main menu
Laudinella Hotel Group logo black

Data protection

1. Responsible party and content of this privacy policy

This privacy policy provides information about how and for what purposes the group companies and affiliated companies belonging to the Laudinella Group (hereinafter also referred to as "we" or "us") process your personal data (hereinafter "you") which you disclose to us or which we collect from you.

This privacy policy is not exhaustive; in particular, our general terms and conditions, registration forms or other information may contain supplementary information on the processing of your personal data.

The Laudinella Group includes the following companies in particular:

  • Laudinella AG, Via Tegiatscha 17, 7500 St. Moritz, Switzerland,
  • Laudinella Hotel Group AG, Via Tegiatscha 17, 7500 St. Moritz, Switzerland,
  • Lej da Staz AG, Vietta da Staz 3, 7500 St. Moritz, Switzerland,
  • Laudinella Hotel Group Shared Services GmbH, Gurlittstraße 22, 20099 Hamburg, Germany,
  • Laudinella Hotel Group GmbH, Gurlittstraße 24, 20099 Hamburg, Germany.

The Laudinella Group includes the hotels Laudinella, Reine Victoria, Corvatsch and Lej da Staz ("Hotels"), the penthouses The View Penthouses, the locally associated restaurants and bars, namely Vic's Brasserie, Vic's Bar, Caruso, Restaurant Corvatsch, Restaurant Stüva, Murütsch Bar, Restaurant Made in Asia, Lobby Bar, Deli and Restaurant Lej da Staz ("Restaurants") as well as the websites ("Websites"):

www.laudinella.ch (Mittwald)

www.hotel-laudinella.ch (Mittwald)

www.hotel-reine-victoria.ch (Mittwald)

www.hotel-corvatsch.ch (Mittwald)

www.theviewpenthouses.ch (Mittwald)

www.hirschen-gunten.ch (Wix)

www.restaurant-caruso.ch (Wix)

www.restaurant-corvatsch.ch (Wix)

www.restaurant-stueva.ch (Wix)

www.restaurant-made-in-asia.ch (Wix)

www.vics-bar.ch (Wix)

www.lobby-bar.ch (Wix)

www.muruetsch-bar.ch (Wix)

www.deli-laudinella.ch (Wix)

Since the Laudinella Group consists of different companies, different companies are responsible for processing your personal data. The Laudinella Group company with which you correspond or do business, or which referred you to this privacy policy as part of an inquiry, contract or other correspondence, is responsible for processing your personal data within the scope of this privacy policy.

Depending on the type of data processing, the companies of the Laudinella Group can individually or jointly assume the role of controller or processor.

«Personal data» means any information relating to an identified or identifiable natural person.

To ensure you are aware of what personal data we collect from you and for what purposes we process it, please take note of the information below. We process personal data in accordance with the requirements of the applicable data protection law, in particular Swiss data protection law, specifically the Federal Act on Data Protection («FADP»), as well as Regulation (EU) 2016/679, the European General Data Protection Regulation («GDPR»), the provisions of which may apply in individual cases.

Please note that the following information is reviewed and amended from time to time. We therefore recommend that you check this privacy policy regularly. The privacy policy published on our website is always the valid one.

2. Contact person for data protection

The point of contact for all questions and requests regarding data protection is, regardless of which company of the Laudinella Group is responsible for processing your personal data in any given case:

Laudinella AG
Via Tegiatscha 17
7500 St. Moritz
Switzerland

Email: christoph.schlatter@laudinella.ch

Our EU Data Protection Representative You can reach us at:

Laudinella Hotel Group GmbH
Gurlittstraße 24
20099 Hamburg
Germany

Email: jeannine.postel@lhg.swiss

3. Data categories, processing purposes and legal bases

3.1 Data origin

We generally only process personal data that we receive or collect from our guests (current, former, and future), our cooperation partners (e.g., providers and operators of third-party platforms), prospective customers, and website visitors in the course of our business activities. Where permitted, we also obtain certain personal data from publicly accessible sources (e.g., debt enforcement registers, commercial registers, press, internet) or receive such personal data from other companies, authorities, or other third parties (e.g., government agencies and courts).

3.2 Notification and modification of personal data

If you provide us with personal data of other individuals (e.g., your accompanying persons), please ensure that these individuals are aware of this privacy policy. Only share their personal data with us if you have been given permission to do so and if the data is accurate. To ensure that we can keep your personal data up-to-date and accurate, please inform us of any changes to your personal data. You can contact the data protection officer as described in section 2 for this purpose.

3.3 Data categories

The specific personal data processed and how it is used depends primarily on the services requested or agreed upon.

The personal data or categories of personal data we process include, depending on the case, in particular personal details and contact information (e.g., name, address, gender, date of birth, place of birth, marital status, number of children, place of origin and/or nationality, telephone number and email address); identification and background information (e.g., passport number, ID number, social security number, customer or account number, login data, signature samples, language); information on employment (e.g., job title); contract data that we receive or collect in connection with the initiation, conclusion and execution of contracts with you (e.g., goods and services claimed or requested by you as well as related behavioral and transaction data, financial data for payment purposes such as bank account details); communication data (e.g., name and contact details such as postal address, email address and telephone number, content of emails, written correspondence, chat messages, social media posts, comments on websites, telephone calls and video conferences (including their recordings), proof of identity, metadata); Documentation data or data from your contacts with third parties (e.g., meeting minutes, file notes, references); preference and marketing data (e.g., data about the use of our websites or other digital offerings, data related to the marketing of products and services such as marketing email subscriptions/unsubscriptions, documents received and specific activities, personal preferences and interests); public data that can be obtained about you (e.g., commercial register data, data from the media and press); data related to (potential) proceedings or investigations by authorities, agencies, courts, organizations, or other bodies; data for compliance with legal requirements, such as anti-money laundering measures; image and sound recordings (e.g., photos, videos, and audio recordings of events, recordings from video surveillance systems, recordings of telephone and video conference calls) and technical data (e.g., IP address and other device IDs, identification numbers assigned to your device by cookies and similar technologies).

