Privacy Note

Data Protection Declaration

Hotel Schweizerhof Flims-Waldhaus AG, Rudi Dadens 1, 7018 Flims Waldhaus operates the Hotel Schweizerhof Flims, Romantikhotel and is the operator of the website www.schweizerhof-flims.ch; it is thus responsible for gathering, processing and using your personal data and also for the compatibility of data processing with applicable data protection law.

We highly value the confidence you place in us, which is why we take the topic of data protection seriously and observe security accordingly. We naturally observe the statutory provisions of the Federal Act on Data Protection (DSG), Ordinance to the Federal Act on Data Protection (VDSG), the Telemedia Act (FMG) and other applicable data protection provisions of Swiss and EU law; this particularly includes the General Data Protection Regulation (GDPR).

Please observe the following information to ensure you understand which of your personal data we collect and the purposes for which we use it.

The address of our data protection representative in the EU is as follows: Sandra Schmidt, sschmidt@schweizerhof-flims.ch.

A.    Data processing operations related to our website

  1. 1.         Accessing our website

When visiting our website, our servers temporarily save each access in a log file. As is generally the case with each connection to a web server, the following technical data will be gathered without your assistance and stored by us until its automatic deletion after no more than 1 month:

  • The IP address of the accessing computer
  • The name of the IP address domain holder (generally your Internet access provider)
  • The date and time of website access
  • The website from which the access originated (referrer URL) with the search term used (where applicable)
  • The name and the URL of the file accessed
  • The status code (e.g. error message)
  • Your computer’s operating system
  • The browser you are using (type, version and language)
  • The transfer protocol used (e.g. HTTP/1.1)
  • Where applicable: your user name from registration/authentication

This data is gathered and processed for the purpose of facilitating use of our website (establishing a connection), ensuring continuous system security and system stability, optimising our website, and for internal statistical purposes. This is where our legitimate interest in data processing lies within the meaning of Art. 6 Para. 1 (f) GDPR.

The IP address is also analysed with other data in the event of attacks on network infrastructure or other impermissible or improper forms of use of website for the purposes of clarification and prevention and, where applicable, for identification within the context of criminal proceedings and within civil and criminal proceedings against the users concerned. This is where our legitimate interest in data processing lies within the meaning of Art. 6 Para. 1 (f) GDPR.

  1. 2.         Use of our contact form

You have the option of contacting us by using a contact form. The following information is mandatory for its use:

  • Title
  • First name
  • Last name
  • Telephone number
  • Email address
  • Subject
  • Message

We use this data, as well as any telephone number provided voluntarily, to personally respond to your query and provide the best possible level of support. The processing of this data is thus required for pre-contractual measures within the meaning of Art. 6 Para. 1 (b) GDPR and lies within our legitimate interest as per Art. 6 Para. 1 (f) GDPR.

  1. 3.         Subscribing to our newsletter

You have the option of subscribing to our newsletter on our website. Registration is required for this. The following data needs to be provided during registration:

  • Email
  • Title
  • Title
  • First name
  • Last name
  • Area of interest

The above data is required for data processing. You can also voluntarily provide further data (e.g. date of birth, address, country). We exclusively process this data to personalise the information and offers we send to you and make them better suit your interests.

By registering, you grant us your consent for the data provided to be processed for regular sending of the newsletter to the address you provided as well as for statistical analysis of user behaviour and optimisation of the newsletter. This consent constitutes the legal basis for processing your email address within the meaning of Art. 6 Para. 1 (a) GDPR. We are entitled to commission third parties for performance of marketing measures as well as to pass on your data for this purpose (see Section 13 below).

A link is provided at the end of each newsletter which allows you to unsubscribe from the newsletter at any time. When unsubscribing, you have the option of providing us with the reason for your decision voluntarily. Your personal data will be deleted following unsubscription. Further processing solely takes place in an anonymised form for the purposes of optimising our newsletter.

  1. 4.         Opening of a customer account

You can make bookings via our website as a guest or you can open a customer account. The following data is mandatory when registering for a customer account:

  • Title
  • First name
  • Last name
  • Postal address
  • Email address
  • Telephone number
  • First and last names of the arriving guests
  • Credit card data
  • Password

This data and other voluntarily provided data (e.g. company name) is gathered for the purpose of offering you direct, password-protected access to your basic data stored by us. You can view past and current bookings within this data or manage/modify your personal data.

The legal basis for processing data for this purpose lies within the consent you provide in accordance with Art. 6 Para. 1 (a) GDPR.

1. 5.         Making a booking via the website, correspondence or a telephone call

If you make bookings via our website, by written correspondence (email or posted letters) or via telephone, we require the following mandatory data to perform the contract:

  • Title
  • First name
  • Last name
  • Postal address
  • Email address
  • Telephone number
  • First and last names of the arriving guests
  • Credit card data
  • Date of birth
  • Language
  • Personal requests

We will only use this data, including any other information provided on a voluntary basis (e.g. expected arrival time, vehicle number plate, preferences, comments) to perform the contract unless otherwise stipulated in this Data Protection Declaration, or unless you have provided us with special consent to the contrary. We will process this data to record your booking in line with your preferences, to provide the services ordered, to contact you in the event of ambiguities or problems, and to ensure correct payment.

