Responsible for content of pages
Grand Hotel National AG
T +41 41 419 09 09
F +41 41 419 09 10
VAT No. CHE-298.573.697 MWST
Commercial Register No. CHE-298.573.697
Grand Hotel National AG retains copyright for all the contents of this website.
This website or any part of this website or its content may not be modified, reproduced, copied, uploaded, transmitted, linked or otherwise exploited without the prior written consent of Grand Hotel National Ltd.
You are welcome to browse this website and download, display and print copies of the content of the website for your personal, non-commercial use only.
Links to Other Websites
Some links on our website lead to third-party websites, which are completely beyond our control. Accordingly, we do not assume any responsibility for the accuracy, completeness and legality of the contents of such websites, or for any offers and services contained. Following links to any off-site pages or other websites shall be at your own risk.
Security in the Internet
Please remember that the World Wide Web is a freely accessible, open system. Each time you voluntarily enter personal information online, you do so at your own risk. Your data may be lost as they travel over the Internet, or they may fall into unauthorized hands. Grand Hotel National Ltd. cannot accept any responsibility and/or liability for data security and cannot guarantee that the content that can be accessed from any of its websites is free of viruses or other harmful components.
Disclaimer of Liability
All text and links have been carefully checked and are constantly being updated. We make every reasonable effort to ensure that information provided on this website is accurate and complete but cannot accept any responsibility or liability or give any warranty that information provided by this website is correct, complete or up to date. We reserve the right to modify information on this website at any time without prior notice but do not accept any obligation to update the information it contains. The correctness of all links to external providers was checked at the time of their inclusion but we cannot accept any liability for the content or availability of websites that are accessed via hyperlinks. The provider of pages to which particular links point is solely responsible for any illegal, factually incorrect or incomplete contents and, in particular, for any losses sustained as a consequence of the contents of linked pages. This applies whether such losses are sustained directly or indirectly or are of a pecuniary nature or result from loss of data, downtime or other causes.
Important Legal Information
Grand Hotel National Ltd. (for exact address, see above), is operator of the websites www.grandhotel-national.com and www.residence-national.com and thus responsible for the collection, processing, and use of your personal data and the compatibility of data processing with Swiss law.
The address of our data protection representative in the EU:
VGS Datenschutzpartner UG
Am Kaiserquai 69
Purpose of Collecting and Processing Personal Data
Information you provide helps us to know and serve you better which is part of our Mission to completely delight and satisfy our guests. Of course, we observe the statutory provisions of the Federal Data Protection Act (DSG), the Federal Data Protection Act (VDSG), the Telecommunications Act (FMG) and, if applicable, other data protection provisions, in particular, the Basic Data Protection Regulation of the European Union (DSGVO). In order for you to know what personal information we collect from you and for what purpose we use it, please note the information below.
Data Processing Operations in the Context of Our Website
Calling up Our Website
Each time our website is visited, our servers temporarily save the access information in a log file. The following technical data is collected without your cooperation each time a connection is established to a web server and is saved by us:
- The IP address of the requesting computer
- The name of the owner of the IP address range (usually your Internet access provider) • the date and time of access
- The name and URL of the retrieved file
- The website from which the access occurred (referrer URL) and, if applicable, the search word used
- The status code (e.g. fault message)
- The operating system of your computer and the browser you use
- The country from which you accessed and the language settings in your browser
- The transmission protocol used (e.g. HTTP/1.1) and
- Where applicable, your username from registration/ authentication data
The collection and processing of this data is for the purpose of enabling the use of our website (connection establishment), to ensure the long-term security and stability of the system, to optimize our website, and for internal statistical purposes. This is our legitimate interest in the processing of data within the meaning of Art. 6 para. 1 lit. f DSGVO.
The IP address is used in particular to record the country of residence of the website visitor. Furthermore, the IP address is evaluated for statistical purposes when accessing the network infrastructure of www.grandhotel-national.com and www.residence-national.com and and, where applicable, will be used for identification within the framework of criminal proceedings as well as for civil and criminal action against the users concerned. This constitutes our legitimate interest in data processing within the meaning of Art. 6, Para. 1 a of the GDPR.
