Data Privacy Statement

We, the  Hotel du Nord AG, Höheweg 70, 3800 Interlaken, Switzerland, are the operators of the hotel and website www.hotel-dunord.ch and, unless specified otherwise, we are responsible for processing the data included in this Data Privacy Statement.

Please read the following information which outlines which personal data we collect from you and how we use it. Our data protection policy is based primarily on the statutory requirements of Swiss data protection legislation, specifically the Federal Law on Data Protection (DSG), and also the EU-GDPR, whose provisions may be applicable in individual cases.

Please be aware that the following information may be revised and amended from time to time. For this reason, we recommend that you regularly view this Data Privacy Statement. Furthermore, other companies have data privacy responsibility for some of the specific data handling actions listed below, or may share responsibility with us, meaning that in these cases, information from these providers is also relevant.

 

Contact partners for data privacy

If you have questions on data privacy or would like to exercise your rights regarding data privacy, please contact our data privacy officer by sending an e-mail to the following address: garry.lock@hotel-dunord.ch

You can contact our EU data privacy representative at:

VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
info@datenschutzpartner.eu
https://datenschutzpartner.eu

 

Your rights

Provided the statutory requirements have been met, you have the following rights as a data subject:

  • Right to information: If we process your personal data, you may ask to view the data stored by us at any time and without charge. You thus have the opportunity to check which personal data we are processing about you, and to ensure that we are using this data in accordance with the valid data protection provisions.
  • Right to correction: You may ask to have incorrect or incomplete personal data corrected and to be informed about this correction. In this case, we shall inform the recipient of the data in question of the amendments made, provided this is possible and does not require a disproportionate effort.
  • Right to deletion: You may request deletion of your personal data under certain conditions. In isolated cases, specifically with regard to statutory retention requirements, the right to deletion may be excluded. In this case, under the given requirements, the data may be blocked and not deleted.
  • Right to restriction of processing: You may request that processing of your personal data is limited.
  • Right to data transfer: You may receive the personal data you have provided to us in a legible format, without charge.
  • Right of objection: You may object to data processing at any time, specifically for data processing related to direct advertising (e.g., advertising e-mails).
  • Right of withdrawal: You have a basic right to revoke your consent at any time. However, past processing activities for which your consent was given do not become illegitimate with your withdrawal.
  • Right of complaint: You may submit a complaint to a responsible supervisory authority, for example, in relation to the way in which your personal data is processed.

To exercise these rights, please send us an e-mail at the following address: info@hotel-dunord.ch.

 

Data privacy

We use appropriate technical and organisational security measures to protect against the loss or unlawful processing of the personal data we hold, in particular to protect against unauthorised access by a third party. We require our employees and the service companies instructed by us to observe confidentiality and to safeguard data privacy. Furthermore, these persons are only granted access to personal data to the extent necessary to fulfil their tasks.

Our security measures are continuously amended in accordance with technological developments. However, the transmission of information via the internet and electronic communication methods always involves a certain level of security risk and we cannot make any absolute guarantee for the security of information transmitted in this way.

 

Note on data transmission to the USA

For reasons of completeness, we would like to advise users who are resident or work in Switzerland that, in the USA, the US authorities implement supervisory measures which generally enable all personal data to be saved for all persons whose data has been transmitted from Switzerland to the USA. This takes place with no differentiation, restriction or exception of the goal, and with no objective criteria to enable access to the data by the US authorities and subsequent use of the data to be restricted to a specific, strictly limited purpose which may justify either access to this data or intervention associated with the use of the data. We would also like to point out that there are no legal remedies in the USA for persons from Switzerland which would allow them to access the data in question, and to have it corrected or deleted, or rather, there is no effective legal protection against the general access rights granted to US authorities. We are advising affected persons of this legal situation so they can make an appropriately informed decision on providing consent for the use of their data.

We would like to advise users who are resident in an EU member state that, from the perspective of the European Union – based the topics mentioned in this section, amongst others – the USA does not have an adequate level of data privacy. Where we have outlined in this Data Privacy Statement that recipients of data (for example, Google) are located in the USA, we will ensure that your data held by our partners has an adequate level of protection either through contractual regulations with this company or through certification of this company under the EU or Swiss-US Privacy Mark.

