Privacy Policy

A. Cross-channel information

1. Controller and content of this privacy policy

We, Hotel Weissenstein AG (Vorderer Weissenstein 2, CH-4515 Oberdorf SO), are the operator of the Hotel Weissenstein (‘Hotel’) and the website www.hotelweissenstein.ch (hereinafter ‘website’) and, unless stated otherwise, are responsible for the data processing described in this privacy policy.

Please take note of the information below in order to understand what personal data we collect from you and the purposes for which we use it. When it comes to data protection, we adhere primarily to the statutory requirements of Swiss data protection law, particularly the Swiss Federal Act on Data Protection (FADP) and the Ordinance on Data Protection (Data Protection Ordinance, DPO), as well as the EU’s GDPR, the provisions of which may apply in individual cases.

Please note that the following information will be reviewed and changed from time to time. We therefore recommend that you check this privacy policy regularly. Other companies are also responsible or jointly responsible with us under data protection law for the individual data processing operations listed below, so the information provided by these providers is also authoritative in these cases.

2. Contact person for data protection

If you have any questions about data protection or would like to exercise your rights, please get in touch with our contact person for data protection by sending an e-mail to the following address:

hc.nietsnessiewletoh@letoh

3. Your rights

If the legal requirements are met, you as the data subject have the following rights:

  • Right of access: If we have processed it, you have the right to request access to your personal data being stored by us at any time, free of charge. This will give you the opportunity to check which personal data we are processing about you and to make sure that we are using it in accordance with the applicable data protection regulations.
  • Right to rectification: You have the right to have incorrect or incomplete personal data rectified and to be informed about the rectification. In this case, we will inform the recipients of the data concerned about the adjustments made, unless this is impossible or involves disproportionate effort.
  • Right to erasure: Under certain circumstances, you have the right to have your personal data erased. The right to erasure may be excluded in individual cases, particularly in the case of statutory retention obligations. In this case, under certain conditions, the data may be blocked instead of erased.
  • Right to restriction of processing: You have the right to request that the processing of your personal data be restricted.
  • Right to data transfer: You have the right to receive from us the personal data that you have provided to us, free of charge, in a readable format.
  • Right to object: You may object to data processing at any time, particularly for data processing in connection with direct marketing (e.g. promotional emails).
  • Right of withdrawal: In principle, you have the right to withdraw your consent at any time. However, processing activities based on your consent given in the past will not become unlawful if you withdraw your consent.
  • To exercise these rights, please send us an e-mail to the following address: hc.nietsnessiewletoh@letoh
  • Right to lodge a complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g. about the way in which your personal data is processed.

4. Data security

We use appropriate technical and organisational security measures to protect your personal data stored by us against loss and unlawful processing, in particular unauthorised access by third parties. Our employees and the service companies commissioned by us are obliged to maintain confidentiality and to ensure data protection. Moreover, these persons are only granted access to personal data to the extent necessary for the fulfilment of their duties.

Our website and our other online presence is accessed using transport encryption (SSL/TLS, especially using Hypertext Transfer Protocol Secure, abbreviated to HTTPS). Most browsers warn against visiting websites without transport encryption.

Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the internet and electronic means of communication always involves certain security risks and we, too, cannot guarantee the security of information transmitted in this way.

5. Getting in touch with us

If you contact us via our contact addresses and channels (e.g. by e-mail, telephone or contact form), your personal data will be processed. The data that you have provided to us will be processed, e.g. the name of your company, your name, your position, your e-mail address or telephone number and your request. The date of receipt of the request will also be documented. Mandatory information is marked with an asterisk (*) on contact forms.

We will only process this data to carry out your request (e.g. to provide information about our hotel, to assist with contract processing such as questions about your booking, use of your feedback to improve our service, etc.). The legal basis for this data processing is our legitimate interest within the meaning of Art. 6(1)(f) EU GDPR in the implementation of your request or, if your request is aimed at the conclusion or execution of a contract, the need to take the necessary measures within the meaning of Art. 6(1)(b) EU GDPR.

