Privacy Policy

With this privacy policy, we inform you about the processing of personal data in connection with our activities and operations, including our website under the domain name engadin-riverranch.ch. In particular, we explain why, how, and where we process which personal data. We also inform you about the rights of individuals whose data we process.

For certain or additional activities and operations, we may publish further privacy policies or other privacy-related information.

1. Contact Addresses

The party responsible under data protection law is:

Menduri Willy
Engadin Riverranch
Via Suot 14

info@engadin-riverranch.ch

In individual cases, third parties may be responsible for processing personal data, or we may share responsibility with third parties. Upon request, we are happy to provide information about the respective responsibility.

2. Terms and Legal Bases

2.1 Terms

Data Subject: A natural person whose personal data we process.

Personal Data: All information relating to an identified or identifiable natural person.

Particularly Sensitive Personal Data: Data concerning union membership, political, religious, or ideological views or activities, health data, intimate life, or racial or ethnic origin; genetic or biometric data identifying a natural person; data relating to administrative or criminal sanctions or prosecutions; and data concerning social assistance measures.

Processing: Any handling of personal data, regardless of the means and procedures used, such as querying, comparing, modifying, archiving, storing, retrieving, disclosing, acquiring, collecting, recording, deleting, revealing, arranging, organizing, storing, altering, distributing, linking, destroying, and using personal data.

2.2 Legal Bases

We process personal data in accordance with Swiss law, particularly the Federal Act on Data Protection (Data Protection Act, FADP) and the Data Protection Ordinance (DPO).

3. Nature, Scope, and Purpose of Data Processing

We process the personal data that is necessary to be able to carry out our activities and operations on a permanent, user-friendly, secure, and reliable basis. The processed personal data may fall into categories such as browser and device data, content data, communication data, metadata, usage data, master data including inventory and contact data, location data, transaction data, contract data, and payment data. The data may also include particularly sensitive personal data.

We also process personal data that we receive from third parties, obtain from public sources, or collect during our activities and operations, as long as such processing is lawful.

We process personal data where necessary with the consent of the data subject. In many cases, however, we may process personal data without consent—for example, to fulfill legal obligations or to safeguard overriding interests. We may also request consent even if it is not legally required.

We process personal data for the duration necessary for the respective purpose. We anonymize or delete the data in accordance with legal retention and limitation periods.

4. Automation and Artificial Intelligence (AI)

We may process personal data automatically or use artificial intelligence (AI) for the processing of personal data.

We may use profiling to automatically evaluate certain personal aspects relating to data subjects. Profiling may be used, for example, to analyze or predict interests, behaviors, or personal preferences.

We provide information on a case-by-case basis regarding decisions based solely on automated processing of personal data that result in legal consequences or significantly affect data subjects (automated individual decisions).

5. Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties may include specialized service providers whose services we use.

In the course of our activities and operations, we may disclose personal data in particular to banks and other financial institutions, authorities, educational and research institutions, consultants and lawyers, interest groups, IT service providers, cooperation partners, credit and financial information agencies, logistics and shipping companies, marketing and advertising agencies, media companies, parent and affiliated companies, organizations and associations, social institutions, telecommunications companies, insurers, and payment service providers.

6. Communication

We process personal data to communicate with individuals as well as with authorities, organizations, and companies. We primarily process data that a data subject provides to us when contacting us—for example, by postal mail or email. Such data may be stored in an address book or with similar tools.

Third parties who transmit data about other individuals to us are obliged to ensure data protection for those individuals independently. In particular, they must ensure that such data is accurate and that its transmission is lawful.

We use selected services from suitable providers to facilitate and improve communication with individuals and other communication partners. With such services, we may also manage and process data beyond direct communication.

7. Applications

We process personal data of applicants as far as it is necessary to assess their suitability for employment or for the subsequent execution of an employment contract. The required personal data is usually specified in the job posting. We may publish job advertisements with the help of appropriate third parties, such as on electronic or print media, job portals, and recruitment platforms.

We also process any personal data that applicants voluntarily provide or make publicly available, especially as part of cover letters, resumes, other application documents, or online profiles.

8. Data Security

We implement appropriate technical and organizational measures to ensure data security that is appropriate to the respective risk. Our measures particularly ensure the confidentiality, availability, traceability, and integrity of the processed personal data—but we cannot guarantee absolute data security.

Access to our website and other digital presence is encrypted using transport encryption (SSL / TLS, especially HTTPS). Most browsers warn against visiting websites without transport encryption.

Our digital communication—like all digital communication—is subject to mass surveillance without cause or suspicion by security authorities in Switzerland, other parts of Europe, the United States (USA), and other countries. We have no direct influence over how personal data is processed by intelligence services, police authorities, and other security agencies. We also cannot rule out the possibility of targeted surveillance of individuals.

9. Personal Data Abroad

We generally process personal data in Switzerland. However, we may also disclose or export personal data to other countries, in particular to have it processed there or by third parties.

We may disclose personal data to any country in the world and even beyond, as long as the law there ensures adequate data protection according to the decision of the Swiss Federal Council.

