Data protection declaration - University of Applied Sciences of the Grisons

Data protection declaration
Important legal information

Important legal information

Please read the following data protection declaration carefully before proceeding. People who access the website agree to the following terms and conditions.

University of Applied Sciences of the Grisons, Pulvermühlestrasse 57, 7004 Chur, Switzerland (hereinafter also referred to as "we") is the operator of the website (hereinafter referred to as "the technology") and is therefore responsible for the collection, processing and use of your personal data.

Your trust is important to us. We therefore take the issue of data protection seriously and use organisational and technical measures to ensure an appropriate level of security. We also train our employees.

Whenever we use third parties to process personal information, they are selected carefully and must take appropriate security measures to guarantee the confidentiality and security of your personal data.

Responsible body for data protection:
University of Applied Sciences University of Applied Sciences of the Grisons
Pulvermühlestrasse 57
CH-7004 Chur


Copyright and trademark rights

The entire contents of the website are protected by copyright. All rights belong to University of Applied Sciences of the Grisons or third parties. The elements on the website are freely accessible for browsing purposes only. Duplication of this material or parts thereof in any written or electronic form is permitted only with explicit reference to The reproduction, transmission, modification, linking or use of the website for public or commercial purposes is prohibited without prior written consent from us. Please contact us at The various names and logos on the website are generally registered and protected trademarks. No part of the website has been designed in such a way as to grant a licence or right to use an image, registered trademark or logo. Downloading or copying the website or parts thereof confers no rights whatsoever with regard to the software or elements on the website. We reserve all rights with regard to every element of the website with the exception of the rights held by third parties.

No warranty

Although we have taken every care to ensure the reliability of the information contained on the website at the time of its publication, neither we nor our contractual partners can give any explicit or implicit assurances or guarantees (including towards third parties) with regard to the accuracy, reliability or completeness of the information on Opinions and other information on the website are subject to change at any time without notice. We accept no responsibility and make no guarantees that the functions on the website will be available without interruption and that the website or the relevant server is free of viruses and other harmful components.


Limited liability

Should we have a contractual relationship with the user of the website or another of our services, we shall be liable only for gross negligence or damage caused through malicious intent. We refuse to accept any liability for damage caused by any agents. We cannot be held liable for loss of profit, data, or any other direct, indirect or consequential damage arising from access to or use of elements of the website, or an inability to access or use the site or links to other websites, or as a result of technical faults.

Links to other websites

The website contains links to websites of third parties that may be of interest to you. Clicking on such links may take you out of the website or display parts of third-party websites within the framework of the website. University of Applied Sciences of the Grisons has not conducted any checks whatsoever on the websites of third parties linked to the website and is not responsible or liable in any way for the content or functioning of such third-party websites. This applies irrespective of whether you leave the website when clicking on a link or if the extract is displayed within the framework of the website, even if, in the latter case, the provider of the information on an external website is not immediately obvious. Following this connection or consulting the websites of third parties shall be at the user’s sole risk and peril.


All personal data collected within the framework of registration or generated during use and protected by the Federal Act on Data Protection (FADP) and/or the EU General Data Protection Regulation (GDPR) is used exclusively for the purpose of contractual fulfilment unless you have given your express consent, in particular in accordance with this data protection declaration, to any further use or if the applicable legislation permits such use. 

Our employees are obliged to treat personal data confidentially.


The scope and purpose of the collection, processing and use of personal data

What personal data we collect

We may collect the following information from you: contact data (company name, name, address, e-mail address, etc.), personal data relating to the services you use, your payment data, online preferences and/or customer feedback. We use this personal data to communicate with you, conclude and process business transactions with you, operate the technology, for billing, market research and marketing, for example to analyse our customer base or contact you by post, e-mail or text messaging. 
We may furthermore collect personal information about your creditworthiness to protect ourselves against payment defaults.
Your surfing and usage data is also collected. This includes, for example, your IP address, information about the device, browser and browser version that you use to visit the technology, when you do so, which operating system you use, which website or app you access our technology from via a link, as well as which elements of the technology you use, and how. This personal data is stored together with the IP address of your access device and serves to correctly present and optimise our technology, protect it against attacks and other legal violations and personalize the technology for you.

