Déclaration de confidentialité

    • 1 Person responsible and content of this privacy policy

      The Grand Hotel National AG, is the operator of the Grand Hotel National (hotel) and the websites www.grandhotel-national.com and www.apartments-national.com (website) and is, unless otherwise stated in this privacy policy, responsible for the data processing listed in this privacy policy.

      For you to know what personal data we collect from you and for what purposes we use it, please take note of the information below. When it comes to data protection, we are guided primarily by the legal requirements of Swiss data protection law, in particular the Swiss Federal Data Protection Act (DSG), as well as the DSGVO, the provisions of which may be applicable in individual cases.

      Please note that the following information will be reviewed and amended from time to time. We therefore recommend that you regularly review this privacy policy. Furthermore, for individual data processing listed below, other companies are responsible under data protection law or jointly responsible with us, so that in these cases the information of these providers is also authoritative.

    • 2 Contact person for data protection

      If you have any questions about data protection or would like to exercise your rights, please contact our contact person for data protection by sending an e mail to the following address: info@grandhotel national.com

      The address of our data protection representative in the EU is:

      VGS Datenschutzpartner UG
      Am Kaiserquai 69
      20457 Hamburg
      Deutschland

      [email protected]
      http://www.datenschutzpartner.eu

    • 3 Scope and purpose of the collection, processing and use of personal data

      3.1 Data processing when contacting us

      If you contact us via our contact addresses and channels (e.g. by e-mail, telephone or contact form), your personal data will be processed. The data that you have provided to us will be pro-cessed, e.g. Your name, e-mail address or telephone number and your request. In addition, the time of receipt of the request is documented. Mandatory information is marked with an asterisk (*) in con-tact forms. We process this data in order to implement your request (e.g. providing information about our hotel, support in contract processing such as questions about your booking, incorporating your feedback into the improvement of our services, etc.).

      The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in the implementation of your request or, if your request is directed to the conclusion or exe-cution of a contract, the necessity for the implementation of the necessary measures within the meaning of Art. 6 (1) (b) GDPR.

      3.2 Data processing for orders via our online shop

      On our website you have the possibility to order vouchers. For this purpose, we collect the following data, whereby mandatory information is marked with an asterisk (*) during the ordering process:

      • Salutation
      • Forename
      • Surname
      • Billing and delivery address
      • Telephone number
      • Email
      • Method of payment
      • Shipping
      • Marketing email subscription details
      • Confirmation of acknowledgment and consent to terms and conditions and data protection regulations

      We use the data to establish your identity before concluding a contract. We need your e-mail address to confirm your order and for future communication with you – which is necessary for the execution of the contract. We store your data together with the marginal data of the order (e.g. name, price and characteristics of the ordered products), the data for payment (e.g. selected payment method, confirmation of payment and time; see also section 3.5.2) as well as the information on the processing and fulfilment of the contract (e.g. receipt of and handling of complaints) in our CRM database (see section 4) so that we can guarantee correct order processing and contract fulfilment.

      The legal basis for this data processing is the fulfilment of a contract with you in accordance with Art. 6 (1) (b) GDPR.

      The provision of data that is not marked as mandatory is voluntary. We process this data in order to tailor our offer to your personal needs in the best possible way, to facilitate the processing of contracts, to contact you with a view to fulfilling the contract if necessary by an alternative communication channel or for statistical recording and evaluation to optimize our offers.

      The legal basis for this data processing is your consent within the meaning of Art. 6 (1) (a) GDPR. You can revoke your consent at any time by notifying us.

      For the provision of the online shop, we use a software application from Idea Creation GmbH, Walchestrasse 15, 8006 Zurich, Switzerland. Therefore, your data may be stored in a database of Idea Creation GmbH, which may allow Idea Creation GmbH to access your data if this is necessary for the provision of the software and for support in the use of the software. Information on the processing of data by third parties and any transfer abroad can be found in section 5 of this privacy policy.

      The legal basis for this data processing is the fulfilment of a contract with you in accordance with Art. 6 (1) (b) GDPR.

      3.3 Data processing for bookings

      3.3.1 Booking via our website

      On our website you have the possibility to book an overnight stay. For this purpose, we collect the following data, whereby mandatory information is marked with an asterisk (*) during the booking process:

      • Salutation
      • Forename
      • Surname
      • Billing address
      • Birthday
      • Telephone number
      • Email
      • Method of payment
      • Booking Details
      • Remarks
      • Marketing email subscription details
      • Confirmation of acknowledgment and consent to terms and conditions and data protection regulations

      We use the data to establish your identity before concluding a contract. We need your e-mail address to confirm your booking and for future communication with you – which is necessary for the execution of the contract. We store your data together with the marginal data of the booking (e.g. room category, period of stay as well as name, price and characteristics of the services), the data on payment (e.g. selected payment method, confirmation of payment and time; see also section 3.5.2) as well as the information on the processing and fulfilment of the contract (e.g. receipt of and handling of complaints) in our CRM database (see section 4), so that we can guarantee correct booking processing and contract fulfilment.

      Insofar as this is necessary for the fulfillment of the contract, we will also pass on the required information to any third-party service providers (e.g. organizers or transport companies).

