Privacy Policy

With this privacy policy, we inform you about the personal data we process in connection with our activities and operations, including our website (https://www.inlain.ch). We specifically inform you about the purposes, methods, and locations where we process personal data. We also inform you about the rights of individuals whose data we process.

Additional privacy policies and other legal documents, such as general terms and conditions (GTC), terms of use, or terms of participation, may apply to specific or additional activities and operations.

We are subject to Swiss data protection law, as well as any applicable foreign data protection laws, particularly the European Union's (EU) General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures an adequate level of protection.

1. Contact Addresses

Responsibility for the processing of personal data:

Dario Cadonau
IN LAIN Hotel Cadonau
Crusch Plantaun 217
7527 Brail
Switzerland

hotel@inlain.ch

We will indicate if, in specific cases, other parties are responsible for processing personal data.

2. Terms and Legal Foundations

2.1 Terms

Personal data refers to all information related to an identified or identifiable natural person. A data subject is an individual whose personal data we process.

Processing includes any operation involving personal data, regardless of the tools and methods used. This includes, for example, querying, comparing, adjusting, archiving, storing, retrieving, disclosing, obtaining, capturing, collecting, deleting, revealing, organizing, storing, modifying, disseminating, linking, destroying, and using personal data.

The European Economic Area (EEA) consists of the member states of the European Union (EU), as well as Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.

2.2 Legal Foundations

We process personal data in accordance with Swiss data protection law, particularly the Federal Data Protection Act (Data Protection Act, DPA) and the Data Protection Ordinance (DPO).

To the extent that the GDPR is applicable, we process personal data based on at least one of the following legal grounds:

• Art. 6 (1) (b) GDPR for necessary processing of personal data to fulfill a contract with the data subject, including for pre-contractual measures.

• Art. 6 (1) (f) GDPR for necessary processing of personal data to protect our or a third party's legitimate interests, unless the data subject's fundamental rights and freedoms outweigh such interests. Legitimate interests include our interest in conducting our activities and operations in a permanent, user-friendly, secure, and reliable manner, ensuring information security, protecting against abuse, enforcing our legal claims, and complying with Swiss law.

• Art. 6 (1) (c) GDPR for necessary processing of personal data to fulfill a legal obligation to which we are subject, in accordance with any applicable law of member states within the EEA.

• Art. 6 (1) (e) GDPR for necessary processing of personal data to perform a task carried out in the public interest.

• Art. 6 (1) (a) GDPR for processing personal data with the consent of the data subject.

• Art. 6 (1) (d) GDPR for necessary processing of personal data to protect the vital interests of the data subject or another individual.

3. Nature, Scope, and Purpose

We process personal data that is necessary to ensure the continuous, user-friendly, secure, and reliable performance of our activities and operations. Such personal data can include categories such as contact data, browser and device data, content data, metadata, usage data, location data, sales data, as well as contract and payment data.

We process personal data for as long as necessary for the respective purpose or as required by law. Personal data that is no longer required for processing will be anonymized or deleted.

We may process personal data through third parties. We may process personal data jointly with third parties or transmit it to third parties. These third parties are primarily specialized service providers whose services we use. We ensure that privacy is maintained with such third parties.

We primarily process personal data with the consent of the data subjects. However, if processing is lawful for other reasons, we may refrain from obtaining consent. For example, we can process personal data without consent in order to fulfill a contract, meet legal obligations, or protect legitimate interests.

We process personal data provided voluntarily by a data subject during communication (e.g., by postal mail, email, instant messaging, contact forms, social media, or telephone) or when registering for a user account. We may store such data in an address book, a Customer Relationship Management (CRM) system, or similar tools. If we receive data about other individuals, the transmitting individuals are responsible for ensuring the privacy of these individuals and ensuring the accuracy of their personal data.

We also process personal data obtained from third parties, collected from publicly available sources, or gathered during the exercise of our activities and operations, provided that such processing is legally permissible.

