Privacy pOlicy
Terreni alla Maggia SA as the owner of Castello del Sole, Rustico del Sole, Cantina alla Maggia und Terreni alla Maggia is committed to protecting your personal data and providing clear and transparent information about which data we collect and how we use this information. In this privacy statement, we explain how we use your personal data that we collect when you visit our website or our services and platforms or that are provided by you.
Your trust matters to us, which is why we take the topic of data protection seriously and ensure appropriate data security. It goes without saying that we adhere to the legal provisions of the Federal Act on Data Protection (DSG), the Ordinance to the Federal Act on Data Protection (VDSG), the Telecommunications Act (FMG) and any other applicable data privacy regulations in Swiss or EU law, in particular the European General Data Protection Regulation (GDPR).
To find out what personal data we collect from you and for what purpose we use them, please see the following information:
1.0 Data processing in connection with our website
2.0 Data processing in connection with your stay
Responsible for data privacy
Although all of our employees at Terreni alla Maggia SA are obliged to protect your data and respect your privacy, we have a designated data protection officer, who deals with all aspects relating to personal data in our company. You can contact our data protection officer by sending an e-mail to [email protected].
The data protection officer is:
Terreni alla Maggia SA
Via Muraccio 105
6612 Ascona
Switzerland
E-Mail: [email protected]
You can contact our representative for data protection legal matters in the EU at:
MLL EU-GDPR GmbH
Ganghoferstrasse 33
80339 Munich
Germany
E-Mail: [email protected]
1.0 Data processing in connection with our website
1.1 VISITING OUR WEBSITES
Terreni alla Maggia SA as the owner of Castello del Sole, Rustico del Sole, Cantina alla Maggia and Terreni alla Maggia operates the following websites:
As such, it is responsible for the collection, processing and use of your personal data and ensuring that data processing complies with applicable data protection laws.
When you visit our website, our servers temporarily store each session in a log file. In the process, the following technical data are collected and stored, without any action on your part, as is the case every time you connect to a web server:
- the IP address of the requesting computer,
- the name of the owner of the IP address range (usually your internet access provider),
- the date and time of the visit,
- the website from which you access the website (referrer URL), possibly with the keyword used,
- the name and URL of the retrieved file,
- the status code (e.g. error message),
- the operating system on your computer,
- the browser you use (type, version and language),
- the transmission protocol used (e.g. HTTP/1.1), and
- possibly your user name from a registration/authentication.
After 90 days, we automatically anonymize recorded IP addresses, so that no conclusions can be drawn regarding the identity of individual users.
These data are collected and processed for the purpose of enabling the use of our website (establishing a connection), ensuring the security and stability of the system over the long term, allowing us to optimize our Internet presence, and for internal statistical purposes. This constitutes our legitimate interests in data processing in accordance with Art. 6 (1) (f) GDPR.
The IP address is also evaluated together with other data for the purpose of clarification and defence in the event of attacks on the network infrastructure or other unauthorized or abusive use of the website. If necessary, it is also used in the context of criminal proceedings for identification and for civil and criminal proceedings against the users concerned. This constitutes our legitimate interests in data processing in accordance with Art. 6 (1) (f) GDPR
1.2 USING OUR CONTACT FORM
You have the option of using a contact form to get in touch with us. For this we require the following information (*mandatory):
- Title*
- First name* and last name*
- Address
- Postal code and town
- Country
- Phone
- Email*
- Comment
- How did you find out about us?*
We only use these data as well as a phone number provided voluntarily by you to answer your contact request individually and to the best of our ability. Processing these data is therefore necessary for taking steps prior to entering into a contract in accordance with Art. 6 (1) (b) GDPR, or for the purpose of pursuing our legitimate interests in accordance with Art. 6 (1) (f) GDPR.
1.3 REGISTERING FOR OUR NEWSLETTER
You have the possibility of subscribing to our newsletter on our website. To do this, you must register. As part of the registration process, you are required to submit the following data (* mandatory):
In addition, you can provide us with further data voluntarily. We use the double opt-in mechanism for this. After submitting your registration, you will receive an email from us that contains a confirmation link. Click on this link to definitely confirm your registration for the newsletter. We will use your data for the purpose of sending you the newsletter until you revoke your consent for us to do so. You can revoke your consent at any time. In addition, all newsletter emails contain an unsubscribe link.
Our newsletter may contain a so-called web beacon (tracking pixel) or a similar technical means. A web beacon is a transparent, 1x1-pixel image linked to the user ID of the respective newsletter subscriber.
For each newsletter we send, information is available on the address file used, the subject heading and the number of newsletters sent. This information also reveals which addresses have not yet received the newsletter, which addresses the newsletter has been sent to, and for which addresses the sending process was unsuccessful. It also shows which addresses have opened the newsletter, and finally, which addresses have unsubscribed. We use these data for statistical purposes and to optimize the newsletter in terms of content and structure. This allows us to better gear the information and offers in our newsletter to the individual interests of each recipient. The tracking pixel is deleted when you delete the newsletter.