3.4 Processing purposes and legal bases within the scope of our business activities

We primarily process your personal data for purposes necessary in connection with our business activities and the provision of our services. In particular, we may process your personal data for the following purposes:

  • – to communicate with you, in particular to provide you with information or process your requests, to authenticate and identify you, for customer service and customer care;
  • – for contract processing, specifically in connection with the initiation, conclusion, and execution of contractual relationships. This includes all data processing that is necessary or appropriate for concluding, executing, and, if necessary, enforcing a contract, such as processing to decide whether and how (e.g., with which payment options) we enter into a contract with you (including credit checks), to provide contractually agreed services, to invoice our services, and generally for accounting, processing applications (e.g., managing and evaluating applications, conducting interviews including creating personality profiles, obtaining references), and to enforce legal claims arising from contracts (e.g., debt collection, legal proceedings);
  • – to provide you with our products and services as well as our digital offerings (e.g. website) and to evaluate and improve them, including market research, quality assurance and training of our employees;
  • – for customer care and marketing purposes, e.g., to send you written and electronic communications and offers and to conduct marketing campaigns. We may also process your personal data in some cases automatically with the aim of evaluating certain personal aspects (profiling) or creating a pre-selection when you inquire about a product or service. In particular, we may use profiling to inform you about products and services in a targeted manner;
  • – in connection with accounting, data archiving and the management of our archives;
  • – for training and education: We may process your personal data to conduct internal training and to educate and train our employees;
  • – when selling receivables, e.g. when we provide the purchaser with information about the basis and amount of the receivable and, if applicable, the creditworthiness and behavior of the debtor;
  • – for security measures, in particular for IT and building security (such as access controls, visitor lists, prevention, defense and investigation of cyberattacks and malware attacks, network and email scanners, video surveillance, telephone recordings), as well as for the prevention and investigation of criminal offenses and other misconduct or the conduct of internal investigations, protection against misuse, evidentiary purposes, data analysis for fraud prevention, evaluation of system-related records of the use of our systems (log data);
  • – in connection with restructurings or other corporate law transactions (e.g. due diligence, company sale, maintenance of share registers);
  • – for asserting legal claims and defending against legal disputes and official proceedings at home and abroad, including clarifying the prospects of litigation and other legal, economic and other issues;
  • – to comply with our legal, regulatory (including self-regulations) and internal requirements and rules at home and abroad, including compliance and risk management and/or prevention, detection and investigation of criminal offenses, and compliance with orders from a court or authority;
  • – to invite you to events and to organize events and to provide reports and other publications about events (e.g. in the form of texts, photos, videos and voice recordings);
  • – for statistical purposes;
  • – other purposes: We may process your personal data for other purposes that are necessary to protect our legitimate interests.

 

We process your personal data for the aforementioned purposes, depending on the situation, in particular based on the following legal grounds:

  • – the processing of personal data is necessary for the performance of a contract with you or pre-contractual measures;
  • – You have given your consent to the processing of your personal data;
  • – the processing of personal data is necessary for the fulfillment of a legal obligation (including compliance checks);
  • – in some cases, processing is necessary to fulfill a task in the public interest;
  • – processing is necessary to protect the vital interests of the data subject or another natural person; or

 

We have a legitimate interest in processing personal data, which may include, in particular, the following: providing excellent guest service, maintaining contact and communication with guests/prospective customers even outside of a contractual relationship; advertising and marketing activities; improving and developing new products and services; combating fraud and preventing and investigating offenses; protecting guests, employees, and other individuals, as well as our data, trade secrets, and assets; ensuring adequate security (both physical and digital); ensuring and organizing business operations, including the operation and further development of websites and other systems; business management and development; the sale or purchase of companies, parts of companies, and other assets; the enforcement or defense of legal claims; and compliance with Swiss and foreign law, as well as other rules applicable to us, provided that your data protection interests do not override these interests.

3.5 Data processing when contacting us

When you contact us via our contact addresses and channels (e.g., email, telephone, or contact form), we process your personal data. Specifically, we process the personal data you provide, such as your first and last name, email address, and message. We also document the time of receipt of your inquiry. Required fields in contact forms are marked with an asterisk (*). We process this personal data to respond to or fulfill your request (e.g., providing information about our hotel, assisting with contract processing, answering questions about your booking, or incorporating your feedback into improving our services).

For processing contact requests submitted via contact form, we use a software application from WordPress (WordPress Foundation, based in the USA). Therefore, your personal data may be stored in a WordPress database, which may allow WordPress access to your personal data. Information about the processing of personal data by third parties and any potential transfer of data abroad can be found in section 5 of this privacy policy.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the implementation or response to your request or, if your request is aimed at the conclusion or execution of a contract, for the implementation of the necessary pre-contractual measures within the meaning of Art. 6 para. 1 lit. b GDPR.

3.6 Data processing when using our chatbot function

When you contact us via chatbot, we process your personal data. Specifically, we process the personal data you provide, such as your company name, your name, your job title, your email address, and your inquiry. We also record the time your inquiry was received. Required fields are marked with an asterisk (*). We process this personal data to respond to or fulfill your request (e.g., providing information about our hotel, assisting with contract processing, answering questions about your booking, or incorporating your feedback into improving our services).

For handling communication via chatbot functionality, we use a software application from DialogShift GmbH (based in Berlin, Germany). Therefore, your personal data may be stored in a database belonging to DialogShift GmbH, which may grant DialogShift GmbH access to your data. Information regarding the processing of personal data by third parties and any potential transfer of data abroad can be found in section 5 of this privacy policy.

For the chatbot function to work, the chatbot texts are saved and a cookie with a unique ID is set – this serves to recognize you as a customer. A cookie is a small text file that is stored locally in the cache on your device. Using this cookie, our application recognizes the device and can access past chatbot logs. You can disable the storage of cookies in your browser settings. However, the chatbot function cannot be executed without the use of cookies.

The possible disclosure of, for example, name, email address or telephone number is voluntary and with the consent to temporarily use and store this data for the purpose of contacting you until the end of the contact.

The legal basis for this data processing is our legitimate interest, pursuant to Article 6(1)(f) GDPR, in using modern communication technologies or, if your inquiry relates to the conclusion or execution of a contract, in carrying out the necessary measures, pursuant to Article 6(1)(b) GDPR. By voluntarily using the chatbot function, you consent to the corresponding data processing (Article 6(1)(a) GDPR).

DialogShift GmbH may wish to use some of this data for its own purposes (e.g., for sending marketing emails or for statistical analysis). Specifically, DialogShift GmbH is responsible for this data processing and must ensure compliance with data protection laws in connection with this data processing. Information about data processing by DialogShift GmbH can be found at [link to DialogShift GmbH privacy policy]. https://www.dialogshift.com/datenschutz.