6. Use of your data for marketing purposes

6.1 Central data storage and analysis in the CRM system
If it is possible to clearly identify your person, we will store and link the data described in this privacy policy, i.e. particularly your personal details, your contact details, your contract data and your surfing behaviour on our websites, in a central database. This will help customer data to be managed efficiently, allow us to respond to your request appropriately, and enable the efficient provision of the services requested by you and processing of the related contracts. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6(1)(f) EU GDPR in the efficient management of user data.

We will evaluate this data in order to further develop our offers in line with your needs and to display and suggest to you the most relevant information and offers possible. We will also use methods that predict possible interests and future orders based on your use of the website. The legal basis for this data processing is our legitimate interest in carrying out marketing measures within the meaning of Art. 6(1)(f) EU GDPR.

6.2 E-mail marketing and newsletters
If you register for our e-mail newsletter (e.g. when you open or from within your customer account), the following data will be collected. Mandatory information is marked with an asterisk (*) on the registration form:

  • E-mail address
  • Form of address
  • First name and surname

To avoid misuse and to ensure that the owner of an e-mail address has actually given their consent, we rely on the so-called double opt-in for registration. After submitting your registration, you will receive an e-mail from us containing a confirmation link. To finalise your subscription to the newsletter, you need to click on this link. If you do not click on the confirmation link within the specified period, your data will be deleted and our newsletter will not be sent to this address.

By registering, you consent to the processing of this data in order to receive news from us about our hotel and related information about products and services. This may also include invitations to participate in competitions or to review one of the aforementioned products and services. Collection of your form of address and name allows us to verify the assignment of the registration to a potentially already existing customer account and to personalise the content of the e-mails. Linking to a customer account helps us to make the offers and content contained in the newsletter more relevant to you and better tailor them to your potential needs.

We will use your data for sending e-mails until you withdraw your consent. You can withdraw your consent at any time, especially via the unsubscribe link in all of our marketing e-mails.

Our marketing e-mails may contain a so-called web beacon or 1×1 pixel (tracking pixel) or similar technical aids. A web beacon is an invisible graphic that is linked to the user ID of the respective newsletter subscriber. For each marketing e-mail sent, we receive information about which addresses have not yet received the e-mail, which addresses it has been sent to and which addresses have failed. It also shows which addresses opened the e-mail, for how long and which links they clicked on. Finally, we also receive information about which addresses have unsubscribed. We use this information for statistical purposes and to optimise promotional e-mails in terms of frequency, timing, structure and content of the e-mails. This allows us to tailor the information and offers in our e-mails better to the individual interests of the recipients.

The web beacon will be deleted when you delete the e-mail. To prevent use of the web beacon in our marketing e-mails, please set the parameters of your e-mail program so that HTML is not displayed in messages, if this is not already the case by default. You can find information about how to configure this setting in the help sections of your e-mail software, e.g. here for Microsoft Outlook.

By subscribing to the newsletter, you also consent to the statistical evaluation of user behaviour for the purpose of optimising and adapting the newsletter. This consent constitutes our legal basis for the processing of data within the meaning of Art. 6(1)(a) EU GDPR.

We send notifications and messages with the help of specialised service providers.

In particular, we use:

Mailchimp: communication platform. Provider: The Rocket Science Group LLC DBA Mailchimp (USA) as a subsidiary of Intuit Inc. (USA). Data protection information: Privacy Statement (Intuit) including ‘Country and Region-Specific Terms,’ ‘Mailchimp Privacy FAQs’, ‘Mailchimp and European Data Transfers’, ‘Security’, Cookie Statement, ‘Privacy Rights Requests’, ‘Legal policies’.

6.3 Audio and video conferencing
We use specialised audio and video conferencing services to communicate online. We can use these to hold virtual meetings, for example, or conduct online lessons and webinars. Participation in audio and video conferences is also subject to the legal texts of the individual services, such as privacy policies and terms of use.

