Privacy Policy

Responsible party within the meaning of data protection laws, in particular the EU General Data Protection Regulation (EU GDPR):

Salvatore Ponzio, Hotel Steinbock & Ristorante-Pizzeria Da Salvi

Hotel Steinbock & Ristorante-Pizzeria Da Salvi
Dorfstrasse 189
3818 Grindelwald/BE

E-Mail: (unencrypted)

General Note

Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the Federal Government (Data Protection Act, DSG), every individual has the right to privacy and protection against the misuse of personal data. The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.

In collaboration with our hosting providers, we make every effort to protect databases against unauthorized access, loss, misuse, or falsification to the best of our abilities. Please note that data transmission over the Internet (e.g. when communicating via email) may have security vulnerabilities. A complete protection of data from access by third parties is not possible.

By using this website, you agree to the collection, processing, and use of data as described below. This website can generally be visited without registration. Data such as pages accessed or names of the retrieved file, date, and time are stored on the server for statistical purposes without directly relating these data to your person. Personal data, especially name, address, or email address, are collected on a voluntary basis if possible. Data will not be passed on to third parties without your consent.

This website was created with the Swiss host Cyon. The server is located in Basel, Switzerland.

Data Processing When Contacting Us

When you get in touch with us through our contact addresses and channels (e.g., via email, phone, or contact form), your personal data will be processed. The data processed includes the information you have provided to us, such as your name, email address, or phone number, as well as the nature of your inquiry. Additionally, the time of receiving the request will be documented. Mandatory information is marked with an asterisk (*) in contact forms. We process this data to address your inquiry (e.g., providing information about our hotel, assisting with contract-related matters such as booking questions, incorporating your feedback into the improvement of our services, etc.). The legal basis for these data processing activities is our legitimate interest as defined in Article 6(1)(f) of the General Data Protection Regulation (GDPR) in addressing your inquiry or, if your request pertains to the conclusion or execution of a contract, the necessity for carrying out the required measures as stipulated in Article 6(1)(b) of the GDPR.

Payment Processing at the Hotel

When you make purchases, avail services, or settle your stay at our hotel using electronic payment methods, the processing of personal data is necessary. By using the payment terminals, you transmit the information stored in your payment method, such as the cardholder’s name and card number, to the involved payment service providers (e.g., payment solution providers, credit card issuers, and credit card acquirers). They also receive information that the payment method was used at our hotel, along with the transaction amount and time. Conversely, we only receive the credit for the amount of the completed payment at the corresponding time, which we can associate with the relevant receipt number, or information that the transaction was not possible or was canceled. Always pay attention to the information provided by the respective company, particularly their privacy policy and terms and conditions.

Data Processing for the Recording and Billing of Consumed Services

If you avail services during your stay (e.g., additional nights, wellness, restaurant, activities), the data related to your booking (e.g., timing and notes), as well as data regarding the booked and consumed service (e.g., type of service, price, and timing of service consumption), will be collected and processed by us for the purpose of service fulfillment, in addition to your contract data. The legal basis for our data processing activities lies in the performance of a contract as defined in Article 6(1)(b) of the General Data Protection Regulation (GDPR).

Data Processing in Video Surveillance

To protect our guests, staff, and property, as well as to prevent and penalize unlawful activities (especially theft and property damage), the entrance area and publicly accessible areas of our hotel, excluding restroom facilities, may be monitored by cameras. The video data is only viewed when there is suspicion of unlawful behavior. Otherwise, the video recordings are automatically deleted after 30 days. For the provision of the video surveillance system, we rely on a service provider, AIS Computer AG, Untere Bönigstrasse 33, 3800 Interlaken, Switzerland. AIS Computer AG has access to the data as required for the operation of the system. If suspicion of unlawful behavior is substantiated, the data may be disclosed to the extent necessary for enforcing claims or reporting to consulting firms (especially law firms) and authorities. Information about data processing by third parties and any data transfers abroad can be found in section 2 of this privacy policy. For further information about data processing related to AIS Computer AG, please visit The legal basis for this is our legitimate interest as defined in Article 6(1)(f) of the General Data Protection Regulation (GDPR) in protecting our guests, staff, property, as well as safeguarding and enforcing our rights.

