Data Privacy Statement
Information applicable to all channels
1. Data controller and content of this Privacy Policy
We, Hotel Alexander AG, Niederdorfstrasse 40, 8001 Zürich, Switzerland operate the hotel Hotel Alexander / Alexander Guesthouse and the website www.hotel-alexander.ch / www.alexander-guesthouse.ch, unless otherwise indicated, are responsible for the data processing operations set out in this Privacy Policy.
Please take note of the information below to know what personal data we collect from you and for what purposes we use it. In data protection matters, we are guided primarily by the legal requirements of Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (EU-GDPR), the provisions of which may be applicable in individual cases. Furthermore, other companies are responsible under data protection law (or jointly responsible with us) for individual data processing operations listed below, and in these cases you should also take note of the information provided by these other companies is also applicable. The following information may be amended from time to time. We therefore recommend that you consult this Privacy Policy regularly.
2. Contact person for data protection
If you have any questions about data protection or wish to exercise your rights, please contact our data protection contact by sending an email to the following address: info@hotel-alexander.ch
You can contact our data protection representative at: Hotel Alexander AG, Niederdorfstrasse 40, 8001 Zürich, Switzerland
3. Your rights
Provided that the relevant legal requirements are met, as a person affected by data processing you have the following rights:
Right of access: You have the right to request access to your personal data stored and processed by us at any time and free of charge. This gives you the opportunity to check what personal data we process about you and that we use it in accordance with applicable data protection regulations.
Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort.
Right to deletion: You have the right to have your personal data deleted under certain circumstances. In individual cases, especially in the case of legal retention obligations, the right to deletion may be excluded. In this case, we may block your data instead, provided the conditions are met.
Right to restrict processing: You have the right to request that the processing of your personal data be restricted.
Right to data transfer: You have the right to obtain from us, free of charge, the personal data you have provided to us in a readable format.
Right to object: You can object to the processing of your data at any time, in particular for data processing in connection with direct advertising (e.g. advertising emails).
Right of withdrawal: In principle, where you have given consent, you have the right to withdraw that consent at any time. However, processing activities that have already taken place based on your consent do not become unlawful because of your revocation of consent.
Right of complaint: You have the right to lodge a complaint with a competent supervisory authority, for example against the way your personal data is processed.
To exercise these rights, please send us an email to the following address:
info@hotel-alexander.ch
4. Data security
We use appropriate technical and organisational security measures to protect your personal data stored with us against loss and unlawful processing, namely unauthorised access by third parties. Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and data protection. Furthermore, these persons are only granted access to the personal data to the extent necessary for the fulfilment of their tasks.
Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks and we cannot provide an absolute guarantee for the security of information transmitted in this way.
5. Contact us
If you contact us via our contact addresses and channels (e.g. by e-mail or telephone), your personal data will be processed. The data you have provided us with, e.g. the name of your company, your name, your function, your e-mail address or telephone number and your request, will be processed. In addition, the time of receipt of the request will be documented.
We process this data exclusively in order to implement your requests (e.g. providing information about our Hotel, support in the processing of a contract such as questions regarding your booking, incorporating your feedback into the improvement of our service, etc.). The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in the implementation of your request or, if your request is directed towards the conclusion or execution of a contract, the necessity for the implementation of the required measures within the meaning of Art. 6 para. 1 lit. b EU-GDPR.
6. Use of your data for marketing purposes
6.1 Central data storage and anylysis in our CRM system
If it is possible to clearly identify you, we will store and link the data described in this privacy policy, in particular your personal details, your contact details, your contract details and your surfing behaviour on our websites, in a central database. This serves the efficient administration of customer data, allows us to adequately respond to your requests and enables the efficient provision of the services you have requested and the processing of the associated contracts. The legal basis for this data processing is our legitimate interest in the efficient management of user data within the meaning of Art. 6 para. 1 lit. f EU-GDPR. We evaluate this data in order to further develop our offers in a needs-oriented manner and to display and suggest the most relevant information and offers to you. We also use methods that predict possible interests and potential future orders based on your website use. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in carrying out marketing measures.
7. Disclosure to and access by third parties
Without the support of other companies, we would not be able to provide our services in the desired form. In order for us to be able to use the services of these companies, it is also necessary to pass on your personal data to a certain extent. Such a transfer takes place to the extent that it is necessary for the fulfilment of the contract requested by you, for example to restaurants or other third parties for which you have made a reservation. The legal basis for these disclosures is the necessity for the performance of the contract within the meaning of Art. 6 para. 1 lit. b EU-GDPR.