When visiting

When someone visits our website, our servers temporarily save all access information in a log file. The following user and device data as well as personal data is collected without intervention on your part and stored by our host (Internet service provider, ISP):

  • The IP address of the requesting computer
  • The date and time of the access
  • The name and URL of the retrieved file
  • The web page from which access took place
  • The operating system of your computer and the browser you are using
  • The country from which you accessed the pages and the language settings of your browser

This data is collected and processed to enable the use of our website (the establishment of connections), ensure permanent system security and stability and enable the optimisation of our online offers as well as for internal statistical purposes. This is our legitimate interest in data processing. The IP address is used in particular to determine the country in which the visitor is located. Furthermore, the IP address is evaluated for statistical purposes in the event of an attack on the network infrastructure of In addition, when you visit our technology, we use what are known as pixels and cookies to display personalised advertising and enable us to use web analysis services.

When using our contact forms

You can get in touch with us via a contact form. When doing so, you must provide the following personal data:

  • Salutation
  • First name and surname
  • Address (street, house number, town, postcode)
  • Phone number
  • E-mail address

We will mark mandatory entries with an asterisk (*). Failure to provide this information may hinder the provision of our services. The provision of personal data in fields not marked with an asterisk is voluntary. You can inform us at any time that you no longer want this voluntary personal data provided to be processed (cf. the section entitled "Your rights”). The provision of other information is optional and has no influence on the use of our technology.
We use this data only to answer your contact requests as well as possible and in a personalised manner. You can inform us at any time that you no longer want this voluntary personal data provided to be processed (cf. the section entitled "Your rights”).

When registering for our newsletter

On our website you have the option of subscribing to our newsletter. Registration is required for this. The following data must be provided during the registration process:

  • Your e-mail address

The e-mail address is required to send the newsletter. You can voluntarily provide us with details regarding the appropriate salutation and your name so that we can address our offers to you personally.

By registering, you give us your consent to process the provided data for regularly sending the newsletter to the address you specified as well as for statistical evaluation of user behaviour and to optimise the newsletter. We are entitled to commission third parties with the technical processing of advertising and to pass on your data for this purpose. At the end of each newsletter, you will find a link which allows you to unsubscribe from the newsletter at any time. Once the subscription has been cancelled, your personal data is deleted. We expressly draw your attention to the data analysis carried out as part of dispatching our newsletter (see the section below entitled "Evaluation of newsletter use").

Use of your data for advertising purposes

Creation of pseudonymised user profiles

In order to enable personalised marketing on social networks, we use what are known as remarketing pixels in our technology. If you have an account with an associated social network and you are logged on there when you visit our web page, this pixel links the page visit with your account. You can make further advertising-related settings in your user profile on the respective social networks. We use retargeting technologies. These analyse your user behaviour on our technology to enable us to offer you individually tailored advertising on partner websites. Your user behaviour is recorded under a pseudonym. Most retargeting technologies work with cookies. You can prevent retargeting at any time by rejecting or deactivating the relevant cookies in the menu bar of your web browser. You can also request an opt-out for the aforementioned other advertising and retargeting tools via the Digital Advertising Alliance website at The following remarketing pixels are used on our technology:


This website contains AddThis plugins that enable you to set bookmarks or share interesting web page content. Cookies are set whenever AddThis is used. The generated data (e.g. the time of use or browser language) is transferred to Add This LLC, 1595 Spring Hill Rd, Suite 300, Vienna, VA 22182, USA, where it is processed. For more information about data processing by Add This LLC and the privacy practices of Add This LLC, please see the AddThis privacy policy.
You can refuse the use of your data at any time by using an opt-out cookie (see below for more information).