Data Processing When Using Our WiFi Network

In our hotel, you have the opportunity to use our WiFi network for free. To prevent misuse and to penalize unlawful behavior, prior registration is required. During registration, you will provide us with the following data:

  • MAC address of the device (automatically collected)

In addition to the above data, when you use the WiFi network, data regarding the time and date of usage, as well as the device used, will be recorded. The legal basis for these processing activities is your consent as defined in Article 6(1)(a) of the General Data Protection Regulation (GDPR). You can withdraw your consent at any time for future use.

For the provision of our WiFi network, we collaborate with Sunrise GmbH, Thurgauerstrasse 101B, 8152 Glattpark, Switzerland. Consequently, your data may be stored in a database managed by Sunrise GmbH, enabling them to access your data if necessary for providing the software and assisting with its use. Information about data processing by third parties can be found in section 2 of this privacy policy. Further information about data processing by Sunrise GmbH can be found at

Sunrise GmbH must comply with the legal obligations of the Federal Act on the Surveillance of Post and Telecommunications (BÜPF) and its related regulations. If the legal requirements are met, the operator of the WiFi network must monitor internet usage and data traffic on behalf of the relevant authorities. The WiFi network operator may also be obliged to disclose contact, usage, and metadata of hotel guests to authorized authorities. This contact, usage, and metadata is retained in a personally identifiable manner for 6 months and then deleted.

The legal basis for these processing activities is our legitimate interest as defined in Article 6(1)(f) of the General Data Protection Regulation (GDPR) in providing a WiFi network while complying with applicable legal regulations.

Data Processing for Compliance with Legal Reporting Requirements

Upon arrival at our hotel, we may require the following information from you and your accompanying persons, with mandatory fields marked with an asterisk (*) in the corresponding form:

  • Salutation
  • First and last name
  • Billing address
  • Date of birth
  • Nationality
  • Identity card or passport
  • Arrival and departure dates

We collect this information to fulfill legal reporting obligations, particularly those arising from the hospitality or police regulations. To the extent required by applicable regulations, we will forward this information to the relevant authorities.

The legal basis for processing this data is our legitimate interest as defined in Article 6(1)(c) of the General Data Protection Regulation (GDPR) in complying with our legal obligations.

Data Processing for Job Applications

You have the opportunity to apply for a position within our company, either spontaneously or in response to a specific job posting. During this process, we process the personal data you provide.

The data you provide is used to evaluate your application and suitability for employment. Application materials from applicants who are not selected will be deleted at the end of the application process, unless you explicitly agree to a longer retention period, or we are legally obligated to retain them for a longer period.

Central Data Storage and Analysis in the CRM System

If it is possible to clearly identify you, we will store and link the data described in this privacy policy, including your personal information, your contact details, your contract data, and your browsing behavior on our websites, in a central database. This is done to efficiently manage customer data, enable us to process your inquiries adequately, and facilitate the efficient provision of the services you request and the processing of related contracts.

The legal basis for this data processing is our legitimate interest as defined in Article 6(1)(f) of the General Data Protection Regulation (GDPR) in the efficient management of user data.

Furthermore, we analyze this data to develop our offerings in a user-centric manner and to be able to display and suggest as relevant information and offers to you as possible. We also use methods that predict potential interests and future orders based on your use of our website.

For central data storage and analysis in the CRM system, we use a software application provided by Rebag Data AG, Einsiedlerstrasse 533, 8810 Horgen, Switzerland. Consequently, your data may be stored in a database managed by Rebag Data AG, which enables Rebag Data AG to access your data if necessary for providing the software and assisting with its use. Information about data processing by third parties and any data transfers abroad can be found in section 3 of this privacy policy. Further information about data processing related to Rebag Data AG can be found at

Disclosure to Third Parties and Third-Party Access

Without the support of other companies, we would not be able to provide our services in the desired form. To utilize the services of these companies, it is sometimes necessary to share your personal data with them to a certain extent. Disclosure is made to selected third-party service providers and only to the extent necessary for the optimal provision of our services.