      The legal basis for this data processing is the fulfilment of a contract with you in accordance with Art. 6 (1) (b) GDPR.

      The provision of data that is not marked as mandatory is voluntary. We process this data in order to tailor our offer to your personal needs in the best possible way, to facilitate the processing of contracts, to contact you with a view to fulfilling the contract if necessary by an alternative communication channel or for statistical recording and evaluation to optimize our offers.

      The legal basis for this data processing is your consent within the meaning of Art. 6 (1) (a) GDPR. You can revoke your consent at any time by notifying us.

      For booking via our website, we use a software application from Sabre Hospitality Solutions GmbH, Unterschweinstiege 2 – 14, 60549 Frankfurt am Main, Germany. Therefore, your data may be stored in a database of Sabre Hospitality Solutions GmbH, which may allow Sabre Hospitality Solutions GmbH to access your data if this is necessary for the provision of the software and for support in the use of the software. Information about the processing of data by third parties and any transfer abroad can be found in section 5 of this data protection declaration.

      The legal basis for this data processing is the fulfilment of a contract with you in accordance with Art. 6 (1) (b) GDPR.

      3.3.2 Booking via a booking platform

      If you make bookings via a third-party platform (i.e. Booking, Hotel, Escapio, Expedia, Holidaycheck, Hotel Tonight, HRS, Kayak, Mr. & Mrs. Smith, Splendia, Tablet Hotels, Tripadvisor, Trivago, Weekend4Two, etc.), we receive various personal data from the respective platform operator in connection with the booking made. As a rule, this is the data listed in section 3.3.1 of this data protection declaration. In addition, inquiries about your booking may be forwarded to us. We will process this data by name in order to record your booking as requested and to provide the booked services.

      The legal basis for data processing for this purpose lies in the implementation of pre-contractual measures and the fulfilment of a contract in accordance with Art. 6 para. 1 lit. b DSGVO.

      Finally, we may exchange personal data with the platform operators in connection with disputes or complaints in connection with a booking, insofar as this is necessary to protect our legitimate interests. This may also include data on the booking process on the platform or data relating to the booking or processing of services and the stay with us. We process this data to protect our legitimate claims and interests in the processing and maintenance of our contractual relationships with the platform operators.

      Your data is stored in the databases of the platform operators, which allows them to access your data. Information about the processing of data by third parties and any transfer abroad can be found in section 5 of this data protection declaration.

      The legal basis for data processing for this purpose lies in our legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

      3.4 Data processing when reserving a table

      On our website you have the possibility to reserve a table in a restaurant mentioned on our website. For this purpose, we collect – depending on the respective offer – the following data, whereby man-datory information is marked with an asterisk (*) when making a reservation via the website:

      • Forename
      • Surname
      • Number of guests
      • E-mail address
      • Telephone number
      • Comment
      • Date and time of reservation

      We collect and process the data to process the reservation, in particular to make your reservation request according to your request and to contact you in case of ambiguities or problems. We store your data together with the marginal data of the reservation (e.g. date and time of receipt, etc.), the data on the reservation (e.g. assigned table) as well as information on the processing and fulfillment of the contract (e.g. receipt of and handling of complaints) in our CRM database (see section 4), so that we can guarantee correct reservation processing and fulfillment of the contract.

      For the processing of table reservations, we use a software application from Aleno AG, Werdstrasse 21, 8004 Zurich, Switzerland. Therefore, your data may be stored in a database of Aleno AG, which may allow Aleno AG to access your data if this is necessary for the provision of the software and for support in the use of the software. Information about the processing of data by third parties and any transfer abroad can be found in section 5 of this data protection declaration.

      The legal basis for this data processing lies in the fulfilment of a contract with you in accordance with Art. 6 (1) (b) GDPR.

      3.5 Data processing in payment processing

      3.5.1 Payment processing at the hotel

      If you purchase products, purchase services or pay for your stay in our hotel using electronic means of payment, the processing of personal data is necessary. By using the payment terminals, you transmit the information stored in your means of payment, such as the name of the cardholder and the card number, to the payment service providers involved (e.g. providers of payment solutions, credit card issuers and credit card acquirers). They also receive the information that the means of payment was used in our hotel, the amount and the time of the transaction. Conversely, we only receive the credit of the amount of the payment made at the corresponding time, which we can assign to the relevant document number, or information that the transaction was not possible or was cancelled. Always observe the information of the respective company, in particular the privacy policy and the general terms and conditions.

      For payment processing using the contact form, we use a software application from Worldline Schweiz AG, Hardturmstrasse 201, 8021 Zurich, Switzerland. Therefore, your data may be stored in a database of Worldline, which may allow Worldline to access your data if this is necessary for the provision of the software and for assistance in the use of the software. Information about the processing of data by third parties and any transfer abroad can be found in section 5 of this data protection declaration.

      The legal basis for our data processing lies in the fulfilment of a contract with you in accordance with Art. 6 (1) (b) GDPR.

