Politica sulla riservatezza

Privacy Policy
With this privacy policy, we inform you about the processing of personal data in connection with our activities and operations, including our niraalpina.com website. In particular, we explain why, how, and where we process personal data. We also provide information about the rights of individuals whose data we process.

For individual or additional activities and operations, further privacy policies or other data protection information may apply.

We are subject to Swiss data protection law and, where applicable, foreign data protection law, particularly that of the European Union (EU) with the European General Data Protection Regulation (GDPR).

The European Commission recognized in its decision of July 26, 2000 that Swiss data protection law ensures adequate data protection. In its report of January 15, 2024, the European Commission reaffirmed this adequacy decision.

1. Contact Information
Responsible for the processing of personal data:

Alpine Hospitality (Switzerland) AG
Via dal Corvatsch 76
7513 Silvaplana-Surlej
Switzerland

info@niraalpina.com

In certain cases, third parties may be responsible for processing personal data, or joint responsibility with third parties may exist.

1.1 Data Protection Officer or Consultant
We have the following data protection officer or consultant as a point of contact for data subjects and authorities regarding inquiries related to data protection:

Niculin Manzoni
Alpine Hospitality (Switzerland) AG
Via dal Corvatsch 76
7513 Silvaplana-Surlej
Switzerland

info@niraalpina.com

1.2 Data Protection Representative in the European Economic Area (EEA)
We have the following data protection representative according to Art. 27 GDPR:

VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany

info@niraalpina.com

The data protection representative serves as an additional point of contact for data subjects and authorities in the European Union (EU) and the rest of the European Economic Area (EEA) regarding GDPR-related inquiries.

2. Terms and Legal Basis
2.1 Terms
Data Subject: Natural person whose personal data we process.

Personal Data: All information relating to an identified or identifiable natural person.

Special Categories of Personal Data: Data about union membership, political, religious, or philosophical beliefs, data about health, private life, ethnicity, race, genetic data, biometric data uniquely identifying a natural person, data on criminal and administrative sanctions or prosecutions, and data on social assistance measures.

Processing: Any handling of personal data, regardless of the methods or procedures used, such as querying, matching, modifying, archiving, storing, reading, disclosing, acquiring, collecting, recording, deleting, revealing, organizing, managing, storing, altering, disseminating, linking, destroying, and using personal data.

European Economic Area (EEA): Member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway.

2.2 Legal Basis
We process personal data in accordance with Swiss data protection law, particularly the Federal Act on Data Protection (FADP) and the Data Protection Ordinance (DPO).

If and to the extent the European General Data Protection Regulation (GDPR) applies, we process personal data in accordance with at least one of the following legal bases:

Art. 6(1)(b) GDPR for the necessary processing of personal data to fulfill a contract with the data subject and to carry out pre-contractual measures.
Art. 6(1)(f) GDPR for the necessary processing of personal data to safeguard legitimate interests, including the legitimate interests of third parties, unless the fundamental rights and freedoms of the data subject outweigh them. Such interests include, in particular, the continued, user-friendly, secure, and reliable performance of our activities and operations, ensuring information security, protection against misuse, enforcement of legal claims, and compliance with Swiss law.
Art. 6(1)(c) GDPR for the necessary processing of personal data to comply with a legal obligation to which we are subject under applicable law of member states in the European Economic Area (EEA).
Art. 6(1)(e) GDPR for the necessary processing of personal data in the public interest.
Art. 6(1)(a) GDPR for the processing of personal data with the data subject’s consent.
Art. 6(1)(d) GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.
Art. 9(2) GDPR for the processing of special categories of personal data, particularly with the consent of the data subject.
The European General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data and the processing of special categories of personal data as the processing of special categories of personal data (Art. 9 GDPR).

3. Type, Scope, and Purpose of Processing Personal Data
We process personal data that is necessary to carry out our activities and operations in a sustainable, user-friendly, secure, and reliable manner. The processed personal data can fall into categories such as browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data.

We also process personal data obtained from third parties, gathered from publicly accessible sources, or collected in the course of our activities and operations, provided such processing is legally permissible.

We process personal data as required, with the consent of the data subjects. In many cases, we may process personal data without consent, for example, to fulfill legal obligations or to protect overriding interests. We may also request consent from data subjects even if consent is not required.

We process personal data for the duration necessary for the respective purpose. We anonymize or delete personal data depending on statutory retention and limitation periods.

4. Disclosure of Personal Data
We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties include specialized service providers whose services we use.

We may disclose personal data, for example, to banks and other financial service providers, authorities, educational and research institutions, advisors and lawyers, interest groups, IT service providers, cooperation partners, credit and business information agencies, logistics and shipping companies, marketing and advertising agencies, media, organizations and associations, social institutions, telecommunications companies, and insurers.

