Privacy Policy
We only process personal data (hereinafter referred to as “data”) to the extent necessary and for the purpose of providing a functional and user-friendly app and website, including its content and the services offered there.
According to Art. 4 (1) of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as “GDPR”), “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
With the following privacy policy, we inform you in particular about the type, scope, purpose, duration, and legal basis of the processing of personal data, insofar as we either alone or jointly with others decide on the purposes and means of processing. In addition, we inform you below about the third-party components we use for optimization purposes and to increase the quality of use, insofar as third parties process data in turn on their own responsibility.
Our privacy policy is structured as follows:
1. Information about us as the controller
2. Rights of users and data subjects
3. Information about data processing
1. Information about us as the controller
The responsible provider of this website in terms of data protection law is:
Hotel Central
Bauorcha 19
CH-7535 Valchava
Val Müstair · Switzerland
+ 41 (0) 81 858 51 61
info@centralvalchava.ch
2. Rights of users and data subjects
With regard to the data processing described in more detail below, users and data subjects have the right
to confirmation as to whether data concerning them is being processed, to information about the data being processed, to further information about data processing, and to copies of the data (see also Art. 15 GDPR);
to have inaccurate or incomplete data corrected or completed (see also Art. 16 GDPR);
to have data concerning them deleted without delay (see also Art. 17 GDPR), or, alternatively, if further processing is necessary in accordance with Art. 17(3) GDPR, to have the processing restricted in accordance with Art. 18 GDPR;
to receive the data concerning them and provided by them and to have this data transmitted to other providers/controllers (see also Art. 20 GDPR);
to lodge a complaint with the supervisory authority if they believe that the data concerning them is being processed by the provider in violation of data protection regulations (see also Art. 77 GDPR) (national data protection commissioner – www.garanteprivacy.it).
Furthermore, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any correction or deletion of data or restriction of processing that takes place on the basis of Articles 16, 17(1) and 18 of the GDPR. However, this obligation does not apply if such notification is impossible or involves disproportionate effort. Notwithstanding this, the user has a right to information about these recipients.
Likewise, pursuant to Art. 21 GDPR, users and data subjects have the right to object to the future processing of data concerning them, provided that the data is processed by the provider in accordance with Art. 6 para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct marketing is permissible.
3. Information on data processing
Your data processed when using our app and website will be deleted or blocked as soon as you delete your user account with us (immediately) or upon withdrawal from the contract (after 180 days, subject to an express request from the user), the purpose of storage no longer applies, there are no legal retention obligations preventing the deletion of the data, and no other information on individual processing procedures is provided below.
Server data
For technical reasons, in particular to ensure a secure and stable app and website, data is transmitted to us or our web space provider by your internet browser. These so-called server log files contain, among other things, the type and version of your Internet browser, the operating system, the website/APP from which you accessed our Internet presence (referrer URL), the website(s) of our app and Internet presence that you visit, the date and time of each access, and the IP address of the internet connection from which our app and website are being used. The servers we use are located in the European Union.
The data collected in this way is stored temporarily, but not together with other data about you.
This storage is based on the legal basis of Art. 6 (1) lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our app and website.
The data will be deleted after seven days at the latest, unless further storage is necessary for evidence purposes. Otherwise, the data will be excluded from deletion in whole or in part until an incident has been finally clarified.
Cookies
a) Session cookies
We use cookies on our website. Cookies are small text files or other storage technologies that are stored on your device by the Internet browser you use. These cookies process certain information about you, such as your browser or location data or your IP address, to an individual extent.
This processing makes our website more user-friendly, effective, and secure, as it enables, for example, the display of our app and website in different languages.
The legal basis for this processing is Art. 6 (1) (b) GDPR, insofar as these cookies process data for the purpose of initiating or executing a contract.
If the processing does not serve the purpose of contract initiation or contract processing, our legitimate interest lies in improving the functionality of our app and website. The legal basis is then Art. 6 (1) lit. f) GDPR.
These session cookies are deleted when you close your internet browser.
b) Third-party cookies
Where applicable, our website also uses cookies from partner companies with whom we collaborate for the purposes of advertising, analysis, or the functionality of our app and website.
For details on this, in particular on the purposes and legal basis for the processing of such third-party cookies, please refer to the following information.
c) Disposal option
You can prevent or restrict the installation of cookies by adjusting your Internet browser settings. You can also delete cookies that have already been stored at any time. However, the steps and measures required for this depend on the specific Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support. However, in the case of so-called Flash cookies, processing cannot be prevented via the browser settings. Instead, you must change the settings of your Flash player. The steps and measures required for this also depend on the specific Flash player you are using. If you have any questions, please use the help function or documentation of your Flash player or contact the manufacturer or user support.
If you prevent or restrict the installation of cookies, however, this may mean that not all functions of our app and website can be used to their full extent.
contract processing
The data you provide to use our services will be processed by us for the purpose of contract execution and is necessary in this respect. Contract conclusion and contract execution are not possible without the provision of your data.
The legal basis for processing is Art. 6 (1) lit. b) GDPR.
We delete the data no later than 180 days after the end of the contractual relationship, but must observe the retention periods under tax and commercial law.