4. Applications

We process personal data about applicants as far as necessary to assess their suitability for an employment relationship or for the subsequent conclusion of an employment contract. Required personal data primarily results from the requested information, such as in the context of a job advertisement. We also process personal data that applicants voluntarily provide or publish, such as in cover letters, resumes, and other application documents, as well as online profiles.

To the extent the GDPR is applicable, we process personal data about applicants particularly under Art. 9 (2) (b) GDPR.

5. Personal Data Abroad

We generally process personal data in Switzerland and within the European Economic Area (EEA). However, we may also export or transmit personal data to other countries, particularly for processing or having it processed there.

We may export personal data to any country or territory on Earth or elsewhere in the universe, provided that the applicable law ensures an adequate level of data protection, according to a decision by the Swiss Federal Council or, where applicable, a decision by the European Commission.

We may transmit personal data to countries with inadequate data protection, provided that data protection is ensured through other means, such as standard data protection clauses or other appropriate safeguards. In exceptional cases, we may export personal data to countries without adequate or suitable data protection if specific data protection requirements are met, such as the explicit consent of the data subjects or if directly related to the conclusion or execution of a contract. We are happy to provide data subjects with information about any safeguards upon request.

6. Rights of Data Subjects

6.1 Data Protection Rights

We provide data subjects with all claims under applicable data protection law. Data subjects have the following rights:

• Access: Data subjects may request to know whether we process personal data about them and, if so, which personal data. They will also receive information necessary to assert their data protection rights and ensure transparency. This includes processed personal data, the purpose of processing, retention periods, any data transfers to other countries, and the source of the data.

• Rectification and Restriction: Data subjects may correct inaccurate personal data, complete incomplete data, or request the restriction of processing.

• Erasure and Objection: Data subjects may request the deletion of personal data ("right to be forgotten") and object to the processing of their data for future use.

• Data Portability and Transfer: Data subjects may request the transfer of their personal data to another controller.

We may delay, restrict, or refuse the exercise of data subjects' rights within the legally permissible framework. For example, we may deny access based on business secrets or the protection of other individuals. We may also refuse the deletion of personal data based on statutory retention obligations.

In exceptional cases, we may charge a fee for the exercise of these rights. We will inform data subjects in advance of any potential costs.

We are required to identify data subjects requesting access or asserting other rights through appropriate measures.

6.2 Right to Lodge a Complaint

Data subjects have the right to enforce their data protection claims in court or file a complaint with a relevant data protection authority.

The data protection authority for private controllers and federal authorities in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Data subjects have, if applicable, the right to file a complaint with a relevant European data protection authority.

7. Data Security

We take appropriate technical and organizational measures to ensure data security that is proportional to the respective risk. However, we cannot guarantee absolute data security.

Access to our website is encrypted using Transport Layer Security (SSL / TLS), particularly with the secure Hypertext Transfer Protocol (HTTPS). Most browsers indicate encryption with a padlock symbol in the address bar.

Our digital communications are subject to mass surveillance without cause and other monitoring by security authorities in Switzerland, Europe, the United States (USA), and other countries. We cannot directly influence the processing of personal data by intelligence agencies, police, or other security authorities.

8. Use of the Website

8.1 Cookies

We may use cookies. Cookies, including both first-party and third-party cookies, are data stored in the browser. These stored data may not be limited to traditional text-based cookies.

Cookies may be stored temporarily as "session cookies" or for a specified period as "persistent cookies." Session cookies are automatically deleted when the browser is closed. Persistent cookies have a set retention period. Cookies allow us to recognize a browser during subsequent visits to our website and measure website reach. Persistent cookies may also be used for online marketing.

Cookies can be disabled or deleted in the browser settings. Without cookies, our website may not be fully functional. We actively seek explicit consent for cookie use when necessary.

For cookies used for reach and success measurement or advertising, a general opt-out is possible via AdChoices, the Network Advertising Initiative (NAI), YourAdChoices, or Your Online Choices.

