Privacy Policy

Cross-Channel Notices

Controller and Content of this Privacy Policy

We, Schloss Hünigen AG (Freimettigenstrasse 9, 3510 Konolfingen, Switzerland), operate the Boutique Hotel Schloss Hünigen ("Hotel") as well as the website www.schlosshuenigen.ch (hereinafter referred to as the "Website") and, unless otherwise stated, are responsible for the data processing outlined in this privacy policy.

To help you understand what personal data we collect from you and for what purposes we use it, please review the following information. We primarily adhere to the legal requirements of Swiss data protection law, in particular, the Federal Data Protection Act (DSG), as well as the EU General Data Protection Regulation (GDPR), which may be applicable in individual cases.

Please note that the following information may be reviewed and changed from time to time. Therefore, we recommend checking this privacy policy regularly. Furthermore, for certain data processing activities listed below, other companies may be responsible for data protection or jointly responsible with us, so the information provided by these providers is also relevant in such cases.

Contact for Data Protection

If you have questions about data protection or wish to exercise your rights, please contact our data protection officer by sending an email to the following address:

.(Javascript muss aktiviert sein, um diese E-Mail-Adresse zu sehen)

You can reach our EU data protection representative at:

Schloss Hünigen, Freimettigenstrasse 9, 3510 Konolfingen, Switzerland

.(Javascript muss aktiviert sein, um diese E-Mail-Adresse zu sehen)

Your Rights

If the legal requirements are met, as a data subject, you have the following rights:

Right to Information: You have the right to access your personal data stored by us at any time, free of charge, if we process them. This allows you to verify what personal data we process about you and that we use it in accordance with applicable data protection regulations.

Right to Rectification: You have the right to have incorrect or incomplete personal data corrected and to be informed about the correction. In this case, we will inform the recipients of the affected data about the adjustments made, unless this is impossible or involves disproportionate effort.

Right to Erasure: You have the right to have your personal data deleted under certain circumstances. In specific cases, particularly regarding legal retention obligations, the right to erasure may be excluded. In such cases, data may be blocked instead of deleted, provided the necessary conditions are met.

Right to Restrict Processing: You have the right to request that the processing of your personal data be restricted.

Right to Data Portability: You have the right to receive, free of charge, the personal data you have provided to us in a readable format.

Right to Object: You can object to data processing at any time, especially in the context of direct marketing (e.g., promotional emails).

Right to Withdraw Consent: You generally have the right to withdraw your consent at any time. However, the processing activities based on your consent in the past will not be considered unlawful due to your withdrawal.

To exercise these rights, please send us an email to the following address:

.(Javascript muss aktiviert sein, um diese E-Mail-Adresse zu sehen)

Right to Lodge a Complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g., regarding the manner in which your personal data is processed.

Data Security

We employ appropriate technical and organizational security measures to protect your personal data stored with us against loss and unauthorized processing, particularly unauthorized access by third parties. Our employees and the service providers we engage are bound by confidentiality and data protection obligations. Furthermore, these individuals are granted access to personal data only to the extent necessary to fulfill their tasks.

Our security measures are continuously adapted in line with technological developments. However, the transmission of information over the internet and electronic communication tools always entails certain security risks, and we cannot provide an absolute guarantee of the security of information transmitted in this way.

Contacting Us

When you contact us through our contact addresses and channels (e.g., via email, telephone, or contact form), your personal data is processed. We process the data you provide to us, such as your company name, your name, your position, your email address or telephone number, and your inquiry. Additionally, the time of receipt of the request is documented. Mandatory information is marked with an asterisk (*) in contact forms.

We process this data solely to address your inquiry (e.g., providing information about our hotel, assisting with contract processing such as booking inquiries, incorporating your feedback into improving our services, etc.). The legal basis for this data processing is our legitimate interest under Article 6(1)(f) of the EU General Data Protection Regulation (GDPR) in addressing your inquiry, or if your request is related to the conclusion or execution of a contract, the necessity for the performance of the contract under Article 6(1)(b) of the EU GDPR.