Within the scope of contract processing, we pass on your data to the financial service provider to the extent that this is necessary for payment purposes.
The legal basis for the transfer of data is then Art. 6 (1) lit. b) GDPR.
Profiling
We do not use automated decision-making processes and do not profile our users.
Contact requests / Contact options
If you contact us via the contact form or email, the data you provide will be used to process your request. The provision of this data is necessary for processing and responding to your request—without it, we cannot respond to your request or can only respond to a limited extent.
The legal basis for this processing is Art. 6 (1) lit. b) GDPR.
Your data will be deleted once your request has been answered and there are no legal retention obligations preventing deletion, such as in the case of any subsequent contract processing.
We maintain a company presence on the Facebook platform to promote our products and services and to communicate with interested parties or customers.
We are jointly responsible for this social media platform together with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
Facebook's data protection officer can be contacted via a contact form:
https://www.facebook.com/help/
We have regulated joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, which sets out the mutual obligations, is available at the following link:
https://www.facebook.com/legal/
The legal basis for the resulting processing of personal data, as described below, is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the analysis, communication, sale, and promotion of our products and services.
The legal basis may also be the user's consent to the platform operator in accordance with Art. 6 (1) (a) GDPR. The user may revoke this consent at any time for the future by notifying the platform operator in accordance with Art. 7 (3) GDPR.
When you visit our online presence on the Facebook platform, Facebook Ireland Ltd. as the operator of the platform in the EU processes user data (e.g., personal information, IP address, etc.).
This user data is used for statistical information about the use of our company presence on Facebook. Facebook Ireland Ltd. uses this data for market research and advertising purposes, as well as to create user profiles. Based on these profiles, Facebook Ireland Ltd. can, for example, advertise to users within and outside of Facebook based on their interests. If the user is logged into their Facebook account at the time of access, Facebook Ireland Ltd. can also link the data to the respective user account.
If the user contacts us via Facebook, the personal data entered by the user on this occasion will be used to process the request. The user's data will be deleted by us once the user's request has been answered and there are no legal retention obligations, such as in the case of subsequent contract processing.
Facebook Ireland Ltd. may also set cookies to process the data.
If the user does not agree to this processing, they can prevent the installation of cookies by adjusting their browser settings accordingly. Cookies that have already been stored can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented via the browser settings, but by adjusting the Flash Player settings accordingly. If the user prevents or restricts the installation of cookies, this may mean that not all functions of Facebook can be used to their full extent.
Further information on processing activities, how to prevent them, and how to delete data processed by Facebook can be found in Facebook's data policy:
https://www.facebook.com/privacy
It cannot be ruled out that processing by Facebook Ireland Ltd. may also be carried out via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA.
Facebook Inc. has submitted to the EU-US Privacy Shield and thereby declares its compliance with EU data protection requirements when processing data in the USA.
https://www.privacyshield.gov/
We operate a company presence on the Instagram platform to promote our products and services and to communicate with interested parties or customers.
We are jointly responsible for this social media platform together with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
Instagram's data protection officer can be contacted via a contact form:
https://www.facebook.com/help/
We have regulated joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR. This agreement, which sets out the mutual obligations, is available at the following link:
https://www.facebook.com/legal/
The legal basis for the resulting processing of personal data, as described below, is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the analysis, communication, sale, and promotion of our products and services.
The legal basis may also be the user's consent to the platform operator in accordance with Art. 6 (1) (a) GDPR. The user can revoke their consent at any time for the future by notifying the platform operator in accordance with Art. 7 (3) GDPR.
When visiting our online presence on the Instagram platform, Facebook Ireland Ltd., as the operator of the platform in the EU, processes user data (e.g., personal information, IP address, etc.).
This user data is used to provide statistical information about the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes, as well as to create user profiles. Based on these profiles, Facebook Ireland Ltd. can, for example, advertise to users within and outside of Instagram based on their interests. If the user is logged into their Instagram account at the time of access, Facebook Ireland Ltd. can also link the data to the respective user account.
The legal basis for the resulting processing of personal data, as described below, is Art. 6 (1) (f) of the GDPR. Our legitimate interest lies in the analysis, communication, sale, and promotion of our products and services.
The legal basis may also be the user's consent to the platform operator in accordance with Art. 6 (1) (a) of the GDPR. The user can revoke their consent at any time for the future by informing the platform operator in accordance with Art. 7 (3) GDPR.
When you visit our online presence on the Instagram platform, Facebook Ireland Ltd., as the platform operator in the EU, processes user data (e.g., personal information, IP address, etc.).
This user data is used to provide statistical information about the use of our company's presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes, as well as to create user profiles. Based on these profiles, Facebook Ireland Ltd. can, for example, advertise to users inside and outside of Instagram based on their interests. If the user is logged into their Instagram account at the time of access, Facebook Ireland Ltd. can also link the data to the respective user account.
It cannot be ruled out that data processing by Facebook Ireland Ltd. may also be carried out by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, United States.
