DATA PRIVACY STATEMENT
Stand: October 2019
Aparthotel Baden AG, Zelgweg 11, 5405 Baden-Dättwil manages the Aparthotel and operates the website www.aparthotel-baden.ch and is therefore responsible for the collection, processing and use of your personal data and the compatibility of its data processing with applicable data privacy legislation.
Your trust is important to us, which is why we take the issue of data privacy seriously and ensure appropriate security. We observe the statutory provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (DPO), the Telecommunications Act (TCA) and other applicable data privacy provisions of Swiss or EU law, in particular the General Data Protection Regulation (GDPR). So that you know what personal data we collect from you and the purposes for which we use it, please take note of the following information.
A. Data processing in connection with our website
1. Visiting our website
When you visit our website, our servers temporarily store each access in a log file. The following technical data is collected and stored without your intervention, as is the case with every connection to a web server:
- The IP address of the requesting computer,
- The name of the owner of the IP address range (usually your internet access provider),
- The date and time of access,
- The website from which access was made (referrer URL), if applicable with the search word used,
- The name and URL of the retrieved file,
- The status code (e.g. error message),
- The operating system of your computer,
- The browser you are using (type, version and language),
- The transmission protocol used (e.g. HTTP/1.1) and, if applicable, your username from a registration/authentication process.
This data is collected and processed for the purpose of enabling the use of our website (establishing a connection), ensuring system security and stability over the long term, enabling the optimisation of our internet offer and for internal statistical purposes. This constitutes our legitimate interest in data processing within the meaning of Art. 6 para. 1 (f) GDPR.
In the event of attacks on the network infrastructure or other unauthorised or abusive use of the website, the IP address is also evaluated together with other data for the purpose of clarification and defence and, if necessary, used in the context of criminal proceedings for the identification of and the instigation of civil and criminal proceedings against the users concerned. This constitutes our legitimate interest in data processing within the meaning of Art. 6 para. 1 (f) GDPR.
2. Using our contact form
You can use a contact form to get in touch with us. For this, we need the following information:
First name and surname
Email address
Message
We use this data and a telephone number voluntarily provided by you only in order to answer your contact enquiry in the best possible and personalised way. The processing of this data is therefore necessary within the meaning of Art. 6 para. 1 (b) GDPR for the implementation of pre-contractual measures and is in our legitimate interest pursuant to Art. 6 para. 1 (f) GDPR.
3. Opening a customer account
To make bookings on our website, you can order as a guest or open a customer account. When registering for a customer account, we collect the following mandatory data:
Salutation
First name and surname
Mailing address
Date of birth
Telephone number
Email address
Password
The collection of this and other data voluntarily provided by you (e.g. company name) is carried out for the purpose of providing you with password-protected direct access to your basic data stored by us. You can view your previous and current bookings or manage or change your personal data.
The lawful basis for the processing of the data for this purpose lies in the consent given by you in accordance with Art. 6 para. 1 (a) GDPR.
4. Subscribing to our newsletter
You can subscribe to our newsletter on our website. You need to register for this. The following data must be submitted during the registration process:
Salutation
First name and surname
Email address
The above data is necessary for data processing. In addition, you can voluntarily provide other data (date of birth and country). We process this data exclusively to personalise the information and offers sent to you and to better align them to your interests.
By registering, you give us your consent to process the data provided for the regular delivery of the newsletter to the address you specify and for the statistical evaluation of user behaviour and the optimisation of the newsletter. This consent represents our lawful basis for the processing of your email address within the meaning of Art. 6 para. 1 (a) GDPR. We are authorised to entrust third parties with the technical processing of advertising measures and to pass on your data for this purpose (cf. point 13 below).
At the end of each newsletter, you will find a link for unsubscribing from the newsletter at any time. When you unsubscribe, you can voluntarily inform us of the reason for the deregistration. After the cancellation of your subscription, your personal data will be deleted. Further processing only takes place in anonymised form in order to optimise our newsletter.
5. Booking on the website, by correspondence or by telephone call
If you make bookings either via our website, by correspondence (email or letter post) or by telephone, we require the following mandatory data to process the contract:
Salutation
First name and surname
Telephone number
Language
Credit card information
Email address
We will only use this data and other information voluntarily provided by you (e.g. expected time of arrival, number plate of your car, preferences, remarks) to process the contract, unless otherwise stated in this data privacy statement or unless you have given your separate consent. We will process the data specifically to record your booking as requested, provide the services you have booked, contact you in the event of any questions or problems and ensure correct payment.