      3.5.2 Online payment processing

      If you make bookings, order services or products on our website for a fee, depending on the product or service and the desired payment method  – in addition to the information mentioned in section 3.3.1 – it is necessary to provide further data, such as: Your credit card information or login to your payment service provider. This information, as well as the fact that you have purchased a service from us at the relevant amount and time, will be forwarded to the respective payment service providers (e.g. providers of payment solutions, credit card issuers and credit card acquirers). Always observe the information of the respective company, in particular the privacy policy and the general terms and conditions.

      The legal basis for our data processing lies in the fulfilment of a contract in accordance with Art. 6 (1) (b) GDPR.

      We reserve the right to store a copy of the credit card information as security. In order to avoid payment cases, the necessary data, in particular your personal details, may also be transmitted to a credit agency for an automated assessment of your creditworthiness. In this context, the credit agency can assign you a so-called score value. This is an estimate of the future risk of default, e.g. based on a percentage. The value is collected using mathematical-statistical methods and incorporating data from the credit agency from other sources.  We reserve the right, according to the information received, not to offer you the payment method "invoice".

      The legal basis for this data processing is our legitimate interest in the avoidance of payment defaults in accordance with Art. 6 para. 1 lit. f. DSGVO.

      3.6 Data processing in the recording and billing of purchased services

      If you receive services within the scope of your stay (e.g. additional overnight stays, wellness, restaurant, activities), the data of the booking (e.g. time and remarks) as well as the data on the booked and purchased service (e.g. object of service, price and time of service purchase) will be collected and processed by us for the purpose of processing the service, as described in sections 3.3 and 3.4.

      The legal basis for our data processing lies in the fulfilment of a contract in accordance with Art. 6 (1) (b) GDPR.

      3.7 Data processing in e-mail marketing

      If you register for our marketing e-mails (e.g. when opening, within your customer account or  as part of an order, booking or reservation), the following data will be collected. Mandatory information is marked with an asterisk (*) during registration:

      • E-mail address
      • Salutation
      • First and last name
      • If necessary, selection of the desired newsletter

      In order to avoid misuse and to ensure that the owner of an e-mail address has actually given her consent to receive marketing e-mails, we rely on the so-called double opt-in during registration. After submitting the registration, you will receive an e-mail from us with a confirmation link. To definitely register for the marketing emails, you need to click on this link. If you do not confirm your e-mail address within the specified period using the confirmation link, your data will be deleted and our marketing e-mails will not be delivered to this address.

      By registering, you consent to the processing of this data in order to receive marketing e-mails from us about our hotel and related information about products and services. These marketing emails may also include invitations to participate in sweepstakes, provide feedback, or review our products and services. The collection of the title and the first and last name allows us to personalize the assignment of the registration to any existing customer account and thus the content of the marketing e-mails. Linking to a customer account allows us to make the offers and content contained in the marketing emails more relevant to you and better tailored to your potential needs.

      We use your data to send marketing e-mails until you revoke your consent. A revocation is possible at any time, in particular via the unsubscribe link contained in all marketing e-mails.

      Our marketing e-mails may contain a so-called web beacon, 1x1 pixel (tracking pixel) or similar technical aids. A web beacon is an invisible graphic that is linked to the user ID of the respective subscriber. For each marketing email sent, we receive information about which email addresses it was successfully delivered to, which email addresses have not yet received the marketing email, and which email addresses failed to deliver. It also shows which email addresses opened the marketing email for how long, and which links were clicked. Finally, we also receive information about which subscribers have unsubscribed from the mailing list. We use this data for statistical purposes and to optimize the marketing e-mails with regard to the frequency and time of sending as well as with regard to the structure and content of the marketing e-mails. This allows us to better tailor the information and offers in our marketing emails to the individual interests of the recipients.

      The web beacon will be deleted when you delete the marketing email. You can prevent the use of web beacons in our marketing e-mails by setting the parameters of your e-mail program so that HTML is not displayed in messages. In the help of your e-mail software application you will find information on how to configure this setting, e.g. here for Microsoft Outlook.

      By subscribing to the marketing e-mails, you also consent to the statistical evaluation of user behavior for the purpose of optimizing and adapting the marketing e-mails.

      For the provision of marketing e-mails, we use a software application from Cendyn LLC, 980 N Federal Hwy Fl 2, Boca Raton, Florida, 33432, United States. Therefore, your data may be stored in a database of Cendyn, which may allow Cendyn to access your data if this is necessary for the provision of the software and to assist in the use of the software. Information about the processing of data by third parties and any transfer abroad can be found in section 5 of this data protection declaration.

      Your consent constitutes the legal basis for the processing of the data within the meaning of Article 6 (1) (a) GDPR. You can revoke your consent at any time for the future.

      3.8 Data processing when submitting guest feedback

      During or after your stay, you have the opportunity to give us feedback (e.g. praise, criticism and suggestions for improvement) using a form. For this purpose, we collect the following data, whereby mandatory information is marked with an asterisk (*) in the corresponding form:

      • First and last name
      • Age
      • Nationality
      • Duration of stay
      • Experience report of the stay

      The processing of your data takes place within the framework of our quality management and thus ultimately for the purpose of better aligning our services and products to the needs of our guests. Specifically, your data will be processed for the following purposes:

      • Clarification of your request, i.e. e.g. obtaining opinions from addressed employees and superiors or obtaining queries from you, etc.;
      • Evaluation and analysis of your data, e.g. preparation of satisfaction statistics, comparison of individual services, etc.; or
      • Taking organizational measures in accordance with the knowledge gained, e.g. remedying grievances/deficits/misconduct, for example by repairing defective equipment, instruction, and praise or reminders from employees.