Using Our Contact Form
You have the option of using a contact form to contact us. We requite the following information for this (*mandatory):
- Number of nights
- Number of adults*
- Number of children*
- First name, last name*
- E-mail address
- Telephone number
We use this information as well as information given voluntarily by you only so that we can reply to your contact request in the best way possible in a personalised manner. Processing this data is therefore required within the meaning of Art. 6, Para. 1 b of the GDPR for the purposes of implementing pre-contractual measures and is in our legitimate interest in accordance with Art. 6, Para. 1 f of the GDPR.
Subscribing to Our Newsletter
Our website gives you the option of subscribing to our newsletter. Registration is required to do this. The following information is to be provided for the purposes of registering:
- First name
- Last name
- E-mail address
- Your choice of newsletter
The data above is required for data processing. We process this data only so that we can personalise the information and offers we send to you as well as better align such information and offers with your interests.
Upon registering, you give us your consent to process the data provided for the purposes of regularly sending the newsletter to the address you provided as well as performing a statistical analysis of usage behaviour and optimising the newsletter. This consent represents our legal basis for processing your e-mail address within the meaning of Art. 6, Para. 1 a of the GDPR. We are entitled to commission third parties with the technical implementation of advertising measures and are entitled to pass on your data for this purpose (cf. No. 13 below).
There is a link at the end of each newsletter; this link can be used to unsubscribe from the newsletter at any time. As part of the process of unsubscribing, you can choose whether to specify your reason for unsubscribing. Data is only processed further in an anonymised form for the purposes of optimising our newsletter.
Making a Booking Via the Website, Correspondence or a Telephone Call
If you make a booking via our website, correspondence (e-mail or post) or a telephone call, we require the following data in order to process the respective agreement (*mandatory):
- First name, last name
- Postal address
- Post/zip code
- County, state
- Telephone number*
- Credit card information*
- E-mail address
We will only use this data as well as any other data given voluntarily by yourself (e.g. expected arrival time, vehicle number plate, preferences and comments) for the purposes of performing the respective agreement, unless otherwise stated in this data protection declaration or you have not specifically consented to this. Specifically, we will process the data in order to register your booking as requested, provide the services booked, contact you in the event of any ambiguities or problems and ensure the respective payment transaction is correct. The legal basis for processing data for this purpose lies in fulfilling an agreement in accordance with Art. 6, Para. 1 b of the GDPR.
In many aspects, cookies help to make your visit to our website easier, more convenient and useful. Cookies are information files that your web browser automatically saves on the hard drive of your computer when you visit our website.
Most Internet browsers accept cookies automatically. However, you can configure your browser so that cookies are not saved on your computer or a message always appears when you receive a new cookie.
Deactivating cookies can result in not being able to use all the functions of our website.
Tools & Social Plugins
On our website we use tracking tools. These tracking tools are used to monitor your browsing behaviour on our website. This is carried out with the purpose of structuring our website in line with visitors’ needs and optimising our website on a continuous basis. In this context, pseudonymised usage profiles are created and small text files – saved on your computer ('cookies') – are used. Information regarding your use of this website provided by the respective cookie is transmitted to the servers of the parties providing these services, where the information is saved and prepared for us. In addition to the data specified under “Calling up our website”, we may receive the following information:
- The navigation path a visitor takes on the site
- The length of time spent on the website or subpage
- The subpage on which the visitor left the website
- The country, region or city from which the website is accessed
- End device (type, version, colour depth, resolution, width and height of the browser window) and
- Whether the visitor is a recurring visitor or new visitor.
The information is used to analyse the use of the website, compile reports on website activities and to perform other services associated with website usage and Internet usage for the purposes of market research and structuring our website in line with visitors' needs. If necessary, this information is also passed onto third parties, provided this is legally required or third parties process this data on our behalf.
