Version: May 2018
Hotel Bad Horn AG, Seestrasse 36, 9326 Horn (Switzerland) operates the Bad Horn Hotel & Spa and is also operator of the www.badhorn.ch website, and thus responsible for collection, processing and use of your personal data and for com-pliance of data processing with the applicable data protection laws.
Your trust is important to us; therefore we take privacy and data protection very seriously and ensure appropriate security. Of course, we adhere to the legal pro-visions of the Federal Act on Data Protection (DSG), Ordinance on the Federal Act on Data Protection (VDSG), the Telecommunications Act (FMG) and other applicable data protection provisions of Swiss and European law, in particular the General Data Protection Regulation (GDPR).
Please read the following for your information and to familiarise yourself with the kind of personal data we collect and the purposes we use them for.
A. Data processing in connection with our website
1. Opening our website
When you visit our website, our servers will temporarily save every access in a log file. In this context, the following technical data are generally collected without your active input, as is the case with every connection with a web server, and stored by us until automatic erasure after 12 months, at the latest:
In case of attacks on the network infrastructure or other kinds of unauthorised or improper use of the website, the IP address is analysed together with other data for clarification and defence and may also be used for identification and/or for civil or criminal procedures against the respective users within the scope of criminal proceedings. This represents our legitimate interest in data processing within the sense of Art. 6(1) point f GDPR.
2. Using our contact formYou can use a contact form to take up contact with us. For this purpose, we re-quired the following mandatory data:
3. Subscription to our newsletter
You can subscribe to our newsletter through our website. You need to register for this purpose. The following data must be provided for registration:
The data specified above are necessary for data processing. You can voluntarily provide further data (date of birth and country). We exclusively process these data to personalise the information and offers sent to you and to cater for your interests better.
With your registration, you give your consent for processing the specified data for regular distribution of the newsletter to the given address and for statistical eval-uation of the user behaviour and optimisation of the newsletter. This consent rep-resents the legal basis for processing your email address within the sense of Arti-cle 6(1), point a GDPR. We are entitled to commission third parties with technical processing of advertisement measures and have the right to forward your data for this purpose (cf. below, point 13).
At the end of each newsletter, there is a link through which you can unsubscribe from the newsletter at any time. When unsubscribing from the newsletter, you can voluntarily give the reason for that. Your personal data will be erased after unsub-scribing. Further processing will only take place using anonymised data for opti-misation of our newsletter.
4. Opening a customer account
To carry out bookings on our website, you can either order/book as a guest or open a customer account. When you register for a customer account, we will col-lect the following mandatory data:
The legal basis of processing of data for this purpose is the consent given by you pursuant to Art. 6(1), point a, GDPR.
5. Booking on the website, by correspondence or by phone call
If you carry out bookings on our website, by correspondence (email or postal let-ter) or by phone call, we require the following mandatory data from you for pro-cessing of the contract:
These data and other information voluntarily provided by you (e.g. expected arri-val time, vehicle registration plate, preferences, comments) will only be used by us for settlement of the contract, unless otherwise stated within this privacy notice or you have given any special consent to that respect. We will process data by name to record and process your booking as required, to provide the booked services, to contact you in case of ambiguities or problems and to ensure correct payment. The legal basis of processing of data for this purpose is the fulfilment of a contract pursuant to Art. 6(1), point b, GDPR.
Cookies will help making your visit to our website easier, more comfortable and more useful in many aspects. Cookies are information files that your web browser will automatically save on the hard drive of your computer when you visit our website.
Most web browsers accept cookies automatically. However, you can configure your browser such that no cookies are stored on your computer or that you re-ceive a notification before a new cookie is stored. The following sites provide in-formation and explanations about configuring the processing of cookies for the most common browsers:
Full deactivation of cookies can lead to you not being able to use all functions of our website.
7. Tracking Tools
a. General points
For the purpose of the requirements-oriented design and continuous optimisation of our website we use the web analysis service Google Analytics. In this context, pseudonymous user profiles are created and small text files, that are saved on your computer (cookies), are used. The information generated by the cookie about your use of this website is transmitted to the server of the provider of these services, where it is stored and processed for us. Through this we may receive the following information in addition to the data specified in point 1.
