Déclaration de confidentialité

  • 1 Responsible party and content of this privacy policy

    Grand Hotel National AG is the operator of the Grand Hotel National (hereinafter referred to as “hotel” or ‘we’) and the websites www.grandhotel-national.com and www.apartments-national.com (hereinafter referred to as “website”) and, unless otherwise stated in this privacy policy, is responsible for the data processing described in this privacy policy.

    In this privacy policy, we describe what we do with your data when you visit our website, purchase our services or products, are otherwise connected to us within the scope of a contract, communicate with us, or otherwise have dealings with us. This is not an exhaustive description; other privacy policies or general terms and conditions and similar documents may regulate specific matters. We use the term “data” here synonymously with “personal data” or “personal information.”

    If you transmit or disclose data about others to us, we assume that you are authorized to do so and that this data is correct. By transmitting data about third parties, you confirm this. Please also ensure that these third parties have been informed about this privacy policy.

    This privacy policy is based on the requirements of the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). However, whether and to what extent the GDPR applies depends on the individual case.

  • 2 Contact person for data protection

    If you have any questions about data protection or would like to exercise your rights, please write to the following address:

    Grand Hotel National AG
    Haldenstrasse 4
    6006 Lucerne
    Switzerland
    [email protected]

     

    You can contact our data protection advisor at:
    Swiss Infosec AG
    Datenschutzberater
    Meienriesliweg 15
    6210 Sursee
    Switzerland
    [email protected]

     

    The address of our data protection representative in the EU is:
    VGS Datenschutzpartner UG 
    Am Kaiserquai 69
    20457 Hamburg
    Germany
    [email protected]

     

  • 3 Describtion and scope of data processing

    3.1 Contacting us

    If you contact us via our contact addresses and channels (e.g., by email, telephone, or contact form), your personal data will be processed. The data you have provided us with (e.g., your name, email address, or telephone number and your request) will be processed. The data collected in the case of a contact form can be seen on the respective form. In addition, the time of receipt of the request will be documented. Mandatory fields in contact forms are marked with an asterisk (*).

    We process this data exclusively for the purpose of fulfilling your request (e.g., providing information about our hotel, assisting with contract processing, such as questions about your booking, incorporating your feedback into the improvement of our services, etc.). The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f EU GDPR in fulfilling your request or, if your request is aimed at concluding or processing a contract, the necessity for carrying out the necessary measures within the meaning of Art. 6 (1) lit. b EU GDPR.

    3.2 Use of our chat function 

    When you contact us via chat, your personal data will be processed. The data you provide us with (e.g., your name, email address, and your request) will be processed. In addition, the time of receipt of the request will be documented. We process this data exclusively for the purpose of fulfilling your request (e.g., providing information about a hotel, assisting with contract processing, such as questions about your wine order, providing information about an event, or assisting with registration for an event, incorporating your feedback into the improvement of our services, etc.).

    We use a software application from HiJiffy, R. das Eiras 5, 7960-262 Vidigueira, Portugal, to handle communication via the chat function. Your data may therefore be stored in a HiJiffy database, which may allow HiJiffy to access your data if this is necessary for the provision of the software and for support in using the software. Further information on data protection at HiJiffy can be found here.

    The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in the use of modern communication technologies or, if your request is aimed at the conclusion or execution of a contract, in the implementation of the necessary measures within the meaning of Art. 6 (1) (b) GDPR.

    HiJiffy may wish to use some of this data for its own purposes (e.g., to send marketing emails or for statistical analysis). HiJiffy is the controller for this data processing and must ensure compliance with data protection laws in connection with this data processing. Information about data processing by HiJiffy can be found here.

    3.3 Ordering via our online shop

    You can order a wide range of products and vouchers on our website. To do this, we collect various data from you (e.g. your name, address, email address, telephone number, payment details). The mandatory fields in the corresponding form are marked with an asterisk (*).

    We use this data and other data you voluntarily provide only to fulfill your order according to your wishes. This data is therefore processed in accordance with Art. 6 (1) (b) EU GDPR for the purpose of implementing pre-contractual measures and executing a contract.

    We use a software application from Idea Creation GmbH, Walchestrasse 15, 8006 Zurich, Switzerland (Idea) to provide the online shop. Your data may therefore be stored in a database belonging to Idea, which may allow Idea to access your data if this is necessary for the provision of the software and for support in using the software. Further information about data processing in connection with Idea can be found here.

    3.4 Data processing for bookings

    3.4.1 Booking on the website, by correspondence, or by telephone

    If you make bookings via our website, by correspondence (e-mail or letter) or by telephone, we will process the personal data you provide (e.g. name, e-mail address, telephone number, credit card information) in order to make your reservations and process other purchase transactions. The mandatory fields in the corresponding form are marked with an asterisk (*).

    We will only use this data and other information you voluntarily provide (e.g., expected arrival time, vehicle registration number, preferences, comments) to process the contract, unless otherwise stated in this privacy policy or you have given your separate consent. We will process the data by name in order to record your booking as requested, to provide the booked services, to contact you in case of uncertainties or problems, and to ensure correct payment. Your credit card details will be automatically deleted after your departure.

    The legal basis for data processing for this purpose is the fulfillment of a contract in accordance with Art. 6 (1) (b) EU GDPR or your consent in accordance with Art. 6 (1) (a) EU GDPR. You can revoke your consent at any time with future effect.