      In connection with guest feedback, we use a software application from Trustyou GmbH, Schmellerstrasse 9, 80337 Munich, Germany. Therefore, your data may be stored in a database of Trustyou, which may allow Trustyou to access your data if this is necessary for the provision of the software and for assistance in the use of the software. Information about the processing of data by third parties and any transfer abroad can be found in section 5 of this data protection declaration.

      The legal basis for this processing lies in your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke this consent at any time for the future.

      3.9 Data processing in video surveillance

      For the protection of our guests and employees as well as our property as well as for the prevention and punishment of illegal conduct (esp. Theft and damage to property), the entrance area and the publicly accessible areas of our hotel, with the exception of the sanitary facilities, can be monitored by cameras. The image data will only be viewed if there is a suspicion of unlawful conduct. Otherwise, the image captures will be automatically deleted after 14 days.

      For the provision of the video surveillance system, we rely on a service provider Telsec ESS Schweiz AG, Leuholz 10B, 8855 Wangen. Telsec ESS Schweiz AG has access to the data if this is necessary for the provision of the system. If the suspicion of illegal conduct is substantiated, the data may be passed on to consulting firms (in particular to a law firm) and authorities to the extent necessary to enforce claims or file a complaint. Information about the processing of data by third parties and any transfer abroad can be found in section 5 of this data protection declaration. Further information on data processing in connection with Telsec ESS Schweiz AG can be found at https://www.telsec-ess.ch/unternehmen/videoueberwachung.

      The legal basis is our legitimate interest within the meaning of Article 6 (1) (f) GDPR in the protection of our guests, our employees and our property as well as in the protection and enforcement of our rights.

      3.10 Data processing when using our WiFi network

      In our hotel you have the opportunity to use the WiFi network operated by Swisscom (Switzerland) Ltd, Alte Tiefenaustrasse 6, 3050 Bern, Switzerland, free of charge. In order to prevent abuses and to punish illegal conduct, prior registration is required. In doing so, you transmit the following data to Swisscom:

      • Mobile phone number or name and room number
      • MAC address of the end device (automatic)

      In addition to the above data, data on the time and date of use, the network used and the end device are collected each time the WiFi network is used. The legal basis for this processing is your consent within the meaning of Article 6 (1) (a) GDPR. You can revoke this consent at any time for the future.

      Swisscom is responsible for this data processing. As part of the registration process, you give your consent to Swisscom and must accept Swisscom's Terms of Use and Privacy Policy.

      Swisscom must comply with the legal obligations of the Federal Act on the Surveillance of Postal and Telecommunications Traffic (SPTA) and the associated ordinance. If the legal requirements are met, the operator of the WiFi network must monitor the use of the Internet or data traffic on behalf of the competent authority. The operator of the WiFi network may also be obliged to disclose contact, usage and marginal data of the hotel guest to the authorized authorities. The contact, usage and marginal data will be stored for 6 months and then deleted.

      The legal basis for this processing is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in the provision of a Wifi network in compliance with the applicable legal regulations.

      3.11 Data processing in the fulfillment of legal reporting obligations

      Upon arrival at our hotel, we may require you and your companions to provide the following information, with mandatory information marked with an asterisk (*) in the appropriate form:

      • Salutation
      • First and last name
      • Billing address
      • Date of birth
      • Nationality
      • Identity card or passport
      • Day of arrival and departure

      We collect this information in order to fulfil legal reporting obligations, which arise in particular from hospitality or police law. Insofar as we are obliged to do so under the applicable regulations, we will forward this information to the competent authority.

      The legal basis for the processing of this data lies in our legitimate interest within the meaning of Art. 6 (1) (c) GDPR in complying with our legal obligations.

      3.12 Data processing for applications

      You have the opportunity to apply for a job in our company spontaneously or in response to a specific job advertisement. In doing so, we process the personal data provided by you.

      We use the data you provide to check your application and suitability for employment. Application documents from applicants who have not been considered will be deleted at the end of the application process, unless you explicitly agree to a longer retention period or we are not legally obliged to store them for a longer period of time.

      For the processing of applications, we use a software application from Yousty AG, Limmatstrasse 21, 8005 Zurich, Switzerland. Therefore, your data may be stored in a database of Yousty, which may allow Yousty to access your data if this is necessary for the provision of the software and for assistance in the use of the software. Information about the processing of data by third parties and any transfer abroad can be found in section 5 of this data protection declaration.

      The legal basis for the processing of your data for this purpose lies in the execution of a contract (pre-contractual phase) in accordance with Art. 6 (1) (b) GDPR.

    • 4 Central data storage and analysis in the CRM system

      If a clear assignment to your person is possible, we will use the data described in this privacy policy, i.e. Store and link your personal details, your contacts, your contract data and your surfing behaviour on our websites in a central database. This serves the efficient management of customer data, allows us to adequately process your requests and enables the efficient provision of the services you have requested and the processing of the associated contracts.