8.2 Server Log Files

We may collect the following information for each access to our website, as transmitted by your browser to our server infrastructure or as determined by our web server: Date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, the individual sub-page of our website accessed, and the amount of data transmitted, along with the referring website.

We store such data, which may constitute personal data, in server log files. These are necessary to provide our website permanently, user-friendly, and securely, ensuring data security, including protection against unauthorized access by third parties.

8.3 Counting Pixels

We may use counting pixels (web beacons) on our website. These are small, typically invisible images automatically retrieved when visiting our website. They enable us to collect the same data as in server log files.

9. Notifications and Communications

We send notifications and communications via email and other communication channels such as instant messaging or SMS.

9.1 Success and Reach Measurement

Notifications and communications may contain web links or counting pixels that track whether a particular message was opened and which web links were clicked. These links and counting pixels may capture personal data. We use this statistical data for success and reach measurement to send effective and user-friendly communications based on recipient preferences.

9.2 Consent and Objection

You must explicitly consent to the use of your email address and other contact addresses unless the use is legally permissible for other reasons. We use a "double opt-in" procedure whenever possible, which means you receive an email with a link to confirm your subscription.

You can generally object to receiving notifications and communications, such as newsletters, at any time. This also includes objecting to the statistical measurement of usage for success and reach measurement.

9.3 Service Providers for Notifications and Communications

We send notifications and communications with the help of specialized service providers.

10. Social Media

We are present on social media platforms and other online platforms to communicate with interested individuals and inform them about our activities and operations. In connection with such platforms, personal data may be processed outside Switzerland and the EEA.

The general terms and conditions, terms of use, privacy policies, and other provisions of the respective platform operators apply. These provisions inform data subjects about their rights directly with the platform.

For our social media presence on Facebook and Instagram, including Facebook page insights, we are – to the extent the GDPR is applicable – jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta companies (including in the USA). Page insights provide information about how visitors interact with our Facebook presence. We use page insights to ensure effective and user-friendly operation of our social media presence on Facebook.

Further details on the nature, scope, and purpose of data processing, the rights of data subjects, and contact details for Facebook and its data protection officer can be found in Facebook's privacy policy. We have entered into the "Controller Addendum" with Facebook, which defines responsibilities regarding the rights of data subjects.

11. Third-Party Services

We use services from specialized third parties to ensure the smooth operation of our activities and operations. These services may involve embedding functions and content into our website. Such services may temporarily collect the IP addresses of users for technical reasons.

For security, statistical, and technical purposes, third parties whose services we use may process aggregated, anonymized, or pseudonymized data in connection with our activities.

• Microsoft services: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom, and Switzerland; General information on data protection: “Data protection at Microsoft,” “Data protection and privacy (Trust Center),” privacy statement, data protection dashboard (data and privacy settings).

11.1 Digital infrastructure

We use the services of specialized third parties in order to be able to utilize the digital infrastructure required in connection with our activities and operations. These include, for example, hosting and storage services from selected providers.

In particular, we use:

• Cyon: Hosting; Provider: cyon GmbH (Switzerland); Information on data protection: “Data protection,” privacy policy.

11.2 Contact Options

We use services from selected providers to communicate better with third parties, such as potential and existing customers.

11.3 Scheduling Appointments

We use services from specialized third parties to schedule appointments online, for example, for meetings. In addition to this privacy policy, the terms of use or privacy policies of the respective services used may apply.

11.4 Audio and Video Conferences

We use specialized services for audio and video conferences to communicate online. This allows us to hold virtual meetings or conduct online classes and webinars. The terms and conditions of the individual services, including privacy policies and terms of use, also apply when participating in audio and video conferences.

We recommend that, depending on your situation, you mute your microphone by default and blur your background or use a virtual background when participating in audio or video conferences.

We particularly use:

• Microsoft Teams: Platform for audio and video conferences; Provider: Microsoft; Teams-specific information: Privacy and Microsoft Teams.