To prevent the use of web beacons in our newsletter, please adjust the settings of your email program so that no HTML is displayed in messages, if this is not already set as a standard. Under the following links, you will find instructions how to carry out these settings in the most common email programs.
When you register for our newsletter, you give us your consent to process the data you have entered for the purpose of regularly sending our newsletter to the address specified by you, analysing your user behaviour for statistical purposes and optimizing our newsletter. Your consent constitutes our legal basis for processing the data for our newsletter in accordance with Art. 6 (1) (a) GDPR.
We are entitled to commission third parties with the technical processing of advertising activities and are entitled to pass on your data for this purpose (see section 4.0 below).
1.4 BOOKING A ROOM ON THE WEBSITE, BY CORRESPONDENCE OR BY TELEPHONE
When you make a reservation either via our website, by correspondence (email or letter), or by telephone, we require the following data to process the contract (* mandatory):
- Title*
- First name* and last name *
- Postal address*
- Date of birth*
- Telephone number*
- Language*
- Credit card details*
- Email address*
- Expected time of arrival
- Motor vehicle license plate
- Preferences
- Comments
We will only use this data for the purpose of processing the contract, unless otherwise stated in this privacy policy or unless you have given us your separate consent. We process the data in particular to record your booking as requested, provide the booked services, contact you in the event of ambiguities or problems, and ensure correct payment.
For processing online reservations, we use the SimpleBooking service provided by QNT S.r.l. a Socio Unico, Via Lucca,52 – 50142 Florence, Italy. For more information on how SimpleBooking processes personal data, see here.
The legal basis for processing data for this purpose is the performance of a contract in accordance with Art. 6 (1) (b) GDPR.
1.4.2 Purchases
If you make purchases via our website, by correspondence (e-mail or post) or by telephone, you must provide the following data (* mandatory) for the execution of the contract:
- Title*
- First name* and Last name*
- Postal address*
- Telephone number*
- Language*
- Credit card information
- E-mail address*
- Remarks
This data is used only for contract processing, unless otherwise stated in this Privacy Policy or you have given your consent separately. We will process data by name in order to register your order as requested, to provide the services and products purchased, to contact you in the event of ambiguities or problems and to ensure correct payment.
We use the Wegas service of inteco edv ag, Barzloostrasse 20 - 8330 Präffikon, ZH to process online bookings. Further information on how inteco handles personal data can be found here.
The legal basis for processing data for this purpose lies in the fulfilment of a contract in accordance with Art. 6 para. 1 lit. b GDPR.
1.5 MAKING CONTACT OR A RESERVATION VIA THE CHAT FUNCTION
On our website, you have the possibility of making a booking online or contacting the reservation department via live chat. The software for the chat function and the booking platform are made available by selected third-party providers. Depending on the service, various data are collected in connection with this (* mandatory):
- Name
- Phone number
- Language
- Integration of Facebook Messenger
- Navigation point on Storchen website
- Date/ time
- Referral
- IP address
- Google location
- Audio file of the conversation
For processing your online reservation, we use the SimpleBooking service provided by QNT S.r.l. a Socio Unico, Via Lucca,52 – 50142 Florence, Italy. For more information on how SimpleBooking processes personal data, see here.
The legal basis for processing data for this purpose is in order to take steps prior to entering into a contract and for the performance of a contract in accordance with Art. 6 (1) (b) GDPR.
1.6 MAKING CONTACT VIA EMAIL
On our website you have the possibility of contacting us and sending us an email. To this end, we are obliged to record your email address.
We only use your email address and other data provided voluntarily by you (e.g. your first and last name) to answer your contact request individually and to our best of our ability. The processing of these data is therefore necessary in order to take steps prior to entering into a contract in accordance with Art. 6 (1) (b) GDPR or for the purpose of pursuing our legitimate interest in accordance with Art. 6 (1) (f) GDPR.
1.7 MAKING CONTACT BY TELEPHONE
On our website you have the possibility of contacting us by telephone.
We only use your telephone number and other data provided voluntarily by you (e.g. your first and last name, email address) to answer your contact request individually and to our best of our ability. The processing of these data is therefore necessary for taking steps prior to entering into a contract in accordance with Art. 6 (1) (b) GDPR or for the purpose of pursuing our legitimate interests in accordance with Art. 6 (1) (f) GDPR.
1.8 ORDERING AND BUYING TICKETS FOR EVENTS, PRODUCTS AND VOUCHERS
On our website you have the possibility of ordering certain services or vouchers online. The following data are collected in connection with this (* mandatory):
- First name and last name *
- Address*
- Postal code and town *
- Country*
- Email*
- Telephone number
- Credit card number
These data are collected and processed for the purpose of providing and delivering the service requested by you. The legal basis for processing data for this purpose is the performance of a contract in accordance with Art. 6 (1) (b) GDPR.
