GDPR

Sunstar-Holding AG 
Privacy Policy 

We are very pleased about your interest in our company.

Your privacy is very important to Sunstar and we therefore process your data in accordance with the Swiss Data Protection Act (DPA) and the European Data Protection Regulation (DPR) and any applicable data protection provisions under Swiss or EU law. 

 We treat your personal data confidentially and in accordance with the statutory data protection regulations and this Privacy Policy. 

We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments. 

Sunstar ensures that only authorised persons have access to your personal data. These persons are obliged to maintain confidentiality. We also ensure adequate and secure processing and apply appropriate measures to protect your data with regard to maintaining confidentiality, integrity and availability.

1. Who is affected by this privacy policy:

  • Chapter 2. Visitors to our websites 
  • Chapter 3. People who are in communication with us
  • Chapter 4. Guests of Sunstar Hotels in Switzerland and Piedmont
  • Chapter 5. Shareholders 
  • Chapter 6. Contact persons, partners and suppliers 
  • Chapter 7. Applicants  
  • Chapter 8. Visitors to the company headquarters who use our guest WiFi 
1.1. This privacy information statement contains more detailed information about: 
  • Contact information of the responsible person 
  • Categories of data processed
  • Information on the purpose and the legal basis 
  • Data recipient 
  • Retention period 
  • Information on your rights
1.2. About us

Sunstar-Holding AG (hereinafter referred to as Sunstar), with registered office in Liestal, is the owner of all subsidiaries, the 8 Sunstar Hotels in Arosa, Brissago, Davos, Grindelwald, Klosters, Lenzerheide, Piemont and Pontresina and the Privilège Vacation Club.  

It is therefore responsible for the collection, processing and use of your personal data and the compatibility of this data processing with the applicable law on data protection. 

The responsible body for all operations within the meaning of the Data Protection Act is: 

Sunstar-Holding AG 
Galmsstrasse 5 
4410 Liestal 
Schweiz 
+41 61 925 70 70

datenschutz@sunstar.ch 

1.3. Whom can you contact if you have any questions? 

Data Protection Officer/Company Data Protection Officer

For questions regarding data protection, please contact our data protection officers by e-mail at: datenschutz@sunstar.ch  

EU representative 

We have the following data protection representation in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein as an additional point of contact for supervisory authorities and data subjects for enquiries relating to the General Data Protection Regulation (GDPR). 

VGS Datenschutzpartner UG 
Am Kaiserkai 69 
20457 Hamburg 
Deutschland 

info@datenschutzpartner.eu 

2. Privacy information for visiting our websites 

The following data protection information is applicable to the websites below:

  • sunstar.ch
  • arosa.sunstar.ch
  • brissago.sunstar.ch
  • davos.sunstar.ch
  • grindelwald.sunstar.ch
  • klosters.sunstar.ch
  • lenzerheide.sunstar.ch
  • piemont.sunstar.ch
  • pontresina.sunstar.ch
  • karriere.sunstar.ch
  • ferienclub.ch
  • caesars-restaurant.ch

It explains how your personal data is collected, processed and used when you visit Sunstar’s websites.  

The operation of the Sunstar websites serves to inform guests, partners, interested parties and applicants about our offer, and is used to book stays or provide a simple means of contact. 

Sunstar’s websites may also contain links to other websites. These other websites are not verified by Sunstar. Visiting such websites is therefore at your own risk. Sunstar cannot accept responsibility or liability for any such other websites, their content or their privacy practices. 

2.1. Which information do we collect from you?  

When you visit our website, our servers temporarily save each access in a log file. The following technical data is recorded without your intervention, as is generally the case with every connection to a web server, and is stored in the web server logs until it is automatically deleted after 7 days at the latest for error analysis and to ensure the functionality of the web services: 

  • IP address
  • Browser identifier
  • optionally a login name for pages with HTTP authentication 
  • optionally, the address of the website from which the user came to the current website 

No further processing takes place. The logs are excluded from the data backup. 

The collection and processing of this data is carried out for the purpose of enabling the use of our website (establishing a connection), to ensure system security and stability on a permanent basis and to enable the optimisation of our internet offering as well as for internal statistical purposes. This constitutes our legitimate interest in processing the data. 

Furthermore, the IP address is evaluated together with the other data in the event of attacks on the network infrastructure or other unauthorised or abusive website use for the purpose of clarification of and protection against such use. If necessary, it may also be used in criminal proceedings for identification purposes and in and civil and criminal proceedings against the users concerned. This constitutes our legitimate interest in processing the data. 