Google Tag Manager

We also use Google Tag Manager to manage our usage-based advertising services. The Tag Manager tool itself is a cookie-free domain that does not collect any personal data. Rather, the tool triggers other tags that may themselves collect data (see above). If you have disabled it at the domain or cookie level, this applies to all tracking tags implemented with Google Tag Manager.

AdWords and DoubleClick

We use Google AdWords remarketing and DoubleClick by Google, services of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"), to deliver ads based on the use of previously visited web pages. For this Google uses what is known as a DoubleClick cookie, which enables your browser to be recognised when you visit other web pages. The information generated by the cookie about your visit to this technology (including your IP address) is transmitted to and stored by Google on servers in the United States (further information on the transfer of personal data to the US can be found under "Transmission of personal data to other countries" below). Google uses this information to evaluate your use of technology with regard to the ads to be placed, compiles reports on website activity and advertising for website operators and provides other services relating to website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law or if such third parties process the information on Google's behalf. However, Google will under no circumstances associate your IP address with any other data held by Google.

Facebook Business

We use Facebook Business to enable personalised marketing on social networks. If you have a Facebook account and are logged on when you visit our page, the data from the page visit will be associated with your account.

Data transfer to third parties

We pass on your personal data if you have expressly consented thereto, if there is a legal obligation to do so or if this is necessary to exercise our rights, in particular to enforce claims arising out of the relationship between you and University of Applied Sciences of the Grisons (e.g. debt collection companies, authorities or lawyers). We pass on your data to third parties where this is necessary within the framework of the use of the technology for providing the services you requested (e.g. outsourcing partners, hosts, companies with whom we offer services on our technology, e.g. for bookings, rental, purchases, etc., or companies that advertise on our behalf) and for analysing your user behaviour. 

When passing on data to third parties, we ensure that there are sufficient contractual guarantees that such third parties will use personal data in accordance with the legal requirements and exclusively in our interests. 

If the technology contains links to third-party websites, University of Applied Sciences of the Grisons no longer has any influence over the collection, processing, storage or use of personal data by the third party after a visitor clicks on these links, nor does it accept any responsibility for this.


Transmission of personal data to other countries

University of Applied Sciences of the Grisons is entitled to transfer your personal data to third-party companies (commissioned service providers) abroad if this is necessary for the data processing described in this data protection declaration. These third parties are subject to data protection obligations to the same extent as we are. If the level of data protection in a country does not correspond to that in Switzerland or the European Union, we contractually ensure that the protection of your personal data corresponds to that in Switzerland and/or the EU at all times.
For reasons of complete transparency, we would like to point out to users resident or based in Switzerland that US authorities have implemented surveillance measures in the United States which generally allow the storage of all personal data of anyone whose data is transferred to the US from Switzerland. This is done without differentiation, restriction or exception on the basis of the pursued objective and without any objective criteria that would restrict access by US authorities to the data and the subsequent use thereof to very specific, strictly limited purposes that could justify the intervention associated with both access to and use of the data. In addition, we would like to point out that in the United States there are no legal remedies available to data subjects from Switzerland that would enable them to access, correct or delete data about them, nor is there any effective legal protection against the general access rights of US authorities. We explicitly draw the attention of data subjects to this legal framework and the state of affairs in order to enable them to make an informed decision regarding consent to the use of their data. Users residing in EU Member States should note that the European Union believes that the United States does not afford an adequate level of data protection, partly because of the issues mentioned in this section. Should we have stated in this data protection declaration that data recipients (such as Google, Facebook or Twitter) are based in the United States, we will ensure that our partners protect your data to an appropriate extent, either through contractual agreements with these companies or by ensuring that they are certified under the EU-US Privacy Shield.

Data security

We use suitable technical and organisational security measures to ensure that any personal data of yours which we store is protected against manipulation, partial or complete loss as well as unauthorised access by third parties. Our security measures are continuously improved in line with technological developments. You should always keep your information confidential and close your browser window when you have finished communicating with us, especially if you share the computer with others. We also take internal data protection very seriously. Our employees and the service providers we commission are pledged by us to confidentiality and compliance with the data protection regulations.



