Privacy Policy
Piz Mitgel Management AG
Director: Renske van der Woude
Stradung 31
7460 Surses / Savognin
Telephone: +41 81 684 11 61
E-Mail: willkommen@pizmitgel.ch
Concept, implementation: Piz Mitgel Management, page design by Crown ADAM AG
Photos: © Copyright 2021 Thomas Kiewning / BK Media Solutions, © Copyright 2023, 2024 Duncan Pond, Savognin Tourism Association, Bivio Albulatal, Fotolia, Unsplash, Pixabay.
Privacy Policy
With this privacy policy, we inform you about the processing of personal data in connection with our activities and operations, including our website under the domain name
For individual or additional activities and operations, we may publish further privacy policies or additional information on data protection.
We are subject to Swiss data protection law and, where applicable, foreign data protection law, particularly that of the European Union (EU) under the European General Data Protection Regulation (GDPR).
The European Commission recognized with its decision of July 26, 2000 that Swiss data protection law provides adequate protection. In its report of January 15, 2024, the European Commission confirmed this adequacy decision.
1. Contact Addresses
Responsible for processing personal data:
Piz Mitgel Management AG
Stradung 31
7460 Savognin
Switzerland
In individual cases, third parties may be responsible for processing personal data, or there may be joint responsibility with third parties.
1.1 Data Protection Officer or Data Protection Consultant
We have the following data protection officer or consultant as a contact point for affected individuals and authorities regarding data protection inquiries:
Renske van der Woude
Piz Mitgel Management AG
Stradung 31
7460 Savognin
Switzerland
1.2 Data Protection Representation in the European Economic Area (EEA)
We have the following data protection representation in accordance with Art. 27 GDPR:
VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
The data protection representation serves as an additional contact point for affected individuals and authorities in the European Union (EU) and the European Economic Area (EEA) regarding GDPR-related inquiries.
2. Terms and Legal Bases
2.1 Terms
Affected Person: A natural person about whom we process personal data.
Personal Data: All information relating to an identified or identifiable natural person.
Special Categories of Personal Data: Data on trade union, political, religious, or philosophical views and activities, data on health, private life, or ethnicity or race, genetic data, biometric data uniquely identifying a natural person, data on criminal and administrative penalties or prosecutions, and data on social assistance measures.
Processing: Any handling of personal data, regardless of the methods and procedures used, such as querying, comparing, adjusting, archiving, storing, reading, disclosing, acquiring, collecting, deleting, exposing, ordering, organizing, saving, changing, distributing, linking, destroying, and using personal data.
European Economic Area (EEA): Member states of the European Union (EU), as well as the Principality of Liechtenstein, Iceland, and Norway.
2.2 Legal Bases
We process personal data in accordance with Swiss data protection law, specifically the Federal Act on Data Protection (Data Protection Act, DPA) and the Data Protection Ordinance (Data Protection Ordinance, DPO).
We process – to the extent that the European General Data Protection Regulation (GDPR) is applicable – personal data in accordance with at least one of the following legal bases:
- Art. 6 para. 1 lit. b GDPR for necessary processing of personal data to fulfill a contract with the affected person and to carry out pre-contractual measures.
- Art. 6 para. 1 lit. f GDPR for necessary processing of personal data to protect legitimate interests – including the legitimate interests of third parties – provided that the basic rights and freedoms, as well as the interests of the affected person, do not outweigh. Such interests include the sustainable, humane, secure, and reliable operation of our activities, ensuring information security, protecting against abuse, enforcing legal claims, and complying with Swiss law.
- Art. 6 para. 1 lit. c GDPR for necessary processing of personal data to comply with a legal obligation to which we are subject under applicable law of EEA member states.
- Art. 6 para. 1 lit. e GDPR for necessary processing of personal data to carry out a task in the public interest.
- Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the affected person.
- Art. 6 para. 1 lit. d GDPR for necessary processing of personal data to protect the vital interests of the affected person or another natural person.
- Art. 9 para. 2 ff. GDPR for the processing of special categories of personal data, in particular with the consent of affected individuals.
The European General Data Protection Regulation (GDPR) designates the processing of personal data as the processing of personal data and the processing of particularly sensitive personal data as the processing of special categories of personal data (Art. 9 GDPR).
3. Nature, Scope, and Purpose of Processing Personal Data
We process only the personal data necessary to enable our activities and operations sustainably, humanely, securely, and reliably. The processed personal data may fall into categories such as browser and device data, content data, communication data, metadata, usage data, master data, including inventory and contact data, location data, transaction data, contract data, and payment data.
We also process personal data obtained from third parties, publicly accessible sources, or data collected in the course of our activities and operations, provided that such processing is legally permissible.