2.1.1. Use of our contact e-mail addresses 

You have the option of contacting us via an e-mail link. 

The data collected includes all data that you transmit via that e-mail (not an exhaustive list):

  • First name, last name 
  • company and function, if applicable 
  • E-mail address 
  • Address and telephone number 
  • Reason for request, content of the communication  
  • any other data you may provide 

We only use this data to be able to answer your contact request in the best possible, most personalised way. The processing of this data is therefore necessary for the implementation of pre-contractual measures or is in our legitimate interest. 

Your data will be deleted after 6 months at the latest, provided that your enquiry has been conclusively answered and there are no legal obligations to retain the data, such as in the case of any subsequent contract processing. 

2.1.2. Interactive conversations with ReGuest Messenger  

In order to be able to assist you in the course of your enquiry or visit to our website, we provide you with a chat function. If a chat connection is made for reception, a connection is made to our communication software. At no time will your browser be accessed. Within the chat, you have the possibility to choose different communication channels by selecting the corresponding menu items. 

By using the chat, information is transmitted to the messenger server, which is managed by ReGuest GmbH on our behalf. This data is information that is required for the technical processing of the chat. Standardised data collection is performed solely for the purpose of providing advice online. We store the data required for the above functions exclusively for those purposes. 

Any further evaluations take place at most in anonymised form for statistical purposes. The owner of all data collected during the use of Messenger is Sunstar. The stored chat logs, which we are required to keep for evidentiary purposes for you and us, will not be passed on to third parties. 

2.1.3. Subscribe to our newsletter

You have the possibility to subscribe to our newsletter via our website. Registration is required for this. The following data must be submitted as part of registration:

  • First and last name
  • E-mail address

The above data is necessary for data processing. In addition, you can voluntarily provide further data (interests, complete address field, message). We process this data exclusively in order to personalise the information and offers sent to you and to better tailor them to your interests. 

By registering, you give us your consent to process the data you provide in order to send you regular editions of the newsletter to the address you have provided and for the statistical evaluation of user behaviour and the optimisation of the newsletter. This consent constitutes our legal basis for processing your e-mail address. We are entitled to commission third parties with the technical administration of advertising measures and are entitled to pass on your data for this purpose. 

For the dispatch and statistical evaluation of the newsletter, we use the CRM software tool of ReGuest GmbH, based at Kuperionstrasse 34, 39012 Merano, Italy. We have implemented all the relevant contractual conditions and any additional guarantees as required by the provider. 

At the end of each newsletter you will find a link that allows you to unsubscribe at any time. As part of the unsubscription process, you can voluntarily inform us of the reason for unsubscribing. After unsubscribing, your personal data will be deleted. Further processing only takes place in anonymised form to optimise our newsletter. 

Furthermore, you have the possibility to receive our newsletter via the messenger app WhatsApp.  

In this case, you must provide your mobile phone number and give your consent. We use the paid WhatsApp Business Platform and Meta Business Manager for this end-to-end encrypted communication channel. This platform respects the GDPR data protection guidelines. You can unsubscribe from the newsletter at any time by deleting or blocking our contact in WhatsApp. 

2.1.4. Booking on the website, by correspondence or by telephone

If you make bookings either via our website, by correspondence (e-mail or letter) or by telephone, we require the following mandatory data for the processing of the contract: 

  • Salutation 
  • First and last name 
  • Postal address 
  • Language 
  • Credit card information 
  • E-mail address 

We will only use this data and any other information you voluntarily provide (e.g. expected time of arrival, vehicle registration plate, preferences, comments) to process the contract, unless otherwise stated in this privacy policy or unless you have separately consented to this. Specifically, we will process the data in order to record your booking as requested, to provide the booked services, to contact you in the event of any uncertainties or problems and to ensure correct payment. 

The legal basis of data processing for this purpose is the performance of a contract.

2.2. Cookies

Cookies help in many aspects to make your visit to our website easier, more pleasant and more useful. Cookies are information files that your web browser automatically stores on your computer’s hard drive when you visit our website. 

We use cookies, for example, to temporarily store your selected services and entries when you fill out a form on the website so that you do not have to enter the same information again when you visit another sub-page. Cookies may also be used to identify you as a registered user after you have registered on the website, without you having to log in again when you access another sub-page. 

Most internet browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears when you receive a new cookie. On the following pages you will find explanations on how to configure the processing of cookies in the most common browsers: 

Deactivating cookies may mean that you cannot use all the functions of our website. 