We use cookies in our technology. Cookies help in many ways to make your visit to our web pages easier, more enjoyable and more meaningful. Cookies are information files that your browser automatically stores on your computer's hard drive when you visit our website.

Session cookies are used to enable information that is stored on our server during specific use of our website (e.g. the online shop) to be assigned unambiguously to you or your browser (e.g. so that the contents of your shopping basket are not lost) whenever you visit our site. Session cookies are deleted when you close your Web browser. Permanent cookies are used to store your preferences (e.g. your preferred language) across several independent visits to our website, i.e. even after closing your Web browser, or to enable automatic login. Permanent cookies are deleted in accordance with the settings in your browser (e.g. one month after your last visit). By using our website as well as the corresponding functions (e.g. language selection or autologin), you consent to the use of permanent cookies.

Cookies do not damage the hard disk of your computer nor do they transmit the personal data of users to us. We use cookies, for example, to better align displayed information, offers and advertising with your individual interests. The use of cookies does not provide us with additional personal data about you as an online visitor. Most Web browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message appears whenever you receive a new cookie. Disabling cookies may prevent you from using all the features on our website.


Tracking tools

On our website, we use what are known as tracking tools, which monitor your surfing behaviour on our website. This monitoring is undertaken for the purpose of designing and continuously optimising our website in line with demand. In this context, we create pseudonymised user profiles and store small text files (“cookies”) on your computer.
Third-party companies may also use permanent cookies, pixel tags or similar technologies for this purpose. Third parties do not receive any personal data from us, but may track your use of our website, combine this information with data from other web pages that you have visited and which are also tracked by the third-party company, and use this information for their own purposes (e.g. advertising control). The processing of your personal data by such third parties is the responsibility of the relevant service provider in accordance with its data protection regulations.
The following tracking tools are used:

Google Analytics

Google Analytics is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use Google Analytics on our website for anonymous evaluation of the use of the site. For this purpose, a cookie is set and the log data for the session is sent to Google.

Tracking with fusedeck

This Website uses “fusedeck”, a tracking solution provided by Capture Media AG (hereinafter referred to as “Capture Media”). Capture Media is a Swiss company having its registered office in Zurich which, on behalf of its customers, measures website usage in the context of engagements and events. Tracking is anonymous so that it is impossible to attribute any information gained to any identified or identifiable persons.

Through the use of fusedeck, Capture Media also collects data provided through forms on this Website, whereby collection is personal. Such data is collected in compliance with the Swiss Federal Act on Data Protection (FADP) and – if and to the extent applicable – with the General Data Protection Regulation (GDPR) of the European Union (EU). The relevant information on data protection is provided to the user in the context of the respective form.

For more information on data protection and the rights which data subjects have in connection with “fusedeck”, including their right to “opt out” (right to object), please refer to the Privacy Policy and the Information on the Right to Object.

Social media plugins

The social plugins described below are used on our website. Wherever possible, the plugins on our website are deactivated by default and therefore do not send any data. You can activate the plugins by clicking on the corresponding social media button. If these plugins are activated, your browser establishes a direct connection with the servers of the respective social network as soon as you load one of our web pages. The content of the plugin is transmitted directly from the social network to your browser, which then integrates it into the web page. These plugins can be deactivated with a single click.

Social plugins from Facebook

Social plugins from Facebook are used on this website to make it more personal. For this, we use “LIKE” and “SHARE” buttons offered by the US company Facebook, Headquarters, 1 Hacker Way, Menlo Park, California 94025, USA, telephone: +1 650 308 7300. By integrating the plugins, Facebook is notified that your browser has loaded the corresponding page on our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the US, where it is stored. If you are logged in on Facebook, Facebook can directly associate your visit to our web pages with your Facebook account. If you interact with the plugins, for example by pressing the "LIKE" or "SHARE" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends. To this end, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the adverts you are shown on Facebook, inform other Facebook users about your activities on our website and provide other services associated with the use of Facebook. Information on the purpose and scope of data collection and further processing and the use of the data by Facebook as well as your rights in this regard and your privacy options can be found in the Facebook data policy.