      The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in the efficient management of user data.

      We also evaluate this data in order to further develop our offers in line with your needs and to be able to display and suggest the most relevant information and offers possible. We also use methods that predict possible interests and future orders based on your use of our website.

      For central data storage and analysis in the CRM system, we use a software application from Oracle Software (Schweiz) GmbH, Rainstrasse 1, 8143 Stallikon, Switzerland. Therefore, your data may be stored in a database owned by Oracle, which may allow Oracle to access your data if this is necessary for the provision of the software and to assist in the use of the software. Information about the processing of data by third parties and any transfer abroad can be found in section 5 of this data protection declaration. For more information about data processing in connection with Oracle, see https://www.oracle.com/ch-de/legal/privacy/.

      The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in carrying out marketing activities.

    • 5 Disclosure and transfer abroad

      5.1 Disclosure to third parties and access by third parties

      Without the support of other companies, we would not be able to provide our services in the desired form. In order for us to be able to use the services of these companies, it is also necessary to pass on your personal data to these companies to a certain extent. Data will be passed on to selected third-party service providers and only to the extent necessary for the optimal provision of our services.

      Various third-party service providers are already explicitly mentioned in this privacy policy. Incidentally, these are the following service providers:

      Cendyn Group LLC, 980 North Federal Highway, Suite 200, Boca Raton, FL 33432, USA, Privacy Policy.

      In the case of these transfers, the necessity for the performance of a contract within the meaning of Art. 6 para. 1 lit. b DSGVO is the legal basis.

      Your data will also be passed on to the extent necessary to fulfil the services you have requested, e.g. to restaurants or providers of other services for which you have made a reservation through us. In the case of these transfers, the necessity for the performance of a contract within the meaning of Art. 6 para. 1 lit. b DSGVO is the legal basis. The third-party service providers are responsible for this data processing within the meaning of the Data Protection Act and not us. It is the responsibility of these third-party service providers to inform you about their own data processing – which goes beyond the disclosure of data for the provision of services – and to comply with data protection laws.

      In addition, your data may be passed on, in particular to authorities, legal advisors or debt collection agencies, if we are legally obliged to do so or if this is necessary to protect our rights, in particular to enforce claims arising from the relationship with you. Data may also be disclosed if another company intends to acquire our business or parts of it and such disclosure is necessary to conduct due diligence or to consummate the transaction.

      The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in safeguarding our rights and compliance with our obligations or the sale of our company or shares thereof.

      5.2 Transfer of personal data abroad

      We are also entitled to transfer your personal data to third parties abroad if this is necessary to carry out the data processing mentioned in this data protection declaration. Individual data transfers are described above in para. 3 has been mentioned. Of course, the legal regulations for the disclosure of personal data to third parties are complied with. The countries to which data is transferred include those which, according to the decision of the Federal Council and the EU Commission, have an adequate level of data protection (such as the member states of the EEA or, from the EU's point of view, Switzerland), but also those states (such as the USA) whose level of data protection is not considered adequate (cf. Annex 1 of the Data Protection Regulation (DPA) and the website of the EU Commission). If the country in question does not have an adequate level of data protection, we guarantee that your data is adequately protected by these companies, unless an exception is specified in individual cases (cf. Art. 49 GDPR) for individual data processing. Unless otherwise stated, these are standard contractual clauses within the meaning of Art. 46 (2) (c) GDPR, which are available on the websites of the Swiss Federal Data Protection and Information Commissioner (FDPIC) and the EU Commission. If you have any questions about the measures taken, please contact our contact person for data protection (see section 2).

      5.3 Notes on data transfers to the USA

      Some of the third-party service providers mentioned in this privacy policy are based in the USA. For the sake of completeness, we would like to point out to users residing or domiciled in Switzerland or the EU that there are surveillance measures in place in the USA by US authorities, which generally enable the storage of all personal data of all persons whose data has been transferred from Switzerland or the EU to the USA. This is done without differentiation, restriction or exception on the basis of the objective pursued and without an objective criterion that makes it possible to limit the access of the US authorities to the data and their subsequent use to very specific, strictly limited purposes that are capable of justifying the intervention associated with both access to and use of this data. In addition, we would like to point out that in the USA there are no legal remedies or effective judicial protection for data subjects from Switzerland or the EU against general access rights of US authorities that allow them to gain access to the data concerning them and to obtain their correction or deletion. We explicitly draw your attention to this legal and factual situation in order to enable you to make an appropriately informed decision to consent to the use of your data.

      We would also like to point out to users residing in Switzerland or a member state of the EU that, from the point of view of the European Union and Switzerland, the USA does not have an adequate level of data protection – partly due to the statements made in this section. Insofar as we have explained in this data protection declaration that recipients of data (such as Google) are based in the USA, we will ensure that your data is adequately protected by our third-party service providers by means of contractual arrangements with these companies and, if necessary, additional necessary appropriate guarantees.

