Privacy Policy Hotel Sempachersee

Hotel Sempachersee AG, Kantonsstrasse 46 in CH-6207 Nottwil runs Hotel Sempachersee and is the operator of the website: https://www.hotelsempachersee.ch/en and is thus responsible for the collection, processing and use of your personal data and the compliance of the data processing with the applicable data protection law.

Your trust is important to us, which is why we take data protection seriously and ensure corresponding security. It goes without saying that we observe the statutory provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (DPO), the Telecommunications Act (TCA) and, where applicable, any other data protection provisions under Swiss or EU law, in particular the General Data Protection Regulation (GDPR).

Please take note of the following information so that you know which personal data we collect about you and the purposes for which we use it.

When visiting our website, our servers temporarily save every access in log files. The following technical data will be collected without any action on your part, as in principle with every connection to a web server, and stored by us until it is automatically deleted after 24 months at the latest:

• the IP address of the requesting computer,
• the name of the owner of the IP address area (normally your Internet access provider),
• the date and time of access,
• the website from which access is made (referrer URL), where applicable with the search term used,
• the name and URL of the retrieved file,
• the status code (e.g. error message),
• your computer’s operating system,
• the browser you used (type, version and language),
• the transmission protocol (e.g. HTTP/1.1) and,
• where applicable, your username from a registration/authentication.

This data is collected and processed to allow visitors to use our website (connection establishment), ensure system security and stability over the long term and optimise our website, as well as for internal statistical purposes. Herein lies our legitimate interest in data processing within the meaning of Article 6 (1)(f) GDPR.

The IP address is also evaluated together with the other data in the event of attacks on the network infrastructure or other unauthorised or abusive use of the website for the purpose of clarification and defence and, if necessary, is also used in the context of criminal proceedings for identification and for civil and criminal proceedings against the users concerned. Herein lies our legitimate interest in data processing within the meaning of Article 6 (1)(f) GDPR.

You also have the option of using a contact form to contact us. We need the following information for this purpose:

• First name and surname
• E-mail address
• Phone number
• Message

We use this data along with the salutation you voluntarily give us to answer your contact request in a personalised and optimal way. Within the meaning of Article 6 (1)(b) GDPR, the processing of this data is therefore required to implement pre-contractual measures or is in our legitimate interest in accordance with Article 6 (1)(f) GDPR.

Our website gives you the option of subscribing to our newsletter. Registration is required for this. The following data is to be provided as part of the registration:

• Title
• First name and surname
• E-mail address

The above data is necessary for data processing.

ith the registration, you consent to the processing of the data provided for regularly sending the newsletter to the address you specified, statistically evaluating user behaviour and optimising the newsletter. Within the meaning of Article 6 (1)(a) GDPR, this consent serves as the legal basis for processing your e-mail address. We are authorised to entrust third parties with the processing of advertising measures and are authorised to pass on your data for this purpose (cf. no.13 below).

At the end of every newsletter, you can find a link which you can use to unsubscribe at any time. As part of the unsubscribe process, you have the option of telling us the reason you are unsubscribing. Your personal data will be erased when you unsubscribe. Your data will only be further processed in an anonymised form in order to optimise our newsletter.

To make bookings on our website, you can order as a guest or open a customer account. When you register for a customer account, we collect the following data:

• Title
• First name and surname
• Address, town/city and postal code
• Date of birth
• Phone number
• E-mail address

This data, along with other data you voluntarily provide (e.g. password, company name), shall only be collected for the purpose of providing you with password-protected access to the basic information you have stored with us. In this area, you can view your previous or current bookings or manage and change your personal data.

The consent you provided forms the legal basis for processing data for this purpose in accordance with Article 6 (1)(a) GDPR.

If you make bookings or get a quote either on our website, by correspondence (e-mail or letter post) or over the phone, we need the following information to process the contract:

• First name and surname
• Postal address
• Phone number
• E-mail address

This data and other data you provide voluntarily (e.g. approx. arrival time, approx. departure time, wishes and remarks, further voluntary information such as about the event and the required infrastructure when booking seminar rooms) will only be used to process this contract, unless otherwise set out in this Privacy Policy or unless you have provided separate consent. We will process the data in particular to record your booking as requested, provide the booked services, contact you in the event of uncertainties or problems and ensure correct payment.

The fulfilment of a contract forms the legal basis for processing data for this purpose in accordance with Article 6 (1)(b) GDPR.

For bookings on our website, we use the booking solution provided by GHIX. See also: https://www.ghix.com/en/data-protection.

Cookies help make your visit to our website easier, more pleasant and more useful, among many other things. Cookies are data files that your web browser automatically stores on your computer’s hard drive when you visit our website.