The legal basis for these disclosures is the necessity for the performance of a contract as defined in Article 6(1)(b) of the General Data Protection Regulation (GDPR).

Furthermore, your data may be disclosed to the extent necessary to fulfill the services you have requested, such as to restaurants or providers of other services for which you have made a reservation through us. In these cases, the legal basis for disclosure is the necessity for the performance of a contract as defined in Article 6(1)(b) of the GDPR. These third-party service providers are controllers under data protection law, not us. It is the responsibility of these third-party service providers to inform you about their own data processing activities, which may go beyond the sharing of data for service provision, and to comply with data protection laws.

Moreover, your data may be disclosed, especially to authorities, legal advisors, or debt collection agencies, if we are legally obligated to do so or if it is necessary to protect our rights, particularly to enforce claims against you. Data may also be disclosed if another company intends to acquire our business or parts thereof, and such disclosure is necessary to conduct due diligence or complete the transaction.

For these data processing activities, our legitimate interest in protecting our rights and fulfilling our obligations or in the sale of our business or parts thereof forms the legal basis, as defined in Article 6(1)(f) of the GDPR.

Transfer of Personal Data Abroad

We are entitled to transfer your personal data to third parties abroad if it is necessary for the execution of the data processing activities mentioned in this privacy policy. Specific data transfers have been mentioned earlier. Legal requirements for the disclosure of personal data to third parties are naturally followed. The countries to which data may be transferred include those that, according to the decision of the Federal Council and the European Commission, have an adequate level of data protection (such as EEA member states or, from the perspective of the EU, Switzerland), as well as countries (such as the USA) whose data protection level is not considered adequate (refer to Annex 1 of the Data Protection Ordinance (DSV) and the website of the European Commission). If the concerned country does not have an adequate level of data protection, we ensure, unless an exception is indicated in individual data processing cases (refer to Article 49 of the GDPR), through suitable guarantees that your data are adequately protected by these companies. These guarantees typically include standard contractual clauses as defined in Article 46(2)(c) of the GDPR, which can be obtained from the websites of the Federal Data Protection and Information Commissioner (FDPIC) and the European Commission. If you have any questions about the measures taken, please contact our data protection contact person.

Processing of Personal Data

Personal data refers to all information relating to a specific or identifiable person. An affected person is a person about whom personal data is processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, deletion, storage, alteration, destruction, and use of personal data.

We process personal data in accordance with Swiss data protection law. In addition, we process personal data in accordance with the following legal bases in connection with Art. 6 (1) GDPR to the extent that the EU GDPR is applicable:

  • lit. a) Processing of personal data with the consent of the data subject.
  • lit. b) Processing of personal data for the performance of a contract with the data subject and for pre-contractual measures.
  • lit. c) Processing of personal data to fulfill a legal obligation to which we are subject under applicable EU law or under the applicable law of a country in which the GDPR is applicable in whole or in part.
  • lit. d) Processing of personal data to protect the vital interests of the data subject or another natural person.
  • lit. f) Processing of personal data to safeguard the legitimate interests of us or third parties, unless the fundamental rights and freedoms of the data subject prevail. Legitimate interests are in particular our business interest in being able to provide our website, information security, enforcing our own legal claims, and compliance with Swiss law.

We process personal data for the duration necessary for the respective purpose or purposes. For longer retention periods required by law or other obligations to which we are subject, we restrict processing accordingly.

Right to Information, Deletion, Blocking

You have the right to free information about your stored personal data, its origin and recipient, and the purpose of data processing, as well as a right to correction, blocking, or deletion of this data. For this purpose and for further questions regarding personal data, you can contact us at any time at the address given in the imprint.

This website uses cookies

These are small text files that make it possible to store specific, user-related information on the user’s device while using the website. Cookies allow us to determine the frequency of use and the number of users of the pages, analyze usage patterns of website visits, and make our offer more customer-friendly. Cookies are stored beyond the end of a browser session and can be retrieved when the site is visited again. If you do not wish this, you should set your Internet browser to refuse the acceptance of cookies.

