Data Privacy Statement
Hotel Alexander GmbH, Niederdorfstrasse 40, 8001 Zürich is the operator of the website hotel-alexander.ch, alexander-guesthouse.ch, gruppenreisen-zurich.ch and is thus responsible for the collection, processing, and use of your personal data and for processing data in compliance with applicable data protection laws.
Your trust is important to us; therefore, we take data protection seriously and take care to provide proper security. In doing so, as a matter of course we comply with the legal provisions of the Swiss Federal Act on Data Protection (FADP), the Swiss Ordinance to the Federal Act on Data Protection (OFADP), the Swiss Telecommunications Act (TCA) and other applicable data protection provisions under Swiss or EU law, in particular the General Data Protection Regulation (GDPR).
Please read the following information to know what personal information we collect from you and for what purpose we use it.
1. Data processing in connection with our website
1.1 Visiting our website
When visiting our website, our servers temporarily store each access in a log file. The following technical data will be recorded by us, as usual with every connection with a web server, without your intervention, and stored by us until automatic deletion after no later than [Anzahl] months:
- the IP address of the requested computer,
- the name of the owner of the IP address range,
- the date and time of access,
- the website from which the access was made,
- the name and URL of the requested file,
- the status code
- the operating system
- the browser you use
- the transmission protocol you use
- your username for registration / authentication, if applicable
The collection and processing of this data is done for the purpose of enabling the use of our website, continuously ensuring system security and stability, optimising our website, and for internal statistical purposes. This is our legitimate interest in the processing of data in the sense of Art. 6 Par. 1 lit. f GDPR.
Furthermore, the IP address will be evaluated, together with other data, in case of attacks on the network infrastructure or other unauthorized use or misuse of the website, for the purpose of intelligence and protection, and, if appropriate, used in criminal proceedings for identification and civil and criminal proceedings against the relevant users. This is our legitimate interest in the processing of data in the sense of Art. 6 Par. 1 lit. f GDPR.
1.2 Use of our contact form
You have the option to use a contact form to contact us. For this we require the following information:
- First and last name
- E-mail address
We use this data, along with a telephone number you may voluntarily give, only in order to answer your contact question in the best possible and personalized manner. Therefore, in accordance with Art. 6 Par. 1 lit. b GDPR, the processing of this data is required in order to conduct pre-contractual activities or is in our legitimate interest in accordance with Art. 6 Par. 1 lit. f GDPR.
1.3. Opening a customer account
To make reservations through our website, you can either make your request as a guest or open a customer account. We must receive the following registration data in order to open a customer account:
- First and last name
- Date of birth
- Telephone number
- E-mail address
The collection of this data that you have so far voluntarily provided is used for the purpose of providing you password-protected direct access to your base data we have stored. Here you can view your past and current reservations and manage or change your personal data.
The legal basis for processing the data for this purpose lies in the consent you have provided in accordance with Art. 6 Par. 1 lit. a GDPR.
1.4 Reservations via the website, correspondence, or telephone
When you place a reservation through our website, by mail (e-mail or postal mail), or by telephone, we need the following data in order to execute the agreement:
- First and last name
- Postal address
- Date of birth
- Telephone number - Language
- Credit card information
- E-mail address
We will use this information as well as other information you voluntarily provide (e.g. expected arrival time, vehicle license plate number, preferences, comments) only in order to execute the agreement, unless otherwise stated in this Data Privacy Statement or you have not specifically consented thereto. We will process the data by name in order to record your reservation as you have requested, to make available the booked services, to contact you in case of a question or problem, and to ensure correct payment.
The legal basis for data processing for this purpose lies in the fulfilment of an agreement in accordance with Art. 6 Par. 1 lit. b GDPR.
Cookies help in many ways to make your visit to our website easier and more convenient and sensible. Cookies are information files that your web browser automatically saves on your computer’s hard drive when you visit our website.
Most internet browsers accept cookies automatically. However, you can configure your browser so that no cookies will be stored on your computer or that a message will appear every time you receive a new cookie. Disabling cookies can result in preventing you from using all the functions of our website.
1.6 Tracking tools
For the purpose of needs-oriented design and continuous optimisation of our website, we use the web analysis service of Google Analytics. In this context, pseudonymised usage profiles are created and small text files (“cookies”) are stored on your computer. The information generated by the cookie about your use of this website is transmitted to the server of the provider, stored there, and processed for us. In addition to the data listed under cipher 1, we may receive the following information:
- Navigation path that a visitor takes on the website
- Length of stay on the website or webpage
- Country, region, or city from which the access is made
- End device
- Returning or new user.
The information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage for purposes of market research and needs-based design of this website. This information may also be transferred to third parties if required by law or if the third parties are contracted for processing the data.
1.6.2 Google Analytics
The provider of Google Analytics is Google Inc., an enterprise of the holding company Alphabet Inc, domiciled in the USA. Before the data is transmitted to the provider, the IP address will be abbreviated by activating IP anonymisation (“anonymizeIP”) on this website within the member states of the European Union or in other contracting states of the agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and abbreviated there. In these cases, we provide contractual guarantees to ensure that Google Inc. maintains a sufficient level of data protection. According to Google Inc., under no circumstances will the IP address be associated with any other user-related data.
More information about the web analytics service used is available at the website of Google Analytics.