Depending on your living situation, we recommend that you mute the microphone as standard when attending audio or video conferences and blur the background or display a virtual background.

In particular, we use:

7. Disclosure to and access by third parties

We would not be able to provide our services in the desired form without the support of other companies. For us to be able to use the services of these companies, it is also necessary to pass on your personal data to a certain extent. Such data will be passed on to the extent necessary for the fulfilment of the contract requested by you, e.g. to restaurants or other third-party providers for which you have made a reservation. The legal basis for these transfers is necessary for the fulfilment of the contract within the meaning of Art. 6(1)(b) EU GDPR.

Data will also be passed on to selected service providers, but only to the extent necessary for the provision of the service. Various third-party service providers are already explicitly mentioned in this privacy policy, e.g. in the sections on marketing. This includes, for example, IT service providers (such as providers of software solutions), advertising agencies, consulting firms. We also transmit your data to affiliated companies of the Group (see Legal Notice). The legal basis for this data transfer is our legitimate interest within the meaning of Art. 6(1)(f) EU GDPR in the purchase of third-party services.

Your data may also be passed on, particularly to authorities, legal advisers or debt collection agencies, if we are legally obliged to do so or if this is necessary to protect our rights, in particular to enforce claims arising from the relationship with you. Data may also be passed on if another company intends to acquire our company or parts of it and such disclosure is necessary to conduct a due diligence review or to complete the transaction. The legal basis for this data transfer is our legitimate interest within the meaning of Art. 6(1)(f) EU GDPR in safeguarding our rights and complying with our obligations or in selling our company.

8. Transfer of personal data abroad

We are also entitled to transfer your personal data to third parties abroad if this is necessary to carry out the data processing described in this privacy policy. It goes without saying that the legal provisions regarding the disclosure of personal data to third parties will be complied with. If the country in question does not have an adequate level of data protection, we guarantee through contractual provisions that your data will be adequately protected by these companies.

9. Retention periods

We will only store personal data for as long as is necessary to carry out the processing described in this privacy policy in the context of our legitimate interest. For contractual data, storage is prescribed via statutory retention obligations. Requirements that oblige us to retain data arise from accounting provisions and tax regulations. According to these regulations, business communications, concluded contracts and accounting documents in particular must be retained for up to 10 years. If we no longer need this data to perform our services for you, the data will be blocked. This means that the data may only be used if this is necessary to fulfil retention obligations or to defend and enforce our legal interests. The data will be erased as soon as there is no retention obligation and a legitimate interest in retaining it no longer exists.

B. Special information for our website

10. Log file data

When you visit our website, the servers of our hosting provider Novatrend Services GmbH
Bahnhofstrasse 18
6340 Baar, Switzerland
Data protection information: Data protection

temporarily store each access in a log file. The following data will be collected without your intervention and stored by us until it is automatically deleted:

  • the IP address of the requesting computer,
  • the date and time of the access,
  • the name and URL of the retrieved file,
  • the website from which the access originated, including any search term used,
  • the operating system of your computer and the browser you use (incl. type, version and language setting),
  • the device type in the case of access by mobile phones,
  • the city or region from which the access originated,
  • the name of your internet access provider.

This data is collected and processed for the purpose of enabling the use of our website (establishing a connection), ensuring the long-term security and stability of the system as well as for analysing errors and performance and enabling us to optimise our website.

In the event of an attack on the website’s network infrastructure or in the event of other suspected unauthorised or improper use of the website, the IP address and the other data will be evaluated for clarification and defence purposes and, if necessary, used in the context of criminal proceedings for identification and for civil and criminal proceedings against the users concerned.

The aforementioned purposes constitute our legitimate interest in data processing within the meaning of Art. 6(1)(f) EU GDPR.

Finally, when you visit our website, we use cookies as well as applications and tools based on the use of cookies. The data described here may also be processed in this context. Further information can be found in the subsequent sections of this privacy policy.

11. Cookies

Cookies are information files that your web browser stores on your computer’s hard drive or main memory when you visit our website. Cookies are assigned identification numbers that identify your browser and allow the information contained in the cookie to be read.