 

Contact with us

If you contact us via our contact addresses and channels (e.g., via e-mail, telephone, or contact form), your personal data will be processed. The data that you have provided to us, e.g., the name of your company, your name, your function, e-mail address or telephone number, and your issue, is processed. We also document the time of receipt of the query. Mandatory information is flagged with an asterisk (*) in the contact form.
We process your data only for dealing with your issue (e.g., providing information about our hotel, support with contract execution, for example, booking queries, inclusion of your feedback in order to improve our service etc.). The legal basis for this data processing is our legitimate interest in the sense of Art. 6 (1) lit. f EU-GDPR for dealing with your issue, or, if your query is in relation to the conclusion or settlement of a contract, the requirement for performance of the required measures in the sense of Art. 6 (1) lit. b EU-GDPR.

 

Central data storage and analysis in the CRM system

If data can be uniquely assigned to you, we will save and link the data described in this Data Privacy Statement, specifically your personal details, communication, contract data and browsing habits on our website, in a central database. This enables efficient administration of customer data and allows us to respond to your issue appropriately so we can effectively provide the services required by you and fulfil the associated contracts. The legal basis for this data processing is our legitimate interest in the sense of Art. 6 (1) lit. f. EU-GDPR for the efficient administration of user data.

We evaluate this data in order to further develop our offerings according to needs, and to display and suggest information and offerings that are as relevant as possible. We also use methods which predict interests and future orders based on your website use. The legal basis for this data processing is our legitimate interest in the sense of Art. 6 (1) lit. f. EU-GDPR for the implementation of marketing actions.

 

Automation and Artificial Intelligence (AI)

We may process personal data automatically or use artificial intelligence to process personal data. We may use profiling to automatically evaluate certain personal aspects relating to data subjects. Profiling serves, for example, to analyse or predict interests, behaviour or personal preferences. We will inform you on a case-by-case basis about decisions that are based solely on the automated processing of personal data and which have legal consequences for the data subjects or significantly affect them (automated individual decisions).

 

Forwarding to third parties and access by third parties

Without the support of other companies, we would not be able to provide our offerings in the required form. So that we can use the services provided by these companies, it is also necessary, to a certain extent, to pass on your personal data. Data may be passed on in this case if this is necessary for fulfilment of your required contract, this means, for example, it may be passed to restaurants or other third-party providers with whom you have made a reservation. If data is passed on as in this case, the legal basis is the requirement for fulfilment of the contract in the sense of Art. 6 par. 1 lit. b EU-GDPR.

Data may also be passed to selected service providers but only to the extent required for provision of the service. This generally refers to IT service providers (such as providers of software solutions), advertising agencies, consulting companies. The legal basis for passing on of data in this case is our legitimate interest in the sense of Art. 6 (1) lit. f. EU-GDPR for the purchase of third-party services.

Moreover, your data may be passed on, specifically to authorities, legal advisors or collection agencies, if we are legally obliged to do so, or if this is necessary to safeguard our rights, specifically for the enforcement of rights resulting from our relationship with you. Data may also be passed on if another company intends to purchase our company or parts thereof and passing on of the data is necessary for a due diligence check or for execution of the transaction. The legal basis for passing on of data in this case is our legitimate interest in the sense of Art. 6 (1) lit. f EU-DSGVO for safeguarding our rights and compliance with our obligations, or for the sale of our company.

One service provider to whom data collected on the website is passed or who has, or can have, access to this data is our web hoster Netfuchs GmbH, untere Bönigstrasse 10a, 3800 Interlaken, Switzerland. The website is hosted on servers in the Federal Republic of Germany. Data is passed on for the purpose of providing and maintaining the functionality of our website. This establishes our legitimate interest in the context of Art. 6 (1) lit. f GDPR.

 

Transmission of personal data to a foreign country

We are permitted to transfer your personal data to third parties abroad if this is necessary for execution of the data processing specified in this Data Privacy Statement (see specifically sections 16-20). In this case, the statutory regulations for disclosure of personal data to third parties are observed as a matter of course. If the country in question does not provide an adequate level of data privacy, we implement contractual regulations to ensure that your data is adequately protected by this company.

