Hôtel Bodenhaus AG, CH-7435 Splügen manages the Hôtel Bodenhaus and is responsible for the collection, processing and use of your personal data and the compatibility of data processing with the applicable data protection law.
Your trust is important to us, which is why we take the subject of data protection seriously and pay attention to appropriate security. Of course, we observe the legal provisions of the Federal Data Protection Act (DSG), the Ordinance to the Federal Data Protection Act (VDSG), the Telecommunications Act (FMG) and other possibly applicable data protection provisions of Swiss or EU law, in particular the Basic Data Protection Ordinance (DSGVO).
In order for you to know what personal data we collect from you and for what purposes we use it, please take note of the following information.
A. DATA PROCESSING IN CONNECTION WITH OUR WEB SITE
1. Visit of our website
When you visit our website, our servers temporarily store each access in a log file. As with any connection to a web server, the following technical data is recorded and stored by us without your intervention:
• the IP address of the requesting computer,
• is the name of the owner of the IP address range (usually your Internet access provider),
• the date and time of access,
• the website from which the access was made (referrer URL), if applicable with the search term used,
• is the name and URL of the retrieved file,
• the status code (for example, error message),
• the operating system of your computer,
• the browser you are using (type, version and language),
• the transmission protocol used (e.g. HTTP/1.1) and
• if necessary your username from a registration/authentication.
These data are collected and processed for the purpose of enabling the use of our website (connection establishment), to permanently guarantee system security and stability and to enable the optimisation of our Internet offer as well as for internal statistical purposes. This is our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f DSGVO.
The IP address is also evaluated together with the other data in the event of attacks on the network infrastructure or other unauthorised or abusive use of the website for reconnaissance and defence purposes and, if necessary, used in criminal proceedings for identification and civil and criminal proceedings against the users concerned. This is our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f DSGVO.
2. Registration for our newsletter
If you subscribe to our company's newsletter, the data in the respective input mask will be transmitted to the controller. The registration for our newsletter takes place in a so-called double opt-in procedure. I.e. after registration, you will receive an email in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. When registering for the newsletter, the user's IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the email address of the person concerned. The data is not passed on to third parties. An exception exists if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. The subscription to the newsletter can be cancelled by the data subject at any time. Likewise, consent to the storage of personal data can be revoked at any time. For this purpose, a corresponding link can be found in each newsletter. The legal basis for the processing of the data after registration for the newsletter by the user is, if the user has given his consent, Art. 6 para. 1 lit. a) DSGVO. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.
b. Use of rapidmail
Description and purpose: We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. Among other things, rapidmail is used to organize and analyze the dispatch of newsletters. The data you enter for the purpose of receiving the newsletter is stored on rapidmail's servers in Germany. If you do not want any analysis by rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe from the newsletter directly on the website. For the purpose of analysis, the emails sent with rapidmail contain a so-called tracking pixel, which connects to the servers of rapidmail when the email is opened. In this way, it can be determined whether a newsletter message has been opened. Furthermore, with the help of rapidmail, we can determine whether and which links in the newsletter message are clicked. All links in the email are so-called tracking links, with which your clicks can be counted.
Legal basis: The legal basis for the data processing is Art. 6 para. 1 lit. a) DSGVO.
Recipient: The recipient of the data is rapidmail GmbH.
Transmission to third countries: There is no transmission of data to third countries.
Duration: The data stored by us as part of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the servers of rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the member area) remain unaffected by this.
Possibility of revocation: You have the possibility to revoke your consent to data processing with effect for the future at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.
Further data protection information: For more details, please refer to the data security notices of rapidmail at: https://www.rapidmail.de/datensicherheit. For more details on the analysis functions of rapidmail, please refer to the following link: https://www.rapidmail.de/wissen-und-hilfe
3. Booking on the website, by correspondence or by telephone call
If you make bookings either via our website, by correspondence (email or letter post) or by telephone call, we require the following data to process the contract:
• form of address
• Name and surname
• postal address
• date of birth
• telephone number
• credit card details
• email address
We will only use this data and other information you voluntarily provide (e.g. expected time of arrival, motor vehicle registration plate, preferences, comments) to process the contract, unless otherwise stated in this data protection declaration or unless you have agreed to this separately. We will process the data in order to record your booking as requested, to make the booked services available, to contact you in case of ambiguities or problems and to ensure correct payment.
