We take the privacy of the users of our website and the security of their personal data very seriously. We therefore comply with the relevant legal provisions, and in particular the Swiss Federal Data Protection Act (LPD), the order related to the Federal Data Protection Act (OLPD) and the European General Data Protection Regulation (GDPR).
Any dispute relating to confidentiality shall be subject to this policy, any data collection notice included on this website and the provisions of Swiss law.
2. Definition of the term "Personal data"
The term "personal data" covers all information that identifies a customer or visitor. This may include name, gender, occupation, e-mail address, credit card number, its expiry date or any other information required to provide a service which a customer may have requested.
3. Information collected and the purpose of collecting it
3.1 When visiting our website
When you visit our website, our server temporarily records each access in a log file. The following technical data is then entered, in principle as with any connection to a web server, without any action required by you and stored by us until its automatic deletion at the latest after 1 month:
- The computer's IP address which accesses the website
- The name of the owner of the IP address (usually your ISP)
- Date and time of access
- The website from which you accessed our website (original URL) and any key search words used
- The name and URL of the file accessed
- The status code (e.g. error message)
- Your computer's operating system
- The browser that you are using (type, version and language)
- The communication protocol used (e.g. HTTP/1.1) and
- Potentially your username used for registration/authentication
The collection and processing of this data is intended to enable use of our website (establishing a connection), ensure the long-term security and stability of the system and optimise our offer online, as well as for the purposes of internal statistics. This processing is legitimate under art. 6 para. 1 (f) of the GDPR.
The IP address is also analysed with other data for purposes of recognition and defence in the event of attacks on the network infrastructure or other unauthorised or abusive uses of the website, and may be used in criminal proceedings for identification purposes and civil and criminal proceedings against the user in question. This processing is also legitimate under art. 6 para. 1 (f) of the GDPR.
When visiting the hotel's website, the server hosting it automatically records information about this visit such as the visitor's IP address, the type of browser used, the pages visited, and the date and duration of the visit. These are cookies that most browsers automatically accept.
These cookies are in the form of files that can identify you as a visitor or a customer and save your personal preferences as well as technical information (including click-type or path-type data).
Path-type data enables us to know which pages on the website you visited and in what order.
This enables us to improve your experience as well as the design and content of the website to meet your needs. Cookies are either permanent (they stay on your computer until you delete them) or temporary (they are only active until you close your Internet browser).
In addition, cookies are also used for analytical purposes to optimise both the website and advertising using Google Analytics. This is a web analytics service provided by Google Inc., located at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The information generated by these cookies about your use of the website is usually sent to a Google server in the USA and stored there, on the basis of the legitimate interest described above.
If you choose to provide personal data on the website, it may be linked to the data saved in the website cookies. Most browsers accept cookies by default. Nevertheless, you can set your browser to reject our cookies or those from any other website.
However, some areas of the website are only accessible with cookies or similar tools, and you should know that by disabling them you may not be able to access certain content on the website.
3.2 When booking on the website by mail or by phone
If you make reservations on our website by mail (e-mail or post) or by telephone, we require the following data to fulfil the contract:
- First name and surname
- Postal address
- Date of birth
- Telephone number
- Your credit card information
Fulfilment of a contract pursuant to art. 6 para. 1 (b) of the GDPR is the legal basis for processing data for this purpose.
3.3 When you arrive at the hotel
When you arrive at our hotel, we need the following information about you and the people who are with you:
- First name and surname
- Postal address and town
- Date of birth
- Place of birth
- Official ID and number
- Date of arrival and departure
- Room number
- Telephone number
We collect this information to fulfil the legal obligations to inform, in particular arising from legislation related to policing and hotels. Insofar as we are obliged to do so according to the applicable provisions, we shall send this information to the relevant police authority. We have a legitimate interest under art. 6 para. 1 (f) of the GDPR to fulfil the legal provisions.
4. Personal data protection and security
If we collect information about you, we will store it on a secure server in accordance with Swiss and European legal provisions. The server, which groups together the encrypted data, is protected by password and a firewall.
We have put security policies in place to ensure, as far as possible, the security and integrity of all of your information, including your personal data.
However, all customers should be aware that no data transferred over the Internet can be 100% secure. Therefore we cannot ensure or guarantee the security of the information that you transfer to us over the Internet. In addition, it should be noted that e-mail is not encrypted and is not a secure way to transfer sensitive information such as credit card numbers or passwords. These are the limits to the confidentiality guarantees.
5. Amount of time personal data will be retained
We do not retain personal data for longer than is necessary to fulfil the purpose for which it was collected and, in any case, not for longer than the duration laid down by the applicable laws and regulations. The legal obligations related to retaining personal data derive from the provisions related to the right to notify the authorities, financial accounting and tax law. Therefore, the contracts entered into, accounting documents and commercial communications must be kept for 10 years. Insofar as we no longer need this data to fulfil services, it shall be blocked.
6. Personal data transferred to third parties
We only transfer your personal data if you have expressly agreed to it, if we are under a legal obligation to do so or if it is necessary to assert our rights, in particular to assert our rights resulting from the contractual relationship. In addition, we transfer your data to third parties insofar as it is necessary for the use of the website and to fulfil the contract (including off-website), particularly to process your bookings.
Our host [enter the name of the host] is a service provider to whom we transfer personal data collected on the website, or which has access or can have access to it. The website is hosted on servers in Switzerland. The purpose of transferring data is to provide and maintain the functions of our website.
We also transfer to the issuer and acquirer of your credit card, information about it when payment is made by credit card, on our website or in the hotel. If you choose to pay by credit card, you must enter all of the information required. Your credit card issuer and acquirer are also subject to the applicable regulations.
Finally, for the proper functioning of the website your data is transferred to the following third parties:
- Leading Hotels of the World
This processing is legitimate under art. 6 para. 1 (f) of the GDPR.
7. Personal data transferred abroad
8. Rights to information, rectification, erasure and restriction of processing; right to data portability
You are entitled to obtain, upon request, information relating to the personal data that we record when it relates to you. In addition, you have the right to rectify incorrect data and delete your personal data from the moment when there is no legal obligation to retain it or no legal basis enabling us to process the data prevents it.
You also have the right to demand the return of the data you have transferred to us (right to data portability). On request, we shall also transfer the data to a third party of your choice. You have the right to obtain the data in a standard format.
You can contact the person in charge, Jay Gauer, for the abovementioned purposes at the following e- mail address: firstname.lastname@example.org. Please clearly indicate your name and the name of this website in all of your correspondence. In addition, we may ask you, at our own discretion, for proof of identity to process your requests.
9. Modifications and amendments
We therefore invite our customers and visitors to the hotel website to regularly visit it.
10. Right to make a complaint
You have the right to file a complaint with a data protection supervisory authority. Last update: August 2018