Use of Your Data for Marketing Purposes

CENTRAL DATA STORAGE AND ANALYSIS IN THE CRM SYSTEM

If clear attribution to your person is possible, we will store and link the data described in this privacy policy, including your personal information, your contact details, your contract data, and your browsing behavior on our websites, in a central database. This facilitates efficient management of customer data, allows us to respond adequately to your inquiries, and enables the efficient provision of the services you request and the processing of related contracts. The legal basis for this data processing is our legitimate interest under Article 6(1)(f) of the EU GDPR in the efficient management of user data.

We analyze this data to further develop our offerings according to your needs and to display and suggest as relevant information and offers as possible. We also employ methods that predict interests and future orders based on your website usage. The legal basis for these data processing activities is our legitimate interest under Article 6(1)(f) of the EU GDPR in carrying out marketing measures.

EMAIL MARKETING AND NEWSLETTER

When you register for our email newsletter (e.g., during account registration or within your customer account), the following data is collected. Mandatory information is marked with an asterisk (*) in the registration form:

• Email address
• Salutation
• First and last name

To prevent abuse and ensure that the owner of an email address has indeed given their consent, we use the so-called double opt-in for registration. After submitting the registration, you will receive an email from us containing a confirmation link. To definitively subscribe to the newsletter, you must activate this link. If you do not click on the confirmation link within the specified time frame, your data will be deleted, and no newsletter will be sent to this address.

By registering, you consent to the processing of this data to receive messages from us about our hotel, as well as related information about products and services. This may also include invitations to participate in contests or to review any of the aforementioned products and services. Collecting the salutation and name allows us to verify the registration's association with an existing customer account, as well as to personalize the content of the emails. Linking to a customer account helps us make the offers and content in the newsletter more relevant to you and better aligned with your potential needs.

We use your data for email delivery until you withdraw your consent. Withdrawal is possible at any time, especially through the unsubscribe link in all our marketing emails.

Our marketing emails may contain a so-called web beacon or 1x1 pixel (tracking pixel) or similar technical tools. A web beacon is an invisible graphic linked to the user ID of the respective newsletter subscriber. For each sent marketing email, we receive information about which addresses have not yet received the email, to which addresses it was sent, and which addresses the delivery failed for. It also shows which addresses opened the email and for how long and which links they clicked on. Finally, we also receive information about addresses that have unsubscribed. We use this data for statistical purposes and to optimize marketing emails in terms of frequency, timing, structure, and content of the emails. This allows us to tailor the information and offers in our emails more to the individual interests of the recipients.

The web beacon is deleted when you delete the email. To prevent the use of the web beacon in our marketing emails, please configure the settings of your email program so that HTML in messages is not displayed, if this is not already the default setting. You can find information on how to configure this setting in the help sections of your email software, such as here for Microsoft Outlook.

By subscribing to the newsletter, you also consent to the statistical analysis of user behavior for the purpose of optimizing and customizing the newsletter. This consent serves as our legal basis for processing the data under Article 6(1)(a) of the EU GDPR.

We use the email marketing software Mailchimp Email by Bird & Bird GDPR (Representative Services Ireland, Deloitte House, 29 Earlsfort Terrace, Dublin 2, DO2 AY28, Ireland) for marketing emails. Therefore, your data is stored in a database of MailChimp, allowing MailChimp to access your data when necessary to provide the software and assist with its use. The legal basis for this processing is our legitimate interest under Article 6(1)(f) of the EU GDPR in using the services of third-party providers.

Disclosure to Third Parties and Third-Party Access

Without the support of other companies, we would not be able to provide our services in the desired form. In order to use the services of these companies, it is necessary to disclose your personal data to some extent. Such disclosure is necessary, especially to fulfill the contract you request, e.g., to restaurants or other third-party providers for whom you have made a reservation. The legal basis for these disclosures is the necessity for the performance of the contract under Article 6(1)(b) of the EU GDPR.

Disclosure is also made to selected service providers and only to the extent necessary for the provision of the service. Various third-party service providers are explicitly mentioned in this privacy policy, such as in the marketing sections. These include IT service providers (e.g., software solution providers), advertising agencies, consulting companies, among others. Our legal basis for disclosing data to these third parties is our legitimate interest under Article 6(1)(f) of the EU GDPR in obtaining third-party services.