Furthermore, data is passed on to selected service providers, but only to the extent necessary for the provision of their services. Various third party service providers are explicitly mentioned in this privacy policy, e.g. in the sections on marketing. These are, for example, IT service providers (such as providers of software solutions), advertising agencies and consultancies. Furthermore, we transmit your data to companies affiliated with us in the group. Our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in the procurement of third-party services forms the legal basis for this data transfer.
In addition, your data may be disclosed to authorities, legal advisors or debt collection agencies, if we are legally obliged to do so or if this is necessary to protect our rights, in particular to enforce claims arising from our relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof and such disclosure is necessary to carry out due diligence or to complete the transaction. The legal basis for this data transfer is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in safeguarding our rights and complying with our obligations or the sale of our company.
8. Transfer of personal data abroad
We are entitled to transfer your personal data to third parties abroad if this is necessary to carry out the data processing mentioned in this Privacy Policy. In doing so, we will of course comply with the statutory provisions on the disclosure of personal data to third parties. If the country in question does not have an adequate level of data protection, we guarantee through contractual regulations that your data is adequately protected by the recipients.
9. Retention periods
We only store personal data for as long as is necessary to carry out the processing explained in this Privacy Policy within the scope of our legitimate interest. In the case of contractual data, storage is required by statutory retention obligations. Requirements that oblige us to retain data result from the provisions on accounting and from tax law regulations. According to these regulations, business communications, concluded contracts and accounting vouchers must be stored for up to 10 years. As far as we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used if this is necessary to fulfil the retention obligations or to defend and enforce our legal interests. The data is deleted as soon as there is no longer any obligation to retain it and we no longer have any legitimate interest in retaining it.
Special provisions applicable to us of our website
10. Log file data
When you visit our website, the servers of our hosting provider Iway, Badenerstrasse 569, 8048 Zürich, Switzerland; Hostpoint Ag, Neue Jonastrasse 60, 8640 Rapperswil, Switzerland temporarily store every access in a log file. The following data is collected without your intervention and stored by us until automatically deleted:
- the IP address of the requesting computer,
- the date and time of access,
- the name and URL of the retrieved file,
- the website from which the access was made, if applicable with the search word used,
- the operating system of your computer and the browser you use (incl. type, version and language setting),
- device type in case of access by mobile phones,
- the city or region from where the access was made,
- the name of your internet access provider.
The collection and processing of this data is carried out for the purpose of enabling the use of our website (connection establishment), to permanently guarantee system security and stability as well as for error and performance analysis and enables us to optimise our website (see on these last points also Section 13).
In the event of an attack on the network infrastructure of the website or a suspicion of other unauthorised or abusive website use, the IP address and the other data will be evaluated for the purpose of clarification and defence and, if necessary, used in the context of criminal proceedings to identify and take civil and criminal action against the users concerned.
Our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f EU-GDPR lies in the purposes described above.
When you visit our website, we use cookies as well as applications and tools that are based on the use of cookies. In this context, the data described here may also be processed. You will find more details on this in the subsequent sections of this privacy policy, in particular Section 11.
11. Cookies
Cookies are information files that your web browser stores on your computer's hard drive or memory when you visit our website. Cookies are assigned identification numbers that identify your browser and allow the information contained in the cookie to be read.
Among other things, cookies help to make your visit to our website easier, more pleasant and more meaningful. We use cookies for various purposes that are necessary, i.e. "technically required", for your desired use of the website. For example, we use cookies to be able to identify you as a registered user after logging in, without you having to log in again each time when navigating the various sub-pages. The provision of the shopping basket and order function is also based on the use of cookies. Furthermore, cookies also perform other technical functions required for the operation of the website, such as so-called load balancing, i.e. the distribution of the performance load of the page to different web servers in order to relieve the servers. Cookies are also used for security purposes, for example to prevent the unauthorised posting of content. Finally, we also use cookies as part of the design and programming of our website, e.g. to enable the uploading of scripts or codes.
The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in providing a user-friendly and up-to-date website.
Most internet browsers automatically accept cookies. However, when accessing our website, we ask you for your consent to the cookies we use that are not technically necessary, especially when using third-party cookies for marketing purposes. You can use the corresponding buttons in the cookie banner to define your desired settings. Details of the services and data processing associated with the individual cookies can be found within the cookie banner and in the following sections of this Privacy Policy.
