2. Contact for Data Protection
If you have questions about data protection or would like to exercise your rights, please contact our data protection officer by sending an email to the following address:
3. Scope and Purpose of the Collection, Processing, and Use of Personal Data
3.1 Data Processing When Contacting Us"
When you get in touch with us through our contact addresses and channels (e.g., via email, telephone, or contact form), your personal data will be processed. The data you have provided to us, such as your name, email address, or phone number, and your request will be processed. In addition, the time of receipt of the request is documented. Mandatory information is marked with an asterisk (*) in contact forms. We process this data to address your request (e.g., providing information about our hotel, assisting with contract processing such as inquiries about your booking, incorporating your feedback into improving our services, etc.). To handle contacts made via the contact form, we use the CMS Contao https://www.contao.org.
The legal basis for these data processing activities is our legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR in implementing your request or, if your request is aimed at the conclusion or execution of a contract, the necessity for carrying out the required measures within the meaning of Art. 6 Para. 1 lit. b GDPR.
3.2 Data Processing During Bookings
3.2.1 Booking Request via Our Website
On our website, you have the opportunity to request an overnight stay. For this, we collect the following data, where mandatory fields are marked with an asterisk (*) during the booking process:
Confirmation of acknowledgement and agreement concerning terms and conditions and privacy policies
We use the data to create a booking quote. We need your email address to confirm your booking and for future communication necessary for contract processing with you. We store your data along with the side notes of the booking (e.g., room category, stay period as well as designation, price, and features of the services), as well as the information regarding the handling and fulfillment of the contract (e.g., receipt and handling of complaints) to ensure a proper booking process and contract fulfillment. As far as necessary for contract fulfillment, we will also pass on the required information to possible third-party service providers (e.g., organizers or transport companies).
The provision of data that are not marked as mandatory is voluntary. We process this data to tailor our offer to your personal needs as best as possible, to facilitate contract processing, to contact you via an alternative communication channel if necessary for contract fulfillment, or for statistical recording and evaluation to optimize our offers. The legal basis for this data processing is your consent according to Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time by notifying us.
For booking processing via our website, we use the CMS Contao https://www.contao.org
3.2.2 Booking via a Booking Platform
We process this data to safeguard our legitimate claims and interests in the handling and maintenance of our contractual relationships with the following platform operators:
* Booking.com, Oosterdokskade 163, 1011 DL, Netherlands. For more information on data processing in connection with Booking.com, visit: https://www.booking.com/content/privacy.en.html
* Hotelcard, Burgstrasse 18, 3600 Thun, Switzerland. For more information on data processing in connection with Hotelcard, visit: https://hotelcard.ch/en/pages/privacy-policy
* HRS, AG Walzmühlestrasse 48, 8504 Frauenfeld, Switzerland. For more information on data processing in connection with HRS, visit: https://www.hrs.com/privacypolicy
* Expedia, Seattle, Washington, United States. For more information on data processing in connection with Expedia, visit: https://www.expedia.ch/lp/b/lg-privacypolicy
The legal basis for data processing for this purpose lies in our legitimate interest according to Art. 6 Para. 1 lit. f GDPR.
3.3 Data Processing When Reserving a Table
On our website, you have the opportunity to request a table reservation at a restaurant mentioned on our website. For this, we collect the following data, where mandatory fields are marked with an asterisk (*) during the reservation via the website:
* First Name
* Last Name
* Number of Guests
* Email Address
* Phone Number
* Date and Time of the Reservation
We collect and process the data to handle the reservation, especially to make your reservation request as per your wish and to contact you in case of uncertainties or problems. We store your data along with the marginal data of the reservation (e.g., date and time of entry, etc.), the data concerning the reservation, and details for the handling and fulfillment of the contract (e.g., receipt and handling of complaints) to ensure correct reservation processing and contract fulfillment.
For handling table reservations, we use the CMS Contao https://contao.org
3.4 Data Processing During Payment Processing
3.4.1 Payment Processing at the Hotel
3.5 Data Processing for Recording and Billing of Availed Services
If you avail services during your stay (e.g., additional nights, wellness, restaurant, activities), in addition to your contract data, the booking data (e.g., time and remarks) and the data regarding the booked and availed service (e.g., subject matter, price, and time of service usage) are recorded and further processed by us to handle the service, as described in items 3.2 and 3.3.
The legal basis of our data processing lies in the fulfillment of a contract according to Art. 6 para. 1 lit. b GDPR.
3.6 Data Processing During the Use of Our WiFi Network
In our hotel, you have the opportunity to use our WiFi network free of charge. To prevent abuse and to penalize unlawful behaviors, prior registration is required. You transmit the following data to us:
* Mobile phone number
* MAC address of the device (automatically)
In addition to the aforementioned data, data on the time and date of use as well as the used device are recorded every time the WiFi network is used. The legal basis for these processing is your consent according to Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time for the future. For the provision of our WiFi network, we work with
3.7 Data Processing for Fulfilling Legal Reporting Obligations
Upon arrival at our hotel, we may need the following information from you and your accompanying persons, where mandatory information is marked with an asterisk (*) on the respective form:
* First and last name
* Billing address
* Date of birth
* Arrival and departure day
We collect this information to fulfill legal reporting obligations, which arise particularly from the hospitality or police law. As far as we are obligated by the applicable regulations, we forward this information to the responsible authority.
