Privacy Statement

Important legal information

Please read the following privacy policy carefully before proceeding. Persons who access the website agree to the following conditions.

LATESTA AG, P.O. Box 52, CH-7500 St. Moritz (hereinafter also referred to as "we") is the operator of the website (hereinafter referred to as the "website"), and is therefore responsible for the collection, processing and use of your personal data.

Your trust is important to us, which is why we take the issue of data protection seriously and ensure appropriate security with organisational and technical measures. We also train our employees.

When we use third parties to process personal information, the third party is carefully selected and must take reasonable security measures to ensure the confidentiality and security of your personal information.

This privacy policy applies to the online shop REGALIN St. Moritz ( operated by LATESTA AG, but does not apply to third-party websites to which the online shop may link and which are subject to own privacy policies.

LATESTA AG (Via Somplaz 1, 7500 St. Moritz, Switzerland, e-mail: is a responsible person in terms of the applicable data protection laws.

The contact details of our head of data protection is as follows:

 Copyright and trademark rights

The entire content of the website is protected by copyright. All rights belong to LATESTA AG or third parties. The elements on the website are freely accessible for browsing purposes only. Duplication of this material, or parts thereof, in any written or electronic form is permitted only with a specific mention of . Reproduction, transfer, amendment, linking or use of the website for public or commercial purposes is prohibited without our prior written consent. Please contact The various names and logos appearing on the site are generally registered and protected trademarks. No part of the is designed in such a way as to grant a licence or right to utilise a picture, registered mark or logo. Downloading or copying the website or parts thereof, confers no rights whatsoever in respect of the software or elements of the website. We reserve all rights in respect of all elements of the website with the exception of rights belonging to third parties.

No warranty

Although we have taken all reasonable care to ensure the reliability of the information provided on this website, we cannot guarantee that it is accurate. information contained herein at the time of its publication, neither we nor our contractual partners can give any explicit or implicit assurance or warranty (including to third parties) with regard to the accuracy, reliability or completeness of the information on Opinions and other information on the website may be changed at any time without notice. We assume no responsibility and make no guarantee that the functions on will run uninterrupted or that the website or the relevant server is free of viruses or other harmful components.

Limitation of Liability

If a contractual relationship exists between us and the user of or any other of our services, we are liable only for gross negligence or intentionally caused damage. We exclude any liability for damage caused by an auxiliary person. We are not liable for loss of profit, loss of data or other direct, indirect or consequential damages arising out of access to elements of or the use thereof or the impossibility of accessing or using them or links to other websites or technical faults.


All personal data collected during the registration or generated during use and protected by the DSG (Swiss Federal law on data protection) will be used exclusively for the purpose of fulfilling the contract, unless, in particular, according to this privacy policy, your express consent to any further use exists or applicable law allows this.

Our employees are obliged to treat personal data confidentially.

Scope and purpose of collection, processing and use of personal data

What personal data we collect

We may collect personal data about received services, your payment details, your online preferences, and your customer feedback, including your company name, your name, address, email, and so on. We use this personal information to communicate with you, to conclude business with you and process transactions, to operate the technology, for billing purposes, to conduct market research as well as for marketing purposes, e.g. to analyse our customer base or to contact you by mail, email, or text messages.

We may collect personal information about your credit standing to protect us against payment default.

Your surfing and usage data will then be collected. This includes, for example, the IP address, the information as to which device, browser and browser version you used to visit the technology when, which operating system you use, from which website or app you accessed our technology via a link, and which elements of the technology you use and how. This personal data is stored together with the IP address of your access device. They serve to correctly present and optimize our technology, to protect it against attacks or other infringements and to personalize the technology for you.

When visiting

When visiting our website, our servers temporarily store every access in a log file. The following user and device data, as well as personal data, are collected without your intervention and stored by our host (ISP - Internet Service Provider):

  • the IP address of the requesting computer
  • the date and time of the access
  • the name and URL of the retrieved file
  • the website from which the access was made
  • the operating system of your computer and the browser you are using
  • the country from which you accessed and the language settings of your browser

The collection and processing of this data is carried out for the purpose of enabling the use of our website (establishment of a connection), ensuring system security and stability over the long term and enabling the optimization of our Internet offering as well as for internal statistical purposes. This is our legitimate interest in data processing. The IP address is used in particular to record the visitor's country of residence. In addition, the IP address is used in the event of attacks on the network infrastructure by for statistical purposes. In addition, when visiting our technology, we use so-called pixels and cookies to display personalised advertising and to use web analysis services.

