Data Privacy Protection
Responsible body within the
meaning of the General Data Protection Regulation (GDPR)
Hotel Zugertor AG
represented by Oliver von Rickenbach, General Manager
We are pleased that you are using our Hotel Zugertor AG websites (zugertor.ch) and thank you for your interest in our services and products. The protection of personal data is very important to us. Therefore, please take note of the following information:
Our offer is subject to Swiss data protection law and any applicable foreign data protection law such as that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law guarantees adequate data protection.
Nature, scope, and purpose
We process the personal data that is required to provide our offer in a permanent, user-friendly, secure, and reliable manner. Such personal data can fall into the categories of contact data, browser and device data, content data, metadata or marginal data, usage data and location data.
We process personal data for the duration that is required for the respective purpose /purposes or by law. Personal data that are no longer required to be processed are anonymized or deleted. Persons whose data we process generally have a right to deletion.
In principle, we only process personal data with the consent of the person concerned, unless the processing is permitted for other legal reasons, for example to fulfil a room and table reservation, voucher purchase, ticket purchase. In this context, we process in particular information that a data subject voluntarily transmits to us when contacting us - for example by post, e-mail, contact form, social media or telephone.
We can save such information in our hotel database. If you transmit personal data to us via third parties, you are obliged to guarantee data protection vis-à-vis such third parties and to ensure the accuracy of such personal data.
Google Analytics is provided by Google Inc., a company of the Alphabet Inc holding company, based in the USA. Before the data is transmitted to the provider, the IP address is shortened by activating IP anonymization ("anonymizeIP") on this website within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. In these cases, we use contractual guarantees to ensure that Google Inc. maintains an adequate level of data protection. According to Google Inc., under no circumstances will the IP address be associated with other data relating to the user.
You can find more information about the web analysis service used on the Google Analytics website. Instructions on how to prevent the processing of your data by the web analysis service can be found at tools.google.com/dlpage/gaoptout .
You will receive our newsletter if you have previously registered on the website or entered internal competitions or by submitting a business card. You can unsubscribe from the newsletter at any time free of charge using the link provided at the end of each newsletter. You can also contact the address below by email or post. Your email address and any data collected on user behavior will then no longer be used for the newsletter or passed on to third parties.
Other applications / websites / chats
The websites may contain links, applications and / or other websites that are not under the control of the Hotel Zugertor AG. This data protection guideline only applies to the services of Hotel Zugertor AG. Hotel Zugertor AG is not responsible for the content of connected applications or websites or the processing of personal data within these offers.
Book a room on the website, by correspondence or by phone call
If you make bookings either via our website, by correspondence (e-mail or post) or by phone call, we need the following data to process the contract:
We will only use this data as well as other information you voluntarily provide (e.g. expected arrival time, preferences, comments & requests) to process the contract, unless otherwise stated in this data protection declaration or you have not given your separate consent. We will process the data by name in order to record your booking as requested, to provide the services booked, to contact you in the event of ambiguities or problems and to ensure correct payment.
The legal basis for data processing for this purpose is the fulfilment of a contract in accordance with Art. 6 Paragraph 1 lit. b GDPR.
Data processing to meet legal reporting requirements
Upon arrival at our hotels, we may need the following information from you and your companions:
We collect this information to fulfil legal reporting obligations, which result in particular from hospitality or police law. Insofar as we are obliged to do so under the applicable regulations, we will forward this information to the responsible police authority.
We have a legitimate interest in fulfilling the legal requirements within the meaning of Article 6 (1) (f) GDPR.
Storage and exchange of data with third parties (booking platforms)
If you make bookings via a third-party platform, we receive various personal information from the respective platform operator. As a rule, this is the data listed in Section 5 of this data protection declaration. In addition, inquiries about your booking may be forwarded to us. We will process and save this data by name in order to record your booking as requested and to provide the booked services. The legal basis for data processing for this purpose is the fulfilment of a contract in accordance with Art. 6 Paragraph 1 lit. b GDPR.