Among other things, cookies help to make your visit to our website easier, more pleasant and more meaningful. We use cookies for various purposes that are necessary for your desired use of the website, i.e. ‘technically necessary’. For example, we use cookies to be able to identify you as a registered user after logging in, saving you from having to log in again each time you browse the different subpages. Provision of the shopping basket and ordering functions are also based on the use of cookies. Cookies also perform other technical functions required for the operation of the website, such as load balancing, i.e. the distribution of the website’s workload to different web servers in order to relieve the strain on the servers. Cookies are also used for security purposes, such as preventing the unauthorised posting of content. Finally, we also use cookies as part of the design and programming of our website, e.g. to enable the uploading of scripts or codes.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6(1)(f) EU GDPR in providing a user-friendly and up-to-date website.

Most internet browsers accept cookies automatically. However, when you access our website, we ask for your consent to cookies we use that are not technically necessary, particularly when using third-party cookies for marketing purposes. You can adjust your desired settings using the corresponding buttons in the cookie banner. Details of the services and data processing associated with individual cookies can be found in the cookie banner and in the subsequent sections of this privacy policy.

You may also be able to configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie.

In the case of cookies used to measure success and reach or for advertising, a general opt-out is possible for many services via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

Deactivating cookies may result in your not being able to use all the features of our website.

12. Tracking and web analysis tools

12.1 General information about tracking
We use the web analytics services listed below for the purpose of designing our website in line with customers’ needs and continuously optimising it. In this context, pseudonymised user profiles are created and cookies are used. The information generated by the cookie about your use of this website is usually transmitted together with the log file data listed in Section B-10 to the service provider’s server, then stored and processed there.This may also result in transmission to servers abroad, e.g. in the USA.

When the data is processed, we receive the following information, amongst other things:

  • navigation path that a visitor uses on the website (including content viewed and selected or products purchased or services booked),
  • length of time spent on the website or sub-page,
  • the subpage from which you leave the website,
  • the country, region or city from which the access is made,
  • end device (type, version, colour depth, resolution, width and height of browser window) and
  • returning or new visitor.

The provider will use this information on our behalf to evaluate the use of the website, to compile reports on website activities for us and to provide other services related to website and internet usage for the purposes of market research and needs-based design of these websites. For this processing, we and the provider may, to a certain extent, be regarded as joint Controllers under data protection law.

The legal basis for this data processing using the following tools is your consent within the meaning of Art. 6(1)(a) EU GDPR. You may withdraw your consent or refuse the processing at any time by rejecting or deactivating the relevant cookies in your web browser’s settings or by taking advantage of the service-specific options described below.

For the further processing of the data by the respective provider as (sole) Controller under data protection law, in particular any forwarding of this information to third parties such as authorities on the basis of national legal provisions, please check the privacy policy of the respective provider.

12.2 Google Analytics and Google Tag Manager
We use the web analysis service Google Analytics and Google Tag Manager provided by Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (‘Google’).

The data described about the use of the website may be transmitted to the servers of Google LLC. in the USA for the processing purposes explained. The IP address will be shortened by activating IP anonymisation (‘anonymizeIP’) on this website before transmission within the Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

  • Google Analytics: Measurement of success and reach. Provider: Google. Google Analytics-specific information: Measurement also across different browsers and devices (cross-device tracking) and with pseudonymised Internet Protocol (IP) addresses, which are only transmitted in full to Google in the USA in exceptional cases, ‘Privacy’, ‘Google Analytics Opt-Out Browser Add-On’.
  • Google Tag Manager: Integration and management of other services for measuring performance and reach as well as other services from Google and third parties; Provider: Google; Google Tag Manager-specific information: ‘Data collected by Google Tag Manager’; further information about data protection can be found under the individual integrated and managed services.

