Data Protection Declaration

DATA PRIVACY POLICY

Status: November 2019

Hirschen Wildhaus AG, Passhöhe, 9658 Wildhaus manages the hotel Hirschen and operates the website www.hirschen-wildhaus.ch and is therefore responsible for the collection, processing, and use of your personal data and the conformity of the data processing with applicable data protection law.

Your trust is important to us, which is why we take the topic of data protection seriously and ensure appropriate security. We naturally comply with the legal provisions of the Federal Data Protection Act (FDPA), the Ordinance to the Federal Data Protection Act (OFDPA), the Telecommunications Act (TCA), and other data protection provisions that may apply under Swiss or EU law, especially the General Data Protection Regulation (GDPR).

In order for you to know what personal data we collect from you and for what purposes we use the data, please take note of the following information.

The address of our data protection representative in the EU is: Hirschen Wildhaus AG, Passhöhe, 9658 Wildhaus, info@hirschen-wildhaus.ch.

A. Data processing in connection with our website

1. Accessing our website

When you visit our website, our servers temporarily store each access in a log file. As with any connection to a web server, the following technical data is collected without your intervention and stored by us until automatic deletion after 12 months at the latest:

IP address of the requesting computer,
Name of the owner of the IP address range (typically your Internet access provider),
Date and time of access,
Website from which access originated (referrer URL), with search term used if applicable,
Name and URL of accessed file,
Status code (e.g. error message),
Your computer's operating system,
The browser you used (type, version, and language),
The transmission protocol used (e.g. HTTP/1.1), and
If applicable, your user name from registration/authentication.

This data is collected and processed to allow the use of our website (establishing a connection), to permanently ensure system security and stability, and to optimise our Internet offer as well as for internal statistical purposes. We rely on our legitimate interests within the meaning of Art. 6 (1) f) GDPR for these processing purposes.

Furthermore, if there are attacks on the network infrastructure or other prohibited or abusive website uses, the IP address is used together with other data for clarification and defence and may be used to identify and take civil and criminal action against the users concerned as part of a criminal proceeding. We rely on our legitimate interests within the meaning of Art. 6 (1) f) GDPR for this processing purpose.

2. Use of our contact form

You have the possibility to use a contact form to contact us. We require the following information for this:

First and last name
Email address
Message

We only use this data as well as a telephone number you may voluntarily provide to answer your contact query in the best possible and personalised way. Processing of this data is therefore required in order to take steps prior to entering into a contract within the meaning of Art. 6 (1) b) GDPR or falls within our legitimate interests pursuant to Art. 6 (1) f) GDPR, respectively.

3. Registering for our newsletter

a. General

You have the option to subscribe to our newsletter on our website. This requires a registration. The following data must be provided in the context of a registration:

Address
First and last name
Email address

The above data is required for the data processing. In addition, you can voluntarily provide additional data (date of birth and country). We only process this data to personalise the information and offers sent to you and to better tailor them to your interests.

By registering, you consent to the processing of the provided data for the regular delivery of the newsletter to the address you provided and for statistical analysis of user behaviour and for the optimisation of the newsletter. This consent constitutes the legal basis under Art. 6 (1) a) GDPR for the processing of your email address. We have the right to commission third parties for the technical handling of marketing measures and have the right to disclose your data for this purpose (see Section 13 below).

At the end of each newsletter you will find a link through which you can unsubscribe from the newsletter at any time. You can voluntarily inform us of the reason for unsubscribing when you unsubscribe. Your personal data is deleted after you unsubscribe. Any further processing will take place solely in anonymised form to optimise our newsletter.

b. ADDITIVE+ NEWSLETTER

On our website you have the possibility to subscribe to our newsletter. For the subscription we need your email address and your consent to receive our newsletter through ADDITIVE, our provider for hotel e mail marketing. To provide you with relevant information we also gather and process voluntary information concerning interests, name, date of birth and country/region of origin in our hotel newsletter tool.

