CONTENT
A. CONTACTS
1. CONTROLLER
2. DATA PROTECTION OFFICER
3. NAME AND ADDRESS OF THE EU REPRESENTATIVE
B. DATA PROCESSING IN CONECTION WITH OUR WEBSITES
4. ACCESSING OUR WEBSITE
5. USING OUR CONTACT FORM
6. REQUESTS FOR MEETINGS, CONFERENCES AND EVENTS
7. MICROSOFT TEAMS
8. SIGNING UP FOR OUR NEWSLETTER
9. ORDERING VOUCHERS
10. OPENING A CUSTOMER ACCOUNT
11. BOOKING ON THE WEBSITES, BY CORRESPONDENCE OR BY TELEPHONE CALL
12. ORDERS FROM OUR ONLINE SHOP
13. APPLYING FOR A JOB
14. COOKIES
15. TRACKING TOOLS
16. RE-TARGETING
17. LINKS ON OUR SOCIAL MEDIA PAGES
C. PROCESSING DATA IN CONNECTION WITH YOUR STAY
18. PROCESSING DATA TO COMPLY WITH STATUTORY REGISTRATION OBLIGATIONS
19. PROCESSING DATA TO PROVIDE THE BOOKED SERVICE IN GENERAL
20. PROCESSING DATA IN ORDER TO PROVIDE SERVICES IN THE SPA AND WELLNESS AREA
21. PROCESSING DATA IN ORDER TO PROVIDE LEISURE SERVICES AND ACTIVITIES BOOKED
22. PROCESSING DATA IN ORDER TO PROVIDE MEDICAL SERVICES
23. PROCESSING DATA IN THE CONTEXT OF SURVEYS
24. SECURITY
25. PROCESSING DATA IN ORDER TO PROVIDE FURTHER SERVICES
D. STORAGE OF DATA AND EXCHANGE THIRD PARTIES
26. CENTRAL STORAGE AND LINKING OF DATA
27. RETENTION PERIOD
28. TRANSMISSION OF THE DATA TO THIRD PARTIES
29. COLLECTING DATA VIA BOOKING PLATFORMS
30. TRANSFER OF PERSONAL DATA ABROAD
E. FURTHER INFORMATION
31. RIGHT TO ACCESS, RECTIFICATION, ERASURE AND RESTRICTION OF PROCESSING; RIGHT TO DATA PORTABILITY
32. DATA SECURITY
33. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY DATA PROTECTION AUTHORITY
A. CONTACTS
1. CONTOLLER
We, the following companies:
Katara Hospitality Switzerland AG, Bürgenstock 17, 6363 Obbürgen, Switzerland (CHE-114.959.229), operator of the website www.burgenstockcollection.com
Bürgenstock Hotels AG, Bürgenstock 17, 6363 Obbürgen, Switzerland (CHE-105.841.711), operator of the website www.burgenstockresort.com and www.buergenstock-waldhotel.ch
Hotel Schweizerhof Bern AG, Bahnhofplatz 11, 3001 Bern, Switzerland (CHE-101.277.243), operator of the website www.schweizerhofbern.com
Société Anonyme de l’Hôtel Royal, Avenue d’Ouchy 40, 1000 Lausanne, Switzerland (CHE-101.464.526), operator of the website www.royalsavoylausanne.com
are responsible for collecting, processing and using your personal data and for the compliance of this data processing with the data protection legislation which applies to the relevant website.
Bürgenstock Bahn AG, Bürgenstock 17, 6363 Obbürgen, Switzerland (CHE-108.107.719) and Hammetschwand Lift AG, Bürgenstock 2c, 6363 Obbürgen, Switzerland (CHE-106.643.533) are responsible for collection, processing and use of your personal data and the compliance of the data processing with the data protection legislation which applies to the services provided by these companies.
Your trust is important to us, which is why we take data protection seriously and ensure the appropriate level of security. We observe the statutory provisions of the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (DPO), the Swiss Telecommunications Act (TCA) and any other data protection provisions which may apply under Swiss or EU law, in particular the General Data Protection Regulation (GDPR), if applicable.