1.9 RESTAURANT RESERVATION
On our website you have the possibility of reserving a table. The following data are collected in connection with this (* mandatory):
- First name and last name*
- Email*
- Telephone number*
To process your table reservation, we use the reservation system provided by aleno AG, Aegertenstrasse 6, 8003 Zurich, Switzerland. For more information on how aleno processes personal data, see here.
These data are collected and processed for the purpose of reserving a table for a certain number of persons. The legal basis for processing data for this purpose is in order to take steps prior to entering into a contract and for the performance of a contract in accordance with Art. 6 (1) (b) GDPR.
1.10 APPLYING FOR A VACANT POSITION
On our website you have the possibility of applying for a job vacancy or making an unsolicited application. To do this, you are required to submit a complete application. The following data must be entered in the online form (* mandatory):
- Title*
- First name and last name*
- Address*
- Nationality*
- Marital status*
- Date of birth*
- Email address*
- Telephone number*
- Cover letter, curriculum vitae, photo*
- Work references*
These data are used for processing the application process. If you do not explicitly consent to further processing of your data, the data will be deleted after the respective application procedure.
For online applications, we use the services of softgarden provided by softgarden e-Recruiting GmbH, Tauentzienstr. 14, 10789 Berlin, Germany. For more information on how softgarden processes personal data, see here.
The legal basis for processing these data is therefore in order to take steps prior to entering into a contract in accordance with Art. 6 (1) (b) GDPR and for the purpose of pursuing our legitimate interests in accordance with Art. 6 (1) (f) GDPR. For further data processing, the legal basis is your consent in accordance with Art. 6 (1) (a) GDPR.
1.11 COOKIES
Cookies help in many ways to make your visit to our website easier, more enjoyable and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our websites. We use cookies, for example, to temporarily store your chosen services and inputs when filling out a form on the website so that you do not have to repeat the input when you visit another subpage. Cookies can also be used, if necessary, to identify you as a registered user after you register on the website without you having to log in again when you visit another subpage.
Most Internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears when you receive a new cookie. For explanations how to configure the processing of cookies in the most common browsers, see the following websites:
- Microsofts Windows Internet Explorer
- Microsofts Windows Internet Explorer Mobile
- Mozilla Firefox
- Google Chrome for desktops
- Google Chrome for mobiles
- Apple Safari for desktops
- Apple Safari for mobile[MMS1] devices
Deactivating cookies may mean that you will not be able to use all functions available on our website.
1.12 TRACKING TOOLS
1.12.1 Google Analytics
We use the web analysis service of Google Analytics for the purpose of designing and continuously optimizing our website to meet your needs. To this end, pseudonymized utilization profiles are created and small text files used (“cookies”) that are stored on your computer. The information generated by the cookie about your use of this website is transferred to the servers of the provider of these services, stored there and processed for us. In addition to the data listed under section 1.1, we may receive the following information:
- The navigation path you follow on the website,
- the length of time you stay on the website or subpage,
- the subpage from which you leave the website,
- the country, region or town from which the website is accessed,
- the device (type, version, depth of colour, resolution, width and height of browser window) and
- whether you are a new or repeat visitor.
The information is used to evaluate the use of the website, compile reports on website activities, and provide further services related to website and internet utilization for market research purposes and for designing this website according to your needs. This information may also be transferred to third parties if this is required by law or if these data are processed by third parties on our behalf.
The provider of Google Analytics is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Before sending the data to the provider, the IP address is truncated by activating the IP anonymization function (“anonymizeIP”) on this website within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. The anonymized IP address transmitted by your browser in connection with Google Analytics is not combined with other data held by Google. In exceptional cases only, the full IP address is transmitted to a Google server in the United States and truncated there. In these cases, we ensure with contractual warranties that Google maintains a sufficient level of data protection. According to Google, the IP address will under no circumstances be linked to other data relating to the user.
Users can prevent the information generated by the cookie and concerning their use of the website (including the IP address) from being recorded and processed by Google by downloading and installing the browser plugin available here.
For more information on the web analysis services used, see Google’s website here. For instructions how to prevent the processing of your data by the web analysis service, see here.
The legal basis for processing data for this purpose is your consent in accordance with (Art. 6 (1) (a) GDPR). You may revoke your consent at any time with future effect.
1.12.2 Creating pseudonymized utilization profiles
To provide you with personalized services and information on our website (on-site targeting), we use and analyse the data we collect about you whenever you visit the website. Processing these data may involve the use of cookies. The analysis of your user behaviour can lead to the creation of a so-called utilization profile. The utilization data are combined using only pseudonyms, but never with non-pseudonymized personal data.
The legal basis for processing data for this purpose constitutes our legitimate interests in optimizing and individualizing our website and our advertising communication in accordance with Art. 6 (1) (f) GDPR.