When using our contact forms

You have the possibility to use a contact form to get in touch with us. The entry of the following personal data is mandatory:

  • Title
  • First name and last name
  • Address (street, house number, town, postcode)
  • telephone number
  • email address

The mandatory entries are marked by (*). Failure to provide this information may hinder the provision of our services. The specification of personal data in other fields is voluntary. You can inform us at any time that you no longer consent to the processing of this voluntarily provided personal data (see heading “Your Rights”). Other information is optional and does not affect the use of our technology.

We only use this data to answer your contact request in the best possible and personalised way. You can inform us at any time that you no longer consent to the processing of this voluntarily provided personal data (see heading “Your Rights”).

Use of your data for advertising purposes

Creation of pseudonymised user profiles

To enable personalised marketing in social networks, we use so-called remarketing pixels on the technology. If you have an account with a social network involved in this and are logged in at the time of the page visit, this pixel links the page visit with your account. You can make additional settings for advertising in the respective social networks in your user profile. We use re-targeting technologies. Your user behaviour will be analysed on our technology, in order to be able to offer you personalised advertisements on partner websites. Your user behaviour is recorded under a pseudonym. Most re-targeting technologies use cookies. You can prevent re-targeting at any time by rejecting or disabling cookies in the menu bar of your web browser. You can also visit the Digital Advertising Alliance website at to apply for an opt-out for the other advertising and re-targeting tools mentioned. The following remarketing pixels are used on our technology:

Google Tag Manager

We also use Google Tag Manager to manage the usage-based advertising services. The tool Tag Manager itself is a cookieless domain and does not collect any personally identifiable information. Instead, the tool is responsible for triggering other tags that may collect data (see above). If you have opted out at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.

Sharing of your data with third parties

We share your personal data if you have expressly consented, there is a legal obligation, or if it is necessary for the enforcement of our rights, in particular for the enforcement of claims arising from the relationship between you and LATESTA AG (e.g. collection agencies, authorities, or lawyers). We may share your data with third parties as far as required in the context of the use of the technology for the provision of the desired services (e.g. outsourcing partners, web hosts, companies through which we offer the services on our technology (e.g. for bookings, rent, purchase, etc.), companies that advertise on our behalf) as well as the analysis of your user behaviour.

When sharing your data with third parties, we provide sufficient contractual guarantees that such a third party uses the personal data in accordance with legal requirements and exclusively in our interest.

If the technology contains links to third-party websites, LATESTA AG no longer has any influence on the collection, processing, storage, or use of personal data by the third party after clicking on these links and assumes no responsibility.

Transfer of personal data abroad

LATESTA AG is entitled to transfer your personal data to third parties (contracted service providers) abroad if this is necessary for the data processing described in this privacy policy. They are obliged to data protection to the same extent as we are. If the level of data protection in one country does not correspond with Swiss or the European standards, we contractually ensure that the protection of your personal data corresponds to that in Switzerland or the EU at all times.

For reasons of completeness, we would like to point out that in the USA there are surveillance measures by US authorities which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without differentiation, limitation or exception on the basis of the objective pursued and without an objective criterion that would allow the US authorities to restrict access to the data and subsequent use to very specific, strictly limited purposes that could justify the interference associated with both access to and use of the data. In addition, we would like to point out that in the USA there are no legal remedies available for the data subjects from Switzerland that would allow them to gain access to the data concerning them and to obtain its correction or deletion, or that there is no effective legal protection against general access rights of US authorities. We explicitly draw the attention of the data subject to this legal and factual situation in order to make an informed decision to consent to the use of his/her data. We also draw users' attention to the fact that both Switzerland and the European Union believe that the USA does not have an adequate level of data protection, partly because of the issues mentioned in this section. Where we have explained in this Privacy Statement that recipients of data (such as Google, Facebook or Twitter) are located in the United States, we will ensure that your data is protected at an appropriate level by our partners either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU-US or Swiss US Privacy Shield.

Data Security

We use appropriate technical and organisational security measures to protect your stored personal data against manipulation, partial or total loss, and against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments. You should always keep your information confidential and close the browser window when you stop communicating with us, especially if you share the computer with others. We also take corporate privacy very seriously. We have obliged our employees and the service companies commissioned by us to secrecy and to comply with data protection regulations.


We use cookies in our technology. Cookies help in many ways to make your visit to our website more accessible, enjoyable, and meaningful. Cookies are information files that your web browser automatically saves to your computer’s hard drive when you visit our website.