Social Plugins from Twitter

On our website you can find plugins of Twitter Inc.795 Folsom St., Suite 600, San Francisco, CA 94107, USA. You can recognise Twitter plugins (the “tweet” button) by the Twitter logo on our site. If you have activated social plugins, a direct connection is established between your browser and the Twitter server. In this way, Twitter receives the information that you have visited our site from your IP address. If you click the Twitter "tweet" button while logged on to your Twitter account, you can link the content of our pages to your Twitter profile. This enables Twitter to associate your visit to our pages with your user account. 

Google Maps

Some of our web pages contain maps that are integrated by Google Maps. Google Maps is a product of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These maps are displayed using iframes. This means that a third-party website is accessed from that area of the web page. The data processing conducted within this iframe is beyond our control. Google associates the access with your Google account. Google Maps sets a cookie as soon as the page is loaded. If you would like to prevent this behaviour, you can use the links in the section entitled "Opt-in and opt-out options" to deactivate the use of Google cookies by your browser.

Social Plugins from Google Plus

Our website uses the “+1” button of the social network Google Plus, which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The button can be recognised by the expression "+1″ on a white or coloured background. If you call up a page on our website that contains such a button, your browser establishes a direct connection with Google's servers if you have activated social plugins. Google transfers the contents of the “+1” button directly to your browser, which integrates it into the web page. We therefore have no influence over the extent of the data that Google collects via the button. According to Google, no personal data is collected if you do not click the button. Data, including the IP address, is collected and processed only if a user is logged on. Information on the purpose and scope of the data collection, further processing and use of the data by Google as well as your rights in this regard and setting options to protect your privacy can be found in the Google Privacy Policy. If you are a Google Plus member, but don't want Google to collect information about you through our website and associate it with your Google member data, you must log out of Google Plus before visiting our site.


Some of our web pages contain videos that are integrated from YouTube . YouTube is a product of YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The videos are displayed using iframes. This means that an external website is accessed in the area of our web page in which the video is shown. The data processing conducted within this iframe is beyond our control. If you are logged into your YouTube account, YouTube will associate videos you watch with your YouTube account. If you wish to prevent this, simply log out of your YouTube account. YouTube sets a cookie as soon as the page is loaded. If you would like to prevent this behaviour, you can use the links in the section entitled "Opt-in and opt-out options" to deactivate the use of Google cookies by your browser.

Evaluation of newsletter usage

We use third-party e-mail marketing services to send our newsletter. Our newsletter may therefore contain what is known as a web beacon or similar technical means. A web beacon is an invisible 1x1 pixel-size graphic that is linked to the user ID of the relevant newsletter subscriber. This pixel is only activated when the pictures in the newsletter are displayed. Appropriate services enable us to evaluate whether e-mails containing our newsletter have been opened. The click behaviour of newsletter recipients can also be recorded and evaluated. We use this data for statistical purposes and to optimise the newsletter in terms of its content and structure. This enables us to better align the information and offers in our newsletter with the interests of our readers. The web beacon is deleted if you delete the newsletter. To prevent tracking pixels in our newsletter, please configure your mail client in such a way that HTML is not displayed in messages.


Legal basis for processing

As a rule, the legal basis for our processing of personal data is provided by Art. 13(2)(a) FADP (processing directly related to the conclusion or execution of a contract; this corresponds to Art. 6(1)(b) GDPR) and Art. 13(1) FADP (consent by data subjects or a statutory processing obligation; this corresponds to Art. 6(1)(a) GDPR). In our own interests, should we wish to refuse to conclude contracts with data subjects in future due to misuse, non-payment or similar legitimate reasons, we reserve the right, based on Art. 13(1) FADP (this corresponds to Art. 6(1)(f) GDPR), to retain the surname, first name, postal and e-mail address of a data subject as well as the personal data relating to the circumstances of the relevant case. Your personal data may also be processed by other Group companies, likewise on the basis of Art. 13(1) FADP (this corresponds to Art. 6(1)(f) GDPR).