2.3. Tracking-Tools
2.3.1. General

We use the Google Analytics web analytics service for the purpose of designing and continuously optimising our website in line with requirements. In this context, pseudonymised (encrypted) usage profiles are created and small text files (“cookies”) stored on your computer are used. The information generated by the cookies about your use of this website is transmitted to the servers of the providers of these services, stored there and processed for us. In addition to the data listed above, this may provide us with the following information: 

  • The navigation path that a visitor follows on the site, 
  • Time spent on the website or sub-page, 
  • The sub-page from which the website is left, 
  • The country, region or city from which the site is accessed, 
  • The end device (type, version, colour depth, resolution, width and height of the browser window) and 
  • Whether a visitor is new or returning. 

The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to the use of the website and the internet for the purposes of market research and the design of this website in line with requirements. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.

2.3.2. Google Analytics

The provider of Google Analytics is Google Inc., a company owned by the holding company Alphabet Inc, with registered office in the USA. Before the data is transmitted to the provider, the IP address is shortened by activating IP anonymisation (“anonymizeIP”) on this website within the Member States of the European Union or in other contracting States to the Agreement on the European Economic Area. The anonymised IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In these cases, we ensure through contractual guarantees that Google Inc. maintains a sufficient level of data protection. According to Google Inc., the IP address will never be associated with other data relating to the user. 

For more information about the web analytics service used, please visit the Google Analytics website. Instructions on how to prevent the processing of your data by the web analytics service can be found at http://tools.google.com/dlpage/gaoptout?hl=en 

2.3.3. YouTube

Our website uses plugins from the YouTube site operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to YouTube’s servers is established. This tells the YouTube server which of our pages you have visited. 

By logging into your YouTube account, you enable YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. 

YouTube is used in order to present our online offers in an appealing manner. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 let. f GDPR. For further information on the handling of user data, please refer to YouTube’s privacy policy: https://policies.google.com/privacy?hl=en-US

2.3.4. Google Maps

This website uses Google Maps to display maps and to provide directions. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you consent to the collection, processing and use by Google, one of its agents, or third parties of automatically collected data and data provided by you. The Terms of Use for Google Maps can be found at the Terms of Use for Google Maps.

Further information can also be found in the cookie list of the Cookiebot banner.  

2.3.5. Table reservations via Gastronovi

You have the option of making table reservations on some websites. You will be redirected to the Gastronovi service platform. The data collected there – 

  • Surname, first name 
  • E-mail address 
  • Telephone numbers, if applicable 
  • Date, time 

– will be processed in accordance with Gastronovi’s privacy policy, to which you must actively consent. You can find more information here: https://www.gastronovi.com/en/data-protection/ 

2.3.6. Activities via Giggle

You have the opportunity to register for activities on some websites. You will be redirected to the Giggle service platform. The data collected there – 

  • Surname, first name 
  • E-mail address 
  • Telephone numbers, if applicable 
  • Date, time 

– will be processed in accordance with Giggle’s privacy policy, to which you must actively consent. You can find more information here: https://hotel.giggle.tips/privacy 

2.3.7. ordering vouchers

You have the possibility to order vouchers on our websites. For this we will usually need the following information: 

  • Salutation
  • First and last name
  • Address
  • E-mail address
  • Phone number
  • Voucher value
  • Dedication, greeting message and salutation for voucher recipients
  • Payment method 

The entries that are necessary for the smooth processing of your enquiry are marked as mandatory. Entering other information is optional. We only use this data and an address voluntarily provided by you to be able to answer your enquiry in the best possible and most personalised way. The processing of this data is in our legitimate interest. 

Please note that we may pass on your data to third parties in so far as this is necessary within the framework of the use of the websites and the processing of contracts. 

2.3.8. loyalty card

During your stay you can collect loyalty points and thus benefit from discounts. You can check your loyalty points balance on our website.  

To do this, you must enter your surname, first name and e-mail address. We will only use this and other information voluntarily provided by you to process your request.

2.3.9. use of the application portal

You have the possibility to apply via the application portal. During the procedure 

the following data is stored in the database:

  • salutation, surname, first name 
  • date of birth 
  • contact details (address, e-mail address and telephone numbers) 

Furthermore, all the documents that you submit in connection with your application will also be recorded. 

This data will only be saved, evaluated, processed or shared internally in connection with your application.  

If you explicitly give us your consent, we will also save your application for other suitable positions within our company at a later date.  