The legal basis for the processing of this data lies in our legitimate interest according to Art. 6 para. 1 lit. c GDPR in complying with our legal obligations.
3.8 Data Processing for Applications
You have the opportunity to apply to us spontaneously or for a specific job vacancy for employment in our company. We process the personal data you provide.
We use the data you provide to review your application and suitability for employment.
The data is only stored as an email. The legal basis for processing your data for this purpose lies in the handling of a contract (pre-contractual phase) according to Art. 6 para.1 lit. b GDPR.
4. Central data storage in the CRM system Fidelio reservation system
5. Disclosure and Transfer Abroad
5.1 Disclosure to Third Parties and Third Party Access
* Booking.com, Oosterdokskade 163, 1011 DL, Netherlands. For further information about data processing in connection with Booking.com, please visit: https://www.booking.com/content/privacy.de.html
* HRS, AG Walzmühlestrasse 48, 8504 Frauenfeld, Switzerland. For further information about data processing in connection with HRS, please visit: https://www.hrs.de/privacypolicy
* Expedia, Seattle, Washington, United States. For further information about data processing in connection with Expedia, please visit: https://www.expedia.ch/lp/b/lg-privacypolicy
In these instances, the legal basis is the necessity of fulfilling a contract in the sense of Art. 6 para. 1 lit. b GDPR. Your data will also be shared wherever it is necessary to fulfill the services you requested, i.e., for instance, with restaurants or providers of other services for which you have made a reservation through us. The legal basis here is also the necessity of fulfilling a contract according to Art. 6 para. 1 lit. b GDPR. For these data processes, the third-party service providers are the responsible parties in the sense of the data protection laws, not us. It is the duty of these third-party service providers to inform you about their own data processing activities, which go beyond sharing data for the provision of services, and to comply with data protection laws.
Moreover, your data might be shared, especially with authorities, legal advisors or debt collection agencies, if we are legally obliged to do so, or if this is necessary to protect our rights, particularly to enforce claims arising from the relationship with you. Data can also be shared if another company intends to acquire our company or parts of it, and such sharing is necessary to conduct a due diligence review or to execute the transaction. For these data processes, our legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR in protecting our rights and fulfilling our duties or selling our company or parts thereof forms the legal basis.
5.2 Transfer of Personal Data Abroad
5.3 Notes on Data Transfers to the USA
6. Background Data Processing on our Website
6.1 Data Processing During Your Visit to Our Website (Log File Data)
When you visit our website, the servers of our hosting provider LTC Logic Tide GmbH, Haltenstrasse 27, 3906 Saas-Fee, Switzerland, temporarily store every access in a log file (logfile). The following data is recorded without your intervention and stored by us until automated deletion:
- IP address of the requesting computer;
- Date and time of access;
- Name and URL of the retrieved file;
- Website from which access was made, possibly with the used search term;
- Possibly the operating system of your computer and the browser you used (including type, version, and language settings);
- Device type in case of access through mobile phones;
- City or region from where access took place;
The collection and processing of this data serves the purpose of enabling the use of our website (establishing a connection), ensuring the system security and stability permanently, facilitating the error and performance analysis, and optimizing our website (see also section 6.4 on the last points).
In the event of an attack on the network infrastructure of the website or suspicion of other unauthorized or abusive use of the website, the IP address and other data are evaluated to clarify and fend off the situation, and possibly used in civil or criminal proceedings to identify against the respective user. In the previously described purposes, our legitimate interest lies in accordance with Art. 6 para. 1 lit. f GDPR, which constitutes the legal basis for data processing.
Cookies are information files that your web browser stores on your computer's hard drive or memory when you visit our website. Cookies are assigned identification numbers through which your browser is identified, and the information contained in the cookie can be read.
You can possibly also configure your browser so that no cookies are stored on your computer or a message always appears when you receive a new cookie. The following pages provide explanations on how to configure the processing of cookies for selected browsers:
- Google Chrome for Desktop
- Google Chrome for Mobile
- Apple Safari
- Microsoft Windows Internet Explorer
- Microsoft Windows Internet Explorer Mobile
- Mozilla Firefox
Disabling cookies may result in you not being able to use all the functions of our website.
6.3 Google Custom Search Engine
On this website, we use the Programmable Search Engine from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). This enables us to provide you with an efficient search function on our website.
6.4 Web Analysis Tools
We currently do not use any web analysis service.