5. Communication
We process personal data to communicate with third parties. In this context, we process data that a data subject provides when contacting us, for example, via postal mail or email. We may store such data in an address book or similar tools.

Third parties who transmit data about other individuals must ensure data protection for those individuals. This includes ensuring the accuracy of the transmitted personal data.

We use selected services from suitable providers to improve communication with third parties.

We specifically use:

Copper: Customer-Relationship-Management (CRM); Provider: Copper CRM Inc. (USA); Data protection information: Privacy Policy, "Data Privacy and Security at Copper".
6. Applications
We process personal data of applicants as necessary for assessing suitability for an employment relationship or for the subsequent implementation of an employment contract. The required personal data is derived from the requested information, for example, as part of a job advertisement. We may publish job advertisements with the help of suitable third parties, such as in electronic and printed media or on job portals and job platforms.

We also process personal data that applicants voluntarily provide or make public, particularly as part of cover letters, resumes, and other application documents, as well as online profiles.

If and to the extent the General Data Protection Regulation (GDPR) applies, we process personal data of applicants in particular according to Art. 9(2)(b) GDPR.

7. Data Security
We take appropriate technical and organizational measures to ensure a level of data security appropriate to the respective risk. With our measures, we ensure, in particular, the confidentiality, availability, traceability, and integrity of the processed personal data, although we cannot guarantee absolute data security.

Access to our website and other online presence is provided via transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers warn before visiting websites without transport encryption.

Our digital communication is subject – like any digital communication – to mass surveillance by security agencies in Switzerland, Europe, the United States of America (USA), and other countries. We have no direct influence on the corresponding processing of personal data by intelligence services, police forces, and other security agencies. We cannot exclude the possibility of targeted surveillance of individuals.

8. Personal Data Abroad
We primarily process personal data in Switzerland and the European Economic Area (EEA). However, we may export or transfer personal data to other countries, particularly for processing or to have it processed there.

We may export personal data to all countries and territories on Earth, provided the law there ensures adequate data protection in accordance with a decision by the Swiss Federal Council and – if and to the extent the General Data Protection Regulation (GDPR) applies – in accordance with a decision by the European Commission.

We may transfer personal data to countries that do not ensure adequate data protection, provided data protection is guaranteed for other reasons, particularly based on standard data protection clauses or other appropriate safeguards. Exceptionally, we may export personal data to countries without adequate or suitable data protection if the special data protection requirements are met, such as the express consent of the data subject or a direct connection to the conclusion or execution of a contract. Upon request, we are happy to provide information about any safeguards or provide a copy of the safeguards.

9. Rights of Data Subjects
9.1 Data Protection Claims
We grant data subjects all claims under applicable data protection law. Data subjects have, in particular, the following rights:

Access: Data subjects may request information on whether we process personal data about them and, if so, what personal data is involved. Data subjects also receive the information necessary to assert their data protection rights and ensure transparency. This includes the processed personal data itself, but also information on the purpose of processing, the retention period, any disclosure or export of data to other countries, and the origin of the personal data.
Correction and Restriction: Data subjects may request the correction of inaccurate personal data, the completion of incomplete data, and the restriction of data processing.
Deletion and Objection: Data subjects may request the deletion of personal data ("right to be forgotten") and object to the processing of their data with future effect.
Data Delivery and Transfer: Data subjects may request the delivery of personal data or the transfer of their data to another controller.
We may postpone, restrict, or refuse the exercise of data subjects' rights within the legally permissible framework. We may inform data subjects of any conditions that must be met to exercise their data protection claims. For example, we may refuse access in whole or in part by referencing confidentiality obligations or the protection of other individuals. We may also refuse the deletion of personal data by referencing legal retention obligations.

We may, exceptionally, charge for the exercise of rights. We will inform data subjects in advance of any potential costs.

We are obliged to take reasonable measures to identify data subjects requesting access or asserting other rights. Data subjects are required to cooperate.

9.2 Legal Protection
Data subjects have the right to enforce their data protection claims through legal action or to file a complaint with a data protection supervisory authority.

The data protection supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

European data protection supervisory authorities are organized as members of the European Data Protection Board (EDPB). In some member states of the European Economic Area (EEA), data protection supervisory authorities are federally structured, especially in Germany.

10. Use of the Website
10.1 Cookies
We may use cookies. Cookies – our own cookies (first-party cookies) as well as third-party cookies whose services we use (third-party cookies) – are data stored in the browser. Such stored data is not necessarily limited to traditional text-based cookies.