We process personal data, if necessary, with the consent of affected individuals. We may process personal data in many cases without consent, such as to fulfill legal obligations or to protect overriding interests. We may also ask for consent from affected persons, even when consent is not required.
We process personal data for the duration necessary for the respective purpose. We anonymize or delete personal data, particularly based on statutory retention and limitation periods.
4. Disclosure of Personal Data
We may disclose personal data to third parties, have it processed by third parties, or jointly process it with third parties. Such third parties are mainly specialized service providers whose services we utilize.
We may disclose personal data, for example, to banks and other financial institutions, authorities, educational and research institutions, consultants and lawyers, advocacy groups, IT service providers, cooperation partners, credit agencies, logistics and shipping companies, marketing and advertising agencies, media, organizations, and associations, social institutions, telecommunications companies, and insurers.
5. Communication
We process personal data to communicate with third parties. In this context, we process data provided by an affected person when making contact, for example, by mail or email. We may store such data in an address book or comparable tools.
Third parties who transmit data about other people are required to ensure data protection for such affected individuals. This includes ensuring the accuracy of the transmitted personal data.
6. Applications
We process personal data about applicants as needed to assess suitability for employment or later execute an employment contract. Required personal data is typically determined by the information requested, such as in a job posting. We may post job openings with the help of suitable third parties, for example, in electronic or printed media or on job boards and platforms.
We also process personal data that applicants voluntarily provide or make public, especially in cover letters, resumes, other application documents, and online profiles.
We process – to the extent that the General Data Protection Regulation (GDPR) is applicable – personal data about applicants, particularly in accordance with Art. 9 para. 2 lit. b GDPR.
We may allow applicants to enter their information in our talent pool for future consideration for open positions. We may also use this information to maintain contact and provide updates. If we find that an applicant may be suitable for an open position based on their information, we may notify the applicant accordingly.
We use selected services from suitable third parties to post positions via e-recruiting and to manage applications.
7. Data Security
We implement appropriate technical and organizational measures to ensure data security commensurate with the risk level. Our measures particularly ensure the confidentiality, availability, traceability, and integrity of the processed personal data, though absolute data security cannot be guaranteed.
Access to our website and other online presence occurs via transport encryption (SSL / TLS, specifically with HTTPS). Most browsers warn against accessing sites without transport encryption.
Our digital communications are generally subject to mass surveillance by security agencies in Switzerland, other parts of Europe, the United States (USA), and other countries without specific suspicion. We have no direct influence over the processing of personal data by intelligence services, law enforcement agencies, and other security agencies, nor can we rule out targeted surveillance of an affected person.
8. Personal Data Abroad
We process personal data primarily in Switzerland and the European Economic Area (EEA). However, we may also transfer or transmit personal data to other countries, particularly for processing or having it processed there.
We may transfer personal data to all countries on Earth and elsewhere in the universe if the local law ensures adequate data protection as determined by a Swiss Federal Council decision and, where the GDPR is applicable, by a European Commission decision.
We may transfer personal data to countries without adequate data protection if data protection is otherwise ensured, especially through standard data protection clauses or other suitable safeguards. Exceptionally, we may export personal data to countries without adequate protection if specific data protection requirements are met, such as the explicit consent of affected individuals or a direct connection with the conclusion or performance of a contract. We are happy to provide affected persons with information about guarantees or a copy of any guarantees upon request.
9. Rights of Affected Individuals
9.1 Data Protection Claims
We grant affected individuals all rights under applicable data protection law. Affected persons have, in particular, the following rights:
- Information: Affected persons can request information about whether we process personal data about them and, if so, what personal data is involved. Affected persons will also receive any other information required to assert their data protection rights and ensure transparency. This includes the personal data processed and information about processing purposes, retention periods, potential disclosure or export of data to other countries, and the source of personal data.
- Correction and Restriction: Affected persons may correct incorrect personal data, complete incomplete data, and restrict the processing of their data.
- Deletion and Objection: Affected persons may have their personal data deleted (“right to be forgotten”) and object to the processing of their data with effect for the future.
- Data Release and Transfer: Affected persons can request the release of personal data or its transfer to another responsible party.
We may delay, restrict, or deny the exercise of affected individuals’ rights within legally permissible limits. We may inform affected individuals of conditions that must be met to exercise their data protection rights. For example, we may refuse information citing confidentiality obligations, overriding interests, or the protection of other individuals. We may also refuse to delete personal data, particularly with reference to statutory retention obligations, either in whole or in part.
We may exceptionally charge fees for exercising rights. We inform affected persons in advance of any fees.
We are required to take appropriate measures to identify affected persons requesting information or asserting other rights. Affected persons are required to cooperate in this process.
9.2 Legal Protection
Affected persons have the right to enforce their data protection rights through legal action or to file a complaint with a data protection supervisory authority.
