Status: May 2018
Hotel Waldhaus Sils AG, Via da Fex 3, 7514 Sils-Maria (CH) manages the hotel Hotel Waldhaus Sils and operates the website www.waldhaus-sils.ch and is therefore responsible for the collection, processing, and use of your personal data and the conformity of the data processing with applicable data protection law.
Your trust is important to us, which is why we take the topic of data protection seriously and ensure appropriate security. We naturally comply with the legal provisions of the Federal Data Protection Act (FDPA), the Ordinance to the Federal Data Protection Act (OFDPA), the Telecommunications Act (TCA), and other data protection provisions that may apply under Swiss or EU law, especially the General Data Protection Regulation (GDPR).
If you provide us with personal data of other persons (such as family members, work colleagues), please make sure the respective persons are aware of this Data Protection Statement and only provide us with their data if you are allowed to do so and such personal data is correct.
In order for you to know what personal data we collect from you and for what purposes we use the data, please take note of the following information.
A. Data processing in connection with our website
1. Accessing our website
When you visit our website, our servers temporarily store each access in a log file. As with any connection to a web server, the following technical data is collected without your intervention and stored by us until automatic deletion after 6 months at the latest:
- IP address of the requesting computer,
- Name of the owner of the IP address range (typically your Internet access provider),
- Date and time of access,
- Website from which access originated (referrer URL), with search term used if applicable,
- Name and URL of accessed file,
- Status code (e.g. error message),
- Your computer’s operating system,
- The browser you used (type, version, and language),
- The transmission protocol used (e.g. HTTP/1.1), and
- If applicable, your user name from registration/authentication.
This data is collected and processed to allow the use of our website (establishing a connection), to permanently ensure system security and stability, and to optimise our Internet offer as well as for internal statistical purposes. We rely on our legitimate interests within the meaning of Art. 6 (1) f) GDPR for these processing purposes.
Furthermore, if there are attacks on the network infrastructure or other prohibited or abusive website uses, the IP address is used together with other data for clarification and defence and may be used to identify and take civil and criminal action against the users concerned as part of a criminal proceeding. We rely on our legitimate interests within the meaning of Art. 6 (1) f) GDPR for this processing purpose.
2. Use of our contact form
You have the possibility to use a contact form to contact us. We require the following information for this:
- First and last name
- Email address
We only use this data as well as a telephone number you may voluntarily provide to answer your contact query in the best possible and personalised way. Processing of this data is therefore required in order to take steps prior to entering into a contract within the meaning of Art. 6 (1) b) GDPR or falls within our legitimate interests pursuant to Art. 6 (1) f) GDPR, respectively.
3. Registering for our newsletter
You have the option to subscribe to our newsletter on our website. This requires a registration. The following data must be provided in the context of a registration:
- First and last name
- Email address
The above data is required for the data processing. In addition, you can voluntarily provide additional data (date of birth and country). We only process this data to personalise the information and offers sent to you and to better tailor them to your interests.
By registering, you consent to the processing of the provided data for the regular delivery of the newsletter to the address you provided and for statistical analysis of user behaviour and for the optimisation of the newsletter. This consent constitutes the legal basis under Art. 6 (1) a) GDPR for the processing of your email address. We have the right to commission third parties for the technical handling of marketing measures and have the right to disclose your data for this purpose (see Section 13 below).
At the end of each newsletter you will find a link through which you can unsubscribe from the newsletter at any time. You can voluntarily inform us of the reason for unsubscribing when you unsubscribe. Your personal data is deleted after you unsubscribe. Any further processing will take place solely in anonymised form to optimise our newsletter.
4. Opening of a customer account
You can carry out bookings on our website as a guest or you can open a customer account. We collect the following data when you register for a customer account:
- First and last name
- Postal address
- Date of birth
- Telephone number
- Email address
The collection of this data as well as other data that you provide voluntarily (e.g. company name) is for the purpose of providing you with a password-protected direct access to your basic data as stored with us. You can view your past and current bookings or manage and edit your personal data.
The legal basis for processing the data for this purpose is your consent pursuant to Art. 6 (1) a) GDPR.
5. Booking on the website, by correspondence, or by telephone
If you carry out bookings either via our website, by correspondence (email or post), or by telephone, we require the following data for the execution of the contract:
- First and last name
- Name of companion and children
- Postal address
- Dates of birth
- Telephone number
- Credit card information
- Email address
We only use this data and other information you provide voluntarily (e.g. expected arrival time, vehicle licence plate, your preferences, comments) for the execution of the contract and advertisement / marketing for our hotel, provided that you have not objected to the use of your data for this purpose (if you are part of our customer base and you receive our advertisement, you may object at any time and we will place you on a blacklist against further advertising mailings).