3.7 Data processing during registration for a customer account

If you open a customer account on our websites, we collect the following personal data, specifically names, where mandatory fields in the corresponding form are marked with an asterisk (*):

Personal details:

  • salutation
  • Name
  • First name
  • Billing and, if applicable, delivery address
  • Birthday
  • Company name, company address and VAT ID number for corporate clients

Login details:

  • E-mail address
  • password

More information:

  • Languages
  • Gender

 

We process your personal data to verify your identity and check that you meet the registration requirements. Your email address and password serve as your login credentials, ensuring that the correct person is using the website with your information. We also process your email address to verify and confirm your account opening and for future communication with you. Furthermore, this personal data is stored in your customer account for future bookings and contracts. For this purpose, we also allow you to voluntarily store additional information in your account (e.g., your preferred payment method).

We also process personal data to provide an overview of bookings made and services used (see in particular section 4) and a simple way to manage your personal data, to administer our websites and contractual relationships, i.e. to establish, define the content of, process and amend the contracts concluded with you via your customer account (e.g. in connection with your booking with us).

We process the information about language and gender in order to display offer suggestions on the websites that are best tailored to your profile and personal needs, for the statistical recording and evaluation of the selected offers, and thus to optimize our suggestions and offers.

The legal basis for processing your personal data within the customer account is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time by removing the information from your customer account or by deleting your customer account, or by notifying us of its deletion.

3.8 Data processing for orders placed via our online shops

On our website you have the option to order products, services and vouchers. For this purpose, we collect the following personal data and confirmations, with mandatory fields marked with an asterisk (*) during the ordering process:

3.8.1 Voucher shop:

  • salutation
  • First name and surname
  • Billing and delivery address
  • Phone number
  • E-mail address
  • Payment method
  • Shipping method
  • Information regarding the subscription to marketing emails
  • Confirmation of the accuracy of the information provided
  • Confirmation of acknowledgment and agreement regarding the terms and conditions

 

3.8.2 Delivery Shop

  • salutation
  • First name and surname
  • Billing and delivery address
  • Phone number
  • E-mail address
  • Payment method
  • Confirmation of acknowledgment and agreement regarding the terms and conditions
  • Confirmation of having read and understood the data protection regulations

 

We process this personal data to verify your identity before concluding a contract. We need your email address to confirm your order and for future communication with you. We store your personal data, along with the order details (e.g., name, price, and features of the ordered products), payment information (e.g., chosen payment method, payment confirmation, and date; see also section 3.11.2), and information related to processing and fulfilling the contract (e.g., receipt of and handling of complaints), in our CRM database (see section 4) so that we can simplify and support order processing and contract fulfillment.

The legal basis for this data processing is the performance of a contract with you pursuant to Art. 6 para. 1 lit. b GDPR.

Providing us with personal data that is not marked as mandatory is voluntary. We process this personal data to tailor our services to your individual needs as effectively as possible, to facilitate contract processing, to contact you via alternative communication channels if necessary for contract fulfillment, and for statistical analysis and evaluation to optimize our services.

The legal basis for this data processing is your consent within the meaning of Article 6(1)(a) GDPR. You can withdraw your consent at any time by notifying us.

We use a software application from Idea Creation GmbH (based in Zurich, Switzerland) to provide the voucher shop. Therefore, your personal data may be stored in a database belonging to Idea Creation GmbH, which may grant Idea Creation GmbH access to your personal data. Information about the processing of personal data by third parties and any potential transfer of data abroad can be found in section 5 of this privacy policy.

We use a software application from Deliverect NV (based in Ghent, Belgium) to provide the delivery shop. Therefore, your personal data may be stored in a database belonging to Deliverect NV, which may allow Deliverect NV access to your personal data. Information about the processing of personal data by third parties and any potential transfer abroad can be found in section 5 of this privacy policy.

The legal basis for this data processing is the performance of a contract with you pursuant to Art. 6 para. 1 lit. b GDPR.

Deliverect NV may wish to use some of this personal data for its own purposes (e.g., to send marketing emails or for statistical analysis). Specifically, Deliverect NV is the data controller for this data processing and must ensure compliance with data protection laws in connection with this data processing. Information about data processing by Deliverect NV can be found at [link to Deliverect NV's privacy policy]. https://www.deliverect.com/de-de/datenschutz-und-cookie-hinweis.

3.9 Data processing during bookings

3.9.1 Booking via our websites

On our website you have the option to book accommodation. For this purpose, we collect the following personal data and confirmations, with optional information marked [Optional] during the booking process (the remaining fields are mandatory):

  • salutation
  • First name and surname
  • Billing address
  • Phone number
  • Email
  • First name and last name of the arriving persons
  • Payment method
  • Booking details
  • Remarks
  • Confirmation of acknowledgment and agreement regarding the terms and conditions

 

We process this personal data to verify your identity before concluding a contract. We need your email address to confirm your booking and for future communication with you. We store your personal data, along with the booking details (e.g., room category, dates of stay, and description, price, and features of the services), payment details (e.g., chosen payment method, payment confirmation, and date; see also section 3.11.2), and information related to processing and fulfilling the contract (e.g., receipt of and handling of complaints), in our CRM database (see section 4) so that we can simplify and support booking processing and contract fulfillment.

To the extent necessary for the performance of the contract, we will also pass on the required personal data to possible third-party service providers (e.g., event organizers or transport companies).

The legal basis for this data processing is the performance of a contract with you pursuant to Art. 6 para. 1 lit. b GDPR.

Providing us with personal data that is not marked as mandatory is voluntary. We process this personal data to tailor our services to your individual needs as effectively as possible, to facilitate contract processing, to contact you via alternative communication channels if necessary for contract fulfillment, and for statistical analysis and evaluation to optimize our services.

The legal basis for this data processing is your consent within the meaning of Article 6(1)(a) GDPR. You can withdraw your consent at any time by notifying us.

For processing bookings via our websites, we use a software application from Hotelpartner Management GmbH (based in Schindellegi, Switzerland). Therefore, your personal data may be stored in a database belonging to Hotelpartner Management GmbH, which may grant Hotelpartner Management GmbH access to your personal data. Information regarding the processing of personal data by third parties and any potential transfer of data abroad can be found in section 5 of this privacy policy.

The legal basis for this data processing is the performance of a contract with you pursuant to Art. 6 para. 1 lit. b GDPR.