Furthermore, your data may be disclosed to authorities, legal advisers, or collection agencies when we are legally obligated to do so or when it is necessary to protect our rights, especially for enforcing claims against you. Data may also be disclosed if another company intends to acquire our business or parts of it, and such disclosure is necessary for conducting due diligence or for completing the transaction. Our legal basis for these data disclosures is our legitimate interest under Article 6(1)(f) of the EU GDPR in protecting our rights, fulfilling our obligations, or selling our business.

Transfer of Personal Data Abroad

We are authorized to transfer your personal data to third parties abroad if this is necessary for the data processing operations described in this privacy policy (especially Sections 12-15). The legal regulations for the disclosure of personal data to third parties are naturally adhered to. If the relevant country does not have an adequate level of data protection, we ensure, through contractual arrangements, that your data is adequately protected by these companies.

Retention Periods

We store personal data only for as long as it is necessary to carry out the processing described in this privacy policy within the scope of our legitimate interest. For contract data, storage is prescribed by legal retention obligations. Requirements obligating us to store data stem from accounting regulations and tax laws, including business communication, closed contracts, and booking records, which must be stored for up to 10 years. If we no longer need this data to provide services to you, the data is blocked. This means that the data may only be used to fulfill retention obligations or to defend and enforce our legal interests. Data is deleted when no retention obligation or legitimate interest in storage exists.

Special Notes for Our Website

Log File Data

When you visit our website, the servers of our hosting provider, Swizzonic AG (Stauffacher, Badenerstrasse 47, 8004 Zurich, Switzerland), temporarily store every access in a log file. The following data is recorded automatically and stored by us until automated deletion:

• IP address of the requesting computer,
• date and time of access,
• name and URL of the accessed file,
• website from which the access originated, if applicable with the search term used,
• operating system of your computer and the browser you used (including type, version, and language settings),
• device type in the case of mobile phone access,
• city or region from which the access was made,
• name of your internet service provider.

The collection and processing of this data serves the purpose of enabling the use of our website (establishing a connection), ensuring the ongoing security and stability of the system, and performing error and performance analysis. It also allows us to optimize our website (see section 13 for further details).

In the event of an attack on the network infrastructure of the website or suspicion of other unauthorized or abusive use of the website, the IP address and other data are evaluated for clarification and defense, and may be used for identification and civil and criminal action against the relevant users as part of a criminal proceeding.

Our legitimate interest in data processing for the purposes described above is in accordance with Article 6(1)(f) of the EU GDPR.

Additionally, we use cookies, applications, and tools that rely on the use of cookies when you visit our website. In this context, the data described here may also be processed. Further information can be found in the subsequent sections of this privacy policy, particularly section 11.

Cookies

Cookies are information files that your web browser stores on the hard drive or memory of your computer when you visit our website. Cookies are assigned identification numbers that identify your browser and allow the information contained in the cookie to be read.

Cookies help make your visit to our website easier, more enjoyable, and more meaningful. We use cookies for various purposes that are necessary for the use of the website you desire, i.e., "technically necessary" purposes. For example, we use cookies to identify you as a registered user after login, so you don't have to log in again when navigating different subpages. The provision of the shopping cart and order functions is also based on the use of cookies. Cookies also serve other technical functions necessary for the operation of the website, such as load balancing, which distributes the load of the page across various web servers to relieve the servers. Cookies are also used for security purposes to prevent unauthorized posting of content. Finally, we also use cookies in the design and programming of our website, for example, to enable the uploading of scripts or codes.

The legal basis for these data processing operations is our legitimate interest under Article 6(1)(f) of the EU GDPR in providing a user-friendly and contemporary website.

Most internet browsers automatically accept cookies. However, when you access our website, we ask for your consent to the use of non-essential cookies, especially when using third-party cookies for marketing purposes. You can make the desired settings via the corresponding buttons in the cookie banner. Details about the services and data processing associated with each cookie can be found within the cookie banner and in the following sections of this privacy policy.

