Menu

Privacy Statement 

1. Controller and content of this data protection declaration

We, Private Selection Service AG, are the operator of Private Selection Hotels & Tours AG and the website www.privateselection.ch and, unless otherwise stated in this privacy policy, are responsible for the data processing listed in this privacy policy.

In order for you to know which personal data we collect from you and for which purposes we use it, please take note of the information below. When it comes to data protection, we are primarily guided by the statutory provisions of Swiss data protection law, in particular the Federal Act on Data Protection (DSG), as well as the DSGVO, the provisions of which may be applicable in individual cases.

Please note that the following information is reviewed and amended from time to time. We therefore recommend that you review this privacy policy regularly. In addition, for individual data processing listed below, other companies are responsible under data protection law or jointly with us, so that in these cases the information of these companies is also are decisive.

2. Scope and Purpose of Collection, Processing and Use of Personal Data

2.1 Data processing when contacting us

If you contact us through our contact addresses and channels (e.g. by email, telephone or contact form), your personal data will be processed. The data you have provided to us, such as your name, email address or telephone number and your request, will be processed. In addition, the date of receipt of the request is documented. Mandatory information is marked with an asterisk (*) in contact forms. We process this data in order to implement your request (e.g. to provide information about our hotel, to assist with contract processing such as questions about your booking, to include your feedback in improving our services, etc.).

We use a software application from dailypoint - Software made by Toedt, Dr. Selk & Coll. GmbH, Munich, Germany for the processing of contact by means of a contact form. Therefore, your data may at most be stored in a database from dailypoint - Software made by Toedt, Dr. Selk & Coll. GmbH, which may enable dailypoint - Software made by Toedt, Dr. Selk & Coll. GmbH to access your data if this is necessary for the provision of the Software and for support in the use of the Software. Information on the processing of data by third parties and any transfer abroad can be found in Section 5 of this Privacy Policy.

The legal basis for these data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the implementation of your request or, if your request is directed to the conclusion or execution of a contract, the necessity for the implementation of the necessary measures within the meaning of Art. 6 para. 1 lit. b GDPR.

2.2 Data processing when using our chat function

If you contact us via chat, your personal data will be processed. The data you have provided to us, e.g. the name of your company, your name, your function, your e-mail address and your request, are processed. In addition, the date of receipt of the request is documented. Mandatory information is marked with an asterisk (*). We process this data exclusively in order to implement your request (e.g. to provide information about our hotel, to assist with contract processing such as questions about your booking, to incorporate your feedback into the improvement of our services, etc.).

2.3 Data processing when registering for a customer account

If you open a customer account on our website, we collect the following data, where mandatory information is marked with a red asterisk (*) in the appropriate form:

Personal details:

  • Salutation
  • Name
  • First name
  • E-mail address

Login details:

  • E-mail address
  • Password

 Other information:

  • Languages

We use the personal data to establish your identity and to check the requirements for registration. The e-mail address and password together serve as login data to ensure that the right person is using the website. We also need your e-mail address to verify and confirm the account opening and for future communication with you, which is required for contract processing. In addition, this data is deposited in the customer account for future bookings or contract conclusion. For this purpose, we also allow you to enter further details in your account (e.g. your preferred means of payment).

We also use the data to provide an overview of the bookings made and the services received (see in particular section 4) and a simple way to manage your personal data, to administer our website and the contractual relations, i.e. to justify, design, process and modify the contracts concluded with you via your customer account (e.g. in connection with your booking with us).

We process the information on language and gender in order to show you on the website offers tailored to your profile and/or your personal needs in the best possible way, for the statistical recording and evaluation of the selected offers and thus for the optimisation of our suggestions and offers.

The legal basis for the processing of your data for the aforementioned purpose is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by removing the information from the customer account or by deleting your customer account or by sending a message to us to have it deleted.

To avoid misuse, you should always treat your login data confidentially and log out after each session and delete your browsing history, especially if you use the device together with others.

2.4    Data processing for orders via our online shop
On our website you have the opportunity to order products, services and vouchers. For this purpose we collect the following data, whereby mandatory information is marked with an asterisk (*) during the ordering process:

  • First name
  • Surname
  • Invoicing and delivery address
  • E-mail
  • Telephone number
  • Method of dispatch
  • Confirmation of knowledge and consent regarding the terms and conditions and data protection provisions

We use the data to establish your identity before concluding a contract. We need your e-mail address to confirm your order and for future communication with you, which is necessary for the execution of the contract. We store your data together with the marginal data of the order (e.g. name, price and characteristics of the products ordered), the data on payment (e.g. chosen payment method, confirmation of payment and time; see also section 3.7.2) and the information on the processing and fulfilment of the contract (e.g. receipt of and handling of complaints) in our CRM database (see section 4), so that we can guarantee correct order processing and fulfilment of the contract.The legal basis for these data processing is the fulfilment of a contract with you pursuant to Art. 6 para. 1 lit. b GDPR.

The provision of data that is not marked as mandatory is optional. We process this data in order to tailor our offer to your personal needs in the best possible way, to facilitate the processing of contracts, to contact you if necessary with a view to fulfilling the contract using an alternative communication channel or for statistical collection and evaluation in order to optimise our offers.
The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit a GDPR. You can revoke your consent at any time by notifying us. 