The legal basis of data processing for this purpose is the fulfilment of a contract pursuant to Art. 6 para. 1 lit. b DSGVO.
Cookies help in many ways to make your visit to our website easier, more pleasant and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our website.
Most Internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message appears whenever you receive a new cookie. On the following pages you will find explanations on how you can configure the processing of cookies with the most common browsers:
• Microsofts Windows Internet Explorer
• Microsofts Windows Internet Explorer Mobile
Disabling cookies may prevent you from using all the features of our website.
5. Tracking tools
a. General information
We use the web analysis service of Google Analytics for the purpose of demand-oriented design and continuous optimization of our website. In this context, pseudonymized user profiles are created and small text files stored on your computer ("cookies") are used. The information generated by the cookie about your use of this website is transmitted to the servers of the providers of these services, stored there and processed for us. In addition to the information listed under point 1, we may receive the following information:
• navigation path that a visitor takes on the site,
• duration of stay on the website or subpage,
• the subpage on which the website is left,
• the country, region or city from which it is accessed,
• terminal (type, version, color depth, resolution, width and height of the browser window) and
• returning or new visitor.
The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and the Internet for purposes of market research and demand-oriented design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of the company.
b. Google Analytics
Google Analytics is provided by Google Inc, a company of the holding company Alphabet Inc, based in the USA. Prior to the transmission of the data to the Provider, the IP address will be reduced by activating IP anonymisation ("anonymous IP") on this website within the Member States of the European Union or in other States party to the Agreement on the European Economic Area. The anonymous IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In these cases, we provide contractual guarantees to ensure that Google Inc. complies with a sufficient level of data protection. According to Google Inc., under no circumstances will the IP address be linked to other data relating to the user.
Further information about the web analysis service used can be found on the Google Analytics website. Instructions on how to prevent your data from being processed by the web analysis service can be found at http://tools.google.com/dlpage/gaoptout?hl=en.
We have integrated functions of the public media platform Instagram into this website. These functions are being offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
If the social media element has been activated, a direct connection between your device and Instagram’s server will be established. As a result, Instagram will receive information on your visit to this website.
If you are logged into your Instagram account, you may click the Instagram button to link contents from this website to your Instagram profile. This enables Instagram to allocate your visit to this website to your user account. We have to point out that we as the provider of the website and its pages do not have any knowledge of the content of the data transferred and its use by Instagram.
If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6(1)(a) GDPR and § 25 TTDSG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of our legitimate interest in making our information as comprehensively visible as possible on social media.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook or Instagram tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook or Instagram products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
For more information on this subject, please consult Instagram’s Data Privacy Declaration at: https://instagram.com/about/legal/privacy/.
Our website embeds videos of the website YouTube. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in the expanded data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. Nevertheless, this does not necessarily mean that the sharing of data with YouTube partners can be ruled out as a result of the expanded data protection mode. For instance, regardless of whether you are watching a video, YouTube will always establish a connection with the Google DoubleClick network.
As soon as you start to play a YouTube video on this website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.
Furthermore, after you have started to play a video, YouTube will be able to place various cookies on your device or comparable technologies for recognition (e.g. device fingerprinting). In this way YouTube will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud.
Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control.
The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6(1)(f) GDPR, this is a legitimate interest. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
B. DATA PROCESSING IN CONNECTION WITH YOUR STAY
6. Data processing for the fulfilment of legal reporting obligations
On arrival at our hotel we may need the following information from you and your escorts:
• Name and surname
• Postal address and canton
• date of birth
• Official identification card and number
• Day of arrival and departure
• room number
We collect this information for the fulfilment of legal reporting obligations, which result in particular from the hospitality industry or police law. If we are obliged to do so under the applicable regulations, we will forward this information to the relevant police authority.
We have a legitimate interest in the fulfilment of the legal requirements within the meaning of Art. 6 para. 1 lit. f DSGVO.
7. Recording of purchased services
If you receive additional services during your stay, we will record the service object and the time at which you receive the service for billing purposes. The processing of this data is required in the sense of Art. 6 Para. 1 lit. b DSGVO for the processing of the contract with us.
C. STORAGE AND EXCHANGE OF DATA WITH THIRD PARTIES
8. Booking platforms
If you make bookings via a third-party platform, we receive various personal information from each platform operator. As a rule, these are the data listed in Section 5 of this data protection declaration. In addition, we may receive inquiries regarding your booking. We will process this data in order to record your booking as requested and to make the booked services available. The legal basis of data processing for this purpose is the fulfilment of a contract pursuant to Art. 6 para. 1 lit. b DSGVO.
