+43720230850

Close menu

Privacy Policy

(Ski Travel Group AG / Alpeffect Hotels)

Alpeffect Hotels operates hotels on behalf of Ski Travel Group AG under the terms set out below.

When you book a stay with or through Alpeffect Hotels, it is necessary for us to process your personal data in order to administer your booking and provide you with the best possible service. If you do not provide us with the required personal data, we will not be able to offer you the requested stay or services.

Your personal data will be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “General Data Protection Regulation” or “GDPR”) as well as applicable national data protection legislation. Further details on how we process your personal data are set out in this privacy policy below.

1. Data Controller

Ski Travel Group AG is the data controller responsible for the collection and processing of your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable national data protection legislation.

Our contact information:

Ski Travel Group AG
Sennweidstrasse 43
6312 Steinhausen
Switzerland

E-mail: gdpr@skigroup.dk

2. Purpose and Legal Basis for Processing

We collect and process your personal data for the purpose of administering bookings, stays and related services, including the provision of necessary information before, during and after your stay, handling inquiries, invoicing, and any other data processing necessary to fulfil our contractual obligations towards you. In particular, we process your personal data for the following purposes:

  • to communicate with you, in particular, to provide you with information or process your requests;
  • to provide our services to you and for the processing of contracts, namely in connection with the initiation, conclusion and execution of contractual relationships. This includes all data processing that is necessary or appropriate in order to conclude, execute and, if necessary, enforce a contract, such as processing in order to decide whether and how (e.g. with which payment options) we enter into a contract with you (including the credit check), in order to provide contractually agreed services, in order to invoice our services and generally for accounting, to enforce legal claims arising from contracts (debt collection, legal proceedings, etc.);
  • to inform you about new developments or to send you other information regarding our services;
  • for statistical purposes;
  • in connection with accounting, archiving of data and management of our archives;
  • for security measures, namely for IT and building security (e.g. access control, visitor lists, prevention, defence against and investigation of cyber-attacks and malware attacks, network and mail scanners, video surveillance, telephone recordings), as well as for the prevention and investigation of criminal offenses and other misconduct or to carry out internal investigations, protection against misuse, evidentiary purposes, data analysis to combat fraud, evaluation of system-side recordings of the use of our systems (log data);
  • in connection with restructurings or other corporate actions (e.g. due diligence, sale of companies, etc.);
  • for the assertion of legal claims and defence in connection with legal disputes as well as administrative proceedings;
  • cancellation insurance: If you choose to add cancellation insurance when booking your stay, we process the personal data necessary to administer the cancellation insurance and to assess whether the conditions for coverage are met.
    In the event of a cancellation due to illness, accident or death, we may request documentation confirming whether you are fit to travel or not. Such documentation is used solely for the purpose of assessing the cancellation insurance and should not include detailed medical information;
  • to comply with our legal, regulatory (including self-regulatory) and internal requirements and rules, including compliance with court or administrative orders;
  • other purposes: We may process your personal data for other purposes that are necessary to protect our legitimate interests.

The processing of your personal data is primarily based on:

  • Article 6(1)(b) GDPR – processing necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract;
  • Article 6(1)(c) GDPR – processing necessary for compliance with a legal obligation (e.g. statutory retention obligations);
  • Article 6(1)(a) GDPR – where you have given your consent, e.g. in connection with marketing communications;
  • Article 6(1)(f) GDPR – where processing is based on our legitimate interests, provided such interests are not overridden by your fundamental rights and freedoms. Such legitimate interests may include, in particular, the following interests: maintaining contact and communicating with members, sponsors, interested parties; providing information about our activities and initiatives; advertising and marketing activities; organising and improving our services and events; protecting our members, employees and others, as well as our data, trade secrets and assets; ensuring adequate security (both physical and digital); ensuring internal operations, including the development and maintenance of our website and communication channels; preserving the association’s interests in legal matters; managing and developing our activities; selling or buying companies, parts of companies and other assets; complying with GDPR and any other applicable national data protection legislation.