The legal basis for processing data for this purpose is fulfilling a contract in accordance with Art. 6 Para. 1 (b) GDPR.

  1. 6.         Cookies

Cookies help to make visiting our website easier, more enjoyable and meaningful (amongst other aspects). Cookies are data files which are automatically stored on your computer’s hard drive when you visit our website.

For instance, we place cookies to temporarily save your selected services and the information you enter when filling in a form on the website to ensure you do not need to re-enter this information when accessing a sub-page. Cookies may also be used to identify you following registration on our website as a registered user to ensure you do not need to log in again when accessing a sub-page.

Most Internet browsers accept cookies automatically. You can configure your browser in such a way that no cookies are stored on your computer or that you always receive notification whenever you receive a new cookie. The following pages provide explanations of how you can configure the most prevalent browsers with respect to how they process cookies.

Deactivating cookies may mean that you are unable to use all the functions of our website.

 

  1. 7.    Tracking tools

    a.    General

We use Google Analytics, a web analysis service provided by Google, for the purposes of designing our website in line with user needs and its ongoing optimisation. This involves the creation and use of pseudonymised usage profiles and small text files (cookies) which are stored on your computer. The information generated by the cookie concerning your use of this website will be transferred to the provider of these services, where it is stored and prepared for our use. Under certain circumstances, we may also obtain the following information in addition to the data listed under Section 1:

  • The browsing path of the user on the website
  • The time spent on the website or sub-page
  • The sub-page from which the user leaves the website
  • The country, region or city from which the access took place
  • The end device (type, version, colour depth, resolution, width and height of the browser window)
  • Recurring or new user

The information is used to analyse use of the website, to compile reports on website activities, and to provide further services related to use of the website and the Internet for the purposes of market research and improving the design of this website in line with user needs. This information may also be transferred to third parties insofar as this is prescribed by law or the third parties have been commissioned to process this data.

b.    Google Analytics

Google Analytics is provided by Google Inc., a firm of the holding company Alphabet Inc, which is headquartered in the USA. The IP address is shortened prior to transmission of the data to the provider through activation of IP anonymisation (“anonymizeIP”) on this website within the member states of the European Union or other signatory states of the Agreement of the European Economic Area. The IP address transmitted by your browser within the context of Google Analytics is not compiled with other Google data. Only in exceptional circumstances will the full IP address be passed on to a Google server in the USA and shortened there. In such cases, we ensure that Google Inc. complies with a sufficient level of data protection through contractual assurances. According to Google Inc., the IP address will never be associated with other data concerning the user.

More information on the web analysis service used can be found on the Google Analytics website. You can find a guide on how to prevent your data being processed by the web analysis service at: https://tools.google.com/dlpage/gaoptout?hl=en-GB

 B.    Data processing operations related to your stay

  1. 8. Data processing to fulfil a contract/pre-contractual measures, legal obligation, and maintaining the legitimate interests of the controller or a third party

We require the following information from you and those accompanying you (where applicable) upon arrival at our hotel:

  • First and last names
  • Postal address and canton
  • Date of birth
  • Place of birth
  • Nationality
  • State-issued ID and number
  • Date of arrival and departure
  • Room number

We gather this information to meet legal reporting obligations, particularly those arising from hospitality or police regulations. If required according to applicable regulations, we will pass this information on to the relevant police authority.

Our legitimate interest lies in meeting legal requirements within the meaning of Art. 6 Para. 1 (f) GDPR.

  1. 9.         Recording services used

If you make use of additional services during your stay (e.g. you use the mini bar or pay-TV), the service itself and the time at which it is used will be recorded by us for billing purposes. The processing of this data is required to fulfil the contract with us within the meaning of Art. 6 Para. 1 (b) GDPR.

 C.    Storage and exchange of data with third parties

  1. 10.      Booking platforms

If you make bookings via a third-party platform, we receive various personal information from the respective platform operator. This information generally involves the data listed in Section 5 of this Data Protection Declaration. Queries relating to your booking may also be forwarded to us. We will process this data to document your booking in line with your requests and make the ordered services available. The legal basis for processing data for this purpose is fulfilling a contract in accordance with Art. 6 Para. 1 (b) GDPR.

Finally, we may be notified by the platform operators about disputes related to a booking. We may also receive data relating to the booking procedure under some circumstances, which may include a copy of the booking confirmation as proof of the booking being completed. We process this data to safeguard and implement our claims. This is our legitimate interest in this regard within the meaning of Art. 6 Para. 1 (f) GDPR.

Please also observe the data protection notices of the respective provider.