For the provision of the online shop, we use a software application of dailypoint - Software made by Toedt, Dr. Selk & Coll. GmbH Munich, Germany and TYPO3 Association, Gewerbestrasse 10,4450 Sissach. Therefore, your data will only be stored in a database of dailypoint - Software made by Toedt, Dr. Selk & Coll. GmbH and TYPO3 Association, which may enable dailypoint - Software made by Toedt, Dr. Selk & Coll. GmbH and TYPO3 Association to access your data if this is necessary for the provision of the Software and for support in the use of the Software. Information on the processing of data by third parties and any transfer abroad can be found in Section 5 of this Privacy Policy. The legal basis for these data processing is the fulfilment of a contract with you pursuant to Art. 6 para. 1 lit. b GDPR. Insofar as this is necessary for the fulfilment of the contract, we will also pass on the required information to any third-party service providers (e.g. partners of the bonus programme).

2.5    Data processing for bookings
2.5.1    Booking via our website
On our website you have the option to book an overnight stay. For this purpose we collect the following data, where mandatory information is marked with an asterisk (*) during the booking process:

  • Legislation
  • First name
  • Surname
  • Address (street, postcode, place of residence)
  • Telephone number
  • E-mail
  • Credit card details to secure the reservation
  • Booking details
  • Remarks
  • Confirmation of knowledge and consent regarding the terms and conditions and data protection provisions

We use the data to establish your identity before concluding a contract. We need your e-mail address to confirm your booking and for future communication with you, which is necessary for the processing of the contract. We store your data together with the marginal data of the booking (e.g. room category, period of stay as well as description, price and characteristics of the services), the payment data (e.g. chosen payment method, confirmation of payment and time; see also section 3.7.2) as well as the information on the processing and fulfilment of the contract (e.g. receipt of complaints and handling of complaints) in our CRM database (see also section 4), so that we can guarantee the correct processing of the booking and fulfilment of the contract. Insofar as this is necessary for the fulfilment of the contract, we will also pass on the required information to any third-party service providers (e.g. partners or transport companies).  The legal basis for these data processing is the fulfilment of a contract with you pursuant to Art. 6 para. 1 lit. b GDPR

The provision of data that is not marked as mandatory is optional. We process this data in order to tailor our offer to your personal needs in the best possible way, to facilitate the processing of contracts, to contact you if necessary with a view to fulfilling the contract using an alternative communication channel or for statistical collection and evaluation in order to optimise our offers.
The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by notifying us. 
We use a software application from Busy Rooms, Malta to process the booking via our website. Therefore, at most, your data will be stored in a database of Busy Rooms, Malta, which may enable Busy Rooms, Malta to access your data when necessary to provide the Software and to assist in the use of the Software. Information on the processing of data by third parties and any transfer abroad can be found in Section 5 of this Privacy Policy.

For sending the confirmation, we use the software application of dailypoint - Software made by Toedt, Dr. Selk & Coll. GmbH Munich, Germany. Therefore, your data will at most be stored in a database of dailypoint - Software made by Toedt, Dr. Selk & Coll. GmbH, which is dailypoint - Software made by Toedt, Dr. Selk & Coll. GmbH. GmbH may allow access to your data if this is necessary for the provision of the software and for support in the use of the software. Information on the processing of data by third parties and any transfer abroad can be found in Section 5 of this Privacy Policy.
The legal basis for these data processing is the fulfilment of a contract with you pursuant to Art. 6 para. 1 lit. b GDPR.

2.5.2    Booking via a booking platform
If you make bookings via a third-party platform (i.e. via Booking, Hotels.com, Escapio, Expedia, Holidaycheck, Hotel Tonight, HRS, Kayak, Mr. & Mrs. Smith, Splendia, Tablet Hotels, Tripadvisor, Trivago, Weekend4Two, DeinDeal, veepee etc.), we receive various personal data from the respective platform operator in connection with the booking made. As a rule, this is the data listed in section 3.7.2 of this privacy policy. In addition, enquiries concerning your booking may be forwarded to us. We will process these data specifically in order to record your booking as desired and to provide the booked services.
The legal basis for these data processing for this purpose is the implementation of pre-contractual measures and the fulfilment of a contract pursuant to Art. 6 para. 1 lit. b GDPR.
Finally, in the event of a dispute or complaint in connection with a booking, we may share personal information with the Platform Operators to the extent necessary to safeguard our legitimate interests. This may also include data relating to the booking process on the Platform or data relating to the booking or processing of services and the stay with us. We process this data in order to safeguard our legitimate claims and interests in the processing and maintenance of our contractual relations with the following platform operators:

  • Sojern, Omaha, USA: For more information on data processing in connection with Sojern, please visit www.sojern.com/privacy-and-data
  • Ameropa-Reisen GmbH, Bad Homburg, Germany: Further information on data processing in connection with Ameropa-Reisen GmbH can be found at www.ameropa.de/datenschutz
  • Hausigentümerverband Schweiz, Seefeldstrasse 60, 8032 Zurich: Further information on data processing in connection with the Swiss Homeowners' Association can be found at www.hev-schweiz.ch/datenschutz
  • Eurotrek AG, Lerzenstrasse 21, 8953 Dietikon: Further information about data processing in connection with Eurotrek AG can be found at www.eurotrek.ch/de/datenschutz
  • eBoutic.ch SA, Rue due Valentin 14, 1004 Lausanne: For more information on data processing in connection with eBoutic.ch SA, please visit www.veepee.ch/de/agb
  • Travelzoo (Europe) Limited (Germany Branch), Munich, Germany: For more information on data processing in connection with Travelzoo (Europe) Limited (Germany Branch), please visit: www.travelzoo.com/de/datenschutz/
  • Automobile Club du Luxembourg, Bertrange, Luxembourg: For more information on data processing in connection with Travelzoo (Europe) Limited (Germany Branch), please see: www.acl.lu/de-de/pages/privacy-policy
  • IRC Swiss GmbH, Rainweg 8, 4496 Kilchberg: Further information on data processing in connection with IRC Swiss GmbH can be found at: www.irc-feedback.com/j/privacy
  • myhotelshop GmBH, Leipizg, Germany: For more information on data processing in connection with myhotelshop GmbH please visit: www.myhotelshop.com/de/site-policy
  • TYPO3 Association, Gewerbestrasse 10, 4450 Sissach: Further information on data processing in connection with TYPO3 Association can be found at: typo3.org/privacy-policy/ 
  • DeinDeal AG, Flurstrasse 55, 8048 Zurich: Further information on data processing in connection with DeinDeal can be found at: typo3.org/privacy-policy/ 
  • iMpuls / Migros Genossenschaft-Bund, Limmatstrasse 21, 8031 Zurich: For further information on data processing in connection with iMpuls / Migros Genossenschaft-Bund, please visit: login.migros.ch/legal/DSE_GPL

Your data is stored in the databases of the platform operators, which enables them to access your data. Information about the processing of data by third parties and any transfer abroad can be found in Section 5 of this Privacy Policy. The legal basis for the data processing for this purpose is in our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

2.6    Data processing for payment processing
2.6.1    Payment processing at the hotel
If you purchase products, receive services or pay for your stay via our website using electronic means of payment, the processing of personal data is necessary. By using the payment terminals, you transmit the information stored in your payment method, such as the name of the cardholder and the card number, to the payment service providers involved (e.g. payment solution providers, credit card issuers and credit card acquirers). They will also be informed that the means of payment has been used in our hotel, the amount and the time of the transaction. Conversely, we only receive the credit of the amount of the payment made at the appropriate time, which we can assign to the relevant voucher number, or information that the transaction was not possible or was terminated. Always take note of the information of the respective company, in particular the data protection declaration and the general terms and conditions of business. 
We use a software application from Busy Rooms, Malta to process payments using the contact form. Therefore, at most, your data will be stored in a database of Busy Rooms, which may enable Busy Rooms to access your data if this is necessary for the provision of the Software and for support in the use of the Software. Information on the processing of data by third parties and any transfer abroad can be found in Section 5 of this Privacy Policy. The legal basis for our data processing is the fulfilment of a contract with you pursuant to Art. 6 (1) (b) GDPR.

2.6.2    Online payment processing
If you make bookings, order services or products on our website for a fee, depending on the product or service and the type of payment you wish to make – in addition to the information set out in section 3.5.1 – you must provide further details, such as your credit card information or your login to your payment service provider. This information, as well as the fact that you have purchased a service from us for the amount and time in question, will be forwarded to the respective payment service providers (e.g. payment solution providers, credit card issuers and credit card acquirers). Always take note of the information of the respective company, in particular the data protection declaration and the general terms and conditions of business. 
The legal basis for our data processing is the fulfilment of a contract pursuant to Art. 6 (1) (b) GDPR.
In order to avoid payment cases, the necessary data, in particular your personal details, may also be transmitted to a credit agency for an automated assessment of your creditworthiness. In this context, the credit agency may assign you a so-called score value. This is an estimate of the future risk of default, e.g. as a percentage. The value is compiled using mathematical-statistical methods and using credit bureau data from other sources.  We reserve the right, according to the information received, not to offer you the payment method "invoice". The legal basis for this data processing is our legitimate interest in the avoidance of payment defaults according to Art. 6 para. 1 lit. f GDPR. 

2.7    Data processing in the recording and billing of services received
If you receive services as part of your stay (e.g. additional nights, wellness, restaurant, activities), in addition to your contractual data, the data of the booking (e.g. time and remarks) as well as the data on the booked and received service (e.g. object of service, price and time of receipt of service) will be recorded and processed by us for the processing of the service, as described in sections 3.5 and 3.6. 
The legal basis for our data processing is the fulfilment of a contract pursuant to Art. 6 (1) (b) GDPR.

2.8    Data processing in email marketing
When you register for our marketing e-mails (e.g. when opening, within your customer account or in connection with an order, booking or reservation), the following data will be collected. Mandatory information is marked with an asterisk (*) upon registration:

  • E-mail address
  • Legislation
  • First and surname

In order to prevent misuse and to ensure that the owner of an e-mail address has actually given her consent to receive marketing e-mails, we rely on the so-called double opt-in when registering. After sending the registration, you will receive an e-mail from us with a confirmation link. In order to register definitively for marketing emails, you must click on this link. If you do not confirm your email address using the confirmation link within the specified period, your data will be deleted again and our marketing emails will not be delivered to this address.
By registering, you consent to the processing of this data in order to receive marketing emails about our hotel and related information about products and services from us. These marketing emails may include invitations to participate in sweepstakes, provide feedback, or evaluate our products and services. The collection of the title and the first and last name allows us to personalise the attribution of the registration to a possibly existing customer account and thus the content of the marketing emails. Linking to a customer account allows us to make the offers and content contained in marketing emails more relevant to you and better tailor them to your potential needs. 