By pressing the “Accept data protection terms” button, you give your consent for your data to be stored and processed and for your personal data to be made available to our company for the purpose of finding or filling a job vacancy. Your consent to such data processing will be documented.  

Your data will be stored and processed on the systems of our software partner Ennit (basis of data processing: Art. 13 para. 1 FADP, reference basis: Art. 6 No. 1 lit. a GDPR (EU)). 

Application documents from unsuccessful applicants for a specific, publicly advertised vacancy will be deleted no later than six months after the vacancy is filled, because our company has to have fulfilled all its legal obligations by that time (e.g. compliance with SECO [State Secretariat for Economic Affairs] requirements). Regardless of the above, you are entitled to ask for your electronic data to be deleted at any time.

2.4. Why do we use encryption?

For security reasons and to protect the transmission of confidential content that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser address bar.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

We would like to draw your attention to the fact that – subject to an explicit agreement and configuration – e-mails to us are sent unencrypted. If you wish to transmit confidential or sensitive information by e-mail, please contact us in advance so that we can agree on a secure way to transmit the data. 

2.5. To whom will your data be transferred? 

As part of our provision of services, we are supported by external processors. Our processors are carefully selected, contractually bound and located within Switzerland.  

Other recipients of your data may, depending on the situation, include companies in other EU countries, especially in the IT sector. Where we work with such companies, we do so only if there is an adequate level of data protection in the relevant country. 

We apply appropriate technical and organisational security measures in our cooperation with all partners.

2.6. How long do we store your data? 

In principle, the data is deleted as soon as it is no longer required to achieve its purpose (see the individual chapters mentioned above). For the personal data collected when you visit our website, we store the data for a maximum period of twelve months. 

You can find the cookie storage period in the cookie banner under “Details”. 

Your personal data in connection with the use of the contact forms as well as the applicant contact forms will be deleted once it has been transmitted to the responsible office at Sunstar. 

3. Data protection information when communicating with us 

3.1. Which information do we collect from you? 

Sunstar processes personal data that we receive in the course of communicating with you. Relevant personal data are, depending on the situation:

  • first name, last name 
  • your function in the company  
  • e-mail address and telephone number 
  • reason for request, content of the communication  
  • any other data you may provide 

We would like to draw your attention to the fact that – subject to an explicit agreement and configuration – e-mails to us are sent unencrypted. If you wish to transmit confidential or sensitive information by e-mail, please contact us in advance so that we can agree on a secure way to transmit the data. 

When you enter into a business relationship with us, as a guest or partner/supplier, further related data is collected, about which you will be informed separately below.

3.2. Why do we process your data and on what legal basis?  

We process your personal data for business correspondence, for processing and documenting our orders and for answering and handling our services based on your enquiry or based on our contractual cooperation. 

The processing of this data is carried out in the course of precontractual measures or in our legitimate interest. 

3.3. To whom will your data be transferred? 

As part of our provision of services, we are supported by external processors. Our processors are carefully selected, contractually bound and located within Switzerland. 

Other recipients of your data may, depending on the situation, include companies in other EU countries, especially in the IT sector. Where we work with such companies, we do so only if there is an adequate level of data protection in the relevant country. 

We apply appropriate technical and organisational security measures in our cooperation with all partners. 

3.4. How long do we store your data? 

In principle, we process and store your personal data for as long as necessary in order to achieve the relevant purpose and comply with legal obligations or as stipulated by another legal basis. If the processing of the data is no longer necessary, that data will be periodically deleted.

4. Data protection information for guests of Sunstar Hotels 

4.1. Which data do we process from you?

Sunstar processes personal data that we receive in the run-up to or during a business relationship from you yourself, or from a person or company commissioned by you. Furthermore, we collect and store information that we acquire in the course of providing the service and that is directly related to your stay.  

 4.1.1. Data processing to fulfil the legal obligation to notify

When you arrive at our hotels, we require the following information from you and the persons accompanying you, which we record in our centralised hotel software: 

  • first name and surname 
  • gender 
  • postal address and canton 
  • date of birth 
  • nationality 
  • official identification card and number 
  • date of arrival and departure 
  • number of persons, including children 

In so far as this information is required for the fulfilment of legal reporting obligations arising under hospitality industry or police law, we are obligated to collect it. To the extent that we are required to do so under applicable regulations, we will forward this information to the competent authority. 

Providing further information is optional. We only use this data to be able to design your stay in the best possible and most personalised way. 