You may also be able to configure your browser so that cookies are not stored on your computer or so that you receive a notification whenever a new cookie is received. Explanations on how to configure cookie processing in selected browsers can be found on the following pages:

• Google Chrome
• Apple Safari

Disabling cookies may prevent you from using all the features of our website.

Google SiteSearch / Google Custom Search Engine

This website uses Google SiteSearch / Google Custom Search Engine from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to provide an efficient search function on our website.

When you use our search fields, your browser may transmit the log file data listed in section 10 (including IP address) as well as the search term you entered to Google, provided you have JavaScript installed in your browser. If you wish to prevent the transmission of data, you can disable JavaScript in your browser settings (usually in the "Privacy" menu). Please note that the search function and other website functions may be impaired in this case.

The legal basis for this data processing is our legitimate interest under Article 6(1)(f) of the EU GDPR in providing an efficient website search function.

For further processing of data by Google, please refer to Google's privacy policy: [url=http://www.google.com/intl/de_de/policies/privacy]http://www.google.com/intl/de_de/policies/privacy[/url].

Tracking and Web Analytics Tools

GENERAL INFORMATION ABOUT TRACKING

For the purpose of designing our website to meet your needs and continuously optimizing it, we use the web analysis services listed below. In this context, pseudonymous usage profiles are created and cookies are used (see also section 11). The information generated by the cookie about your use of this website is usually transferred to a server of the service provider, stored there, and processed along with the log file data listed in section 10. This may also involve data being transferred to servers abroad, such as in the USA (see section 8 for details on the guarantees implemented).

By processing the data, we obtain, among other things, the following information:

• The navigation path taken by a visitor on the site (including viewed content and selected or purchased products or booked services)
• Duration of stay on the website or subpage
• The subpage from which the website is left
• The country, region, or city from which access is made
• The end device (type, version, color depth, resolution, width, and height of the browser window)
• Whether the visitor is a returning or new visitor

On our behalf, the provider will use this information to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website usage and internet usage for market research and to design this website according to needs. For these processing operations, we and the providers may be considered joint controllers to a certain extent.

The legal basis for these data processing activities with the following tools is your consent in accordance with Article 6(1)(a) of the EU GDPR. You can revoke your consent at any time or refuse processing by rejecting or deactivating the relevant cookies in your web browser settings (see section 11) or by using the service-specific options described below.

For further processing of data by the respective provider as the data protection (sole) controller, including any transfer of this information to third parties such as authorities in accordance with national legal requirements, please refer to the respective provider's privacy policies.

GOOGLE ANALYTICS

We use the web analytics service Google Analytics from Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) ("Google").

In this context, the data described concerning the use of the website for the purposes described in section 13.1 may be transmitted to servers of Google LLC. in the USA. The IP address is shortened by activating IP anonymization ("anonymizeIP") on this website before transmission within the member states of the European Union or other contracting parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

Users can prevent the collection of data generated by the cookie related to their use of the website (including the IP address) and the processing of this data by Google by downloading and installing the browser plug-in available at the following link:

http://tools.google.com/dlpage/gaoptout?hl=en. For more information about privacy at Google, please visit this link.

Social Media

Social Media profile

Profile On our website, we have included links to our profiles on the following social media networks:

• Meta Platforms Inc., 1601 S California Ave, Palo Alto, CA 94304, USA;
• Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA;
• Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA;
• Linkedin Unlimited Company, Wilton Place, Dublin 2, Ireland.

When you click on the icons of the social media networks, you will be automatically redirected to our profile on the respective network. This establishes a direct connection between your browser and the server of the respective social media network. As a result, the network receives information that you have visited our website with your IP address and clicked on the link.

If you click on a link to a network while logged into your account on that network, the content of our website may be linked to your profile, allowing the network to directly associate your visit to our website with your account. If you wish to prevent this, you should log out before clicking on the respective links. In any case, a connection between your access to our website and your user account occurs if you log in to the respective network after clicking the link. The respective provider is responsible for data processing related to this. Please refer to the information on the network's website for more details.