1.12.3 Facebook Connect
On our website, you can register to create a customer account or sign in via the social media plugin “Facebook Connect” provided by the social network Facebook, operated by Facebook Inc., Hacker Way, Menlo Park, CA 94025, USA (“Facebook”) using so-called single sign-on technology if you have a Facebook profile. The "Facebook Connect" social media plugins can be recognized on our website by the button with the Facebook logo labelled "Connect with Facebook," "Log in with Facebook," or "Sign in with Facebook".
If you visit one of our websites that contains a plugin of this kind, your browser creates a direct link to the servers of Facebook. The content of the plugin is transmitted directly to your browser by Facebook and integrated into the page. As a result, Facebook receives the information that your browser has called up the corresponding page on our website, even if you do not have a Facebook profile or are not currently logged into Facebook. This information (including your IP address) is sent directly from your browser to a server at Facebook in the USA and stored there.
You can also use the Facebook Connect button on our website to log in or register using your Facebook user data. When you click on the "Facebook Connect" button, you are asked to give your consent to the exchange of data before you log in. Only if you give your express consent in accordance with Art. 6 (1) (a) GDPR do we receive the general and publicly accessible information stored in your profile, depending on your personal data protection settings on Facebook. This information includes your user ID, your name, profile picture, age and gender.
Please note that following changes to Facebook’s privacy policy and conditions of use, granting your consent can lead to your profile pictures, your friends' user IDs, and your friends list also being transferred if these have been marked as "public" in your Facebook privacy settings. We store and process the data sent to us by Facebook for the purpose of creating a user account with the required data, if you allow this in your Facebook settings (title, first name, last name, address, country, email address, date of birth). Conversely, based on your consent, data (e.g. information on your surfing or purchasing behaviour) can be transferred from us to your Facebook profile.
You may revoke your consent at any time with future effect.
For information on the purpose and extent of data capture and the further processing and use of data by Facebook, as well your rights in this regard and setting options for the protection of your personal privacy, please refer to Facebook’s privacy policy: http://www.facebook.com/policy.php
If you do not want Facebook to assign the data collected via our website to your Facebook profile, you must log out of Facebook before you visit our website.
1.12.4 Privacy regulations on the application and use of Google Remarketing
The Living Circle Group AG has integrated the services of Google Remarketing on this website. Google Remarketing is a function of Google AdWords that allows a company to show advertisements to internet users who previously visited the company’s website. Integrating Google Remarketing therefore enables a company to create user-related ads and consequently show advertising to internet users that is relevant to their interests.
Google Remarketing services are provided by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google Remarketing is to show interest-based ads. Google Remarketing allows us to show ads via the Google Display Network or on other websites that are tailored to the individual needs and interests of internet users.
Google Remarketing sets a cookie on the data subject’s IT system. This allows Google to recognize visitors to our website when they subsequently call up other websites that are also members of the Google Display Network. Every time the data subject visits a website that incorporates the services of Google Remarketing, the data subject’s browser automatically identifies itself to Google. In the course of this technical process, Google receives the data subject’s personal data, such as their IP address or information on their surfing behaviour, which Google uses to show ads that are relevant to the user’s interests, among others.
The cookie is used to store personal information, such as the websites visited by the data subject. Each time our websites are visited, personal data including the IP address of the internet connection used by the data subject are transferred to Google in the United States. These personal data are then stored by Google in the USA. Google may possibly pass on these personal data to third parties.
You can prevent the setting of cookies by our website at any time, as described above, by adjusting the settings of your internet browser and thus permanently object to the setting of cookies. Adjusting your browser settings in this way also prevents Google from setting a cookie on your IT system. In addition, you can delete a cookie already set by Google Analytics at any time via the browser or other software programs.
Furthermore, you have the possibility of objecting to interest-based advertising by Google. To do this, you must call up the link https://www.google.de/settings/ads from each browser you use and make the corresponding settings there.
For more information and Google’s applicable privacy policy, see here.
The legal basis for processing data as described above is for the purpose of pursing our legitimate interests in offering individualized and interest-based advertising of our services in accordance with Art. 6 (1) (f) GDPR.
1.12.5 Privacy regulations on the application and use of Google AdWords
The Living Circle Group AG has integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows advertisers to place ads both in Google search engine results and in the Google Display Network. Google AdWords allows advertisers to define certain keywords in advance that are used to display an ad in Google’s search engine results only when the user searches for a result containing the keywords. In the Google Display Network, the ads are shown on websites with a similar subject matter using an automatic algorithm and taking into account the previously defined keywords.
Google Adwords services are provided by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to market our website by showing interest-based ads on the websites of third-party companies and in Google’s search engine results, as well as showing third-party ads on our website.
If you reach our website via a Google ad, Google sets a so-called conversion tracking cookie on your IT system. A conversion tracking cookie loses its validity after thirty days and is not used for the purpose of identifying data subjects. As long as the cookie has not yet expired, it is used to track whether certain subpages, such as the shopping cart of an online shop system, have been accessed on our website. Conversion tracking allows both us and Google to track whether a user who reached our website via an AdWords ad generated turnover, i.e. purchased goods or cancelled a purchase.
