Privacy pOlicy

1.1 VISITING OUR WEBSITES

Terreni alla Maggia SA as the owner of Castello del Sole, Rustico del Sole and Terreni alla Maggia operates the following websites:

www.castellodelsole.com
www.terreniallamaggia.ch
www.shop.castellodelsole.com
www.shop.terreniallamaggia.ch
www.rusticodelsole.ch

As such, it is responsible for the collection, processing and use of your personal data and ensuring that data processing complies with applicable data protection laws.

When you visit our website, our servers temporarily store each session in a log file. In the process, the following technical data are collected and stored, without any action on your part, as is the case every time you connect to a web server:

• the IP address of the requesting computer,
• the name of the owner of the IP address range (usually your internet access provider),
• the date and time of the visit,
• the website from which you access the website (referrer URL), possibly with the keyword used,
• the name and URL of the retrieved file,
• the status code (e.g. error message),
• the operating system on your computer,
• the browser you use (type, version and language),
• the transmission protocol used (e.g. HTTP/1.1), and
• possibly your user name from a registration/authentication.

After 90 days, we automatically anonymize recorded IP addresses, so that no conclusions can be drawn regarding the identity of individual users.

These data are collected and processed for the purpose of enabling the use of our website (establishing a connection), ensuring the security and stability of the system over the long term, allowing us to optimize our Internet presence, and for internal statistical purposes. This constitutes our legitimate interests in data processing in accordance with Art. 6 (1) (f) GDPR.

The IP address is also evaluated together with other data for the purpose of clarification and defence in the event of attacks on the network infrastructure or other unauthorized or abusive use of the website. If necessary, it is also used in the context of criminal proceedings for identification and for civil and criminal proceedings against the users concerned. This constitutes our legitimate interests in data processing in accordance with Art. 6 (1) (f) GDPR

1.2 USING OUR CONTACT FORM

You have the option of using a contact form to get in touch with us. For this we require the following information (*mandatory):

• Title*
• First name* and last name*
• Address
• Postal code and town
• Country
• Phone
• Email*
• Comment
• How did you find out about us?*

We only use these data as well as a phone number provided voluntarily by you to answer your contact request individually and to the best of our ability. Processing these data is therefore necessary for taking steps prior to entering into a contract in accordance with Art. 6 (1) (b) GDPR, or for the purpose of pursuing our legitimate interests in accordance with Art. 6 (1) (f) GDPR.

1.3 REGISTERING FOR OUR NEWSLETTER

You have the possibility of subscribing to our newsletter on our website. To do this, you must register. As part of the registration process, you are required to submit the following data (* mandatory):

• Title*
• First name and last name*
• Email address*

In addition, you can provide us with further data voluntarily. We use the double opt-in mechanism for this. After submitting your registration, you will receive an email from us that contains a confirmation link. Click on this link to definitely confirm your registration for the newsletter. We will use your data for the purpose of sending you the newsletter until you revoke your consent for us to do so. You can revoke your consent at any time. In addition, all newsletter emails contain an unsubscribe link.

Our newsletter may contain a so-called web beacon (tracking pixel) or a similar technical means. A web beacon is a transparent, 1x1-pixel image linked to the user ID of the respective newsletter subscriber.

For each newsletter we send, information is available on the address file used, the subject heading and the number of newsletters sent. This information also reveals which addresses have not yet received the newsletter, which addresses the newsletter has been sent to, and for which addresses the sending process was unsuccessful. It also shows which addresses have opened the newsletter, and finally, which addresses have unsubscribed. We use these data for statistical purposes and to optimize the newsletter in terms of content and structure. This allows us to better gear the information and offers in our newsletter to the individual interests of each recipient. The tracking pixel is deleted when you delete the newsletter.

To prevent the use of web beacons in our newsletter, please adjust the settings of your email program so that no HTML is displayed in messages, if this is not already set as a standard. Under the following links, you will find instructions how to carry out these settings in the most common email programs.

• Microsoft Outlook
• Mail on Mac (“load remote content in messages”)

When you register for our newsletter, you give us your consent to process the data you have entered for the purpose of regularly sending our newsletter to the address specified by you, analysing your user behaviour for statistical purposes and optimizing our newsletter. Your consent constitutes our legal basis for processing the data for our newsletter in accordance with Art. 6 (1) (a) GDPR.

