Swiss Deluxe Hotels
Data Protection
Data protection declaration
Swiss Deluxe Hotels is an association according to Art. 60ff of the Swiss Civil Code (ZGB) which operates the “Swissdeluxehotels.com” Website and the associated SDH application and which is therefore responsible for the recording, processing and use of your personal data and ensuring that data processing activities are compatible with the applicable data privacy laws. Your confidence is important to us, which is why we take the issue of data protection seriously and strive to provide the corresponding security. We naturally comply with the statutory provisions of the federal act on data protection (DSG), the ordinance of the federal act on data protection (VDSG), the telecommunications act (FMG) and any other applicable data protection provisions under Swiss or EU law, in particular the General Data Protection Regulation (GDPR).
We would ask that you note the following information to ensure that you know which personal data we record and the purposes for which we may use it.
The address of our legal data protection representative in the EU is: Meyerlustenberger Lachenal, Brussels
A. Data processing in connection with our Website
1. Calling up our Website or application (App)
Each time our Website or App is visited, our servers temporarily save the access information in a log file. The following technical data is recorded during this process, and in general whenever a Web server is contacted, without further action on your part and is saved by us for 6 months.
- the IP address of the inquiring computer,
- the name of the owner of the IP address range (usually your Internet access provider),
- the date and time of access,
- the Website from which access was obtained (referrer URL) with the search term used if applicable,
- the name and URL of the retrieved file,
- the status code (e.g. error message),
- your computer’s operating system,
- the browser that you use (type, version and language),
- the transmission protocol used (e.g. HTTP/1.1) and
- if applicable, your user name from registration / authentication
- the data which you have entered personally in the App
This data is recorded and processed to allow for the use of our Website (connection establishment), to guarantee the security and stability of the system in the long term and to optimise our Internet offer as well as for internal statistical purposes. This justifies our interest in data processing in accordance with Art. 6 para. 1 f) DSGVO. The IP addresses will also be evaluated together with other data in the case of attacks on the network infrastructure or other unauthorised, improper Website use for clarification and control purposes and, where applicable, may be used within the framework of criminal proceedings to identify and take action against the users concerned under civil and criminal law. This justifies our legitimate interest in data processing in accordance with Art. 6 para. 1 f) DSGVO.
2. Registering with our newsletter
You have the option of signing up to our newsletter on our Website. You must register in order to do so. The following data must be provided for registration purposes:
- Title
- First name and surname
- Email address
The above-mentioned data is necessary for data processing purposes. We will only process this data in order to customise the information and offers that we send to you so that they can be adapted to your interests.
By registering you agree to our processing the data provided in order to send the newsletter on a regular basis to the address provided and for the statistical evaluation of usage patterns and the optimisation of the newsletter. This agreement constitutes our legal basis for the processing of your email address in accordance with Art. 6 para. 1 a) DSG-VO. We are authorised to commission third parties to deal with technical advertising activities and may pass on your data for this purpose (see point 13 below).
A link is provided at the end of every newsletter which allows you to unsubscribe at any time. When unsubscribing from the newsletter, you may provide us with your reasons if you wish. Your personal data will be deleted following your cancellation. Further processing may only be carried out on an anonymous basis in order to optimise our newsletter.
3. Purchasing vouchers
When you purchase vouchers via our Website or App, we require the following information in order to process the contract:
- Title
- First name and surname
- Name of a fellow traveller
- Postal address
- Email address
- Telephone number
- Fax number
- Number of vouchers
- Value of individual vouchers
- Name of recipient
We will process this data in order to complete your voucher purchase as requested, to contact you in the event of ambiguities or problems and to guarantee the correct payment.
The legal basis for data processing for this purpose is guaranteed by the fulfilment of a contract according to Art. 6 para. 1 b) DSGVO.
4. Cookies
Cookies help in many ways to make your visit to our Website simpler, more pleasant and more relevant. Cookies are information files which your Web browser automatically saves on your computer's hard drive when you visit our Website.