4.1.2. Recording booked services and leisure activities

If you obtain services from our wellness area or register for hotel activities as part of your stay, your surname, first name and the subject and time of the service will be recorded and processed by us for billing purposes and in order to provide the booked service. 

The processing of this data is necessary for the execution of the contract with us. 

4.1.3. Use of hotel internet via PWLAN  

If you use our guest WiFi during your stay in a Swiss hotel, Sunstar will provide you with internet access via a third-party provider (Swisscom/Digmedia).  

When you register, you accept Swisscom’s privacy policy.  

Sunstar Hotels transmits pseudo-anonymised data (name and room number) for this purpose. Sunstar does not store any other data. 

At the Sunstar Hotel in Piedmont, you have access to our own WiFi. In order to ensure the secure operation of the service provided, we collect various technical usage data:

  • IP address, MAC address, log data, etc. 

The legal basis for processing your personal data is legitimate interest. To protect your personal data, Sunstar has established appropriate security standards. The data is stored for 7 days. 

4.2. Storage and exchange of data with third parties
4.2.1. Booking platforms

If you make bookings via a third-party platform, we receive various personal information from the respective platform operator. This is usually the data listed in this privacy policy. In addition, enquiries about your booking may be forwarded to us. We will process this data in order to record your booking as requested and to provide the booked services. The legal basis of the data processing for this purpose is the performance of a contract. 

Finally, we may be notified by the platform operators of disputes relating to a booking. Where this occurs, we may also receive data relating to the booking process, which may include a copy of the booking confirmation as evidence that the booking was actually made. We process this data in order to protect and enforce our claims. This constitutes our legitimate interest. Please also note the Information on data protection of the provider Hotel Net Solutions: https://hotelnetsolutions.de/en/privacy-policy/ 

4.3. Central storage and linking of data

We store the above mentioned data in a central electronic data processing system. The data concerning you is systematically collected and linked for the purpose of processing your bookings and handling the contractual services.

For Privilège Vacation Club data, we also use cloud-based software. We base the processing of this data within the software on our legitimate interest in customer-friendly and efficient customer data management.

4.4. Retention Period

We only store personal data for as long as is necessary to use the above tracking services as well as for further processing within the scope of our legitimate interest. Contract data is kept by us for a longer period of time, as this is required by statutory retention obligations. The retention obligations that oblige us to retain data result from regulations on registration law and accounting and from tax law. According to these regulations, business communications, contracts concluded and accounting documents must be kept for up to 10 years. In so far as we no longer need this data to perform the services for you, the data will be anonymised. This means that the data may then only be used for accounting and tax purposes. 

4.5. Disclosure of data to third parties

We will only pass on your personal data if you have expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce any claims arising from the contractual relationship. In addition, we pass on your data to third parties in so far as this is necessary in the context of the use of the website and in processing contracts (including outside the website), namely the processing of your bookings. 

We share your personal data with the following categories of recipients: 

  • IT service providers 
  • third parties to whom we have outsourced services such as sending newsletters 
  • third parties we engage to provide additional services to our guests 
  • third parties involved in the implementation or organisation of events and seminars 
  • advisors, trust companies, law firms 
  • authorities and courts, if applicable 

When booking, we will redirect you directly to the website of our partner Worldline for credit card payment. Regarding the processing of your credit card information by this third party, we ask you to read the terms and conditions as well as the privacy policy of your credit card issuer. 

When data is disclosed to third parties, the legal regulations on the disclosure of personal data to third parties will of course be observed. Where we use contract processors to provide our services, we take the appropriate legal precautions and corresponding technical and organisational measures to ensure the protection of your personal data in accordance with the relevant legal provisions in Switzerland and the EU/EEA. 

Data may also be transferred if another company intends to acquire our company or parts thereof and if such a transfer of data is necessary to enable due diligence to be carried out or for the transaction to be completed. In the event of a partial sale of our company, we reserve the right to continue to use the transferred data for the purpose for which it was earmarked. Our legitimate interest in transferring this data lies in the protection of our rights and the compliance with our duties, and forms the legal basis for the sale of our company. 

Please also note the information from the previous articles regarding the transfer of data to third parties.

4.5.1. Transfer of personal data abroad 

We may also transfer your personal data to third-party companies (contracted service providers) abroad for the purposes of the data processing described in this privacy policy. These companies are committed to data protection to the same extent as we are. If the level of data protection in a country does not correspond to that in Switzerland or the EU, we will contractually ensure that the protection of your personal data corresponds to that in Switzerland or the EU at all times. 