Please take note of the following information so that you are aware of the personal data we collect from you and the purposes for which we use it.
2. DATA PROTECTION OFFICER
For questions in connection with data protection and for information regarding your rights as well as for the assertion thereof, you can contact our data protection officer:data-privacy@burgenstockcollection.com
3. NAME AND ADRESS OF THE EU REPRESENTATIVE
Our below-mentioned data protection representation in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein serves as an additional point of contact for supervisory authorities and data subjects on all issues related to the GDPR:
VGS Datenschutzpartner UG, Am Kaiserkai 69, 20457 Hamburg, Germany, info@datenschutzpartner.eu
B. DATA PROCESSING IN CONEECTION WITH OUR WEBSITES
4. ACCESSING OUR WEBSITE
When you visit our websites, our servers temporarily store each access in a log file. The following technical data is recorded automatically, as is the case with every connection to a web server, and is stored by us until the automatic erasure after 12 months at the latest:
The IP address of the computer sending the query
The name of the owner of the IP address range (usually your Internet access provider)
The date and the time of access
The website from which the access was made (referrer URL), with the search term used, if applicable
The name and URL of the file accessed
Country from which the access is made
The status code (e.g. error message)
Time zone difference to Greenwich Mean Time (GMT)
The operating system of your computer
The browser used by you (type, version and language)
The transfer protocol used (e.g. HTTP/1.1)
If applicable, your user name used in a registration/authentication
This data is collected and processed to allow users to use our websites (to establish a connection), to ensure permanent system security and stability, to enable us to optimise our online offering and for internal statistical purposes. This is our legitimate interest in processing the data.
The IP address is also analysed together with the other data to investigate and prevent possible attacks on our network infrastructure or other unauthorised use or abuse of the websites and, if applicable, during criminal proceedings for identifying and prosecuting the respective users under civil and criminal law. This is our legitimate interest in processing the data.
To protect the technical systems of the host and to prevent the misuse of automated entries in web forms we utilise Google reCaptcha v2 on our Websites. reCaptcha is a service offered by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).
When you call up one of our Websites in which reCaptcha is integrated, a connection is established to Google’s servers. A reCaptcha cookie is set. Your IP address will be transmitted to Google.
In addition, reCaptcha collects the following data («fingerprinting»):
· the date
· the browser language
· CSS information for the page you are viewing
· Javascript objects
· Browser plug-ins used
· the number of mouse clicks and areas you have moved on this screen
· cookies set by Google in the last six months
The storage and analysis of the data is based on our legitimate interest in protecting our Websites from abusive automated spying and spam. To the extent that personal data is transmitted to Google in the USA, this is carried out based on standard EU contractual clauses.
5. USING OUR CONTACT FORM
Where on our websites you have the option to use a contact form to get in touch with us, we usually require the following information:
Form of address
First and last name
E-mail address
Telephone number
Message
The information that is required to process your request smoothly is marked as a mandatory entry. Entering further information is optional. We will only use this data, as well as an address provided by you voluntarily, to be able to reply to your contact request as effectively as possible and in a personalised manner. The processing of this data is therefore necessary to take steps prior to entering into a contract and is in our legitimate interest.
6. REQUESTS FOR MEETINGS, CONFERENCES AND EVENTS
On our websites, you have the option to submit an enquiry in order to book a meeting, a conference or an event. For this purpose, we usually need the following information:
For which hotel is the request
Type of event, description of the event, number of guests
Event date
Form of address
First and last name
Company name
Postal address
E-mail address
Telephone number
Event details (participation of VIP, catering requirements, conference equipment requirements, additional services (flowers, photographer, music, tablecloths, transportation, spa time and activities, budget))
The information that is required to process your request smoothly is marked as a mandatory entry. Entering further information is optional. We will only use this data, as well as an address provided by you voluntarily, to be able to reply to your request as effectively as possible and in a personalised manner. The processing of this data is in our legitimate interest.