This information will be used in order to evaluate the use of the website, to compile reports about the website activities and to provide further services relating to the use of the website and the internet for the purposes of market research and the user-friendly configuration of these internet pages. This information may also be forwarded to third parties if legally required or if third parties process this data on behalf of Google.
b. Google Analytics
Provider of Google Analytics is Google Inc., a company of the Alphabet Inc. hold-ing company, based in the USA. Prior to transfer of data to the provider, the IP address is abbreviated by activation of the IP anonymisation function ("anony-mizeIP") on this website within the member states of the European Union or in other states that are part of the European Economic Area. Anonymised IP addresses which Google Analytics transmits from you browser will not be combined with other data from Google. Only in exceptional cases will the full IP address transmitted to a Google server in the USA and shortened there. In these cases, we make sure that Google Inc. complies with an appropriate privacy level by means of contract-based guarantee. According to Google Inc. the IP address is not connected to any other data concerning the user.
For further information about the web analytics service used, please see the Google Analytics website. For instructions on preventing processing of your data by the web analytics service, please see tools.google.com.
B. Data processing in connection with your stay
8. Data processing for compliance with statutory duty of notification.Upon arrival at our hotel, we may require the following data from you and the ac-companying person(s).
These data are collected for compliance with our statutory duties of notification, which particularly result from the hospitality laws and police law. We will forward these items of information to the competent police office to the extent required by the applicable rules and regulations. Compliance with the legal provisions and requirements represents our legitimate interest within the meaning of Art. 6(1), point f, GDPR.
9. Recording of services used
If you avail yourself of additional services during your stay (e.g. consume prod-ucts from the mini bar or make use of the pay TV offer) the subject of the service and the time of using the service is recorded by us for invoicing purposes. Pro-cessing of these data is required for settlement of the contract with us pursuant to Art 6(1), point b, GDPR.
C. Storage and exchange of data with third parties
10. Booking platforms
In the event that you perform bookings through third-party platforms, we receive various personal data by the respective platform operator. These generally in-clude the data specified in point 5 of this privacy notice. Moreover, any requests about your booking may also be forwarded to us. We will process these data by name to record your booking as required and to provide the services booked. The legal basis of processing of data for this purpose is the fulfilment of a contract pursuant to Art. 6(1), point b, GDPR.
Finally, we may be informed by the platform operators with regard to any disputes in connection with the booking. In this context we may also receive data about the booking process, which might include a booking confirmation to serve as proof for the fact that a booking was actually completed. We will process these data for maintenance and enforcement of our claims. This represents our legitimate inter-est within the meaning of Art. 6(1) point f GDPR.
Please also heed the information on data protection given by the respective pro-vider.
11. Central storage and linking of data
We store the data specified under points 2 to 5 and 8 to 10 in a central electronic data processing system. Your data will be systematically recorded and linked for processing of your bookings and settlement of the contractual services. For this purpose we use a software by "Oracle Software (Switzerland) GmbH, Täfernstrasse 4, 5405 Baden-Dättwil, Switzerland". Processing of these data with-in the scope of the software is based on our legitimate interest within the meaning of Art. 6(1), point f, GDPR in customer-friendly and efficient customer data man-agement.
12. Storage period
We only store personal data for the duration required to use the tracking services specified above and to process them within the scope of our legitimate interest. Contract data are stored for longer periods since this is stipulated by the legal storage obligations. Storage duties that oblige us to store data result from the pro-visions on the notification law, on invoicing procedures and on the tax law. Accord-ing to these provisions, business communication, closed contracts and booking documents must be stored for periods up to 10 years. Unless we required such data for performance of services for you, we will block these data. This means that data must only be used for the purposes of invoicing and tax settlement.