We are entitled to commission third parties with the technical processing of advertising activities and are entitled to pass on your data for this purpose (see section 4.0 below).

1.4 BOOKING A ROOM ON THE WEBSITE, BY CORRESPONDENCE OR BY TELEPHONE 

When you make a reservation either via our website, by correspondence (email or letter), or by telephone, we require the following data to process the contract (* mandatory):

• Title*
• First name* and last name *
• Postal address*
• Date of birth*
• Telephone number*
• Language*
• Credit card details*
• Email address*
• Expected time of arrival
• Motor vehicle license plate
• Preferences
• Comments

We will only use this data for the purpose of processing the contract, unless otherwise stated in this privacy policy or unless you have given us your separate consent. We process the data in particular to record your booking as requested, provide the booked services, contact you in the event of ambiguities or problems, and ensure correct payment.

For processing online reservations, we use the SimpleBooking service provided by QNT S.r.l. a Socio Unico, Via Lucca,52 – 50142 Florence, Italy. For more information on how SimpleBooking processes personal data, see here.

The legal basis for processing data for this purpose is the performance of a contract in accordance with Art. 6 (1) (b) GDPR.

1.5 MAKING CONTACT OR A RESERVATION VIA THE CHAT FUNCTION

On our website, you have the possibility of making a booking online or contacting the reservation department via live chat. The software for the chat function and the booking platform are made available by selected third-party providers. Depending on the service, various data are collected in connection with this (* mandatory):

• Name
• Email
• Phone number
• Language
• Integration of Facebook Messenger
• Navigation point on Storchen website
• Date/ time
• Referral
• IP address
• Google location
• Audio file of the conversation

For processing your online reservation, we use the SimpleBooking service provided by QNT S.r.l. a Socio Unico, Via Lucca,52 – 50142 Florence, Italy. For more information on how SimpleBooking processes personal data, see here.

For processing your booking via chat, we use the JivoSite service provided by JivoSite Inc., 1013 Centre Rd, Suite 403-B, Wilmington, Delaware 19805, USA. For more information on how JivoSite processes personal data, see here.

The legal basis for processing data for this purpose is in order to take steps prior to entering into a contract and for the performance of a contract in accordance with Art. 6 (1) (b) GDPR.

1.6 MAKING CONTACT VIA EMAIL

On our website you have the possibility of contacting us and sending us an email. To this end, we are obliged to record your email address.

We only use your email address and other data provided voluntarily by you (e.g. your first and last name) to answer your contact request individually and to our best of our ability. The processing of these data is therefore necessary in order to take steps prior to entering into a contract in accordance with Art. 6 (1) (b) GDPR or for the purpose of pursuing our legitimate interest in accordance with Art. 6 (1) (f) GDPR.

1.7 MAKING CONTACT BY TELEPHONE

On our website you have the possibility of contacting us by telephone.

We only use your telephone number and other data provided voluntarily by you (e.g. your first and last name, email address) to answer your contact request individually and to our best of our ability. The processing of these data is therefore necessary for taking steps prior to entering into a contract in accordance with Art. 6 (1) (b) GDPR or for the purpose of pursuing our legitimate interests in accordance with Art. 6 (1) (f) GDPR.

1.8 ORDERING AND BUYING TICKETS FOR EVENTS, PRODUCTS AND VOUCHERS

On our website you have the possibility of ordering certain services or vouchers online. The following data are collected in connection with this (* mandatory):

• First name and last name *
• Address*
• Postal code and town *
• Country*
• Email*
• Telephone number 
• Credit card number

These data are collected and processed for the purpose of providing and delivering the service requested by you. The legal basis for processing data for this purpose is the performance of a contract in accordance with Art. 6 (1) (b) GDPR.

1.9 RESTAURANT RESERVATION

On our website you have the possibility of reserving a table. The following data are collected in connection with this (* mandatory):

• First name and last name*
• Email*
• Telephone number*

To process your table reservation, we use the reservation system provided by aleno AG, Aegertenstrasse 6, 8003 Zurich, Switzerland. For more information on how aleno processes personal data, see here.

These data are collected and processed for the purpose of reserving a table for a certain number of persons. The legal basis for processing data for this purpose is in order to take steps prior to entering into a contract and for the performance of a contract in accordance with Art. 6 (1) (b) GDPR.