3.9.2 Booking via a third-party platform

If you make bookings via a third-party platform (e.g., Booking.com, Hotels.com, ebookers, Agoda, TUI, STC, Escapio, Expedia, HolidayCheck, HRS, Kayak, Tripadvisor, Trivago), we receive various personal data from the respective platform operator in connection with your booking. This generally includes the personal data listed in section 3.11.2 of this privacy policy. In addition, inquiries regarding your booking may be forwarded to us. We process this personal data primarily to record your booking as requested and to provide the booked services.

The legal basis for data processing for this purpose lies in the implementation of pre-contractual measures and the fulfillment of a contract pursuant to Art. 6 para. 1 lit. b GDPR.

Finally, we may exchange personal data with the relevant platform operator in connection with disputes or complaints arising from a booking, insofar as this is necessary to protect our legitimate interests. This may include personal data collected during the booking process on the platform or personal data relating to the processing of services and the stay with us. We process this personal data to protect our legitimate claims and interests in the execution and maintenance of our contractual relationships.

Your personal data will be stored in the database of the relevant platform operator, which grants them access to your data. Information on the processing of personal data by third parties and any potential data transfer abroad can be found in section 5 of this privacy policy.

The legal basis for data processing for this purpose lies in our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR, namely the interest in efficient reservation management, fraud prevention and the defense of our legal position.

3.10 Data processing when reserving a table

On our websites, you have the option to reserve a table at one of the restaurants listed on our website. For this purpose, we collect – depending on the specific offer – the following personal data and confirmations, whereby mandatory fields for reservations made via the websites are marked with an asterisk (*):

  • First name and surname
  • Number of guests
  • E-mail address
  • Phone number
  • Remarks
  • Restaurant name
  • Date and time of reservation
  • Information regarding the subscription to marketing emails
  • Acknowledgement and agreement regarding terms of use

 

We process this personal data to handle your reservation, in particular to process your reservation request according to your wishes and to contact you in case of any questions or problems. We store your personal data, along with the reservation details (e.g., date and time of receipt), reservation information (e.g., assigned table), and information related to processing and fulfilling the contract (e.g., receipt of and handling of complaints), in our CRM database (see section 4) so that we can simplify and support reservation processing and contract fulfillment.

We use a software application from Lunchgate AG (based in Zurich, Switzerland) to process table reservations. Therefore, your personal data may be stored in a Lunchgate AG database, which may allow Lunchgate AG access to your personal data. Information about the processing of personal data by third parties and any potential transfer of data abroad can be found in section 5 of this privacy policy.

The legal basis for this data processing is the performance of a contract with you pursuant to Art. 6 para. 1 lit. b GDPR.

Lunchgate AG may wish to use some of this data for its own purposes (e.g., for sending marketing emails or for statistical analysis). Specifically, Lunchgate AG is responsible for this data processing and must ensure compliance with data protection laws in connection with it. Information about data processing by Lunchgate AG can be found at [link to relevant page]. https://go.foratable.com/datenschutzerklaerung-gaeste.

3.11 Data processing during payment processing

3.11.1 Payment processing in one of our hotels

When you purchase products, use services, or pay for your stay at one of our hotels using electronic payment methods, we process your personal data. By using the payment terminals, you transmit the information stored in your payment method, such as the cardholder's name and card number, to the involved payment service providers (e.g., payment solution providers, credit card issuers, and credit card acquirers). These providers also receive information that the payment method was used at one of our hotels, the amount, and the time of the transaction. Conversely, we only receive the credit for the payment amount at the corresponding time, which we can assign to the relevant receipt number, or information that the transaction was unsuccessful or canceled. Always refer to the information provided by the respective payment service provider, especially their privacy policy.

The legal basis for our data processing in the context of payment processing is the performance of a contract with you pursuant to Art. 6 para. 1 lit. b GDPR.

3.11.2 Online Payment Processing

When you make paid bookings or order services and products on our websites, depending on the product or service and the chosen payment method, you will be required to provide additional personal data – such as your credit card information or login details for your payment service provider – in addition to the personal data and confirmations mentioned in section 3.9.1. This personal data, as well as the fact that you have purchased a service from us for the relevant amount and time, will be forwarded to the respective payment service providers (e.g., payment solution providers, credit card issuers, and credit card acquirers). Always refer to the information provided by the respective payment service provider, in particular their privacy policy.

The legal basis for our data processing in the context of payment processing is the performance of a contract with you pursuant to Art. 6 para. 1 lit. b GDPR.

We reserve the right to store a copy of your credit card information as security. Furthermore, to prevent payment defaults, the necessary data, in particular your personal details, may be transmitted to a credit agency for an automated assessment of your creditworthiness.

The legal basis for this data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f. GDPR in preventing payment defaults.

3.12 Data processing during the recording and billing of services received

If you use services during your stay (e.g. additional overnight stays, wellness, restaurant, activities), in addition to your contract data, the booking data (e.g. time and comments) as well as the data relating to the booked and used service (e.g. subject of the service, price and time of service provision) will be recorded and processed by us for the purpose of processing the service, as described in sections 3.9 and 3.10.

The legal basis for our data processing is the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR.

3.13 Data processing in email marketing

When you register for our marketing emails (e.g., when creating an account, within your customer account, on our websites, or as part of an order, booking, or reservation), the following personal data will be collected, specifically your name. Required fields are marked with an asterisk (*) during registration:

  • E-mail address
  • salutation
  • First and Last Name

To prevent misuse and ensure that the owner of an email address has actually given their consent to receive marketing emails, we use a double opt-in process for registration. After submitting your registration, you will receive an email from us with a confirmation link. To definitively register for marketing emails, you must click this link. If you do not confirm your email address via the confirmation link within the specified period, your personal data will be deleted and you will no longer receive our marketing emails at that email address.

By registering, you consent to the processing of this personal data in order to receive marketing emails from us about our hotels and related information on products and services. These marketing emails may also include invitations to participate in competitions, provide feedback, or rate our products and services. Collecting your title, first name, and last name allows us to link your registration to any existing customer account and thus personalize the content of the marketing emails. Linking your registration to a customer account enables us to make the offers and content in the marketing emails more relevant to you and better tailored to your potential needs.

We process your personal data for sending marketing emails until you withdraw your consent. You can withdraw your consent at any time, in particular via the unsubscribe link included in all marketing emails.

