Privacy Policy

Hotel Gotthard Schönau am See AG operates the SeeHotel Gotthard and is the operator of the website www.gotthard-weggis.ch and is therefore responsible for the collection, processing, and use of your personal data and for ensuring that data processing complies with applicable data protection laws.

So that you know which personal data we collect from you and for what purposes we use it, please take note of the following information.

The address of our data protection representative in the EU is:
Philippe Nanzer, Gotthardstrasse 11, 6353 Weggis, gotthard@gotthard-weggis.ch

A. Data Processing in Connection with Our Website

  1. Accessing Our Website

When you visit our website, our servers temporarily store every access in a log file. The following technical data is collected automatically, as is generally the case with every connection to a web server, and stored by us until automatic deletion after no later than 12 months:

  • the IP address of the requesting computer,
  • the name of the owner of the IP address range (usually your internet access provider),
  • the date and time of access,
  • the website from which access occurred (referrer URL), including any search term used,
  • the name and URL of the retrieved file,
  • the status code (e.g. error message),
  • your computer’s operating system,
  • the browser you use (type, version, and language),
  • the transmission protocol used (e.g. HTTP/1.1), and
  • where applicable, your username from a registration/authentication.

The collection and processing of this data is carried out for the purpose of enabling the use of our website (establishing a connection), ensuring the long-term security and stability of the system, optimizing our internet offering, and for internal statistical purposes. This constitutes our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR.

The IP address is also analyzed together with the other data in the event of attacks on the network infrastructure or other unauthorized or abusive use of the website for clarification and defense purposes and, if necessary, used within the framework of criminal proceedings for identification and civil or criminal action against the users concerned. This also constitutes our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

  1. Use of Our Contact Form

You have the option of using a contact form to get in touch with us. The following information is mandatory:

  • First and last name
  • Email address
  • Message

We use this data and any telephone number you voluntarily provide solely in order to answer your contact request in the best possible and personalized way. The processing of this data is therefore necessary within the meaning of Art. 6 para. 1 lit. b GDPR for the implementation of pre-contractual measures or is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

  1. Subscription to Our Newsletter

You have the option to subscribe to our newsletter on our website. Registration is required for this. During registration, the following data must be provided:

  • Title
  • First and last name
  • Email address

The above data is necessary for data processing. In addition, you may voluntarily provide further data (date of birth and country). We process this data exclusively in order to personalize the information and offers sent to you and to better tailor them to your interests.

By registering, you give us your consent to process the data provided for the regular sending of the newsletter to the address you have specified and for the statistical evaluation of user behavior and optimization of the newsletter. This consent constitutes the legal basis for the processing of your email address within the meaning of Art. 6 para. 1 lit. a GDPR.

We are entitled to commission third parties with the technical handling of advertising measures and are entitled to pass on your data for this purpose (see section 13 below).

At the end of each newsletter, there is a link through which you can unsubscribe at any time. As part of the unsubscription process, you may voluntarily inform us of the reason for unsubscribing. After unsubscribing, your personal data will be deleted. Further processing will only take place in anonymized form for the optimization of our newsletter.

  1. Opening a Customer Account

To make bookings on our website, you may order as a guest or open a customer account. When registering for a customer account, we collect the following mandatory data:

  • Title
  • First and last name
  • Postal address
  • Date of birth
  • Telephone number
  • Email address
  • Password

The collection of this data and any additional data voluntarily provided by you (e.g. company name) is for the purpose of providing you with password-protected direct access to your basic data stored with us. You can view your past and current bookings or manage and modify your personal data there.

The legal basis for processing the data for this purpose is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

  1. Booking on the Website, by Correspondence, or by Telephone

If you make bookings via our website, by correspondence (email or postal mail), or by telephone, we require the following data for the processing of the contract:

  • Title
  • First and last name
  • Postal address
  • Date of birth
  • Telephone number
  • Language
  • Credit card information
  • Email address

This data and any additional information voluntarily provided by you (e.g. expected arrival time, vehicle registration number, preferences, remarks) will only be used for processing the contract unless otherwise stated in this privacy policy or unless you have separately consented.

We will process the data in particular to record your booking as requested, provide the booked services, contact you in case of uncertainties or problems, and ensure correct payment.

The legal basis for data processing for this purpose is the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR.

