This privacy policy applies to Weisse Arena AG (hereinafter "WAG") and its companies (hereinafter together with WAG "GROUP" or "we"). WAG currently holds shares in the following companies based in Laax or Flims, Switzerland, with others to follow:
WAG operates directly or indirectly via its companies or contractors various websites and the interactive app "Inside Laax" (hereinafter "LAAX App") and collects, processes and uses your personal data. The protection of your personal data is very important to us. Therefore, it is important to us that you know what personal data we collect from you, how this is done, how this data is processed and for what purposes. By accepting our privacy policy and using our websites, LAAX App and other services, you declare your consent to all such data processing (incl. data transfer). We therefore ask you to read the following information carefully.
We process your personal data, inter alia, to answer your inquiries, to perform the contract concluded with you (performance of a contract), to offer you products and services tailored to your needs and advertising, to protect legitimate interests (legitimate interest) and to comply with legal obligations (legal obligation). For this purpose we collect and process personal data, inter alia, in order to:
The use of the website http://weissearena.com as well as the individual websites of the companies mentioned in paragraph 1 is generally possible without providing personal data. In order to optimize our advertising and the entire online offer, anonymized data are collected due to our legitimate interest in order to evaluate the use of the websites.
When you visit our websites, we process the following data:
The collection and processing of data is carried out to enable the use of the websites (connection establishment), to ensure system security and stability, for the optimization of our internet offer as well as for internal statistical purposes. The IP address is used in particular to record your country of residence and to make appropriate settings (e.g. language). The IP address is also stored in order to be able to react appropriately to attacks on our network infrastructure. In all these purposes lies our legitimate interest in this data collection and data processing.
LAAX App is your mobile, personalized companion for a perfect experience in our destination. You decide whether to create a profile with your personal data.
When using LAAX App, the following data is processed:
If you want to avoid the transfer of location data, you can negate this during the first installation of LAAX App or adjust it in your device and app settings later. The same applies to notification via push functions. In order to provide you with the best possible service, we process your data within the GROUP and in cooperation with or through our contractors (such as inside labs AG) and contractual partners. Your data is linked to your profile. They are stored in the app database and will be erased when your profile is erased, which you can request from us at any time.
With the use of LAAX App, information is collected with every new opening. This information serves to make our offer more user-friendly, effective and secure.
When using our contact form, we process the following data:
We use this data to answer your contact request in the best possible and personalized way. Therein also lies our legitimate interest.
When using our guest profile, we process the following data:
We use this data to process your request in the best possible and personalized way and to design your stay with us according to your needs. Therein lies also our legitimate interest.
When subscribing to our newsletter, we process the following data:
We process this data in order to personalize the information and offers sent to you and to better align them with your interests. By registering, you give us your consent to process the data provided for the regular dispatch of the newsletter to the address you have provided and for the statistical evaluation of user behavior to optimize the newsletter. This consent constitutes our legal basis for the processing of the aforementioned data. In the evaluation purposes mentioned above, lies our legitimate interest as well.
When applying online for one of our advertised positions, we process the following data:
This data is collected and processed for the purpose of filling positions within the GROUP. The data is only forwarded to the internal departments of the GROUP responsible for the specific application procedure.
When booking through one of our websites, we process the following data:
We process data that is necessary to provide the booking services. We would like to point out that the data entered by you is usually also collected directly and stored by the provider of a booking service and/or forwarded by us to the provider. If the provider of a booking service then processes the collected data independently, the data protection regulations of the respective provider apply, and we ask you to consult the provider as well. The legal basis for this data processing is the performance of a contract.
When using our Flims Laax Falera WLAN, we process the following data:
We process this data in particular to fulfill legal obligations and to provide services tailored to you.
We will only pass on your personal data if you have given your express consent, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the relationship between you and WAG and its companies. In addition, we will pass on your data to third parties as far as this is necessary within the framework of the use of the websites and LAAX App for the provision of the products or services requested by you and for the analysis of your user behavior. To the extent necessary, the transfer may also take place abroad. In compliance with legal requirements, we may make your data available or pass on to recipients, such as contractors within and outside the GROUP and other third parties, such as business partners and service providers or authorities.
We may also transfer your personal data to third parties (i.e. commissioned service providers) abroad if this is necessary for data processing. These third parties are obligated to the same extent as we are ourselves to protect your personal data. If the level of data protection in a country does not correspond to that in Switzerland resp. the European Union, we will contractually ensure that the third party ensures that the protection of your personal data corresponds to that in Switzerland or the EU.