Session cookies are used during access to our website (e.g. the online shop) to assign information stored on the server side for each access clearly to you or your internet browser (e.g. so that the shopping cart content is not lost). Session cookies are deleted after closing your Internet browser. Permanent cookies are used to save your default settings (e.g. preferred language) over several independent accesses to our website, i.e. even after closing your Internet browser, or to enable automatic login. Permanent cookies are deleted according to the setting of your Internet browser (e.g. one month after the last visit). By using our website as well as the corresponding functions (e.g. language choice or autologin), you consent to the use of permanent cookies.

Cookies neither damage the hard disk of your computer nor is personal data of the user transmitted to us by these cookies. For example, we use cookies to better tailor information, offers, and advertising to your individual interests. The use does not mean that we receive new personal information about you as an online visitor. Most internet browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or you are always notified when you receive a new cookie. The deactivation of cookies may mean that you cannot use all functions of our website. 

Tracking Tools

On our website, we use so-called tracking tools. These tracking tools will monitor your browsing behaviour on our website. This observation is made for the purpose of the needs-based design and continuous optimisation of our website. In this context, pseudonymized usage profiles are created and small text files stored on your computer (“cookies”).

For this purpose, third-party entrepreneurs can also use permanent cookies, pixel tags, or similar technologies. The third-party entrepreneur does not receive any personal data from us but can track your use of our website, combine this information with data from other websites that you have visited and are also tracked by the third-party entrepreneur, and use these findings for their own purposes (e.g. advertising). The processing of your personal data by the third-party entrepreneur then takes place in the responsibility of the service provider according to its data protection regulations.

The following tracking tools are used:

Google Analytics

Google Analytics is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use Google Analytics on our website in order to create anonymous evaluations of website usage. A cookie is set, and the session’s log data is sent to Google.

Automated decision making / profiling

We (or third parties commissioned by us) generally do not make automated decisions that affect your personal information or unlawfully affect or otherwise significantly affect you.

Legal basis for processing

The legal basis for the processing of personal data by us is generally laid down in Article 13 (2) (a) of the DSG and Article 13 (1) DSG. In cases where we wish to refuse to conclude contracts with data subjects in the future due to abuse, default, or similar legitimate reasons, we reserve the right, based on Article 13 (1) of the DSG to keep name, first name, address, and email address of a data subject as well as the personal data on the circumstances for the sake of our own interest. Processing of your personal data by other affiliates is also based on Article 13 (1) of the DSG.

Your Rights

Upon request, we provide information to each data subject as to whether and, if so, which personal data is being processed about them (right to confirmation, right to information). At your request:

  • We waive all or part of the processing of personal data (right to revoke your consent to the processing of non-essential personal data, right “to be forgotten”). Your request to be forgotten will be shared with third parties we have previously shared your personal information with.
  • We correct the corresponding personal data (right to rectify incorrect data).
  • We restrict the processing of the relevant personal data (right to restriction of processing, in which case we will only save your personal data or use it to protect our legal rights or to protect the rights of another person).
  • You will receive the relevant personal data in a structured, common and machine-readable format (right to data portability).

To make such a request to exercise any of the rights described in this section, such as when you no longer wish to receive email newsletters or to cancel your account, use the feature on our website or contact our Privacy Officer/or point of contact as stated at the beginning of this Privacy Policy. If we fail to comply with a request, we will inform you of the reasons for doing so. For example, we may, in a legally permissible manner, deny deletion if your personal data is still needed for the original purposes (for example, if you still receive a service from us) if the processing is based on a compelling legal basis (for example, legal accounting rules) or if we have an overriding interest (such as in the case of litigation against the data subject). If we assert an overriding interest in the processing of personal data, you have the right to object to the processing, provided that your particular situation leads to a different balance of interests compared to other data subjects (right to object). For example, this could be the case if you are a person in the public eye or the processing causes the risk that you will be harmed by a third party. If you are not satisfied with our response to your request, you have the right to lodge a complaint with a competent regulatory authority, for example in your country of residence or at the registered office of LATESTA AG (right to complain).

Storage of Data

We only process personal data for as long as necessary for the purpose or as required by law. If you have set up an account with us, we will store the specified master data without restriction. However, you can request the deletion of the account at any time (see heading “Your Rights”). We will delete the master data unless we are required by law to retain it. In the case of an order without an account, your master data will be deleted after the expiration of the guarantee period or the end of the service insofar as we are not obliged by law to retain it. This deletion can be carried out immediately or in the course of periodically carried out deletion runs.