Please note that we may pass on your data to third parties as far as this is necessary within the framework of the use of the websites and the execution of the contract.
7. MICROSOFT TEAMS
We use the tool “Microsoft Teams" to conduct telephone conferences, online meetings, video conferences and/or online seminars (hereinafter: "Online Meetings"). "Microsoft Teams" is a product of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
When using "Microsoft Teams", various types of data are processed. The scope of the data also depends on what information is provided before or during participation in an online meeting. This may be for example:
User details: e.g. display name, e-mail address, if applicable, profile picture (optional), preferred language
Meeting metadata: e.g. date, time, meeting ID, phone numbers, location
Text, audio and video data: It is possible to use the chat function in an online meeting. In this respect, the text entries made by the respective user are processed in order to display them in the online meeting. In order to enable the display of video and playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly for the duration of the meeting. The camera or microphone can be switched off or muted by the user at any time via the "Microsoft Teams" applications.
If online meetings are to be recorded, this will be communicated transparently in advance and, where necessary, consent will be requested.
Chat content is logged when using Microsoft Teams. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. Usually, however, this will not be the case.
The processing of this data is in our legitimate interest. In these cases, our interest is in the effective conduct of online meetings. In all other respects, the legal basis for data processing when conducting online meetings is the contract, insofar as the meetings are conducted within the framework of contractual relationships.
8. SIGNING UP FOR OUR NEWSLETTER
Where on our websites you have the option to subscribe to our newsletter, you need to register. During the registration process the following data must be submitted:
Title
First and last name
E-mail address
The data above is required for data processing. We only process this data to personalise the information and offers sent to you and to better match them to your interests.
When you register, you give us your consent to process the data provided in order to regularly send the newsletter to the address you have provided, to statistically analyse your usage behaviour and to optimise the newsletter. This consent constitutes our legal basis for processing your e-mail address. We are entitled to commission third parties with the technical implementation of the newsletter and to pass on your data for this purpose.
The registration for the newsletter takes place in a so-called double opt-in procedure. This means that after registering and clicking the corresponding checkbox, you will receive an e-mail in which you must click on a link to confirm your registration.
The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from the server of the dispatch service provider when the newsletter is opened. Within the scope of this retrieval, first technical information, such as information on the browser and your system, as well as your IP address and the time of the retrieval are collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked on. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention nor that of the dispatch service provider to observe individual users. The analyses rather serve us to identify the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
At the end of every newsletter, there is a link that allows you to unsubscribe from the newsletter at any time. As part of the “Unsubscribe” process, you can voluntarily give us a reason for unsubscribing. After you have unsubscribed from the newsletter, your personal data will be deleted. Further processing only takes place in an anonymised form to optimise our newsletter.
In addition, you have the option to send your revocation to the following e-mail address:
data-privacy@burgenstockcollection.com
9. ORDERING VOUCHERS
On our websites you have the option to order vouchers. For this, we usually need the following information:
Form of address
Title
Company name
First and last name
E-mail address
Number of persons
Telephone number
Voucher type
Dedication, personal greeting and form of address for voucher recipient
Payment method
The information that is required to process your request smoothly is marked as a mandatory entry. Entering further information is optional. We will only use this data, as well as an address provided by you voluntarily, to be able to reply to your enquiry as effectively as possible and in a personalised manner. The processing of this data is in our legitimate interest.
Please note that we may pass on your data to third parties as far as this is necessary within the framework of the use of the websites and the execution of the contract.
10. OPENING A CUSTOMER ACCOUNT
Where on our websites you have the option to make bookings, you can place an order as a guest or open a customer account. When you register for a customer account, we usually collect the following data:
Title
First and last name
Postal address
Telephone number
E-mail address
Password and security question
The information that is required to process the opening of your customer account smoothly is marked as a mandatory entry. Entering further information is optional. We will only collect this data, as well as other information provided by you voluntarily (e.g. company name), to provide you with direct, password-protected access to your basic data stored with us. In your account, you can view your previous and current bookings or manage and/or change your personal data.