Google uses the data and information collected through the conversion tracking cookie to compile statistics about visits to our website. We use these statistics, on the other hand, to determine the overall number of users referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad campaign, and to optimize our AdWords ads in the future. Neither our company nor other Google AdWords advertisers receive information from Google that could be used to identify data subjects.
Personal information, such as the websites visited by the data subject, may be stored with a conversion tracking cookie. Each time you visit our websites, your personal data including the IP address of the internet connection used are transferred to Google in the United States, where they are stored. Google may possibly pass on these personal data to third parties.
You can prevent the setting of cookies by our website at any time, as described above, by adjusting the settings of your internet browser and thus permanently object to the setting of cookies. Adjusting your browser settings in this way also prevents Google from setting a conversion tracking cookie on your IT system. In addition, you can delete a cookie already set by Google Analytics at any time via the browser or other software programs.
Furthermore, you have the possibility of objecting to interest-based advertising by Google. To do this, you must call up the link https://www.google.de/settings/ads from each browser you use and make the corresponding settings there.
For more information and Google’s applicable privacy policy, see here.
The legal basis for processing data as described above is for the purpose of pursing our legitimate interests in offering individualized and interest-based advertising of our services in accordance with Art. 6 (1) (f) GDPR.
1.12.6 Privacy Policy Template (Cookie Template)
This website uses Mouseflow: a website analytics tool that provides session replay, heatmaps, funnels, form analytics, feedback campaigns, and similar features/functionality. Mouseflow may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-excluded fields, pages visited and content, time on site, browser, operating system, device type (desktop/tablet/phone), screen resolution, visitor type (first time/returning), referrer, anonymized IP address, location (city/country), language, and similar meta data. Mouseflow does not collect any information on pages where it is not installed, nor does it track or collect information outside your web browser. If you'd like to opt-out, you can do so at https://mouseflow.com/opt-out. If you'd like to obtain a copy of your data, make a correction, or have it erased, please contact us first or, as a secondary option, contact Mouseflow at [email protected].
For more information, see Mouseflow’s Privacy Policy at http://mouseflow.com/privacy/.
For more information on Mouseflow and GDPR, visit https://mouseflow.com/gdpr/.
For more information on Mouseflow and CCPA visit https://mouseflow.com/ccpa.
2.0 Data processing in connection with your stay
2.1 DATA PROCESSING TO FULFIL STATUTORY REPORTING REQUIREMENTS
When you arrive at our hotel, we require the following information from you and any accompanying persons (* mandatory):
- First name and last name *
- Address*
- Data of birth*
- Place of birth*
- Nationality*
- Official passport/identity card and number *
- Day of arrival and day of departure
We collect this information in order to fulfil statutory reporting requirements, in particular in connection with hospitality or police laws. Insofar as we are obliged to do so under the applicable regulations, we forward this information to the responsible police authority.
Fulfilling the legal requirements constitutes our legitimate interests in accordance with Art. 6 (1) (f) GDPR.
2.2 RECORDING PURCHASED SERVICES
If you purchase additional services (e.g. restaurant, using items from the mini bar or pay TV, etc.) during your stay, we will record the supplied service as well as the time the service was purchased for invoicing purposes. Processing these data is necessary for the performance of the contract with us in accordance with Art. 6 (1) (b) GDPR.
2.3 WLAN USAGE
To provide you with access to the internet via our WLAN network, we record and use the following data when you dial into and use our WLAN network:
So-called inventory data (* mandatory)
- Your first name and last name incl. title *
- The email address you have given*
- Your mobile phone number
We use these inventory data to register you for our WLAN service. The legal basis for processing data for this purpose is the performance and fulfilment of a contract in accordance with Art. 6 (1) (b) GDPR.
In addition, we collect so-called traffic data:
- The type of device you use to access our WLAN network
- Various device identifiers, namely the WLAN MAC address and the login allocated to you
- The IP address allocated to you
- Date and time of your WLAN and internet connections
- Certain location data: These include the location of the nearest WLAN access point to you, with which you are connected via WLAN; this also includes a time stamp. The location of this access point usually tells us which room in our hotel you use your device and when. We do not receive more exact information about your actual location.
We require the above traffic data to establish a technical connection between your device and our WLAN network, via which we can then provide you with access to the Internet and process it technically. The purpose of the location data is to connect you to the WLAN access point with the strongest signal. This constitutes our legitimate interests in data processing in accordance with Art. 6 (1) (f) GDPR.
In addition, the IP address is evaluated together with other data in the event of attacks on the network infrastructure or other unauthorized or improper WLAN use for clarification and defence purposes. If necessary, it is used as part of criminal proceedings to identify and initiate civil and criminal proceedings against the users concerned. This constitutes our legitimate interests in data processing in accordance with Art. 6 (1) (f) GDPR.