Our marketing emails may contain a so-called web beacon, 1x1 pixel (tracking pixel), or similar technical tools. A web beacon is an invisible graphic linked to the user ID of the respective subscriber. For each marketing email sent, we receive information about which email addresses were successfully delivered, which email addresses have not yet received the marketing email, and which email addresses experienced delivery failures. We also see which email addresses opened the marketing email, for how long, and which links were clicked. Finally, we also receive information about which subscribers have unsubscribed from the mailing list. We use this data for statistical purposes and to optimize our marketing emails in terms of frequency and timing of delivery, as well as the structure and content of the emails. This allows us to better tailor the information and offers in our marketing emails to the individual interests of the recipients.

The web beacon is deleted when you delete the marketing email. You can prevent the use of web beacons in our marketing emails by configuring your email program to block HTML from being displayed in messages. Refer to your email software's help documentation for instructions on how to configure this setting; for example, here for Microsoft Outlook.

By subscribing to marketing emails, you also consent to the statistical analysis of user behavior for the purpose of optimizing and adapting the marketing emails.

We use a software application from rapidmail GmbH (based in Freiburg im Breisgau, Germany) to send you marketing emails. Therefore, your data may be stored in a database belonging to rapidmail GmbH, which may grant rapidmail GmbH access to your data. Information about the processing of personal data by third parties and any potential transfer of data abroad can be found in section 5 of this privacy policy.

Your consent constitutes the legal basis for the processing of your data in accordance with Article 6(1)(a) GDPR. You can withdraw your consent at any time for the future.

It is possible that rapidmail GmbH may wish to use some of this data for its own purposes (e.g., for sending marketing emails or for statistical analysis). rapidmail GmbH is specifically responsible for this data processing and must ensure compliance with data protection laws in connection with this data processing. Information about data processing by rapidmail GmbH can be found at [link to rapidmail GmbH's privacy policy]. https://www.rapidmail.de/datenschutz.

3.14 Data processing in video surveillance

To protect our guests, employees, and property, and to prevent and prosecute unlawful behavior (especially theft and vandalism), the entrance area and publicly accessible areas of our hotel, with the exception of the restrooms, may be monitored by cameras. Footage will only be reviewed if there is suspicion of unlawful activity. The recordings will be automatically deleted after 48 hours.

The legal basis is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the protection of our guests, our employees and our property, as well as in the safeguarding and enforcement of our rights.

3.15 Data processing in fulfillment of legal reporting obligations

Upon arrival at one of our hotels, we may require the following information from you and your companions, with mandatory fields marked with an asterisk (*) in the relevant form:

  • First and last names of all guests
  • Billing address
  • Date of birth of all guests
  • Nationality of all guests
  • Identity card or passport number of all guests
  • Arrival and departure days

 

We collect this information to fulfill legal reporting obligations, particularly those arising from hospitality or police regulations. Where we are required to do so under applicable regulations, we will forward this information to the relevant authority.

The legal basis for processing this personal data is, in accordance with Art. 6 para. 1 lit. c GDPR, the fulfillment of our respective legal obligations.

3.16 Data processing in applications

You have the option of applying to us spontaneously or in response to a specific job posting. Upon receipt of your application, we will process the personal data you have provided.

Specifically, we process the personal data you provide in order to review your application and your suitability for employment. Application documents from unsuccessful applicants will be deleted after the application process has concluded, unless you explicitly consent to a longer retention period or we are legally obligated to retain them for a longer period.

We use a software application from Ostendis AG (based in Boniswil, Switzerland) to process applications. Therefore, your data may be stored in a database belonging to Ostendis AG, which may grant Ostendis AG access to your data. Information about the processing of personal data by third parties and any potential transfer of data abroad can be found in section 5 of this privacy policy.

The legal basis for processing your personal data for this purpose lies in the performance of a contract (pre-contractual phase) pursuant to Art. 6 para. 1 lit. b GDPR.

4. Central data storage and analysis in the CRM system

Provided that a clear association with your identity is possible, we will store and link the personal data described in this privacy policy, i.e., in particular your personal details, your contact information, your contract data, and your browsing behavior on our websites, in a central database. This serves the purpose of efficiently managing customer data and enables us to adequately process your requests, efficiently provide the services you have requested, and handle the associated contracts.

The legal basis for this data processing within the scope of data storage is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the efficient management of user data.

We may analyze your personal data to further develop our offerings in a needs-oriented manner and to display and suggest the most relevant information and offers to you. We also use methods that predict potential interests and future orders based on your use of our websites.

For centralized data storage and analysis in our CRM system, we use a software application from ORACLE Deutschland BV & Co. KG (headquartered in Munich, Germany). Therefore, your data may be stored in an ORACLE database, which may grant ORACLE access to your data. Information about the processing of personal data by third parties and any potential data transfers abroad can be found in section 5 of this privacy policy. Further information about ORACLE's data processing practices can be found at [link to ORACLE's privacy policy]. https://www.oracle.com/de/legal/privacy/.

The legal basis for this data processing within the scope of data analysis is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in carrying out marketing activities.

5. Disclosure of personal data to recipients and abroad

5.1 Disclosure of personal data to recipients

Without the support of other companies, we would not be able to provide our services in the desired form. In order to utilize the services of these companies, it is necessary to disclose your personal data to them to a certain extent. This disclosure occurs with selected third-party service providers and generally only to the extent necessary for the optimal provision of our services.

Several third-party service providers are already explicitly mentioned in this privacy policy. In addition to the data disclosures expressly mentioned, we may, where permitted, disclose personal data to the following categories of recipients:

  • – Providers to whom we have outsourced certain services (e.g. IT and hosting providers, service providers related to hotel operations or hotel management, advertising and marketing services, business administration including accounting and/or asset management, debt collection services, photographers) as well as other suppliers and subcontractors;
  • –Companies belonging to the Laudinella Group;
  • – Companies that provide hotel services in close cooperation with the Laudinella Group (e.g. cooperation partners including travel agencies and booking portals);
  • – Contractual partners (e.g., organizers of seminars, readings, concerts), guests and other involved persons: If you are working for one of our contractual partners (e.g., a guest, organizer, or supplier) or are taking advantage of or attending an offer from a contractual partner (e.g., a seminar, a reading, or a concert), we may transmit your personal data to them;
  • – third parties involved in fulfilling guest requests and providing services (e.g., within the framework of our sports and wellness offerings);
  • – other guests (especially your family members or companions, as well as your employees or participants in an event you are also attending);
  • – Third-party providers of software applications that we use in the course of our business or make available to our guests;
  • – Third parties that collect data about you via websites;
  • – Consulting service providers, e.g. lawyers, tax advisors, auditors and management consultants;
  • – Authorized representative;
  • – Banks and insurance companies;
  • – Credit reporting agencies that store this data for creditworthiness assessments;
  • – Potential buyers or investors in the event of restructurings or other corporate law transactions (e.g., due diligence reviews);
  • – Auditors;
  • – Parties in potential or actual legal disputes or legal proceedings;
  • – domestic and foreign authorities, offices or courts.
  • – Other recipients may be providers of consent management systems, such as Usercentrics A/S (Cookiebot), within the framework of obtaining consent in accordance with the GDPR.