The legal basis for processing the data for this purpose is the consent given by you.
11. BOOKING ON THE WEBSITES, BY CORRESPONDENCE OR BY TELEPHONE CALL
When you book overnight stays and/or make reservations for restaurants, leisure activities, spa services or medical services via our websites, by corresponding with us (by e-mail or letter) or by calling us, we usually require the following data to process the contract:
Form of address
First and last name
Postal address
Telephone number
Credit card information
E-mail address
We will process the data by name to record your booking/reservation as requested, to provide the booked services, to contact you in case of problems or if anything is unclear, and to ensure the correct payment.
The information that is required to process your booking smoothly is marked as a mandatory entry or – if you book by telephone – requested from you in person. Entering further information is optional. We will only use other information provided by you voluntarily (e.g. date of birth, expected arrival time, vehicle number plate, preferences, comments) to process the contract unless otherwise specified in this privacy statement or unless you have given separate consent.
Please note that we may pass on your data to third parties as far as this is required for the use of the websites and for processing the contract.
The legal basis for processing the data for this purpose is the execution of a contract.
12. ORDERS FROM OUR ONLINE SHOP
If you are required to register, set a username and password when ordering from our online store, you will be able to log in with your username and password for future site visits and will not have to re-enter your address and payment information each time you place an order. Your password is stored in encrypted form and cannot be viewed by us.
When registering, you must provide the following data:
Form of address
First and last name
Language
Invoice address
Delivery address
E-mail address
Payment and distribution method
The information that is required to process the opening of your customer account smoothly is marked as a mandatory entry. The entry of other information is optional.
The data of your orders is also stored in your customer account.
We use the personal data collected during registration and ordering exclusively for the proper processing of your order. The legal basis for processing the data for this purpose is the fulfilment of a contract.
You can view and change the information in your customer account, such as your chosen payment method and delivery address, at any time. In case you update any information, we keep a copy of your original details on file so that we can clarify any issues that may arise between you and us.
You have the option to delete your customer account at any time, as soon as there are no more open orders. You can also send your deletion request to the following e-mail address:
data-privacy@burgenstockcollection.com
To verify your identity, please send the request directly via e-mail from your user account.
13. APPLYING FOR A JOB
Where on our websites you have the option to apply for jobs, you must submit a complete application. Usually the following data must be submitted:
Form of address
First and last name
Language
Postal address
Date of birth
E-mail address
Telephone number
Application documents (CV, covering letter, etc.)
The information that is required to process your application smoothly is marked as a mandatory entry. This data, as well as other information provided by you voluntarily, will be used in the application process. Your data will be erased 6 months after the relevant application procedure.
The legal basis for processing the data is therefore to take steps prior to entering into a contract and is as such in our legitimate interest. The legal basis for further data processing is the consent given by you.
We may use the talent management software "Recruiting App" by Abacus Umantis AG based in St. Gallen. The Recruiting App is integrated into the websites via iFrame and shows vacancies and the possibility to apply via form.
If you apply to us, your personal data will be stored and processed on the systems of Abacus Umantis AG.
Together with Abacus Umantis AG we have taken the necessary organisational and technical measures to ensure the confidentiality of your application. All employees of the HR department as well as of our software partner are obliged to maintain secrecy regarding personal data within the scope of their employment contracts.
Thanks to an automatically activated 128-bit encryption, the secure transmission of your data is ensured. When processing data, the general standards for data security are taken into account in accordance with the current state of the art.
For further information, please refer to the privacy policy:
Datenschutzerklärung | Job Service Maltech AG (umantis.com)
You may object to this data processing at any time. If you object, we will no longer process your personal data for this purpose. Send your objection to the following e-mail address
data-privacy@burgenstockcollection.com
14. COOKIES
Cookies help to make your visit to our websites easier, more pleasant and more useful in many ways. Cookies are information files that your web browser automatically places on your computer’s hard drive when you visit our website.