1.10 APPLYING FOR A VACANT POSITION

On our website you have the possibility of applying for a job vacancy or making an unsolicited application. To do this, you are required to submit a complete application. The following data must be entered in the online form (* mandatory):

• Title*
• First name and last name*
• Address*
• Nationality*
• Marital status*
• Date of birth*
• Email address*
• Telephone number*
• Cover letter, curriculum vitae, photo*
• Work references*

These data are used for processing the application process. If you do not explicitly consent to further processing of your data, the data will be deleted after the respective application procedure.

For online applications, we use the services of Jacando provided by Jacando AG, Münchensteinerstrasse 41, 4052 Basel, Switzerland. For more information on how Jacando processes personal data, see here.

The legal basis for processing these data is therefore in order to take steps prior to entering into a contract in accordance with Art. 6 (1) (b) GDPR and for the purpose of pursuing our legitimate interests in accordance with Art. 6 (1) (f) GDPR. For further data processing, the legal basis is your consent in accordance with Art. 6 (1) (a) GDPR.

1.11 COOKIES

Cookies help in many ways to make your visit to our website easier, more enjoyable and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our websites. We use cookies, for example, to temporarily store your chosen services and inputs when filling out a form on the website so that you do not have to repeat the input when you visit another subpage. Cookies can also be used, if necessary, to identify you as a registered user after you register on the website without you having to log in again when you visit another subpage.

Most Internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears when you receive a new cookie. For explanations how to configure the processing of cookies in the most common browsers, see the following websites:

• Microsofts Windows Internet Explorer
• Microsofts Windows Internet Explorer Mobile
• Mozilla Firefox
• Google Chrome for desktops
• Google Chrome for mobiles
• Apple Safari for desktops
• Apple Safari for mobile[MMS1]  devices

Deactivating cookies may mean that you will not be able to use all functions available on our website.

1.12 TRACKING TOOLS

1.12.1 Google Analytics

We use the web analysis service of Google Analytics for the purpose of designing and continuously optimizing our website to meet your needs. To this end, pseudonymized utilization profiles are created and small text files used (“cookies”) that are stored on your computer. The information generated by the cookie about your use of this website is transferred to the servers of the provider of these services, stored there and processed for us. In addition to the data listed under section 1.1, we may receive the following information:

• The navigation path you follow on the website,
• the length of time you stay on the website or subpage,
• the subpage from which you leave the website,
• the country, region or town from which the website is accessed,
• the device (type, version, depth of colour, resolution, width and height of browser window) and
• whether you are a new or repeat visitor.

The information is used to evaluate the use of the website, compile reports on website activities, and provide further services related to website and internet utilization for market research purposes and for designing this website according to your needs. This information may also be transferred to third parties if this is required by law or if these data are processed by third parties on our behalf.

The provider of Google Analytics is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Before sending the data to the provider, the IP address is truncated by activating the IP anonymization function (“anonymizeIP”) on this website within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. The anonymized IP address transmitted by your browser in connection with Google Analytics is not combined with other data held by Google. In exceptional cases only, the full IP address is transmitted to a Google server in the United States and truncated there. In these cases, we ensure with contractual warranties that Google maintains a sufficient level of data protection. According to Google, the IP address will under no circumstances be linked to other data relating to the user.

Users can prevent the information generated by the cookie and concerning their use of the website (including the IP address) from being recorded and processed by Google by downloading and installing the browser plugin available here.

For more information on the web analysis services used, see Google’s website here. For instructions how to prevent the processing of your data by the web analysis service, see here. 

The legal basis for processing data for this purpose is your consent in accordance with (Art. 6 (1) (a) GDPR). You may revoke your consent at any time with future effect.

1.12.2 Creating pseudonymized utilization profiles

To provide you with personalized services and information on our website (on-site targeting), we use and analyse the data we collect about you whenever you visit the website. Processing these data may involve the use of cookies. The analysis of your user behaviour can lead to the creation of a so-called utilization profile. The utilization data are combined using only pseudonyms, but never with non-pseudonymized personal data.

The legal basis for processing data for this purpose constitutes our legitimate interests in optimizing and individualizing our website and our advertising communication in accordance with Art. 6 (1) (f) GDPR.