Facebook Inc. has joined the EU-US Privacy Shield and therefore declares that it complies with EU data protection regulations when processing data in the United States.
https://www.privacyshield.gov/
Social media links via graphics or text links
We also advertise our presence on the social networks listed below on our website. This is done by means of a linked graphic from the respective network. The use of this linked graphic prevents a connection from being automatically established to the respective social network server when a website with a social media advertisement is accessed in order to display a graphic from the respective network itself. Only by clicking on the corresponding graphic is the user redirected to the service of the respective social network.
After the user is redirected, information about the user is collected by the respective network. It cannot be ruled out that the data collected in this way may be processed in the USA.
This initially includes data such as IP address, date, time, and page visited. If the user is logged into their user account on the respective network during this time, the network operator may be able to assign the information collected about the user's specific visit to the user's personal account. If the user interacts via a “share” button on the respective network, this information may be stored in the user's personal account and published if necessary. If the user wants to prevent the collected information from being directly assigned to their user account, they must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.
The following social networks are integrated into our site via links:
Facebook & Instagram
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, ein Tochterunternehmen der Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.
Privacy Policy: https://www.facebook.com/policy.php
EU-US Privacy Shield certification („EU-US Privacy Shield“) https://www.privacyshield.gov/
Google Analytics
We use Google Analytics on our website. This is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google.”
Through certification under the EU-US Privacy Shield
https://www.privacyshield.gov/
guarantees that the EU's data protection requirements are also complied with when processing data in the USA.
The Google Analytics service is used to analyze the usage behavior of our app and website. The legal basis is Art. 6 (1) lit. f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our app and website.
Usage and user-related information, such as IP address, location, time, or frequency of visits to our app and website, is transmitted to a Google server in the US and stored there. However, we use Google Analytics with the so-called anonymization function. With this function, Google shortens the IP address within the EU or EEA.
The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our app and website and the usage activities there. This data can also be used to provide further services related to the use of our app and website and the use of the internet.
Google states that it does not link your IP address with other data. In addition, Google retains
further information on data protection, including options for preventing data use.
Google also offers
a so-called deactivation add-on along with further information on this. This add-on can be installed with common Internet browsers and offers you further control over the data that Google collects when you visit our app and website. The add-on informs Google Analytics' JavaScript (ga.js) that information about visits to our app and website should not be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analytics services. You can also find out whether and which other web analytics services we use in this privacy policy.
Google Fonts
We use Google Fonts on our website to display external fonts. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google.”
Through certification under the EU-US Privacy Shield
https://www.privacyshield.gov/
Google guarantees that EU data protection regulations are also complied with when processing data in the USA.
In order to enable the display of certain fonts on our website, a connection to the Google server in the USA is established when you visit our app and website.
The legal basis for this is Art. 6 (1) lit. f) GDPR. Our legitimate interest lies in the optimization and economic operation of our app and website.
The connection to Google established when you visit our app and website allows Google to determine from which website your request was sent and to which IP address the font display should be transmitted.
Google offers under
https://adssettings.google.com/
https://policies.google.com/privacy
Further information, in particular on the options for preventing data use.
Google AdWords mit Conversion-Tracking
On our website, we use the advertising component Google AdWords and the so-called conversion tracking. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google.”
Through certification under the EU-US Privacy Shield
https://www.privacyshield.gov/
Google guarantees that EU data protection regulations are also complied with when processing data in the USA.
We use conversion tracking for targeted advertising of our services. The legal basis for this is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our app and website.
If you click on an ad placed by Google, the conversion tracking we use will store a cookie on your device. These so-called conversion cookies expire after 30 days and are not used to identify you personally.
If the cookie is still valid and you visit a specific page of our app and website, both we and Google can evaluate that you have clicked on one of our ads placed on Google and that you have subsequently been redirected to our website.
Google uses the information collected in this way to compile statistics about visits to our app and website. This also provides us with information about the number of users who clicked on our ad(s) and the pages of our app and website that were subsequently accessed. However, neither we nor third parties who also use Google AdWords are able to identify you in this way.
You can also prevent or restrict the installation of cookies by adjusting the settings of your Internet browser. At the same time, you can delete cookies that have already been stored at any time. However, the steps and measures required for this depend on the specific Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support.
Furthermore, Google also offers
http://www.google.com/policies/
http://www.google.de/policies/privacy/
Further information on this topic, particularly on the options for preventing data use.
Your rights to information, correction, blocking, deletion, and objection
You have the right to obtain information about your personal data stored by us at any time. You also have the right to correct, block, or, apart from the prescribed data storage for business transactions, delete your personal data. To do so, please contact our data protection officer as defined in the General Data Protection Regulation. You will find the contact details at the top of this page.
In order for data to be blocked at any time, this data must be stored in a block file for control purposes. You can also request the deletion of the data, provided that there is no legal archiving obligation. If such an obligation exists, we will block your data upon request. As a result, the provision of all or some services may not be guaranteed. A request for blocking, deletion, or objection justifies Prantl IT's withdrawal from the user agreement concluded with you.
You can make changes or revoke your consent by notifying us accordingly with effect for the future.
Changes to our privacy policy
We reserve the right to occasionally amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.
Questions about data protection
If you have any questions about data protection, please send us an email.