13. Social media

We have included links on our website to our profiles on the social networks of the following providers:

  • Meta Platforms Inc., 1601 S California Ave, Palo Alto, CA 94304, USA; Privacy Policy,
  • Instagram Inc. 1601 Willow Road, Menlo Park, CA 94025, USA; Privacy Policy (Instagram)
  • LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland. Data protection information is available here.

If you click on the social network icons, you will be redirected automatically to our profile on the respective network. A direct connection will then be established between your browser and the server of the respective social network. As a result, the network will receive the information that you have visited our website from your IP address and clicked on the link.

If you click on a link to a network while you are logged into your user account for that network, the content of our website may be linked to your profile so that the network can directly associate your visit to our website with your account. If you want to prevent this, you should log out before clicking on the corresponding links. A connection between your access to our website and your user account will always be made if you log in to the respective network after clicking on the link. The respective provider will be the Controller under data protection law for the associated data processing. Please therefore check the information on the network’s website.

The legal basis for any data processing attributed to us is our legitimate interest in the use and advertising of our social media profiles within the meaning of Art. 6(1)(f) EU GDPR.

14. Online advertising and targeting

14.1 General
We use the services of various companies to provide you with interesting offers online. Your user behaviour on our website and the websites of other providers is analysed in order to be able to show you individually tailored online advertising.

Most technologies used for tracking your user behaviour (‘tracking’) and for the targeted display of advertising (‘targeting’) work with cookies that allow your browser to be recognised across different websites. Depending on the service provider, it may also be possible for you to be recognised online even when using different end devices (e.g. laptop and smartphone). This may be the case, for example, if you have registered for a service that you use on multiple devices.

In addition to the data already mentioned, which is generated when websites are accessed (‘log file data’, see Section B-10) and when cookies are used (Section B-11) and which may be sent to the companies participating in the advertising networks, the following data is included in selecting advertising that is potentially most relevant to you:

  • Personal information that you provided when registering or using an advertising partner’s service (e.g. your gender, age group);
  • User behaviour (e.g. search queries, interactions with adverts, types of websites visited, products or services viewed and purchased, newsletters subscribed to).

We and our service providers use this data to determine whether you belong to the target group we are addressing and take this into account when selecting advertisements. For example, after you have visited our website, when you access other websites, you may be shown advertisements for the products or services you have consulted (‘re-targeting’). Depending on the amount of data, a user profile may also be created, which is automatically evaluated, and the ads are then selected based on the information stored in the profile, such as membership of certain demographic segments or potential interests or behaviours. In addition to our website or app (in the context of on-site and in-app marketing), these advertisements may also be presented to you on various other channels, including via the online advertising networks used by us, such as Google.

The data can then be evaluated for the purpose of billing the service provider and also to assess the effectiveness of advertising measures in order to better understand the needs of our users and customers and to improve future campaigns. This may also include information to show that the performance of an action (e.g. visiting certain sections of our websites or sending information) is attributable to a specific advertisement. We also receive aggregated reports of advert activity from service providers and information about how users interact with our website and adverts.

The legal basis for this data processing is your consent within the meaning of Art. 6(1)(a) EU GDPR. You can withdraw your consent at any time by rejecting or deactivating the relevant cookies in the settings of your web browser. Further options for blocking advertising can also be found in the information provided by the respective service provider, such as Google.

14.2 Google Ads
This website uses the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’) for online advertising. Google uses cookies for this purpose, such as the DoubleClick cookie, which enables your browser to be recognised when you visit other websites. The information generated by the cookies about your visit to these websites (including your IP address) is transmitted to a Google server in the USA and stored there. Further information about data privacy at Google can be found here.

The legal basis for this data processing is your consent within the meaning of Art. 6(1)(a) EU GDPR. You can withdraw your consent at any time by rejecting or deactivating the relevant cookies in the settings of your web browser. You can find further ways to block advertising here.

In particular, we use:

Google Ads: search engine advertising. Provider: Google. Google Ads-specific information: advertising based on search queries, among other things, using different domain names – particularly doubleclick.net, googleadservices.com and googlesyndication.com – for Google Ads, ‘Advertising’ (Google), ‘Why am I seeing a specific advertisement?’