1.12.3 Facebook Connect

On our website, you can register to create a customer account or sign in via the social media plugin “Facebook Connect” provided by the social network Facebook, operated by Facebook Inc., Hacker Way, Menlo Park, CA 94025, USA (“Facebook”) using so-called single sign-on technology if you have a Facebook profile. The "Facebook Connect" social media plugins can be recognized on our website by the button with the Facebook logo labelled "Connect with Facebook," "Log in with Facebook," or "Sign in with Facebook".

If you visit one of our websites that contains a plugin of this kind, your browser creates a direct link to the servers of Facebook. The content of the plugin is transmitted directly to your browser by Facebook and integrated into the page. As a result, Facebook receives the information that your browser has called up the corresponding page on our website, even if you do not have a Facebook profile or are not currently logged into Facebook. This information (including your IP address) is sent directly from your browser to a server at Facebook in the USA and stored there.

You can also use the Facebook Connect button on our website to log in or register using your Facebook user data. When you click on the "Facebook Connect" button, you are asked to give your consent to the exchange of data before you log in. Only if you give your express consent in accordance with Art. 6 (1) (a) GDPR do we receive the general and publicly accessible information stored in your profile, depending on your personal data protection settings on Facebook. This information includes your user ID, your name, profile picture, age and gender.

Please note that following changes to Facebook’s privacy policy and conditions of use, granting your consent can lead to your profile pictures, your friends' user IDs, and your friends list also being transferred if these have been marked as "public" in your Facebook privacy settings. We store and process the data sent to us by Facebook for the purpose of creating a user account with the required data, if you allow this in your Facebook settings (title, first name, last name, address, country, email address, date of birth). Conversely, based on your consent, data (e.g. information on your surfing or purchasing behaviour) can be transferred from us to your Facebook profile.

You may revoke your consent at any time with future effect.

For information on the purpose and extent of data capture and the further processing and use of data by Facebook, as well your rights in this regard and setting options for the protection of your personal privacy, please refer to Facebook’s privacy policy here.

If you do not want Facebook to assign the data collected via our website to your Facebook profile, you must log out of Facebook before you visit our website.

1.12.4 Privacy regulations on the application and use of Google Remarketing

The Living Circle Group AG has integrated the services of Google Remarketing on this website. Google Remarketing is a function of Google AdWords that allows a company to show advertisements to internet users who previously visited the company’s website. Integrating Google Remarketing therefore enables a company to create user-related ads and consequently show advertising to internet users that is relevant to their interests.
Google Remarketing services are provided by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google Remarketing is to show interest-based ads. Google Remarketing allows us to show ads via the Google Display Network or on other websites that are tailored to the individual needs and interests of internet users.

Google Remarketing sets a cookie on the data subject’s IT system. This allows Google to recognize visitors to our website when they subsequently call up other websites that are also members of the Google Display Network. Every time the data subject visits a website that incorporates the services of Google Remarketing, the data subject’s browser automatically identifies itself to Google. In the course of this technical process, Google receives the data subject’s personal data, such as their IP address or information on their surfing behaviour, which Google uses to show ads that are relevant to the user’s interests, among others.

The cookie is used to store personal information, such as the websites visited by the data subject. Each time our websites are visited, personal data including the IP address of the internet connection used by the data subject are transferred to Google in the United States. These personal data are then stored by Google in the USA. Google may possibly pass on these personal data to third parties.

You can prevent the setting of cookies by our website at any time, as described above, by adjusting the settings of your internet browser and thus permanently object to the setting of cookies. Adjusting your browser settings in this way also prevents Google from setting a cookie on your IT system. In addition, you can delete a cookie already set by Google Analytics at any time via the browser or other software programs.

Furthermore, you have the possibility of objecting to interest-based advertising by Google. To do this, you must call up the link here from each browser you use and make the corresponding settings there.

For more information and Google’s applicable privacy policy, see here.

The legal basis for processing data as described above is for the purpose of pursing our legitimate interests in offering individualized and interest-based advertising of our services in accordance with Art. 6 (1) (f) GDPR.