Cookies may be stored in the browser temporarily as "session cookies" or for a specified period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific retention period. Cookies enable, in particular, the recognition of a browser on a subsequent visit to our website and, for example, allow us to measure the reach of our website. Permanent cookies can also be used for online marketing, for example.

Cookies can be disabled or deleted entirely or partially in the browser settings at any time. Without cookies, our website may no longer be fully available. We actively request explicit consent for the use of cookies – at least where necessary.

For cookies used for performance and reach measurement or for advertising, a general objection ("opt-out") is possible for numerous services through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

10.2 Logging
We may log at least the following information for each access to our website and other online presence, provided such information is transmitted to our digital infrastructure during such access: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, specific sub-page of our website accessed, including transmitted data volume, and the last page viewed in the same browser window (referrer).

We log such information, which may also constitute personal data, in log files. The information is necessary to provide our online presence on a sustainable, user-friendly, and reliable basis. The information is also necessary to ensure data security – including by third parties or with the help of third parties.

10.3 Counting Pixels
We may integrate counting pixels into our online presence. Counting pixels are also referred to as web beacons. Counting pixels – including those from third parties whose services we use – typically consist of small, invisible images or scripts written in JavaScript that are automatically retrieved when our online presence is accessed. Counting pixels can capture at least the same information as log files.

11. Notifications and Communications
11.1 Performance and Reach Measurement
Notifications and communications may contain web links or counting pixels that track whether a particular communication was opened and which web links were clicked. Such web links and counting pixels may also capture the usage of notifications and communications on a personal level. We require this statistical measurement of usage for performance and reach measurement to effectively and sustainably send notifications and communications based on the needs and reading habits of recipients in a user-friendly, secure, and reliable manner.

11.2 Consent and Objection
In principle, you must consent to the use of your email address and other contact addresses, unless their use is permitted for other legal reasons. We may use the "double opt-in" procedure to obtain a doubly confirmed consent. In this case, you will receive a notification with instructions for double confirmation. We may log obtained consents, including IP address and timestamp, for evidence and security purposes.

You may in principle object to receiving notifications and communications, such as newsletters, at any time. With such an objection, you may also object to the statistical measurement of usage for performance and reach measurement. Required notifications and communications related to our activities and operations are exempt from this provision.

11.3 Service Providers for Notifications and Communications
We send notifications and communications with the help of specialized service providers.

We specifically use:

Mailchimp: Communication platform; Provider: The Rocket Science Group LLC DBA Mailchimp (USA), a subsidiary of Intuit Inc. (USA); Data protection information: Privacy Policy (Intuit) including "Country and Region-Specific Terms," "Mailchimp Intuit Privacy FAQ", "Mailchimp and European Data Transfers", "Security", Cookie Policy, "Privacy Rights Requests", "Legal Terms".
12. Social Media
We are present on social media platforms and other online platforms to communicate with interested individuals and provide information about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).

The terms and conditions, including privacy policies and other terms of the individual platform operators, apply. These terms specifically inform individuals about their rights directly concerning the respective platform, such as the right to access.

For our social media presence on Facebook, including so-called page insights, we are – if and to the extent the General Data Protection Regulation (GDPR) applies – jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta group of companies (including in the USA). Page insights provide information about how visitors interact with our Facebook presence. We use page insights to provide our social media presence on Facebook effectively and in a user-friendly manner.

Further information about the type, scope, and purpose of data processing, information about the rights of data subjects, and the contact details of Facebook, as well as Facebook's data protection officer, can be found in the Facebook Privacy Policy. We have entered into the so-called "Controller Addendum" with Facebook, specifically agreeing that Facebook is responsible for ensuring the rights of data subjects. The corresponding information for so-called page insights can be found on the "Information about Page Insights" page, including "Information about Page Insights Data".

13. Services from Third Parties
We use services from specialized third parties to carry out our activities and operations sustainably, in a user-friendly, secure, and reliable manner. With such services, we can embed functions and content into our website. For such embedding, the services used must, for technical reasons, at least temporarily capture the IP addresses of users.

For necessary security, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. This includes performance or usage data to provide the respective service.

We specifically use:

Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland), partly for users in the European Economic Area (EEA) and Switzerland; General data protection information: "Data Protection and Security Principles", "Information on How Google Uses Personal Data", Privacy Policy, "Google's Commitment to Data Protection Laws", "Privacy Guide for Google Products", "How We Use Data from Sites or Apps That Use Our Services", "Types of Cookies and Similar Technologies Used by Google", "Ads You Can Influence" ("Personalized Ads").
Microsoft Services: Providers: Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), Switzerland, and the United Kingdom / Microsoft Corporation (USA) for users in the rest of the world; General data protection information: "Privacy at Microsoft", "Privacy and Data Protection", Privacy Policy, "Privacy and Data Settings".
13.1 Digital Infrastructure
We use services from specialized third parties to use the necessary digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.