Based on your consent, we use your data for other purposes, as described in the following. We combine your above data with data we have stored during the course of your stay, and use these combined data for the following purposes:
- To send you general information and individual offers for products and services provided by our hotel, tailored to you and your interests on the basis of your existing data, by e-mail, during or after your stay. The information and offers you receive may also be geared to your previous and current location within our hotel, e.g. if you have just entered one of our restaurants or visit our fitness studio frequently. If you have also provided us with your mobile phone number, we will use it to send you additional information and offers of this kind via SMS to your mobile phone.
- To improve our range of services, we would like to help our employees address you by name whenever they contact you. To this end, we may use your name and the location information described above to let our staff know who is in a particular room of our hotel. This makes it easier for our staff to address you personally by name.
- For statistical evaluations, e.g. how our guests react to our marketing campaigns, what services our guests use particularly frequently within the hotel, how our guests prefer to move around the hotel, which WLAN areas have good coverage.
The legal basis for processing data for this purpose is your consent in accordance with (Art. 6 (1) (a) GDPR). You may revoke your consent at any time with future effect.
3.0 Plugins and APIs
3.1 SOCIAL MEDIA PLUGINS
On our website, we provide you with certain social media functions, in particular the possibility of sharing content on Facebook, tweeting, etc. The function in question can be found on the individual pages under “Share”.
We provide you with plugins for the following social networks:
- Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA,
- Instagram Inc., 1601 Willow Road, Menlo Park, California 94025, USA; and
- Twitter Inc.,1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Whenever you click on a social network icon, you will be linked to the respective social network on which you wish to perform the selected functions, e.g. share content on Facebook or tweet on Twitter. To do this, however, you must log in to your account or already be logged in.
If you select one of the functions provided and click on the icon of the social network concerned, a direct connection will be established between your browser and the server of the social network concerned. This gives the network the information that you have visited our website with your IP address and clicked on the link. If you open a link to a network while you are logged into your account on that network, the content on our website may be linked to your network profile, meaning that the network can directly associate your visit to our website with your user account. If you wish to prevent this, you should log out before clicking on any links. The connection is made in any case if you log into the respective network after clicking on the link.
3.2 LINK TO OUR OWN SOCIAL MEDIA PRESENCE
We have embedded links on our website to our social media profiles in the following networks:
- Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA,
- Instagram Inc., 1601 Willow Road, Menlo Park, California 94025, USA; and
- Twitter Inc.,1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
If you click on a social network icon, you will be automatically forwarded to our profile on the respective social network. To use the functions of that network, you may have to log into your user account on the respective network.
If you open a link to one of our social media profiles, a direct connection will be established between your browser and the server of the social network concerned. This gives the network the information that you have visited our website with your IP address and clicked on the link. If you open a link to a network while you are logged into your account on that network, the content of our website may be linked to your network profile, meaning that the network can directly associate your visit to our website with your user account. If you wish to prevent this, you should log out before clicking on any links. The connection is made in any case if you log into the respective network after clicking on the link.
3.3 YOUTUBE PLUGIN
On our website, we have embedded plugins of the video portal YouTube provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”). YouTube is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Every time you visit a page that offers one or several YouTube video clips, a direct connection is established between your browser and a server of YouTube in the USA. In the process, information about your visit and your IP address are stored. If you interact with YouTube plugins (e.g. pressing the start button), this information is also transferred to YouTube and stored there.
More information on the collection and use of your data by YouTube can be found in the privacy policies of YouTube or Google: https://policies.google.com/privacy.
The legal basis for processing data for this purpose is to pursue our legitimate interests in accordance with Art. 6 (1) (f) GDPR.
If you have a YouTube user account and do not want YouTube to collect data about you via this website and link them to your YouTube member data, you must log out of YouTube before visiting this website.
YouTube also accesses the Google Analytics analysis tool via an iFrame in which the video is viewed. Google Analytics is a tracking tool belonging to YouTube, to which we do not have access. You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some Internet browsers.
3.4 GOOGLE MAPS
On our website, we use Google Maps API (Application Programming Interface, “Google Maps”) provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the visual representation of geographic information (maps). When you use Google Maps, information about the use of our website including your IP address is transmitted to a server belonging to Google in the USA and stored there.
The legal basis for processing data for this purpose is to pursue our legitimate interests in accordance with Art. 6 (1) (f) GDPR.
It is possible to deactivate the Google Maps service and prevent data being transferred to Google by deactivating JavaScript in your browser. However, we would like to point out that if you do so, you will not be able to use the map view.
More information about the collection, processing and use of your data by Google and your rights in this regard can be found in the privacy policy of Google at https://policies.google.com/privacy, as well as in the additional terms of use for Google Maps or Google Earth here.
4.0 Data storage and exchange with third-parties
4.1 BOOKING PLATFORMS
If you make a booking via a third-party platform, we receive various kinds of personal information from the respective platform operator. These are generally the data listed in section 1.4 of this privacy policy. Furthermore, inquiries regarding your booking may be forwarded to us. We use these data in particular to register your booking as requested and provide the booked services. The legal basis for processing data for this purpose is the performance of a contract in accordance with Art. 6 (1) (b) GDPR.