We only store personal data for as long as is necessary to complete the processing outlined in this Data Privacy Statement within the scope of our legitimate interest. Contractual data must be stored in accordance with the statutory retention requirements. The requirement to store data may arise from reporting provisions and from fiscal regulations. In accordance with these regulations, business communication, concluded contracts and posting documents must be stored for up to 10 years. As soon as this data is no longer needed for fulfilment of the services for you, the data is blocked. This means that the data may then only be used if required for fulfilment of retention requirements or to defend and enforce our legal interests. The data is deleted as soon as there is no longer a retention requirement and there is no legitimate interest in its storage.

 

A. Data processing in connection with our website

1. Accessing our website

Use of the internet site for the Hotel Du Nord, Höheweg 70 in 3800 Interlaken, is generally possible without specification of any personal data. If you would like to use our website as a user of specific services - in particular, the online booking option - processing of personal data may be required. This data is not passed to third parties without your explicit consent and is used only to process your query.
We would like to point out that, in spite of all measures taken, data transfer via the internet (e.g., in an e-mail communication) may present security gaps and, as a result, it is not possible to protect data from third-party access in all cases.

 

2. SSL encryption / HTTPS protocol

To protect the transfer of confidential data via the forms on this website and for security reasons, we use SSL encryption technology. You can recognise an encrypted connection with "https://” in the address bar and the lock symbol displayed in the browser. Data that is encrypted using SSL cannot be read by third parties during transmission.

 

3. Access data / server log files

With each visit to our website, the servers from our hosting provider Netfuchs GmbH, untere Bönigstrasse 10a, 3800 Interlaken, Switzerland, temporarily store each access in a log file. The following data is thus recorded without your intervention and is stored until it is automatically deleted by us:

  • the IP address for the querying computer (pseudonymised, creation of a  personal reference is no longer possible),
  • the name of the owner of the IP address range (usually your internet access provider),
  • the date and time of the visit,
  • the website from which the visit is made (referrer URL), if applicable with search term used,
  • the name and URL of the accessed file,
  • the status code (e.g., error message),
  • the operating system used by your computer,
  • the browser used by you (type, version and language),
  • the transfer protocol used (e.g., HTTP/1.1), and
  • if applicable, your user name from registration / authentication.

The purpose of collecting and processing this data is to enable use of our website (connection creation), to ensure long-term system security and stability, to optimise our internet offering, and also for internal statistical purposes. This establishes our legitimate interest in the context of Art. 6 (1) lit. f GDPR. The IP address is also used together with the other data for clarification and defence purposes if the network infrastructure is attacked or if the website is used in another unauthorised or improper manner, or if applicable, for identification in the case of criminal proceedings or for civil and criminal action against the user in question. This establishes our legitimate interest in data processing in the context of Art. 6 (1) lit. f GDPR.

 

4. Booking on the website, via correspondence or telephone call

If you make bookings or use vouchers via our website, via correspondence (e-mail or letter), or via a telephone call, we collect the following data. Mandatory information is marked with an asterisk (*) in the corresponding form:
title

  • first name
  • last name
  • street and house number
  • postal code and town/city
  • country
  • date of birth
  • e-mail address
  • telephone number
  • language
  • credit card information

For bookings made directly via our website, we work with the booking system from Hotelpartner GmbH, Chaltenbodenstrasse 16, 8834 Schindellegi. To process the contract, personal data is collected and forwarded to us via e-mail. This data is:

  • title
  • first and last name
  • address
  • postal code and town/city
  • country
  • e-mail address
  • telephone number
  • credit card information

We only use this data and other information voluntarily provided by you (e.g., expected arrival time, car registration, preferences, notes) to process the contract, unless specified otherwise in this Data Privacy Statement, or if you have not consented separately to this. We process the data to record your booking as per your requirements, to provide the booked services, to contact you in the case of queries or problems, and to ensure the correct payment. Your credit card data is automatically deleted on your departure from us.
The legal basis for data processing for this purpose comes from fulfilment of a contract as per Art. 6 (1) lit. b EU-GDPR, or rather, your consent as per Art. 6 (1) lit. a EU-GDPR. You can withdraw your consent at any time with future effect.