The data protection supervisory authority for private controllers and federal agencies in Switzerland is the Swiss Federal Data Protection and Information Commissioner (FDPIC).
European data protection authorities are organized as members of the European Data Protection Board (EDPB). In some EEA countries, data protection supervisory authorities have a federal structure, particularly in Germany.
10. Use of the Website
10.1 Cookies
We may use cookies. Cookies – our own (first-party cookies) as well as third-party cookies – are data stored in the browser. Such stored data is not limited to traditional text-based cookies.
Cookies can be stored temporarily in the browser as “session cookies” or for a set period as “permanent cookies.” “Session cookies” are automatically deleted when the browser is closed. Permanent cookies have a set storage period. Cookies allow, in particular, for the browser to be recognized upon returning to our website, thus enabling the measurement of our website’s reach. Permanent cookies may also be used for online marketing.
Cookies can be deactivated or deleted entirely or partially in browser settings at any time. Without cookies, our website may not be fully available. We request explicit consent for the use of cookies – at least where necessary.
For cookies used for success and reach measurement or for advertising, many services provide a general objection (“opt-out”) through AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
10.2 Logging
We may log at least the following information for each access to our website and other online presences if this information is transmitted to our digital infrastructure: date and time, including time zone, IP address, access status (HTTP status code), operating system, including user interface and version, browser, including language and version, individual sub-page of our website accessed, including transmitted data volume, and the last page visited in the same browser window (referrer).
We log such information, which may include personal data, in log files. This information is required to ensure the sustainable, user-friendly, and reliable availability of our online presence and to guarantee data security – including through third parties or with the help of third parties.
10.3 Tracking Pixels
We may integrate tracking pixels into our online presence. Tracking pixels, also known as web beacons, are typically small, invisible images or JavaScript scripts automatically retrieved when our online presence is accessed. Tracking pixels – also from third parties whose services we use – can capture at least the same information as in log files.
11. Notifications and Announcements
11.1 Success and Reach Measurement
Notifications and announcements may contain weblinks or tracking pixels that track whether a particular message has been opened and which links were clicked. Such links and tracking pixels may also record the usage of notifications and announcements on a personal basis. This statistical recording of usage is necessary for success and reach measurement, enabling us to send notifications and announcements effectively and sustainably based on recipients’ needs and reading habits, ensuring they are user-friendly, secure, and reliable.
11.2 Consent and Objection
In general, you must consent to the use of your email address and other contact details unless otherwise permitted by law. We may use a “double opt-in” procedure to obtain doubly confirmed consent, in which case you will receive a message with instructions for double confirmation. We may record consents obtained, including IP address and timestamp for proof and security purposes.
You may in general object to receiving notifications and announcements, such as newsletters, at any time. By doing so, you may also object to the statistical measurement of usage for success and reach measurement. Required notifications and announcements related to our activities and operations are reserved.
11.3 Service Providers for Notifications and Announcements
We send notifications and announcements with the help of specialized service providers.
We particularly use:
- Mailchimp: communication platform; provider: The Rocket Science Group LLC DBA Mailchimp (USA), a subsidiary of Intuit Inc. (USA); data protection information: Privacy Policy (Intuit) including “Country and Region-Specific Terms,” Mailchimp Privacy FAQ, Mailchimp and European Data Transfers, Security, Cookie Policy, Privacy Rights Requests, Legal Terms.
12. Social Media
We are present on social media platforms and other online platforms to communicate with interested parties and to provide information about our activities and operations. Personal data may also be processed outside Switzerland and the European Economic Area (EEA) in connection with these platforms.
The terms and conditions, privacy policies, and other provisions of the respective platform operators apply. These provisions particularly inform affected individuals of their rights directly with the respective platform, including the right to information.
For our social media presence on Facebook, including so-called page insights, we are – to the extent that the General Data Protection Regulation (GDPR) applies – jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta Companies (including in the USA). Page insights provide insight into how visitors interact with our Facebook presence. We use page insights to make our Facebook social media presence effective and user-friendly.
Further information about the nature, scope, and purpose of data processing, information on affected individuals’ rights, and Facebook’s contact information, including its data protection officer, can be found in Facebook’s Privacy Policy. We have entered into the so-called Controller Addendum with Facebook, agreeing that Facebook is responsible for ensuring the rights of affected individuals. Relevant information on page insights can be found on the page Information on Page Insights and Information about Page Insights Data.
13. Third-Party Services
We use third-party services to sustainably, humanely, securely, and reliably conduct our activities and operations. With such services, we can integrate functions and content into our website. For technical reasons, the services used must, at least temporarily, capture users’ IP addresses.
For required security-relevant, statistical, and technical purposes, third parties whose services we use may process data in connection with our activities and operations in an aggregated, anonymized, or pseudonymized manner. These may include performance or usage data necessary to provide the respective service.