  1. 11.      Central storage and linking of data

We store the data indicated in Sections 2-5 and 8-10 in a central, electronic data processing system. The data relating to you will be systematically recorded and linked to process your bookings and perform contractual services. To achieve this, we use software from the company hotelsoftware GmbH, Europaplatz 8, 44269 Dortmund, Germany (accessed via Rebag Data AG, Einsiedlerstrasse 533, 8810 Horgen, Switzerland). We base the processing of this data by the software on our legitimate interest within the meaning of Art. 6 Para. 1 (f) GDPR to provide customer-friendly and efficient customer data management.

  1. 12.      Retention period

We only store personal data to the extent necessary to use the abovementioned tracking services and perform further processing operations within the context of our legitimate interest. Contractual data is stored by us for a longer period of time since this is prescribed by statutory retention obligations. These obligations to retain data arise from the regulations of reporting law, accounting and tax law. In accordance with these regulations, business communication, concluded contracts and booking receipts must be kept for up to 10 years. This data will be blocked once we no longer need it to perform services for you. This means that the data can only continue to be used for accounting and tax purposes.

  1. 13.      Transfer of data to third parties

We only transfer your personal data if you have provided your express consent, if there is a legal obligation to do so, or this is required to assert our rights, especially for asserting claims arising from the contractual relationship. Furthermore, we pass your data on to third parties insofar as this is required within the context of using the website and performing the contract (including outside the website) i.e. processing your bookings.

Our web hoster, ennit interactive, Projensdorfer Str. 324, 24106 Kiel, Germany, is a service provider to which we pass on personal data gathered via the website, or which has access or can have access to the same. The website is hosted on servers in Germany. Data is passed on for the purposes of providing and maintaining the functionalities of our website. This is our legitimate interest in this regard within the meaning of Art. 6 Para. 1 (f) GDPR.

Finally, we will forward your credit card information to your credit card issuer and credit card acquirer when making a credit card payment on the website. If you decide to make payment via a credit card, you will be asked to enter all the necessary information. The legal basis for passing on data is fulfilling a contract in accordance with Art. 6 Para. 1 (b) GDPR. We ask that you read the general terms and conditions and the data protection declaration of your credit card issuer with respect to the processing of your credit card information by such third parties.

Furthermore, please observe the information in Sections 7-8 and 10-11 relating to the passing on of data to third parties.

  1. 14.      Transmission of personal data to foreign countries

We are also entitled to transmit your personal data to third-party companies (commissioned service providers) in foreign countries for the purposes of the data processing operations described within this Data Protection Declaration. These companies are obliged to ensure data protection to the same extent as us. Should the level of data protection in a particular country not correspond to that of Switzerland or the EU, we will ensure at all times through contractual means that your personal data is protected to an extent commensurate with that in Switzerland/the EU.

 D.    Further information

  1. 15.      Right of access, rectification, erasure, restriction of processing; right to data portability

You are entitled to receive information upon request concerning the personal data that we store about you. You are also entitled to have incorrect data rectified and to have your personal data erased insofar as this not opposed by any statutory retention obligation or statutory permission which entitles us to process the data.

You are also entitled to request that we provide you with the data which you have transferred to us (right to data portability). We will also pass this data on to a third party of your choice upon request. You are entitled to receive the data in a commonly used file format.

You can contact us by sending an email to info@schweizerhof-flims.ch for the aforementioned purposes. At our sole discretion, we may require proof of identity to process your requests.

  1. 16.      Data security

We make use of appropriate technical and organisational security measures to protect the data we store against manipulation, full or partial loss, and unauthorised third-party access. Our security measures are continually being improved in line with technological advancements.

You should always handle your access data confidentially and close the browser window once you have finished communicating with us; this particularly applies if the computer is shared with other users.

We also take internal data protection within the company very seriously. Our employees and commissioned service providers have been obliged by us to maintain secrecy and comply with the provisions of data protection law.

  1. 17.      Notice on data transmission to the USA

For the sake of completeness, we advise users residing or having their registered office in Switzerland that there are surveillance measures in the USA imposed by the US authorities, which generally enables the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This takes place without differentiation, restriction or exception on the basis of the pursued objective and without an objective criterion which enables access by the US authorities to the data and its later use to be restricted to specific, strictly delineated purposes, which can justify both access to this data and intervention associated with its use. We also advise that there are no judicial remedies in the USA for data subjects from Switzerland which would allow them to receive access to their data or request its rectification or erasure, e.g. there is no effective judicial protection against the general access rights of US authorities. We explicitly advise data subjects of these legal circumstances to enable them to make an informed decision with respect to consenting to use of their data.

We advise users domiciled in an EU member state that the USA does not possess a sufficient level of data protection from the perspective of the European Union due, in part, to the topics mentioned in this section. If the recipients of data (e.g. Google) mentioned in this Data Protection Declaration have their registered office in the USA, we will ensure either through contractual regulations with such companies, or by ensuring these companies are certified under the EU- or Swiss-US Privacy Shield, that your data is protected with an appropriate level of protection by our partners.

  1. 18.      Right to complain to a data protection supervisory authority

You are entitled to complain to a data protection supervisory authority at any time.

 25th May 2018