The legal basis for any data processing that may be attributed to us is our legitimate interest under Article 6(1)(f) of the EU GDPR in using and promoting our social media profiles.

Social Media Plugins

On our website, you can use social plugins from the following providers:

• Meta Platforms Inc., 1601 S California Ave, Palo Alto, CA 94304, USA, Privacy Policy;
• Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, Privacy Policy;
• Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, Privacy Policy;
• Linkedin Unlimited Company, Wilton Place, Dublin 2, Ireland, Privacy Policy.

We use social plugins to make it easier for you to share content from our website. Social plugins help increase the visibility of our content on social networks and contribute to better marketing.

The plugins are disabled by default on our websites and do not send data to social networks when you simply visit our website. To enhance privacy, we have integrated the plugins in a way that does not automatically establish a connection to the servers of the networks. Only when you activate the plugins and give your consent to the data transmission and processing by the providers of the social networks, your browser establishes a direct connection to the servers of the respective social network.

The content of the plugin is transmitted directly to your browser by the social network and integrated into the website. This allows the respective provider to know that your browser has accessed the corresponding page of our website, even if you do not have an account with that social network or are not currently logged in. This information, including your IP address, is transmitted by your browser directly to a server of the provider (usually in the USA) and stored there. From a data protection perspective, we may be considered joint controllers to a certain extent, depending on the extent of the data collected by the provider through the plugin.

If you are logged into the social network, it can directly associate your visit to our website with your user account. When you interact with the plugins, the corresponding information is also transmitted directly to a server of the provider and stored there. The information (e.g., that you like a product or service from us) may also be published on the social network and displayed to other users of the social network. The social network provider may use this information for advertising purposes and for the targeted design of its offerings. For this purpose, user, interest, and relationship profiles may be created, e.g., to evaluate your use of our website with regard to the advertisements displayed to you on the social network, to inform other users of your activities on our website, and to provide other services related to the use of the social network. Please refer to the privacy policies of the respective provider for the purpose and scope of data collection and further processing, as well as your rights and options for protecting your privacy.

If you do not want the social network provider to associate the data collected about your visit to our website with your user account, you must log out of the social network before activating the plugins. The legal basis for these data processing activities is your consent under Article 6(1)(a) of the EU GDPR. You can revoke your consent at any time by declaring your revocation to the provider of the plugin in accordance with the information provided in their privacy policies.

Online Advertising and Targeting

In General

We use services from various companies to present you with interesting offers online. Your user behavior on our website and on websites of other providers is analyzed to display individually tailored online advertising to you.

Most tracking and targeting technologies operate with cookies (see also section 11), which allow your browser to be recognized across various websites. Depending on the service provider, it may also be possible for you to be recognized online even when using different devices (e.g., laptop and smartphone). This can happen, for example, if you have registered with a service that you use with multiple devices.

In addition to the data mentioned above that is collected when visiting websites ("log file data," see section 10) and when using cookies (section 11) and which may be transmitted to the companies participating in the advertising networks, the following data, in particular, flows into the selection of potentially most relevant advertising for you:

• Personal information that you have provided during registration or use of a service from advertising partners (e.g., your gender, age group).
• User behavior (e.g., search queries, interactions with advertising, types of visited websites, viewed and purchased products or services, subscribed newsletters).

We and our service providers use this data to determine whether you belong to the target audience we are addressing and take this into account when selecting advertisements. For example, after visiting our site, you may be shown ads for products or services you've consulted when visiting other sites ("re-targeting"). Depending on the amount of data, a user profile may also be created, which is automatically evaluated, and ads are selected based on the information stored in the profile, such as membership in certain demographic segments or potential interests or behaviors. Such ads may be presented to you on various channels, including our website or app (as part of on-site and in-app marketing) as well as advertisements served through online advertising networks we use, such as Google.

The data can then be analyzed for the purpose of billing with the service provider and for evaluating the effectiveness of advertising measures, in order to better understand the needs of our users and customers and to improve future campaigns. This may also include information that taking a certain action (e.g., visiting certain sections of our website or submitting information) can be attributed to a specific advertising display. Furthermore, we receive aggregated reports of advertising activities and information about how users interact with our website and our ads.