For the sake of completeness, we would like to point out that there are surveillance measures in place in the USA by US authorities which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without differentiation, restriction or exception based on the objective pursued and without any objective criterion that would make it possible to limit the access to and subsequent use of the data by the US authorities to very specific, strictly limited purposes that could justify the interference associated with both access to and use of the data. Furthermore, we would like to point out that there are no legal remedies in the USA that would allow them to access, correct or erase data concerning them, or that there is no effective judicial protection against general access rights of US authorities.
It is our concern to draw your attention to this legal and factual situation so that you can make an appropriately informed decision to consent to the use of your data.
If you are a resident of an EU member state, we would also like to point out that, from the perspective of the EU, the USA does not provide an adequate level of data protection, partly due to the issues mentioned in this section.
In exceptional cases, the transfer to countries without adequate protection is permitted, e.g. based on express consent, for the performance of a contract with the data subject or for processing your contract application, for the conclusion or performance of a contract with someone else in your interest or for the assertion, exercise or defence of legal claims.
You have the following rights in relation to your personal data:
You have the right to obtain confirmation from us as to whether we are processing personal data about you and, if so, to request information on the processing of your personal data.
You have the right to correct and/or complete your personal data processed by us.
You have the right to block your personal data processed by us.
You have the right to have your personal data erased, unless we are required by applicable laws and regulations to retain your personal data if
You can demand that we restrict the processing of your personal data in the following cases:
You have the right, under certain conditions, to receive the personal data you provide in a structured, commonly used and machine-readable format. You are entitled to have this personal data transferred to another company without hindrance, as far as this is technically possible.
You have the right to object to the processing of your personal data by us at any time for reasons relating to your particular situation and we may be asked to stop processing your personal data. If you have the right to object and exercise this right, your personal data will no longer be processed by us for such purposes.
In particular, there is no right of objection if we have compelling reasons for processing which are worthy of protection and which override your interests and rights, or if the processing serves to establish, exercise or defend legal claims or is necessary for the conclusion and execution of a contract.
If we process your personal data for the purpose of direct marketing, you have the right to object to this processing at any time. After your objection, your personal data will no longer be processed for direct marketing purposes.
You have the right to withdraw your consent to the processing of your personal data for one or more specific purposes. The withdrawal of your consent does not affect the lawfulness of the processing based on consent before its withdrawal.
You can assert your rights in connection with the processing of your personal data at the contact point according to paragraph 12.
You also have the right to lodge a complaint with the competent supervisory authority if you believe that the processing of your personal data is in breach of applicable law.
We store and process your personal data for as long as this is necessary to achieve the purpose for which it was collected or as required or permitted by law or in accordance with your consent. For example, we have a legitimate interest in storing your personal data for as long as they are subject to a retention obligation or storage is necessary for evidence or security reasons. Thereafter, your personal data will be erased from our systems or anonymized so that you can no longer be identified. A longer storage period is required, for example, if we detect attacks on our websites and have to take appropriate measures. If you register, for example, on the websites of one of the companies of the GROUP or on LAAX App, we store your data inter alia in accordance with our legal obligations.
Data from video surveillance is not stored permanently. This data is used solely for monitoring the operation.
We would like to point out that data transmission over the internet (e.g. communication by e- mail) can have security gaps. A complete protection of data against access by third parties is not possible.
Our websites and those of our partner companies sometimes use so-called cookies. These serve to make our offer more user-friendly, effective and secure.
Cookies are small text files that are stored on your device. Most cookies are so-called "session cookies". They are automatically erased after your visit on the website. Other cookies, so-called "persistent cookies", remain on your device and enable us to recognize your browser on your next visit. You determine the duration of the storage of such cookies.
Accepting cookies is not a prerequisite for visiting the website. If you do not wish to receive cookies, you can set your browser to inform you when cookies are set or to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic erasure of cookies when closing the browser. If you disable cookies, the functionality of this website may be limited.
In our legitimate interest, we use the following tools on the website http://weissearena.com and on the individual pages of the companies mentioned in paragraph 1 and on LAAX App:
InnoCraft Ltd.
150 Willis St
6011 Wellington New Zealand
On our websites, we use the software "Matomo" (www.matomo.org), a service of the provider InnoCraft Ltd.. The software sets a cookie (a text file) on your computer, with which your browser can be recognized.