You may also be able to configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie. On the following pages you will find explanations of how you can configure the processing of cookies in selected browsers.
Deactivating cookies may mean that you cannot use all the functions of our website.
12. Goofle SiteSearch / Google Custom Search Engine
The website uses the Google SiteSearch/Google Custom Search Engine of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). This enables us to provide you with an efficient search function on our website.
When using our search fields, your browser may transmit the log file data listed in Section 10 (including your IP address) as well as the search term you entered to Google, if you have installed Java script in your browser. If you would like to prevent the transmission of data, you can deactivate Java script in your browser settings (usually in the "Privacy" menu). Please note that the search function and other functions of the website may be impaired in this case.
The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in providing an efficient website search function.
For further processing of data by Google, please refer to Google's privacy policy: www.google.com/intl/de_de/policies/privacy.
13. Tracking and web analysis tools
13.1 General information on tracking
For needs-based design and continuous optimisation of our website, we use the web analysis services listed below. In this context, pseudonymised usage profiles are created and cookies are used (please also refer to Section 11). The information generated by the cookie about your use of our website is usually transferred together with the log file data listed in Section 10 to a server of the service provider, where it is stored and processed. This may also result in a transfer to servers abroad, e.g. the USA (see on this point, in particular on the guarantees taken, Section 8).
- In processing this data, we obtain the following information, among others:
- navigation path followed by a visitor on the site (including content viewed and products/services selected or purchased),
- time spent on the website or subpage,
- the last subpage viewed before leaving the website,
- the country, region or city from where access is made, end device (type, version, colour depth, resolution, width and height of the browser window), and returning or new visitor.
The provider will use this information on our behalf to evaluate the use of the website, to compile reports on website activities for us and to provide other services related to website and internet use for the purposes of market research and needs-based design of these internet pages. For these processing operations, we and the providers may to a certain extent be considered joint data controllers.
The legal basis for this data processing with the following tools is your consent within the meaning of Art. 6 para. 1 lit. a EU-GDPR. You can revoke your consent or refuse processing at any time by rejecting or deactivating the relevant cookies in your web browser settings (see Section 11) or by making use of the service-specific options described below.
For the further processing of your data by the respective provider as the (sole) data protection controller, in particular also any forwarding of this information to third parties such as authorities on the basis of national legal regulations, please refer to the respective data protection information of the provider.
13.2 Google Analytics
We use the web analytics service Google Analytics from Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) ("Google").
The data described about the use of the website may be transmitted to the servers of Google LLC. in the USA for the processing purposes explained (see Section 13.1). The IP address is shortened by activating IP anonymisation ("anonymizeIP") on the website before transmission within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Users can prevent the collection of the data generated by the cookie and related to their website use (inclunding the IP address) and its transmission to and processing by Google by downloading and installing a browser plugin under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. Further information on data protection at Google can be found here.
14. Social Media
14.1 Social Media profiles
On our website, we have included links to our profiles in the social networks of the following providers:
Instagram Inc. 1601 Willow Road, Menlo Park, CA 94025, USA;
Twitter Inc. with its registered office at 1355 Market Street, Suite 900, San Francisco, CA 94103, USA;
When you click on the icon of a social network on our website, you are automatically redirected to our profile in the respective network. This establishes a direct connection between your browser and the server of the respective social network. This provides the network with the information that you have visited our website with your IP address and clicked on the link.
If you click on a link to a network while you are logged into your user account with the network in question, the content of our website may be linked to your profile so that the network can assign your visit to our website directly to your account. If you want to prevent this, you should log out before clicking on the relevant links. A connection between your access to our website and your user account takes place in any case if you log in to the respective network after clicking on the link. The respective provider is responsible under data protection law for the associated data processing. Please note the information on the relevant network's website.
The legal basis for any data processing attributed to us in this regard is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in the use and promotion of our social media profiles.
14.2 Social Media Plugins
On our website, you can use social plugins from the providers listed below:
Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA,
Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA,
We use the social plugins to make it easier for you to share content from our website. The social plugins help us to increase the visibility of our content on social networks and thus contribute to better promotion of our offerings.
The plugins are deactivated by default on our websites and therefore do not send any data to the social networks when you simply call up our website. To increase data protection, we have integrated the plugins in such a way that a connection is not automatically established with the network’s servers. Only when you activate the plugins and thus give your consent to the transmission and further processing of data by the providers of the social networks, does your browser establish a direct connection to the servers of the respective social network.