 

5. Online job applications / publication of job vacancies

We provide the facility to apply for our job with us via our internet site. With these digital applications, your applicant and application data is collected and processed by us electronically in order to conduct the application process. If an employment contract is concluded following the application process, we store the data transmitted for the application in your personnel file for the purpose of standard organisation and administrative processes - this is, of course, in accordance with continued legal obligations. The legal basis for the data processing arises from the execution of precontractual measures and in our legitimate interest as per Art. 6 (1) lit. b and f GDPR. For further data processing, the legal basis arises from the consent provided by you as per Art. 6 (1) lit. a GDPR. If an application is rejected, we automatically delete the data transmitted to us two months after communication of the rejection. However, the data is not deleted if statutory provisions require a longer data storage period of up to four months, or until the conclusion of a legal process.

If you explicitly consent to your data being stored for a longer period of time, for example, for inclusion in a database of applicants or interested parties, the data shall be processed according to your consent. The legal basis is then Art. 6 (1) lit. a GDPR. You can of course revoke your consent at any time with future effect in accordance with Art. 9 (3) GDPR by contacting us.

 

6. Cookies

Cookies are information files saved by your web browser on the hard drive or in the memory of your computer when you visit our website. Cookies are assigned to identification numbers which can be used to identify your browser and read the information contained in the cookie.
One function of cookies is to make your visit to our website easier, more enjoyable and more useful. We use cookies for different purposes, and these are necessary so you can use our website as you wish, these are “technically necessary”. For example, we use cookies to temporarily store your selected services and entries when completing a form on the website so that you do not need to repeat the entries when you call a subpage. Cookies also carry out technical functions required for the operation of the website, such as load balancing, in other words, distribution of the capacity load for the page to different web servers to free up the servers. Cookies are also used for security purposes, for example, to stop unauthorised posting of content. Finally, we also use cookies in the design and programming of our website, for example, to enable uploading of scripts or codes.

The legal basis for this data processing is our legitimate interest in the sense of Art. 6 (1) lit. f. EU-GDPR for the provision of a user-friendly and modern website.

Most internet browsers accept cookies automatically. However, when you visit our website, we ask for your consent for the cookies we use that are not technically necessary, specifically for the use of cookies from third parties for marketing purposes. You can configure the settings you require via the corresponding buttons in the cookie banner. Details on the services and data processing associated with the individual cookies are available within the cookie banner and in the following sections of this Data Privacy Statement.

In addition, where possible, you can also configure your browser so that no cookies are stored on your computer, or so that a notification always appears if you receive a new cookie. The following pages provide explanations of how you can configure the processing of cookies on selected browsers.

Cookie settings in Google Chrome
Cookie settings in Firefox
Cookie settings in Microsoft Edge
Cookie settings in Apple Safari

Deactivating cookies may mean that you cannot use all functions on our website.

 

7. Tracking & web analysis tools

We use the web analysis services listed below to ensure the needs-based design and continuous optimisation of our website. In this context, pseudonymised usage profiles are created and cookies are used (see also section 15). The information generated by the cookies relating to your use of this website and the logfile data listed in section 13 are usually transferred to a server managed by the service provider, where they are saved and prepared. This may include transfer to a server in a foreign country, e.g., the USA (cf. section 9, esp. guarantees).
Following preparation of the data, the information we receive includes the following:

  • navigation path taken by a user (incl. content viewed and selected, or products purchased or services booked),
  • time spent on the website or subpage,
  • the subpage from which the website is left,
  • the country, region or city from where the visit is made,
  • end device (type, version, colour depth, width and height of browser window) and
  • whether the visitor is returning or a new visitor.

The service provider uses this information on our behalf to evaluate the use of the website, to compile reports for us relating to website activities and to provide addition services relating to website usage and internet usage for the purposes of market research and the needs-design of these internet pages. For this type of data processing, we and the provider can, to a certain extent, be considered to have joint responsibility for data privacy.

The legal basis for data processing with the following tools is your consent in the sense of Art. 6 (1) lit. a EU-GDPR. You can revoke your consent or reject the data processing at any time by rejecting or disabling the relevant cookies (see also section 15) or by using the service-specific options described below.

For further processing of the data by the respective service provider as the (sole) party responsible for data privacy, specifically the possible passing on of this information to third parties such as authorities in accordance with national statutory requirements, please see the respective data privacy information of the provider.