The following tracking tools are used:
The provider of Google Analytics is Google Inc., an enterprise of holding company Alphabet Inc., which is based in the USA. Prior to transmitting data to the provider, the IP address is shortened within the member states of the European Union or in other contracting states part of the Agreement on the European Economic Area by means of activating the IP anonymization function ("anonymise IP") on this website. The anonymised IP address transmitted by your browser within the framework of Google Analytics is not combined with other data by Google. Only in exceptional cases is the full IP address transmitted by Google to a server in the USA and shortened there. In these cases, we use contractual guarantees to ensure that Google Inc. maintains an adequate level of data protection. According to Google Inc., the IP dress will never be linked with other data concerning the user. You can find more information of the web analysis services used on the Google Analytics website. You can find instructions on how to prevent your data from being processed by a web analysis service at http://tools.google.com/dlpage/gaoptout?hl=de].
Social Media Plug-Ins
The website uses the social plugins described below. The plugins are disabled by default on our website whenever possible and therefore do not send any data. By clicking on the corresponding social media button, you can activate the plugins. If these plugins are activated, your browser will establish a direct connection with the servers of the respective social network as soon as you access one of our websites. The content of the plugin is transmitted by the social network directly to your browser and incorporated by this into the website. The plugins can be deactivated with a click. Further information can be found in the respective privacy statements of the providers.
The following social plugins are used:
Youtube is an online video portal that allows video publishers to upload video clips and other users to view, rate and comment on them for free. YouTube authorises the publication of all types of videos, allowing visitors to view full-length films and television programmes as well as music videos, trailers or videos made by users themselves on the online portal.
YouTube’s operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
With every call-up of an individual page of this website, operated by those responsible for processing and on which a YouTube component (YouTube video) has been integrated, the internet browser on the IT system of the data subject is automatically authorised by each YouTube component to download a presentation of the relevant YouTube component. Further information about YouTube can be found at https://www.youtube.com/yt/about/de/ . As part of this technical process, YouTube and Google gain information about the specific subpages of our website that are visited by the data subject.
Provided the data subject is logged into YouTube at the same time, by calling up a subpage that contains a YouTube video, YouTube can identify which specific subpage of our website the data subject visits. This information is collected by YouTube and Google and assigned to the YouTube account of the data subject.
YouTube and Google are then always informed via the YouTube components that the data subject has visited our website, when the data subject is logged into YouTube at the time of calling up our website; this happens regardless of whether or not the data subject clicks on a YouTube video. If the data subject does not want this information to be transmitted to YouTube and Google in this way, this transmission can be prevented by logging out of your YouTube account before calling up our website.
The data protection regulations published by YouTube which can be accessed at https://www.google.de/intl/de/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.
On our website, we use social plugins (“plugins”) of Instagram, operated by Instagram LLC.,1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are identified with an Instagram logo, for example in the form of an “Instagram camera”. You can find an overview of the Instagram plugins and what they look like here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges
When you call up a page of our website that contains a plugin like this, your browser establishes a direct connection to the Instagram servers. The content of the plugin is transmitted straight to your browser by Instagram and integrated into the page. Through this integration, Instagram is informed that your browser has called up the relevant page of our website, even if you do not have an Instagram profile or are not logged into Instagram. This information (including your IP address) is transmitted from your browser directly to an Instagram server in the USA and is stored there.
If you are logged into Instagram, Instagram can directly assign your visit to our website to your Instagram account. When you interact with the plugins, for example when you press the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts there.
If you do not wish for Instagram to directly assign the data collected on our website to your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent Instagram plugins from loading using add-ons for your browser e.g. using the script blocker “NoScript” (http://noscript.net/).
On our website, we use social plugins of the social network Facebook, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. The plugins are indicated with a Facebook logo or the addition “Social plugin of Facebook” or “Facebook social plugin”.
You can find an overview of the Facebook plugins and what they look like here: https://developers.facebook.com/docs/plugins
When you call up a page of our website that contains a plugin like this, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted straight to your browser by Facebook and integrated into the page. Through this integration, Facebook is informed that your browser has called up the relevant page of our website, even if you do not have a Facebook profile or are not logged into Facebook. This information (including your IP address) is transmitted from your browser directly to a Facebook server in the USA and is stored there.
If you are logged into Facebook, Facebook can directly assign your visit to our website to your Facebook profile. When you interact with the plugins, for example when you press the “Like” button or leave a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.
If you do not wish for Facebook to directly assign the data collected on our website to your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent Facebook plugins from loading using add-ons for your browser e.g.
