SPOTLIO Privacy Statement

Last Modified: September 15, 2021

We are committed to protecting your personal data and your right to privacy. Please read our Privacy Statement carefully as it will help you make informed decisions about sharing your personal data with us. If you have any questions or concerns about our Statement or our practices with regards to your Personal Data, please contact us.


1. General; Contact Information

Our Privacy Statement explains the information we collect, how we use and share it, how to manage your privacy controls and your rights in connection with our Services. It complies with Swiss and European Union (“EU”) laws as well as with the United States (“US”) – EU Safe Harbour Privacy Principles and the US – Swiss Safe Harbour Privacy Principle as set forth by the US Department of Commerce regarding the collection, use and retention of data from the EU and Switzerland respectively.

Spotlio AG

Via dal Bagn 3, 7500 St. Moritz, Switzerland

Phone: +41 445 051 877

Data Protection Officer: Urs P. Grimm, CFO at Spotlio AG

Please also read our Terms of Service which sets out the terms governing the Services.

2. Information We Collect

As a User, you can browse our public Services without being required to provide us with any personal data.

We only ask for personal information when we truly need it to provide a service to you. We collect it by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used.

We collect your personal data when:

  • You’re giving us consent by registering or signing in as a Services owner or as a Services user. Both of them referred to as “Registered User”;
  • The data processing is necessary for the performance of a contract in which the Registered User is a participant or necessary in order to take steps (requested by the Registered User) prior to entering the contract;
  • The processing is necessary for fulfilling a legal obligation to which the Data Controller is subject;
  • The processing is necessary for protecting the vital interests of the Users or of another person;
  • The processing is necessary for performing a task carried out in the interest of the public or as contained under the official authority given to the Data Controller;
  • The processing is necessary for the legitimate interests of the Data Controller or third party, except where overridden by the interests, rights and freedoms of the Users, in particular where the User is a child.

Generally, you control the amount and type of personal and sensitive information you provide to us when using our Services. The personal data that we collect depends on the context of your interaction with our Services and SPOTLIO, the choices you make and the products and features you use. You are free to refuse our request for your personal information, with the understanding that we may be unable to provide you with some of your desired services.

The personal data we collect can include the following:

  • Name, Email Address and Contact Data
  • Payment Information. If you choose to buy something through our Services, we collect payment information through our payment processor. All payment information is securely stored by our payment processor and we do not have access to your sensitive information, such as credit card number or security code.
  • Business Information. If you choose to use our Services as a Registered User, we may ask for specific information related to your business and preferences in order to customize our Services and/or create communications and promotions.

Other sensitive user data that we can ask you for permission to collect includes:

  • Authentication information
  • Phonebook
  • Contacts
  • SMS
  • Call related data
  • Microphone
  • Camera
  • Device location including background mode
  • Device movement

Your continued use of one or several of our Services will be regarded as acceptance of our practices around privacy and personal information.

3. Automatically Collected Information

When you use our Services, we may ask you for consent to automatically collect certain computer information by the interaction of your mobile phone or web browser with our Services. Such information is typically considered non-personal data. We also collect the following:


To make our Services work properly, we sometimes place small data files called “Cookies” on your computer or mobile device. We use Cookies to personalize the content that you see by using our Services. It enables our Services to remember your actions and preferences (such as login, language, font size and other display preferences, given consent to place Cookies and/or collect personal data) over a period of time so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another. We never place personally identifiable information in Cookies. The Cookies are not used for any purpose other than those described here.

Most web browsers can be set to disable the use of Cookies. You can control and/or delete cookies as you wish – for details, see You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. However, if you disable Cookies, you may not be able to access functionality on our Services correctly or at all.

Third Party Tracking Tools

We also use third party tracking tools to improve the performance and features of our Services. These third party tracking tools are designed to collect only non-personal data about your use of our Services. However, you understand that such tools can be created and managed by parties outside our direct control. SPOTLIO ensures that such third parties comply with Privacy Statement rules described here.

Log Information

We can automatically receive information from your web browser or mobile device. This information includes the name of the website from which you entered our Services, if any, as well as the name of the website to which you headed when you left our Services. This information also includes the IP address of the computer/proxy server that you use to access the internet, your internet website provider name, web browser type, type of mobile device and computer operating system as well as GPS data. We use all of this information to analyze trends among our Users to help improve our Services and help our customers understand their audience better.