    For booking processing via our website, we use a software application from Sabre Hospitality Solutions GmbH, Unterschweinstiege 2–14, 60549 Frankfurt am Main, Germany (Sabre). Therefore, your data may be stored in a Sabre database, which may allow Sabre to access your data if necessary for the provision of the software and for support in using the software. Further information about data processing in connection with Sabre can be found here.

    3.4.2 Bookings via booking platforms

    If you make bookings via a third-party platform (i.e., via Booking, Hotel, Escapio, Expedia, Holiday-check, Hotel Tonight, HRS, Kayak, Mr. & Mrs. Smith, Splendia, Tablet Hotels, Tripadvisor, Trivago, Weekend4Two, etc.), we receive various personal information from the respective platform operator in connection with the booking made. This is usually the data listed in section 3.4 of this privacy policy. In addition, inquiries about your booking may be forwarded to us. We will process this data by name in order to record your booking as requested and to provide the booked services. The legal basis for data processing for this purpose is the implementation of pre-contractual measures and the fulfillment of a contract in accordance with Art. 6 (1) (b) EU GDPR.

    Finally, we may be informed by the platform operators about disputes in connection with a booking. In this context, we may also receive data relating to the booking process, which may include a copy of the booking confirmation as proof of the actual booking. We process this data to protect and enforce our claims. This constitutes our legitimate interest within the meaning of Art. 6 (1) lit. f EU GDPR.

    Please also note the information on data protection provided by the respective booking platform.

    3.5 Data processing during payment processing

    3.5.1 Payment processing at the hotel 

    When you purchase products or services or pay for your restaurant visit using electronic means of payment, data processing is required. By using the payment terminals, you transmit the information stored in your payment method, such as the name of the cardholder and the card number, to the payment service providers involved (e.g., payment solution providers, credit card issuers, and credit card acquirers). They also receive information that the payment method was used in one of our companies, the amount, and the time of the transaction. Conversely, we only receive the credit for the amount of the payment made at the relevant time, which we can assign to the relevant receipt number, or information that the transaction was not possible or was canceled. Please always note the information provided by the respective company, in particular the privacy policy and the general terms and conditions. The legal basis for this transfer is the fulfillment of the contract with you in accordance with Art. 6 (1) lit. b GDPR.

    For payment processing via the contact form, we use a software application from Worldline Switzerland AG, Hardturmstrasse 201, 8021 Zurich, Switzerland (Worldline). Your data may therefore be stored in a Worldline database, which may allow Worldline to access your data if this is necessary for the provision of the software and for support in using the software. Further information about data processing in connection with Worldline can be found here.

    3.5.2 Online payment processing

    If you make paid bookings on our website, depending on the service and desired payment method, you will be required to provide additional information in addition to the information specified in sections 3.3 and 3.4, such as your credit card details or login details for your payment service provider. This information, as well as the fact that you have purchased a service from us for the relevant amount and at the relevant time, will be forwarded to the respective payment service providers (e.g., payment solution providers, credit card issuers, and credit card acquirers). Please always note the information provided by the respective company, in particular the privacy policy and the general terms and conditions. The legal basis for this transfer is the fulfillment of a contract in accordance with Art. 6 (1) (b) GDPR.

    We reserve the right to store a copy of your credit card information as security. In order to avoid payment defaults, the necessary data, in particular your personal details, may also be transmitted to a credit agency for automated assessment of your creditworthiness. In this context, the credit agency may assign you a so-called score value. This is an estimated value of the future risk of default, e.g. based on a percentage. The value is calculated using mathematical-statistical methods and data from the credit agency and other sources.  We reserve the right not to offer you the “invoice” payment method based on the information received. The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) lit. f. GDPR in avoiding payment defaults.

    3.6 Reserving a table

    On our website, you have the option of reserving a table at one of the restaurants listed on our website. To do this, we collect various data from you (e.g., your name, email address, telephone number, desired number of guests, comments, date, and time of the reservation). The mandatory fields in the corresponding form are marked with an asterisk (*).

    We collect and process the data solely for the purpose of processing the reservation, in particular to compile your reservation request in accordance with your wishes, to make the reservation, and to contact you in case of any uncertainties or problems.

    We use the restaurant management system of Aleno AG, Werdstrasse 21, 8004 Zurich, Switzerland (aleno) to manage and process reservations in our restaurants. Your data is therefore stored in an aleno database, which allows aleno to access your data if this is necessary for the provision of the software and for support in using the software. For more information on how aleno works and its data protection policy, please refer to aleno's terms of use and privacy policy. The legal basis for processing your data for this purpose is the fulfillment of a contract in accordance with Art. 6 (1) (b) EU GDPR.

    3.7 Submission of reviews

    To help other users make purchasing decisions and to support our quality management (in particular the processing of negative feedback), you have the option of reviewing our products on our website. The data you have provided us with will be processed and published on the website, i.e. in addition to your review and the time it was submitted, this may also include any comments you have added to your review or the name you have provided.

    The legal basis for data processing is your consent within the meaning of Art. 6 (1) (a) EU GDPR.

    We reserve the right to delete illegal reviews and to contact you if we suspect any such reviews and ask you to comment. The legal basis for this processing is our legitimate interest within the meaning of Art. 6 (1) lit. f EU GDPR in providing the comment and review function and preventing misuse of this function.