On our website, we use social plugins of the social network Pinterest, operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA. The plugins can for example be identified as buttons with the phrase “Pin it” on a white or red background. You can find an overview of the Pinterest plugins and what they look like here: https://developers.pinterest.com/docs/getting-started/introduction/
When you call up a page of our website that contains a plugin like this, your browser establishes a direct connection to the Pinterest servers. The content of the plugin is transmitted straight to your browser by Pinterest and integrated into the page. Through this integration, Pinterest is informed that your browser has called up the relevant page of our website even if you do not have a Pinterest profile or are not logged into Pinterest. This information (including your IP address) is transmitted from your browser directly to a Pinterest server in the USA and is stored there.
If you are logged into Pinterest, Pinterest can directly assign your visit to our website to your Pinterest profile. When you interact with the plugins, for example when you press the “Pin it” button, this information is also transmitted directly to a Pinterest server and stored there. The information is also published on Pinterest and is displayed to your contacts there.
If you do not wish for Pinterest to directly assign the data collected on our website to your Pinterest profile, you must log out of Pinterest before visiting our website. You can also completely prevent Pinterest plugins from loading using add-ons for your browser e.g. using the script blocker “NoScript” (http://noscript.net/).
Evaluation of Newsletter Usage
For sending our newsletter, we use third party email marketing services. Therefore, our newsletter can contain a so-called Web Beacon (counting pixel) or similar technical means. A web beacon is a 1x1 pixel, non-visible graphic that is related to the user ID of each newsletter subscriber. The use of corresponding services enables the evaluation of whether the emails with our newsletter have been opened. In addition, the click behavior of the newsletter recipients can also be recorded and evaluated. We use this data for statistical purposes and to optimize the content and structure of the newsletter. The counting pixel is deleted when you delete the newsletter. To prevent the use of tracking pixels in our newsletter, please set your email program so that in messages no HTML is displayed.
Data Processing Operations in the Context of Your Stay
Data Processing Operations to Fulfil Statutory Reporting Obligations
When staying at our hotel, we require the following information from you and any people accompanying you:
- First name, last name
- Postal address and canton (or region if you live outside of Switzerland)
- Date of birth - Place of birth
- Official identification card and number (or identification document if you live outside of Switzerland)
- Day of arrival and departure
- Room number
We collect this information to fulfil statutory reporting obligations that come from hospitality or police legislation in particular. Insofar as we are obligated in accordance with applicable regulations, we pass this information onto the responsible police authorities. Complying with legal requirements constitutes our legitimate interest within the meaning of Art. 6, Para. 1 f of the GDPR.
Performing Related Services
If you pay for addition services during your stay (for example, if you use items from the mini-bar or make use of the 'pay TV' service), the service and the time the service was procured are recorded for invoicing purposes. Processing this data is required in order to perform the agreement with us within the meaning of Art. 6, Para. 1 b of the GDPR.
Saving and Exchanging Data with Third Parties
If you make a booking via a third-party platform, we receive various personal information from the respective platform operator. As a general rule, the information provided is the data listed under No. 5 of this data protection declaration. In addition, any enquiries regarding your booking are forwarded to us. In specific terms, we will process the data in order to register your booking as requested as well as provide the services booked. The legal basis for processing data for this purpose lies in fulfilling an agreement in accordance with Art. 6, Para. 1 b of the GDPR. Finally, we may be informed of any disagreements in relation to a booking by the platform operators. In this case, we may also receive information on the booking process, which can also include a copy of the booking confirmation as evidence that the respective booking was completed. We process this data to maintain and enforce our claims. This constitutes our legitimate interest within the meaning of Art. 6, Para. 1 f of the GDPR. Please also observe the data protection information of the respective provider.
Saving and Linking Data Centrally
We save the data specified above in a central electronic data processing system. Your personal data is systematically recorded and linked for processing your bookings and processing contractual services. For this purpose, we use software provided by Oracle Switzerlande, Rainstrasse 1, 8143 Stallikon. We process this data within the framework of the software on the basis of our legitimate interest within the meaning of Art. 6, Para.1 f of the GDPR with regard to ensuring customer-friendly and efficient customer data management.