14.3 Social media ads

We use the opportunity to display targeted advertising for our activities and operations via third parties, such as social media platforms and search engines.

We particularly want to use this kind of advertising to reach people who are already interested in our activities and operations or who might be interested in them (remarketing and targeting). For this purpose, we may transmit relevant – possibly also personal – information to third parties who enable advertising of this kind. We can also determine whether our advertising is successful, i.e. in particular whether it leads to visits to our website (conversion tracking).

Third parties we advertise with and where you are registered as a user may associate your use of our website with your profile there.

In particular, we use:

15. Registration for a customer account

If you open a customer account on our website, we will collect the following data. Mandatory information is marked with an asterisk (*) on the relevant form:

Personal details:

  • Form of address
  • Surname
  • First name
  • Billing address and, if applicable, delivery address
  • Date of birth
  • Company name, company address and VAT ID no. for corporate customers
  • Login details:
  • E-mail address
  • Password
  • Further information:
  • Languages
  • Gender

We will use the personal details to establish your identity and verify the requirements for registration. Together, the e-mail address and password serve as login details and thereby ensure that the right person is using the website under your information. We also need your e-mail address to verify and confirm the opening of the account and for any future communication with you required for contract processing. This data will also be stored in the customer account for future bookings and/or conclusion of contracts. For this reason, we also enable you to save further details in the account (e.g. your preferred payment method).

We will also use the data to provide an overview of the products ordered and bookings made and as a simple way to manage your personal data, to administer our website and contractual relationships, i.e. to establish, structure, process and change the contracts concluded with you via your customer account (e.g. in connection with your booking with us).

We will process the information about language and gender in order to show you offers on the website that are tailored to your profile or personal needs in the best possible way, to collect statistics and evaluate the selected offers and thereby optimise our suggestions and offers.

The legal basis for the processing of your data for the above purpose is your consent pursuant to Art. 6(1)(a) EU GDPR. You can withdraw your consent at any time by removing your details from the customer account or by deleting your customer account or by messaging us to have it deleted.

To avoid misuse, you must always treat your login details confidentially and should close the browser window when you have finished communicating with us, especially if you share the computer with other people.

16. Ordering via our online shop

You can order a wide range of products and vouchers on our website. For this purpose, we will collect the following data, with mandatory information marked with an asterisk (*) on the relevant form:

  • Form of address
  • First name
  • Surname
  • Company name
  • Street and house number
  • Additional address details
  • Postcode
  • Town/city
  • Country
  • Telephone number
  • E-mail
  • Payment method
  • Shipping method
  • Yes, I would like to subscribe to your newsletter.
  • I confirm that the information provided is correct and that I have read and accept the GTCs and the Privacy Policy.

We will only use this data and other data voluntarily provided by you in order to fulfil your order according to your wishes. This data will therefore be processed within the meaning of Art. 6(1)(b) EU GDPR for the implementation of pre-contractual measures and the execution of a contract.

In particular, we use: e-guma, voucher & ticketing system. Data protection information: Privacy Policy.

17. Bookings on the website, by correspondence or by phone

If you make bookings or order vouchers either via our website, by correspondence (e-mail or post) or by phone, we will collect the following data. Mandatory information is marked with an asterisk (*) on the relevant form:

  • Form of address
  • First name
  • Surname
  • Street and house no.
  • Postcode
  • Town/city
  • Country
  • Date of birth
  • E-mail address
  • Telephone number
  • Language
  • Credit card information

We will only use this data and other information provided by you voluntarily (e.g. expected arrival time, vehicle number plate, preferences, comments) for the purpose of processing the contract, unless stated otherwise in this privacy policy or unless you have specifically consented to this. We will process the data in particular to record your booking as requested, to provide the services booked, to contact you in the event of any uncertainties or problems and to ensure correct payment. Your credit card details will be deleted automatically after your departure.