We specifically use:

WordPress.com: Blog hosting and website builder; Providers: Automattic Inc. (USA) / Aut O'Mattic A8C Ireland Ltd. (Ireland) for users, among others, in Europe; Data protection information: Privacy Policy, Cookie Policy.
13.2 Scheduling
We use services from specialized third parties to schedule appointments online, for example, for meetings. In addition to this privacy policy, the terms and conditions and privacy policies of the services used may also apply, which are visible directly within the services.

We specifically use:

Google Calendar: Online scheduling; Provider: Google; Google Calendar-specific information: "Appointment Scheduling with Google Calendar", "Privacy in Google Calendar".
13.3 Audio and Video Conferences
We use specialized services for audio and video conferences to communicate online. We can hold virtual meetings, provide online training, or host webinars. For participation in audio and video conferences, the legal texts of the individual services, such as privacy policies and terms of use, also apply.

We recommend, depending on your situation, muting the microphone by default when participating in audio or video conferences and using a blurred or virtual background.

We specifically use:

Google Meet: Video conferences; Provider: Google; Google Meet-specific information: "Google Meet - Security and Privacy for Users".
Skype: Audio and video conferences; Provider: Microsoft; Skype-specific privacy information: "Skype Legal".
Zoom: Collaboration platform, especially with video conferencing; Provider: Zoom Video Communications Inc. (USA); Data protection information: "Zoom Privacy", Privacy Policy, "Legal Compliance".
13.4 Online Collaboration
We use third-party services to enable online collaboration. In addition to this privacy policy, the terms and conditions and privacy policies of the services used may apply, which are visible directly within the services.

We specifically use:

Microsoft Teams: Collaboration platform, especially with audio and video conferencing; Provider: Microsoft; Microsoft Teams-specific information: "Security and Compliance in Microsoft Teams," especially "Privacy".
13.5 Mapping Services
We use third-party services to embed maps into our website.

We specifically use:

Google Maps, including Google Maps Platform: Mapping service; Provider: Google; Google Maps-specific information: "How Google Uses Location Information".
13.6 Digital Content
We use services from specialized third parties to embed digital content into our website. Digital content includes image and video material, music, and podcasts.

We specifically use:

YouTube: Video platform; Provider: Google; YouTube-specific information: "YouTube Privacy and Security Center", "My Data on YouTube".
13.7 Fonts
We use third-party services to embed selected fonts, as well as icons, logos, and symbols, into our website.

We specifically use:

Google Fonts: Fonts; Provider: Google; Google Fonts-specific information: "Your Privacy and Google Fonts", "Privacy and Data Collection" (for Google Fonts).
13.8 E-Commerce
We operate e-commerce and use third-party services to successfully offer services, content, or goods.

13.9 Payments
We use specialized service providers to process payments from our customers securely and reliably. For the processing of payments, the legal texts of the individual service providers, such as general terms and conditions (GTC) or privacy policies, apply in addition.

We specifically use:

Apple Pay: Payment processing; Providers: Apple Inc. (USA) / Apple Distribution International Limited (Ireland) for individuals in the EEA, the United Kingdom, and Switzerland; Data protection information: "Apple Privacy Policy", "Apple Customer Privacy Policy", Transparency Report.
PostFinance: Payment processing; Provider: PostFinance AG (Switzerland); Data protection information: "Legal Information and Accessibility", "Privacy" (including privacy policies).
TWINT: Payment processing in Switzerland; Provider: TWINT AG (Switzerland); Data protection information: Privacy Policy, "Security According to Swiss Standards".
Worldline: Payment processing, especially with mobile payment solutions; Providers: Worldline SA (France), Worldline Switzerland AG (Switzerland), and other Worldline companies worldwide (including in the USA); Data protection information: Privacy Policy, "Responsible Disclosure Program", Cookie Policy.
13.10 Advertising
We use the opportunity to display targeted advertising on third-party platforms, such as social media platforms and search engines, to promote our activities and operations.

With such advertising, we particularly aim to reach individuals who are already interested in or may be interested in our activities and operations (remarketing and targeting). For this purpose, we may transmit appropriate – possibly also personal – information to third parties that facilitate such advertising. We may also track whether our advertising is successful, i.e., whether it leads to visits to our website (conversion tracking).

Third parties with whom we advertise and where you, as a user, are registered may associate your use of our website with your profile there.