 

5.2 Disclosure of personal data abroad

We generally process your personal data in Switzerland and Germany. However, in certain cases, your personal data may be disclosed abroad, for example, when using certain service providers or software applications. Specific instances of data transfers abroad are mentioned above in section 3. The countries to which data is transferred include those that, according to a decision by the Federal Council and the EU Commission, have an adequate level of data protection (such as the member states of the EEA or, from the EU's perspective, Switzerland), but also those countries whose level of data protection is not considered adequate (see Annex 1 of the Data Protection Ordinance (DSV) and the EU Commission's website).

Data may be transferred to the following countries in particular:

  • – Israel (e.g., for hosting services provided by Wix.com Ltd.; Israel has an adequacy decision from the EU Commission)
  • – USA (e.g., when using Google Analytics by Google LLC; there is no adequate level of data protection – therefore, the transfer is based on standard contractual clauses)
  • – Denmark (EU): When using the consent tool Cookiebot by Usercentrics, a cookie may be set via the domain consensu.org, which involves the processing of personal data. The provider, Usercentrics A/S, is based in Copenhagen, Denmark. The processing takes place within the EU and is subject to the GDPR.

When we transfer personal data to a country without adequate legal data protection, we ensure an appropriate level of protection as required by law by using appropriate contracts (specifically based on the European Commission's standard contractual clauses) or rely on the legal exceptions of consent, contract performance, the establishment, exercise or defense of legal claims, overriding public interests, publicly available personal data, or because it is necessary to protect the vital interests of the data subjects. However, we would like to point out that data transferred abroad is no longer protected by Swiss law and that foreign laws and official orders may require the disclosure of this data to authorities and other third parties.

Depending on which data protection legislation applies to you, you can request additional information and a copy of the safeguards we provide by contacting the data controller at the postal address (see section 2). We may enter into an agreement with you before such transfers or implement the necessary legal, operational, and technical measures required by applicable law.

6. Data processing on our websites

6.1 Data processing when visiting our websites (log file data)

When you visit our websites, the servers of our hosting providers, Mittwald CM Service GmbH & Co. KG (based in Espelkamp, Germany) or Wix.com Ltd. (based in Tel Aviv, Israel (Israel has an adequacy decision by the EU Commission pursuant to Art. 45 GDPR)), temporarily store each access in a log file. The hosting provider for each website can be found in section 1. The following data is collected automatically without your intervention and stored by us until its automated deletion:

  • – IP address of the requesting computer;
  • – Date and time of access;
  • – Name and URL of the retrieved file;
  • – Website from which the access was made, possibly including the search term used;
  • – Your computer's operating system and the browser you use (including type, version and language settings);
  • – Device type in case of access via mobile phones;
  • – City or region from which the access was made; and
  • – Name of your internet access provider.

The collection and processing of this data is carried out for the purpose of enabling the use of our websites (establishing a connection), ensuring the long-term security and stability of the systems, and enabling error and performance analysis and optimization of our websites (see also section 6.3 regarding the last points).

In the event of an attack on the network infrastructure of the websites or in the event of suspected other unauthorized or abusive use of the websites, the IP address and other data will be evaluated for investigation and defense purposes and, if necessary, used in civil or criminal proceedings to identify the user in question.

The legal basis for data processing when you visit our websites (see also the following sections) is primarily based on Article 6(1)(f) GDPR. Our legitimate interest lies in ensuring the functionality, security, and optimization of our websites, as well as a user-friendly and efficient presentation of our online presence. This also includes analyzing user behavior to continuously improve our services and adapt them to the needs of our visitors. By voluntarily visiting our websites again, you consent to the corresponding data processing (Article 6(1)(a) GDPR).

Finally, when you visit our websites, we use cookies as well as applications and tools that rely on cookies. In this context, the data described here may also be processed. Further details can be found in the following sections of this privacy policy, in particular section 6.2.

6.2 Cookies

Cookies are information files that your web browser stores on your computer's hard drive or in its memory when you visit our websites. Cookies are assigned identification numbers that identify your browser and allow the information contained in the cookie to be read.

Cookies help make your visit to our websites easier, more enjoyable, and more meaningful. We use cookies for various purposes that are necessary for your desired use of the websites, i.e., "technically necessary." For example, we use cookies to identify you as a registered user after logging in, so you don't have to log in again each time you navigate between different subpages. The provision of order and booking functions also relies on the use of cookies. Furthermore, cookies perform other technical functions required for the operation of the websites, such as load balancing, which distributes the website's workload across different web servers to reduce the load on the servers. Cookies are also used for security purposes, for example, to prevent the unauthorized posting of content. Finally, we also use cookies in the design and programming of our websites, for example, to enable the uploading of scripts or code.

The legal basis for data processing when visiting our websites is described in section 6.1.

Most internet browsers accept cookies automatically. However, when you access our websites, we ask for your consent to the cookies we use that are not technically necessary, especially when using third-party cookies for marketing purposes. You can adjust your settings using the corresponding buttons in the cookie banner. Details about the services and data processing associated with each cookie can be found within the cookie banner and in the following sections of this privacy policy.

You may also be able to configure your browser so that no cookies are stored on your computer or so that a notification always appears when you receive a new cookie. The following pages may contain explanations on how to configure cookie settings in selected browsers.

Disabling cookies may prevent you from using all the features of our websites.

6.3 Tracking and web analytics tools

6.3.1 General information about tracking

For the purpose of tailoring our websites to user needs and continuously optimizing them, we use the web analytics services listed below. In this context, pseudonymized user profiles are created and cookies are used (see also section 6.2). The information generated by the cookie about your use of these websites is generally transmitted to a server of the service provider, stored and processed there, together with the log file data listed in section 6.1. This may also involve transfer to servers abroad, e.g., in the USA (see section 5.2, in particular regarding the lack of an adequate level of data protection).