    3.8 Applying for a vacant position  

    You have the option of applying to us spontaneously or via a corresponding email address for a specific job advertisement. For this purpose, we collect various data from you (e.g., your name, your address, your email address, the documents and certificates submitted by the applicant). The mandatory fields in the corresponding form are marked with an asterisk (*).

    We use this and other data you voluntarily provide to review your application. Application documents from applicants who are not considered will be deleted after the application process has been completed, unless you explicitly agree to a longer retention period or we are legally obliged to retain them for a longer period. The legal basis for processing your data for this purpose is therefore the performance of a contract (pre-contractual phase) in accordance with Art. 6 (1) (b) EU GDPR.

    We use software from Yousty AG, Limmatstrasse 21, 8005 Zurich, Switzerland (Yousty) to process applications. Your data may therefore be stored in a Yousty database, which may allow Yousty to access your data if this is necessary for the provision of the software and for support in using the software. Further information about data processing in connection with Yousty can be found here.

    3.9 Data processing for the fulfillment of statutory reporting obligations

    Upon arrival at our hotel, we require certain information from you and your companions in order to comply with legal reporting requirements, which also includes passing this information on to the relevant local or cantonal authorities (e.g., name, address, date of birth, nationality, official identification document and number, arrival and departure dates). The mandatory fields in the corresponding form are marked with an asterisk (*).

    We collect this information to comply with legal reporting requirements, which arise in particular from hospitality or police law. Insofar as we are obliged to do so under the applicable regulations, we forward this information to the relevant police authority.

    This data is processed on the basis of a legal obligation within the meaning of Art. 6 (1) (c) EU GDPR

    3.10 Recording of services used

    If you use additional services during your stay (e.g., wellness, restaurant, activities), we will record the service and the time at which it was used for billing purposes. The processing of this data is necessary for the performance of the contract with us within the meaning of Art. 6 (1) (b) EU GDPR.

    3.11 Guest feedback

    If you have provided us with your email address in connection with your booking, you will receive an electronic form after departure. For this purpose, we collect data (name, age, nationality, length of stay, experience report of the stay), whereby mandatory information is marked with an asterisk (*) in the corresponding form.

    The information is voluntary and helps us to continuously improve our offerings and services and tailor them to your needs. We will use the information provided to us exclusively for statistical purposes, unless otherwise stated in this privacy policy or unless you have given your separate consent. We will process the data by name in order to contact you in case of any uncertainties. For the aforementioned purposes, the legal basis for processing is our legitimate interest within the meaning of Art. 6 (1) (f) EU GDPR.

    In connection with guest feedback, we use a software application from Trustyou GmbH, Schmellerstrasse 9, 80337 Munich, Germany (Trustyou). Therefore, your data may be stored in a Trustyou database, which may allow Trustyou to access your data if this is necessary for the provision of the software and for support in using the software. Further information about data processing in connection with Trustyou can be found here.

    3.12 Video surveillance

    To prevent misuse and to take action against illegal behavior (in particular theft and damage to property), the entrance area and the publicly accessible areas of our companies are monitored by cameras. The image data is only viewed if there is suspicion of illegal behavior.

    We use a service provider to provide the video surveillance system, which may have access to the data if this is necessary for the provision of the system. If the suspicion of unlawful conduct is confirmed, the data may then be passed on to consulting firms (in particular our law firm) and authorities to the extent necessary to enforce claims or file a complaint. The legal basis for this is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in protecting our property and safeguarding and enforcing our rights.

    We rely on a service provider, Telsec ESS Schweiz AG, Leuholz 10B, 8855 Wangen (Telsec), to provide the video surveillance system. Telsec has access to the data to the extent necessary for the provision of the system. If suspicion of unlawful conduct is confirmed, the data may be passed on to consulting firms (in particular to a law firm) and authorities to the extent necessary to enforce claims or file a complaint. Further information on data processing in connection with Telsec can be found here.  

    3.13 Use of our WiFi network

    At our companies, you have the option of using the WiFi network operated by Swisscom (Switzerland) AG, Alte Tiefenaustrasse 6, 3050 Bern, Switzerland, free of charge. To prevent misuse and take action against illegal behavior, prior registration is required. When registering, you will provide Swisscom (Switzerland) AG with the following data:

    • Mobile phone number
    • MAC address of the end device (automatically)

    In addition to the above data, each time the WiFi network is used, data on the company visited, including the time, date, and device, is recorded. The legal basis for this processing is your consent. Customers can revoke their registration at any time by notifying us.

    Swisscom must comply with the legal obligations of the Federal Act on the Surveillance of Postal and Telecommunications Traffic (BÜPF) and the associated ordinance. Provided that the legal requirements are met, the WiFi operator must monitor Internet use and data traffic on behalf of the competent authority. The WiFi operator may also be required to disclose the customer's contact, usage, and peripheral data to the authorized authorities. The contact, usage, and peripheral data are stored for six months in a manner that identifies the individual and then deleted.

    The legal basis for this processing is our legitimate interest within the meaning of Art. 6 (1) (f) EU GDPR in providing a WiFi network in compliance with the applicable legal requirements.