We use the data to analyze the surfing behavior of users and to obtain information about the use of the individual components of our websites. This enables us to constantly optimize our websites and their user-friendliness.
https://matomo.org/privacy-policy/
Monotype Imaging Holdings Inc. 600 Unicorn Park Drive Woburn, Massachusetts 01801 USA
Our websites integrate fonts from the provider Monotype Imaging Holdings Inc. under the brand name fonts.com. When you visit our websites, a connection is established with servers of Monotype Imaging Holdings Inc. for licensing and billing reasons, and your IP address is transmitted.
https://www.monotype.com/legal/privacy-policy
Google Ireland Limited
Google Building Gordon House Barrow St
Dublin 4 Ireland
Our websites use so-called web fonts provided by Google for the uniform display of fonts. When you call up a website, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to Google's servers. This enables Google to know that our websites have been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest.
https://policies.google.com/privacy?hl=en
Outdooractive GmbH & Co KG HRA 8939
Missener Strasse 18
87509 Immenstadt Germany
We use the services of Outdooractive on our websites. Outdooractive provides electronic databases that you as our users can use in the form of an electronic information portal in the digital tourism sector. This includes, for example, map and route planning.
https://www.outdooractive.com/en/privacy.html
Facebook Ireland Ltd. 4 Grand Canal Square Grand Canal Harbour Dublin 2
Ireland
Our websites use the so-called "Facebook Pixel" of the social network Facebook for the following purposes:
We use the Facebook Pixel for remarketing purposes in order to be able to address you again within 180 days. This allows interest-based advertisements ("Facebook Ads") to be displayed to users of the websites when they visit the Facebook social network or other websites that also use the procedure. In this way, we pursue the interest of showing you advertising that is of interest to you in order to make our websites or offers more interesting for you.
In addition, with the help of the Facebook Pixel, we would like to ensure that our Facebook Ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Facebook Pixel, we can track the effectiveness of the Facebook Ads for statistical and market research purposes by seeing whether users were redirected to our websites after clicking on a Facebook Ad (so-called "conversion").
https://www.facebook.com/policy.php
Google Ireland Limited
Google Building Gordon House Barrow St
Dublin 4 Ireland
Our websites use Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it remains in place for all tracking tags implemented with Google Tag Manager.
https://policies.google.com/privacy?hl=en
Google Ireland Limited
Google Building Gordon House Barrow St
Dublin 4 Ireland
We use "DoubleClick Floodlight", a service of Google Ireland Limited, on our websites. Google Double Click Floodlight allows us to determine how clicks on ads or information on platforms of Google effectively lead to transactions and similar actions of users with us. These features use temporary cookies from Google and do not process individual user data. You can use the options provided by Google against the use of these cookies or make appropriate browser settings.
https://policies.google.com/privacy?hl=en
YouTube (Google LLC) 901 Cherry Ave.
San Bruno, CA 94066 USA
We have integrated YouTube videos into our online offering, which are stored on www.YouTube.com and can be played directly from our websites. Information on the
purpose and scope of data collection and processing by YouTube can be found in the YouTube privacy policy.
https://policies.google.com/privacy?hl=en
Vimeo, Inc.
555 West 18th Street New York
New York 10011 USA
We integrate videos from the Vimeo platform, operated by Vimeo, Inc. into our online offering.
In the process, usage and communication data, device data and content data may be transmitted to the provider. Our legitimate interests lie in the user-friendly integration of videos and their optimal presentation.
JUNE
Grosse Johannisstrasse 3
20457 Hamburg Germany
We use June to send newsletters. After your registration, you will receive a newsletter tailored to you with news, offers and other information. For this purpose, we evaluate your purchase and click behavior on our websites or within the newsletter in order to compile the information relevant to you.
https://juneapp.com/en/imprint/
Branch Metrics, Inc. 1400 Seaport Blvd Building B, 2nd Floor Redwood City, CA 94063 USA
Branch Metrics, Inc. provides a platform for deeplinking and analyzing cross-application experiences between app and web. This allows us, for example, to redirect users to the appropriate app store or to specific areas within the app.
https://branch.io/policies/#privacy
Google Ireland Limited
Google Building Gordon House Barrow St
Dublin 4 Ireland
Our websites use the online marketing tool Google Ads (incl. conversion and remarketing) from Google.
Google Ads uses cookies to serve ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are displayed in which browser. In addition, Google Ads can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a Google Ads ad and later calls up the advertiser's website with the same browser and purchases something there.
Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. Through the integration of Google Ads, Google receives the information that you have called up the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that Google processes your IP address.