The lawful basis for data processing for this purpose is the fulfilment of a contract pursuant to Art. 6 para. 1 (b) GDPR.
6. Cookies
Cookies help to make your visit to our website easier, more enjoyable and more meaningful in many ways. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our website.
We use cookies, for example, to temporarily store your selected services and entries when filling out a form on the website so that you do not have to repeat the entry when calling up another page. Cookies can also be used to identify you as a registered user after you have registered on the website, without you having to log in again when accessing another page.
Most Internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears when you receive a new cookie. On the following pages, you will find explanations on how to configure the processing of cookies in the most common browsers:
Microsoft's Windows Internet Explorer
Microsoft's Windows Internet Explorer Mobile
Mozilla Firefox
Google Chrome for Desktop
Google Chrome for Mobile
Apple Safari for Desktop Apple Safari for Mobile
Disabling cookies may prevent you from using all the features of our website.
7. Tracking-Tools
a. General information
We use the web analysis service of Google Analytics for the purpose of designing and continuously optimising our website to meet your needs. In this context, pseudonymised user profiles are created and small text files stored on your computer ("cookies") are used. The information generated by the cookie about your use of this website will be transmitted to the servers of the providers of these services, stored there and processed for us. In addition to the data listed under point 1, we may receive the following information:
Navigation path followed by a visitor to the site,
Time spent on the website or page,
The page on which the website is left,
The country, region or city from which the website is accessed,
End device (type, version, colour depth, resolution, width and height of the browser window) and whether you are a returning or new visitor.
The information is used to evaluate the use of the website, compile reports on website activities and provide further services related to the use of the website and the internet for the purposes of market research and demand-oriented design of this website. This information may also be transferred to third parties where this is required by law or where third parties are responsible for processing this data.
b. Google Analytics
Google Analytics is offered by Google Inc., a subsidiary of the holding company Alphabet Inc., with its registered office in the US. Before the data is transmitted to the provider, the IP address is shortened by activating IP anonymisation ("anonymizeIP") on this website within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The anonymous IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. Only in exceptional cases is the full IP address transmitted to a Google server in the US and shortened there. In such cases, we use contractual guarantees to ensure that Google Inc. maintains an adequate level of data protection. According to Google Inc., the IP address will not be associated with other data concerning the user under any circumstances. For more information about the web analysis service, visit the Google Analytics website. You can find instructions on how to prevent the processing of your data by the web analysis service at http://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from capturing your data by clicking this link.
B. Data processing in connection with your stay
8. Data processing for the fulfilment of legal reporting obligations
Upon arrival at our hotel, we may need the following information about you and accompanying persons:
First name and surname
Postal address and canton
Date of birth
Place of birth
Nationality
Official identification card and number
Arrival and departure dates
Room number
Billing address
We collect this information in order to fulfil statutory reporting obligations, in particular under hospitality or police law. To the extent that we are required to do so by applicable law, we will pass this information on to the appropriate police authority.
Our legitimate interest within the meaning of Art. 6 para. 1 (f) GDPR is the fulfilment of the legal requirements.
9. Recording of purchased services
If you receive additional services during your stay (e.g. make use of the mini bar or the pay-TV service), we will record the service and the time of receipt of the service for billing purposes. The processing of this data is necessary within the meaning of Art. 6 para. 1 (b) GDPR to process the contract with us.
C. Storage and exchange of data with third parties
10. Booking platforms
If you make bookings via a third-party platform, we receive various personal information from the platform operator in question. As a rule, this is the data listed in point 5 of this data privacy statement. In addition, we may receive enquiries regarding your booking. We will process this data in order to record your booking as requested and to make the booked services available. The lawful basis for data processing for this purpose is the fulfilment of a contract pursuant to Art. 6 para. 1 (b) GDPR.
Finally, we may be informed by the platform operators about disputes relating to a booking. In this regard, we may also receive information about the booking process, which may include a copy of the booking confirmation as proof of the actual booking. We process this data to safeguard and enforce our claims. This is our legitimate interest within the meaning of Art. 6 para. 1 (f) GDPR.
Please also note the information on data protection provided by the relevant provider.