We use your data for sending marketing e-mails until you revoke your consent. You can revoke your consent at any time, in particular via the unsubscribe link contained in all marketing e-mails.
Our marketing emails may contain a so-called web beacon, 1x1-pixel (tracking pixels) or similar technical aids. A web beacon is an invisible graphic linked to the user ID of the respective subscriber. For each marketing email sent, we receive information about the email addresses to which it was successfully transmitted, which email addresses have not yet received the marketing email and which email addresses failed to transmit. It also shows which email addresses the marketing email was opened for how long, and which links were used. Finally, we also receive information about which subscribers have unsubscribed from the mailing list. We use this information for statistical purposes and to optimise marketing e-mails in terms of the frequency and timing of dispatch, as well as the structure and content of marketing e-mails. This enables us to better tailor the information and offers in our marketing e-mails to the individual interests of the recipients.

The web beacon will be deleted when you delete the marketing email. You can prevent the use of web beacons in our marketing emails by setting the parameters of your email program so that HTML does not appear in messages. See the Help options of your email application for information on how to configure this setting, e.g. here for Microsoft Outlook.
By subscribing to the marketing e-mails, you also consent to the statistical evaluation of user behaviour for the purpose of optimising and adapting the marketing e-mails. 
For the provision of marketing e-mails, we use a software application from Sendinblue GmbH, Berlin, Germany and dailypoint - Software made by Toedt, Dr. Selk & Coll. GmbH, Munich, Germany. Therefore, your data may only be stored in a database of Sendinblue GmbH and dailypoint - Software made by Toedt, Dr. Selk & Coll. GmBH, which may enable Sendin-blue GmbH and dailypoint - Software made by Toedt, Dr. Selk & Coll. GmbH to access your data if this is necessary for the provision of the software and for support in the use of the software. Information on the processing of data by third parties and any transfer abroad can be found in Section 5 of this privacy policy. Your consent constitutes the legal basis for the processing of the data within the meaning of Art. 6 para. 1 lit. a GDPR. You may revoke your consent at any time for the future.

2.9    Data processing in the submission of ratings
In order to help other users make their decision and to support our quality management (especially in the processing of negative feedback), you have the opportunity to evaluate your stay with us on our website. 

2.10    Data processing when providing guest feedback
After your tour, you have the opportunity to send us feedback (e.g. praise, criticism and suggestions for improvement) using a form. We do not collect any data for this purpose. The feedback is anonymous. For a personal feedback, please send an email to info@privateselection.ch 
The processing of your data takes place within the framework of our quality management and thus ultimately for the purpose of better aligning our services and products to the needs of our guests. Specifically, your data is processed for the following purposes: 

  • Clarification of your concerns, e.g. soliciting comments from the employees and superiors addressed or soliciting questions from you, etc.;
  • Evaluation and analysis of your data, e.g. compilation of satisfaction statistics, comparison of individual services etc.; or
  • Taking organisational measures in accordance with the knowledge gained, e.g. remedying grievances/deficits/misconduct, e.g. by repairing defective equipment, instructing employees and commending or reminding them. 

In connection with guest feedback we use a software application from IRC Swiss GmbH, Rainweg 8, 4496 Kilchberg, Switzerland. Therefore, your data will only be stored in a database of IRC Swiss GmbH, which may enable IRC Swiss GmbH to access your data if this is necessary for the provision of the Software and for support in the use of the Software. Information on the processing of data by third parties and any transfer abroad can be found in Section 5 of this privacy policy. The legal basis for these processing operations is your consent pursuant to Art. 6 para.1 lit. a DSG-VO. You may revoke this consent at any time for the future.

2.11    Data processing of applications
You have the opportunity to apply spontaneously or on a specific job advertisement for a position in our company. In doing so, we process the personal data you provide.
We use the information you provide to assess your application and suitability for employment. Application documents from unsuccessful applicants will be deleted at the end of the application process unless you explicitly agree to a longer retention period or unless we are legally obliged to retain them for a longer period. Applications that are considered will be forwarded to our member hotels accordingly. 
Information on the processing of data by third parties and any transfer abroad can be found in Section 5 of this Privacy Policy. The legal basis for the processing of your data for this purpose is the execution of a contract (pre-contractual phase) pursuant to Art. 6 (1) (b) GDPR.

3.    Centralised data storage and analysis in the CRM system

If a clear assignment to your person is possible, we will store and link the data described in this privacy policy, i.e. in particular your personal details, your contacts, your contract data and your browsing behaviour on our websites in a central database. This serves the efficient management of customer data, allows us to adequately process your requests and enables the efficient provision of the services requested by you and the processing of the related contracts. 
The legal basis for these data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the efficient management of user data.
We further analyse this data in order to further develop our offers according to needs and to be able to display and suggest as relevant information and offers as possible to you. We also use methods that predict possible interests and future orders based on your use of our website.
For central data storage and analysis in the CRM system, we use a software application from dailypoint - Software made by Toedt, Dr. Selk & Coll. GmbH, Munich, Germany. Therefore, your data may be stored in a database from dailypoint - Software made by Toedt, Dr. Selk & Coll. GmbH, which may enable dailypoint - Software made by Toedt, Dr. Selk & Coll. GmbH, to access your data if this is necessary for the provision of the Software and for assistance in the use of the Software. Information on the processing of data by third parties and any transfer abroad can be found under Section 5 of this Privacy Policy. Further information on data processing in connection with dailypoint - Software made by Toedt, Dr. Selk & Coll. GmbH can be found under www.dailypoint.com/privacypolicy/. 
The legal basis for this data processing is our legitimate interest in the implementation of marketing activities within the meaning of Art. 6 para. 1 lit. f GDPR.