6.5 Social Media Profiles
On our website, we have embedded links to our profiles on the social networks of the following providers:
- Meta Platforms Inc., 1601 S California Ave, Palo Alto, CA 94304, USA, Privacy Notice; https://www.meta.com/de-de/help/quest/articles/accounts/privacy-information-and-settings/meta-privacy-policies/
When you click on the icons of the social networks, you are automatically redirected to our profile on the respective network. This establishes a direct connection between your browser and the server of the respective social network. Consequently, the network receives information that you have visited our website with your IP address and clicked on the link. This may also involve data transfer to servers abroad, e.g., the USA (see in this respect, especially regarding the lack of an adequate level of data protection and the intended guarantees, sections 5.2 and 5.3).
If you click on a link to a network while logged into your user account on that network, the content of our website can be linked to your profile, allowing the network to directly associate your visit to our website with your account. If you want to prevent this, you should log out before clicking the respective links. A connection between your access to our website and your user account takes place in any case when you log in to the respective network after clicking the link. The respective provider is responsible for the associated data processing according to data protection laws. Please, therefore, observe the privacy notices on the network's website.
The legal basis for any data processing attributed to us is our legitimate interest under Art. 6 para. 1 lit. f GDPR in utilizing and promoting our social media profiles.
6.5.1 Social Media Links
On our website, you can use social media plugins from the following listed providers:
- Meta Platforms Inc., 1601 S California Ave, Palo Alto, CA 94304, USA, Privacy Notice; https://www.meta.com/de-de/help/quest/articles/accounts/privacy-information-and-settings/meta-privacy-policies/
We use the social media links to facilitate the sharing of content from our website. The social media links help us increase the visibility of our content on social networks and thus contribute to better marketing.
The links are deactivated by default on our websites and therefore do not send data to the social networks when simply accessing our website. To enhance privacy, we have integrated the links in such a way that a connection to the network servers is not automatically established. Only when you activate the links by clicking on them and thereby give your consent for data transmission and further processing by the providers of the social networks, does your browser establish a direct connection to the servers of the respective social network. The content of the link is transmitted directly to your browser by the social network. This way, the respective provider receives information that your browser has accessed the respective page of our web presence, even if you do not have an account on this social network or are not currently logged into it. This information (including your IP address) is transmitted directly from your browser to a server of the provider (usually in the USA) and stored there (see in this respect, especially regarding the lack of an adequate level of data protection and the intended guarantees, sections 5.2 and 5.3). We have no control over the extent of data collected by the provider using the link, although we may be considered jointly responsible with the providers to a certain extent from a data protection perspective. If you are logged into the social network, it can directly associate your visit to our website with your user account. If you interact with the link, the corresponding information is also transmitted directly to a server of the provider and stored there. The information (e.g., that you like a product or service of ours) may also be published on the social network and possibly shown to other users of the social network. The provider of the social network may use this information for the purpose of placing ads and tailoring the respective offer to your needs. This could involve creating usage, interest, and relationship profiles, for example, to evaluate your use of our website with regard to the advertisements displayed to you on the social network, to inform other users about your activities on our website, and to provide other services associated with the use of the social network. The purpose and scope of data collection and further processing and use of data by the providers of the social networks, as well as your rights in this regard and setting options for protecting your privacy, can be taken directly from the privacy notices of the respective provider.
If you do not want the provider of the social network to associate the data collected via our web presence with your user account, you must log out of the social network before activating the links. In the described data processing, your consent under Art. 6 para. 1 lit. a GDPR forms the legal basis. You can revoke your consent at any time by declaring your revocation to the link provider according to the information in its privacy notices.
7. Retention Periods
We employ appropriate technical and organizational security measures to protect your personal data stored with us against loss and unlawful processing, specifically unauthorized access by third parties. Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and to adhere to data protection regulations. Furthermore, these individuals are only granted access to personal data to the extent necessary to fulfill their duties.
Our security measures are continuously adapted according to technological developments. However, the transmission of information over the internet and electronic communication methods always entails certain security risks, and we can therefore not provide an absolute guarantee for the security of information transmitted in this manner.
9. Your rights
If the legal requirements are met, you as a person affected by data processing have the following rights:
Right to Information: You have the right to request access at any time to the personal data we store and process about you, free of charge. This allows you to check what personal data we are processing about you and whether we are processing it in accordance with applicable data protection regulations.
Right to Rectification: You have the right to have incorrect or incomplete personal data corrected and to be informed about the correction. In this case, we also inform the recipients of the affected data about the adjustments we have made, unless this is impossible or involves disproportionate effort.
Right to Erasure: You have the right to have your personal data deleted under certain circumstances. In individual cases, particularly in the case of statutory retention obligations, the right to erasure may be excluded. In this case, under certain conditions, a block on the data can be imposed instead of deletion.
Right to Restriction of Processing: You have the right to request that the processing of your personal data be restricted.
Right to Data Portability: You have the right to receive the personal data that you have provided to us, free of charge, in a readable format.
Right to Object: You can object to data processing at any time, especially in cases of data processing associated with direct marketing (e.g., marketing emails).
Right to Withdraw Consent: You generally have the right to withdraw consent at any time. However, processing activities based on your consent in the past are not made unlawful by your withdrawal.
To exercise these rights, please send us an email at the following address:
Right to Lodge a Complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g., against the manner of the processing of your personal data.