    • 6 Background data processing on our website

      6.1 Data processing when visiting our website (log file data)

      When you visit our website, the servers of our hosting provider iWay AG, Badenerstrasse 569, 8048 Zurich, Switzerland, temporarily store each access in a log file. The following data is collected without any action on your part and stored by us until it is automatically deleted:

      • IP address of the requesting computer;
      • date and time of access;
      • Name and URL of the retrieved file;
      • website from which the access was made, possibly with the search term used;
      • Operating system of your computer and the browser you are using (including type, version and language setting);
      • type of device in case of access by mobile phones;
      • city or region from where the access was made; and
      • name of your internet-access-provider.

      The collection and processing of this data is carried out for the purpose of enabling the use of our website (connection establishment), ensuring system security and stability in the long term, enabling error and performance analysis and optimisation of our website (see also section 6.3 on the last points).

      In the event of an attack on the network infrastructure of the website or in the event of suspicion of other unauthorized or abusive use of the website, the IP address and other data will be evaluated for clarification and defense and, if necessary, used in civil or criminal proceedings for identification against the user concerned.

      In the purposes described above, we have a legitimate interest within the meaning of Article 6 (1) (f) GDPR and thus the legal basis for data processing.

      Finally, when you visit our website, we use cookies as well as applications and tools based on the use of cookies. In this context, the data described here may also be processed. You can find more detailed information on this in the following sections of this privacy policy, in particular section 6.2 below.

      6.2 Cookies

      Cookies are information files that your web browser stores on your computer's hard drive or memory when you visit our website. Cookies are assigned identification numbers that identify your browser and can be used to read the information contained in the cookie.

      Cookies help, among other things, to make your visit to our website easier, more pleasant and more meaningful. We use cookies for various purposes that are necessary for your desired use of the website, i.e. "technically necessary". For example, we use cookies to be able to identify you as a registered user after logging in, without you having to log in again each time you navigate through the various subpages. The provision of ordering and booking functions is also based on the use of cookies. Furthermore, cookies also perform other technical functions required for the operation of the website, such as so-called load balancing, i.e. the distribution of the performance load of the page to different web servers in order to relieve the servers. Cookies are also used for security purposes, e.g. to prevent the unauthorized posting of content. Finally, we also use cookies in the context of the design and programming of our website, e.g. to enable the upload of scripts or codes.

      The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in the provision of a user-friendly and up-to-date website.

      Most Internet browsers accept cookies automatically. However, when you access our website, we ask for your consent to the cookies we use, which are technically not necessary, in particular when using third-party cookies for marketing purposes. You can use the corresponding buttons in the cookie banner to make the settings you wish. Details on the services and data processing associated with the individual cookies can be found within the cookie banner and in the following sections of this privacy policy.

      You may also be able to configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie.

      Disabling cookies may result in you not being able to use all the functions of our website.

      6.3 Tracking and web analytics tools

      6.3.1 General information about tracking

      For the purpose of needs-based design and continuous optimization of our website, we use the web analysis services listed below. In this context, pseudonymised user profiles are created and cookies are used (see also section 6.2). The information generated by the cookie about your use of this website is usually transmitted to a server of the service provider together with the log file data listed in section 6.1, where it is stored and processed. This may also result in a transfer to servers abroad, e.g. the USA (cf. in particular on the lack of an adequate level of data protection and on the guarantees provided, sections 5.2 and 5.3).

      By processing the data, we receive the following information, among others:

      • navigation path taken by a visitor on the site (including content viewed and products or services selected or purchased);
      • time spent on the website or subpage;
      • subpage on which the website is left;
      • country, region or city from which access is made;
      • terminal device (type, version, color depth, resolution, width and height of the browser window); and
      • returning or new visitor.

      On our behalf, the provider will use this information to evaluate the use of the website, in particular to compile website activities and to provide other services related to website activity and internet usage for the purposes of market research and needs-based design of these websites. For this processing, we and the providers can be regarded as joint controllers under data protection law to a certain extent.

      The legal basis for this data processing with the following services is your consent within the meaning of Art. 6 para. 1 lit. a DSGVO. You can revoke your consent or refuse the processing at any time by rejecting or switching off the relevant cookies in the settings of your web browser (see section 6.2) or by making use of the service-specific options described below.

      For the further processing of the data by the respective provider as the (sole) person responsible for data protection, in particular any disclosure of this information to third parties, such as authorities on the basis of national legal regulations, please note the respective data protection information of the provider.

      6.3.2 Google Analytics

      We use the web analysis service Google Analytics from Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

      Deviating from the description in section 6.3.1,  IP addresses are not logged or stored in Google Analytics (in the version "Google Analytics 4" used here). In the case of access originating from the EU, IP address data is only used to derive location data and then deleted immediately. When collecting metrics in Google Analytics, all IP lookups are done on EU-based servers before traffic is routed to Analytics servers for processing. In Google Analytics, regional data centers are used. If a connection is established in Google Analytics to the nearest available Google data center, the measurement data is sent to Analytics via an encrypted HTTPS connection. In these centers, the data is further encrypted before being forwarded to Analytics' processing servers and made available on the platform. IP addresses are used to determine the most appropriate on-premises data center. This may also result in data being transferred to servers abroad, e.g. the USA (cf. in particular the lack of an adequate level of data protection and the guarantees provided, section 5.2).