We will in particular process the data to record your booking as requested, to provide the booked services, to contact you in case of ambiguities or problems, and to ensure correct payment.
Cookies help in many ways to make your visit to our website easier, more pleasant, and more useful. Cookies are information files your web browser automatically stores on your computer’s hard drive when you visit our Internet page.
Most Internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a notice always appears before you receive a new cookie. On the following pages, you will find explanations as to how to configure the processing of cookies in the most common browsers:
- Microsoft Windows Internet Explorer
- Microsoft Windows Internet Explorer Mobile
- Mozilla Firefox
- Google Chrome for Desktop
- Google Chrome for Mobile
- Apple Safari for Desktop
- Apple Safari for Mobile
Disabling cookies may prevent you from using all the features of our website.
6. Tracking tools
We use the web analysis service Google Analytics for needs-based design and continuous optimisation of our website. Pseudonymised use profiles are generated and small text files that are stored on your computer (“cookies”) are used in this context. The information about your use of this website generated by the cookie is sent to the servers of the provider of these services and stored and processed for us there. In addition to the data listed under Section 1, we receive the following information in some circumstances:
- Navigation path a user takes through the site,
- Time spent on the webpage or a sub-page,
- The sub-page from which the webpage was left,
- The country, region, or city from which access originates,
- End device (type, version, colour depth, resolution, width, and height of browser window), and
- Returning or new user.
The information is used to analyse the use of the website, to compile reports about website activities, and to perform other services related to website use and Internet use for purposes of market research and needs-based design of this webpage. This information may also be sent to third parties if required by law or if third parties are processing this data on a contract basis.
b. Google Analytics
The provider of Google Analytics is Google Inc., an undertaking of the holding company Alphabet Inc., with registered office in the USA. Before the data is transmitted to the provider, the IP address is abbreviated inside the Member States of the European Union or in other contracting parties to the Agreement on the European Economic Area by activating IP anonymisation (“anonymizeIP”) on this website. The anonymised IP address transmitted by your browser within the framework of Google Analytics will not be linked to other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. In this case, we use contractual guarantees to ensure that Google Inc. maintains an adequate level of data protection. According to Google Inc., under no circumstances is the IP address linked to other data about the user.
You can find further information about the web analysis service used on the website of Google Analytics. You can find instructions on how to prevent the processing of your data by the web analysis service under http://tools.google.com/dlpage/gaoptout.
Social media plug-ins
The website uses the social plugins described below. The plugins are disabled on our website whenever possible by default and therefore do not send any data. By clicking on the corresponding social media button, you can activate the plugins. If these plugins are activated, your browser will establish a direct connection with the servers of the respective social network as soon as you access one of our websites. The content of the plugin is transmitted by the social network directly to your browser and incorporated by this into the website. The plugins can be deactivated with a click.
On our website, we use the Plugin of TrustYou Munich Center of Technology, Agnes-Pockels-Bogen 1, 80992 Munich. TrustYou is a service that collects reviews from hotels and processes them into reports. We use data from TrustYou to provide our visitors with an independent opinion about the service.
Google+ and Google Maps
On our website, we use the Plugin of Google+. Furthermore on certain pages, you can find maps that are integrated from Google Maps. Google+ and Google Maps is a product of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The maps are displayed by I-frame. This means that a foreign website is accessed in the I-frame area of the website. The data processing in this I-frame is beyond our control. Google will assign the access to your Google Account. Google Maps will write a cookie as soon as the page loads. If you wish to prevent this, you can opt-out of the activation of Google cookies for your browser by using the links provided under “Opt-out/Opt-In”.
On certain pages, YouTube clips are embedded. YouTube is a product of YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The clips are displayed by I-frame. This means that a foreign web page is accessed in the area of the web page where the clip is displayed. The data processing in this I-frame is beyond our control. If you are logged into your YouTube account, YouTube will associate the watched video with your YouTube account. If you want to prevent this, log out of your YouTube account. YouTube will write a cookie as soon as the page loads. If you wish to prevent this, you can opt-out of the activation of Google cookies for your browser by using the links provided under “Opt-out/Opt-In”.
Facebook Social plugins
Possibility to opt-out/opt-in
If you do not agree that we evaluate your usage data, you can disable it. Switching off the tracking is done by filing a so-called “opt-out cookie” on your system. If you delete all your cookies, please note that the opt-out cookie will also be lost and may have to be renewed. Please note that the list below is a list of opt-out options that sometimes includes trackers used by our partners that are not necessarily used on the website:
- Browser Add-on to disable Google Analytics
- Turn off the DoubleClick cookie
- Turn off the quandcast targeting
- Turn off AddThis targeting
- Opt-out for IntelliAd targeting
A good way to configure a large number of cookies can be found at youronlinechoices.com or optout.aboutads.info
or install the browser extension Ghostery, which is available for every popular browser.