Finally, we may be informed by the platform operator about disputes in connection with a booking. In this case, it is possible that we receive data relating to the booking process, whereby a copy of the booking confirmation counts as evidence that the booking has been made. We process these data to enforce and assert our rights. This is for the purpose of pursing our legitimate interests in accordance with Art. 6 (1) (f) GDPR.
Please also note the information on data protection by the respective provider.
4.2 CENTRAL STORAGE AND LINKING OF DATA
We store the data provided to us in sections 1.1 to 1.10 and 2.1 to 2.3 in a central, electronic data processing system (CRM). The data relating to you are systematically recorded and linked for the purpose of processing your bookings and handling contractual services, or based on your consent. To this end, we use software provided by the company “protel hotelsoftware Gmbh” in 44269 Dortmund, Germany and a software provided by the company «Inteco EDV AG» (Terreni alla Maggia). Personal data are processed in a CRM program using software provided by the company “Toedt, Dr. Selk & Coll. GmbH” in 80333 Munich, Germany. These data are processed using the software for the purpose of pursing our legitimate interests in managing data in a customer-friendly and efficient way in accordance with Art. 6 (1) (f) GDPR, and for the performance of contractual measures in accordance with Art. 6 (1) (b) GDPR.
Based on your consent, we use your data for further purposes as described in the following. In doing so, we combine your data with data stored in our company relating to your stay in our hotel, your visits to the restaurant, the SPA and Internet use, and then use this combined data to send you general information and offers for products and services of our hotel, tailored individually to you and your interests, by e-mail, SMS or post, during or after your stay.
The legal basis for processing data for this purpose is your consent in accordance with (Art. 6 (1) (a) GDPR). You may revoke your consent at any time with future effect by email ([email protected]).
4.3 DURATION OF STORAGE
We only store personal data for as long as is necessary to use the tracking services named above and to process them further for the purpose of pursuing our legitimate interests. We keep contractual data for longer, as this is required by statutory storage obligations. Obligations to store data result from regulations on reporting rights, accounting and tax law. According to these regulations, business communication, concluded contracts and accounting documents must be kept for up to 10 years. If we no longer require these data to be able to provide services for you, the data are blocked. This means that they may then only be used for accounting and tax purposes.
4.4 PASSING DATA ON TO THIRD PARTIES
We only pass on your personal data to third parties if you have given your express consent, if we are legally obliged to do so, or if it is necessary to enforce our rights, in particular to assert our claims resulting from the contractual relationship. In addition, we pass on your data to third parties insofar as this is necessary within the scope of using the website and performing the contract (also outside the website), and in particular processing your bookings.
Please also take note of the information in the preceding sections of this privacy policy regarding the transfer of data to third parties.
We may share your personal information with all affiliates in our group if necessary, provided that it is used for the same original purposes as described in this privacy policy.
These are in particular:
Widder Hotel AG
Rennweg 7
8001 Zürich
Hotel Storchen AG
Weinplatz 2
8001 Zurigo
Hotel Alex Management AG
Seestrasse 182
8800 Thalwil
Terreni alla Maggia SA
Via Muraccio 105
6612 Ascona
Castello del Sole - Terreni alla Maggia SA
Via Muraccio 142
6612 Ascona
Sammlung E.G. Bührle
Rämistrasse 46
8001 Zürich
Géza Anda-Stiftung
Bleicherweg 18
8002 Zürich
Dozière SA
c/o Etude Brêchet
Promenade Iris-de-Roten 1
2800 Delémont
In the following, we provide an overview of third parties we employ:
4.4.1 Webmasters
We work together with technical partners to operate and maintain our website and guarantee contractual services and offers on our website. As a result, personal data are passed on to, or can be accessed by, the following partners:
Positioner SA
Via Stazione 32
6592 S. Antonino
Switzerland
www.positioner.com
pdc salespitcher ag
Schwimmbadstrasse 45
5430 Wettingen
Schweiz
www.salespitcher.ch
The websites are hosted on servers in Switzerland. Data are passed on for the purpose of offering and maintaining the functions of our website. This constitutes our legitimate interests in accordance with Art. 6 (1) (f) GDPR.