A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US American site or the EU site Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that in this case, you may not be able to use all functions of this online offer.

SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, such as requests you send to us as the site operator, this website uses SSL/TLS encryption. An encrypted connection is indicated by the browser’s address line changing from “http://” to “https://” and the lock symbol in your browser line. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Data Transmission Security (Without SSL)

Please note that data transmitted via an open network, such as the Internet or an email service without SSL encryption, can be seen by anyone. An unencrypted connection can be recognized by the fact that the address line of the browser displays “http://” and there is no lock symbol in your browser line. Information transmitted over the Internet and content received online can potentially be transmitted via networks of third parties. We cannot guarantee the confidentiality of messages or documents transmitted over such open networks or networks of third parties.

If you disclose personal information via an open network or networks of third parties, you should be aware of the fact that your data may be lost or third parties may potentially access and use that information without your consent. Although individual data packets are often encrypted, the names of the sender and recipient are not. Even if the sender and recipient live in the same country, data transmission may occur via such networks and without controls, even via third countries, i.e., countries that do not provide the same level of data protection as your domicile country. We assume no responsibility for the security of your data during transmission over the Internet and disclaim any liability for direct and indirect losses. We encourage you to use other means of communication if you deem it necessary or reasonable for security reasons.

Despite extensive technical and organizational security measures, data may be lost or intercepted by unauthorized third parties and/or manipulated. We take appropriate technical and organizational security measures to prevent this within our system to the extent possible. However, your computer is located outside the security area that we can control. It is your responsibility as a user to inform yourself about the necessary security precautions and to take appropriate measures in this regard. As the website operator, we do not assume any liability for damage that may arise from data loss or manipulation.

Data provided in online forms may be passed on to authorized third parties for order processing and may be viewed and possibly processed by them.

Server Log Files

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL (the previously visited page)
  • Hostname of the accessing computer
  • Date and time of the server request

These data cannot be assigned to specific persons. These data will not be merged with other data sources. We reserve the right to check these data subsequently if we become aware of specific indications of illegal use.

Contact Form / Booking request

If you send us inquiries via the contact form, your data from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and for the case of connection questions. We do not pass on this data without your consent.

This data is processed on the basis of Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries submitted to us (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR) if this has been requested.

The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – in particular, retention periods – remain unaffected.

Google Web Fonts

This website uses web fonts provided by Google to ensure a consistent font appearance. When you visit a page, your browser downloads the necessary web fonts into its cache to display texts and fonts correctly. If your browser doesn’t support web fonts, a default font from your computer will be used.

For more information about Google Web Fonts, please visit, and you can also refer to Google’s Privacy Policy at

Since August 10, 2023, all Google Fonts are being stored locally.

Google Maps

This website uses the services of Google Maps, which allows us to display interactive maps directly on the website and provides you with a convenient way to use the mapping functionality. By visiting the website, Google receives information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Google provides a user account through which you are logged in or if no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not wish for this association with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research, and/or the personalized design of its website. Such analysis is carried out in particular (even for users who are not logged in) for the purpose of providing targeted advertising and informing other users of the social network about your activities on our website.

You have the right to object to the creation of these user profiles, and to exercise this right, you must contact Google. For more information about the purpose and scope of data collection and its processing by Google, as well as additional information about your rights and options for protecting your privacy, please visit:

Third-party services

This website uses Google Maps for embedding maps, Google Analytics for web analysis, Google Web Fonts for font display, and possibly YouTube for embedding videos.

These services provided by the American company Google LLC use cookies among other technologies, and as a result, data is transmitted to Google in the United States. We assume that within this framework, no personally identifiable tracking occurs solely through the use of our website.

Google has committed to ensuring appropriate data protection in accordance with the American-European and the American-Swiss Privacy Shield frameworks.

Further information can be found in Google’s Privacy Policy.