After signing up for our newsletter you will receive an email containing a link to confirm the subscription.

Your subscription can be cancelled any time by clicking on the cancellation link in the respective newsletter.

To process your subscriptions and to send our newsletters we use software provided by ADDITIVE Srl, 39011 Lana (BZ), Italy (“ADDITIVE”). Through the use of these services and systems your data will be processed and stored, at least in part, also outside of the EU or the EEC. The adequate level of data protection is based on data processing agreements.

4. Opening of a customer account

You can carry out bookings on our website as a guest or you can open a customer account. We collect the following data when you register for a customer account:

Address
First and last name
Postal address
Date of birth
Telephone number
Email address
Password

The collection of this data as well as other data that you provide voluntarily (e.g. company name) is for the purpose of providing you with a password-protected direct access to your basic data as stored with us. You can view your past and current bookings or manage and edit your personal data.

The legal basis for processing the data for this purpose is your consent pursuant to Art. 6 (1) a) GDPR.

5. Booking on the website, by correspondence, or by telephone

If you carry out bookings either via our website, by correspondence (email or post), or by telephone, we require the following data for the execution of the contract:

Address
First and last name
Postal address
Date of birth
Telephone number
Language
Credit card information
Email address

We only use this data and other information you provide voluntarily (e.g. expected arrival time, vehicle licence plate, preferences, comments) for the execution of the contract , unless otherwise stated in this data privacy policy or unless you have provide a separate consent. We will in particular process the data to record your booking as requested, to provide the booked services, to contact you in case of ambiguities or problems, and to ensure correct payment.

The legal basis for processing the data for this purpose is the performance of a contract pursuant to Art. 6 (1) b) GDPR.

6. Majestella Hotel Chat

Our website provides a chat function of the provider Majestella GmbH, Steintwiete16, 20459 Hamburg ("Majestella"). Service staff from Majestella answer your questions about the accommodation and services and arrange reservations. To enable you to use the chat, it is necessary to transmit your usage data (e.g. your IP address) to Majestella. It represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO to offer you the opportunity to ask your questions and make reservations quickly and easily by making the chat available. Your inventory data (e.g. name and address as well as contact data) are collected, processed and used to the extent that they are necessary for the concrete fulfilment of your service orders, such as bookings of accommodation services. This is done on the basis of Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Further information on the handling of user data can be found in Majestella's privacy policy: https://www.majestella.com/privacy/

7. Cookies

Cookies help in many ways to make your visit to our website easier, more pleasant, and more useful. Cookies are information files your web browser automatically stores on your computer's hard drive when you visit our Internet page.

For example, we use cookies to temporarily store your selected services and input when filling in a form on the website so that you do not need to repeat the input when accessing another sub-page. Cookies may also be used to be able to identify you as a registered user after registering on the website without having to log in again when you access another sub-page.

Most Internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a notice always appears before you receive a new cookie. On the following pages, you will find explanations as to how to configure the processing of cookies in the most common browsers:

Disabling cookies may prevent you from using all the features of our website.

8. Tracking Tools

a. General

We use the web analysis service Google Analytics for needs-based design and continuous optimisation of our website. Pseudonymised use profiles are generated and small text files that are stored on your computer ("cookies") are used in this context. The information about your use of this website generated by the cookie is sent to the servers of the provider of these services and stored and processed for us there. In addition to the data listed under Section 1, we receive the following information in some circumstances:

Navigation path a user takes through the site,
Time spent on the webpage or a sub-page,
The sub-page from which the webpage was left,
The country, region, or city from which access originates,
End device (type, version, colour depth, resolution, width, and height of browser window), and
Returning or new user.

