4. STORAGE AND EXCHANGE OF DATA WITH THIRD PARTIES

4.1 BOOKING PLATFORMS
If you make bookings via a third-party platform, we receive various personal information from the respective platform operator. This is usually the data listed in section 1.4 of these data protection declarations. In addition, we may be forwarded enquiries about your booking. We will process this data by name in order to record your booking as requested and to provide the booked services. The legal basis of data processing for this purpose is the fulfilment of a contract according to Art. 6 para. 1 lit. b DSGVO.

Finally, we may be informed by the platform operators of disputes relating to a booking. In the process, we may also receive data on the booking process, which may include a copy of the booking confirmation as proof of the actual booking completion. We process this data to protect and enforce our claims. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

Please also note the privacy policy of the respective provider.

4.2 CENTRAL STORAGE AND LINKING OF DATA
We store the data specified in sections 1.1 to 1.10 and 2.1 to 2.3 in a central electronic data processing system (CRM). The data concerning you is systematically recorded and linked for the purpose of processing your bookings and handling the contractual services or based on your consent. For this purpose, we use software from the company "protel hotelsoftware Gmbh" in DE-44269 Dortmund. The processing of personal data within the framework of a CRM programme takes place in the same software.

We base the processing of this data within the framework of the software on our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO in customer-friendly and efficient customer data management and on the implementation of contractual measures pursuant to Art. 6 para. 1 lit. b DSGVO.

To send you general information during or after your stay and offers tailored to you and your interests on products and services of our hotel by e-mail on the basis of the data we have about you. The information and offers received may also be based on your previous and current location within our hotel. If you have also provided us with your mobile phone number, we will use this to send you information and offers on your mobile device.

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future.


4.3 STORAGE PERIOD
We only store personal data for as long as it is necessary to use the tracking services mentioned above as well as the further processing within the scope of our legitimate interest. We retain contractual data for longer, as this is required by legal retention obligations. Retention obligations that oblige us to retain data result from regulations on registration law, on accounting and from tax law. According to these regulations, business communication, concluded contracts and accounting vouchers must be kept for up to 10 years. As far as we no longer need this data to perform the services for you, the data will be blocked or marked. This means that the data may then only be used for internal purposes and accounting and tax purposes.


4.4 DISCLOSURE OF DATA TO THIRD PARTIES

As a matter of principle, we do not pass on your personal data. Exceptions are if you have expressly consented, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. In addition, we pass on your data to third parties insofar as this is necessary in the context of the use of the website and the processing of contracts (also outside the website), namely the processing of your bookings.
Please also note the information in the preceding sections of this data protection declaration regarding the transfer of data to third parties.

4.4.1 WEBMASTER
For the operation, maintenance and guarantee of the contractual offers on our website, we work together with our technical partners, which means that personal data is passed on or they may have access to it:

wernedesign
Frank Werne
Dorfstrasse 32  
89257 Illertissen
Germany

The websites are hosted on servers in Switzerland by the company tcNet GmbH, 3800 Interlaken. The data is passed on for the purpose of providing and maintaining the functionalities of our website. This is our legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.

4.4.2 ROOM RESERVATION SYSTEMS
Personal data for room bookings on the website and third parties such as travel agencies or OTAs are processed by the following service providers:

• SQH Swiss Quality Hotels, Stäfa
• Reconline AG, Zermatt
• Vertical Booking, Bergamo

4.2 CENTRAL STORAGE AND LINKING OF DATA
Personal data is consolidated by means of a CRM for the further development and improvement of our service to the guest, the software used by us on site comes from the company "protel hotelsoftware Gmbh" in DE-44269 Dortmund.

4.4.4 RESTAURANT RESERVATIONS
Personal data for restaurant reservations is currently only noted offline.

4.4.5 VOUCHERS
Personal data for purchases of event tickets and vouchers on the website are collected, processed and delivered by the following service providers:

Idea Creation GmbH
Walchestrasse 15
8006 Zurich
Switzerland
www.e-guma.ch

4.4.6 CREDIT CARD PAYMENT
We forward your credit card information to your credit card issuer and to the credit card acquirer when you pay by credit card on the website. We work together with the following partner:

Wordline Services
Hardturmstrasse 201
8021 Zürich
www.six-payment-services.com

If you decide to pay by credit card, you will be asked to enter all mandatory information. The legal basis for the transfer of the data is the fulfilment of a contract according to Art. 6 para. 1 lit. b DSGVO. Regarding the processing of your credit card information by these third parties, we ask you to also read the general terms and conditions as well as the privacy policy of your credit card issuer.

4.5 TRANSFER OF PERSONAL DATA ABROAD
We are also entitled to transfer your personal data to third party companies (commissioned service providers) abroad for the purpose of the data processing described in this data protection declaration. These are obligated to data protection to the same extent as we ourselves. If the level of data protection in a country does not correspond to that in Switzerland or the EU, we will ensure by contract that the protection of your personal data corresponds to that in Switzerland or the EU at all times.

4.5.1 NOTE ON DATA TRANSFERS TO THE USA
For the sake of completeness, we would like to point out for users resident or domiciled in the EU or Switzerland that there are surveillance measures in place in the USA by US authorities which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland or the EU to the USA. This is done without any differentiation, limitation or exception based on the objective pursued and without any objective criterion that would make it possible to limit the access of the US authorities to the data and their subsequent use to very specific, strictly limited purposes that are capable of justifying the intrusion associated with both the access to and the use of this data. Furthermore, we would like to point out that in the USA, data subjects from Switzerland and the EU do not have any legal remedies that allow them to obtain access to the data concerning them and to obtain their correction or deletion, or that there is no effective judicial legal protection against general access rights of US authorities. We explicitly draw the attention of the data subject to this legal and factual situation in order to make an appropriately informed decision to consent to the use of his or her data.

We would like to point out to users residing in a member state of the EU that the USA does not have a sufficient level of data protection from the perspective of the European Union - among other things due to the issues mentioned in this section. Insofar as we have explained in this data protection declaration that recipients of data (such as Google) are based in the USA, we will ensure either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU or Swiss-US Privacy Shield that your data is protected at an appropriate level with our partners.

Status: 1.9.2023

Scroll to Top