We particularly use:
- Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the EEA and Switzerland; General data protection information: Privacy and Security Principles, Information on How Google Uses Personal Data, Privacy Policy, “Google is Committed to Complying with Applicable Data Protection Laws”, “Data Protection in Google Products”, “How We Use Data from Sites or Apps that Use Our Services”, “Types of Cookies and Similar Technologies Used by Google”, Personalized Advertising.
13.1 Digital Infrastructure
We use third-party services to access the necessary digital infrastructure in connection with our activities and operations. These include hosting and storage services from selected providers.
We particularly use:
- Cyon: Hosting; Provider: cyon GmbH (Switzerland); data protection information: Privacy, Privacy Policy.
- WordPress.com: Blog hosting and website builder; Providers: Automattic Inc. (USA) / Aut O’Mattic A8C Ireland Ltd. (Ireland) for users in Europe; data protection information: Privacy Policy, Cookie Policy.
13.2 Mapping Material
We use third-party services to integrate maps into our website.
We particularly use:
- Google Maps including Google Maps Platform: mapping service; Provider: Google; Google Maps-specific information: How Google Uses Location Information.
13.3 Fonts
We use third-party services to integrate selected fonts as well as icons, logos, and symbols into our website.
We particularly use:
- Google Fonts: Fonts; Provider: Google; Google Fonts-specific information: Your Privacy and Google Fonts, Privacy and Data Collection (Google Fonts).
13.4 E-Commerce
We operate e-commerce and use third-party services to successfully offer services, content, or goods.
13.5 Payments
We use specialized service providers to process our customers’ payments securely and reliably. The terms and conditions and privacy policies of each provider apply to the processing of payments.
We particularly use:
- Nexi: credit card payment processing; Providers: Nexi S.p.A. (Italy) and other Nexi Group companies; data protection information: Privacy Policy, Privacy Information for Cardholders.
14. Success and Reach Measurement
We aim to measure the success and reach of our activities and operations. This may include tracking the effectiveness of third-party links or checking how different parts or versions of our online offering are used (“A/B testing” method). Based on success and reach measurements, we can address issues, strengthen popular content, or make improvements.
Most success and reach measurements involve capturing users’ IP addresses. In such cases, IP addresses are generally shortened (“IP masking”) to comply with the principle of data minimization through pseudonymization.
Cookies may be used, and user profiles may be created as part of success and reach measurement. Any user profiles created may include individual pages visited or content viewed on our website, screen size or browser window information, and – at least approximately – location. User profiles are generally pseudonymized and not used to identify individual users. Individual third-party services where users are logged in may associate the use of our online offering with the user account or profile on the respective service.
We particularly use:
- fusedeck: Success and reach measurement; Provider: cptr AG (Switzerland); data protection information: Data & Privacy, Privacy Policy.
15. Video Surveillance
We use video surveillance for crime prevention, evidence in case of crime, exercising and asserting our legal claims, defense against third-party claims, and enforcing our house rules. To the extent that the General Data Protection Regulation (GDPR) is applicable, these are considered overriding legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, and for special categories of personal data with reference to Art. 9 para. 2 lit. f GDPR.
We store video surveillance footage as long as it is required for evidence or other purposes mentioned.
We may retain and transmit video surveillance footage to appropriate entities such as courts or law enforcement agencies if necessary for a stated purpose, in our otherwise legitimate overriding interest, or due to legal obligations.
16. Final Remarks on Privacy Policy
We created this privacy policy using the Data Protection Generator from Data Protection Partner . The present privacy policy is an unofficial translation from the original German version.
We may update this privacy policy at any time. We will inform you of updates in an appropriate manner, particularly by publishing the current privacy policy on our website.
We look forward to your visit.
Directions to the Piz Mitgel Hotel
Please always use the complete address when entering it into your navigation system: 7460 Savognin, Strandung 31.
Zürich – Savognin – 164 km – 1:48 Std.
Chur – Savognin – 46,5 km – 0:39 Std
St. Moritz – Savognin – 38,6 km – 0:43 Std
Travel by public transportation
Nearest Airport is Zürich or St. Gallen Altenrhein Flughafen Zurich
Nearest train station: Tiefencastle https://www.sbb.ch
SWISS TRAVEL PASS | Gepäcktransport SBB
Travel comfortably and climate-neutral with public transportation and let your luggage travel alone. We collaborate with the Swiss Federal Railways (SBB) and are happy to pick up or deliver your luggage to the nearest train station! Please contact us for further information.
Nearest bus stop.
Savognin posta
Transportation providers
Taxi Giovanni
Tel: +41 78 742 75 87
Taxi Jäger
Tel: +41 78 609 56 96
Mail: jaegertrans@bluewin.ch
Surses Liner
Tel: +41 76 410 31 31