4.    Transfer and transfer abroad

4.1    Disclosure to third parties and access by third parties 
Without the support of other companies, we would not be able to provide our services in the form we want. In order for us to use the services of these companies, it is also necessary to share your personal data with them to some extent. A transfer is made to selected third-party service providers and only to the extent necessary for the optimal provision of our services. 
Various third-party service providers are already explicitly mentioned in this data protection declaration. They are, moreover, the following service providers:

  • Swiss Federal Railways SBB, Trüsselstrasse 2, 3000 Bern 65: Further information on data processing in connection with Swiss Federal Railways SBB can be found at www.sbb.ch/de/meta/legallines/impressum.html
  • Rhätische Bahn AG, Bahnhofstrasse 25, 7000 Chur: Further information about data processing in connection with Rhaätische Bahn AG can be found at www.rhb.ch/de/rechtliches
  • Eurotrek AG, Lerzenstrasse 21, 8953 Dietikon: Further information about data processing in connection with Eurotrek AG can be found at www.eurotrek.ch/de/datenschutz
  • Busy Rooms, Malta: For more information on data processing in connection with Busy Rooms GmbH, please visit www.busy-rooms.com/en/privacy-policy
  • dailypoint - Software made by Toedt, Dr. Selk & Coll. GmbH, Munich, Germany: Further information about data processing in connection with dailypoint - Software made by Toedt, Dr. Selk & Coll. GmbH can be found at https://www.dailypoint.com/privacypolicy/

The legal basis for these transfers is the requirement to fulfil a contract within the meaning of Art. 6 para. 1 lit. b GDPR. 
Your data will also be passed on insofar as this is necessary for the fulfilment of the services requested by you, i.e. e. to restaurants or providers of other services for which you have made a reservation via us. In the case of such disclosures, the necessity for the fulfilment of a contract within the meaning of Art. 6 para. 1 lit. b GDPR the legal basis. The third-party service providers are responsible for these data processing within the meaning of the Data Protection Act and not us. It is the responsibility of these third-party service providers to inform you about their own data processing – which goes beyond the transfer of data for the provision of services – and to comply with data protection laws. 
In addition, your data may be passed on, in particular to authorities, legal advisors or debt collection companies, if we are legally obliged to do so or if this is necessary to safeguard our rights, in particular to enforce claims arising from our relationship with you. Data may also be disclosed if another company intends to acquire our company or parts of it and such disclosure is necessary to conduct due diligence or to complete the transaction. The legal basis for these data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the protection of our rights and compliance with our obligations or the sale of our company or shares thereof.

4.2    Transfer of personal data abroad
We are entitled to transfer your personal data to third parties abroad as far as this is necessary to carry out the data processing mentioned in this privacy policy. Individual data transfers have been mentioned above in Section 3. The statutory provisions for disclosure of personal data to third parties are of course complied with. The countries to which data is transferred include those which, in accordance with a decision of the Federal Council and the EU Commission, have an adequate level of data protection (such as the member states of the EEA or, from the EU's point of view, Switzerland), but also those countries (such as the USA) whose level of data protection is not considered to be adequate (cf. Appendix 1 of the Data Protection Regulation (DSV) as well as the website of the EU Commission. If the country in question does not have an adequate level of data protection, unless an exception is specified for individual data processing (cf. Art. 49 GDPR), we ensure that your data is adequately protected by these companies through appropriate guarantees. Unless otherwise stated, these are standard contractual clauses within the meaning of Art. 46 para. 2 lit. c GDPR, which can be accessed on the websites of the Swiss Federal Data Protection and Public Information Commissioner (EDPO) and the EU Commission. If you have any questions about the measures taken, please contact our contact person for data protection (see Section 2). 

4.3    Information on data transfers to the USA
Some of the third-party service providers mentioned in this privacy statement are based in the USA. For reasons of completeness, we would like to point out to users residing or domiciled in Switzerland or the EU that there are surveillance measures in place in the USA by US authorities which generally allow the storage of all personal data of all persons whose data has been transmitted to the USA from Switzerland or the EU. This is done without differentiation, restriction or exception on the basis of the objective pursued, and without any objective criterion allowing access to and subsequent use of the data by the US authorities to be limited to very specific, strictly limited purposes capable of justifying the interference associated with both access to and use of the data. In addition, we would like to point out that in the USA, data subjects from Switzerland and the EU do not have any legal remedies or effective legal protection against general access rights from US authorities that allow them to obtain access to the data concerning them and to have them corrected or deleted. We explicitly draw your attention to this legal and factual situation in order to enable you to make an appropriately informed decision on consent to the use of your data.
We would also like to point out to users residing in Switzerland or a member state of the EU that, from the point of view of the European Union and Switzerland, the USA does not have an adequate level of data protection. Insofar as we have explained in this privacy policy that recipients of data (such as Google) are based in the USA, we will ensure that your data is adequately protected by our third-party service providers through contractual arrangements with these companies and, if necessary, additional appropriate safeguards.