4.4.2 Room reservation system
Personal data relating to room reservations on the website are collected and sent to us by
QNT S.r.l. a Socio Unico
Via Lucca,52
50142 Florence, Italy
www.simplebooking.it
4.4.3 Central storage and linking of data
Personal data are consolidated to enhance and improve our services to guests using a CRM. The data are supplied and processed by
Toedt, Dr. Selk & Coll. GmbHAugustenstr. 79
80333 Munich
[email protected]
4.4.4 Restaurant reservations
Personal data for restaurant reservations on the website are collected and processed by
aleno AG
Aegertenstrasse 6
8003 Zurich
Switzerland
+41 43 508 24 65
www.aleno.me
4.4.5 Event tickets and vouchers
Personal data for the purchase of event tickets and vouchers on the website are collected, processed and supplied by
pdc salespitcher ag Schwimmbadstrasse 45
5430 Wettingen
Switzerland
www.salespitcher.ch
and
Idea Creation GmbH
Walchestrasse 15
8006 Zurich
Switzerland
www.e-guma.ch
4.4.6 Credit card payments
If you pay on the website by credit card, we pass on your credit card information to your credit card issuer and to the credit card acquirer. To this end, we work with the software platform “Stripe” provided by
Stripe Inc.510 Townsend Street,
CA 94107 San Francisco
USA
and
Concardis GmbH
Helfmann-Park 7
65760 Eschborn
Germany
If you decide to pay by credit card, you are asked each time to enter all mandatory information. The legal basis for processing data for this purpose is the performance of a contract in accordance with Art. 6 (1) (b) GDPR. Regarding the processing of your credit card information by these third parties, please also read the general terms and conditions and the privacy policy of your credit card issuer.
4.4.7 Application tool
Personal data for the use of the application tool on the website are collected and processed by
softgarden e-Recruiting GmbH
Tauentzienstr. 14
10789 Berlin
[email protected]
4.4.8 WiFi provider
Personal data for the use of WiFi in the hotel are collected and processed by
Swisscom (Schweiz) AG
3050 Bern
4.4.9 Delivery
Personal data is collected and processed for the delivery of products:
Planzer Trasporti SA
Lerzenstrasse 14
8953 Dietikon
[email protected]
or
Post CH AG
Contact Center Post
Wankdorfallee 4
3030 Bern
0842 880 088
4.5 TRANSFERRING PERSONAL DATA ABROAD
We are entitled to also transfer your personal data to third-party companies (contracted service providers) abroad for the purpose of data processing as described in this privacy policy. These third parties are obliged to protect data to the same extent as we are. If the level of data protection in a country does not correspond to that of Switzerland or Europe, we contractually ensure that the protection of your personal data corresponds to that of Switzerland or the EU at all times.
4.5.1 Note on data transfers to the USA
For the sake of completeness, we would like to point out to users resident or domiciled in the EU or Switzerland that US authorities impose surveillance measures in the USA that generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland or the EU to the USA. This is done without any differentiation, limitation or exception, based on the objective pursued, and without any objective criterion that would make it possible to restrict the US authorities' access to, and subsequent use of, the data to very specific, strictly limited purposes that could justify such an intervention related to both access to and use of the data. Furthermore, we would like to point out that in the USA, there are no legal means available to data subjects from Switzerland and the EU that would allow them to access, rectify or erase their data, and that there is no effective legal protection against general access rights of US authorities. We explicitly draw the attention of data subjects to this legal and factual situation to allow them to make an informed decision before giving their consent to the use of their data.
We point out to users who are resident in a member state of the EU that, from the point of view of the European Union, the USA does not have an adequate level of data protection, partly due to the issues mentioned in this section. Insofar as we have explained in this privacy statement that recipients of data (such as Google) are based in the USA, we will ensure that your data stored at our partners is protected to an appropriate extent, either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU or Swiss-US Privacy Shield.
5.0 Further information
5.1 RIGHT OF ACCESS, RECTIFICATION, ERASURE AND RESTRICTION OF PROCESSING; RIGHT TO DATA PORTABILITY
You can object to the processing of your data at any time, in particular processing of data in connection with direct advertising (e.g. advertising emails). You also have the following rights:
Right of access: You have the right to request access to your personal data stored and processed by us at any time and free of charge. This gives you the possibility of checking which of your personal data we process and that we use it in accordance with the applicable data protection regulations.
Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the correction. In this case, we will inform the recipients of the data concerned of the changes made, unless this is impossible or involves disproportionate effort.
Right to erasure: You have the right to have your personal data erased under certain circumstances. In individual cases, your right to erasure may be excluded.
Right to restriction of processing: You have the right under certain preconditions to demand that the processing of your personal data be restricted.
Right to data portability: Under certain circumstances, users outside Switzerland have the right to receive from us the personal data they have provided in a readable format free of charge.
Right to object: You have the right to lodge a complaint with a competent supervisory authority against the way in which your personal data is processed.
Right of revocation: In principle, you have the right to revoke your consent at any time. However, processing activities carried out in the past based on your consent will not become unlawful as a result of your revocation.
5.2 DATA SECURITY
We use appropriate technical and organizational security measures to protect your personal data we have stored against manipulation, partial or complete loss, and unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
You should always treat your access data confidentially and close the browser window when you have finished communicating with us, especially if you share your computer with others.
We also take internal data protection very seriously. Our employees and the service providers commissioned by us are bound by us to secrecy and to comply with data protection regulations.
5.3 ANSPRECHPARTNER
You have the right to lodge a complaint with a data protection supervisory authority at any time.
Contact details of our data protection officer:
Email: [email protected]
Version 22.04.2024