2. Data processing in connection with your stay
2.1 Data processing in order to comply with legal reporting obligations
When you arrive at one of our accommodations, we may need the following information about you and the persons accompanying you:
- First and last name
- Postal address
- Date of birth
- Place of birth
- Official ID
- Arrival and departure days
- Name of the accommodation
We collect this information in order to comply with legal reporting obligations stipulated in particular by hotel-business or police law. Insofar as we are required to do so under the applicable regulations, we will forward this information to the relevant police authorities.
In fulfilling the legal requirements, our legitimate interest is in the sense of Art. 6 Par. 1 lit. f GDPR.
2.2 Recording of services received
If you receive additional services as part of your stay, the service and the point in time it was received will be recorded by us for invoicing purposes. The processing of this data is in the sense of Art. 6 Par. 1 lit. b GDPR and required for executing the agreement with us.
3. Storage and exchange of data with third parties
3.1 Reservation platforms
If you place reservations through a third-party platform, we will receive various personal information from the respective platform operator. This is typically the data listed under cipher 5 of this Data Privacy Statement. In addition, enquiries regarding your reservation may be forwarded to us. We will process this data by name in order to record your reservation as requested and to provide the booked services. The legal basis of data processing for this purpose lies in the fulfilment of an agreement as described in Art. 6 1 lit. b GDPR.
Finally, we may be notified by the platform operators about disputes related to a reservation. In this case, we may also receive data on the reservation process, which may include a copy of the booking confirmation as evidence of the actual finalisation of the reservation. We process this data in order to safeguard and enforce our rights. This is our legitimate interest in the sense of Art. 6 Par. 1 lit. f GDPR.
3.2 Retention period
We store personal data only as long as necessary in order to use the aforementioned tracking services and the further processing within the scope of our legitimate interest. We store contract data for a longer period of time in order to comply with legal obligations for data retention. Data retention requirements that are obligatory for us arise from regulations set forth by reporting, accounting, and tax law. According to these regulations, business communication, closed contracts, and reservation documents must be retained for up to 10 years. Once we no longer require these data to carry out the services for you, the data will be blocked. This means that the data may then be used only for tax and accounting purposes.
3.3 Passing on data to third parties
We pass on your personal data only if you have expressly consented to it, if we are legally obligated to, or if this is necessary to enforce our rights, especially rights concerning the contractual relationship. Furthermore, we pass on your personal data to third parties insofar as this is required in the context of using the website and in contract processing, specifically, the processing of your reservation.
A service provider to whom the personal data collected via the website is passed on or who has or can have access to it is our web host (Aronet, Willisau). The website is hosted on servers in Switzerland. The transfer of data is for the purpose of providing and maintaining the functionality of our website. This is our legitimate interest in the sense of Art. 6 Par. 1 lit. f GDPR.
Finally, if you pay by credit card through the website, we forward your credit card information to the credit card issuer and the credit card acquirer. If you choose to pay by credit card, you will be asked to provide all the necessary information. The legal basis for passing on the data lies in the fulfilment of an agreement in the sense of Art. 6 Par. lit. b GDPR.
3.4 International transfer of personal data
We are also entitled to transfer your personal data to third parties abroad for the purposes of the data processing described in this Data Privacy Statement. They are obliged to protect data privacy to the same extent as we ourselves. If the level of data protection in a given land does not correspond to the Swiss or European level, we contractually ensure that the protection of your personal data corresponds to that in Switzerland or the EU at all times.
4. Further information
4.1 Rights to information, correction, deletion, and limitation of processing, right to data portability
You have the right to request and receive information about your personal data that we have stored. Furthermore, you have the right to correct inaccurate data and the right to have your personal data deleted, as far as no legal retention obligation stands in the way or a regulatory authorisation that allows us to process the data.
You also have the right to reclaim from us the data you have given us (right to data portability). On request, we will also pass the data on to a third party of your choice. You have the right to receive the data in a commonly used file format.
You can contact us for the aforementioned purposes at the e-mail address email@example.com. We may, at our sole discretion, require proof of identity before processing your request.
4.2 Data security
We use appropriate technical and organizational security measures to protect your stored personal data against manipulation, partial or complete loss, and unauthorized access by third parties. Our security measures are being continuously improved in line with technical developments. You should always treat your access data confidentially and close the browser window when you have finished communicating with us, especially if you share your computer with others.
4.3 Notice about data transfer to the USA
In the interest of completeness, we would like to point out to users domiciled in or residing in Switzerland that in the USA there are government surveillance measures that generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without differentiation, limitation, or exception on the basis of the objective pursued and without objective criteria that would limit the access of US authorities to the data and their subsequent use to very specific, strictly limited purposes that could justify both the access to these data and intervention related to their use. Furthermore, we would like to point out that in the USA there are is no right of appeal for affected people in Switzerland that would allow them to gain access to their personal data or to effect their correction or deletion, and there is no effective judicial protection against general access by US authorities. We explicitly inform affected persons of this legal and factual situation in order for them to make an accordingly informed decision concerning consent to the use of their data.
We point out to users domiciled in an EU member state that, in the point of view of the European Union, the USA – partly because of the issues mentioned in this paragraph – does not have a sufficient level of data protection. To the extent we have explained in this Data Privacy Statement that recipients of data (such as Google) are based in the USA, we will ensure that your data is protected at a reasonable level by our partners either through contractual arrangements with these companies or by ensuring the certification of such companies under the EU- or Swiss-US Privacy Shield.
Last update: 25 May 2018