For example, we use cookies to temporarily store your selected services and entries when you fill in a form on the websites so that you do not need to enter them again when you access another subpage. Cookies may also be used to identify you as a registered user once you have registered on the websites so that you do not need to log in again when you access another subpage.
For your understanding, the most common types of cookies are explained below:
Session cookies:
While you are active on a website, a session cookie is temporarily stored in the memory of your computer. In the cookie a session identifier is stored to, e.g. prevent you from having to log in again each time you change pages. Session cookies are deleted when you log out or lose their validity as soon as your session has automatically expired.
Persistent or stored cookies:
Persistent cookies store a file on your computer for the period of time specified in the expiry date. These cookies enable websites to remember your information and settings the next time you visit. This results in faster and more convenient access; for example, you don’t have to set your language preferences for our portal again. Once the expiry date has elapsed, the cookie is automatically deleted when you visit the website that generated it.
Third-party cookies:
Third-party cookies come from providers other than the website operator. They may be used, for example, to collect information for advertising, custom content and web statistics.
You can configure your browser so that no cookies are stored on your computer or a message always appears when you receive a new cookie. Please visit the following webpages to find out how to configure the processing of cookies in the most common browsers:
MICROSOFTS WINDOWS INTERNET EXPLORER
MICROSOFTS WINDOWS INTERNET EXPLORER MOBILE
Deactivating cookies may mean that you are not able to use all the functions on our website.
15. TRACKING TOOLS
FRIENDLY ANALYTICS
We use Friendly Analytics to measure the usage and reach of our website. Friendly Analytics is a service of Friendly GmbH from Switzerland, which allows for web tracking without the processing and storage of personal identifiable information (PII) and without setting cookies. All data collected and processed by us is stored by Friendly Analytics in Switzerland with providers headquartered in Switzerland. Information about the type, scope and purpose of data processing can be found in the privacy policy of Friendly Analytics.
16. RE-TARGETING
So-called “re-targeting” technologies may be used on the websites. These technologies analyse your user behaviour on our websites in order to be able to offer you customised advertising on later visits, including on partner websites. Your user behaviour is recorded in pseudonymised form. Most re-targeting technologies operate using cookies. You can prevent re-targeting at any time by refusing or deactivating the relevant cookies in your web browser’s menu bar.
A. GOOGLE MARKETING PLATFORM
We may use Google Marketing Platform to display advertising based on the use of previously visited websites. Google uses the so-called “DoubleClick” cookie for this purpose, which makes it possible to recognise your browser when you visit other websites. The information generated by the cookie about your visit to our websites (including your IP address) is transmitted to Google servers in the USA and stored there.
Google will use this information for analysing your use of the websites in view of the advertisements to be displayed, compiling reports on website activity and advertisements for website operators and providing other services relating to website activity and Internet usage. Google may also transmit this information to third parties if required by law or if third parties process this data on its behalf. Google will, however, under no circumstances associate your IP address with other data held by Google.
B. FACEBOOK PIXEL
Based on your consent, we use so-called "Facebook Pixel". Facebook Pixel is a service of Facebook Inc., 1601 S California Ave., Palo Alto, CA 94304, USA or, if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With the help of the Facebook Pixel, the behaviour of site visitors can be tracked after they have been redirected to our website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised.
The data collected in this way is anonymous for us, so it does not allow us to draw any conclusions about your identity. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can, in accordance with the Facebook data policy [Facebook], use the data for its own advertising purposes. This enables Facebook to display advertisements on Facebook pages as well as outside of Facebook. We have no influence on this use of the data.
Through the use of cookies, i.e. text files that are stored on your terminal device, Facebook can subsequently recognise you in the Facebook member area and can, in accordance with Facebook's data usage policy, optimise the efficiency of advertisements, e.g. offer advertisements targeted to specific groups.