Finally, we may be informed by the platform operators about disputes in connection with a booking. We may also receive data on the booking process, including a copy of the booking confirmation as evidence of the actual booking. We process this data to protect and enforce our claims. This is our legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.
Please also note the information on data protection provided by the respective provider.
Use of editorial communications and content
All content transmitted by you for the purpose of publication (user generated content) is used by us exclusively within our website and, if applicable, other online-based communication channels - e.g. Facebook or Instagram, although we cannot fundamentally prevent that external third party websites access this content through links. Editorial messages can, for example, be posts on social media (Facebook & Instagram). We reserve the right to edit or delete the content forwarded to us before / after publication.
We take appropriate and suitable technical and organizational measures to ensure data protection and, in particular, data security. However, the processing of personal data on the Internet can always have security gaps despite such measures. We can therefore not guarantee absolute data security.
Our reservation system is accessed using transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, or HTTPS for short). Most browsers indicate transport encryption with a padlock in the address bar.
Access to our reservation system is subject - like in principle all Internet use - to groundless and suspect-independent mass surveillance as well as other surveillance by security authorities in Switzerland, the European Union (EU), the United States of America (USA) and other countries. We cannot exert any direct influence on the processing of personal data by secret services, police stations and other security authorities.
Information, correction, blocking or deletion of the stored data
You have the right to free information about your stored personal data and, if necessary, the right to correct, block or delete this data. The same applies to the revocation of given consent to the storage of your data. If you withdraw your consent or request deletion, your data will be deleted accordingly. This does not apply to data the deletion of which is contrary to statutory and / or contractual retention periods. Furthermore, data are excluded that are required for the establishment, implementation and processing of legal transactions or that have to be stored for billing purposes. For information, blocking, deletion and correction requests to your data or the revocation of declared consent, please contact the contact below.
We only store personal data for as long as it is necessary to use further processing within the scope of our legitimate interest. We keep contract data longer, as this is required by statutory retention requirements. Retention obligations that oblige us to retain data result from regulations on the right to report on accounting and tax law. According to these regulations, business communication, concluded contracts and accounting documents must be kept for up to 10 years. If we no longer need this data to carry out the services, the data will be inactive in our system after 5 years. This means that the data can then only be used for accounting and tax purposes and only by authorized administrative persons.
Note on data transfers to the USA
For the sake of completeness, we would like to point out to users residing or domiciled in Switzerland that there are surveillance measures in place by US authorities in the USA that generally store all personal data of all persons whose data has been transmitted from Switzerland to the USA. enables. This is done without differentiation, restriction or exception based on the pursued goal and without an objective criterion that makes it possible to restrict the access of the US authorities to the data and their subsequent use to very specific, strictly limited purposes, which are both with the Be able to justify access to this data and any interference associated with its use. We would also like to point out that in the USA there are no legal remedies for the data subjects from Switzerland that would allow them to gain access to the data concerning them and to obtain their correction or deletion, or there is no effective judicial protection against general US authorities have access rights. We explicitly point out this legal and factual situation to those affected in order to make an appropriately informed decision to consent to the use of their data.
We would like to point out to users residing in a member state of the EU that the USA does not have an adequate level of data protection from the point of view of the European Union - due to the issues mentioned in this section, among other things. Insofar as we have explained in this data protection declaration that recipients of data (such as Google) are based in the USA, we will either through contractual provisions with these companies or by ensuring that these companies are certified under the EU or Swiss-US -Privacy shield ensure that your data is protected to an adequate level with our partners.
Information on the rights of the customer and contacts
You have the right to free information about your stored data and, if necessary, the right to correct, block or delete this data. If you have any further questions about the collection, processing or use of your personal data, please contact us. The same applies to information, blocking, deletion and correction requests with regard to your personal data as well as to the revocation of consent.
Data protection officer
Status: February 2022