    3.14 Contracual services

    We process the data of our contractual partners and interested parties as well as other clients, customers, and principals (“contractual partners”) in order to provide them with our contractual or pre-contractual services. The data processed in this context, the type, scope, and purpose of the processing, and the necessity of the processing are determined by the underlying contractual relationship.

    The data processed includes the master data of our contractual partners (e.g., names and addresses), contact details (e.g., email addresses and telephone numbers), contract data (e.g., services used, contract content, contractual communication, names of contact persons), and payment data (e.g., bank details, payment history).

    The legal basis for processing your data for this purpose is the fulfillment of a contract in accordance with Art. 6 (1) (b) GDPR.

    3.15 Holding events

    When we hold events (e.g. to market our products and services), we also process personal data. This includes the name and postal or email address of participants or interested parties and, depending on the event, other data such as your date of birth or photographs taken during the event. We process this information for the preparation, implementation, and follow-up of the events. Data relevant to the implementation may also be passed on to third parties. The legal basis for data processing is your consent within the meaning of Art. 6 (1) GDPR. Participants can revoke their consent at any time by notifying us. Upon revocation, you are no longer entitled to participate in the event.

    3.16 Prize draws and competitions

    If you participate in prize draws and competitions, we collect the personal data necessary to conduct the prize draw or competition. This usually includes your name and contact details (e.g., email address). The mandatory fields in the corresponding form are marked with an asterisk (*). Communication data may also be collected during the course of the prize draw or competition (e.g., content of emails and other written correspondence, details of the type, time, and, where applicable, location of the communication).

    This data is used for the purpose of participating in the prize draw and competition and for conducting the prize draw and competition, i.e., specifically to determine and contact the winners. We may pass on your personal data to our prize draw and competition partners, e.g. to send you your prize. Participation in the prize draw and competition and the associated data collection is, of course, voluntary.

    By participating in the competition, participants agree that the relevant data may be processed for the aforementioned purposes. The legal basis for data processing is therefore your consent within the meaning of Art. 6 (1) GDPR. Participants may revoke their consent at any time by notifying us. Upon revocation, participants are no longer entitled to participate in the prize draw or competition. Detailed information can be found in our terms and conditions of participation for the respective prize draw and competition.

    3.17 Profiling and automated decision-making

    We process your personal data for the purposes stated in this privacy policy and evaluate it in a partially automated manner. This also includes so-called “profiling,” i.e., the automated processing of data for analysis and forecasting purposes. We mainly use profiling to send you targeted information and offers about our products/services. We use analysis tools that enable us to communicate in a needs-based manner and provide personalized advertising, including market and opinion research.

    “Automated individual decisions” are understood to be decisions that are made entirely automatically, i.e., without human influence, and that have legal consequences for the person concerned or significantly affect them in other ways. As a rule, we do not make automated decisions for the establishment and execution of a business relationship and do not otherwise rely on fully automated decision-making. If we use such procedures in individual cases, we will inform you separately if this is required by law and explain your rights in this regard. You then have the option of having the decision reviewed by a human being if you disagree with it.

    3.18 Artifical intelligence  

    We may use artificial intelligence (AI) to support our existing activities. Artificial intelligence applications may also process personal data, but this is not always the case. We are aware that the use of artificial intelligence in data processing can entail certain risks and uncertainties. That is why we have internal guidelines that ensure the legally responsible use of AI.

    We take responsibility for the content generated or decisions made by AI on our behalf, and if a decision has a significant impact on the person concerned, we ensure that it can be reviewed by a human being (see section 3.18). If AI used by us interacts directly with you, we will inform you of this.

    The legal basis for any data processing attributed to us is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in the use of new technologies such as artificial intelligence. If consent has been requested, processing will be carried out exclusively on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time.

    For further processing of the data by the respective provider as the (sole) controller under data protection law, in particular any disclosure of this information to third parties such as authorities due to national legal regulations, please refer to the respective data protection information provided by the provider.

  • 4 Use of your data for marketing purposes

    4.1 Central data storage and analysis in the CRM system 

    If it is possible to clearly identify you, we will store and link the data described in this privacy policy, i.e. in particular your personal details, your contacts, your contract data, and your surfing behavior on our website in a central database. This serves the efficient management of customer data and allows us to respond appropriately to your concerns and enables the efficient provision of the services you request and the processing of the associated contracts. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR in the efficient management of user data.

    We evaluate this data in order to further develop our offerings in line with your needs and to display and suggest the most relevant information and offers to you. We also use methods that predict possible interests and future orders based on your website usage. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) (f) EU GDPR in carrying out marketing measures.

    For central data storage and analysis in the CRM system, we use a software application from Oracle Software (Switzerland) GmbH, Rainstrasse 1, 8143 Stallikon, Switzerland (Oracle). Your data may therefore be stored in an Oracle database, which may allow Oracle to access your data if this is necessary for the provision of the software and for support in using the software. Further information about data processing in connection with Oracle can be found at https://www.oracle.com/ch-de/legal/privacy/. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR in carrying out marketing activities.

    4.2 Email marketing and marketing

    When you register for one of our email newsletters, various data will be collected from you (e.g., your email address), depending on the newsletter. Mandatory fields in the registration form are marked with an asterisk (*).

