Privacy Policy

base
  • Book a hotel
  • Table reservation
  • Contact
Arrival
Departure
We look forward to your
reservation request.
Privacy Policy

Privacy Policy

Status: October 2019


Hotel Weiss Kreuz Thusis AG manages the Hotel Weiss Kreuz and is the operator of the website www.weisskreuz.ch and is therefore responsible for the collection, processing and use of your personal data and the compatibility of the data processing with the applicable data protection law.Your trust is important to us, which is why we take the issue of data protection seriously and ensure appropriate security. It goes without saying that we comply with the legal provisions of the Federal Data Protection Act (FADP), the Ordinance to the Federal Data Protection Act (FADP), the Telecommunications Act (TCA) and other data protection provisions of Swiss or EU law that may be applicable, in particular the General Data Protection Regulation (GDPR).So that you know what personal data we collect from you and for what purposes we use it, please take note of the information below.The address of our data protection representative in the EU is:

VGS Datenschutzpartner UG, Am Kaiserkai 69, DE-20457 Hamburg, Germany.info@datenschutzpartner.eu

 

A. Data processing in connection with our website

Calling up our website

When you visit our website, our servers temporarily store each access in a log file. The following technical data is recorded without your intervention, as is generally the case with any connection to a web server, and can be deleted upon your request:

– the IP address of the requesting computer,

– the name of the owner of the IP address range (usually your Internet access provider),

– the date and time of the access,

– the website from which the access was made (referrer URL), if applicable with the search word used,

– the name and URL of the file accessed,

– the status code (e.g. error message),

– the operating system of your computer

– the browser you use (type, version and language),

– the transmission protocol used (e.g. HTTP/1.1) and

– if applicable, your user name from a registration/authentication.

 

The collection and processing of this data is done for the purpose of enabling the use of our website (connection establishment), to ensure system security and stability on a permanent basis and to enable the optimization of our Internet offering, as well as for internal statistical purposes. This is our legitimate interest in data processing within the meaning of Art. 6 (1) lit. f DSGVO.

Furthermore, the IP address is evaluated together with the other data in the event of attacks on the network infrastructure or other unauthorized or abusive website use for the purpose of clarification and defense and, if necessary, used in the context of criminal proceedings for identification and civil and criminal action against the users concerned. This is our legitimate interest in data processing within the meaning of Art. 6 (1) lit. f DSGVO.

Use of our contact form

We do not use a contact form. Please contact us by e-mail (info@weisskreuz.ch).

 

Registration for our newsletter

We do not use an automated newsletter function. Please contact us by e-mail (info@weisskreuz.ch).

 

Opening a customer account

To make bookings on our website, you can order as a guest or open a customer account. When registering for a customer account, we compulsorily collect the following data:

– Salutation

– First and last name

– postal address

– Date of birth

– Telephone number

– E-mail address

– Your password

 

The collection of these and other data voluntarily provided by you (e.g. company name) is for the purpose of providing you with password-protected direct access to your basic data stored with us. In it, you can view your previous and current bookings or manage or change your personal data.

The legal basis for processing the data for this purpose is the consent you have given us in accordance with Art. 6 (1) lit. a DSGVO.

 

Booking on the website, by correspondence or by telephone call.

If you make bookings either via our website, by correspondence (e-mail or letter post) or by telephone call, we require the following mandatory data for the processing of the contract:

– Salutation

– First and last name

– postal address

– date of birth

– telephone number

– language

– Credit card information

– e-mail address

 

These data as well as other information voluntarily provided by you (e.g. expected arrival time, motor vehicle registration plate, preferences, remarks) will only be used by us to process the contract, unless otherwise stated in this privacy policy or you have given your separate consent to do so. We will process the data by name in order to record your booking as requested, to provide the booked services, to contact you in case of any uncertainties or problems and to ensure correct payment.

The legal basis of data processing for this purpose is the fulfillment of a contract according to Art. 6 para. 1 lit. b DSGVO.

