Privacy Policy
We, The Club AG (hereafter “we”, “us” or “our”), are committed to protecting the privacy and security of the personal information that is provided to us or collected by us on our website and during our business. We store and process personal information in accordance with the Swiss Data Protection Act (DPA) and to the extent applicable under the EU General Data Protection Regulation (GDPR).
This privacy policy explains how we may collect and use any personal information that we obtain about you and your rights in relation to that information. We also always indicate if information you are asked to provide is mandatory or voluntary. We may provide you with additional privacy notices where we believe that it is appropriate to do so. In case, these additional notices supplement this privacy policy and should be read as one.
Table of Contents
I. Responsibility for Your Personal Information
II. What and How We Collect Personal Information
- Business Development and Business Acceptance
- Products and Services
- Use of Our Website
- Social Plugins
- Other Processing Activities
III. Profiling and Automated Decisions
IV. How and Why We May Share Your Personal Information
- With Third Parties
- Disclosing Information to Third Parties in Foreign Countries
V. Security of Your Personal Information
VI. Storing Your Data
VII. Your Rights
VIII. Our Contact Information
IX. Updates and Changes to this Privacy Policy
Responsibility for Your Personal Information
We are The Club, Via da Vout 3, St. Moritz, Switzerland. We are the responsible Controller of the personal information you provide to us or we collect when you visit our website or during our business.
What and How We Collect Personal Information
We collect and process your personal information as described in the following.
1. Business Development and Business Acceptance
We collect personal information about our members, prospective members, as well as other business contacts as part of business development initiatives and our business acceptance process.
The type of personal information we collect includes name, contact details (such as your address, email address and telephone numbers), nationality, birth date, profession, bank account and credit card information as well as communication with us.
We obtain this information directly from you, from other members, who sponsors you, or from publicly available open sources.
We may use your personal information to maintain and develop our business relationship with you, identify products or services you may be interested in, to pursue certain business development initiatives, send you publications and marketing communications and invite you to events, to the extent permitted by law.
The legal basis for processing your personal information for these purposes is our legitimate interest in conducting and developing our business (article 6(1)(f) GDPR).
We only send you marketing emails if we are in an existing business relationship with you or you have consented to receiving such emails pursuant to article 6(1)(a) GDPR. If you no longer wish to receive emails relating to our services, or events, you can unsubscribe at any time by using the “unsubscribe” button at the bottom of the email or by contacting us as indicated in section VIII of this privacy policy.
Where we need to collect information required for our services and you fail to provide that information when requested, we may not be able to provide our services as requested by you.
2. Products and Services
In the course of our business activities, we collect and process personal information about our members, related persons, and other persons as well as their respective representatives and employees.
The type of personal information that we collect includes name and contact details (such as your address, email address and telephone numbers), nationality, birth date, business interests, as well as information of all kind from correspondence, contacts and interactions with us. We will also process information of all kind that is revealed to or collected by us in the course of offering our products and services.
We collect personal information directly from you, from our clients or other per-sons to a matter and their respective representatives and employees. We may receive or collect personal information from third persons such as your employ-er, other organizations that you have dealings with or related to, regulators or government agencies. We may also collect personal information from publicly available sources.
We may use this information to provide our services, to run our services (e.g., carry out administrative or operational processes), monitor and analyze our services to improve them. Our main legal basis for these processing purposes is the conclusion or fulfillment of a contract pursuant to article 6(1)(b) GDPR. In other cases, we may also rely on our legitimate interest to conduct business as long as your interest in the protection of your personal information does not override our interests pursuant to article 6(1)(f) GDPR.
If you or the organization for which you are acting are a client and you fail to provide information that we require when requested, we may not be able to provide our products and services and continue our business relations.
In case you do not want to provide personal information that we need to offer products and services that you have requested, this may mean that we are not able to offer the full range of products and services you wish to have.
3. Use of Our Website
When you visit our website, we collect the following information usage data such as domain name, user settings, browser type, session ID, IP address, authentication data and visit time, as well as other meta data.
We collect this personal information about you so that we can offer website content and provide products and services that are offered via the website as well as to analyze the usage of our website. In such cases, the legal basis for the processing is fulfilment of a contract pursuant to Article 6(1)b GDPR and our legitimate interest pursuant to Article 6(1)f GDPR.
4. Social Plugins
We use social plugins on our website which you can recognize by the respective icon which is placed on our website. If you interact with this social net-work, e.g., if you click on the icon on our website, the information collected by the social plugin will be forwarded and your visit recognized by the respective social media platform provider. These social plugins are not automatically activated. For more information on how our social media partners process the personal information they collect about you, please refer to their respective privacy policies and notices.
