for the processing of special categories of personal data, in particular with the consent of the data subjects.

The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data and the processing of special categories of personal data as the processing of special categories of personal data (Art. 9 GDPR).

3. Type, Scope, and Purpose of Processing Personal Data

We process personal data that is necessary to carry out our activities and operations in a continuous, humane, secure, and reliable manner. The personal data processed may fall into categories such as browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of our activities and operations, provided that such processing is legally permissible.

We process personal data where necessary with the consent of the data subjects. In many cases, we can process personal data without consent, for example, to comply with legal obligations or to protect overriding interests. We may also seek consent from data subjects even when consent is not required.

We process personal data for the duration necessary for the respective purpose. We anonymize or delete personal data, particularly in accordance with legal retention and limitation periods.

4. Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties include specialized providers whose services we use.

We may disclose personal data, for example, to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and economic information agencies, logistics and shipping companies, marketing and advertising agencies, media, organizations and associations, social institutions, telecommunications companies, and insurance companies.

5. Communication

We process personal data to communicate with third parties. In this context, we particularly process data provided by a data subject during communication, for example, by postal mail or email. We may store such data in an address book or with comparable tools.

Third parties who transmit data about other individuals are required to ensure data protection for such affected individuals. This includes ensuring the accuracy of the transmitted personal data.

6. Data Security

We take appropriate technical and organizational measures to ensure data security that is proportionate to the respective risk. Our measures, in particular, ensure the confidentiality, availability, traceability, and integrity of the processed personal data, but we cannot guarantee absolute data security.

Access to our website and our other online presence is carried out using transport encryption (SSL / TLS, especially with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn against visiting websites without transport encryption.

Our digital communication is – like virtually all digital communication – subject to mass surveillance without cause and suspicion by security authorities in Switzerland, other parts of Europe, the United States of America (USA), and other countries. We cannot directly influence the processing of personal data by intelligence services, police forces, and other security authorities. We also cannot rule out the possibility that a data subject is specifically monitored.

7. Personal Data Abroad

We process personal data primarily in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, particularly to process or have it processed there.

We may export personal data to all countries and territories on Earth, provided that the respective legal system ensures adequate data protection according to the decision of the Swiss Federal Council and – where and to the extent that the General Data Protection Regulation (GDPR) is applicable – also according to the decision of the European Commission.

We may transfer personal data to countries whose legal systems do not ensure adequate data protection, provided that data protection is guaranteed for other reasons, particularly based on standard data protection clauses or with other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or appropriate data protection if the specific data protection requirements are met, such as the explicit consent of the data subjects or a direct connection to the conclusion or performance of a contract. We will gladly provide affected individuals with information about any safeguards or provide a copy of any safeguards upon request.

8. Rights of Affected Persons

8.1 Data Protection Claims

We grant affected persons all claims under applicable data protection law. Affected persons particularly have the following rights:

  • Access: Affected persons can request information about whether we process personal data about them, and if so, what personal data is involved. Affected persons also receive the information necessary to assert their data protection claims and ensure transparency. This includes the processed personal data as such, but also details about the purpose of processing, the duration of storage, any disclosure or export of data to other countries, and the origin of the personal data.
  • Rectification and Restriction: Affected persons can correct inaccurate personal data, complete incomplete data, and restrict the processing of their data.
  • Erasure and Objection: Affected persons can request the erasure of personal data (“right to be forgotten”) and object to the processing of their data with future effect.
  • Data Release and Data Transfer: Affected persons can request the release of personal data or the transfer of their data to another controller.

We may delay, limit, or refuse the exercise of the rights of affected persons to the extent legally permissible. We may inform affected persons about any conditions that may need to be met to exercise their data protection claims. For example, we may refuse to provide access to data, citing confidentiality obligations, overriding interests, or the protection of other individuals. We may also refuse to erase personal data, particularly citing legal retention obligations.

We may exceptionally impose costs for the exercise of rights. We will inform affected persons in advance of any potential costs.

We are required to take reasonable measures to verify the identity of affected persons who request access or assert other rights. Affected persons are obligated to cooperate.

8.2 Legal Protection

Affected persons have the right to assert their data protection claims in court or to file a complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities are organized as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), the data protection supervisory authorities are federally structured, particularly in Germany.

9. Use of the Website

9.1 Cookies

We may use cookies. Cookies – both first-party cookies and third-party cookies, whose services we use – are data stored in the browser. Such stored data is not limited to traditional text-form cookies.

Cookies can be stored in the browser temporarily as “session cookies” or for a specific period as so-called persistent cookies. “Session cookies” are automatically deleted when the browser is closed. Persistent cookies have a specific storage duration. Cookies enable, among other things, the recognition of a browser on the next visit to our website, thus allowing us to measure the reach of our website. Persistent cookies may also be used, for example, for online marketing.

Cookies can be disabled or deleted entirely or partially at any time in the browser settings. Without cookies, our website may no longer be fully available. We request – at least where necessary – your explicit consent to the use of cookies.

For cookies used for success and reach measurement or advertising, a general objection (“opt-out”) is possible for numerous services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

9.2 Logging

We may log at least the following information for each access to our website and our other online presence, provided that this information is transmitted to our digital infrastructure during such access: Date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, accessed individual subpage of our website including transmitted data volume, and the last visited website in the same browser window (referer or referrer).

We log such information, which can also constitute personal data, in log files. The information is necessary to provide our online presence in a continuous, humane, and reliable manner. The information is also necessary to ensure data security – including through third parties or with the help of third parties.