We use cookies for instance to temporarily store your selected services and information when you fill in a form on the website so that you do not have to re-enter it when you access a subpage. Where appropriate, cookies are also used for the purpose of identifying you as a registered user after you have registered on the website without you having to log in again when you access a subpage.

Most Internet browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies are stored on your computer or a message always appears when you receive a new cookie. On the following pages, you can find explanations of how you can configure the most popular browsers to handle cookies:

• Microsoft's Windows Internet Explorer
• Microsoft's Windows Internet Explorer Mobile
• Mozilla Firefox
• Google Chrome for Desktop
• Google Chrome for Mobile
• Apple Safari for Desktop
• Apple Safari for Mobile

Deactivating cookies may prevent you from using all the functions of our website.

a. General terms and conditions

In order to continually optimise and shape our website in line with needs, we use the web analytics service provided by Google Analytics. In this context, pseudonymised user profiles are created and small text files, which are stored on your computer, are used (cookies). The information generated by the cookie about your use of this website will be passed on to the server of the service provider, where it is stored and prepared for us. In addition to the data listed under section 1, this also allows us to receive the following information if need be:

• navigation path leading the visitor to the site,
• dwell time on the website or subpage,
• the subpage accessed upon leaving the website,
• the country, region or city from which the website is accessed,
• end device (type, version, depth of colour, resolution, width and height of the browser window) and
• whether the visitor is a returning or new one.

The information is used to evaluate the use of the website in order to compile website activity reports as well as to provide additional services associated with the usage of the website and the Internet for the purposes of market research and shaping this website in line with needs. This information may also be shared with third parties where this is required by law or in order for third parties to process this data on behalf of the company.

b. Google Analytics

Anbieter von Google Analytics ist Google Inc., ein Unternehmen der Holding Gesellschaft Alphabet Inc, mit
Sitz in den USA. Vor der Übermittlung der Daten an den Anbieter wird die IP-Adresse durch die Aktivierung der IP-Anonymisierung („anonymizeIP“) gekürzt. Die im Rahmen von Google Analytics von Ihrem Browser übermittelte anonymisierte IP-Adresse wird nicht mit anderen Daten von Google zusammengeführt. Nur in Ausnahmefällen wird die volle IP-Adresse an einen Server von Google in den USA übertragen und dort gekürzt. In diesen Fällen stellen wir durch vertragliche Garantien sicher, dass Google Inc. ein ausreichendes Datenschutzniveau einhält. Gemäss Google Inc. wird in keinem Fall die IP-Adresse mit anderen den Nutzer betreffenden Daten in Verbindung gebracht werden.

Weitere Informationen über den genutzten Webanalyse-Dienst finden Sie auf der Website von Google Analytics. Eine Anleitung, wie Sie die Verarbeitung ihrer Daten durch den Webanalyse-Dienst verhindern können, finden Sie unter http://tools.google.com/dlpage/gaoptout?hl=de.

When you arrive at our hotel, we need the following information about you and your accompanying person where applicable:

• First name and surname
• Postal address and canton
• Date of birth
• Place of birth
• Nationality
• Official identification card and number
• Arrival and depature days
• Room number

We collect this information in order to fulfil legal reporting requirements which result from catering law or police law, in particular. If we are obliged to do so according to the applicable regulations, we will pass this information on to the competent police authorities.

Our legitimate interest lies in the fulfilment of legal requirements within the meaning of Article 6 (1)(f) GDPR.

For your safety and ours, surveillance cameras on the Paraplegic Group campus (including car parks) film all people. Facial recognition software is not used.

The processing of this data is within our legitimate interests in accordance with Article 6 (1)(f) GDPR.

We will record any preferences, habits, requests, etc. you express (e.g. requesting an accessible room or a certain room location) which we assume you would like us to remember if you visit again.

The processing of this data is within our legitimate interests in accordance with Article 6 (1)(f) GDPR.

If you make use of additional services (e.g. the mini bar) during your stay, we will record the item procured and the time the service was obtained for invoice purposes. Within the meaning of Article 6 (1)(b), the processing of this data is required to process your contract with us.

If you make bookings via a third-party platform, we receive various personal information from the respective platform operator. This is generally data listed in section 5 of this Privacy Policy. Furthermore, we may receive enquiries regarding your booking. We will process this data in particular to record your booking as requested and provide the booked services. The fulfilment of a contract forms the legal basis for processing data for this purpose in accordance with Article 6 (1)(b) GDPR.

Finally, the platform operators may inform us of disputes relating to a booking. In this context, we also in some circumstances receive data about the booking process, which may include a copy of the booking confirmation as proof of the actual booking. We process this data to protect and assert our claims. Herein lies our legitimate interest within the meaning of Article 6 (1)(f) GDPR.