    By registering, you give us your consent to process the data provided for the regular dispatch of the newsletter to the address you have provided and for the statistical evaluation of usage behavior and the optimization of the newsletter. This consent constitutes our legal basis for data processing within the meaning of Art. 6 (1) lit. a GDPR. To prevent misuse and to ensure that the owner of an email address has actually given their consent, we use the double opt-in procedure for registration. After submitting your registration, you will receive an email from us containing a confirmation link. To definitively subscribe to the newsletter, you must click on this link. If you do not click on the confirmation link within the specified period, your data will be deleted and our newsletter will not be sent to this address.

    We use your data for email correspondence until you revoke your consent. You can revoke your consent at any time, in particular via the unsubscribe link in all our marketing emails.

    Our marketing emails may contain a so-called web beacon or 1x1 pixel (tracking pixel) or similar technical tools. A web beacon is an invisible graphic that is linked to the user ID of the respective newsletter subscriber. For each marketing email sent, we receive information about which addresses have not yet received the email, to which addresses it was sent, and to which addresses the delivery failed. It also shows which addresses opened the email, how long they opened it, and which links they clicked on. Finally, we also receive information about which addresses have unsubscribed. We use this data for statistical purposes and to optimize the advertising emails in terms of frequency, timing, structure, and content. This allows us to better tailor the information and offers in our emails to the individual interests of the recipients.

    The web beacon is deleted when you delete the email. To prevent the use of web beacons in our marketing emails, please set the parameters of your email program so that HTML is not displayed in messages, if this is not already the case by default. You can find information on how to configure this setting in the help sections of your email software, e.g., here for Microsoft Outlook.

    By subscribing to the newsletter, you also consent to the statistical analysis of user behavior for the purpose of optimizing and adapting the newsletter. This consent constitutes our legal basis for processing the data within the meaning of Art. 6 (1) (a) EU GDPR.

    We use a software application from Cendyn LLC, 980 N Federal Hwy Fl 2, Boca Raton, Florida, 33432, USA (Cendyn) to provide marketing emails. Therefore, your data may be stored in a Cendyn database, which means that Cendyn may access your data if this is necessary for the provision of the software and for support in using the software. Further information about data processing in connection with Cendyn can be found here. The legal basis for this processing is our legitimate interest within the meaning of Article 6(1)(f) EU GDPR in using the services of third-party providers.

  • 5 Disclosure and transfer abroad

    5.1 Disclosure to third parties and access by third parties

    We only disclose your personal data if you have expressly consented to this, if it is necessary for the initiation or execution of a contract, if there is a legal obligation to do so, or if it is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship or other rights, or if the processing is carried out to safeguard a legitimate interest on our part or on the part of third parties.

    In addition, we will disclose your data to third parties to the extent necessary for the use of the website to provide the services you have requested and to analyze your user behavior. To the extent necessary for the purposes mentioned in sentence 1, the data may also be transferred abroad. If the website contains links to third-party websites, the hotel has no influence on the collection, processing, storage, or use of personal data by the third party after you click on these links and accepts no responsibility for this.

    In addition to the third parties already mentioned in this privacy policy, personal data may be transferred to the following recipients:

    • Affiliated companies within the group: These companies may use your data for the same purposes as we do, as described in this privacy policy. In particular, the companies within the group will have access to your master data, contract data, registration data, and behavioral and preference data in order to provide you with offers from their own range of products and services or to advertise these to you. If you wish to object to the transfer and use of your data for marketing purposes, you can do so through us, even if this concerns another company in the group, because the data has already been transferred. The recipients generally process the data on their own responsibility.
    • Service providers: We work with service providers in Germany and abroad who (i) process data on our behalf (so-called contract processors, e.g., in the areas of IT, hosting, and support), (ii) process data jointly with us, or (iii) process data on their own responsibility that they have received from us or collected on our behalf. These service providers include, for example, IT service providers (providers of software solutions, hosting, and support), services for processing reservation data or in the area of CRM, payment processing, advertising agencies, consulting firms, transport companies, suppliers, etc. For the service providers used for the website, see sections 6 ff. Our main service provider in the IT sector is Microsoft. More information on how Microsoft processes data can be found here; for the use of Microsoft Teams in particular, see here. We generally enter into contracts with these third parties regarding the use and protection of personal data.
    • Customers and other contractual partners: This primarily refers to customers (e.g., guests) and other contractual partners of ours to whom your data is transferred as a result of the contract (e.g., because you work for a contractual partner or they provide services for you). This category of recipients also includes entities with whom we cooperate or who advertise for us and to whom we therefore transfer data about you for analysis and marketing purposes (these may be, for example, sponsors and providers of online advertising). We require these partners to only send you advertising or display it based on your data if you have consented to this (for the online area, see sections 6 ff.).
    • Authorities and courts: We may disclose personal data to government agencies, courts, and other authorities in the United States and abroad if we are legally obligated to do so or if it is necessary to protect our rights, in particular to enforce claims arising from our relationship with you. These recipients process the data on their own responsibility.
    • Other persons: This refers to other cases where the involvement of third parties arises from the purposes stated in this privacy policy (e.g., media and press offices).