We specifically use:

Google Ads: Search engine advertising; Provider: Google; Google Ads-specific information: advertising, among other things, based on search queries, with various domain names – in particular, doubleclick.net, googleadservices.com, and googlesyndication.com – used for Google Ads, Privacy Policy for Advertising, "Manage Displayed Ads Directly via Ads".
LinkedIn Ads: Social media advertising; Providers: LinkedIn Corporation (USA) / LinkedIn Ireland Unlimited Company (Ireland); Data protection information: remarketing and targeting, in particular with the LinkedIn Insight Tag, "Privacy", Privacy Policy, Cookie Policy, Opt-out of Personalized Ads.
Meta Ads (Meta Ads): Social media advertising on Facebook and Instagram; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Data protection information: targeting, including retargeting, in particular with the Meta Pixel and Custom Audiences, including Lookalike Audiences, Privacy Policy, "Ad Preferences" (user login required).
Pinterest Ads: Social media advertising; Providers: Pinterest Inc. (USA) / Pinterest Europe Ltd. (Ireland) for users in the European Economic Area (EEA); Data protection information: remarketing and targeting, particularly with the Pinterest Tag, "Privacy, Safety, and Legal", Privacy Policy, "Personalization and Data", "Personalized Ads on Pinterest", "Sharing Data on Pinterest", Cookie Policy.
TikTok Ads: Social media advertising; Providers: TikTok Information Technologies UK Limited (United Kingdom) and TikTok Technology Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom, and Switzerland / TikTok Inc. (USA) for users in the USA / TikTok Pte. Ltd. (Singapore) for users in the rest of the world; Data protection information: remarketing and targeting, particularly with the TikTok Pixel, Privacy Policy, "Privacy Policy for Younger Users", Cookie Policy, "Privacy and Cookie Policy for TikTok for Business".
14. Website Extensions
We use extensions for our website to provide additional functionality. We may use selected services from suitable providers or use such extensions on our own digital infrastructure.

We specifically use:

Google reCAPTCHA: Spam protection (distinguishing between desired content from humans and unwanted content from bots and spam); Provider: Google; Google reCAPTCHA-specific information: "What is reCAPTCHA?".
15. Performance and Reach Measurement
We attempt to measure the success and reach of our activities and operations. In this context, we may also measure the impact of third-party notices or test how different parts or versions of our online offerings are used ("A/B test" method). Based on the results of performance and reach measurement, we may fix errors, strengthen popular content, or make improvements.

For performance and reach measurement, IP addresses of individual users are usually captured. In this case, IP addresses are typically shortened ("IP masking") to follow the principle of data minimization through corresponding pseudonymization.

Cookies may be used for performance and reach measurement, and user profiles may be created. User profiles created may include, for example, the individual pages visited or content viewed on our website, information on the screen size or browser window, and – at least approximately – location. Typically, any user profiles are created solely in pseudonymized form and not used to identify individual users. Individual services from third parties where users are logged in may associate the use of our online offerings with the user account or profile of the respective service.

We specifically use:

Google Marketing Platform: Performance and reach measurement, particularly with Google Analytics; Provider: Google; Google Marketing Platform-specific information: measurement also across different browsers and devices (cross-device tracking) with pseudonymized IP addresses, which are only exceptionally fully transmitted to Google in the USA, Privacy Policy for Google Analytics, "Browser Add-on to Disable Google Analytics".
Google Tag Manager: Integration and management of services from Google and third parties, especially for performance and reach measurement; Provider: Google; Google Tag Manager-specific information: Privacy Policy for Google Tag Manager; further data protection information can be found with the individual integrated and managed services.
16. Video Surveillance
We use video surveillance to prevent crimes, secure evidence in the event of crimes, exercise and assert our own legal claims, defend against third-party legal claims, and exercise our right to our property. If and to the extent the General Data Protection Regulation (GDPR) applies, these constitute overriding legitimate interests under Art. 6(1)(f) GDPR, and for special categories of personal data under Art. 9(2)(f) GDPR.

We store recordings from our video surveillance for as long as they are necessary to secure evidence or for another mentioned purpose.

We may store recordings from our video surveillance and transmit them to competent authorities, such as courts or law enforcement authorities, if the transmission is necessary for a stated purpose, in our other legitimate overriding interest, or based on legal obligations.

17. Final Provisions
We created this privacy policy using the Privacy Policy Generator from Datenschutzpartner. The present privacy policy is an unofficial translation from the original German version.

We may amend or supplement this privacy policy at any time. We will inform you about such amendments and supplements in an appropriate manner, particularly by publishing the current privacy policy on our website.