Please also note the Privacy Policy of the respective provider.

We store the data indicated in clauses 2-5 and 8-11 in a central electronic data processing system. The data concerning you will be entered into a system and pooled in order to process your bookings and perform the contractual services. For this, we use software provided by Fidelio, FO – DATA GmbH, Geerenstrasse 3, CHF-9507 Stettfurt, Switzerland. We base the processing of this data within the framework of the software on our legitimate interest within the meaning of Article 6 (1)(f) GDPR in a customer-friendly and efficient management of customer data.

We store personal data only for as long as required in order to use the above-mentioned tracking services and to carry out further processing within the context of our legitimate interest. We retain contract data for longer periods of time as prescribed by legal retention obligations. Retention requirements which oblige us to retain data result from regulations on reporting, accounting and tax law. In accordance with these regulations, business communication, concluded contracts and accounting documents must be retained for up to 10 years. If we no longer require this data for carrying out services for you, the data will be blocked. This means that the data can then only be used for accounting and tax purposes.

We only pass on your data if you have expressly consented to us doing so, we have a legal obligation to do so or this is required to assert our claims, in particular to assert claims arising from the contractual relationship. We also give your data to third parties, provided that this is required within the context of website usage and contract processing (outside the website too), in particular to process your bookings.

Our web host, Amazee Labs, Zurich is a service provider to which we pass on personal data collected via the website and which has or can have access to it. The website is hosted on servers in Switzerland. Data is transferred for the purpose of providing and maintaining the functionalities of our website. Herein lies our legitimate interest within the meaning of Article 6 (1)(f) GDPR.

Finally, when you pay by credit card on the website, we forward your credit card information to your credit card provider and the credit card acquirer. Whenever you choose to pay by credit card, you will be asked to enter all the necessary information. The fulfilment of contract forms the legal basis for the transfer of data in accordance with Article 6 (1)(b) GDPR. With regard to the processing of your credit card information by these third parties, we ask that you also read the terms and conditions and privacy policy of your credit card
issuer.

Please also take note of the information in sections 7-8 and 11-12 with regard to data transfer to third parties.

We are also authorised to transfer your personal data to third companies (contracted service providers) abroad for the purpose of the data processing described in this Privacy Policy. They are obliged to comply with data protection to the same extent that we ourselves are. If the level of data protection in a country does not correspond to that of Switzerland or Europe, we ensure by way of contractual guarantees that the protection of your personal data always corresponds to that in Switzerland or the EU.

You have the right to request information about the personal information we store about you. You also have the right to obtain rectification about inaccurate data and the right to the erasure of your personal data, provided that doing so is not in conflict with any legal obligation to retain data or a legal justification for consent which allows us to process the data.

You also have the right to request that we send you the data you have given us. Upon request, we also pass the data on to third parties of your choice.

You can get in touch with us for the purposes above at:

datenschutz@paraplegie.ch

or

Swiss Paraplegic Foundation
Information security and data protection officer
Guido A. Zäch-Strasse 1
CH-6207 Nottwil

For the processing of your application, we ask for proof of identity.

We use appropriate technological and organisational security measures to protect your personal data stored from manipulation, partial or complete loss and unauthorised access by third parties. We are continuously improving our security measures in line with the latest technological developments.

You should always keep your login details confidential and close the browser window when your communication with us has come to an end, particularly if your computer is also used by others.

We take data privacy within the company very seriously too. Our employees and service providers contracted by us are obliged to maintain secrecy and comply with regulations on data protection.

For reasons of completeness, we would like to point out to users resident or domiciled in Switzerland that US authorities have taken surveillance measures in the United States which generally allow for the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without differentiation, restriction or exception on the basis of the pursued objective and without an objective criterion that would allow the US authorities to restrict access to the data and subsequent use to
very specific, strictly limited purposes that could justify the interference associated with both access to and use of the data. We would also like to point out that, for data subjects from Switzerland, no legal remedies exist in the USA which allows them to access data concerning them and have the personal data rectified or erased and there is no effective judicial protection against the general access rights of US authorities. We are explicitly pointing out this legal and factual situation to the data subjects so that they can make an informed decision on their consent to the use of their data.

We would like to point out to users resident in an EU member state that the European Union does not believe the USA to offer an adequate level of data protection due to the issues raised in this section, among others. Where we have explained in this Privacy Policy that recipients of data (such as Google) are based in the United States, we will ensure that our partners protect your data at an appropriate level either by way of contractual guarantees with such companies or by ensuring that such companies are certified under the EU or Swiss-US Privacy Shield.

You have the right to lodge a complaint with a data protection supervisory authority at any time.

Last update: January 2019