5. Other Processing Activities
Further, we collect and process information about you if you offer or provide products or services to us, if we evaluate your products or services, and generally when you request information from us or provide information to us. We may also process your personal information to the extent we have a legal obligation (article 6(1)(c) GDPR) to do so or to defend, exercise or establish a legal claim which is in our legitimate interest (article 6(1)(f) GDPR).
III. Profiling and Automated Decisions
We do not process your data in a way that creates a profile of you in our data-bases (e.g., a customer profile) or allows us to deduct certain aspects of your life such as interest, hobbies, financial situation, health etc.
We do not, currently, use automated decision-making to decide about ways to handle your data. If we should decide to start using a computer program to evaluate any of your data and make automated decisions that have a legal or similar effect on you, we will inform you of this in full transparency.
IV. How and Why We May Share Your Personal Information
Where necessary or useful for the provision of our services or for other purposes defined in this privacy policy, we may disclose your personal information collected during activities of the company with third parties.
1. With Third Parties
We may share your personal data with third parties (such as consultants, authorities and other persons) in Switzerland, or the EU. In addition, we may share your personal data with third parties if:
- You have consented to us doing so (where necessary) or the organization that you work for has obtained your consent for us to do so (where necessary);
- We are under a legal, regulatory, or professional obligation to do so (for example, to comply with anti-money laundering or sanctions requirements); or
- It is necessary in connection with legal proceedings or to exercise or defend legal rights.
We use third parties who provide products and services on our behalf and may share your information with them, for example banks, insurance companies or technology suppliers who may have access to your personal information when providing software support. If third parties are located outside of Switzerland or the EU, we only share your personal information on a basis that ensures ad-equate data protection.
2. Disclosing Information to Third Parties in Foreign Countries
During our business activities and for the purposes described in this policy, we may also disclose your personal data to third parties outside of Switzerland to the extent permitted and required by law. Personal data is only transferred to third parties in foreign countries if the relevant legal requirements are met. Third parties in foreign countries are obliged to maintain the same level of data protection as we do. The recipients are located in the EU, and we ensure that the protection of personal data is equivalent to that in Switzerland, if the level of data protection in a country is not adequate under applicable law.
You may request a copy of these contractual guarantees, whereby in individual cases we may need to redact parts that are relevant to the privacy of others or confidentiality obligations. In exceptional cases, we may rely on your consent or transfer your personal information abroad if it is necessary for the performance of contract, establishment, exercise, or enforcement of legal claims or overriding public interests.
V. Security of Your Personal Information
We have put in place technical and organizational security measures to hold your personal information securely in electronic and physical form, to protect it from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss. Our premises are access con-trolled and our electronic databases require logins and password authentication. We use encryption technologies to transfer your data. This does not ex-tend to communication via email, which is not encrypted.
Our employees and third-party service providers who have access to confidential information (including personal information) are subject to confidentiality obligations.
VI. Storing Your Data
We will retain your personal information for as long as is necessary for the purpose for which it was collected. We will further retain your personal information to comply with legal and regulatory obligations, for as long as claims could be brought against us and for as long as legitimate interest, including data security, requires.
VII. Your Rights
You have the right to:
- request access to your personal information and certain information in relation to its processing;
- request rectification of your personal information;
- request the erasure of your personal information;
- request that we restrict the processing of your personal information; and
- object to the processing of your personal information.
In case you have provided your consent to the collection, processing, and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.
Please note, that we may refuse or limit to grant these rights for legal reasons or based on data protection legislation, in which case we will provide reasons for our decision as required by the law.
If you feel we have not handled your query or concern to your satisfaction you can file a complaint with the competent data protection authority, in Switzer-land this is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch) .
If you would like to exercise these rights, please contact us in writing by email or letter in accordance with section VIII of this privacy policy.
In general, you will not have to pay a fee to exercise any of your individual rights. However, we may charge a fee for access to your personal information if the relevant data protection legislation allows us to do so, in which case we will inform you as required by the law.
VIII. Our Contact Information
The Clubhouse
Via da Vout 3, 7500 St. Moritz, Switzerland
[email protected]
+41 81 838 00 00
IX. Updates and Changes to this Privacy Policy
We reserve the right to update and change this privacy policy from time to time to reflect any changes to the way in which we process your personal in-formation or changing legal requirements. Any changes we may make to our privacy policy in the future will be posted on this website. Please check back frequently to see any updates or changes to our privacy policy.
As at: September 2024