Your rights

Upon request, we will provide data subjects with information about whether and, if so, which of their personal data is being processed (the rights of confirmation and information respectively). At your request we will

  • Cease processing your personal data, either in part or fully (the right to revoke consent to the processing of personal data that is not absolutely necessary and the right to be forgotten respectively); Share your request to be forgotten with third parties to whom we previously disclosed your personal data;
  • Correct relevant personal data (the right of correction);
  • Restrict the processing of the relevant personal data (the right to restricted processing; in this case we will only store your personal data or use it to protect our legal claims or the rights of another person);
  • Send you the relevant personal data in a structured, standard and machine-readable format (the right to data portability).

To apply to assert a right described in this section, e.g. if you no longer want to receive e-mail newsletters from us or wish to delete your account, please use the appropriate function on our website or contact our data protection officer or another employee as described at the beginning of this data protection declaration. If we reject an application, we will inform you of the reasons. For example, we are legally permitted to refuse to delete personal data if it is still required for the original purposes (e.g. if you continue to receive a service from us), if the processing is based on a mandatory legal basis (e.g. statutory billing regulations), or if we have an overriding interest of our own (e.g. in the event of a legal dispute with the data subject). If we assert an overriding interest in processing your personal data, you have the right to object to processing nonetheless if your particular situation weighs more heavily on our interests in comparison to other data subjects (the right of objection). This could be the case, for example, if you are a person of public interest or if processing could expose you to harm from third parties. If you are not satisfied with our response to your application, you have the right to lodge a complaint with a competent supervisory authority, for example in your country of residence or at the location of the headquarters of University of Applied Sciences of the Grisons (the right of complaint).

Data retention

We process personal data only for as long as is necessary for the purpose in question or as prescribed by law. If you set up an account with us, we store the contact data you provide indefinitely. However, you can request the deletion of your account at any time (cf. the section entitled "Your rights"). We will then delete the contact data unless we are required to retain it by law. In the case of orders placed without an account, your contact data is deleted when the warranty period expires or at the end of service provision, unless we are required to retain it by law. This deletion can take place immediately or as part of periodic deletion runs.

Contractual data, which may also include personal data, is retained by us until the end of the statutory ten-year retention period. Data retention obligations arise, among other things, from accounting and fiscal regulations as well as the duty to store electronic communication. Should we no longer need this data to provide you with services, the data is blocked. This means that the data may then be used only for accounting or fiscal purposes.

Should we wish to refuse further business contact with a data subject person due to misuse, non-payment or on other legitimate grounds, we will retain the relevant personal data for a period of five years or, in the event of recurrence, ten years.

Opt-in and opt-out options

If you do not want us to evaluate your usage data, you can deactivate this. Tracking may be switched off by placing what is known as an opt-out cookie on your system. If you delete all your cookies at once, the opt-out cookie will also be lost and may need to be renewed. 
Please note that the following list of opt-out options may include trackers used by our partners that are not necessarily implemented on our website:

A good way to configure a large number of cookies can be found at and
or by installing a browser extension available for every common browser: Ghostery


Applicable law and place of jurisdiction

This data protection declaration and any contracts entered into on the basis of or in connection with this data protection declaration are subject to Swiss law unless the law of another country is mandatory. The place of jurisdiction shall be the registered office of University of Applied Sciences of the Grisons unless another place of jurisdiction is mandatory.

Final provisions

Should individual parts of this data protection declaration be ineffective, this shall not affect the effectiveness of the rest of the data protection declaration. Further development of our website or our offers or changing statutory or official requirements may require us to amend this data protection declaration. The relevant latest version of the data protection declaration is published on our website.

This page was last changed on 6.6.2018. Should you have any questions or comments about our legal notices or data protection, please contact us at