By processing the data, we obtain, among other things, the following information:

  • – Navigation path that a visitor follows on the website (including viewed content and selected or purchased products or booked services);
  • – Time spent on the website or subpage;
  • – Subpage where the website is left;
  • – Country, region or city from which access is made;
  • – Device (type, version, color depth, resolution, width and height of the browser window); and
  • – returning or new visitor.

 

On our behalf, the provider will use this information to evaluate website usage, in particular to compile website activity and to provide other services related to website and internet usage for market research and to tailor these websites to user needs. For this processing, we and the provider may, to a certain extent, be considered joint controllers under data protection law (provided that applicable data protection law recognizes this concept).

The legal basis for data processing in connection with tracking and web analytics tools is primarily your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent or object to processing at any time by rejecting or disabling the relevant tracking and web analytics tools in your web browser settings (see section 6.2) or by using the service-specific options described below. The legal bases for data processing when visiting our websites are described in section 6.1.

For information regarding the (further) processing of data by the respective provider as the (sole) data controller under data protection law, in particular also any possible disclosure of data to third parties, such as authorities due to national legal regulations, please refer to the respective data protection information of the provider.

6.3.2 Google Analytics

We use the web analytics service «Google Analytics» from Google Ireland Limited (based in Dublin, Ireland) or Google LLC (based in Mountain View, USA; both collectively referred to below as «Google»).

Contrary to the description in section 6.3.1, Google Analytics (in the version used here, "Google Analytics 4") does not log or store IP addresses, according to Google: For access originating from the EU, IP address data is used only to derive location data and is then deleted. When collecting measurement data in Google Analytics, all IP lookups are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing. Google Analytics uses regional data centers. When Google Analytics establishes a connection to the nearest available Google data center, the measurement data is sent to Google via an encrypted HTTPS connection. In these centers, the data is further encrypted before being forwarded to the Google Analytics processing servers and made available on the platform. The most suitable local data center is determined based on the IP addresses. This may also involve the disclosure of data to servers abroad, e.g. in the USA (see section 5.2, in particular regarding the lack of an adequate level of data protection).

We also use the technical extension "Google Signals," which enables cross-device tracking. This allows us to associate a single website visitor with different devices. However, this only happens if the visitor is logged into a Google service during their website visit and has also activated the "personalized advertising" option in their Google account settings. Even then, no personal data or user profiles are accessible to us; they remain anonymous. If you do not wish to use "Google Signals," you can deactivate the "personalized advertising" option in your Google account settings.

According to Google, users could prevent the collection of data generated by the cookie and related to their use of the website (including their IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

As an alternative to the browser plugin, users can click this link to prevent Google Analytics from collecting data on the websites in the future. This will place an opt-out cookie on the user's device. If users delete cookies (see section 6.2), the link must be clicked again.

6.4 Social Media

6.4.1 Social Media Profile

On our websites we have included links to our profiles on the social networks of the following providers:

  • – Facebook and Instagram by Meta Platforms Inc., Palo Alto, USA (hereinafter «Meta»), Privacy Policy;
  • – YouTube by Google, privacy policy;

When you click on the social network icons, you will be automatically redirected to our profile on the respective network. This establishes a direct connection between your browser and the server of the respective social network. As a result, the network receives information that you have visited our website and clicked the link using your IP address. This may also involve the transfer of data to servers abroad, e.g., in the USA (see section 5.2, in particular regarding the lack of an adequate level of data protection).

If you click on a link to a social network while logged into your user account on that network, the content of our website can be linked to your profile, allowing the network to directly associate your visit to our website with your account. If you wish to prevent this, you should log out before clicking the relevant links. A connection between your access to our website and your user account will be established in any case if you log in to the respective network after clicking the link. The respective provider is responsible for the associated data processing. Please therefore refer to the privacy policy on the network's website.

The legal basis for any data processing that may be attributed to us is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the use and promotion of our social media profiles.

6.4.2 Social Media Plugins

On our websites you can use social media plugins from the following providers:

  • – Facebook and Instagram by Meta, privacy policy;
  • – YouTube by Google, privacy policy;

We use social media plugins to make it easier for you to share content from our websites. These plugins help us increase the visibility of our content on social networks and thus contribute to better marketing.

The plugins are deactivated by default on our websites and therefore do not send any data to the social networks simply by visiting our website. To enhance data protection, we have integrated the plugins in such a way that a connection to the networks' servers is not automatically established. Only when you activate the plugins by clicking on them and thereby give your consent to the data transfer and further processing by the social network providers, will your browser establish a direct connection to the servers of the respective social network.

The content of the plugin is transmitted directly from the social network to your browser and integrated into the website. This allows the respective provider to receive information that your browser has accessed the corresponding page of our website, even if you do not have an account with that social network or are not currently logged in. This information (including your IP address) is transmitted directly from your browser to a server of the provider (usually in the USA) and stored there (see section 5.2, in particular regarding the lack of an adequate level of data protection). We have no influence on the scope of the data that the provider collects with the plugin; however, from a data protection perspective, we can be considered joint controllers with the providers to a certain extent (provided that applicable data protection law recognizes this concept).

If you are logged into the social network, it can directly associate your visit to our website with your user account. If you interact with the plugins, the corresponding information is also transmitted directly to a server of the provider and stored there. The information (e.g., that you like one of our products or services) may also be published on the social network and potentially displayed to other users of the social network. The social network provider may use this information for the purpose of displaying advertisements and tailoring its services to user needs. For this purpose, usage, interest, and relationship profiles may be created, for example, to evaluate your use of our website in relation to the advertisements displayed to you on the social network, to inform other users about your activities on our website, and to provide other services related to the use of the social network. You can find information about the purpose and scope of data collection and the further processing and use of data by the social network providers, as well as your related rights and privacy settings, directly in the privacy policies of the respective providers.

If you do not want the social network provider to associate the data collected via our website with your user account, you must log out of the social network before activating the plugins. Your consent pursuant to Art. 6 para. 1 lit. a GDPR forms the legal basis for the data processing described. You can withdraw your consent at any time by declaring your withdrawal to the plugin provider in accordance with the information in their privacy policy.

6.5 Online Advertising and Targeting

6.5.1 In general

We use services from various companies to present you with interesting offers online. Your user behavior on our websites is analyzed so that we can then display online advertising tailored specifically to you.