We do not use automated decision-making or profiling within the meaning of Article 22 GDPR.

3. Disclosure of Personal Data

In addition to the data disclosures to recipients expressly mentioned in this privacy policy, we may disclose personal data to the following categories of recipients, to the extent permitted:

  • Companies within the Ski Travel Group, including STG Hotels GmbH;
  • Partner hotels that are not part of STG Hotels GmbH, where only limited information (such as name, age and gender) is shared for operational purposes (e.g. room allocation);
  • Other business partners where necessary to fulfil our contractual obligations;
  • Providers to whom we have outsourced certain services (e.g. IT and hosting providers, payment service providers, debt collection service providers, risk management and compliance providers, etc.);
  • Banks, auditors and insurance companies;
  • prospective buyers or investors in the event of restructuring or other corporate actions;
  • (counter)parties in potential or actual legal proceedings or litigation;
  • Domestic and foreign authorities, administrative bodies or courts.

We may also be required to disclose your personal data to public authorities or other third parties where such disclosure is required by law.

4. Cross-border data disclosure

In principle, we process your personal data in the European Union, the EEA and Switzerland. However, in some cases (e.g. when using certain service providers or certain software applications), your personal data may also be disclosed in some cases to other countries worldwide, in particular to the USA.

If we transfer data to a country without adequate legal data protection, we ensure an adequate level of protection as provided by law by using appropriate contracts (namely on the basis of the so-called standard contractual clauses of the European Commission) or rely on the legal exceptions of consent, contract execution, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the data subjects.

5. Categories of Personal Data

We process the following categories of “ordinary” personal data, where necessary to provide our services:

  • Name
  • Address
  • E-mail address
  • Telephone number
  • Gender
  • Date of birth
  • Travel- and stay-related information
  • Payment and billing information

6. Retention and Deletion

We process and store your personal data for as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, or if there is another legal basis (e.g. statutory retention periods). We retain personal data that we store on the basis of a contractual relationship with you for at least as long as the contractual relationship exists, and potential legal claims may be made, or contractual retention obligations exist. As soon as your personal data is no longer required for the above-mentioned purposes, it will be set on passive, deleted or anonymised as far as possible.

7. Your Rights

You have a number of rights in relation to our processing of your personal data. You may exercise these rights by contacting us using the contact details provided in this privacy policy.

You have the right to access the personal data we process about you, as well as the right to object to or request the restriction of such processing. You may also object to the processing of your personal data for direct marketing purposes.

You also have the right to have inaccurate personal data corrected or incomplete personal data completed.

In certain circumstances, you have the right to have your personal data deleted at an earlier point in time than set out in our general retention policy above (your “right to be forgotten”), or to have your personal data transmitted to another data controller or to receive your personal data yourself in a structured, commonly used and machine-readable format.

Please note, however, that we reserve the right to enforce the restrictions provided for by law, for example, if we are obliged to retain or process certain data, have an overriding interest in doing so (insofar as we are entitled to rely on this) or require it for the assertion of claims.

You can read more about your rights under applicable data protection law on the website of the competent data protection authority. For Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC):

Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
Switzerland - 3003 Berne

www.edoeb.admin.ch

8. Right to Lodge a Complaint

If you believe that our processing of your personal data infringes data protection law, you have the right to lodge a complaint with a competent data protection supervisory authority.

We encourage you to contact us first, and we will make every effort to address your concerns. You can reach us at gdpr@skigroup.dk.

9. Data Security

We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction or damage.

We also ensure that employees who have access to personal data are aware of the importance of data protection and process personal data in accordance with our internal policies and this privacy policy.

Like all companies, however, we cannot rule out data security breaches with absolute certainty, because certain residual risks are unavoidable.

10. Changes to this Privacy Policy

We may update this privacy policy from time to time. The current version will always be available on our website. If you have any further questions, feel free to contact us at gdpr@skigroup.dk.