The content of the plugin is transmitted directly to your browser by the social network and integrated into the website by it. This provides the respective provider with the information that your browser has accessed the corresponding page of our website, even if you do not have an account with this social network or are not currently logged in to it. This information (including your IP address) is transmitted from your browser directly to a server of the provider (usually in the USA) and stored there. We have no influence on the scope of the data that the provider collects with the plugin, although from a data protection perspective we can to a certain extent be considered jointly responsible with the relevant social network provider.
If you are logged in to the social network, it can assign your visit to our website directly to your user account. If you interact with the plugins, the corresponding information is also transmitted directly to a server of the provider and stored there. The information (e.g. that you like a product or service of ours) may also be published on the social network and possibly displayed to other users of the social network. The provider of the social network may use this information for the purpose of placing advertisements and designing a respective offering according to your interests. For this purpose, usage, interest and relationship profiles could be created, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on the social network, to inform other users about your activities on our website and to provide other services associated with the use of the social network. The purpose and scope of the data collection and the further processing and use of the data by the providers of the social networks, as well as your rights in this regard and options for changing your settings to protect your privacy can be found directly in the data protection information of the respective provider.
If you do not want the provider of the social network to assign the data collected via our website to your user account, you must log out of the social network before activating the plugins. Your consent within the meaning of Art. 6 para. 1 lit. a EU-GDPR forms the legal basis for the data processing described. You can revoke your consent at any time by declaring your revocation to the provider of the plugin in accordance with the information in their data protection notice.
15. Online advertising and targeting
15.1 In general
We use services of various companies to provide you with interesting offers online. In the process of doing this, your user behaviour on our website and websites of other providers is analysed in order to subsequently be able to show you online advertising that is individually tailored to you.
Most technologies for tracking your user behaviour and targeting advertisements work with cookies (see also Section 11), which can be used to recognise your browser across different websites. Depending on the service provider, it may also be possible for you to be recognised online even when using different end devices (e.g. laptop and smartphone). This may be the case, for example, if you have registered for a service that you use with several devices.
In addition to the data already mentioned, which is collected when websites are called up ("log file data", see Section 10) and the use of cookies (Section 11) and which may be passed on to the companies involved in the advertising networks, the following data in particular is used to select the advertising that is potentially most relevant to you:
Information about you that you provided when registering or using a service from advertising partners (e.g. your gender, age group);
User behaviour (e.g. search queries, interactions with advertising, types of websites visited, products/services viewed and purchased, newsletters subscribed to).
We and our service providers use this data to identify whether you belong to the target group we address and take this into account when selecting the advertisements. For example, after you have visited our site, you may be shown advertisements of the products or services you have consulted when you visit other sites ("re-targeting"). Depending on the scope of the data, a user's profile may also be created, which is evaluated automatically, and the ads are selected according to the information stored in the profile, such as membership of certain demographic segments or potential interests or behaviours. Such ads may be presented to you on various channels, which include, in addition to our website or app (as part of onsite and in-app marketing), ads provided through the online advertising networks we use, such as Google.
The data may then be analysed for the purpose of billing the service provider and assessing the effectiveness of advertising measures in order to better understand the needs of our users and customers and to improve future campaigns. This may also include information that the taking of an action (e.g. visiting certain sections of our website or sending information) is due to a particular advertising ad. We also receive aggregated reports from service providers of ad activity and information about how users interact with our website and ads.
The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a EU-GDPR. You can revoke your consent at any time by rejecting or deactivating the relevant cookies in the settings of your web browser (see Section 11). You can also find further options for blocking advertising in the information provided by the respective service provider, such as Google.
15.2 Goolgle Ads
This website uses the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") for online advertising. Google uses cookies for this purpose, such as the so-called DoubleClick cookie, which enable your browser to be recognised when visiting other websites. The information generated by the cookies about your visit to these websites (including your IP address) will be transmitted to and stored by Google on servers in the United States (please refer to Section 8). Further information on data protection at Google can be found here.
The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a EU-GDPR. You can revoke your consent at any time by rejecting or deactivating the relevant cookies in the settings of your web browser (see Section 11).
16. Use of our chat function
If you contact us via chat, your personal data will be processed. The data that you have provided to us is processed, e.g. the name of your company, your name, your function, your e-mail address and your request. In addition, the time of receipt of the request is documented. Mandatory data are marked with an asterisk (*).