Contract data, which may also include personal data, will be kept by us until the expiry of the statutory retention period of 10 years. Data retention obligations arise, among other things, from accounting regulations and tax regulations as well as the obligation to retain electronic communications. As far as we no longer need this data to carry out the services for you, the data will be blocked. This means that the data may then only be used for accounting purposes and tax purposes.

If we wish to refuse further business contacts with a data subject due to abuse, payment default, or other legitimate reasons, we will retain the corresponding personal data for a period of five years or, in the event of a recurrence, for ten years.

Possibility to Opt-out/Opt-in

If you do not agree with the fact that we evaluate your use data, you can switch this off. The tracking is switched off by placing a so-called "Opt-Out Cookie" on your system. If you delete all of your cookies once, you should note that the opt-out cookie will also be lost and may have to be renewed.

Please note that the list below is a list of opt-out options that sometimes includes trackers used by our partners that are not necessarily used on the website:

  • Browser Add on to disable Google Analytics.
  • Disabling the DoubleClick cookie
  • Disabling Quandcast targeting
  • Disable AddThis Targeting
  • Opt-Out for IntelliAd Targeting

A good way to configure a large number of cookies can be found at or at or install the browser extension Ghostery, which is available for every common browser.

Final Provisions

Should individual parts of this privacy policy be ineffective, this does not affect the validity of the remaining privacy policy. Due to the further development of our website and offers or due to changed legal or regulatory requirements, it may be necessary to change this privacy policy. The current privacy policy is published on our website.

This page was last modified on 01.06.2019. If you have any questions or comments about our legal notices or data protection, please contact us at

 Privacy policy for PayPal as payment method

The person in power has integrated components from PayPal on this website. PayPal is an online payment service provider. Payments are made through so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal has the ability to process virtual payments through credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also takes on trustee functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the data subject selects "PayPal" as a payment option during the ordering process in our online shop, data of the data subject will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data required for the payment transaction.

The personal data transmitted to PayPal are usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data required for payment transaction. Personal data, which are in connection with the respective order, are also necessary for the execution of the purchase contract.

The purpose of the transmission of the data is payment transaction and fraud prevention. The person in power will provide PayPal with personally identifiable information, in particular if there is a legitimate interest in the transfer. Personal data exchanged between PayPal and the person in power may be transmitted by PayPal to credit reporting agencies. This transmission aims at the identity and credit check.

PayPal may disclose personal information to affiliates and service providers or subcontractors, to the extent necessary to fulfil the contractual obligations or to process the data on behalf of the customer.

The data subject has the option to revoke the consent to the handling of personal data against PayPal at any time. A revocation has no effect on personal data that must be processed, used or transmitted for (contractual) payment processing.

PayPal's applicable privacy policy is available at

 Shopify Privacy Policy

What information does Shopify collect from merchants’ customers and why?

Shopify collects the merchants’ customers’ name, email, shipping and billing address, payment details, company name, phone number, IP address, information about orders you initiate, information about the Shopify-supported merchant stores that you visit, and information about the device and browser you use.

  • Shopify uses this information to provide the merchants with the Services, including supporting and processing orders, risk and fraud screening, authentication, and payments. Shopify also uses this information to improve the Services.

Shopify uses some of the personal information you provide to conduct some level of automated decision-making - for example, Shopify uses certain personal information (for example, IP addresses or payment information) to automatically block certain potentially fraudulent transactions for a short period of time.

When does Shopify collect this information?

Shopify collects this information when you use or access a store that uses our Services, such as when you visit a merchant’s site, place an order or sign up for an account on a merchant’s site. 

Additionally, Shopify partners with third parties who provide Shopify information about merchants’ customers, for example to help screen out merchants associated with fraud.

When and why does Shopify share this information with third parties?

Shopify works with a variety of third parties and service providers to help provide the merchants with the Services and therefore may share personal information with them to support these efforts.

Shopify may also share your information under the following circumstances:

  • to prevent, investigate, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service or any other agreement related to the Services, or as otherwise required by law.
  • If the merchant whose store you visit or access directs us to transfer this information (for example, if they enable a third-party app that accesses customer personal information).
  • to conform to legal requirements, or to respond to lawful court orders, subpoenas, warrants, or other requests by public authorities (including to meet national security or law enforcement requirements).

Personal information may also be shared with a company that acquires the Shopify business or the business of a merchant whose store you visit or access, whether through merger, acquisition, bankruptcy, dissolution, reorganization, or other similar transaction or proceeding.

Shopify is responsible for all onward transfers of personal information to third parties in accordance with the EU-U.S. Privacy Shield Framework, the Swiss-U.S. Privacy Shield Framework, and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).