5.    Background data processing on our website

5.1    Data processing when visiting our website (log file data)
When you visit our website, the servers of our hosting provider SPOT Werbung AG, Via Brattas 2, 7500 St. Moritz, temporarily store each access in a log file (log file). The following data is recorded without your involvement and stored by us until automated deletion:

  • IP address of the requesting computer
  • date and time of access
  • Name and URL of the retrieved file
  • Website from which the access was made, with search word where applicable
  • The operating system of your computer and the browser you use (incl. type, version and language settings)
  • Type of device in case of access by mobile phones
  • City or region from which the access was made; and
  • Name of your internet access provider

This data is collected and processed for the purpose of enabling the use of our website (establishing a connection), ensuring system security and stability on a permanent basis, enabling error and performance analysis and optimisation of our website (see also Section 6.4 for the last points). 
In the event of an attack on the network infrastructure of the website or in the event of a suspicion of another unauthorised or abusive use of the website, the IP address and other data will be evaluated for investigation and defence purposes and may be used to identify the user in question in the context of civil or criminal proceedings.
For the purposes described above, our legitimate interest exists within the meaning of Art. 6 para. 1 lit. f GDPR and thus the legal basis for data processing.
Finally, when you visit our website, we use cookies as well as applications and aids which are based on the use of cookies. In this context, the data described here may also be processed. Further information on this can be found in the subsequent sections of this data protection declaration, in particular section 6.2.

5.2    Cookies
Cookies are information files that your web browser stores on your computer's hard drive or memory when you visit our website. Cookies are assigned identification numbers that identify your browser and enable the information contained in the cookie to be read. 
Cookies help, among other things, to make your visit to our website easier, more pleasant and more meaningful. We use cookies for various purposes that are necessary for the use of the website you wish to use, i.e. "technically necessary". For example, we use cookies to identify you as a registered user after logging in, without you having to log in again when browsing the different subpages. The provision of the ordering and booking functions is also based on the use of cookies. In addition, cookies also perform other technical functions necessary for the operation of the website, such as load balancing, i.e. the distribution of the performance load of the website to different web servers in order to relieve the load on the servers. Cookies are also used for security purposes, e.g. to prevent the unauthorised posting of content. Finally, we also use cookies in the context of the design and programming of our website, e.g. to enable the uploading of scripts or codes.
The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the provision of a user-friendly and up-to-date website.
Most internet browsers accept cookies automatically. However, when accessing our website, we ask for your consent to the technically unnecessary cookies that we use, in particular when using third-party cookies for marketing purposes. Use the appropriate buttons in the Cookie Banner to make the settings you wish. Details on the services and data processing associated with the individual cookies can be found within the Cookie Banner and in the following sections of this Privacy Policy.
You may also be able to configure your browser in such a way that no cookies are stored on your computer or that a warning always appears when you receive a new cookie. On the following pages you will find explanations on how to configure the processing of cookies with selected browsers.

  • Google Chrome for desktop
  • Google Chrome for Mobile
  • Apple Safari 
  • Microsoft Windows Internet Explorer
  • Microsoft Windows Internet Explorer Mobile
  • Mozilla Firefox
  • Disabling cookies may result in you not being able to use all the features of our website.

5.3    Google Custom Search Engine
This website uses the Programmable Search Engine of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). This enables us to provide you with an efficient search function on our website. 
By pressing the Enter key or clicking on the search button, the search function is activated and Google's search results are displayed on the search results page by means of an embed (iFrame). As part of the retrieval of the search results, a connection is established with Google servers and your browser, if applicable, the log file data listed in section 6.1 (incl. IP address) as well as the search term you entered will be sent to Google. This may also result in data being transferred to servers abroad, e.g. in the USA (see also, in particular, the lack of an appropriate level of data protection and the provided guarantees, sections 5.2 and 5.3).
The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the provision of an efficient website search function.
For further processing of data by Google, please note the data protection regulations of Google: www.google.com/intl/de_de/policies/privacy.

5.4    Tracking and web analysis tools
5.4.1    General information about tracking
We use the web analysis services listed below for the purpose of designing our website according to needs and continuously optimising it. In this context, pseudonymised user profiles are created and cookies are used (please also note Section 6.2). The information generated by the cookie about your use of this website is generally transmitted together with the log file data listed under section 6.1 to a server of the service provider, where it is stored and processed. This may also result in a transfer to servers abroad, e.g. in the USA (see also, in particular, the lack of an appropriate level of data protection and the provided guarantees, Sections 5.2 and 5.3). By processing the data, we receive the following information, among others:

  • Navigation path followed by a visitor to the Site (including content viewed and selected or purchased products or services booked)
  • length of time spent on the website or sub-page
  • Subpage on which the website is left
  • Country, region or city from which access is made
  • terminal device (type, version, colour depth, resolution, width and height of browser window); and 
  • recurrent or new visitor

On our behalf, the provider will use this information to evaluate the use of the website, in particular to compile website activities and to provide further services associated with the use of the website and the use of the internet for the purposes of market research and the design of these websites according to needs. Up to a certain extent, we and the providers may be considered jointly responsible for these processing operations under data protection law. 