 

Matomo (formerly: “PIWIK”)

This website uses the analysis software Matoma (formerly: “PIWIK”). This is open source software which can analyse the use of the internet site. In doing so, your IP address, the website pages you visit, the website from which you switched to this website (referrer URL), the length of time spent on the website, and also the frequency of visits to individual pages within this website are processed on the hosting provider’s server. To collect this data, Matomo saves a cookie on your end device via your internet browser.

However, we use Matomo with the anonymisation function “Automatically Anonymize Visitor IPs”. This anonymisation function reduces your IP address by two bytes so that an assignment to you or to the internet connection used by you is impossible. If you do not agree with this processing action, you can prevent the saving of cookies by means of a setting in your internet browser, For more information, see below under “Cookies”.

You can also terminate the analysis of your usage behaviour using an opt-out. By confirming the link:

8. Use of social media plug-ins

Our website includes links to our profiles in the social media networks of the following providers:

  • Meta Platforms Inc., 1601 S California Ave, Palo Alto, CA 94304, USA;
  • Instagram Inc. 1601 Willow Road, Menlo Park, CA 94025, USA;

If you click on the icons for the social networks, you are automatically taken to our profile page in the respective network. In doing so, a direct connection is created between your browser and the server of the respective social network. This means that the network receives the information that you have visited our website with your IP address and have clicked on the link.

If you click on a link to a network while you are logged in to your user account with the network in question, the content of our website can be linked to your profile so that the network can assign your visit to our website directly to your account. If you want to prevent this from happening, you should log out before you click on the link. A connection between your visit to our website and your user account is also always created when you log on to the respective network after clicking the link. The respective service provider has responsibility for data privacy with regard to the associated data processing. Please see the information on the website for the network.

The legal basis for any data processing which may be attributed to us is our legitimate interest in the sense of Art. 6 (1) lit. f EU-GDPR in the use and promotion of our social media profiles.

 

Social media plug-ins from Meta (formerly Facebook)

On our website, you can use social plug-ins from the following providers:

  • Meta Platforms Inc., 1601 S California Ave, Palo Alto, CA 94304, USA, Data privacy information;
  • Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, Data policy;

We use social plug-ins to make it easier for you to share content from our website. The social plug-ins help us to increase the noticeability of our content in social networks and, in this respect, to improve our marketing.

The plug-ins are deactivated on our website as standard and thus do not send data to the social networks if you simply visit our website. To increase data privacy, we have embedded the plug-ins in such a way that no automatic connection is created with the network servers. Your browser only creates a direct connection to the servers of the respective social network when you activate the plug-ins and thus give your consent to the data transfer and further processing of data by the providers of the social networks.

The content of the plug-in is transmitted directly to your browser from the social network and integrated in the website. In this way, the respective provider receives the information that your browser has called the relevant page of our website, even if you do not have an account with this social network or are not currently logged in. This information (including your IP address) is transmitted by your browser directly to one of the provider’s servers (usually in the USA) and saved there. We have no influence on the scope of data collected by the provider with the plug-in, although, from a data privacy perspective, we can, to a certain extent, be considered jointly responsible with the providers.

If you are logged in to a social network, the plug-in can assign your visit to our website directly to your user account. When you interact with the plug-ins, the corresponding information is also transmitted directly to one of the provider’s services and saved there. Information (e.g., that you like a product or service of ours) is also published on the social network and, in certain circumstances, is displayed to other users of the social network. Where appropriate, the provider of the social network uses this information to switch advertising and for the needs-based design of the respective offer. Usage, interest, and relationship profiles can also created for this purpose, for example, to evaluate your use of our website with regard to the advertising shown on the social network, to inform other users about your activities on our website, and to provide other services associated with the use of the social network. For information on the purpose and scope of data collection, further processing, and use of the data by the provider of the social networks, and your relevant rights and configuration options for protecting your privacy, please see the data privacy notices for the respective provider.

If you do not want the provider of the social network to assign the data collected via our website to your user account, you must log out from the social network before the plug-in is activated. The legal basis for this data processing is your consent in the sense of Art. 6 (1) lit. a EU-GDPR. You can withdraw your consent at any time by informing the provider of the plug-in of your withdrawal in accordance with the data privacy notices.