The information is used to analyse the use of the website, to compile reports about website activities, and to perform other services related to website use and Internet use for purposes of market research and needs-based design of this webpage. This information may also be sent to third parties if required by law or if third parties are processing this data on a contract basis.

b. Google Analytics

The provider of Google Analytics is Google Inc., an undertaking of the holding company Alphabet Inc., with registered office in the USA. Before the data is transmitted to the provider, the IP address is abbreviated inside the Member States of the European Union or in other contracting parties to the Agreement on the European Economic Area by activating IP anonymisation ("anonymizeIP") on this website. The anonymised IP address transmitted by your browser within the framework of Google Analytics will not be linked to other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. In this case, we use contractual guarantees to ensure that Google Inc. maintains an adequate level of data protection. According to Google Inc., under no circumstances is the IP address linked to other data about the user.

You can find further information about the web analysis service used on the website of Google Analytics. You can find instructions on how to prevent the processing of your data by the web analysis service under http://tools.google.com/dlpage/gaoptout?hl=de.

c. Online Marketing and Landing Pages

Beside our website we do also operate optimized landing pages. To process your request, reservation, order, activation, registration or the transmission of other contact forms on our website as well as to save and store your data we use cloud services, CRM systems and software provided by ADDITIVE s.n.c., 39011 Lana (BZ), Italy (“ADDITIVE”). The adequate level of data protection is based on data processing agreements with the respective company.

Our landing pages use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics enables website operators to analyse the user behavior of the visitors. The information about the user behavior is transmitted to and stored by Google on its servers.

Your IP address is collected but immediately anonymised (for example by deleting the last 8 bits). As a result the geolocation data is less accurate.

You can prevent the data collection connected to your use of our online services through cookies and the processing of this data by Google, by installing the browser-plugin available at the following link:
https://chrome.google.com/webstore/detail/google-analytics-opt-out/fllaojicojecljbmefodhfapmkghcbnh

ADDITIVE has an insight into data gathered through Google Analytics. This data will be used only to analyse the use of our websites and to evaluate our marketing and distribution strategies.

Our website and landing pages also use functions provided by ADDITIVE for the multi-channel monitoring of the use of our websites as well as marketing and distribution strategies like landing pages, newsletter and social media presence. Information about your visits and submitted forms on our websites are also transmitted to ADDITIVE in order to evaluate and optimize our marketing and sales measures.

The data processing takes place in accordance with the requirements of art. 6 para. 1 lit f (legitimate interests) of the GDPR.

Our objective in accordance with the GDPR (legitimate interests) is the improvement of our products and services and our web presence through the analysis of the use of our website as well as marketing and distribution strategies.

Our website and our landing pages also use remarketing functions provided by Google Inc. (“Google”) and by Meta Platforms Inc. (“Meta”). Therefore, Meta and Google will know that you have visited our website. This way visitors of our website and of our landing pages will find ads adapted to their interests on Google’s advertising platforms and on the social media platforms Facebook and Instagram.

The data processing takes place in accordance with the requirements of art. 6 para. 1 lit a (consent) of the GDPR.

When you visit our landing pages a banner will inform you about the use of cookies for remarketing functions. If you continue using the website or click on the respective button you consent to the use of cookies. You can deny your consent anytime, by visiting the page containing the cookie information and denying the use in the banner that will be displayed.

d. ADDITIVE+ MARKETING AUTOMATION

In order to increase customer loyalty and to sell our services and additional services we use software provided by ADDITIVE s.n.c., 39011 Lana (BZ), Italy (“ADDITIVE”).

Therefore your data, which we gather and process in connection with your request, reservation, order, activation, registration or the transmission of other contact forms on our website, will be analysed and used to provide you with automatically generated offers for our services and additional services. Through the use of these services and systems your data will be processed and stored, at least in part, also outside of the EU or the EEC. The adequate level of data protection is based on an adequacy decision taken by the European Commission (“Privacy Shield”) or on data processing agreements.

You can deny the use of your data for this purpose anytime by clicking on the “unsubscribe” link in the respective message.