You can opt out of the collection of your data by the Facebook Pixel and its use for the display of Facebook ads. For this purpose, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising. To this end, you must be logged in to Facebook. If you don’t have a Facebook account, you can opt out of the use of cookies that are used for reach measurement and advertising purposes via the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) and, additionally, via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
For general information on Facebook’s use of data, your rights in this regard and ways to protect your privacy, see Facebook's data policy at https:///www.facebook.com/policy. For specific information and details about the Facebook Pixel and how it works, see Facebook’s help section.
17. LINKS ON OUR SOCIAL MEDIA PAGES
We have included links to our social media profiles on our websites. The links may lead to the following networks:
Facebook Inc., 1601 S California Ave., Palo Alto, CA 94304, USA
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA
YouTube, a service operated by Google Inc.
Tripadvisor Inc., 400 1st Avenue, Needham, MA 02494, USA
Pinterest Inc., 635 High Street, Palo Alto, CA 94301, USA
LinkedIn Ireland Unlimited Company, Dublin 2, Ireland
Xing SE, Dammtorstrasse 30, 20354 Hamburg, Germany
Kununu GmbH, Neutorgasse 4-8, 1010 Vienna, Austria
When you click on the relevant social network icons, you will automatically be redirected to our profiles on the respective networks. You may have to log in to your user account to use the relevant network’s functions. If you open a link to one of our social media profiles, a direct connection will be established between your browser and the server of the respective social network. This provides the network with the information that you are visiting our websites with your IP address and have opened the link. If you open a link to a network while you are logged into your account with the relevant network, the content of our site may be linked to your profile on the network, which means that the network can assign your visit to our websites directly to your user account. If you want to prevent this, you should log out before clicking on the corresponding links. An assignment will be made in any case if you log in to the relevant network after clicking on the link.
C. PROCESSING DATA IN CONNECTION WITH YOUR STAY
18. PROCESSING DATA TO COMPLY WITH STATUTORY REGISTRATION OBLIGATIONS
When you arrive at our hotels, we require the following information from you and the persons accompanying you:
First and last name
Sex
Postal address and canton
Date of birth
Nationality
Official identification card and number
Arrival and departure day
Number of persons, incl. Children
We collect this information to comply with statutory notification obligations arising from hotel and catering industry and police legislation in particular. As far as we are obliged to do so by the applicable provisions, we will forward this information to the competent police authority.
Entering further information is optional. We will only use this data to be able to arrange your stay the best possible and in a personalised manner.
19. PROCESSING DATA TO PROVIDE THE BOOKED SERVICE IN GENERAL
When you arrive at our hotels, we require the following information from you and the persons accompanying you:
First and last name
Postal address and canton
Date of birth
Nationality
Official identification card and number
Arrival and departure day
Room number and type
Telephone number
E-mail address
Comment (background note)
We collect this information to comply with our contractual and post-contractual obligations towards you.
The processing of this data is necessary for executing the contract with us. The further data processing is based on our legitimate interest in providing the service and/or on the consent given by you.
20. PROCESSING DATA IN ORDER TO PROVIDE SERVICES IN THE SPA AND WELLNESS AREA
If you receive services offered in our spa and wellness area during your stay at our hotels, the service (e.g. single entrance) and the time it was received will be recorded and processed by us for billing purposes and in order to provide the booked service. Usually, we require the following information for this purpose:
First and last name
Postal address
E-mail address
Telephone number
Room number (if available)
You also have the option to join our Alpine Spa Member’s Club. To process your request to become a member and in particular to contact you, the following information is mandatory:
First and last name
E-mail address
Telephone number
The processing of this data is necessary for executing the contract with us. The further data processing is based on our legitimate interest in providing the service and/or on the consent given by you.