• Skype: Audio and video conferences; Skype-specific providers: Skype Communications SARL (Luxembourg) / Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), the United Kingdom, and Switzerland; Privacy details: Legal information about Skype, Privacy and security.

• Zoom: Video conferences; Provider: Zoom Video Communications Inc. (USA); Privacy information: Privacy Policy, Privacy at Zoom, Compliance Center.

11.5 Online Collaboration

We use third-party services to enable online collaboration. In addition to this privacy policy, the terms of use or privacy policies of the respective services used may apply.

11.6 Social Media Functions and Social Media Content

We use services and plugins from third parties to embed features and content from social media platforms and to enable content sharing on social media platforms and other channels.

We particularly use:

• Instagram platform: Embedding Instagram content; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Privacy information: Privacy Policy (Instagram), Privacy Policy (Facebook).

11.7 Fonts

We use third-party services to embed selected fonts, icons, logos, and symbols on our website.

We particularly use:

• Font Awesome: Icons and logos; Provider: Fonticons Inc. (USA); Privacy information: Privacy Policy.

11.8 Payments

We use specialized service providers to securely and reliably process payments from our customers. The terms and conditions or privacy policies of the respective payment providers also apply to payment processing.

We particularly use:

• Worldline (formerly SIX Payment Services): Processing of mobile and online payments; Providers: Worldline Schweiz AG (Switzerland) / Worldline Financial Services (Europe) S.A. (Luxembourg) / Worldline Payment Services (Germany) GmbH (Germany) / Worldline Financial Services (Europe) S.A., Branch Office Austria; Privacy information: Privacy Policy, Customer Information on Data Protection.

11.9 Advertising

We use the opportunity to target advertisements for our activities and services on third-party platforms such as social media platforms and search engines.

We aim to reach people who are already interested in our activities or might be interested (remarketing and targeting). For this, we may share corresponding personal or non-personal data with third parties who facilitate such advertising. Additionally, we can determine whether our advertising is successful, meaning whether it leads to visits to our website (conversion tracking).

Third parties, where we advertise and where you are logged in, may associate your use of our online offerings with your profile there.

12. Success and Reach Measurement

We try to determine how our online offerings are used. In this context, we can, for example, measure the success and reach of our activities and services, as well as the impact of third-party links to our website. We can also experiment and compare how different parts or versions of our online offerings are used ("A/B testing" method). Based on the results of the success and reach measurement, we can, in particular, fix errors, strengthen popular content, or make improvements to our online offerings.

For success and reach measurement, Internet Protocol (IP) addresses of individual users are stored in most cases. IP addresses are generally anonymized ("IP masking") to comply with the principle of data minimization through pseudonymization.

Cookies may be used for success and reach measurement, and user profiles may be created. The user profiles that may be created typically include details like visited pages or viewed content on our website, screen or browser window size, and the (at least approximate) location. In principle, any user profiles are created pseudonymously and are not used to identify individual users. Some third-party services where users are logged in may associate the use of our online offerings with the user account or profile on the respective service.

We particularly use:

• AWStats: Success and reach measurement; Developer: AWStats (open-source software); Privacy details: Analysis of server log files on our own server infrastructure, What is AWStats / Features Overview.

13. Video Surveillance

We use video surveillance to prevent crimes, ensure evidence in case of crimes, and to exercise our house rights. This constitutes, to the extent the General Data Protection Regulation (GDPR) is applicable, a legitimate interest under Article 6(1)(f) of the GDPR.

We store recordings from our video surveillance for as long as they are necessary for securing evidence.

We may retain recordings due to legal obligations, to enforce our own legal claims, or in case of suspicion of criminal offenses. Additionally, we may transmit them to the relevant authorities, such as courts or law enforcement agencies.

14. Final Provisions

This privacy policy has been created with the help of the Privacy Policy Generator from Datenschutzpartner.

We may amend and supplement this privacy policy at any time. We will inform you of such changes by publishing the updated privacy policy on our website.