1.12.5 Privacy regulations on the application and use of Google AdWords

The Living Circle Group AG has integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows advertisers to place ads both in Google search engine results and in the Google Display Network. Google AdWords allows advertisers to define certain keywords in advance that are used to display an ad in Google’s search engine results only when the user searches for a result containing the keywords. In the Google Display Network, the ads are shown on websites with a similar subject matter using an automatic algorithm and taking into account the previously defined keywords.
Google Adwords services are provided by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to market our website by showing interest-based ads on the websites of third-party companies and in Google’s search engine results, as well as showing third-party ads on our website.

If you reach our website via a Google ad, Google sets a so-called conversion tracking cookie on your IT system. A conversion tracking cookie loses its validity after thirty days and is not used for the purpose of identifying data subjects. As long as the cookie has not yet expired, it is used to track whether certain subpages, such as the shopping cart of an online shop system, have been accessed on our website. Conversion tracking allows both us and Google to track whether a user who reached our website via an AdWords ad generated turnover, i.e. purchased goods or cancelled a purchase.

Google uses the data and information collected through the conversion tracking cookie to compile statistics about visits to our website. We use these statistics, on the other hand, to determine the overall number of users referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad campaign, and to optimize our AdWords ads in the future. Neither our company nor other Google AdWords advertisers receive information from Google that could be used to identify data subjects.

Personal information, such as the websites visited by the data subject, may be stored with a conversion tracking cookie. Each time you visit our websites, your personal data including the IP address of the internet connection used are transferred to Google in the United States, where they are stored. Google may possibly pass on these personal data to third parties.

You can prevent the setting of cookies by our website at any time, as described above, by adjusting the settings of your internet browser and thus permanently object to the setting of cookies. Adjusting your browser settings in this way also prevents Google from setting a conversion tracking cookie on your IT system. In addition, you can delete a cookie already set by Google Analytics at any time via the browser or other software programs.

Furthermore, you have the possibility of objecting to interest-based advertising by Google. To do this, you must call up the link here from each browser you use and make the corresponding settings there.

For more information and Google’s applicable privacy policy, see here.

The legal basis for processing data as described above is for the purpose of pursing our legitimate interests in offering individualized and interest-based advertising of our services in accordance with Art. 6 (1) (f) GDPR.

1.12.6 Privacy Policy Template (Cookie Template)

This website uses Mouseflow: a website analytics tool that provides session replay, heatmaps, funnels, form analytics, feedback campaigns, and similar features/functionality. Mouseflow may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-excluded fields, pages visited and content, time on site, browser, operating system, device type (desktop/tablet/phone), screen resolution, visitor type (first time/returning), referrer, anonymized IP address, location (city/country), language, and similar meta data. Mouseflow does not collect any information on pages where it is not installed, nor does it track or collect information outside your web browser. If you'd like to opt-out, you can do so at https://mouseflow.com/opt-out. If you'd like to obtain a copy of your data, make a correction, or have it erased, please contact us first or, as a secondary option, contact Mouseflow at [email protected].

For more information, see Mouseflow’s Privacy Policy at http://mouseflow.com/privacy/.
For more information on Mouseflow and GDPR, visit https://mouseflow.com/gdpr/.
For more information on Mouseflow and CCPA visit https://mouseflow.com/ccpa.

2.1 DATA PROCESSING TO FULFIL STATUTORY REPORTING REQUIREMENTS

When you arrive at our hotel, we require the following information from you and any accompanying persons (* mandatory):

• First name and last name *
• Address*
• Data of birth*
• Place of birth*
• Nationality*
• Official passport/identity card and number *
• Day of arrival and day of departure

We collect this information in order to fulfil statutory reporting requirements, in particular in connection with hospitality or police laws. Insofar as we are obliged to do so under the applicable regulations, we forward this information to the responsible police authority.

Fulfilling the legal requirements constitutes our legitimate interests in accordance with Art. 6 (1) (f) GDPR.

2.2 RECORDING PURCHASED SERVICES

If you purchase additional services (e.g. restaurant, using items from the mini bar or pay TV, etc.) during your stay, we will record the supplied service as well as the time the service was purchased for invoicing purposes. Processing these data is necessary for the performance of the contract with us in accordance with Art. 6 (1) (b) GDPR.

2.3 WLAN USAGE

To provide you with access to the internet via our WLAN network, we record and use the following data when you dial into and use our WLAN network:

So-called inventory data (* mandatory)

• Your first name and last name incl. title *
• The email address you have given*
• Your mobile phone number

We use these inventory data to register you for our WLAN service. The legal basis for processing data for this purpose is the performance and fulfilment of a contract in accordance with Art. 6 (1) (b) GDPR.