21. PROCESSING DATA IN ORDER TO PROVIDE LEISURE SERVICES AND ACTIVITIES BOOKED
If you receive leisure services or book activities during your stay at our hotels, the service (e.g. fitness analysis or cinema visit) and the time it was received will be recorded and processed by us for billing purposes and in order to provide the booked service. Usually, we require the following information for this purpose:
Form of address
First and last name
Telephone number
Room number (if available)
Language
Contact person
The processing of this data is necessary for executing the contract with us. The further data processing is based on our legitimate interest in providing the service and/or on the consent given by you.
22. PROCESSING DATA IN ORDER TO PROVIDE MEDICAL SERVICES
If you receive medical services during your stay at our hotels, the service (e.g. diagnosis, treatment) and the time it was received will be recorded and processed by us for billing purposes, and in order to provide the booked service and to draw up the treatment plans. Usually, we require the following information for this purpose:
Form of address
Last name
First name
Sex
Date of birth
Nationality
Complete address (incl. street, postal code, town, country/canton)
E-mail address
Contact person
Referring doctor / general practitioner, First and last name
Information on the health state
Room number (if available)
For patients/guests from Switzerland:
additionally the insurance incl. policy, VEKA and AHV no.
Optionally, the following may be filled in:
Telephone
Civil status
Denomination
Language
The processing of this data is necessary for executing the contract with us. The further data processing is based on our legitimate interest and on the consent given by you.
23. PROCESSING DATA IN THE CONTEXT OF SURVEYS
If you participate in surveys (on-site or online) to evaluate your stay at our hotel, the following personal data will usually be processed:
First and last name
Postal address
E-mail address
Telephone number
Room number (if available)
Processing this data enables us to improve our services and customer relations. For this purpose, we use the software from Qualtrics, 2250 N. University Pkwy, 48-C, Provo, Utah 84604, USA. For information about privacy at Qualtrics, see HTTPS://WWW.QUALTRICS.COM/PRIVACY-STATEMENT/. In addition, we use Revinate by Revinate Inc., One Letterman Drive, Bldg. C, Suite CM100, San Francisco, CA 94129, USA. For information about privacy at Revinate , see: Hotel CRM & E-mail Marketing Software | Revinate. The legal basis for processing the data is the consent given by you.
The personal data processed as part of the customer survey will be kept in pseudonymised form for five years after completion of the customer survey and then deleted.
24. SECURITY
For the protection and security of guests, employees, visitors, our hotels, railroad and Hammetschwand lift, and assets entrusted to us, and in order tomaintainhouse rules, we use surveillance systems (preventive and to provideevidence and clarify incidents), e.g.security cameras that can capture and record images. We will inform you of surveillance systems at the relevant locations by means of appropriate respective signs.
The person responsible for the surveillance systems is the respective operator of the hotel, or railroad or Hammetschwand-Lift (see item 1).
25. PROCESSING DATA IN ORDER TO PROVIDE FURTHER SERVICES
If you receive further services during your stay at our hotels (e.g. from the mini-bar or W-LAN), the service and the time it was received will be recorded and processed by us for billing purposes. The processing of this data is necessary for executing the contract with us.
D.STORAGE OF DATA AND EXCHANGE THIRD PARTIES
26. CENTRAL STORAGE AND LINKING OF DATA
The personal data collected from you is stored centrally in our CRM system. The data in the central CRM system is processed by us for the management of the customer relationships and for advertising purposes, in particular to be able to offer you personalised services and products.
The legal basis for processing the data in the context of customer management is the execution of the contract. With regard to data processing in the context of advertising activities, the legal basis is, on the one hand, also the execution of the contract (the existing customer relationship justifies data processing for the purpose of advertising activities) and, on the other hand, the consent given by you.
27. RETENTION PERIOD
We store personal data only as long as it is necessary to use the tracking services mentioned above and to make use of the further processing within the scope of our legitimate interest. Contract data will be retained by us for a longer period of time since this is required by statutory retention obligations. Retention obligations that require us to retain data result from provisions regarding registration law, on accounting and from tax legislation. In accordance with these provisions, business communication, contracts concluded and booking documents must be retained for up to 10 years.