5. Data protection information for shareholders

5.1. Sunstar shareholders 
5.1.1. Which data do we process from you?  

Sunstar Shareholder Services processes personal data that we receive in the run-up to or during a business relationship from you yourself or from a person or company appointed by you. Furthermore, we collect and store information that we acquire in the course of providing the service and that is directly related to the fulfilment of the order. Relevant personal data is, depending on the order situation: 

  • surname, first name
  • address(es)
  • e-mail addresses 
  • telephone numbers 
  • shareholder number 
  • contact details of contact persons, if applicable 
  • bank details, if applicable
5.1.2. Why do we process your data and on what legal basis?  

Depending on the order situation, we process your data for the purpose of providing the contractually determined services to you as well as within the scope of making offers. 

5.1.3. To whom will your data be transferred? 

We will only pass on your personal data if you have expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce any claims arising from the contractual relationship. In addition, we pass on your data to third parties in so far as this is necessary in the context of the use of the website and in processing contracts (including outside the website), namely the processing of your bookings. 

We share your personal data with the following categories of recipients: 

  • IT service providers 
  • partner businesses that provide special offers for shareholders 
  • third parties to whom we have outsourced services such as sending newsletters 
  • third parties we engage to provide additional services to our guests 
  • third parties involved in the implementation or organisation of events and seminars 
  • consultancies, trust companies, law firms 
  • authorities and courts, if applicable 

When booking, we will redirect you directly to the website of our partner Worldline for credit card payment. Regarding the processing of your credit card information by this third party, we ask you to read the terms and conditions as well as the privacy policy of your credit card issuer. 

When data is disclosed to third parties, the legal regulations on the disclosure of personal data to third parties will of course be observed. Where we use contract processors to provide our services, we take the appropriate legal precautions and corresponding technical and organisational measures to ensure the protection of your personal data in accordance with the relevant legal provisions in Switzerland and the EU/EEA. 

Data may also be transferred if another company intends to acquire our company or parts thereof and if such a transfer of data is necessary to enable due diligence to be carried out or for the transaction to be completed. In the event of a partial sale of our company, we reserve the right to continue to use the transferred data for the purpose for which it was earmarked. Our legitimate interest in transferring this data lies in the protection of our rights and the compliance with our duties, and forms the legal basis for the sale of our company. 

Please also note the information from the previous articles regarding the transfer of data to third parties. 

5.1.4. How long do we store your data? 

We only store personal data for as long as is necessary to use the above tracking services as well as for further processing within the scope of our legitimate interest. Contract data is kept by us for a longer period of time, as this is required by statutory retention obligations. The retention obligations that oblige us to retain data result from regulations on registration law and accounting and from tax law. According to these regulations, business communications, contracts concluded and accounting documents must be kept for up to 10 years. In so far as we no longer need this data to perform the services for you, the data will be anonymised. This means that the data may then only be used for accounting and tax purposes.

5.2. Privilège Vacation Club members 
5.2.1. Which data do we process from you? 

Privilège Vacation Club (Sunstar) processes personal data that we receive in the run-up to or during a business relationship from you yourself or from a person or company commissioned by you. Furthermore, we collect and store information that we acquire in the course of providing the service and that is directly related to the fulfilment of the order. Relevant personal data is, depending on the order situation: 

  • surname, first name
  • address(es)
  • e-mail addresses
  • telephone numbers
  • contact details of contact persons, if applicable
  • bank details, if applicable
5.2.2. Why do we process your data and on what legal basis? 

Depending on the order situation, we process your data for the purpose of providing the contractually determined services to you as well as within the scope of making offers. 

5.2.3. To whom will your data be transferred?  

We will only pass on your personal data if you have expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce any claims arising from the contractual relationship. In addition, we pass on your data to third parties in so far as this is necessary in the context of the use of the website and in processing contracts (including outside the website), namely the processing of your bookings. 

We share your personal data with the following categories of recipients: 

  • IT service providers 
  • partner shops that have special offers for Privilège members 
  • third parties to whom we have outsourced services such as sending newsletters 
  • third parties we engage to provide additional services to our guests 
  • third parties involved in the implementation or organisation of events and seminars 
  • consultancies, trust companies, law firms 
  • authorities and courts, if applicable 

When booking, we will redirect you directly to the website of our partner Worldline for credit card payment. Regarding the processing of your credit card information by this third party, we ask you to read the terms and conditions as well as the privacy policy of your credit card issuer. 