We process this data exclusively in order to implement your request (e.g. providing information about our Hotel, support in the processing of contracts such as questions regarding your booking, incorporating your feedback into the improvement of our service, etc.). We use a tool from Mews System B.V., Wibautstraat 137D, 1097 DN Amsterdam, Netherlands. to provide the chat function. Your data will be stored in a database of Mews System B.V., which may allow Mews System B.V. to access your data if necessary for the provision of the software and for the support in the use of the software.
The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in the use of up-to-date communication technologies or, if your request is directed towards the conclusion or performance of a contract, in the implementation of the necessary measures within the meaning of Art. 6 para. 1 lit. b EU-GDPR.
17. Registration for a customer account
If you open a customer account on our website, we collect the following data.
Personal data:
- Salutation
- Name
- First name
- Billing and (if necessary) delivery address
- Birthday
- Company name, company address and VAT no. for corporate clients
Login data:
- Email address
- Password
Further information:
- Languages
- Gender
We use the personal details to establish your identity and to check the requirements for registration. The email address and password are used as login details to ensure that the correct person is using the website under your account. We also need your email address to verify and confirm the opening of your account and for future communication with you as required to process the contract. In addition, this data is stored in the customer account for future bookings or the conclusion of contracts. For this purpose, we also enable you to store further details in the account (e.g. your preferred means of payment).
We also use the data to provide an overview of the products ordered and bookings made and as a simple way to manage your personal data, to administer our website and our contractual relationships, i.e. to establish, define the content of, process and amend the contracts concluded with you via your customer account (e.g. in connection with your booking with us).
We process the information on language and gender in order to display offer suggestions on the website that are best tailored to your profile or your personal needs, for statistical recording and evaluation of the selected offers and thus to optimise our suggestions and offers.
The legal basis for the processing of your data for the preceding purpose is your consent pursuant to Art. 6 para. 1 lit. a EU-GDPR. You can revoke your consent at any time by removing the information from your customer account or by deleting your customer account or having it deleted by notifying us.
To avoid misuse, you must always keep your login details confidential and should close the browser window when you have finished communicating with us, especially if you share the computer with others.
We use this data and other data voluntarily provided by you only to be able to execute your order according to your wishes. The processing of this data is therefore carried out within the meaning of Art. 6 para. 1 lit. b EU-GDPR for the implementation of pre-contractual measures as well as for the fulfillment of a contract.
18. Booking on the website, by correspondence or by telephone call
When you make bookings or order vouchers either via our website, by correspondence (e-mail or letter post) or by telephone call, we collect the following data:
Personal data:
- Salutation
- Name
- First name
- Billing and (if necessary) delivery address
- Birthday
- Company name, company address and VAT no. for corporate clients
Login data:
- Email address
- Password
Further information:
- Languages
- Gender
19. Payment processing online
If you make bookings or purchase services or products against payment via our website, depending on the product or service and the desired method of payment - in addition to the information mentioned in Section 18 and 19 - you may be required to provide data, such as your credit card information or the login to your payment service provider. This information, as well as the fact that you have purchased a service from us for the amount and at the time in question, is forwarded to the respective payment service providers (e.g. payment solution providers, credit card issuers and credit card acquirers). In doing so, please always also note the information provided by the respective company, in particular the privacy policy and the general terms and conditions. The legal basis for this transfer is the fulfilment of a contract according to Art. 6 para. 1 lit. b EU-GDPR.
20. Bookings via booking platforms
If you make bookings via a third-party platform (i.e. via booking.com, Hotel, Escapio, Expedia, Holidaycheck, Hotel Tonight, HRS, Kayak, Mr. & Mrs. Smith, Splendia, Tablet Hotels, Tripadvisor, Trivago, Weekend4Two), we receive various personal information from the respective platform operator in connection with the booking made. This is usually the data listed in section 19 of this privacy policy. In addition, we may receive enquiries about your booking. We will process this data namely in order to record your booking as requested and to provide the booked services. The processing of this data is therefore carried out within the meaning of Art. 6 para. 1 lit. b EU-GDPR for the implementation of pre-contractual measures as well as for the fulfillment of a contract.
Finally, we may be informed by the platform operators of disputes relating to a booking. In the process, we may also receive data on the booking process, which may include a copy of the booking confirmation as proof of the actual booking completion. We process this data to protect and enforce our claims. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f. EU-GDPR.