The legal basis for these data processing with the following services is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time or refuse processing by rejecting or deactivating the relevant cookies in the settings of your web browser (see section 6.2) or by making use of the service-specific options described below.
For the further processing of the data by the respective provider as the (only) controller under data protection law, in particular also any possible transfer of this information to third parties, e.g. to authorities on the basis of national statutory provisions, please note the respective data protection notices of the provider.
 

5.4.2    Google Analytics
We use the web analysis service Google Analytics provided by Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). 
Departing from the description in section 6.4.1, IP addresses are not logged or stored in Google Analytics (in the version "Google Analytics 4" used here). In the case of accesses originating in the EU, IP address data are only used to derive location data and then deleted immediately. When collecting measurement data in Google Analytics, all IP searches are carried out on EU-based servers before the traffic is redirected to Analytics servers for processing. Google Analytics uses regional data centres. If a connection is established in Google Ana-lytics to the nearest available Google data centre, the measurement data is sent to Analytics via an encrypted HTTPS connection. In these centres, the data is further encrypted before being forwarded to Analytics' processing servers and made available on the platform. IP addresses are used to determine the most suitable local data centre. This may also result in data being transferred to servers abroad, e.g. in the USA (cf. in this regard, in particular the lack of an adequate level of data protection and the provided guarantees, Section 5.2). 

We also use the technical extension "Google Signals", which enables cross-device tracking – i.e. tracking across devices. This enables an individual website visitor to be assigned to different devices. However, this will only happen if the visitor has logged into a Google service while visiting the website and at the same time activated the option "personalised advertising" in their Google account settings. Even then, however, no personal data or user profiles will be made available to us; they remain anonymous to us. If you do not wish to use "Google Signals", you can disable the "personalised advertising" option in your Google Account Settings.
Users can prevent the collection by Google of the data generated by the cookie and relating to the use of the website by the user concerned (including the IP address) and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout.
As an alternative to the browser plug-in, users can click this link in order to prevent Google Analytics from collecting data on the website in the future. An opt-out cookie is stored on the user's terminal device. If users delete cookies (see Section 6 Cookies), the link must be clicked again.

5.5    Social Media 
5.5.1    Social Media Profiles
On our website we have included links to our profiles in the social networks of the following providers:

  • Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Privacy Notice;
  • Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland, Privacy Notice; 
  • LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland, Privacy Notice.
  • YouTube LLC, 901 Cherry Ave, CA 94066 San Bruni, USA, Privacy Notice
  • Pinterest Inc. San Fransico, USA, Privacy Notice

If you click on the icons of the social networks, you are automatically redirected to our profile in the respective network. A direct connection is established between your browser and the server of the respective social network. In this way, the network receives the information that you have visited our website with your IP address and clicked on the link. In this case, data may also be transmitted to servers abroad, e.g. in the USA (see also, in particular, the lack of an appropriate level of data protection and the provided guarantees, Sections 5.2 and 5.3).
If you click on a link to a network while you are logged into your user account with that network, the content of our website may be linked to your profile so that the network can directly link your visit to our website to your account. If you wish to prevent this, you should log out before clicking on the corresponding links. A connection between your access to our website and your user account will always take place if you log in to the respective network after clicking on the link. The respective provider is responsible for the associated data processing according to data protection law. Please therefore take note of the data protection notice on the website of the network. The legal basis for any data processing attributed to us is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the use and promotion of our social media profiles. 

5.5.2    Social Media Plugins
On our website you can use social media plugins from the following providers:

  • Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Privacy Notice;
  • Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland, Privacy Notice; 
  • LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland, Privacy Notice.
  • YouTube LLC, 901 Cherry Ave, CA 94066 San Bruni, USA, Privacy Notice
  • Pinterest Inc. San Fransico, USA, Privacy Notice

We use the social media plugins to make it easier for you to share content from our website. The social media plugins help us to increase the visibility of our content on social networks and thus contribute to better marketing.
The plugins are deactivated by default on our websites and therefore do not send any data to the social networks when simply calling up our website. To increase data protection, we have integrated the plugins in such a way that a connection to the servers of the networks is not automatically established. Your browser only establishes a direct connection to the servers of the respective social network if you activate the plugins by clicking on them and thereby give your consent to the transmission and further processing of data by the providers of the social network. 
The content of the plugin is transmitted from the social network directly to your browser and integrated into the website. In this way, the respective provider receives the information that your browser has accessed the corresponding page of our website, even if you do not have an account on this social network or are not currently logged in to it. This information (including your IP address) is transmitted from your browser directly to a server of the provider (mostly in the USA) and stored there (see sections 5.2 and 5.3, in particular regarding the lack of an adequate level of data protection and the guarantees provided for). We have no influence on the extent of the data that the provider collects with the plugin, whereby, from a data protection point of view, we may be considered to be jointly responsible with the providers up to a certain extent. 

If you are logged in to the social network, it can associate your visit to our website directly with your user account. If you interact with the plugins, the corresponding information is also transmitted directly to a server of the provider and stored there. The information (e.g. that you like a product or service from us) may also be published on the social network and may be displayed to other users of the social network. The provider of the social network may use this information for the purpose of placing advertising and designing the respective offer according to needs. For this purpose, usage, interest and relationship profiles could be created, e.g. to evaluate your use of our website in relation to the advertisements displayed on the social network, to inform other users about your activities on our website and to provide other services related to the use of the social network. The purpose and scope of the data collection and the further processing and use of the data by the providers of the social networks as well as your rights in this regard and settings options to protect your privacy can be found directly in the data protection information of the respective provider.
If you do not want the provider of the social network to assign the data collected via our website to your user account, you must log out of the social network before activating the plugins. For the described data processing, your consent within the meaning of Art. 6 para. 1 lit. a GDPR forms the legal basis. You can revoke your consent at any time by declaring your revocation to the provider of the plugin in accordance with the information in its privacy policy.