This website uses AwStats

We utilize the tool “AwStats,” a free web analytics software by AWStats. AWStats employs so-called “cookies,” which are text files stored on your computer, enabling an analysis of your usage of the website. The information generated by the cookie about your use of this website is locally stored on our server in Switzerland. AWStats will use this information to evaluate your website usage, compile reports on website activities for the website operators, and provide further services related to website and internet usage. You can prevent the installation of cookies through the appropriate settings in your browser software; however, we want to make you aware that in this case, you may not be able to fully utilize all functions of this website. By using this website, you consent to the processing of data about you by AWStats in the manner and for the purpose described above.

The aforementioned evaluations are conducted based on legitimate interests. The web analytics software used aims to ensure a demand-oriented design and continuous optimization of our offering. Furthermore, we employ the web analytics software to statistically record the usage of our offering and evaluate it for the purpose of optimizing our services. The IP addresses of users are anonymized before being stored.

Weitere Informationen zur Datennutzung erfahren Sie auf der Übersichtsseite:


This website uses plugins from the Google-operated site YouTube. The operator of these pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This informs the YouTube server of which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. For more information on how user data is handled, please refer to YouTube’s Privacy Policy at:

Notice regarding data transfer to the United States of America (USA)

For the sake of completeness, we would like to inform you that, for users located in Switzerland, there are surveillance measures by US authorities in place that generally allow for the storage of all personal data from Switzerland that has been transferred to the USA. This occurs without differentiation, limitation, or exception based on the pursued objectives, and without an objective criterion that would enable the US authorities to restrict access to the data and their subsequent use to specific, strictly limited purposes that would justify the intrusions associated with accessing and using this data. Additionally, we would like to highlight that in the USA, there are no legal remedies available for the individuals from Switzerland that would allow access to the data concerning you, and no effective judicial protection against general access rights of US authorities exists. We explicitly inform the affected individuals of this legal and factual situation to enable them to make an informed decision about consenting to the use of their data. For users residing in a member state of the EU, we would like to emphasize that, from the perspective of the European Union, the USA does not provide an adequate level of data protection.

General Disclaimer

All information on our website has been carefully reviewed. We strive to offer our information in a current, accurate, and complete manner. However, the occurrence of errors cannot be entirely ruled out, and as such, we cannot guarantee the completeness, accuracy, and timeliness of information, including editorial content. Liability claims for damages of a material or immaterial nature caused by the use of the provided information are excluded, unless there is demonstrable willful intent or gross negligence.

The publisher reserves the right to change or delete texts at their own discretion and without prior notice, and is not obligated to update the content of this website. The use or access of this website is at the visitor’s own risk. The publisher, its clients, or partners are not responsible for damages, whether direct, indirect, incidental, specifically identifiable in advance, or consequential, allegedly caused by visiting this website, and therefore assume no liability.

The publisher also assumes no responsibility or liability for the content and availability of third-party websites accessible through external links on this website. The operators of linked pages are solely responsible for their content. The publisher explicitly distances themselves from all third-party content that may be legally or criminally relevant or violate good manners.

Purely using this website does not establish a contractual relationship between the user and the provider of the website.

Changes / Updates

We reserve the right to adjust this privacy policy at any time without prior notice. The current version published on our website applies. This privacy policy will be updated in the event of changed internet procedures, new services, or security technologies that we introduce.

Online Dispute Resolution

The European Commission provides a platform for online dispute resolution (ODR), which can be accessed at

We are neither willing nor obligated to participate in dispute resolution proceedings before a consumer arbitration board.

Objection to Promotional Emails

The use of contact details published within the scope of the legal notice for sending unsolicited advertising and informational materials is hereby objected to. The operators of the website explicitly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as through spam emails.


The copyright and all other rights to content, images, photos, or other files on the website belong exclusively to the operator of this website or the specifically named rights holders. For the reproduction of any files, prior written consent from the copyright holder must be obtained. Anyone who commits a copyright infringement without the consent of the respective rights holder may be subject to criminal prosecution and, in some cases, liable for damages.

Questions for the Data Protection Officer

If you have any questions regarding data protection, please send us an email or directly contact the responsible person listed at the beginning of the privacy policy in our organization.

Grindelwald 01.08.2023