Most technologies for tracking your user behavior and displaying targeted advertising use cookies (see also section 6.2 f.), which allow your browser to be recognized across different websites. Depending on the service provider, it may even be possible for you to be recognized online when using different devices (e.g., laptop and smartphone). This can occur, for example, if you have registered with a service that you use on multiple devices.

In addition to the data already mentioned, which is generated when accessing websites (log file data, see section 6.1) and when using cookies (section 6.2) and which may be passed on to the companies involved in the advertising networks, the following data in particular are used in the selection of the advertising that is potentially most relevant to you:

Information about you that you provided when registering for or using a service from advertising partners (e.g., your gender, your age group); and

User behavior (e.g. search queries, interactions with advertising, types of websites visited, products or services viewed and purchased, newsletters subscribed to).

We and, where applicable, our service providers use this data to determine whether you belong to our target audience and take this into account when selecting advertisements. For example, after visiting our websites, you may see ads for the products or services you viewed when you visit other websites (retargeting). Depending on the scope of the data, a user profile may also be created, which is then automatically analyzed. Ads are selected based on the information stored in the profile, such as membership in specific demographic segments or potential interests or behaviors. Such ads may be displayed to you on various channels, including our websites or app (as part of on-site and in-app marketing), as well as advertisements delivered through online advertising networks we use, such as Google.

The data can then be analyzed for billing purposes with the service provider and to assess the effectiveness of advertising measures, thereby better understanding the needs of our users and customers and improving future campaigns. This may also include information indicating that an action (e.g., visiting certain sections of our websites or submitting information) can be attributed to a specific advertisement. Furthermore, we receive aggregated reports from the service providers on advertising activity and information about how users interact with our websites and our advertisements.

The legal basis for this data processing is your consent within the meaning of Article 6(1)(a) GDPR. You can withdraw your consent at any time by rejecting or disabling the relevant cookies in your web browser settings (see section 6.2). Further options for blocking advertising can also be found in the information provided by the respective service provider, such as Google.

6.5.2 Google Ads

Our websites use Google's services for online advertising, as explained in section 6.5.1. Google uses cookies for this purpose (see the list here), which enable your browser to be recognized when you visit other websites. The information generated by the cookies about your visit to these websites (including your IP address) is transmitted to and stored on a Google server in the USA (see section 5.2, in particular regarding the lack of an adequate level of data protection). You can find further information about data protection at Google here.

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time by rejecting or disabling the relevant cookies in your web browser settings (see section 6.2). Further options for blocking advertising can be found here.

6.6 Consent Management with Cookiebot by Usercentrics & Borlabs

To obtain and manage consent in accordance with the GDPR and TTDSG, we use various consent management tools on our websites:

Borlabs Cookie (for WordPress sites): On our WordPress websites, we use the Borlabs Cookie tool from Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany. When you visit our website, the tool displays a banner requesting your consent to the use of cookies and other technologies. A technically necessary cookie is set to save your chosen settings. This consent is logged and can be revoked at any time via the cookie banner or by deleting the cookie. You can find more information about data protection at Borlabs here: https://borlabs.io/datenschutz/.

Cookiebot by Usercentrics (for Wix sites): On our Wix-powered websites, we use the consent management tool Cookiebot by Usercentrics, provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. Here, too, a banner is displayed when the website is accessed, requesting consent for the use of cookies and similar technologies. A cookie is set to save the selected settings; the consent is logged and can be revoked at any time. We also use cross-domain consent sharing, so the consent applies to all Laudinella Hotel Group websites that operate under the same technical configuration. Storage is handled via a third-party cookie on the domain consensu.org, meaning visitors don't have to make their selection multiple times. Further information on data protection at Cookiebot can be found here: https://www.cookiebot.com/de/privacy-policy/.

7. Retention periods

We retain personal data only as long as necessary to carry out the processing activities described in this privacy policy, based on our legitimate interests. We process your personal data for as long as it is necessary to fulfill our contractual and legal obligations, or otherwise for the purposes for which it was processed, or if another legal basis exists, such as retention periods. We retain contract data at least for the duration of the contractual relationship and until the statute of limitations for any potential claims by us expires or contractual retention periods apply. Requirements that oblige us to retain data arise primarily from accounting and tax regulations. According to these regulations, business correspondence, concluded contracts, and accounting documents must be retained for up to 10 years. Data is deleted as soon as there is no longer a legal obligation to retain it or a legitimate interest in retaining it.

8. Data security

We employ appropriate technical and organizational security measures to protect your personal data stored with us against loss and unlawful processing, in particular unauthorized access by third parties. Our employees and the service providers we commission are bound by confidentiality and data protection obligations. Furthermore, these individuals are only granted access to personal data to the extent necessary for the performance of their duties.

Our security measures are continuously adapted to technological developments. However, the transmission of information via the internet and electronic communication channels always carries certain security risks, and we therefore cannot guarantee the security of information transmitted in this way.

9. Your rights

Under applicable data protection law and to the extent provided therein, you have the following rights:

Right to information: You may have the right to request information about your personal data stored by us if we process it.

Right to rectification: You may have the right to have inaccurate or incomplete personal data corrected.

Right to erasure: You may have the right to have your personal data erased under certain circumstances. In individual cases, particularly where statutory retention obligations apply, the right to erasure may be excluded. In such cases, the data may be blocked instead of erased, provided certain conditions are met.

Right to restriction of processing: You may have the right to request that the processing of your personal data be restricted.

Right to data release or transfer: You may have the right to request the personal data you have disclosed to us in a readable format or to have it transferred to a third party.

Right to object: You can object to data processing, especially data processing related to direct marketing (e.g. marketing emails).

Right of withdrawal: You generally have the right to withdraw your consent at any time with effect for the future. However, processing carried out in the past based on your consent does not become unlawful as a result of your withdrawal.

Please note that we reserve the right to assert any legally permissible restrictions, for example, if we are obligated to retain or process certain data, have an overriding legitimate interest in doing so (to the extent we are permitted to rely on such an interest), or require the data for the establishment, exercise, or defense of legal claims. If any costs are incurred by you, we will inform you in advance.

To exercise these rights, please send us an email to the following address: christoph.schlatter@laudinella.ch. Exercising these rights generally requires you to clearly prove your identity (e.g., by providing a copy of your ID if your identity is otherwise unclear or cannot be verified).

Right to lodge a complaint: You have the right to lodge a complaint with the competent supervisory authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

main menu
main menu
main menu
main menu
main menu
main menu
main menu
main menu