 

Cookies

Cookies help in many aspects to make your visit to our website easier, more pleasant and more meaningful. Cookies are information files that your web browser automatically stores on your computer’s hard drive when you visit our website.

For example, we use cookies to temporarily store your selected services and entries when you fill out a form on the website so that you do not have to repeat the entry when you call up another sub-page. Cookies may also be used to identify you as a registered user after you have registered on the website, without you having to log in again when you call up another sub-page.

Most Internet browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears when you receive a new cookie. On the following pages you will find explanations of how to configure the processing of cookies in the most popular browsers:

– Microsoft’s Windows Internet Explorer

– Microsoft’s Windows Internet Explorer Mobile

– Mozilla Firefox

– Google Chrome for Desktop

– Google Chrome for Mobile

– Apple Safari for Desktop

– Apple Safari for Mobile

 

Disabling cookies may prevent you from using all features of our website.

 

Tracking tools

Matomo analytics

This website uses Matomo Analytics to track user behavior on the website. Matomo is an open source analytics platform comparable to Google Analytics. In contrast, however, Matomo is compatible with applicable data protection regulations in Switzerland and the EU.

This is how we use Matomo Analytics on this website:
Our Matomo instance is self-hosted. The collected data is stored on a server in Switzerland and cannot be accessed by any unauthorized person. Our Matomo is configured to mask all IP addresses to 2 bytes. Thus, in the Analytics overview, no reference to persons or devices can be made at any point. Our Matomo does not track across visits. Since the IP addresses are masked, no reference can be made between multiple visits to the website. The data we collect with Matomo is purely for internal evaluation of the website to improve the user experience. At no time will the data be used for any other purpose or passed on to third parties. Our Matomo is configured so that no cookies are stored on the device.

 

B. Data processing in connection with your stay

Data processing for the fulfillment of legal reporting obligations

Upon arrival at our hotel, we may require the following information from you and your companions:

– First and last name

– Postal address and canton

– Date of birth

– Place of birth

– Nationality

– Official identification card and number

– Arrival and departure date

– Room number

 

We collect this information in order to fulfill legal reporting obligations, which arise in particular from hospitality or police law. Insofar as we are obligated to do so under the applicable regulations, we forward this information to the responsible police authority.

Our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO lies in the fulfillment of the legal requirements.

 

Recording of services received

If you obtain additional services during your stay (e.g. make use of the mini-bar or the pay-TV offer), we will record the subject of the service and the time at which it was obtained for billing purposes. The processing of this data is necessary within the meaning of Art. 6 para. 1 lit. b DSGVO for the processing of the contract with us.

 

C. Storage and exchange of data with third parties

Booking platforms

If you make bookings via a third-party platform, we receive various personal information from the respective platform operator. As a rule, this is the data listed in Section 5 of these data protection declarations. In addition, inquiries about your booking may be forwarded to us. We will process this data by name in order to record your booking as requested and to provide the booked services. The legal basis of data processing for this purpose is the fulfillment of a contract according to Art. 6 para. 1 lit. b DSGVO.

Finally, we may be informed by the platform operators about disputes in connection with a booking. In the process, we may also receive data about the booking process, which may include a copy of the booking confirmation as proof of the actual booking completion. We process this data to protect and enforce our claims. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

Furthermore, please note the information on data protection of the respective provider.

 

Central storage and linking of data

We store the data specified in items 2-5 and 8-10 in a central electronic data processing system. The data concerning you will be systematically recorded and linked for the purpose of processing your bookings and handling the contractual services. For this purpose, we use software from rebag data ag, Einsiedlerstrasse 533, CH-8810 Horgen (Switzerland). We base the processing of this data within the framework of the software on our legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO in customer-friendly and efficient customer data management.