The legal basis for these data processing activities is your consent under Article 6(1)(a) of the EU GDPR. You can revoke your consent at any time by rejecting or deactivating the relevant cookies in your web browser settings (see section 11). Further options for blocking advertising can also be found in the information provided by the respective service provider, such as Google.

Google Ads

This website uses the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") for online advertising. Google uses cookies, such as the DoubleClick cookie, to recognize your browser when visiting other websites. The information generated by the cookies about the visit to these websites (including your IP address) is transmitted to a Google server in the USA and stored there (please refer to section 8 for further information on data transfer to the USA). You can find more information about data privacy at Google here.

The legal basis for these data processing activities is your consent under Article 6(1)(a) of the EU GDPR. You can revoke your consent at any time by rejecting or deactivating the relevant cookies in your web browser settings (see section 11). Further options for blocking advertising can be found here.

Registration for a Customer Account:

If you open a customer account on our website, we collect the following data, with mandatory fields marked with an asterisk (*) in the respective form:

• Personal Information:
  • Salutation
  • Last Name
  • First Name
  • Billing and, if applicable, Shipping Address
  • Date of Birth
  • Company, Company Address, and VAT ID for corporate customers
• Login Data:
  • Email Address
  • Password
• Additional Information:
  • Languages
  • Gender

We use this personal information to verify your identity and check the requirements for registration. Your email address and password serve as login data to ensure that the correct person is using the website. We also need your email address for verification, confirmation of account opening, and future communication required for contract processing. Furthermore, this data is stored in your customer account for future bookings or contract agreements. For this purpose, we also allow you to provide additional information in your account (e.g., your preferred payment method).

We also use this data to provide an overview of ordered products and bookings, as well as a simple way to manage your personal information. This is used for website administration and contract relationships, such as establishing, structuring, executing, and modifying contracts concluded with you through your customer account (e.g., in connection with your booking with us).

The information regarding language and gender is processed to display tailored offer suggestions on the website, statistical analysis of selected offers, and optimization of our suggestions and offers.

The legal basis for processing your data for the above purpose is your consent under Article 6(1)(a) of the EU General Data Protection Regulation (EU GDPR). You can withdraw your consent at any time by removing the information from your customer account or by requesting the deletion of your customer account through a notification to us.

To prevent misuse, it is essential to treat your login data confidentially, and you should close the browser window when you have finished communicating with us, especially if you share the computer with others.

Ordering via Our Online Shop:

On our website, you have the option to order a wide range of products and vouchers. For this purpose, we collect the following data, with mandatory fields marked with an asterisk (*) in the respective form:

• Salutation
• First Name
• Last Name
• Company
• Street and House Number
• Address Line 2
• Postal Code
• City
• Country
• Phone Number
• Email Address
• Payment Method
• Shipping Method
• Yes, I want to subscribe to your newsletter.
• I confirm the accuracy of the provided information and have read and accepted the terms and conditions and the privacy policy.

We use this data, as well as any additional voluntarily provided data, solely to process your order according to your preferences. The processing of this data is carried out in accordance with Article 6(1)(b) of the EU GDPR for the execution of pre-contractual measures and the performance of a contract.

Booking on the Website, via Correspondence, or by Phone Call:

If you make bookings via our website, through correspondence (email or postal mail), or by phone call or order vouchers, we collect the following data, with mandatory fields marked with an asterisk (*) in the respective form:

• Salutation
• First Name
• Last Name
• Street and House Number
• Postal Code
• City
• Country
• Date of Birth
• Email Address
• Phone Number
• Language
• Credit Card Information

We will use these data, along with any other voluntarily provided information (e.g., expected arrival time, motor vehicle registration number, preferences, comments), solely for contract processing unless otherwise stated in this privacy policy or unless you have given separate consent. Specifically, we will process the data to record your booking as desired, provide the booked services, contact you in case of uncertainties or issues, and ensure correct payment. Your credit card data will be automatically deleted after your departure.

