Ready for your summer vacation yet?
+43720230850
Opening hours today: 10-14

Close menu

General Data Protection Regulation (GDPR)

Alpeffect Hotels operates hotels on behalf of Ski Travel Group AG under the terms set out below.

When you book a stay with or through Alpeffect Hotels, it is necessary for us to process your personal data in order to administer your booking and provide you with the best possible service. If you do not provide us with the required personal data, we will not be able to offer you the requested stay or services.

Your personal data will be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “General Data Protection Regulation” or “GDPR”) as well as applicable national data protection legislation. Further details on how we process your personal data are set out in this privacy policy below.

1. Data Controller

Ski Travel Group AG is the data controller responsible for the collection and processing of your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable national data protection legislation.

Our contact information:

Ski Travel Group AG
Sennweidstrasse 43
6312 Steinhausen
Switzerland

E-mail: gdpr@skigroup.dk

2. Purpose and Legal Basis for Processing

We collect and process your personal data for the purpose of administering bookings, stays and related services, including the provision of necessary information before, during and after your stay, handling inquiries, invoicing, and any other data processing necessary to fulfil our contractual obligations towards you.

Cancellation Insurance
If you choose to add cancellation insurance when booking your stay, we process the personal data necessary to administer the cancellation insurance and to assess whether the conditions for coverage are met.
In the event of a cancellation due to illness, accident or death, we may request documentation confirming whether you are fit to travel or not. Such documentation is used solely for the purpose of assessing the cancellation insurance and should not include detailed medical information.

The processing of your personal data is primarily based on:

  • Article 6(1) (b) GDPR – processing necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract;
  • Article 6 (1) (c) GDPR – processing necessary for compliance with a legal obligation (e.g. statutory retention obligations);
  • Article 6 (1) (a) GDPR – where you have given your consent, e.g. in connection with marketing communications;
  • Article 6 (1) (f) GDPR – where processing is based on our legitimate interests, provided such interests are not overridden by your fundamental rights and freedoms.

We do not use automated decision-making or profiling within the meaning of Article 22 GDPR.

3. Disclosure of Personal Data

We treat your personal data with care and only disclose it where necessary to provide our services to you.

Your personal data may be disclosed to:

  • Companies within the Ski Travel Group, including STG Hotels GmbH;
  • Partner hotels that are not part of STG Hotels GmbH, where only limited information (such as name, age and gender) is shared for operational purposes (e.g. room allocation);
  • Other business partners where necessary to fulfil our contractual obligations.

We may also be required to disclose your personal data to public authorities or other third parties where such disclosure is required by law.

4. Data Processors

We may use external data processors who process personal data on our behalf. In such cases, we ensure that appropriate data processing agreements are concluded in accordance with Article 28 GDPR.

These agreements require data processors to process personal data confidentially and solely for the purposes determined by us.

In certain cases, we may use data processors that are established outside the EU/EEA. In such cases, Ski Travel Group AG ensures an adequate level of protection of your personal data by exclusively using data processors that are certified under the EU–US Privacy Shield or by entering into agreements with our data processors based on the European Commission’s Standard Contractual Clauses.

5. Categories of Personal Data

We process the following categories of “ordinary” personal data, where necessary to provide our services:

  • Name
  • Address
  • E-mail address
  • Telephone number
  • Gender
  • Date of birth
  • Travel- and stay-related information
  • Payment and billing information

We collect personal data directly from you.

6. Retention and Deletion

Your personal data is stored only for as long as necessary to fulfil the purposes for which it was collected and to comply with applicable legal obligations.

In connection with contractual relationships, personal data may be retained for up to 30 years where necessary for documentation and the defence of legal claims, in accordance with applicable limitation periods. Where processing is based on consent, your personal data will be deleted when such consent is withdrawn, unless further retention is required by law.

7. Your Rights

You have a number of rights in relation to our processing of your personal data. You may exercise these rights by contacting us using the contact details provided in this privacy policy.

You have the right to access the personal data we process about you, as well as the right to object to or request the restriction of such processing. You may also object to the processing of your personal data for direct marketing purposes.

You also have the right to have inaccurate personal data corrected or incomplete personal data completed.

In certain circumstances, you have the right to have your personal data deleted at an earlier point in time than set out in our general retention policy above (your “right to be forgotten”), or to have your personal data transmitted to another data controller or to receive your personal data yourself in a structured, commonly used and machine-readable format.

You can read more about your rights under applicable data protection law on the website of the competent data protection authority.

8. Right to Lodge a Complaint

If you believe that our processing of your personal data infringes data protection law, you have the right to lodge a complaint with a competent data protection supervisory authority.

We encourage you to contact us first, and we will make every effort to address your concerns. You can reach us at gdpr@skigroup.dk.

9. Data Security

We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction or damage.

We also ensure that employees who have access to personal data are aware of the importance of data protection and process personal data in accordance with our internal policies and this privacy policy.

10. Changes to this Privacy Policy

We may update this privacy policy from time to time. The current version will always be available on our website. In the event of material changes, we will inform you in an appropriate manner. If you have any further questions, feel free to contact us at gdpr@skigroup.dk.