We may also disclose personal data to countries whose laws do not ensure adequate data protection if appropriate safeguards are in place—such as standard contractual clauses or other appropriate guarantees. In exceptional cases, we may export personal data without adequate or suitable protection, for example, with the explicit consent of the data subjects or when directly related to the conclusion or performance of a contract. Upon request, we provide information about such safeguards or copies of them.

10. Rights of Data Subjects

10.1 Data Protection Rights

We grant all data subjects the rights they are entitled to under applicable law. These rights include in particular:

  • Access: Data subjects may request confirmation as to whether we process their personal data and, if so, which data. They also receive the necessary information to assert their rights and ensure transparency—such as processing purposes, retention periods, data transfers to other countries, and the source of the data.
  • Rectification and restriction: Data subjects can correct inaccurate personal data, complete incomplete data, and request restriction of processing.
  • Right to be heard and human review: In cases of automated individual decisions, data subjects may present their point of view and request human intervention.
  • Erasure and objection: Data subjects can request the deletion of their data (“right to be forgotten”) and object to future processing.
  • Data portability: Data subjects may request the release of their personal data or its transfer to another controller.

We may delay, restrict, or deny the exercise of data subject rights within the limits of the law. We may refer to requirements for exercising rights—such as confidentiality obligations, overriding interests, or the protection of others.

We may charge a fee for exercising rights in exceptional cases. We will inform data subjects in advance of any costs.

We are required to verify the identity of any person exercising data protection rights. Data subjects are obliged to cooperate.

10.2 Legal Remedies

Data subjects have the right to assert their data protection rights in court or to file a complaint with a data protection supervisory authority.

In Switzerland, the relevant supervisory authority for private data controllers and federal agencies is the Federal Data Protection and Information Commissioner (FDPIC).

11. Use of the Website

11.1 Cookies

We may use cookies. Cookies—our own (first-party cookies) or third-party cookies from services we use—are data stored in the browser. Such stored data is not limited to traditional text-based cookies.

Cookies can be stored in the browser temporarily as “session cookies” or for a defined period as “persistent cookies.” Session cookies are automatically deleted when the browser is closed. Persistent cookies have a set storage duration. Cookies can enable a browser to be recognized on a future visit to our website and can be used, for example, to measure reach. Persistent cookies may also be used for online marketing.

Cookies can be deactivated, restricted, or deleted at any time via browser settings. Many browsers also offer automated management of cookies. If cookies are disabled, some parts of our website may no longer be fully available. We request explicit consent for the use of cookies where required by applicable law.

For cookies used in success and reach measurement or advertising, you can often opt out via:
AdChoices (Canada)
Network Advertising Initiative (NAI)
YourAdChoices (USA)
Your Online Choices (EU)

11.2 Logging

For each access to our website and other digital presence, we may log the following information (if transmitted): date and time including time zone, IP address, HTTP status code, operating system (including UI and version), browser (including language and version), individual subpages visited, transferred data volume, and the referring URL (previously visited page).

We store this data in log files, which may contain personal data. This is necessary to provide a user-friendly and reliable digital experience and to ensure data security—even by or with third parties.

11.3 Tracking Pixels

We may use tracking pixels (also called web beacons). These may include invisible images or JavaScript scripts from us or third parties. They are automatically loaded when accessing our digital presence and can capture data similar to log files.

12. Social Media

We maintain profiles on social media and other online platforms to communicate and inform about our activities. Personal data may be processed outside of Switzerland.

Each platform’s own terms of use, privacy policies, and legal provisions also apply. These documents explain user rights, such as the right to access information.

13. Third-Party Services

We use services from specialized third parties to make our operations sustainable, secure, and user-friendly. These services may embed content and features on our site and temporarily capture users’ IP addresses for technical reasons.

Third parties may process data anonymously, pseudonymously, or in aggregate form for statistical, technical, or security purposes.

We use in particular:

13.1 Digital Infrastructure

13.2 Appointment Scheduling

13.3 Map Integration

13.4 Digital Media

13.5 Documents

13.6 Fonts

13.7 Advertising

We use advertising on third-party platforms (e.g., social media, search engines) to reach people interested in our activities. We may share relevant data with third parties to enable this (e.g., for remarketing and targeting) and to measure campaign success (conversion tracking).

14. Website Extensions

We use extensions to enable additional website features. These may be hosted on our own infrastructure or by third parties.

15. Analytics and Reach Measurement

We measure the success and reach of our activities. This includes A/B testing, evaluation of referrals, and performance tracking. The data collected may include IP addresses, which are generally pseudonymized (“IP masking”).

Cookies and user profiles may be used, including information on visited pages, content viewed, screen size, and approximate location. Profiles are typically pseudonymized.

16. Video Surveillance

We use video surveillance to prevent crimes, preserve evidence, and enforce our house rules.

Recordings are stored as long as needed for evidence or other stated purposes and may be shared with authorities if justified by legal obligations or overriding interests.

17. Final Notes

This privacy policy was created using the Privacy Policy Generator from Datenschutzpartner.

We may update this policy at any time. We will inform users of changes through appropriate channels, particularly by publishing the current privacy policy on our website.