    All of these categories of recipients may in turn involve third parties, meaning that your data may also become accessible to them. We also allow certain third parties to collect personal data from you on our website and at events organized by us, for which they are also responsible (e.g., media photographers, providers of tools that we have integrated into our website, etc.). Insofar as we are not significantly involved in this data collection, these third parties are solely responsible for it. If you have any concerns or wish to assert your data protection rights, please contact these third parties directly

    5.2 Data transfer abroad

    We do not only process personal data in Switzerland. Your data may be processed both within the European Union and in any country in the world (including the USA). We are entitled to forward your data to third-party companies abroad if this is necessary for the execution of your orders, if it is legally permissible, or if you have given us your consent. If the level of data protection in the country where the processing third party is located is considered inadequate by Swiss standards or within the meaning of the EU General Data Protection Regulation or other legal systems, we will provide appropriate safeguards (e.g. standard contractual clauses) to ensure adequate data protection, provided that there is no legal exception (e.g., your consent), the recipient is not already subject to a legally recognized set of rules (e.g., Swiss-U.S. or EU-U.S. Data Privacy Framework) to ensure data protection, or we can rely on an exception provision. Such contractual arrangements (guarantees) partially compensate for weaker or lacking legal protection, but not all risks can be completely ruled out (e.g., government access abroad).

  • 6 Background data processing on our website

    6.1 Log file data

    When you visit our website, the servers of our hosting provider (iWay AG, Switzerland) temporarily store each access in a log file. The following data is collected without your intervention and stored by us until it is automatically deleted:

    • the IP address of the requesting computer,
    • the date and time of access
    • the name and URL of the file accessed,
    • the website from which access was made, including any search terms used,
    • the operating system of your computer and the browser you are using (including type, version, and language settings),
    • device type in the case of access via mobile phones,
    • the city or region from which access was made,
    • the name of your Internet access provider.

    This data is collected and processed for the purpose of enabling the use of our website (connection establishment), ensuring long-term system security and stability, and for error and performance analysis, enabling us to optimize our website (see also section 6.3 for the last points).

    In the event of an attack on the website's network infrastructure or if other unauthorized or abusive use of the website is suspected, the IP address and other data will be evaluated for investigation and defense purposes and, if necessary, used in criminal proceedings to identify and take civil and criminal action against the users concerned.

    The purposes described above constitute our legitimate interest in data processing within the meaning of Art. 6 (1) (f) EU GDPR.

    Finally, when you visit our website, we use cookies and applications and tools that are based on the use of cookies. In this context, the data described here may also be processed. You can find more detailed information on this in the following sections of this privacy policy, in particular section 6.2.

    6.2 Cookies

    When you use our website (including newsletters and other digital offerings), data is generated and stored in logs (in particular technical data). We may also use cookies and similar technologies (e.g., pixel tags or fingerprints) to recognize website visitors, evaluate their behavior, and identify their preferences. A cookie is a small file that is transmitted between the server and your system and enables the recognition of a specific device or browser.

    Some of the cookies we use are temporary session cookies. These are automatically deleted from your computer or mobile device at the end of the browser session. We also use permanent cookies. These remain stored on your computer or mobile device after the end of the browser session.

    You can set your browser to automatically reject, accept, or delete cookies. You can also deactivate or delete cookies in individual cases. You can find out how to manage cookies in your browser in the help menu of your browser.

    6.3 Tracking and web analysis tools

    6.3.1 General information on tracking 

    We use the web analysis services listed below for the purpose of designing our website in line with user requirements and continuously optimizing it. In this context, pseudonymized usage profiles are created and cookies are used. The information generated by the cookie about your use of this website is usually transferred together with the log file data listed in section 6.1 to a server of the service provider, where it is stored and processed. This may also involve transfer to servers abroad, e.g., in the USA (see section 5.2 for more information, in particular on the safeguards taken).

    The processing of the data provides us with the following information, among other things:

    • The navigation path is taken by a visitor on the site (including content viewed and products selected or purchased or services booked)
    • length of stay on the website or subpage,
    • the subpage on which the website is left
    • the country, region, or city from which access is made,
    • terminal device (type, version, color depth, resolution, width, and height of the browser window), and
    • returning or new visitor.

    On our behalf, the provider will use this information to evaluate the use of the website, to compile reports on website activity for us, and to provide other services related to website activity and internet usage for the purposes of market research and the needs-based design of this website. For these processing operations, we and the providers can be considered jointly responsible under data protection law to a certain extent.

    The legal basis for this data processing with the following tools is your consent within the meaning of Art. 6 (1) (a) EU GDPR. You can revoke your consent at any time or refuse processing by rejecting or disabling the relevant cookies in your web browser settings or by making use of the service-specific options described below.

    For further processing of the data by the respective provider as the (sole) controller under data protection law, in particular any disclosure of this information to third parties such as authorities due to national legal regulations, please refer to the respective data protection information of the provider.

    6.3.2 Analysis services 

    We currently use services provided by the following service providers in particular. Their contact details and further information on the individual data processing operations can be found in the respective privacy policy:

     

     

     

    6.4 Online Advertising and targeting 

    6.4.1 In general

    We use services from various companies to present you with relevant offers online. In this process, your user behaviour on our website and on websites of other providers is analysed in order to subsequently display online advertising tailored specifically to you.

    Most technologies for tracking your user behaviour (“tracking”) and for targeted advertising (“targeting”) work with cookies, which allow your browser to be recognized across different websites. Depending on the service provider, it may also be possible for you to be recognized online even when using different devices (e.g., laptop and smartphone). This can occur, for example, if you have registered with a service that you use on multiple devices.