The optimization of our advertising offer is our legitimate interest regarding the analysis of user behavior.
https://policies.google.com/privacy?hl=en
LinkedIn Ireland Unlimited Company Wilton Place
Dublin 2 Ireland
We use LinkedIn Insight Tag and Conversion Tracking from LinkedIn Ireland Unlimited Company. With the help of these services, we can analyze the success of our ads in LinkedIn's network and display you personalized ads in it.
The LinkedIn Insight tag sets a cookie in your browser. If you visit our websites and are logged into your LinkedIn account at the same time, a connection to the LinkedIn server is established. The following personal data is processed: Referrer URL, IP address, device and metadata, timestamp and your page views/usage. This data is encrypted, anonymized within seven days and deleted within 90 days. We only receive aggregate reports from LinkedIn about the website target group and ad performance so that we can analyze the success of our ads.
By means of conversion tracking, you can also be recognized as a website visitor (across devices), so that we can use you to display targeted advertising for our ads that may be of interest to you outside of our websites on LinkedIn (retargeting).
We have a legitimate interest in analyzing user behavior in order to optimize both our web offering and our advertising.
https://www.linkedin.com/legal/privacy-policy
Braze, Inc.
330 West 34th Street New York, NY 10001 USA
Braze is a comprehensive customer engagement platform that enables relevant interactions between customers and brands.
Braze acts as a mobile CRM and communication platform. In the analytics area, Braze enables campaigns and communication measures to be analyzed for their relevance and effectiveness in order to derive more relevant communication strategies from the insights gained, which convey relevant information to the right person at the right time.
In Braze the profiles of the users are stored and enriched by the behavior in the app. Based on this, the personalized communication using the implemented communication methods, such as News Feed Card, Push, In-App Message or e-mail.
Instabug, Inc.
855 El Camino Real St. Suite 13A-111
Palo Alto, CA. 94301 USA
Instabug is a software company that provides bug reporting, app performance monitoring, crash reporting, in-app chats, and user surveys for mobile apps.
Crash reporting and user surveys and feedbacks are created and collected with the help of Instabug. Within Instabug we collect the device and user information to potentially contact that user.
TYPEFORM SL
c/ Bac de Roda, 163 (local) 08018 – Barcelona
Spain
Typeform is a company that provides online questionnaires as software as a service.
With the help of Typeform surveys and quizzes can be realized in the LAAX App system. Personal data is not stored in Typeform unless it is collected during the query in a survey.
The matching of answers and data is done by means of an anonymous user ID of the LAAX App account.
https://admin.typeform.com/to/dwk6gt
Zendesk, Inc. 989 Market Street
San Francisco, CA 94103 USA
Zendensk offers a cloud-based customer support platform that provides help desk ticketing, self-service and customer service support capabilities.
Requests and feedbacks sent via LAAX App or by e-mail to [email protected] or [email protected] will be processed and answered by us in zendesk. In addition to the e-mail address, the language and the content of the request/feedback will be stored in zendesk.
https://www.zendesk.com/company/customers-partners/privacy-policy/
Facebook Inc. 1 Hacker Way Menlo Park CA 94025 USA
We use the Facebook SDK to serve targeted advertising and to elicit the number of active users.
The Facebook SDK logs the following information:
collects the following device metrics: time zone, device operating system, device model, vendor, screen size, processor cores, total memory, free memory space.
https://www.facebook.com/policy.php
Amazon Web Services, Inc. 410 Terry Avenue North Seattle WA 98109
USA
Amazon Web Services ("AWS") is a subsidiary of Amazon providing on-demand cloud computing platforms and APIs.
The infrastructure of the app is hosted on and by means of AWS services. A number of services from the AWS Suite are applied here to ensure a smooth and scalable standard. Personal data is only stored in the form of the profile image on the Amazon Service S3. However, this is done without linking to further personal data of a user.
https://aws.amazon.com/privacy/?nc1=h_ls
MongoDB, Inc. 1633 Broadway 38th Floor New York NY 10019
USA
MongoDB Atlas is the global cloud database service for modern applications. MongoDB Atlas ensures that the LAAX App MongoDB database is always accessible and scalable and complies with the latest security standards by hosting it at Amazon Web Services Frankfurt. The MongoDB database is the central LAAX App data repository where all relevant data is stored. Data can be created, read, updated and deleted (CRUD-Operations).
https://www.mongodb.com/legal/privacy-policy
Segment.io, Inc.