When data is disclosed to third parties, the legal regulations on the disclosure of personal data to third parties will of course be observed. Where we use contract processors to provide our services, we take the appropriate legal precautions and corresponding technical and organisational measures to ensure the protection of your personal data in accordance with the relevant legal provisions in Switzerland and the EU/EEA. 

Data may also be transferred if another company intends to acquire our company or parts thereof and if such a transfer of data is necessary to enable due diligence to be carried out or for the transaction to be completed. In the event of a partial sale of our company, we reserve the right to continue to use the transferred data for the purpose for which it was earmarked. Our legitimate interest in transferring this data lies in the protection of our rights and the compliance with our duties, and forms the legal basis for the sale of our company. 

Please also note the information from the previous articles regarding the transfer of data to third parties. 

5.2.4. Transfer of personal data abroad 

We may also transfer your personal data to third-party companies (contracted service providers) or partner businesses/hotels abroad for the purposes of the data processing described in this privacy policy. These companies are committed to data protection to the same extent as we are. If the level of data protection in a country does not correspond to that in Switzerland or the EU, we will contractually ensure that the protection of your personal data corresponds to that in Switzerland or the EU at all times. 

5.2.5. How long do we store your data?  

We only store personal data for as long as is necessary to use the above tracking services as well as for further processing within the scope of our legitimate interest. Contract data is kept by us for a longer period of time, as this is required by statutory retention obligations. The retention obligations that oblige us to retain data result from regulations on registration law and accounting and from tax law. According to these regulations, business communications, contracts concluded and accounting documents must be kept for up to 10 years. In so far as we no longer need this data to perform the services for you, the data will be anonymised. This means that the data may then only be used for accounting and tax purposes.

6. Data protection information for partners and suppliers  

6.1. Which data do we process from you?  

The following personal data of the contact person may form the subject of processing (non-exhaustive list):

  • surname, first name 
  • business address(es) 
  • business e-mail addresses 
  • business telephone numbers
  • order data
  • IBAN no.
  • depending on the situation, date of birth 
6.2 Why do we process your data and on what legal basis? 

We process your data in the course of our collaboration, based on the contract that your company or you as an individual have concluded with us. We process personal data that you or your company disclose to us during a business relationship. Furthermore, Sunstar collects and stores information that is relevant to the provision of the service and is directly related to the fulfilment of the order.  

The legal basis for processing the data is precontractual measures, the fulfilment of our contractual obligation towards you and the fulfilment of our legal obligations.

 6.3. To whom will your data be transferred?  

As part of our provision of services, we are supported by external processors. Our processors are carefully selected, contractually bound and located within Switzerland.

Other recipients of your data may, depending on the situation, include companies in other EU countries, especially in the IT sector. Where we work with such companies, we do so only if there is an adequate level of data protection in the relevant country. 

We apply appropriate technical and organisational security measures in our cooperation with all partners.

6.4. How long do we store your data?  

We process and store your personal data for as long as it is necessary for the fulfilment of our services agreed on and our legal obligations or for as long as another legal basis provides for this. If the processing of the data is no longer necessary, that data will be periodically deleted.

7. Data protection information for applicants 

The data collected includes all the information you give us when you apply, by post, e-mail or at a personal interview, such as (list is non-exhaustive):

  • first name, surname 
  • address, telephone number, e-mail address 
  • date of birth 
  • application documents 
  • portrait photo 
  • any other data you may provide 

By submitting your electronic application, you consent to the electronic processing of your data by the Sunstar offices responsible for the application and any external experts consulted. The processing is therefore carried out on the basis of the consent you have granted.  

We do not digitise paper documents as part of the application process. 

7.1. Why do we process your data and on what legal basis? 

We process your personal data to check and process your application. Your further application documents will be processed exclusively for the purpose of applicant selection and applicant recruitment.

7.2. To whom will your data be transferred? 

As part of our provision of services, we are supported by external processors. Our processors are carefully selected, contractually bound and located within Switzerland.  

Other recipients of your data may, depending on the situation, include companies in other EU countries, especially in the IT sector. Where we work with such companies, we do so only if there is an adequate level of data protection in the relevant country. 

We apply appropriate technical and organisational security measures in our cooperation with all partners. 

7.3. How long do we store your data?  

Your data will be kept until after the application process has been completed, unless you give us your explicit consent to keep your data with a view to a possible future vacancy. 