21. Application for a vacant position
You have the option of applying for a specific job advertisement spontaneously or via a corresponding e-mail address. For this purpose, we collect the following data, whereby mandatory information is marked with an asterisk (*) in the corresponding form:
- First name
- Last name
- Email address
- Application documents (e.g. CV, letter of motivation, certificates, etc.)
We will use these and other data voluntarily provided by you to check your application. Application documents of unsuccessful applicants will be deleted at the end of the application process, unless you explicitly agree to a longer retention period, or we are not legally obliged to retain them for a longer period.
The legal basis for processing your data for this purpose is therefore the performance of a contract (pre-contractual phase) in accordance with Art. 6 para. 1 lit. b EU-GDPR.
Data processing in connection with your stay
22. Data processing for the fulfilment of statutory notification obligations
Upon arrival at our hotel, we may require the following information from you and your companions (mandatory):
- First and last name
- Postal address and canton
- Date of birth
- Nationality
- Official identification card and number
- Date of arrival and departure
We collect this information in order to fulfil statutory notification obligations, which arise in particular from hospitality or police law. We forward this information to the competent police authority if we are required to do so under the applicable regulations.
The processing of this data is carried out on the basis of a legal obligation within the meaning of Art. 6 para. 1 lit. c EU-GDPR.
23. Recording of purchased services
If you receive additional services as part of your stay (e.g. wellness, restaurant, activities), we will record the subject of the service and the time at which it was received for billing purposes. The legal basis for this data processing is the fulfilment of the contract with you according to Art. 6 para. 1 lit. b EU-GDPR.
24. Guest feedback
If you have given us your e-mail address in connection with your booking, you will receive an electronic form after departure. For this purpose, we collect the following data:
- First and last name
- Age
- Nationality
- Length of stay
The information you provide is voluntary and is used to help us continuously improve our offer and services and to adapt them to your needs. We will only use the information provided for statistical purposes, unless otherwise stated in this privacy policy or you have given your consent. We will process the data by name in order to contact you in the event of any uncertainties.
For the aforementioned purposes, the legal basis of the processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR.
25. Video surveillance
To prevent abuse and to take action against illegal behaviour (especially theft and damage to property), the entrance area and the publicly accessible areas of our Hotel are monitored by cameras. The image data is only viewed if there is a suspicion of unlawful behaviour.
For the provision of the video surveillance system, we rely on a service provider who may have access to the data where this is necessary for the provision of the system. Should the suspicion of illegal behaviour be substantiated, the data may then be passed on to our advisors (in particular our legal advisors) and authorities to the extent necessary to enforce claims or file charges.
The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f. EU-GDPR in the protection of our property and the protection and enforcement of our rights.
26. Use of our WiFI network
In our Hotel you have the possibility to use the WiFi network operated by Inteco EDV AG, Barzoolstrasse 18, 8330 Pfäffikon free of charge. To prevent misuse and to take action against illegal behaviour, prior registration is required.
In addition to the above data, data on the visited Hotel, including time, date and terminal device, is recorded each time the WiFi network is used. The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a EU-GDPR. The customer can revoke a WiFi registration at any time by notifying us.
Inteco EDV AG must comply with the legal obligations of the Federal Act on the Surveillance of Postal and Telecommunications Traffic (BÜPF) and the associated ordinance. The WiFi operator must monitor the use of the internet or data traffic on behalf of the competent authority where required by law. The WiFi operator may also be obliged to disclose the customer's contact, usage and ancillary data to the competent authorities. The contact, usage and ancillary data shall be stored for 6 months and then deleted.
The legal basis for these data processing operations is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in providing a WiFi network in compliance with the applicable legal provisions.
27. Payment processing
When you pay for your stay in our Hotel or purchase products or services in our Hotel using electronic means of payment, the processing of personal data is required. By using the payment terminals, you transmit the information stored in your means of payment, such as the name of the cardholder and the card number, to the payment service providers involved (e.g. providers of payment solutions, credit card issuers and credit card acquirers). They also receive the information that the payment method was used in our Hotel, the amount and the time of the transaction. Conversely, we only receive the credit for the amount of the payment made at the relevant time which we can assign to the relevant voucher number, or information that the transaction was not possible or was cancelled. In this regard, please always also note the information provided by the respective company, in particular the privacy policy and the general terms and conditions. The legal basis for this data processing is the fulfilment of the contract with you according to Art. 6 para.1 lit. b EU-GDPR.