The legal basis for data processing for this purpose is the fulfillment of a contract under Article 6(1)(b) EU GDPR or your consent under Article 6(1)(a) EU GDPR. You can withdraw your consent at any time with future effect.

Online Payment Processing:

When making paid bookings or purchasing products on our website, additional data such as credit card information or login details with your payment service provider may be required depending on the product or service and the chosen payment method. This information, as well as the fact that you have purchased a service from us at the specified amount and time, will be forwarded to the respective payment service providers (e.g., payment solution providers, credit card issuers, and credit card acquirers). Always refer to the information provided by the respective company, especially the privacy policy and terms and conditions. The legal basis for this transmission is the fulfillment of a contract under Article 6(1)(b) EU GDPR.

Reserving a Table:

On our website, you have the option to reserve a table at one of the restaurants listed. To do this, we collect the following data, with mandatory fields marked with an asterisk (*) in the respective form:

• First Name
• Last Name
• Number of Guests
• Email Address
• Phone Number
• Comment
• Date and Time of the Reservation
• I accept the Terms and Conditions
• I want to receive information about special promotions and offers

We only collect and process this data for the purpose of managing your reservation. This includes assembling your reservation request according to your preferences, making the reservation, and contacting you in case of uncertainties or issues.

For handling reservations, we use a tool provided by gastronovi GmbH (Buschhöhe 2, 28357 Bremen, Germany). Therefore, your data will be stored in a database managed by gastronovi GmbH, allowing Baldegger + Sortec AG access to your data if necessary for providing the software and assisting with its use. Information about the sharing and processing of data by third parties can be found in section 7 of this privacy policy.

The legal basis for processing your data for this purpose is the fulfillment of a contract under Article 6(1)(b) of the EU General Data Protection Regulation (EU GDPR).

Bookings via Booking Platforms:

If you make bookings through a third-party platform (i.e., booking.com, Hotel, Escapio, Expedia, Holidaycheck, Hotel Tonight, HRS, Kayak, Mr. & Mrs. Smith, Splendia, Tablet Hotels, Tripadvisor, Trivago, Weekend4Two), we receive various personal information related to the booking from the respective platform operator. This typically includes the data listed in section 18 of this privacy policy. Additionally, inquiries regarding your booking may be forwarded to us. We process this data primarily to record your booking as requested and provide the booked services. The legal basis for data processing for this purpose is the performance of pre-contractual measures and the fulfillment of a contract under Article 6(1)(b) of the EU GDPR.

Furthermore, we may be informed by the platform operators about disputes related to a booking. In this context, we may receive data related to the booking process, which may include a copy of the booking confirmation as evidence of the actual booking. We process this data to protect and enforce our rights. Our legitimate interest under Article 6(1)(f) of the EU GDPR constitutes the legal basis for this processing.

Please also refer to the privacy policies of the respective booking platforms for further information.

Submission of Reviews:

To assist other users in making purchasing decisions and to support our quality management, especially in handling negative feedback, you have the opportunity to leave a review of your stay on our website. The data that will be processed and published on the website are those provided by you, which may include your review, its timestamp, possibly a comment you've added to your review, or the name you provided.

The legal basis for processing your data for this purpose is your consent under Article 6(1)(a) of the EU General Data Protection Regulation (EU GDPR).

We reserve the right to delete unlawful reviews and to contact you if there is suspicion and to request your response. The legal basis for these processes is our legitimate interest, as defined in Article 6(1)(f) of the EU GDPR, in providing the comment and review function and preventing abuse of its use.

Application for a Job Opening:

You have the opportunity to apply for a specific job opening either spontaneously or through a designated email address. For this purpose, we collect the following data, with mandatory fields marked with an asterisk (*) in the respective form:

• First Name
• Last Name
• Email Address
• Application documents (e.g., resume, cover letter, certificates, etc.)

We use this and any other voluntarily provided data to evaluate your application. Application documents of non-selected applicants will be deleted after the application process, unless you explicitly consent to a longer storage period or we are legally obliged to retain them for a longer period.

The legal basis for processing your data for this purpose is the performance of a contract (pre-contractual phase) under Article 6(1)(b) of the EU GDPR.