We only save personal data for as long as is necessary in order to make use of the tracking services mentioned above as well as the other processing operations within the scope of our legitimate interest. We store contract data for a longer period as this is stipulated by statutory storage obligations. Storage obligations that oblige us to store data come from regulations regarding reporting right and invoicing as well as from tax law. In accordance with these regulations, business-related communication, concluded contracts and accounting records are to be stored for up to ten years. If we no longer need this data to perform services for you, the data is locked. This means that the data may only be used for invoicing activities and tax purposes.
Passing Data Onto a Third Party
We only pass on your personal data if you have expressly consented to this, there is a legal obligation to do so or this is required in order to enforce our rights – particularly to assert claims resulting from the contractual relationship. Furthermore, we pass your data onto third parties if this is required within the framework of using the website and performing the agreement (including beyond the website) – specifically, processing your bookings.
The service provider to whom the personal data collected via the website is forwarded or the service provider that has or can have access to this data is our web hosting service provider iWay AG, Badenerstrasse 569 in 8048 Zürich. The website is hosted on servers in Switzerland. Data is passed on for the purposes of providing and maintaining the functions of our website. This constitutes our legitimate interest within the meaning of Art. 6, Para. 1 f of the GDPR.
Finally, if you make a credit card payment on the website, we forward your credit card information to your credit card issuer as well as the credit card acquirer. If you choose to make a credit card payment, you are asked to enter all of the information required. The legal basis for forwarding data lies in fulfilling an agreement in accordance with Art. 6, Para. 1 b of the GDPR. With regard to your credit card information being processed by these third parties, please also read the general terms and conditions as well as the data protection declaration of your credit card issuer.
Transferring Personal Data Abroad
Right to information, correction, deletion, and restriction of processing; Right to data portability
You have the right to receive information about the personal data that we store about you free of charge upon request. In addition, you have the right to correct inaccurate data and the right to delete your personal data, as far as there is no statutory storage obligation or an authorization requirement that allows us to process the data. In addition, according to Articles 18 and 21 DSGVO, you have the right to demand a restriction of data processing and to oppose data processing. You also have the right to reclaim from us the data you have given us (right to data portability). On request, we also pass the data on to a third party of your choice. You have the right to receive the data in a common file format. You can reach us for the aforementioned purposes at our e-mail address email@example.com. We may, at our sole discretion, require proof of identity to process your requests.
We use appropriate technical and organizational security measures to protect your stored personal data against manipulation, partial or complete loss, and unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. You should always keep your information confidential and close the browser window when you have finished communicating with us, especially if you share your computer with others. We also take internal privacy very seriously. Our employees and the service companies commissioned by us have been sworn to secrecy and to comply with data protection regulations.
Information on Data Transfer in the USA
For the sake of completeness, we would like to point out to users with a residence or registered office in Switzerland that there are supervision measures implemented by US authorities in the USA; these measures generally enable all the personal data of any person whose data has been transferred to the USA from Switzerland to be saved. This takes place without any differentiation, restriction or exception on the basis of the pursued objective and without an objective criterion, which enables US authorities to access the data and restrict later use of the data to very specific and strictly limited purposes that justify any operations associated with accessing and using this data. Furthermore, we would like to draw attention to the fact that there are no judicial remedies in the USA for affected persons from Switzerland that allow them to receive access to the data concerning them and to correct or delete the data – in other words, there is no effective judicial protection against the general access rights of the US authorities. We are making those concerned explicitly aware of this legal and factual situation so that they can make a correspondingly informed decision as to whether they give their consent for their data to be used.
We would like to point out to users with a residence in an EU member state that – from the perspective of the EU – the USA does not offer an adequate level of data protection for a number of reasons, including the issues referred to in this section. Insofar as we have explained in this data protection declaration that the recipients of the data (such as Google) are based in the USA, we will either make use of contractual agreements with these companies or ensure that these companies are certified in line with the EU or Swiss-US Privacy Shield to make sure that your data is adequately protected by our partners.
Right to Lodge a Complaint with a Data Protection Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority at any time.
This page was last updated on 18 July 2018. If you have any questions or comments about our legal notices or data protection, please contact us at firstname.lastname@example.org.