AGB (download)

Rigi Kulm-Hotel AG
Familie Käppeli
CH-6410 Rigi Kulm
Phone +41 41 880 18 88

E-mail address of the provider: hotel@rigikulm.ch

The personal data that this website processes independently or through third parties includes Cookies; usage data.

Full details on each type of personal data processed are provided in the dedicated sections of this privacy policy or selectively through explanatory texts displayed prior to the data collection.
Personal data may be freely provided by the user, or, in case of usage data, collected automatically when using this website.
Unless otherwise specified, the provision of all data requested by this website is mandatory. If the user refuses to provide the data, this may result in this website being unable to provide its services to the user. In cases where this website expressly states that the provision of personal data is voluntary, users may choose not to provide this data without any consequences for the availability or functionality of the service.
Users who are unclear about which personal data is mandatory may contact the provider.
Any use of Cookies - or of other tracking tools - by this website or by the owners of third-party services used by this website serves the purpose of providing the service required by the user, in addition to any other purposes described in the present document and in the Cookie Policy.

Users are responsible for any third-party personal data obtained, published or shared through this website.

Processing methods:

The provider processes the personal data of users in a proper manner and takes appropriate security measures to prevent unauthorized access and unauthorized disclosure, modification or destruction of data.
Data processing is carried out using computers or IT-based systems in accordance with organizational procedures and practices that are specific to the purposes indicated. In addition to the data controller, other parties may operate this website and therefore have access to the data, either internally (personnel management, sales, marketing, legal department, system administrators) or externally (such as providers of technical services, delivery companies, hosting providers, IT companies or communication agencies), appointed by the data controller where necessary. A current list of these parties can be requested from the provider at any time.

Location:

The data is processed at the provider's premises and at all other locations where the parties involved in the data processing are located.

Depending on the location of the users, data transfers may involve the transfer of the user's data to a country other than their own. To find out more about the place of processing of the transferred data, users can consult the section detailing the processing of personal data.

Storage period:

Unless otherwise specified in this document, personal data will be processed and stored for as long as required by the purpose for which it was collected and may be retained for longer periods if necessary to fulfill a legal obligation or based on the user's consent.

Personal data about the user is collected so that the provider can provide the service and also comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of users or third parties), detect malicious or fraudulent activity. In addition, data is collected for the following purposes: Analytics, displaying content from external platforms and tag management.

Users can find more detailed information on these processing purposes and the personal data used for each purpose in the "Detailed information on the processing of personal data" section of this document.

This website uses trackers. Further information can be found in the cookie policy.

Legal bases for processing:

The provider may only process personal data of users if one of the following applies:

Users have given their consent for one or more specific purposes; the data collection is necessary for the performance of a contract with the user and/or for pre-contractual measures arising therefrom; the processing is necessary for compliance with a legal obligation to which the provider is subject; the processing is related to a task carried out in the public interest or in the exercise of official authority vested in the provider; the processing is necessary for the purposes of the legitimate interests pursued by the provider or by a third party.

In any case, the provider will be happy to provide information about the specific legal basis on which the processing is based, in particular whether the provision of personal data is a legal or contractual obligation or a prerequisite for the conclusion of a contract.

Further information on the storage period:

Unless otherwise specified in this document, personal data will be processed and stored for as long as required by the purpose for which it was collected and may be stored for a longer period if necessary due to a legal obligation to be fulfilled or based on the user's consent.

The following therefore applies:

Personal data collected for the purposes of fulfilling a contract concluded between the provider and the user will be stored until this contract has been completely fulfilled. Personal data collected to protect the legitimate interests of the provider will be retained for as long as necessary to fulfill these purposes. Users can obtain more information about the legitimate interests of the owner in the relevant sections of this document or by contacting the owner. In addition, the owner may retain personal data for longer periods of time if the user has consented to such processing, as long as the consent is not withdrawn. Furthermore, the provider may be obliged to store personal data for a longer period of time if this is necessary to fulfill a legal obligation or by order of an authority. After the retention period has expired, personal data will be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be asserted after the retention period has expired.

The rights of users under the General Data Protection Regulation (GDPR):

Users may exercise certain rights in relation to their data processed by the provider. In particular, users have the right to do the following to the extent permitted by law: Withdraw consent at any time. If the user has previously consented to the processing of personal data, they can withdraw their consent at any time.

Object to the processing of their data:

The user has the right to object to the processing of their data if the processing is carried out on a legal basis other than consent.

Obtain information about their data:

The user has the right to know whether the data is being processed by the provider, to receive information about individual aspects of the processing and to receive a copy of the data.

Verification and rectification:

The user has the right to verify the accuracy of their data and to request that it be updated or rectified. Request restriction of the processing of their data. Users have the right to restrict the processing of their data. In this case, the provider will not process the data for any purpose other than storage. Request erasure or other removal of personal data. Users have the right to request the provider to delete their data. Receive their data and have it transferred to another controller. Users have the right to receive their data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transmitted to another controller without hindrance. Lodge a complaint. Users have the right to lodge a complaint with the competent supervisory authority.

Users also have the right to obtain information about the legal basis for the transfer of data abroad or to an international organization governed by public international law or established by two or more countries, such as the UN, and about the security measures taken by the provider to protect their data.

Details on the right to object to processing:

Where personal data is processed in the public interest, in the exercise of an official authority vested in the owner or for the purposes of the legitimate interests pursued by the owner, users may object to such processing by providing a ground of justification relating to their particular situation. Users are informed that they can object to the processing of their personal data for direct marketing purposes at any time free of charge and without giving reasons. If the user objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes. Users can find out whether the provider processes personal data for direct marketing purposes in the relevant sections of this document.

How the rights can be exercised:

Any requests to exercise user rights may be addressed to the owner using the contact details provided in this document. These requests can be made free of charge and will be answered by the owner as soon as possible and within one month at the latest, providing users with the information required by law. Any rectification or erasure of personal data or restriction of processing shall be communicated by the provider to all recipients to whom personal data have been disclosed, if any. Unless this proves impossible or involves a disproportionate effort. The provider shall inform the user of these recipients if the user so requests.

Legal measures:

The user's personal data may be processed by the provider for the purposes of legal enforcement within or in preparation of legal proceedings arising from the improper use of this website or the associated services. The user declares to be aware that the provider may be obliged by the authorities to disclose personal data.

Further information about the user's personal data:

In addition to the information contained in this privacy policy, this website may provide the user with additional contextual information concerning particular services or the collection and processing of personal data upon request.

System logs and maintenance:

For operation and maintenance purposes, this website and any third-party services may collect files that record interaction with this website (system logs) or use other personal data (such as the IP Address) for this purpose.

Information not included in this Privacy Policy:

Further information about the collection or processing of personal data can be requested from the provider at any time using the contact details listed.

Changes to this privacy policy:

The owner reserves the right to make changes to this privacy policy at any time by giving notice to its users on this page and possibly within this website and/or - as far as technically and legally feasible - sending a notice to users via any contact information available to the owner. Users are therefore advised to visit this page regularly and in particular to check the date of the last change indicated at the bottom of the page. If changes affect the use of data based on the user's consent, the provider will - if necessary - obtain new consent.