Data Processing in Connection with Your Stay:

Data Processing for Compliance with Legal Reporting Obligations:

Upon arrival at our hotel, we may need to collect the following information from you and your accompanying persons (mandatory *):

• First and Last Name
• Postal address and canton
• Date of birth
• Email address
• Nationality
• Official identification document and number
• Arrival and departure date

We collect this information to comply with legal reporting obligations, particularly those arising from the hospitality or police law. To the extent required by applicable regulations, we may forward this information to the competent police authorities.

The processing of this data is based on a legal obligation under Article 6(1)(c) of the EU GDPR.

Recording of Related Services:

If you avail of additional services during your stay (e.g., wellness, restaurant, activities), we will record the nature of the services and the time of their use for billing purposes. The processing of this data is necessary for the performance of the contract with us under Article 6(1)(b) of the EU GDPR.

Guest Feedback:

If you provided your email address in connection with your booking, you will receive an electronic feedback form after your departure. For this purpose, we collect the following data, with mandatory fields marked with an asterisk (*) in the respective form:

• First and Last Name
• Age
• Nationality
• Duration of the stay

The information is voluntary and helps us continuously improve our offerings and services to meet your needs. We will use the information provided solely for statistical purposes, unless otherwise specified in this privacy policy or unless you have separately consented to other uses. We may process this data to contact you in case of uncertainties.

The legal basis for the processing described above is our legitimate interest under Article 6(1)(f) of the EU GDPR in continuously improving our offerings and services and better aligning them with your needs.

Video Surveillance:

To prevent abuses and address unlawful behavior (especially theft and vandalism), the entrance area and publicly accessible areas of our hotel are monitored by cameras. Viewing of image data only occurs when there is suspicion of unlawful behavior. Otherwise, image recordings are automatically deleted after 72 hours.

For the provision of the video surveillance system, we rely on a service provider who may have access to the data as necessary for the system's provision. If suspicion of unlawful behavior is substantiated, the data may then be disclosed to the extent necessary to assert claims or to report to consulting firms (particularly our law firm) and authorities.

The legal basis for these processing activities is our legitimate interest under Article 6(1)(f) of the EU GDPR in protecting our property and safeguarding and enforcing our rights.

Use of Our WiFi Network:

In our hotel, you have the opportunity to use the WiFi network operated by Swisscom AG (Alte Tiefenaustrasse 6, 3050 Bern, Switzerland) free of charge. To prevent abuses and address unlawful behavior, pre-registration is required. During registration, you will transmit the following data to Swisscom AG:

• Mobile phone number
• MAC address of the end device (automatically)

Additionally, each use of the WiFi network records data about the visited hotel with timestamp, date, and end device. The legal basis for these processing activities is your consent under Article 6(1)(a) of the EU GDPR. You can revoke your registration at any time by notifying us.

Swisscom AG is required to comply with the legal obligations of the Swiss Federal Act on the Surveillance of Post and Telecommunications (SPTA) and the related ordinances. If the legal requirements are met, the WiFi operator, on behalf of the competent authority, may be required to monitor internet use or disclose the contact, usage, and metadata of the customer to the competent authorities. The contact, usage, and metadata are stored for a period of 6 months and then deleted.

The legal basis for these processing activities is our legitimate interest under Article 6(1)(f) of the EU GDPR in providing a WiFi network while complying with applicable legal regulations.

Payment Processing:

When you purchase products or services in our hotel using electronic payment methods or settle your stay, the processing of personal data is required. By using the payment terminals, you transmit information stored in your payment method, such as the cardholder's name and card number, to the involved payment service providers (e.g., payment solution providers, credit card issuers, and credit card acquirers). They also receive information that the payment method was used at our hotel, the amount, and the time of the transaction. Conversely, we only receive the credit for the amount of the payment made at the respective time, which we can allocate to the corresponding receipt number, or information that the transaction was not possible or was canceled. Please always refer to the information provided by the respective company, especially their privacy policy and terms and conditions. The legal basis for this transmission is the performance of the contract with you under Article 6(1)(b) of the EU GDPR.