The data processing takes place in accordance with the requirements of art. 6 para. 1 lit f (legitimate interests) of the GDPR.

Our objective in accordance with the GDPR (legitimate interests) is the prevention of competitive disadvantages, the increase in brand awareness and the maximization of our economic success through an optimal use of the acquired contacts.

B. Data processing in connection with your stay

9. Data processing for the fulfilment of legal reporting obligations

On arrival at our hotel, we require the following information from you and your travel companion, if applicable:

First and last name
Postal address and canton
Date of birth
Place of birth
Nationality
Government ID card and number
Day of arrival and departure
Room number

We collect this information for the fulfilment of legal reporting obligations, which result in particular from hospitality industry or police regulations. If we are obliged to do so under the applicable regulations, we will forward this information to the relevant police authority.

We have a legitimate interest in the fulfilment of the legal requirements within the meaning of Art. 6 (1) f) DSGVO.

10. Recording of services purchased

If you purchase additional services during your stay (e.g. use the mini-bar or the Pay-TV offer), we will record the service and the time of purchase of the service for billing purposes. The processing of this data is necessary for the performance of a contract within the meaning of Art. 6 (1) b) GDPR.

C. Storage and exchange of data with third parties

11. Booking platforms

If you carry out bookings through a third-party platform, we receive various personal information from each platform operator. As a rule, these are the data listed in Section 5 of this data privacy policy. In addition, we may receive questions regarding your booking. We will in particular process this data to record your booking as requested and to provide the booked services. The legal basis for processing the data for this purpose is the performance of a contract pursuant to Art. 6 (1) b) GDPR.

Finally, the platform operator may notify us of disputes in connection with a booking. In some circumstances, we may receive data about the booking process, which may include a copy of the booking confirmation as a receipt of the actual booking transaction. We process this data to protect and enforce our claims. This constitutes our legitimate interest within the meaning of Art. 6 (1) f) GDPR.

Please also note the data protection information of the relevant provider.

Central storage and linking of data

We store the data specified in Sections 2-5 and 8-10 in a central electronic data processing system. The data relating to you is recorded and linked in the system to process your bookings and to provide contractual services. To do this, we use a software of Beltronic Neseco IT GmbH, Dorfstrasse 25, 8874 Mühlehorn, CH. For the processing of this data in the framework of the software we rely on our legitimate interest within the meaning of Art. 6 (1) f) GDPR in customer-friendly and efficient customer data management.

Retention period

We only store personal data as long as it is necessary to use the abovementioned tracking services and to carry out the further processing activities in the framework of our legitimate interests. We retain contractual data for a longer period of time, as this is prescribed by legal retention obligations. Retention obligations that require us to retain data arise from regulations relating to reporting law, accounting, and tax law. According to these regulations, business communication, concluded contracts, and accounting records must be kept for up to 10 years. If we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used for billing and tax purposes.

Disclosure of data to third parties

We only disclose your personal data if you have given your express consent, if there is a legal obligation to do so, or if this is necessary to enforce our rights, especially to enforce claims arising from the contractual relationship. In addition, we disclose your data to third parties as far as this is necessary in the context of use of our website and contract processing (including outside the website), namely to process your bookings.

A service provider to whom personal data collected through the website is disclosed to or who has or can have access to is our web host Cyon GmbH, Basel. The website is hosted on servers in Switzerland. The data is disclosed for the purpose of providing and maintaining the functionalities of our website. This constitutes our legitimate interest within the meaning of Art. 6 (1) f) GDPR.

Finally, if you make a credit card payment on the website, we disclose your credit card information to your credit card issuer and to the credit card acquirer. If you decide to pay by credit card, you will in each case be asked to enter all required information. The legal basis for disclosing the data is the performance of a contract pursuant to Art. 6 (1) b) GDPR. In regard to the processing of your credit card information by these third parties, we ask that you also read the general terms and conditions and the data privacy policy of your credit card issuer.