    In addition to the data already mentioned, which is generated when accessing websites (“logfile data”) and when using cookies and which may be transmitted to the companies involved in the advertising networks, the following data in particular is used to select the advertisements that are potentially most relevant to you:

    • Information about you that you provided when registering for or using a service from advertising partners (e.g., your gender, age group);
    • User behavior (e.g., search queries, interactions with ads, types of websites visited, products or services viewed or purchased, newsletters subscribed to).

    We and our service providers use this data to determine whether you belong to the target audience we are addressing and take this into account when selecting advertisements. For example, after you have visited our site, you may see ads for the products or services you viewed when visiting other sites (“re-targeting”). Depending on the amount of data, a user profile may also be created, which is analyzed automatically, and ads are then selected based on the information contained in the profile, such as membership in certain demographic segments or potential interests or behaviors. Such ads can be displayed to you across various channels, including our website or apps, as well as advertisements delivered through the online advertising networks we use, such as Google.

    The data may then be analyzed for billing purposes with the service provider and to assess the effectiveness of advertising measures, helping us better understand the needs of our users and customers and improve future campaigns. This can also include information indicating that a specific action (e.g., visiting certain sections of our website or submitting information) can be attributed to a particular advertisement. In addition, we receive aggregated reports from the service providers about ad activity and information on how users interact with our website and ads.

    The legal basis for this data processing is your consent under Article 6(1)(a) of the EU General Data Protection Regulation (GDPR). You can withdraw your consent at any time by rejecting or disabling the relevant cookies in your web browser settings. Additional options for blocking advertising can also be found in the information provided by the respective service provider, such as Google.

    6.4.2 Services

    • Microsoft Advertising: Online marketing services for the purpose of placing content and ads within the service provider’s advertising network (e.g., in search results, videos, on websites, etc.) so that they are shown to users who are likely to be interested in the ads. In addition, we measure ad conversions, i.e., whether users took action in response to the ads and engaged with the promoted offers (so-called conversions). However, we only receive anonymous information and no personal data about individual users. service provider: Microsoft Corporation (USA) or Microsoft Ireland Operations Limited (Ireland); information on data protection: «Privacy Policy», «Opt-Out», «Legal, Privacy and Security»; contract processing agreement: «Microsoft Products and Services Data Protection Addendum (DPA)»; Basis for transfer to third countries: Data Privacy Framework (DPF), standard contractual clauses «Microsoft Products and Services Data Protection Addendum (DPA)».

     

     

     

    6.5 Social Media

    6.5.1 Social Media profile

    On our website, we have included links to our profiles on the social networks of the following providers:

    Facebook
    Meta Platforms Inc. (USA) / Meta Platforms Ireland Ltd. (Ireland): Privacy Information

    Instagram 
    Meta Platforms Inc. (USA) / Meta Platforms Ireland Ltd. (Ireland): Privacy Information

    Tripadvisor
    Tripadvisor LLC (USA)/Tripadvisor Ireland Ltd. (Ireland) or Tripadvisor Ltd. (United Kingdom): Privacy Information

    X(ehemals Twitter)
    X Corporation (USA) / Twitter International Unlimited Company (Ireland): Privacy Information

    Snapchat
    Snap Inc. (USA): Privacy Information

    TikTok
    TikTok Technology Limited (USA) / TikTok Technology Limited (Ireland) and TikTok Information Technologies UK Limited (United Kingdom): Privacy Information

    Pinterest
    Pinterest Inc. (USA) / Pinterest Europe Limited (Ireland): Privacy Information

    YouTube
    Google LLC (USA) / Google Ireland Limited (Ireland): Privacy Information

    When you click on the social media icons, you will be automatically redirected to our profile on the respective network. This establishes a direct connection between your browser and the server of the respective social network. As a result, the network receives information that you visited our website and clicked on the link using your IP address.

    If you click on a link to a network while logged into your account on that network, the content of our website can be linked to your profile, allowing the network to directly associate your visit to our website with your account. To prevent this, you should log out before clicking the relevant links. A connection between your access to our website and your account will in any case occur if you log in to the respective network after clicking the link. The respective provider is the data controller for the associated data processing. Please refer to the information provided on the network’s website.

    The legal basis for any data processing potentially attributable to us is our legitimate interest under Article 6(1)(f) of the EU General Data Protection Regulation (GDPR) in the use and promotion of our social media profiles.

    6.5.2 Social Media plugins

    On our website, you can use social plugins from the following provider:

    Facebook
    Meta Platforms Inc. (USA) / Meta Platforms Ireland Ltd. (Ireand): Privacy Information

    Instagram
    Meta Platforms Inc. (USA) / Meta Platforms Ireland Ltd. (Ireland): Privacy Information

    Tripadvisor
    Tripadvisor LLC (USA)/Tripadvisor Ireland Ltd. (Ireland) or Tripadvisor Ltd. (United Kingdom): Privacy Information

    Youtube
    Google LLC (USA) / Google Ireland Limited (Ireland): Privacy Information

    We use social plugins to make it easier for you to share content from our website. The social plugins help us increase the visibility of our content on social networks and thus contribute to better marketing.