B. Data processing in connection with your stay
7. Data processing for the fulfilment of legal reporting obligations
On arrival at our hotel, we require the following information from you and your travel companion, if applicable:
- First and last name
- Postal address
- Date of birth
- Government ID card and number
- Day of arrival and departure
- Room number
- Vehicle licence plate
We collect this information for the fulfilment of legal reporting obligations, which result in particular from hospitality industry, police regulations or which are needed to fulfil the desired service at our hotel. If we are obliged to do so under the applicable regulations, we will forward this information to the relevant police authority.
We have a legitimate interest in the fulfilment of the legal requirements within the meaning of Art. 6 (1) f) DSGVO.
8. Recording of services purchased
If you purchase additional services during your stay (e.g. use the mini-bar or the Pay-TV offer), we will record the service and the time of purchase of the service for billing purposes. The processing of this data is necessary for the performance of a contract within the meaning of Art. 6 (1) b) GDPR.
C. Storage and exchange of data with third parties
9. Booking platforms
Finally, the platform operator may notify us of disputes in connection with a booking. In some circumstances, we may receive data about the booking process, which may include a copy of the booking confirmation as a receipt of the actual booking transaction. We process this data to protect and enforce our claims. This constitutes our legitimate interest within the meaning of Art. 6 (1) f) GDPR.
Please also note the data protection information of the relevant provider.
10. Central storage and linking of data
We store the data specified in Sections 2-5 and 8-10 in a central electronic data processing system. The data relating to you is recorded and linked in the system to process your bookings and to provide contractual services. To do this, we use a software of Protel, rebagdata AG, Einsiedlerstr. 533, Postfach 426, 8810 Horgen (CH). For the processing of this data in the framework of the software we rely on our legitimate interest within the meaning of Art. 6 (1) f) GDPR in customer-friendly and efficient customer data management.
11. Disclosure of data to third parties
We share your personal data if you have expressly consented, there is a legal obligation, or if it is necessary for the enforcement of our rights, in particular for the enforcement of claims arising from the relationship between you and Hotel Waldhaus Sils AG (e.g. collection agencies, authorities, or lawyers). We may share your data with third parties as far as required in the context of the use of the technology for the provision of the desired services (e.g. outsourcing partners, web hosts, companies through which we offer the services on our technology (e.g. for bookings, rent, purchase, etc.), companies that advertise on our behalf) as well as the analysis of your user behaviour.
When sharing your data with third parties, we provide sufficient contractual guarantees that such a third party uses the personal data in accordance with legal requirements and exclusively in our interest.
If the technology contains links to third-party websites, Hotel Waldhaus Sils AG no longer has any influence on the collection, processing, storage, or use of personal data by the third party after clicking on these links and assumes no responsibility.
Please also note the information in Sections 7-8 and 10-11 regarding the transfer of data to third parties.
12. Transmission of personal data abroad
D. Further information
13. Right to access, correction, deletion, and restriction of processing; right to data portability
You have the right to know about the personal data that we store about you on request. In addition, you have the right to the correction of incorrect data and the right to the deletion of your personal data, insofar as this does not conflict with any legal obligation to retain data or a legal basis that allows us to process the data.
You further have the right to ask for the release of the data you have given us (right to data portability). On request, we will also pass on the data to a third party of your choice. You have the right to receive the data in a current file format.
You can contact us at the email address email@example.com for the aforesaid purposes. We may, at our discretion, require proof of identity to process your requests.
14. Data security
We take appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, full or partial loss or destruction, and unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
You should always treat your access data confidentially and close the browser window when you have ended communication with us, especially if you used a shared computer.
We also take internal data protection very seriously. Our employees and the service providers we retain have been obliged by us to maintain confidentiality and to comply with data protection regulations.
15. Notice regarding data transfers to the US
For the sake of completeness, we would like to point out to users residing or domiciled in Switzerland that monitoring measures are in place in the US by US authorities, which generally allow the storage of all personal data of all persons whose data is transmitted from Switzerland to the US. This is done without distinction, restriction, or exception by reference to the goal and without an objective criterion that allows access by US authorities to the data and later use thereof to be restricted to very specific, strictly limited purposes that could justify the intervention associated with access to and use of this data. In addition, we would like to point out that there are no legal remedies in the US for data subjects from Switzerland that would allow them to obtain access to the data relating to them and to obtain the correction or deletion thereof, and that there is no effective court protection against general access rights of US authorities. We explicitly point out this legal and factual situation to the data subject so that he or she can make an informed decision about consenting to the use of his or her data.
16. Right to file a complaint with a data protection supervisory authority
You have the right to file a complaint with a data protection supervisory authority at any time.
Applicable Law and Jurisdiction