      In doing so, we also use the technical extension "Google Signals", which enables cross-device tracking. This makes it possible to assign a single website visitor to different end devices. However, this only happens if the visitor has logged into a Google service when visiting the website and has activated the "personalized advertising" option in his Google account settings at the same time. Even then, however, no personal data or user profiles will be accessible to us; They remain anonymous to us. If you do not wish to use "Google Signals", you can deactivate the "personalized advertising" option in your Google account settings.

      Users can prevent the collection of data generated by the cookie and related to the use of the website by the user concerned (including the IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/.

      As an alternative to the browser plug-in, users can click this link to prevent Google Analytics from collecting data on the website in the future. An opt-out cookie is stored on the user's device. If the user deletes cookies (see section 6 Cookies), the link must be clicked again.

      6.4 Social Media

      6.4.1 Social Media Profiles

      On our website we have included links to our profiles in the social networks of the following providers:

      • Meta Platforms Inc., 1601 S California Ave, Palo Alto, CA 94304, USA, Privacy Policy.
      • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Privacy Policy.
      • Tripadvisor Inc., 400 1st Avenue, Needham, MA 02494, USA, Privacy Policy.
      • TrustYou GmbH, Steinerstraße 15, 81369 Munich, Germany, Germany, Privacy Policy.

      If you click on the icons of the social networks, you will be automatically redirected to our profile in the respective network. A direct connection is established between your browser and the server of the respective social network. As a result, the network receives the information that you have visited our website with your IP address and clicked on the link. This may also result in data being transferred to servers abroad, e.g. the USA (cf. in particular on the lack of an adequate level of data protection and on the guarantees provided, sections 5.2 and 5.3).

      If you click on a link to a network while you are logged into your user account with the network in question, the content of our website can be linked to your profile so that the network can assign your visit to our website directly to your account. If you want to prevent this, you should log out before clicking on the corresponding links. A connection between your access to our website and your user account takes place in any case when you log in to the respective network after clicking on the link. The respective provider is responsible for the associated data processing under data protection law. Therefore, please note the data protection information on the network's website.

      The legal basis for any data processing attributed to us is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in the use and promotion of our social media profiles.

      6.4.2 Social Media Plugins

      On our website you can use social media plugins from the providers listed below:

      • Meta Platforms Inc., 1601 S California Ave, Palo Alto, CA 94304, USA, Privacy Policy.
      • Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, Privacy Policy.

      We use the social media plugins to make it easier for you to share content from our website. The social media plugins help us to increase the perceptibility of our content in the social networks and thus contribute to better marketing.

      The plugins are deactivated by default on our websites and therefore do not send any data to the social networks when our website is simply accessed. To increase data protection, we have integrated the plugins in such a way that a connection to the servers of the networks is not automatically established. Only when you activate the plugins by clicking on them and thus give your consent to the data transmission and further processing by the providers of the social networks, your browser establishes a direct connection to the servers of the respective social network.

      The content of the plugin is transmitted directly from the social network to your browser, which integrates it into the website. As a result, the respective provider receives the information that your browser has accessed the corresponding page of our website, even if you do not have an account with this social network or are not currently logged in to it. This information (including your IP address) is transmitted directly from your browser to a server of the provider (usually in the USA) and stored there (cf. in particular on the lack of an adequate level of data protection and on the guarantees provided, sections 5.2 and 5.3). We have no influence on the scope of the data that the provider collects with the plugin, although from a data protection point of view we can be regarded as jointly responsible with the providers to a certain extent.

      If you are logged in to the social network, it can assign your visit to our website directly to your user account. If you interact with the plugins, the corresponding information is also transmitted directly to a server of the provider and stored there. The information (e.g. that you like a product or service from us) may also be published on the social network and may be displayed to other users of the social network. The provider of the social network may use this information for the purpose of placing advertising and tailoring the respective offer to meet your needs. For this purpose, usage, interest and relationship profiles could be created, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on the social network, to inform other users about your activities on our website and to provide other services related to the use of the social network. The purpose and scope of the data collection and the further processing and use of the data by the providers of the social networks as well as your rights in this regard and setting options for the protection of your privacy can be found directly in the data protection information of the respective provider.

      If you do not want the provider of the social network to assign the data collected via our website to your user account, you must log out of the social network before activating the plugins. In the case of the data processing described, your consent within the meaning of Art. 6 (1) (a) GDPR forms the legal basis. You can revoke your consent at any time by declaring your revocation to the provider of the plugin in accordance with the information in its privacy policy.

      6.5 Online Advertising and Targeting

      6.5.1 Generally

      We use the services of various companies to provide you with interesting offers online. In doing so, your user behavior on our website and websites of other providers is analyzed in order to be able to show you online advertising that is individually tailored to you.

      Most technologies for tracking your user behavior (tracking) and for the targeted display of advertising (targeting) work with cookies (see also section 6.2), with which your browser can be recognized via various websites. Depending on the service provider, it may also be possible for you to be recognized online even when using different end devices (e.g. laptop and smartphone). This may be the case, for example, if you have registered with a service that you use with multiple devices.