 

9. Tools & plug-ins

OpenStreetMap

On our website, we use map excerpts provided by the OpenStreetMap Foundation to display our location. The provider is the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom.

To use the features of OpenStreetMap, it is necessary to process your IP address. This information is usually transmitted to and stored on OpenStreetMap servers. We have no influence on this data processing.

The use of OpenStreetMap is in the interest of an appealing presentation of our online services and to make it easy to find the locations specified on our website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.

Further information on how user data is handled can be found in OpenStreetMap’s privacy policy:
https://wiki.osmfoundation.org/wiki/Privacy_Policy

 

 
10. Online advertising and targeting

We use the services of different companies to provide you with interesting online offerings. In doing so, your use of our websites and the websites of other providers is analysed so that online adverts can be displayed which are targeted to you individually.

Most technologies for tracking your user behaviour (“tracking”) and for the targeted display of advertising (“targeting”) work with cookies so that your browser can be recognised across different websites. Depending on the provider, it is also possible that you may also be identified online through the use of different end devices (e.g., laptop and smartphone). This may be the case if, for example, you have registered for a service that you use across several devices.

In addition to the above data, which is created when websites are visited (“log file data”) and when cookies are used, and which may be passed to the companies participating in advertising networks, the following data is also included in the selection of the advertising that is potentially most relevant for you:

  • personal information which you may have provided when registering for or using a service provided by advertising partners (e.g., gender, age group).
  • user behaviour (e.g., search queries, interactions with advertising, type of websites visited, products or services viewed or purchased, newsletter subscriptions).

We and our service providers use this data to identify whether you belong to the target group addressed by us, and take this into account in the selection of advertisements. For example, when you have visited our site, advertisements from the products or services you have already consulted may be displayed when you visit other sites (“re-targeting”). Depending on the scope of the data, a user profile may also be created. This is evaluated automatically, and the advertisement selected according to the information stored in the profile, for example, membership of particular demographic segments or potential interests or behaviours. Such advertisements may be presented on various channels, which, as well as our website and app (within the framework of on-site and in-app marketing), also include advertising communicated via online advertising networks used by us, for example, Google.

The data can then be evaluated for invoice settlement with the service provider and for assessment of the effectiveness of advertising measures in order to better understand the needs of our users and customers and to improve future campaigns. This may also include the information that the execution of an action (e.g., visiting specific sections of our website or sending information) is due to a particular advertisement. Furthermore, we also receive aggregated reports from our service providers on the advertising activities and information on how users interact with our website and our advertising.

The legal basis for this data processing is your consent in the sense of Art. 6 (1) lit. a EU-GDPR. You can withdraw your consent at any time by rejecting or disabling the relevant cookies in your browser settings (see section 15). The relevant service providers, for example, Google, also provide information on further options for blocking advertisements.


Payment processing online

If you make chargeable bookings or purchase products on our website, additional data must be provided depending on the product or service and the required payment type, for example, your credit card information or the log-in for your payment service provider. This information, and also the fact that you have purchased a service from us costing the specified amount at the specific time, are passed on to the relevant payment service provider (e.g., provider of payment solutions, credit card issuer and credit card acquirer). Please always see the information provided by the respective company, specifically their data privacy statement and General Terms and Conditions. The legal basis for this transmission comes from fulfilment of a contract as per Art. 6 (1) lit. b EU-GDPR.

 

Booking via booking platforms

If you make a booking via a third-party platform (i.e., via booking.com, Hotel, Escapio, Expedia, Holidaycheck, Hotel Tonight, HRS, Kayak, Mr. & Mrs. Smith, Splendia, Tablet Hotels, Tripadvisor, Trivago, Weekend4Two), we receive personal information relating to the booking made from the respective platform operator. This is usually the data listed in point 13 of this Data Privacy Statement. Queries about your booking are also passed to us. We use this data to record your booking requirements and to provide the booked services. The legal basis for data processing for this purpose comes from the execution of precontractual measures and fulfilment of a contract as per Art. 6 (1) lit. b EU-GDPR.
Finally, we may be informed by the platform operators about disputes relating to a booking. In this case, we may also, in some cases, receive data relating to the booking process, which may also include a copy of the booking confirmation as proof of the actual booking agreement. We process this data to safeguard and exercise our rights. This establishes our legitimate interest in the context of Art. 6 (1) lit. f GDPR.
Please also see the data privacy information on the respective booking platform.