 

Retention period

We store personal data only as long as it is necessary to use the tracking services mentioned above as well as the further processing within the scope of our legitimate interest. Contractual data is stored by us for a longer period of time, as this is required by legal retention obligations. Retention obligations that require us to retain data result from regulations on registration law, on accounting and from tax law. According to these regulations, business communication, concluded contracts and accounting vouchers must be kept for up to 10 years. As far as we do not need these data any more for the execution of the services for you, the data are blocked. This means that the data may then only be used for accounting and tax purposes.

 

Disclosure of data to third parties

We will only pass on your personal data if you have expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. In addition, we disclose your data to third parties to the extent necessary in the context of the use of the website and the execution of contracts (including outside the website), namely the processing of your bookings.

A service provider to whom the personal data collected via the website is passed on or who has or may have access to it is our web host Hü7 Design AG, Thusis. The website is hosted on servers in Switzerland. The data is passed on for the purpose of providing and maintaining the functionalities of our website. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

Finally, when you pay by credit card on the website, we forward your credit card information to your credit card issuer and to the credit card acquirer. If you decide to pay by credit card, you will be asked to enter all mandatory information. The legal basis for the transfer of data is the fulfillment of a contract according to Art. 6 para. 1 lit. b DSGVO. Regarding the processing of your credit card information by these third parties, we ask you to also read the terms and conditions as well as the privacy policy of your credit card issuer.

Please also note the information in sections 7-8 and 10-11 regarding the transfer of data to third parties.

 

Transfer of personal data abroad

We are also entitled to transfer your personal data to third companies (contracted service providers) abroad for the purposes of the data processing described in this data protection declaration. These are obligated to data protection to the same extent as we ourselves. If the level of data protection in a country does not correspond to that in Switzerland or the EU, we will ensure by contract that the protection of your personal data corresponds to that in Switzerland or the EU at all times.

 

D. Further information

Right to information, correction, deletion and restriction of processing; right to data portability

You have the right to obtain information about the personal data that we store about you upon request. In addition, you have the right to have incorrect data corrected and the right to have your personal data deleted, insofar as this does not conflict with a legal obligation to retain the data or an authorization that allows us to process the data.

You also have the right to demand that we return the data you have provided to us (right to data portability). Upon request, we will also transfer the data to a third party of your choice. You have the right to receive the data in a common file format.

You can contact us for the aforementioned purposes via the e-mail address (info@weisskreuz.ch). In order to process your requests, we may, at our discretion, require proof of identity.

 

Data security

We use appropriate technical and organizational security measures to protect your personal data stored by us against manipulation, partial or complete loss and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

You should always treat your access data confidentially and close the browser window when you have finished communicating with us, especially if you share a computer with others.

We also take internal company data protection very seriously. Our employees and the service companies commissioned by us have been obligated by us to maintain confidentiality and to comply with the provisions of data protection law.

 

Note on data transfers to the USA

For the sake of completeness, we would like to point out for users who are resident or domiciled in Switzerland that there are monitoring measures in place in the USA by US authorities which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without any differentiation, limitation or exception based on the objective pursued and without any objective criterion that would make it possible to limit the access of the U.S. authorities to the data and their subsequent use to very specific, strictly limited purposes that are capable of justifying the intrusion associated both with the access to these data and with their use. Furthermore, we would like to point out that in the U.S. there are no legal remedies available to data subjects from Switzerland that would allow them to obtain access to the data concerning them and to obtain its correction or deletion, or that there is no effective judicial legal protection against general access rights of U.S. authorities. We explicitly draw the attention of the data subject to this legal and factual situation so that he or she can make an appropriately informed decision to consent to the use of his or her data.

We would like to point out to users residing in a member state of the EU that, from the perspective of the European Union, the USA does not have a sufficient level of data protection – among other things due to the issues mentioned in this section. To the extent that we have explained in this Privacy Policy that recipients of data (such as Google) are located in the U.S., we will ensure either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU or Swiss-US Privacy Shield, respectively, that your data is protected with our partners with an adequate level.

 

Right to complain to a data protection supervisory authority

You have the right to complain to a data protection supervisory authority at any time.

Status: October 2019

This privacy policy is a machine translation from German.