In addition, we collect so-called traffic data:

• The type of device you use to access our WLAN network
• Various device identifiers, namely the WLAN MAC address and the login allocated to you
• The IP address allocated to you
• Date and time of your WLAN and internet connections
• Certain location data: These include the location of the nearest WLAN access point to you, with which you are connected via WLAN; this also includes a time stamp. The location of this access point usually tells us which room in our hotel you use your device and when. We do not receive more exact information about your actual location.

We require the above traffic data to establish a technical connection between your device and our WLAN network, via which we can then provide you with access to the Internet and process it technically. The purpose of the location data is to connect you to the WLAN access point with the strongest signal. This constitutes our legitimate interests in data processing in accordance with Art. 6 (1) (f) GDPR.

In addition, the IP address is evaluated together with other data in the event of attacks on the network infrastructure or other unauthorized or improper WLAN use for clarification and defence purposes. If necessary, it is used as part of criminal proceedings to identify and initiate civil and criminal proceedings against the users concerned. This constitutes our legitimate interests in data processing in accordance with Art. 6 (1) (f) GDPR.

Based on your consent, we use your data for other purposes, as described in the following. We combine your above data with data we have stored during the course of your stay, and use these combined data for the following purposes:

• To send you general information and individual offers for products and services provided by our hotel, tailored to you and your interests on the basis of your existing data, by e-mail, during or after your stay. The information and offers you receive may also be geared to your previous and current location within our hotel, e.g. if you have just entered one of our restaurants or visit our fitness studio frequently. If you have also provided us with your mobile phone number, we will use it to send you additional information and offers of this kind via SMS to your mobile phone.
• To improve our range of services, we would like to help our employees address you by name whenever they contact you. To this end, we may use your name and the location information described above to let our staff know who is in a particular room of our hotel. This makes it easier for our staff to address you personally by name.
• For statistical evaluations, e.g. how our guests react to our marketing campaigns, what services our guests use particularly frequently within the hotel, how our guests prefer to move around the hotel, which WLAN areas have good coverage. 

The legal basis for processing data for this purpose is your consent in accordance with (Art. 6 (1) (a) GDPR). You may revoke your consent at any time with future effect.

• Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA,
• Instagram Inc., 1601 Willow Road, Menlo Park, California 94025, USA; and
• Twitter Inc.,1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

If you click on a social network icon, you will be automatically forwarded to our profile on the respective social network. To use the functions of that network, you may have to log into your user account on the respective network.

If you open a link to one of our social media profiles, a direct connection will be established between your browser and the server of the social network concerned. This gives the network the information that you have visited our website with your IP address and clicked on the link. If you open a link to a network while you are logged into your account on that network, the content of our website may be linked to your network profile, meaning that the network can directly associate your visit to our website with your user account. If you wish to prevent this, you should log out before clicking on any links. The connection is made in any case if you log into the respective network after clicking on the link.

3.3 YOUTUBE PLUGIN

On our website, we have embedded plugins of the video portal YouTube provided by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”). YouTube is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Every time you visit a page that offers one or several YouTube video clips, a direct connection is established between your browser and a server of YouTube in the USA. In the process, information about your visit and your IP address are stored. If you interact with YouTube plugins (e.g. pressing the start button), this information is also transferred to YouTube and stored there.

More information on the collection and use of your data by YouTube can be found in the privacy policies of YouTube or Google here.

The legal basis for processing data for this purpose is to pursue our legitimate interests in accordance with Art. 6 (1) (f) GDPR.

If you have a YouTube user account and do not want YouTube to collect data about you via this website and link them to your YouTube member data, you must log out of YouTube before visiting this website.

YouTube also accesses the Google Analytics analysis tool via an iFrame in which the video is viewed. Google Analytics is a tracking tool belonging to YouTube, to which we do not have access. You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some Internet browsers.

3.4 GOOGLE MAPS

On our website, we use Google Maps API (Application Programming Interface, “Google Maps”) provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the visual representation of geographic information (maps). When you use Google Maps, information about the use of our website including your IP address is transmitted to a server belonging to Google in the USA and stored there.

The legal basis for processing data for this purpose is to pursue our legitimate interests in accordance with Art. 6 (1) (f) GDPR.