100 California Street, Suite 700 San Francisco
CA 94111 USA
Segment.io is a customer data platform that enables data transmission in a standardized way.
Using Segment.io, we transfer app interactions to our databases, communications and analytics tools. This is relevant to enable consistent data quality across all systems.
https://segment.com/legal/privacy/
Google Inc.
1600 Amphitheatre Parkway Mountain View
CA 94034 USA
Google Analytics is a web analytics service provided by Google Inc.
For the LAAX App, Google Analytics is populated via segment with anonymized events and data from the app in order to analyze the usage behavior of the users in the app and to improve the quality of the service provided by the app, thereby enabling a better user experience.
For the web analytics services, Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the websites. The information generated by the cookie about your use of our websites is usually transferred to a Google server in the USA and stored there.
We have a legitimate interest in analyzing user behavior in order to optimize both our web offering and our advertising.
https://policies.google.com/privacy?hl=en
Amplitude, Inc.
631 Howard Street, Floor 5 San Francisco, CA 94105 USA
Amplitude is a software as a service product used to analyze user behavior and product usage.
Personal data is stored in Amplitude in order to draw conclusions about user behavior and to assign this as segments in communication with Braze.
https://www.amplitude.com/amplitude-security-and-privacy/privacy
Stitch
1339 Chestnut St #1500 Philadelphia Pennsylvania 19107 USA
Stitch is a cloud-first, open-source platform to transfer data.
Stitch is used to transfer production database data into an analytics database to build analytics tools based on it.
https://stitchdata.netlify.app/privacy/
Auth0 Inc.
10800 NE 8th, St Suite 700
Bellevue, WA 98004 USA
Auth0 is the authorization service, which is used to ensure verification during user account creation and which sends the verification code during login. Auth0 is used to exchange the e-mail for account creation in order to realize verification via e-mail.
aleno AG Aegertenstrasse 6
8003 Zürich Switzerland
aleno is a reservation management system for hospitality businesses.
Table reservations via LAAX App are transmitted to aleno. This includes information about your reservation (date, time, number of guests) as well as your contact details such as first name, last name, telephone number (for a possible callback).
https://www.aleno.me/en/policy
Lightspeed Hardturmstrasse 101
8005 Zürich Switzerland
Lightspeed is catering POS system.
With the help of ikentoo by Lightspeed, mobile ordering is implemented on LAAX App. Personal data such as name, surname and telephone number is collected to assign the order to guests in the restaurant or for pickup/delivery.
https://www.lightspeedhq.co.uk/privacy-policy/
SIX Payment Services AG Hardturmstrasse 201
8005 Zürich Switzerland
Saferpay is the e-payment solution for payment in the online store.
Saferpay collects the information about the transaction, as well as other information related to the transaction such as financial information, information about the interaction between you and Saferpay, merchant information, including information about payment instruments.
Saferpay uses the data for, among other things, payment processing and monitoring and improving its services.
Via Saferpay, we process all common national and international payment methods in the online store.
https://www.six-payment-services.com/en/services/legal/privacy-statement.html
protel GLOBAL HQ:
Europaplatz 8
44269 Dortmund Germany
protel is a company that develops and sells hotel software.
With the help of protel we process and administer your hotel bookings. https://www.protel.net/
Simple Booking - Hotel Booking Engine Via Lucca 52
50142 Firenze FI Italy
Simple booking provides solutions in the hotel booking area.
With the help of Simple Booking we provide you with the opportunity to book the suitable hotel room for your stay with us.
https://www.simplebooking.travel/privacy-policy/
Avantio
c/ Charles Robert Darwin 5 Parque Tecnológico
46980 Paterna Spain
Avantio supports us in the management and marketing of vacation homes and apartments.
With the system of Avantio we manage the reservations and bookings of vacation homes and apartments in our destination and offer you the possibility to book them.
https://www.avantio.com/privacy-policy/
Datatrans AG Kreuzbühlstrasse 26
8008 Zürich
Switzerland
Datatrans is a company that offers online payment solutions.
With the help of Datatrans we process credit card bookings, which arise in connection with bookings for your stay in our destination.
https://www.datatrans.ch/en/privacy-policy/
If there are contradictions between the German and English privacy policy, the provisions of the German privacy policy shall prevail.
Insofar as the GDPR is not mandatory, only substantive Swiss law is applicable to the present contractual relationship. The place of jurisdiction is Laax.
Please report your request to our contact center:
Weisse Arena Gruppe Dr. Andreas Bleuler Via Murschetg 17
CH-7032 Laax