Please also note the information in Sections 7-8 and 10-11 regarding the transfer of data to third parties.

Transmission of personal data abroad

We have the right to transmit your personal data to third parties (contracted service providers) located abroad for the purpose of the data processing described in this data privacy policy. These are obliged to ensure data protection to the same extent as we are. If the level of data protection in a country does not correspond to the Swiss or European level, we shall ensure by contract that the protection of your personal data corresponds at all times to that in Switzerland or the EU.

Additional information about the table reservation

The table reservation automatically collects and stores information in so-called server log files, which your browser automatically sends to us. These are:

- Browser type and browser version

- used operating system

- Referrer URL

- Host name of the accessing computer

- Time of the server request

There is no merge of this data with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and the optimization of its website - for this purpose, the server log files must be recorded.

In order to design our website as required, we create pseudonymous user profiles with the help of the web analysis tool Matomo. Matomo uses cookies that can be stored on your device and read out by us. In this way, we are able to recognize and count recurring visitors. A storage of the unabridged IP address does not take place. Data processing takes place on the basis of Art. 6 para. 1 sentence 1 lit. f DSGVO or § 15 Abs. 3 TMG and in the interest to find out how often our websites were accessed by different users. You can object to the processing at any time. Please click on the link below. In this case, a so-called opt-out cookie is stored in your browser, with the result that Matomo does not collect any session data. If you delete your cookies, however, this will result in the opt-out cookie also being deleted and, if necessary, being reactivated by you.

Your visit to this website is currently covered by the Matomo web analytics, if not already disabled. Click here to view and change the current setting.

D. Further information

12. Right to access, correction, deletion, and restriction of processing; right to data portability

You have the right to know about the personal data that we store about you on request. In addition, you have the right to the correction of incorrect data and the right to the deletion of your personal data, insofar as this does not conflict with any legal obligation to retain data or a legal basis that allows us to process the data.

You further have the right to ask for the release of the data you have given us (right to data portability). On request, we will also pass on the data to a third party of your choice. You have the right to receive the data in a current file format.

You can contact us at the email address info@hirschen-wildhaus.ch for the aforesaid purposes. We may, at our discretion, require proof of identity to process your requests.

13. Data security

We take appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, full or partial loss or destruction, and unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

You should always treat your access data confidentially and close the browser window when you have ended communication with us, especially if you used a shared computer.

We also take internal data protection very seriously. Our employees and the service providers we retain have been obliged by us to maintain confidentiality and to comply with data protection regulations.

14. Notice regarding data transfers to the US

For the sake of completeness, we would like to point out to users residing or domiciled in Switzerland that monitoring measures are in place in the US by US authorities, which generally allow the storage of all personal data of all persons whose data is transmitted from Switzerland to the US. This is done without distinction, restriction, or exception by reference to the goal and without an objective criterion that allows access by US authorities to the data and later use thereof to be restricted to very specific, strictly limited purposes that could justify the intervention associated with access to and use of this data. In addition, we would like to point out that there are no legal remedies in the US for data subjects from Switzerland that would allow them to obtain access to the data relating to them and to obtain the correction or deletion thereof, and that there is no effective court protection against general access rights of US authorities. We explicitly point out this legal and factual situation to the data subject so that he or she can make an informed decision about consenting to the use of his or her data.

Users residing in an EU Member State are advised that the US does not have an adequate level of data protection from the perspective of the European Union – partly because of the issues mentioned in this section. Insofar as we have stated in this data privacy policy that recipients of data (such as Google) have their headquarters in the US, we will ensure that your data is protected at an adequate level by our partners, either through contractual agreements with these companies or by ensuring that these companies are certified under the EU- or Swiss-US Privacy Shield.

15. Right to file a complaint with a data protection supervisory authority

You have the right to file a complaint with a data protection supervisory authority at any time.

Status: 4. November 2019