      In addition to the data already mentioned, which is generated when websites are accessed (log file data, see section 6.1) and when cookies are used (section 6.2) and which may be transferred to the companies involved in the advertising networks, the following data in particular is included in the selection of the potentially most relevant advertising for you:

      • Information about yourself that you have provided when registering or using a service provided by advertising partners (e.g. your gender, age group); and
      • User behaviour (e.g. search queries, interactions with advertisements, types of websites visited, products or services viewed and purchased, newsletters subscribed to).

      We and our service providers use this data to identify whether you belong to the target group we are addressing and take this into account when selecting advertisements. For example, after you have visited our site, when you visit other pages, you may be shown advertisements of the products or services you have consulted (re-targeting). Depending on the scope of the data, a profile of a user may also be created, which is automatically evaluated, whereby the ads are selected according to the information stored in the profile, such as belonging to certain demographic segments or potential interests or behavior. Such advertisements may be displayed to you on various channels, including our website or app (as part of on-site and in-app marketing) as well as advertisements that are mediated via the online advertising networks we use, such as Google.

      The data can then be evaluated for the purpose of billing the service provider and to assess the effectiveness of advertising measures in order to better understand the needs of our users and customers and to improve future campaigns. This may also include the information that the performance of an action (e.g. visiting certain sections of our websites or sending information) is due to a specific advertisement. We also receive aggregated reports of ad activity and information about how users interact with our website and ads from the service providers.

      The legal basis for this data processing is your consent within the meaning of Art. 6 (1) (a) GDPR. You can revoke your consent at any time by rejecting or switching off the relevant cookies in the settings of your web browser (see section 6.2). You can also find further options for blocking advertising in the information provided by the respective service provider, such as Google.

      6.5.2 Google Ads

      This website uses the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google) for online advertising, as explained in section 6.5.1. Google uses cookies for this purpose (cf. the list here), which enable your browser to be recognized when you visit other websites. The information generated by the cookies about your visit to this website (including your IP address) is transmitted to a Google server in the USA and stored there (cf. in particular on the lack of an adequate level of data protection and on the guarantees provided, sections 5.2 and 5.3). Further information on data protection at Google can be found here.

      The legal basis for this data processing is your consent within the meaning of Art. 6 (1) (a) GDPR. You can revoke your consent at any time by rejecting or switching off the relevant cookies in the settings of your web browser (see section 6.2). You can find more ways to block ads here.

    • 7 Retention periods

      We only store personal data for as long as it is necessary to carry out the processing explained in this privacy policy within the scope of our legitimate interest. In the case of contract data, storage is required by statutory retention obligations. Requirements that oblige us to store data result from the provisions on accounting and tax law. According to these regulations, business communication, concluded contracts and accounting documents must be kept for up to 10 years. If we no longer need this data to perform the services for you, the data will be blocked. This means that the data may only be used if this is necessary to fulfil the retention obligations or to defend and enforce our legal interests. The data will be deleted as soon as there is no longer any obligation to retain it and there is no longer a legitimate interest in storing it.

    • 8 Data integrity

      We use appropriate technical and organizational security measures to protect your personal data stored by us against loss and unlawful processing, in particular unauthorized access by third parties. Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and data protection. In addition, these persons are granted access to personal data only to the extent necessary to perform their duties.

      Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always entails certain security risks and we cannot therefore guarantee the absolute security of information transmitted in this way.

    • 9 Your rights

      If the legal requirements are met, you have the following rights as a person affected by data processing:

      Right to information: You have the right to request access to your personal data stored by us at any time and free of charge if we process it. This gives you the opportunity to check which personal data we process about you and whether we process it in accordance with the applicable data protection regulations.

      Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will also inform the recipients of the data concerned about the adjustments we have made, unless this is impossible or involves disproportionate effort.

      Right to erasure: You have the right to have your personal data erased under certain circumstances. In individual cases, in particular in the case of statutory retention obligations, the right to deletion may be excluded. In this case, if the conditions are met, the deletion may be replaced by a blocking of the data.

      Right to restriction of processing: You have the right to request that the processing of your personal data be restricted.

      Right to data portability: You have the right to receive from us the personal data you have provided to us free of charge in a readable format.

      Right to object: You can object to data processing at any time, in particular in the case of data processing in connection with direct marketing (e.g. marketing e-mails).

      Right of revocation: In principle, you have the right to revoke your consent at any time. However, processing activities based on your consent in the past do not become unlawful as a result of your revocation.

      To exercise these rights, please send us an e-mail to the following address: [email protected]

      Right to lodge a complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g. against the way in which your personal data is processed.

    This page was last modified in September 2023.

     

    Download

Detailaufnahme Bett Kopfkissen und Nachttisch
Close

Avantage réservation directe

  • Nous vous garantissons le meilleur prix sur notre propre site web
  • Surclassement gratuit de la chambre dans la catégorie supérieure est possible, sous réserve de disponibilité
  • Une pièce de chocolat lucernois de chez Aeschbach Chocolatier
  • Un bon de réduction de 10 CHF par réservation à la Sharing Brasserie Juliette