The legal basis for data processing for this purpose is the performance of a contract pursuant to Art. 6(1)(b) EU GDPR or your consent pursuant to Art. 6(1)(a) EU GDPR. You can withdraw your consent at any time with effect for the future.

In particular, we use: simpleBooking: booking platform. Data protection information: Privacy Policy

18. Online payment processing

If you make bookings or purchase products on our website for a fee, depending on the product or service and desired payment method, you may need to provide additional information, such as your credit card information or login to your payment service provider. This information, as well as the fact that you have purchased a service from us for the relevant amount and at the time in question, will be forwarded to the respective payment service providers (e.g. payment solution providers, credit card issuers and credit card acquirers). Please therefore always note the information provided by the respective company, in particular their Privacy Policy and General Terms and Conditions. The legal basis for this transfer is the fulfilment of a contract pursuant to Art. 6(1)(b) EU GDPR.

19. Reserving a table

On our website, you have the option of reserving a table at one of the restaurants listed on our website. We will collect the following data for this, with mandatory information marked with an asterisk (*) on the relevant form:

  • First name
  • Surname
  • Number of guests
  • E-mail address
  • Telephone number
  • Comment
  • Date and time of the reservation
  • I accept the GTCs
  • I would like to receive information about special offers and promotions

We will only collect and process the data for the purpose of processing the reservation and particularly to compile your reservation request according to your wishes, to make the reservation and to contact you in case of any uncertainty or problems.

We use a tool from Aleno, Werdstrasse 21, 8004 Zurich, Switzerland, to process reservations. Your information will therefore be stored in an Aleno database, which may allow Aleno to access your information if required to provide the software and to assist in using the software. Data protection information: Privacy policy of the website; specific information about the privacy policy for the aleno restaurant software: aleno restaurant software privacy policy.

The legal basis for the processing of your data for this purpose is the fulfilment of a contract pursuant to Art. 6(1)(b) EU GDPR.

20. Bookings via booking platforms

If you make a booking via a third-party platform (i.e. booking.com, Hotel, Escapio, Expedia, Holidaycheck, Hotel Tonight, HRS, Kayak, Mr & Mrs Smith, Splendia, Tablet Hotels, Tripadvisor, Trivago, Weekend4Two), we will be sent various pieces of personal information by the respective platform operator in connection with the booking made. Any enquiries regarding your booking will also be forwarded to us. We will process this data specifically in order to record your booking as requested and to provide the services booked. The legal basis for data processing for this purpose is the implementation of pre-contractual measures and the fulfilment of a contract pursuant to Art. 6(1)(b) EU GDPR.

Finally, platform operators may notify us of any disputes in connection with a booking. We may also receive information about the booking process, which may include a copy of the booking confirmation as proof of the actual completion of the booking. We will process this data to safeguard and enforce our claims. This is our legitimate interest within the meaning of Art. 6(1)(f) EU GDPR.

Please also note the privacy policy of the respective booking platform.

21. Submission of reviews

In order to help other users in deciding to make a purchase and to support our quality management (especially the processing of negative feedback), you have the opportunity to review your stay with us on our website. The data that you have provided to us will be processed and published on the website, i.e. in addition to your review and its date, possibly also a comment that you have added to your review or the name you have provided.

The legal basis for this data processing is your consent within the meaning of Art. 6(1)(a) EU GDPR.

We reserve the right to delete unlawful reviews and to contact you in the event of any suspicion and ask you to provide a statement. The legal basis for this processing is our legitimate interest within the meaning of Art. 6(1)(f) EU GDPR in providing the comment and review function and in preventing its misuse.

22. Applying for a job vacancy

You have the opportunity to apply to us spontaneously or via an appropriate e-mail address for a specific job advertisement. We will collect the following data for this, with mandatory information marked with an asterisk (*) on the relevant form:

  • First name
  • Surname
  • E-mail address
  • Application documents (e.g. CV, cover letter, references, etc.)

We will use this and other data you provide voluntarily to review your application. Application documents from unsuccessful applicants will be deleted after completion of the application process, unless you explicitly agree to a longer retention period or we are legally obliged to retain them for a longer period.