We use cookies, for example, so that we can temporarily save your selected services and entries when you complete a form on the Website so that you do not have to re-enter this information when you visit another sub-page. Cookies may also be used to enable us to identify you as a registered user after you have registered on the Website without you having to log in again when you visit another sub-page.
Most Internet browsers accept cookies automatically. However, you can configure your browser so that cookies cannot be stored on your computer or a notification appears each time you receive a new cookie. The following pages provide information on how to configure the processing of cookies with the most common browsers:
- Microsoft Windows Internet Explorer
- Microsoft Windows Internet Explorer Mobile
- Mozilla Firefox
- Google Chrome for desktop
- Google Chrome for mobile
- Apple Safari for desktop
- Apple Safari for mobile
If you deactivate cookies, you may find that you are not able to use all the functions of our Website.
5. Tracking tools
a.) General information
We use the Google Analytics Web analysis service for the purpose of tailoring our Website to market requirements and optimising it on a continual basis. In this context, user profiles are created under a pseudonym and small text files which are stored on your computer (“cookies”) are used. The information created by the cookie relating to your use of this Website is transferred to the service provider's server where it is stored and prepared for us. We may also receive the following information in addition to the data referred to in point 1:
- Navigation path followed by the site user,
- Time spent on the Website or a sub-page,
- the sub-page from which the Website is left,
- the country, region or city in which the site is accessed,
- the end device (type, version, colour depth, resolution, width and height of the browser window) and
- returning or new visitors.
The information is used to evaluate the use of the Website, to compile reports on Website activities and to provide additional services associated with Website and Internet use for market research purposes and to tailor the Website to market requirements. This information may also be passed on to third parties if this is stipulated by law or if third parties process this data on order.
b.) Google Analytics
The provider of Google Analytics is Google Inc., a firm which is part of the holding company Alphabet Inc based in the USA. Before data is transmitted to the provider, the IP address is abbreviated by activating IP anonymization (“anonymizeIP”) on this Website within the member states of the European Union or other contracting states which are parties to the Agreement on the European Economic Area. The anonymised IP address transmitted from your browser using Google Analytics is not merged with other Google data. The full IP address will only be transmitted to a Google server in the USA and abbreviated there in exceptional cases. In these cases, we will ensure that Google Inc. adheres to an appropriate level of data protection on the basis of contractual guarantees. According to Google Inc., IP addresses must under no circumstances be associated with other data concerning the user. Further information on the Web analysis services used can be found on the Google Analytics Website. An introduction to how to prevent your data from being processed by the Web analysis service can be obtained from http://tools.google.com/dlpage/gaoptout?hl=de.
c.) Hotjar
Hotjar is a technology service that helps us better understand our users' experiences (e.g. how much time they spend on which pages, which links they click, what users like and don't like, etc.) and enables us to build and maintain our service based on user feedback. Hotjar uses cookies and other technologies to collect data about the behavior of our users and their devices. This includes a device's IP address (which is processed during your session and stored in anonymized form, device screen size, device type (unique device identifiers), browser information and the geographical location (country only). Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.
B. Saving and exchanging data with third parties
6. Central storage and linking of data
We store the data referred to in points 2-5 and 8-10 in a central electronic data processing system. The data which concerns you will be systematically recorded and linked for the processing of your bookings and the provision of contractual services. Therefore we use a software from [reconline AG, Staldenstrasse 58, 3920 Zermatt, Switzerland]. The processing of this data with software is justified by our legitimate interest in customer-friendly, efficient customer data administration according to Art. 6 para. 1 f) DSGVO.
7. Retention period
We will only retain personal data for as long as is necessary in order to use the above-mentioned tracking services and to carry out additional processing within the framework of our legitimate interests. Contractual data will be kept for a longer period as specified by the statutory retention obligations. Retention obligations which commit us to retaining data stem from the provisions governing notification rights and reporting and from the law on taxation. According to these provisions, business communication, contracts concluded and accounting records are to be kept for up to 10 years. If we no longer require this data for the provision of services on your behalf, if will be blocked. This means that the data can only be used for reporting and tax-related purposes from this point onwards.