9.3 Tracking Pixels

We may incorporate tracking pixels into our online presence. Tracking pixels are also referred to as web beacons. Tracking pixels – including those from third parties whose services we use – are typically small, invisible images or JavaScript scripts that are automatically retrieved when accessing our online presence. Tracking pixels can capture at least the same information as in log files.

10. Notifications and Communications

10.1 Success and Reach Measurement

Notifications and communications may contain web links or tracking pixels that record whether an individual communication was opened and which web links were clicked. Such web links and tracking pixels can also capture the use of notifications and communications on a personal basis. We need this statistical capture of usage for success and reach measurement to send notifications and communications effectively, humanely, safely, and reliably based on the needs and reading habits of the recipients.

10.2 Consent and Objection

You must primarily consent to the use of your email address and other contact details unless the use is permissible for other legal reasons. For obtaining a double-confirmed consent, we may use the “Double Opt-in” procedure. In this case, you will receive a notification with instructions for double confirmation. We may log obtained consents, including IP address and timestamp, for evidence and security reasons.

You can primarily object to receiving notifications and communications such as newsletters at any time. With such an objection, you can simultaneously object to the statistical capture of usage for success and reach measurement. Required notifications and communications related to our activities and operations remain reserved.

11. Social Media

We are present on social media platforms and other online platforms to communicate with interested individuals and to inform them about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The general terms and conditions (GTC), terms of use, privacy policies, and other provisions of the individual operators of such platforms apply. These provisions, in particular, inform about the rights of affected persons directly towards the respective platform, which includes, for example, the right to information.

For our social media presence on Facebook, including the so-called page insights, we – where and to the extent that the General Data Protection Regulation (GDPR) is applicable – are jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta companies (including in the USA). Page insights provide information on how visitors interact with our Facebook presence. We use page insights to provide our social media presence on Facebook effectively and humanely.

Further information on the type, scope, and purpose of data processing, information on the rights of affected persons, as well as the contact details of Facebook and Facebook’s Data Protection Officer, can be found in the Facebook Privacy Policy. We have concluded the so-called “Addendum for Controllers” with Facebook, particularly agreeing that Facebook is responsible for ensuring the rights of affected persons. For the so-called page insights, the corresponding information can be found on the page “Information about Page Insights” including “Information about Page Insights Data”.

12. Services from Third Parties

We use services from specialized third parties to carry out our activities and operations continuously, humanely, securely, and reliably. With such services, we can integrate functions and content into our website. Such services must at least temporarily capture the IP addresses of users for technical reasons.

For necessary security-relevant, statistical, and technical purposes, third parties whose services we use may process data in connection with our activities and operations in an aggregated, anonymized, or pseudonymized manner. These may include, for example, performance or usage data to provide the respective service.

We use, in particular:

12.1 Digital Infrastructure

We use services from specialized third parties to access the necessary digital infrastructure in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.

We use, in particular:

12.2 Social Media Functions and Social Media Content

We use services and plugins from third parties to integrate social media platform functions and content and to enable the sharing of content on social media platforms and other ways.

We use, in particular:

12.3 Maps

We use services from third parties to embed maps into our website.

We use, in particular:

12.4 Fonts

We use services from third parties to embed selected fonts, as well as icons, logos, and symbols into our website.

We use, in particular:

12.5 E-Commerce

We operate e-commerce and use services from third parties to offer services, content, or goods successfully.

12.6 Payments

We use specialized service providers to process payments securely and reliably from our customers. The legal texts of the individual service providers, such as general terms and conditions (GTC) or privacy policies, apply in addition to the payment processing.

We use, in particular:

12.7 Advertising

We utilize the possibility to display targeted advertising on third-party platforms, such as social media platforms and search engines, for our activities and operations.

With such advertising, we particularly aim to reach individuals who are already interested in our activities and operations or may be interested (Remarketing and Targeting). For this purpose, we may transmit corresponding – potentially also personal – data to third parties that enable such advertising. We can also determine whether our advertising is successful, meaning whether it leads to visits to our website (Conversion Tracking).

Third parties, where we advertise and where you are registered as a user, may associate the use of our website with your profile on that platform.

We use, in particular:

13. Extensions for the Website

We use extensions for our website to utilize additional functions. We may use selected services from suitable providers or such extensions on our digital infrastructure.

We use, in particular:

  • Google reCAPTCHA: Spam protection (distinguishing between desired content from humans and unwanted content from bots and spam); Provider: Google; Google reCAPTCHA-specific information: “What is reCAPTCHA?”.

14. Success and Reach Measurement

We try to measure the success and reach of our activities and operations. In this context, we may also measure the impact of third-party references or test how different parts or versions of our online offering are used (“A/B test” method). Based on the results of success and reach measurement, we may particularly fix errors, strengthen popular content, or make improvements.

For success and reach measurement, IP addresses of individual users are captured in most cases. IP addresses are primarily shortened (“IP masking”) to follow the principle of data minimization through corresponding pseudonymization.

Cookies may be used for success and reach measurement, and user profiles may be created. Such created user profiles may include, for example, the individual pages visited or content viewed on our website, details about the size of the screen or browser window, and the – at least approximate – location. Primarily, any created user profiles are only pseudonymized and not used to identify individual users. Individual services from third parties, where users are registered, may associate the use of our online offering with their user account or user profile on the respective service.

We use, in particular:

15. Final Provisions

We have created this privacy policy using the Privacy Policy Generator from Datenschutzpartner. The present privacy policy is an unofficial translation from the original German version.

We may amend and supplement this privacy policy at any time. We will inform about such amendments and supplements in an appropriate manner, particularly by publishing the current privacy policy on our website.