11. Central storage and linking of data
We store the data specified in points 2-5 and 8-10 in a central electronic data processing system. The data concerning you will be systematically recorded and linked for the processing of your bookings and the provision of contractual services. We use software from protelhotelsoftware GmbH, Europaplatz 8, D-44269 Dortmund for this purpose. The processing of this data with this software is based on our legitimate interest within the meaning of Art. 6 para. 1 (f) GDPR in customer-friendly and efficient customer data management.
12. Storage period
We only store personal data for as long as required to use the above tracking services and carry out further processing in the context of our legitimate interest. Contract data will be stored by us for a longer period, as this is prescribed by statutory storage obligations. Obligations to preserve records that oblige us to store data arise from regulations on reporting rights, accounting and tax law. According to these regulations, business communication, concluded contracts and accounting vouchers must be kept for up to ten years. If we no longer need this data to provide the services to you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.
13. Passing on of data to third parties
We only pass on your personal data if you have given your express consent, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. In addition, we pass on your data to third parties insofar as this is necessary within the context of using the website and executing the contract (also outside the website), i.e. the processing of your bookings.
Our webhoster ctek ag, Weidstrasse 8, CH-6300 Zug is a service provider to whom the personal data that is collected via the website is forwarded or to whom access to the data has been or may be granted. The website is hosted on servers in Switzerland. The data is passed on for the purpose of providing and maintaining the functions of our website. This is our legitimate interest within the meaning of Art. 6 para. 1 (f) GDPR.
Finally, when you pay by credit card on the website, we will forward your credit card information to your credit card issuer and the credit card acquirer. If you decide to pay by credit card, you will be asked to enter all necessary information. The lawful basis for the transfer of the data lies in the fulfilment of a contract pursuant to Art. 6 para. 1 (b) GDPR. Regarding the processing of your credit card information by these third parties, we would ask that you also read the terms and conditions and data privacy policy of your credit card issuer.
Please also note the information in points 7-8 and 10-11 regarding the transfer of data to third parties.
14. Transmission of personal data abroad
We are entitled to transfer your personal data to third-party companies (contracted service providers) abroad for the purpose of the data processing described in this data privacy statement. These are obligated to ensure data protection to the same extent as we ourselves. If the level of data protection in a country does not correspond to that in Switzerland or Europe, we contractually ensure that your personal data enjoys the same level of protection as in Switzerland or the EU at all times.
D. Further information
15. Right of access, rectification, deletion and limitation of processing; right to data portability
You have the right to request information about the personal data we store about you. In addition, you have the right to demand the rectification of incorrect data and the deletion of your personal data, insofar as this does not contravene legal storage obligations or permission to process the data.
You also have the right to demand that we return the data you have provided to us (right to data portability). Upon request, we will also forward the data to a third party of your choice. You have the right to receive the data in a common file format. You can reach us for the aforementioned purposes via the email address info@aparthotel-baden.ch. We may, at our discretion, require proof of your identity before processing your requests.
16. Data security
We use suitable technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss and unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
You should always treat your access data confidentially and close the browser window when you have finished communicating with us, especially if you share your computer with others.
We also take internal data privacy very seriously. Our employees and the service companies commissioned by us have been obligated by us to maintain secrecy and to comply with data privacy regulations.
17. Note on data transfers to the US
For reasons of completeness, we would like to point out to users resident or domiciled in Switzerland that US authorities have implemented surveillance measures in the US that generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the US. This is done without differentiation, limitation or exception on the basis of the objective pursued and without an objective criterion that would allow the US authorities to restrict access to the data and subsequent use to very specific, strictly limited purposes that could justify the interference associated with both access to and use of the data. In addition, we would like to point out that there are no legal remedies available in the US for data subjects from Switzerland that would allow them to gain access to the data concerning them and to obtain its correction or deletion, and that there is no effective legal protection against the general access rights of US authorities. We explicitly draw the attention of data subjects to this legal and factual situation in order to allow them to make an informed decision about consenting to the use of their data.
We draw the attention of users living in an EU member state to the fact that, from the point of view of the European Union, the US does not provide an adequate level of data privacy, partly because of the issues mentioned in this section. Where we have explained in this data privacy statement that recipients of data (such as Google) are located in the United States, we will ensure that your data is protected at an appropriate level by our partners, either through contractual arrangements with such companies or by ensuring that such companies are certified under the EU or Swiss-US Privacy Shield.
18. Right to complain to a data privacy supervisory authority
You have the right to complain to a data privacy supervisory authority at any time.