8. Passing data on to third parties
We will only pass on your personal data if you have specifically authorised us to do so, a legal obligation exists or if this is necessary for the enforcement of our rights, in particular the enforcement of claims stemming from the contractual relationship. Moreover, we will only pass your personal data on to third parties if this is necessary within the framework of the use of the Website and the fulfilment of the contract (including outside of the context of the Website), namely to process your bookings. Our Web host IWAY AG, Badenerstrasse 569, CH-8048 Zurich is a service provider to whom the personal information obtained via the Website may be transmitted and who has or may have access to this information. The Website is hosted on servers in Switzerland. Data may be transmitted for the purpose of preparing and maintaining the functionalities of our Website. This justifies our legitimate interest in accordance with Art. 6 para. 1 f) DSGVO.
Your booking requests as described in point 3 are transmitted to “swisshotels.com” or the Switzerland Travel Centre, Binzstrasse 38, CH-8045 Zürich for complete processing.
We should also point out that the firm Swisskonzept AG, Kantonsstrasse 79, 8807 Freienbach has been entrusted with the management and administration of certain areas of the Swiss Deluxe Hotels. The employees of Swisskonzept AG are bound by this data protection declaration in its entirety.
Reference should also be made to the information in points 6 and 7in relation to the passing on of data to third parties.
9. Transferring personal data abroad
We are authorised to transfer your personal data to third-party firms (commissioned service providers) abroad for the purposes of the data processing described in this data protection declaration. These firms are bound by the same data protection requirements as we are. If the data protection level applying in a particular country does not correspond to that of Switzerland or Europe, we will ensure on a contractual basis that your personal data will be protected on the same level as that applying in Switzerland or the EU.
C. Additional information
10. Right to the disclosure, correction, cancellation and limitation of processing; right to data transferability
You have the right to obtain information on your personal data that we store upon request. You also have the right to correct inaccurate data and to cancel your personal data provided that this is not prevented by a statutory retention obligation or authorisation which allows us to process the data. Furthermore, you have the right to request that we return data which you have transmitted to us (right to data portability). We will also pass data on to a third party of your choice upon request. You have the right to receive data in a common file format. You can contact us in this context at the following email address: [email protected]. We may request proof of identity at our discretion for the processing of your requests.
11. Data security
We use appropriate technical and organisational security measures in order to protect your personal data that we store against manipulation, total or partial loss and unauthorised third party access. Our security measures are continually being improved in line with technological developments. You should always treat your login details as confidential and close the browser window when you have finished communicating with us, particularly if you share your computer with other people. We also take in-house data protection very seriously. Our employees and the service providers commissioned by us are bound to respect secrecy and to comply with the data protection provisions.
12. Information on data transmission in the USA
For the sake of completeness, we should point out for users who reside or are based in Switzerland that supervisory measures are applied in the USA by the US authorities which allow for the storage of all personal data concerning individuals whose data has been transmitted from Switzerland to the USA. This applies without differentiation, limitation or exception based on the aim pursued and without an objective criterion, which allows for the limitation of access by the US authorities to data and its subsequent use to specific, strictly limited purposes, which could justify intervention associated with accessing this data as well as its use. We should also point out that no legal remedy exists in the USA for Swiss individuals concerned to allow them to obtain access to their personal data and to correct or cancel this data and no effective legal protection is provided against the general access rights of US authorities. We wish to make those concerned aware of this legal and factual situation so that they can make an informed decision about authorising the use of their data. Users who reside in a member state of the EU should be informed that the level of data protection existing in the USA is not sufficient from the point of view of the European Union on account of the issues outlined in this section. Insofar as we have explained in this data protection declaration that recipients of data (e.g. Google) are based in the USA we will guarantee, either by means of contractual regulations concerning these firms or by guaranteeing their certification under the EU or Swiss-US Privacy Shield, that their data will be protected by our partners to an appropriate level.
13. Right to lodge a complaint with a supervisory authority for data protection
You have the right to submit a complaint at any time to the supervisory authority for data protection.
Status: May 2023