B. Data processing relating to your stay

11. Data processing for fulfilment of statutory reporting obligations

When you arrive at our hotel, we require the following (“mandatory”) information from you and, if applicable, your companions

  • first and last name*
  • postal address and canton*
  • date of birth*
  • nationality*
  • official identification card and number*
  • date of arrival and departure*

We collect this information to comply with statutory reporting obligations based specifically on legislation governing the hospitality industry and the police. If required by the applicable regulations, we pass on this information to the responsible police authority. This data is processed in accordance with a statutory obligation in the sense of Art. 6 (1) lit. c EU-GDPR. Our legitimate interest comes from fulfilment of the statutory requirements in the sense of Art. 6 (1) lit. f GDPR.

 

12. Recording purchased services

If you purchase additional services during your stay (e.g., wellness, restaurant, activities), the service and time of service purchase are recorded by us for accounting purposes. Processing of this data is necessary in the sense of Art. 6 (1) lit. b EU-GDPR for fulfilment of the contract with us.

 

13. Video surveillance

To prevent abuses and unlawful behaviour (esp. theft and property damage), the reception area and public areas of our hotel are monitored by video cameras. The image data is only viewed if there is suspicion of unlawful behaviour. Otherwise, the image recordings are automatically deleted after 72 hours.

The video surveillance system is provided by a service provider who can have access to the data if this is necessary for provision of the system. If the suspicion of unlawful behaviour is confirmed, the data can be passed on to consulting companies (specifically our solicitor) or to authorities to the extent required for the assertion of claims or for filing a report.

The legal basis is our legitimate interest in the sense of Art. 6 (1) lit. f EU-GDPR for the protection of our property and safeguarding and exercising our rights.

 

14. Use of our WiFi network

At our hotel, you may use the WiFi network operated by Kabelfernsehen Bödeli AG, Weissenaustrasse 56, 3800 Unterseen free of charge. To prevent abuses and unlawful behaviour, prior registration is required. In doing so, you transmit the following data to Kabelfernsehen Bödeli AG:

  • MAC address of the end device (automatic)

In addition to the above data, data on the hotel visited and time, date, and end device is also recorded each time the WiFi network is used. The legal basis for this data processing is your consent in the sense of Art. 6 (1) lit. a EU-GDPR. The customer can withdraw his registration at any time by notifying us.

Kabelfernsehen Bödeli AG must comply with statutory obligations specified in federal law with regard to Surveillance of Post and Telecommunications (BÜPF) and the associated regulations. Provided the statutory requirements are met, the operator of the WiFi must monitor the use of the internet and data traffic on behalf of the responsible authorities. The WiFi operator may also be obliged to disclose the contact, usage, and peripheral data for the customer to the authorised authorities. The contact, usage and peripheral data is kept for individuals for 6 months and is then deleted.

The legal basis for this data processing is our legitimate interest in the sense of Art. 6 (1) lit. f. EU-GDPR for the provision of a WiFi network in compliance with applicable statutory regulations.

 

15. Payment processing

If you purchase products or services at our hotel or pay for your stay using electronic payment methods, processing of personal data is necessary. By using the payment terminal, you transmit information stored within your payment method, such as the name of the card holder and card number, to the payment service provider involved (e.g., provider of payment solutions, credit card issuers and credit card acquirers). These parties also receive the information that the payment method has been used in our hotel, the payment amount, and the time of the transaction. In return, we only receive the credit amount for the payment at the corresponding time, which we can assign to the relevant document number, or information that the transaction was not possible or has been terminated.

Please always see the information provided by the respective company, specifically their data privacy statement and General Terms and Conditions. The legal basis for this transmission comes from fulfilment of the contract with you as per Art. 6 (1) lit. b EU-GDPR.

 

16. Timeliness and amendment to this Data Privacy Statement

This Data Privacy Statement is currently valid as from September 2023. We have written to the best of our knowledge and belief. As a result of further development of our website and offerings and amendments to statutory or official regulations, it may be necessary to amend this Data Privacy Statement. The most recent Data Privacy Statement can be viewed and printed from our website at any time.

Date: April 2026