Finally, we may be informed by the platform operators about disputes in connection with a booking. We may also receive information about the booking process, which may include a copy of the booking confirmation as proof of the actual booking closure. We process this data to protect and enforce our claims. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
Please also note the information on data protection of the respective provider.
9. Central storage and linking of data
We store the data specified in paragraphs 2-5 and 8-10 in a central electronic data processing system. The data concerning you is systematically recorded and linked for processing your bookings and processing the contractual services. The processing of this data within the software is based on our legitimate interest in a customer-friendly and efficient customer data management within the meaning of Art. 6 para. 1 lit. f DSGVO.
10. Storage period
We store personal data only as long as it is necessary to use the tracking services mentioned above and the further processing in the context of our legitimate interest. We keep contractual data for a longer period of time, as this is prescribed by legal storage obligations. Storage obligations, which oblige us to store data, result from regulations concerning the right to report, invoicing and tax law. According to these regulations, business communication, contracts concluded and accounting documents must be kept for up to 10 years. If we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.
11. Passing on the data to third parties
We will only pass on your personal data if you have expressly consented, if there is a legal obligation to do so or if this is necessary for the enforcement of our rights, in particular for the enforcement of claims arising from the contractual relationship. Furthermore, we pass on your data to third parties as far as this is necessary in the context of the use of the website and the contract processing (also outside the website), namely the processing of your bookings.
A service provider to whom the personal data collected via the website are passed on or who has or can have access to them is our web host cyon GmbH, Brunngässlein 12, 4052 Basel. The website is hosted on servers in Switzerland. The data is passed on for the purpose of providing and maintaining the functionalities of our website. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
12. Transmission of personal data abroad
We are entitled to transfer your personal data to third parties (commissioned service providers) abroad for the purpose of the data processing described in this data protection declaration. These are obliged to the same extent as we ourselves to data protection. If the level of data protection in a country does not correspond to that in Switzerland or Europe, we contractually ensure that the protection of your personal data corresponds to that in Switzerland or the EU at all times.
D. FURTHER INFORMATION
13. Right of access, rectification, cancellation and restriction of processing; right to datatransferability
You have the right to request information about the personal data that we store about you. In addition, you have the right to correct incorrect data and to have your personal data deleted, insofar as this does not conflict with any legal obligation to retain data or a reason for permission that permits us to process the data.
You also have the right to reclaim from us the data that you have provided to us (right of data portability). Upon request, we will also pass the data on to a third party of your choice. You have the right to receive the data in a common file format.
You can contact us for the above-mentioned purposes by email at email@example.com We may, at our sole discretion, require proof of identity to process your applications.
14. Data security
We use appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
You should always treat your access data confidentially and close the browser window when you have finished communicating with us, especially when you share your computer with others.
We also take internal data protection very seriously. Our employees and the service companies commissioned by us have been obliged by us to maintain confidentiality and to comply with the best data protection regulations.
15. Note on data transmission to the USA
For reasons of completeness, we would like to point out to users residing or domiciled in Switzerland that monitoring measures are in place in the USA by US authorities which generally allow the storage of all personal data of all persons whose data have been transmitted from Switzerland to the USA. This is done without differentiation, restriction or exception based on the objective pursued and without an objective criterion which makes it possible to restrict the access of the US authorities to the data and their subsequent use to very specific, strictly limited purposes which are capable of justifying the interference associated both with the access to these data and with their use. Furthermore, we would like to point out that there are no legal remedies available in the USA for the data subjects from Switzerland which would allow them to gain access to the data concerning them and to obtain their correction or deletion, or that there is no effective legal protection against general access rights of US authorities. We explicitly point out this legal and factual situation to the person concerned in order to make a correspondingly informed decision to consent to the use of his data.
Users residing in an EU Member State are advised that the US does not have an adequate level of data protection from the point of view of the European Union, partly because of the issues mentioned in this section. If we have explained in this data protection declaration that recipients of data (such as Google) are based in the USA, we will ensure that your data is protected at an appropriate level with our partners either by contractual regulations for these companies or by the certification of these companies under the EU or Swiss-US privacy label.
16. Right of appeal to a data protection supervisory authority
You have the right to complain at any time to a data protection supervisory authority.