The legal basis for the processing of your data for this purpose is therefore the execution of a contract (pre-contractual phase) pursuant to Art. 6(1)(b) EU GDPR.

C. Data processing in connection with your stay

23. Data processing to comply with statutory reporting obligations

Upon arrival at our hotel, we may require the following information from you and those accompanying you (mandatory *):

  • First name and surname
  • Postal address and canton
  • Date of birth
  • Nationality
  • Official identification card and number
  • Date of arrival and departure

We collect this information to fulfil statutory reporting obligations, which arise in particular from hospitality and police law. Insofar as we are obliged to do so under the applicable regulations, we will forward this information to the competent police authority.

This data is processed on the basis of a legal obligation within the meaning of Art. 6(1)(c) EU GDPR.

24. Recording of services received

If you make use of additional services during your stay (e.g. wellness, restaurant, activities), the service and the time of use will be recorded by us for billing purposes. The processing of this data is necessary for the fulfilment of the contract with us within the meaning of Art. 6(1)(b) EU GDPR.

25. Video surveillance

To prevent misuse and take action against unlawful conduct (especially theft and damage to property), the entrance area and the public areas of our hotel are monitored by cameras. The image data is only viewed if there is a suspicion of unlawful conduct. Otherwise, the images are automatically deleted after 72 hours.

We rely on a service provider to supply the video surveillance system, who may have access to the data if this is necessary for the provision of the system. If the suspicion of unlawful conduct is substantiated, the data may then be passed on to consulting firms (especially our law firm) and authorities to the extent necessary to enforce claims or to file complaints.

The legal basis is our legitimate interest within the meaning of Art. 6(1)(f) EU GDPR in protecting our property and safeguarding and enforcing our rights.

26. Use of our WiFi network

In our hotel you have the opportunity to enjoy free of charge the Wi-Fi network operated by
Quickline Ltd
Dr Schneider-Strasse 16
2560 Nidau, Switzerland. Prior registration is required to prevent misuse and to take action against unlawful conduct. In registering, you will transmit the following data to Quickline AG:

  •  number
  • IP address of your device and the operating system used

In addition to the above data, data about the hotel visited, including the time, date and device, will be collected each time the WiFi network is used. The legal basis for this processing is your consent within the meaning of Art. 6(1)(a) EU GDPR. The customer may cancel their registration at any time by notifying us of their wish to do so. Data protection information: Privacy Policy.

Quickline AG must comply with the legal obligations of the Federal Act on the Surveillance of Postal and Telecommunications Traffic (SPTA) and the associated ordinance. If the legal requirements are met, the operator of the WiFi must monitor the use of the internet or data traffic on behalf of the competent authority. The operator of the WiFi may also be obliged to disclose the customer’s contact, usage and marginal data to the authorised authorities. The contact, usage and marginal data will be stored for six months and then deleted.

The legal basis for this processing is our legitimate interest within the meaning of Art. 6(1)(f) EU GDPR in the provision of a WiFi network in compliance with the applicable statutory provisions.

27. Payment processing

If you purchase products or services at our hotel or pay for your stay using electronic payment methods, the processing of personal data will be required. By using the payment terminals, you will transmit the information stored in your payment method, such as the name of the cardholder and the card number, to the payment service providers involved (e.g. payment solution providers, credit card issuers and credit card acquirers). They will also receive the information that the payment method was used in our hotel, the amount and the time of the transaction. Conversely, we will only receive a credit note for the amount of the payment made at the appropriate time, which we can assign to the relevant document number, or information that the transaction was not possible or was cancelled. Please therefore always note the information provided by the respective company, in particular their Privacy Policy and General Terms and Conditions. The legal basis for this transfer is the fulfilment of the contract with you pursuant to Art. 6 (1) (b) EU GDPR.

28. Final provisions

This Privacy Policy does not form part of a contract with you. We may amend this Privacy Policy at any time. The version published on this website is the current version.