Data Aggregation

We retain the right to collect and use any non-personal data collected from your use of our Services and aggregate such data for internal analytics that improve our Services as well as for use or resale to others. At no time is your personal data included in such data aggregations.

4. How and Why We Use Your Personal Data

We use the personal data we receive from you as follows:

  • To allow you to create a profile as an End User or as a Participant. We use your information to create your profile and grant secure access.
  • To customize our Services for your experience. We may use the information you provide to us along with any digital information we receive to customize our Services.

5. Transfer Of Your Personal Data

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Statement and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your personal data.

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

6. Disclosure Of Your Personal Data

Under certain circumstances, we may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

If we are involved in a merger, acquisition or asset sale your personal data may be transferred. We will provide notice before your personal data is transferred and becomes subject to a different Privacy Statement.

7. Retention Of Your Personal Data

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

8. Your Rights Under General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area EEA, you have certain data protection rights. In certain circumstances, you have the following data protection rights:

  • The right to access, update or delete the personal data we have on you
  • The right of rectification
  • The right to object
  • The right of restriction
  • The right to data portability
  • The right to withdraw consent

If you wish to exercise any of these rights, please contact SPOTLIO by clicking here.

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and/or use of your personal data. For more information, please contact your local data protection authority in the European Economic Area EEA.

9. Service Providers

We employ third party companies and individuals to facilitate our Services (“Service Providers”), to provide our Services on our behalf, to perform Services-related services or to assist us in analyzing how our Services are used. These third-parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.


Google, Apple and Facebook Analytics are analytics services offered by the respective companies that track and report traffic with our Services. These analytic services use the data collected to track and monitor the use of our Services. The collected non personal data is shared with other services. The analytics providers may use the collected data to contextualize and personalize the ads of its own advertising networks.

You can opt-out of having your activity on the Service made available to the analytics providers by installing the Analytics opt-out add-ons in your browser if available. These add-ons prevent the Analytics Providers from sharing information about visit activities.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page:

For more information on the privacy practices of Facebook, please visit the Facebook Privacy & Terms web page:

For more information on the privacy practices of Apple, please visit the Apple Privacy & Terms web page:

Payments Processors

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal data is governed by their Privacy Statement. These payment processors adhere to the standards set by PCIDSS as managed by the PCI Security Standards Council.

If SPOTLIO provides paid products through our Services, we use third-party services for payment processing (e.g. Stripe, Paypal).

10. Protecting Your Child’s Privacy

Our Services are not designed for use by anyone under the age of 13 (“Child”), though we realize we may have a Child attempt to make purchases through our Services. We do not verify the age of our Users nor do we have any liability for verifying a User’s age. If you are a Child, please seek the permission of a parent or guardian before using our Services. If you are a parent or guardian and believe your Child is using our Services, please contact us to remove your Child’s account; we reserve the right to ask you for verification of your relationship to the Child before we honor such a request. If we discover that a Child has created an account on our Services, we will immediately delete the account as soon as we discover it; we will not use the information for any purpose and we will not disclose the information to third parties. However, as a parent of such a Child, you understand that you are legally liable for any transactions created by the Child.

11. Links to Third-Party Services

Our Services may contain links to or call other services that are not under our direct control. These services may have their own policies regarding privacy. We have no control of or responsibility for linked services. We provide these links solely for the convenience and information of our users. You access such linked services at your own risk. These services are not subject to this Privacy Statement. You should check the privacy policies, if any, of those individual services to see how the operators of those third-party services will utilize your personal data in case there is such data.

12. Our Email Policy

Our affiliates and SPOTLIO fully comply with national and international laws regarding SPAM. You can always opt out of receipt of further optional email correspondence from us and/or our affiliates. We agree that we will not sell, rent, or trade your email address to any unaffiliated third-party without your permission.

13. Updates to the Privacy Statement

We reserve the right to modify this Privacy Statement at any time. If we make material changes to this Statement, we may notify you on our Services by a pop-up window, by a blog post, by email or by any method we determine. The method we chose is at our sole discretion. We will also change the “Last Updated” date at the beginning of this Privacy Statement. Any changes we make to our Privacy Statement are effective as of this last modified date and replace any prior Privacy Statement.

Want to know more?

Please fill out the form below and we’ll get back to you as soon as possible

    Keep me updated!
    You'll receive emails about the latest trends on tourism digitalization.

    Check our Privacy Statement to learn how carefully we treat your data.