It is possible to deactivate the Google Maps service and prevent data being transferred to Google by deactivating JavaScript in your browser. However, we would like to point out that if you do so, you will not be able to use the map view.

More information about the collection, processing and use of your data by Google and your rights in this regard can be found in the privacy policy of Google at https://policies.google.com/privacy, as well as in the additional terms of use for Google Maps or Google Earth at here.

4.1 BOOKING PLATFORMS

If you make a booking via a third-party platform, we receive various kinds of personal information from the respective platform operator. These are generally the data listed in section 1.4 of this privacy policy. Furthermore, inquiries regarding your booking may be forwarded to us. We use these data in particular to register your booking as requested and provide the booked services. The legal basis for processing data for this purpose is the performance of a contract in accordance with Art. 6 (1) (b) GDPR.

Finally, we may be informed by the platform operator about disputes in connection with a booking. In this case, it is possible that we receive data relating to the booking process, whereby a copy of the booking confirmation counts as evidence that the booking has been made. We process these data to enforce and assert our rights. This is for the purpose of pursing our legitimate interests in accordance with Art. 6 (1) (f) GDPR.

Please also note the information on data protection by the respective provider.

4.2 CENTRAL STORAGE AND LINKING OF DATA

We store the data provided to us in sections 1.1 to 1.10 and 2.1 to 2.3 in a central, electronic data processing system (CRM). The data relating to you are systematically recorded and linked for the purpose of processing your bookings and handling contractual services, or based on your consent. To this end, we use software provided by the company “protel hotelsoftware Gmbh” in 44269 Dortmund, Germany. Personal data are processed in a CRM program using software provided by the company “Toedt, Dr. Selk & Coll. GmbH” in 80333 Munich, Germany. These data are processed using the software for the purpose of pursing our legitimate interests in managing data in a customer-friendly and efficient way in accordance with Art. 6 (1) (f) GDPR, and for the performance of contractual measures in accordance with Art. 6 (1) (b) GDPR.

Based on your consent, we use your data for further purposes as described in the following. In doing so, we combine your data with data stored in our company relating to your stay in our hotel, your visits to the restaurant, the SPA and Internet use, and then use this combined data to send you general information and offers for products and services of our hotel, tailored individually to you and your interests, by e-mail, SMS or post, during or after your stay.

The legal basis for processing data for this purpose is your consent in accordance with (Art. 6 (1) (a) GDPR). You may revoke your consent at any time with future effect by email ([email protected]).

4.3 DURATION OF STORAGE

We only store personal data for as long as is necessary to use the tracking services named above and to process them further for the purpose of pursuing our legitimate interests. We keep contractual data for longer, as this is required by statutory storage obligations. Obligations to store data result from regulations on reporting rights, accounting and tax law. According to these regulations, business communication, concluded contracts and accounting documents must be kept for up to 10 years. If we no longer require these data to be able to provide services for you, the data are blocked. This means that they may then only be used for accounting and tax purposes.

4.4 PASSING DATA ON TO THIRD PARTIES

We only pass on your personal data to third parties if you have given your express consent, if we are legally obliged to do so, or if it is necessary to enforce our rights, in particular to assert our claims resulting from the contractual relationship. In addition, we pass on your data to third parties insofar as this is necessary within the scope of using the website and performing the contract (also outside the website), and in particular processing your bookings.

Please also take note of the information in the preceding sections of this privacy policy regarding the transfer of data to third parties.

We may share your personal information with all affiliates in our group if necessary, provided that it is used for the same original purposes as described in this privacy policy.

These are in particular:

Widder Hotel AGRennweg 7
8001 Zürich

Hotel Alex Management AG
Seestrasse 182
8800 Thalwil

Cantina alla Maggia - Terreni alla Maggia SA
Via Muraccio 105
6612 Ascona

Castello del Sole - Terreni alla Maggia SA
Via Muraccio 142
6612 Ascona 

Sammlung E.G. Bührle
Rämistrasse 46
8001 Zürich

Géza Anda-Stiftung
Bleicherweg 18
8002 Zürich 

Dozière SA
c/o Etude Brêchet
Promenade Iris-de-Roten 1
2800 Delémont

In the following, we provide an overview of third parties we employ:

4.4.1 Webmasters

We work together with technical partners to operate and maintain our website and guarantee contractual services and offers on our website. As a result, personal data are passed on to, or can be accessed by, the following partners:

Positioner SA
Via Stazione 32
6592 S. Antonino
Switzerland
www.positioner.com

The websites are hosted on servers in Switzerland. Data are passed on for the purpose of offering and maintaining the functions of our website. This constitutes our legitimate interests in accordance with Art. 6 (1) (f) GDPR.