28. TRANSMISSION OF THE DATA TO THIRD PARTIES
We only pass on your personal data if you have expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. Furthermore, we pass on your data to third parties as far as this is necessary or expedient within the framework of the use of the website and the processing of contracts (also outside the website), namely the processing of your bookings, e.g. when purchasing vouchers.
We transmit your personal data to the following categories of recipients:
Group companies
IT service providers
Third parties to whom we have outsourced services such as sending newsletters, translation work or document checks
Third parties that we engage to provide further services that we provide to our guests,
Third parties involved in the implementation or organisation of events and seminars
Consultants, trust companies, law firms
Authorities and courts, if applicable
If the level of data protection in a country in which the data is processed does not comply with the applicable data protection regulations, we will contractually ensure that the protection of your personal data will at all times correspond to that in Switzerland or the EU/EEA.
Finally, when you pay by credit card on the website, we forward your credit card information to your credit card issuer and to the credit card acquirer. If you decide to pay by credit card, you will be asked to enter all mandatory information. The legal basis for the transmission of the data is the fulfilment of a contract. Regarding the processing of your credit card information by these third parties, we ask you to also read the general terms and conditions as well as the privacy policy of your credit card issuer.
In the case of transmission to third parties, the legal provisions on the transmission of personal data to third parties are, of course, complied with. If we employ processors to provide our services, we take appropriate legal precautions as well as corresponding technical and organisational measures to ensure the protection of your personal data in accordance with the relevant legal regulations.
29. COLLECTING DATA VIA BOOKING PLATFORMS
If you make bookings via a third-party platform, we receive the booking information from the respective platform operator. In addition, enquiries about your booking may be forwarded to us. We will process this data by name in order to record your booking as requested and to provide the booked services. The legal basis for processing the data for this purpose is the fulfilment of a contract.
Finally, we may be informed by the platform operators of disputes in connection with a booking. In the process, we may also receive data on the booking process, which may include a copy of the booking confirmation as proof of the actual booking completion. We process this data to maintain and enforce our claims. This is our legitimate interest.
Please also note the privacy policy of the respective provider.
30. TRANSFER OF PERSONAL DATA ABROAD
If we also transfer your personal data to third parties abroad (i.e. outside Switzerland), these are obliged to comply with data protection to the same extent as we are. If the level of data protection in the country concerned is not adequate, we will ensure that the protection of your personal data has such a level.
We ensure this in particular by concluding so-called standard data protection clauses of the EU Commission with the companies concerned and/or by the existence of further guarantees that comply with the applicable law. Where this is not possible, we base the transfer of data on your express consent or the necessity of the transfer for the performance of a contract.
E. FURTHER INFORMATION
31. RIGHT TO ACCESS, RECTIFICATION, ERASURE AND RESTRICTION OF PROCESSING; RIGHT TO DATA PORTABILITY
You have the right to gain access to the personal data that we store about you upon request. You also have the right to rectification of incorrect data and the right to erasure of your personal data provided that this is not precluded by any statutory retention obligation or permission which allows us to process the data.
In addition, you have the right to ask us to return the data you have provided to us (right to data portability). Upon request, we will also pass on the data to a third party of your choice. You have the right to receive the data in a commonly used file format.
For the purposes specified above, you can contact us via the e-mail address data-privacy@burgenstockcollection.com. For the processing of your requests, we may reserve the right to ask for a proof of your identity.
32. DATA SECURITY
We use appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, partial or total loss and unauthorised access by third parties. Our security measures are improved on an ongoing basis and in line with technological developments.
You should always keep your login details confidential and close the browser window when you have finished communicating with us, especially if you share your computer with others.
We also take internal data protection very seriously. We have bound our employees and the service providers commissioned by us to secrecy and to comply with data protection provisions.
33. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY DATA PROTECTION AUTHORITY.
You have the right to lodge a complaint with a supervisory data protection authority at any time. In Switzerland, this is the Federal Data Protection and Information Commissioner.
Last updated: October 2023