  1. Cookies

Cookies help make your visit to our website easier, more pleasant, and more meaningful in many ways. Cookies are information files that your web browser automatically stores on your computer’s hard drive when you visit our website.

We use cookies, for example, to temporarily store your selected services and entries when filling out a form on the website so that you do not have to repeat the input when accessing another subpage.

Cookies may also be used to identify you as a registered user after registration on the website without requiring you to log in again when accessing another subpage.

Most internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a notification always appears when you receive a new cookie.

Disabling cookies may mean that you cannot use all the features of our website.

  1. Tracking Tools

a. General

For the purpose of demand-oriented design and continuous optimization of our website, we use the web analysis service Google Analytics. In this context, pseudonymized user profiles are created and small text files stored on your computer (“cookies”) are used.

The information generated by the cookie about your use of this website is transferred to the servers of the providers of these services, stored there, and processed for us. In addition to the data listed under section 1, we may receive the following information:

  • navigation path taken by a visitor on the site,
  • duration of stay on the website or subpage,
  • the subpage from which the website is exited,
  • the country, region, or city from which access occurs,
  • end device (type, version, color depth, resolution, width and height of the browser window), and
  • returning or new visitor.

The information is used to evaluate the use of the website, compile reports on website activities, and provide other services related to website and internet usage for market research purposes and demand-oriented design of this website. This information may also be transferred to third parties if required by law or if third parties process the data on behalf of the provider.

b. Google Analytics

The provider of Google Analytics is Google Inc., a company of the holding company Alphabet Inc., based in the USA.

Before the data is transmitted to the provider, the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area by activating IP anonymization (“anonymizeIP”) on this website.

The anonymized IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

In these cases, we ensure through contractual guarantees that Google Inc. maintains an adequate level of data protection.

According to Google Inc., under no circumstances will the IP address be associated with other data relating to the user.

Further information about the web analysis service used can be found on the Google Analytics website. Instructions on how to prevent the processing of your data by the web analysis service can be found at:
http://tools.google.com/dlpage/gaoptout?hl=en

c. Google Fonts

This site uses so-called Google Fonts provided by Google for the uniform display of fonts. When you access a page, your browser loads the required fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you use must connect to Google’s servers. As a result, Google becomes aware that this website was accessed via your IP address.

If your browser does not support Google Fonts, a standard font from your computer will be used.

Further information about Google Fonts can be found at:
https://developers.google.com/fonts/faq
and
https://policies.google.com/privacy?hl=en

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards.

Further information is available from the provider at:
https://www.dataprivacyframework.gov/s/

B. Data Processing in Connection with Your Stay

  1. Data Processing to Fulfill Legal Reporting Obligations

Upon arrival at our hotel, we may require the following information from you and your accompanying persons:

  • First and last name
  • Postal address and canton
  • Date of birth
  • Place of birth
  • Nationality
  • Official identification document and number
  • Arrival and departure date
  • Room number

We collect this information in order to fulfill legal reporting obligations arising in particular from hospitality or police law. Where required by applicable regulations, we forward this information to the competent police authority.

Compliance with legal requirements constitutes our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

  1. Recording of Services Used

If you use additional services during your stay (e.g. minibar or pay TV), the type of service and the time it was used will be recorded for billing purposes.

The processing of this data is necessary within the meaning of Art. 6 para. 1 lit. b GDPR for the execution of the contract with us.

C. Storage and Exchange of Data with Third Parties

  1. Booking Platforms

If you make bookings through a third-party platform, we receive various personal information from the respective platform operator. This generally concerns the data listed in section 5 of this privacy policy.

In addition, inquiries regarding your booking may be forwarded to us. We process this data in particular to record your booking as requested and provide the booked services.

The legal basis for data processing for this purpose is the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR.

Finally, we may be informed by platform operators about disputes related to a booking. In doing so, we may also receive data relating to the booking process, including a copy of the booking confirmation as proof of the actual completion of the booking.

We process this data to safeguard and enforce our claims. This constitutes our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Please also note the privacy policy information of the respective provider.

  1. Central Storage and Linking of Data

We store the data specified in sections 2–5 and 8–10 in a central electronic data processing system. The data concerning you is systematically recorded and linked for the processing of your bookings and the execution of contractual services.

For this purpose, we use software from c-res, Berrenrather Str. 188a, D-50937 Cologne, Germany.