    The plugins are deactivated by default on our website and therefore do not send any data to the social networks when our website is merely accessed. To enhance privacy protection, we have integrated the plugins in such a way that a connection to the networks’ servers is not established automatically. Only when you activate the plugins and thereby give your consent to the transmission and processing of data by the providers of the social networks does your browser establish a direct connection to the servers of the respective social network.

    The content of the plugin is transmitted directly from the social network to your browser and embedded into the website by your browser. This allows the respective provider to receive information that your browser has accessed the corresponding page of our website, even if you do not have an account with the social network or are not logged in. This information (including your IP address) is transmitted directly from your browser to a server of the provider (usually in the USA) and stored there. We have no influence over the extent of the data collected by the provider through the plugin; from a data protection perspective, we may be considered jointly responsible with the providers to a certain extent.

    If you are logged into the social network, it can directly associate your visit to our website with your user account. When you interact with the plugins, the corresponding information is also transmitted directly to a server of the provider and stored there. The information (e.g., that you like a product or service from us) may also be published on the social network and potentially displayed to other users of the network. The social network provider may use this information for advertising purposes and to tailor the offerings to user needs. This may include creating usage, interest, and relationship profiles—for example, to analyze your use of our website in relation to ads displayed on the social network, to inform other users about your activities on our website, and to provide other services associated with the use of the social network. For information on the purpose and scope of data collection, further processing and use of data by the social network providers, as well as your rights and privacy settings, please refer directly to the privacy information provided by the respective provider.

    If you do not want the social network provider to associate the data collected via our website with your user account, you must log out of the social network before activating the plugins. The legal basis for the described data processing is your consent under Article 6(1)(a) of the EU General Data Protection Regulation (GDPR). You can withdraw your consent at any time by submitting your revocation directly to the plugin provider in accordance with the instructions in their privacy information.

    6.6 Integration of additional third-party services and content

     

     

     

  • 7 Retention periods

    We only store personal data for as long as it is necessary to process it within the scope of our legitimate interests. Contract data is retained for a longer period, as this is required by statutory retention obligations. Retention requirements that obligate us to store data arise in particular from accounting and tax law. According to these regulations, business communications, concluded contracts, and accounting records must be retained for up to 10 years.

    To the extent we no longer need this data to provide our services to you, the data will be blocked. This means that the data may only be used if it is necessary to fulfill retention obligations or to assert and defend our legal interests. Data will be deleted as soon as there is no longer any retention obligation and no legitimate interest in retaining it.

  • 8 Data security 

    We use appropriate technical and organizational security measures to protect the personal data stored with us against loss and unlawful processing, in particular unauthorized access by third parties. These security measures include, for example, IT and network security solutions, encryption of data storage and transmissions, access controls and restrictions, issuance of instructions, confidentiality agreements, and audits. The security measures are regularly reviewed and updated to reflect the current state of technology. However, security risks cannot be completely eliminated; residual risks are unavoidable.

    When you register with us as a customer, access to your customer account is only possible after entering your personal password. You should always treat your payment information confidentially and close your browser window when you have finished communicating with us, especially if you share the computer with others.

    We also take internal data protection very seriously. Our employees and the service providers we engage are obliged by us to maintain confidentiality and protect data privacy. Furthermore, these individuals are granted access to personal data only to the extent necessary to perform their duties.

  • 9 Your rights

    Under the applicable data protection laws and to the extent provided therein, you have the following rights:

    Right of Access: You have the right to request access at any time to the personal data we hold about you, if we are processing such data.

    Right to Rectification: You have the right to have incorrect or incomplete personal data corrected.

    Right to Erasure: You have the right to have your personal data deleted under certain circumstances. In individual cases, particularly where statutory retention obligations apply, the right to erasure may be excluded. In such cases, data may instead be blocked if the conditions for deletion are not met.

    Right to Data Portability: You have the right to request the transfer of certain personal data from us in a commonly used electronic format or its transmission to another controller.

    Right to Withdraw Consent: You generally have the right to withdraw any consent you have given at any time. Processing activities carried out in the past based on your consent are not rendered unlawful by your withdrawal.

    Right to Object: You have the right to object to the processing of your data, in particular processing for purposes of direct marketing, profiling conducted for direct advertising, and other legitimate interests in processing.

    Right to Further Information: You have the right to request further information necessary to exercise these rights.

    Automated Individual Decisions: You have the right, in the case of automated individual decisions, to present your point of view and to request that the decision be reviewed by a natural person.

    To exercise these rights, please send us an email at: [email protected].

    Right to Lodge a Complaint: You also have the right to enforce your claims through the courts or to file a complaint with the competent data protection authority.

    Please note that conditions, exceptions, or limitations may apply to these rights (e.g., if we are legally required to retain or process certain data, if we have overriding legitimate interests (to the extent we are allowed to rely on them), or if the data is necessary for asserting claims). We will inform you accordingly where applicable.

This page was last updated in December 2025.

 

Download

Detailaufnahme Bett Kopfkissen und Nachttisch
Close

Avantage réservation directe

  • Nous vous garantissons le meilleur prix sur notre propre site web
  • Surclassement gratuit de la chambre dans la catégorie supérieure est possible, sous réserve de disponibilité
  • Une pièce de chocolat lucernois de chez Aeschbach Chocolatier
  • Un bon de réduction de CHF 10 par réservation à la Sharing Brasserie Juliette