5.6    Online advertising and targeting
5.6.1    In general
We use the services of various companies to prepare interesting offers for you online. Your user behaviour on our website and the websites of other providers is analysed in order to subsequently be able to show you online advertising tailored to your needs. 
Most technologies for tracking your user behaviour (tracking) and for the targeted display of advertising (targeting) use cookies (see also Section 6.2), which allow your browser to be recognised on different websites. Depending on the service provider, it may also be possible for you to be recognised online even when using different devices (e.g. laptop and smartphone). This may be the case, for example, if you have registered for a service that you use with several devices. 
In addition to the data already mentioned, which accrue when accessing websites (log file data, see Section 6.1) and when using cookies (Section 6.2) and which may reach the companies participating in the advertising networks, the following data are included in the selection of the potentially most relevant advertising for you: 

  • Information about yourself that you have provided when registering for or using an advertising partner service (e.g. your gender, age group); and
  • User behaviour (e.g. search queries, interactions with advertisements, types of websites visited, products or services viewed and purchased, newsletter subscribed).

We and our service providers use this data to identify whether you belong to the target group we are targeting and take this into account when selecting advertisements. For example, after you have visited our site, you may see advertisements of the products or services you have consulted (re-targeting). Depending on the scope of the data, a user profile may also be created, which is automatically evaluated, whereby the ads are selected according to the information stored in the profile, such as affiliation to certain demographic segments or potential interests or behaviour. Such ads may be displayed to you on a variety of channels, including, in addition to our website or app (in the context of on-the-spot and in-app marketing), advertisements delivered through the online advertising networks we use, such as Google. 
The data may then be analysed for the purposes of billing with the service provider and to assess the effectiveness of advertising measures, in order to better understand the needs of our users and customers and to improve future campaigns. This may also include the information that the performance of an action (e.g. visiting certain sections of our website or sending information) is attributable to a particular advertisement. We also receive aggregated reports of ad activity from service providers and information about how users interact with our website and ads.
The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by rejecting or deactivating the relevant cookies in your web browser settings (see Section 6.2). You can also find further ways to block advertising in the information provided by the respective service provider, such as Google.

5.6.2    Google Ads
As explained in Section 6.6.1, this website uses the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google) for online advertising. Google uses cookies (see the list here) that enable your browser to be recognised when you visit other websites. The information generated by the cookies about your visit to these websites (including your IP address) is transmitted to a Google server in the USA and stored there (see sections 5.2 and 5.3, in particular regarding the lack of an adequate level of data protection and the guarantees provided for). Further information on data protection at Google can be found here. 
The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by rejecting or deactivating the relevant cookies in your web browser settings (see Section 6.2). You can find more ways to block advertising here.

6.    Retention periods

We store personal data only for as long as it is necessary to carry out the processing described in this data protection declaration in the context of our legitimate interest. In the case of contractual data, the storage is required by statutory retention obligations. Requirements that oblige us to retain data arise from the provisions on accounting and from tax regulations. According to these regulations, in particular business communications, concluded contracts and accounting documents must be retained for up to 10 years. If we no longer need this data to perform the services for you, the data will be blocked. This means that the data may only be used if it is necessary to fulfil the retention obligations or to defend and enforce our legal interests. The data will be deleted as soon as there is no longer any obligation to retain them and no legitimate interest in retaining them. 

7.    Data security

We use appropriate technical and organisational security measures to protect your personal data stored with us against loss and unlawful processing, in particular unauthorised access by third parties. Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and data protection. Furthermore, these individuals are only granted access to personal data to the extent necessary for the performance of their duties.
Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks and we cannot therefore give an absolute guarantee for the security of information transmitted in this way.

8.    Your rights

Provided that the legal requirements are met, you as a data subject have the following rights:
Right to information: You have the right to request access to your personal data stored by us at any time free of charge when we process it. This gives you the opportunity to check which personal data we process about you and whether we process it in accordance with the applicable data protection regulations.
Right to rectification: You have the right to have incorrect or incomplete personal data rectified and to be informed of the rectification. In this case, we will also inform the recipients of the data concerned about the adjustments we have made, unless this is impossible or involves disproportionate effort.
Right to deletion: You have the right to have your personal data deleted under certain circumstances. In individual cases, in particular in the case of statutory retention obligations, the right to deletion may be excluded. In this case, a blocking of the data may take the place of deletion under certain conditions.
Right to restriction of processing: You have the right to request that the processing of your personal data be restricted.
Right to data transfer: You have the right to receive from us the personal data you have provided to us in a readable format free of charge.
Right of objection: You may object to data processing at any time, in particular for data processing in connection with direct marketing (e.g. marketing emails).
Right of revocation: You have the right to revoke your consent at any time. However, processing activities based on your consent in the past will not become unlawful by your revocation.
To exercise these rights, please send an email to: in-fo@privateselection.ch
Right of complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g. against the way in which your personal data is processed. 

***