We base the processing of this data within the software on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in customer-friendly and efficient customer data management.

  1. Retention Period

We store personal data only for as long as necessary to use the above-mentioned tracking services and for further processing within the scope of our legitimate interest.

Contract data is retained for a longer period as required by statutory retention obligations. Retention obligations requiring us to store data arise from regulations concerning reporting obligations, accounting, and tax law.

According to these regulations, business communications, concluded contracts, and booking receipts must be retained for up to 10 years.

As soon as we no longer require this data for the provision of services to you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.

  1. Disclosure of Data to Third Parties

We only disclose your personal data if you have expressly consented, if there is a legal obligation to do so, or if it is necessary to enforce our rights, particularly claims arising from the contractual relationship.

In addition, we pass your data on to third parties insofar as this is necessary in the context of the use of the website and contract processing (including outside the website), particularly for the processing of your bookings.

One service provider to whom personal data collected via the website is disclosed or who may have access to it is our web hosting provider:
cyon GmbH, Brunngässlein 12, CH-4052 Basel.

The website is hosted on servers in Switzerland.

The disclosure of data is carried out for the purpose of providing and maintaining the functionality of our website. This constitutes our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Finally, when making credit card payments on the website, we forward your credit card information to your credit card issuer and the credit card acquirer.

If you choose to pay by credit card, you will be asked to enter all mandatory information required for payment processing.

The legal basis for the transfer of the data is the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR.

Regarding the processing of your credit card information by these third parties, please also read the general terms and conditions and privacy policy of your credit card issuer.

Please also note the information regarding data disclosure to third parties in sections 7–8 and 10–11.

  1. Transfer of Personal Data Abroad

We are entitled to transfer your personal data to third-party companies (commissioned service providers) abroad for the purposes of the data processing described in this privacy policy.

These companies are obliged to protect data to the same extent as we are.

If the level of data protection in a country does not correspond to Swiss or European standards, we ensure contractually that the protection of your personal data always corresponds to that in Switzerland or the EU.

D. Further Information

  1. Right to Information, Rectification, Deletion, Restriction of Processing; Right to Data Portability

You have the right to request information about the personal data we store about you.

In addition, you have the right to correct inaccurate data and the right to deletion of your personal data, provided that no statutory retention obligation or legal basis permitting us to process the data opposes this.

You also have the right to request the return of the data you have provided to us (right to data portability). Upon request, we will also transfer the data to a third party of your choice.

You have the right to receive the data in a commonly used file format.

You can contact us for the above purposes via the email address:
gotthard@gotthard-weggis.ch

For the processing of your requests, we may, at our discretion, require proof of identity.

  1. Data Security

We use appropriate technical and organizational security measures to protect your personal data stored with us against manipulation, partial or complete loss, and unauthorized access by third parties.

Our security measures are continuously improved in line with technological developments.

You should always treat your access data confidentially and close the browser window when you have finished communicating with us, especially if you share the computer with others.

We also take internal company data protection very seriously. Our employees and commissioned service providers are obliged to maintain confidentiality and comply with data protection regulations.

  1. Notice Regarding Data Transfers to the USA

For completeness, we would like to inform users residing or headquartered in Switzerland that surveillance measures by US authorities exist in the USA, generally allowing the storage of all personal data of persons whose data has been transferred from Switzerland to the USA.

This occurs without differentiation, restriction, or exception based on the pursued objective and without an objective criterion that would allow limiting the access of US authorities to the data and its subsequent use to very specific, strictly limited purposes capable of justifying the interference associated with access and use.

We also point out that in the USA there are no legal remedies available to affected persons from Switzerland enabling them to access, correct, or delete data concerning them, nor is there effective judicial protection against general access rights of US authorities.

We explicitly inform affected persons of this legal and factual situation so that they can make an appropriately informed decision regarding consent to the use of their data.

Users residing in an EU member state are informed that, from the perspective of the European Union, the USA does not provide an adequate level of data protection, among other things due to the issues mentioned in this section.

Where we have explained in this privacy policy that recipients of data (such as Google) are based in the USA, we will ensure either through contractual arrangements with these companies or by ensuring certification of these companies under the EU or Swiss-US Privacy Shield that your data is protected by our partners at an adequate level.

  1. Right to Lodge a Complaint with a Data Protection Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority at any time.

Status: Weggis, 31 August 2023