8. Visitors to the company headquarters who use our guest WiFi  

8.1. Use of our wireless internet connection    

When you come to our office premises in Liestal as a visitor/partner, Sunstar provides you with free access to use its wireless internet connection (WiFi). This use is granted exclusively to visitors to the company headquarters for the duration of their stay. You are not entitled to allow third parties to use this WiFi. Sunstar is entitled at any time to restrict access temporarily, in whole or in part, or to exclude you from further use altogether. In particular, Sunstar reserves the right, at its sole discretion and at any time, to block access to certain pages or services via the WiFi. 

8.2. Access data 

Sunstar will provide you with access data for this purpose (access security). This access data (username and password) may not be passed on to third parties.    

8.3. Data protection 

We are obliged to inform you about the use of your data that we collect from you in the course of registration and use of the guest WiFi. 

In order to ensure the secure operation of the service provided, we collect various technical usage data:

  • IP address, MAC address, log data, etc. 

The legal basis for processing your personal data is legitimate interest. 

To protect your personal data, Sunstar has established appropriate security standards. The data is stored for 7 days. 

We work with external partners who support us in the processing of personal data, e.g. to provide the IT infrastructure. These are carefully selected and are contractually bound to us as processors. If, in exceptional cases, it is necessary to transfer your data to a third country outside Switzerland or the EU/EEA, this will only take place if there is an adequate level of data protection or if further guarantees can be used to ensure data protection. 

You have the right to information about the processing of your data as well as to have your data corrected, deleted, restricted or transferred. You have the right to object to processing and should your consent be necessary in individual cases, you have the right to withdraw it.  

8.4. Limitation of liability 

You are aware that the WiFi only provides access to the internet. Sunstar does not provide any additional security measures (e.g. virus protection, firewall, etc.). The data traffic established using the WiFi uses WPA2 encryption so that misuse by third parties is virtually impossible and the data cannot be viewed by third parties. The retrieved content is not subject to verification by Sunstar. Use of the WiFi is at your own risk. Sunstar accepts no liability for damage to terminal equipment or data caused by the use of the WiFi. 

Users of the WiFi shall hold Sunstar harmless against all damages and claims by third parties which are attributable to unlawful use of the WiFi by users and/or to a breach of this Agreement. This indemnity also extends to the costs and expenses associated with the claim or its defence. 

8.5. Personal responsibility

You are solely responsible for the data transmitted via the WiFi, the services used via it and any legal transactions carried out. If third-party services are used via the WiFi, the resulting costs are to be borne by the customer. You are obliged to comply with applicable law and the following rules of conduct when using the WiFi:  

  • do not unlawfully reproduce, distribute or make publicly available any copyrighted works 
  • do not use the WiFi to retrieve or distribute immoral or illegal content 
  • observe applicable youth protection regulations 
  • do not send or distribute any derogatory, defamatory or threatening content 
  • do not use the WiFi to send spam and/or other forms of inadmissible advertising

9. What rights do you have?

You can contact our data protection officers directly at datenschutz@sunstar.ch for any questions or concerns.

You can obtain information about the data we hold about you and how it is processed, arrange for incorrect personal data to be corrected, object to data processing and, if there is no justification on our part, request the restriction of data processing and the deletion of your data. Furthermore, you can request data portability in an electronic format. 

10. Note on data transfers to the USA

For the sake of completeness, we would like to point out to users resident or domiciled in Switzerland that there are surveillance measures in place in the USA by US authorities which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without any differentiation, limitation or exception based on the objective pursued and without any objective criterion that would make it possible to limit the access of the US authorities to the data and their subsequent use to very specific, strictly limited purposes that are capable of justifying the interference associated both with the access to these data and with their use. Furthermore, we would like to point out that there are no legal remedies available in the USA for data subjects from Switzerland seeking to obtain access to the data concerning them and to obtain its correction or deletion, and that there is no effective judicial legal protection against the general access rights of US authorities. We explicitly draw the attention of data subjects to this legal and factual situation so that they can make an appropriately informed decision to consent to the use of their data. 

We would like to point out to users residing in any EU Member State that the USA does not have an adequate level of data protection from the point of view of the European Union – among other things due to the issues mentioned in this section. Where we have explained in this privacy statement that recipients of data (such as Google) are based in the USA, we will ensure that your data is protected at an appropriate level with our partners either by contractual arrangements with these companies or by ensuring that these companies are certified under the EU or Swiss-US-Privacy Shield. 

11. Modifications to this data protection information

If we have to adapt this data protection information due to any changes in services or due to new requirements, the latest available version shall apply. 

Last modified on 24 August 2023 

Cookie Liste und Einstellungen