13. Disclosure of personal data to third parties
We will only disclose your personal data if you have given your express consent, if there is an underlying legal obligation or if they are required for the purpose of enforcement of our rights, in particular claims resulting from the contractual rela-tionship. Moreover, we will disclose your data to third parties if it is required within the scope of using the website and processing the contract (also outside the website), particularly processing and settlement of your bookings.
One of the service providers to whom the personal data collected through our website are forwarded or who is or may be given access to such data is our web hosting partner "Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany". The website is hosted on servers located in Germany. Forwarding of data will be performed for the purpose of facilitating and maintaining the functions of our website. This represents our legitimate interest within the meaning of Art. 6(1) point f GDPR.
Finally, we will disclose your credit card information to your credit card issuer and the credit card acquirer in case you perform payment on the website using your credit card. If you opt for payment by credit card, you will be prompted to specify all mandatory information. The legal basis of disclosure of data for this purpose is the fulfilment of a contract pursuant to Art. 6(1), point b, GDPR. With regard to processing your credit card information by third parties, please also read the gen-eral terms and conditions as well as the privacy notice of your credit card issuer.
With regard to disclosure of data to third parties, please also note the information given in the points 7 to 8 and 10 to 11.
14. Transfer of Personal Data Abroad
We are entitled to transfer your personal data to third-party companies (author-ised service providers) located abroad for the purpose of data processing as de-scribed within this privacy notice. These companies are subject to data protection regulations in the same scope as we are. If the data protection level in a country does not comply with the Swiss or European data protection level, we will make sure by contract that protection of your personal data corresponds to Swiss and/or EU regulations at any time.
D. Further information
15. Right to information, correction, erasure and limitation of processing; right to data portability
You have the right to obtain information about the personal data that were stored with regard to you, upon request. In addition, you have the right to rectification of incorrect data and the right to erasure of your personal data, provided that there is no contradicting legal obligation for storage or legal permission that permits pro-cessing of data by us.
Moreover, you have the right to request return of all data that you have disclosed to us (right to data portability). Upon request, we will also forward your data to a third party specified by you. You have the right to receive data in a conventional, standard data format.
For the purposes stated above, you can contact us through the email address firstname.lastname@example.org. For processing of your requests, we may require identification documents to our own discretion.
16. Data Security
We use appropriate technical and organisational security measures in order to protect your personal data stored by us against manipulation, partial or complete loss or access by unauthorised third parties. Our security measures are subject to continuous advancement according to technological developments.
You should always treat your access data confidentially and close the browser window once you have terminated the communication with us, especially if you use the computer jointly with other persons.
We also take in-house data protection very seriously. Our employees and the service providers acting on our behalf are obliged to maintain confidentiality and comply with the data protection provisions.
17. Notice on data transfer to the USA
For reasons of completeness, for users who are residents of or who have their seat in Switzerland, we hereby point out that within the USA there are supervision measures in place by US authorities that ensure storage of all personal data by all persons whose data are transferred to the US from Switzerland. This takes place without differentiation, limitation or exception with regard to the purpose and with-out any objective criterion that ensures access of US authorities to the data and limits later use to specific, strictly limited purposes that may justify the intervention in connection with both access to and use of these data. In addition, please note that for the Swiss subjects affected, there are no legal remedies available that might ensure access to their data and enforcing their correction or erasure; and there is no effective judicial relief in place against general access rights by US authorities. We explicitly point out these legal circumstances to the persons af-fected to allow them to take appropriately informed decisions about giving their consent to the use of their personal data.
To users with a residence within a member state of the EU we hereby point out that from the point of view of the European Union (based on the topics specified in this section, among others) the USA do not have in place an appropriate level of data protection. As explained above within this privacy notice that recipients of data (e.g. Google) whose seat is in the USA will have to sign contracts or other regulating agreements with us or we will ensure appropriate certification of such companies under the EU or Swiss-US Privacy Shield to make sure that your data used by our partners are protected to an appropriate level.
18. Right to lodge a complaint with a data protection supervisory author-ity
You have the right to lodge a complaint with a data protection supervisory authori-ty at any time.
Version: May 2018