4.4.2 Room reservation system 

Personal data relating to room reservations on the website are collected and sent to us by

QNT S.r.l. a Socio UnicoVia Lucca,52 – 50142
Florence
Italy
www.simplebooking.it

4.4.3 Central storage and linking of data 

Personal data are consolidated to enhance and improve our services to guests using a CRM. The data are supplied and processed by

Toedt, Dr. Selk & Coll. GmbHAugustenstr. 79
80333 Munich
[email protected]

4.4.4 Restaurant reservations

Personal data for restaurant reservations on the website are collected and processed by  

aleno AG
Aegertenstrasse 6
8003 Zurich
Switzerland
+41 43 508 24 65
www.aleno.me

4.4.5 Event tickets and vouchers

Personal data for the purchase of event tickets and vouchers on the website are collected, processed and supplied by 

pdc salespitcher ag Schwimmbadstrasse 45
5430 Wettingen 
Switzerland
www.salespitcher.ch

and

Idea Creation GmbH
Walchestrasse 15
8006 Zurich
Switzerland
www.e-guma.ch

4.4.6 Credit card payments

If you pay on the website by credit card, we pass on your credit card information to your credit card issuer and to the credit card acquirer. To this end, we work with the software platform “Stripe” provided by 

Stripe Inc.510 Townsend Street,
CA 94107 San Francisco
USA

and

Concardis GmbH
Helfmann-Park 7
65760 Eschborn
Germany 

If you decide to pay by credit card, you are asked each time to enter all mandatory information. The legal basis for processing data for this purpose is the performance of a contract in accordance with Art. 6 (1) (b) GDPR. Regarding the processing of your credit card information by these third parties, please also read the general terms and conditions and the privacy policy of your credit card issuer.

4.4.7 Chat

Personal data for the use of the chat tool on the website are collected and processed by   

JivoSite Inc.1013 Centre Rd, Suite 403-B
Wilmington, Delaware 19805
[email protected]

4.4.8 Application tool 

Personal data for the use of the application tool on the website are collected and processed by 

Jacando AGMünchensteinerstrasse 41
4052 Basel
Switzerland

4.4.9 WiFi provider

Personal data for the use of WiFi in the hotel are collected and processed by  

Monzoon Networks AGSpinnerei-Lettenstrasse
Riverside
8192 Zweidlen
Switzerland

4.5 TRANSFERRING PERSONAL DATA ABROAD

We are entitled to also transfer your personal data to third-party companies (contracted service providers) abroad for the purpose of data processing as described in this privacy policy. These third parties are obliged to protect data to the same extent as we are. If the level of data protection in a country does not correspond to that of Switzerland or Europe, we contractually ensure that the protection of your personal data corresponds to that of Switzerland or the EU at all times.

4.5.1 Note on data transfers to the USA

For the sake of completeness, we would like to point out to users resident or domiciled in the EU or Switzerland that US authorities impose surveillance measures in the USA that generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland or the EU to the USA. This is done without any differentiation, limitation or exception, based on the objective pursued, and without any objective criterion that would make it possible to restrict the US authorities' access to, and subsequent use of, the data to very specific, strictly limited purposes that could justify such an intervention related to both access to and use of the data. Furthermore, we would like to point out that in the USA, there are no legal means available to data subjects from Switzerland and the EU that would allow them to access, rectify or erase their data, and that there is no effective legal protection against general access rights of US authorities. We explicitly draw the attention of data subjects to this legal and factual situation to allow them to make an informed decision before giving their consent to the use of their data.

We point out to users who are resident in a member state of the EU that, from the point of view of the European Union, the USA does not have an adequate level of data protection, partly due to the issues mentioned in this section. Insofar as we have explained in this privacy statement that recipients of data (such as Google) are based in the USA, we will ensure that your data stored at our partners is protected to an appropriate extent, either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU or Swiss-US Privacy Shield.