Data protection declaration
APART AG, Mattenstrasse 1, 6343 Rotkreuz, runs APARTHOTEL Rotkreuz, and the Hotel Bauernhof operates the websites, www.aparthotel-rotkreuz.ch and www.bauernhof-rotkreuz.ch and all the sub-websites thereof. APART AG is, therefore, responsible for the collection, processing and use of your personal data and for ensuring that the data processing is compatible with applicable data protection law.
A. Data processing in connection with our website
1. Visiting our site
When you visit our website, our server makes a temporary record of each visit in a log file. The following technical data is recorded without any action on your part each time you connect to a web server – as is usual – and then stored by us until it is deleted automatically:
- the IP address of the computer requesting access;
- the name of the holder of the IP address range (usually your Internet access provider);
- the date and time you accessed the website;
- the website from which you accessed the site (referrer URL), and if applicable with the search word;
- the name and the URL of the downloaded file;
- the status code (for example, error message);
- the operating system of your computer;
- the browser you are using (type, version and language);
- the transfer protocol used (such as HTTP/1.1) and
- if applicable, your user name created when you registered/signed in.
This data is collected and processed to allow the use of our website (to make a connection), to lastingly ensure system security and stability, and to optimise our Internet offer, as well as for internal statistical purposes. This is our legitimate interest in data processing.
The IP address will also be assessed in conjunction with other data in the event of an attack on the network infrastructure or other illicit or fraudulent website activity, for investigation and defence purposes, and, where appropriate, will be used to undertake criminal proceedings for identification, and to take civil and criminal action against the users concerned. This is our legitimate interest in data processing.
2. Using our contact form
You have the option of using a contact form to get in touch with us. For this, we need the following information:
- First and last name
- E-mail address
We only use this data along with the telephone number and address you gave us voluntarily to answer any queries you may have as effectively and as personally as possible. The processing of this data is, therefore, required to complete contractual activities and is in our legitimate interest.
3. Subscribing to our newsletter
On our website, you can subscribe to our newsletter. To do this, you must register. The following information is required for registration:
- First and last name
- E-mail address
The above data is necessary for processing the data. We only process this data to customise any information we send to you and to tailor offers more geared to your interests.
After registration, you will receive a confirmation email. By clicking on the link, you give us your consent to process the data provided to regularly send the newsletter to the address stated by you, and to carry out a statistical analysis of usage behaviour and to improve the newsletter. This consent is necessary for us to legally process your e-mail address. We are permitted to entrust third parties with the dealing with the technical aspects of advertising campaigns, and are entitled to pass on your data for this purpose. At the end of each newsletter there is a link, via which you can unsubscribe from the newslet-ter at any time. After cancellation, your personal data in the newsletter system SuperMailer will be deleted. Any further processing will be done anonymously for the purposes of improving our newsletter only.
4. Booking hotel rooms on the website, by correspondence or by telephone
Bookings for the APARTHOTEL Rotkreuz and the HOTEL BAUERNHOF can be made online. You book via our service provider MEWS Systems, Amsterdam, which processes your data on our behalf. If you make a booking via our website, by correspondence (e-mail or post) or by telephone, we require the following data to complete the agreement:
- First and last name
- Postal address
- Date of birth
- Identity card number (either ID or passport)
- Telephone number
- Credit card information
- E-mail address
When booking in one of our hotels, you can set up an account and thus always have quick access to your bookings and personal data and make any necessary changes of your personal data yourself. After booking, you will receive an invitation to an online check-in. If you use the online check-in option, you can enjoy your stay even faster.
The legality of processing the data for this purpose stems from your having given consent. You will receive a corresponding information letter by e-mail immediately after booking.
5. Table bookings via our website
We have an online booking tool called Foratable on our website. Foratable is an online booking system operated by Lunchgate AG. The head office of Lunchgate AG is located at Badenerstrasse 255, 8003 Zurich, Switzerland. When you use the online booking system, please send us information, such as your first and last name, mobile phone number, e-mail address, date, time and the desired number of guests and any comments. This data is necessary for completing the booking and will only be made available for further processing by us and stored by Lunchgate AG at our request. When booking a table vie Foratable, you agree to the Data protection provisions of Lunchgate AG.
Lunchgate AG will send you automatic service messages directly related to your booking via e-mail or SMS on our behalf. This includes information on booking confirmations, changes or cancellations, and requests to write a review.
6. Purchasing vouchers and tickets in the on-line shop
On our website aparthotel-rotkreuz.ch, vouchers and tickets for our company and its events can be purchased. To do this, we have installed the software, E-GUMA by Idea Creation GmbH, 8006 Zurich. When you place an order on our online shop, send us information such as your first and last names, address, telephone number, e-mail address, payment method and any comments. This data is necessary for completing the order and will only be made available for further processing by us and stored by Creation GmbH at our request.
7. Credit card payments
If you wish to pay using a credit or debit card via our website, your data will be sent to a payment service provider and processed by the latter to complete the payment. We work with different providers, in particular with Stripe (for the payment of bookings through MEWS), Datatrans (for the purchase of vouchers and tickets in the online shop), Concardis and Six Payments.
Cookies help us in many ways to make your visit to our website easier, more pleasant and more practical. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our website.
Most web browsers automatically accept cookies. You may, however, configure your brows-er so that no cookies are stored on your computer, or a notification appears when you receive a new cookie.
The disabling of cookies may mean that you will not be able to use all of the features of our website.
9. Tracking tools
For the purposes of demand-oriented design and ongoing optimisation of our website, we use the web analytics service provided by Google Analytics. To this end, pseudonymised usage profiles are created and small text files are stored on your computer (“cookies”). The infor-mation generated by the cookies about your use of this website is transferred to the server of the provider of these services, where it is stored and processed for us. In addition to the data listed under point 1, we may, in some circumstances, collect the following information:
- the navigation path a visitor took to the website;
- time spent on the website or sub-website;
- the sub-website from which website is exited;
- the country, region or city, from where the website was accessed;
- terminal (type, version, colour depth, resolution, width and height of the brows-er window);
- returning or new visitors.
The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services connected with the use of the website and Internet use for the purposes of market research and demand-oriented design of this website. Also, this in-formation may be passed on to third parties if so required by law, or where such third parties process this data on our behalf.
b. Google Analytics
The provider of Google Analytics is Google Inc., a subsidiary of the holding company, Alpha-bet Inc., and has its headquarters in the USA. Prior to the transfer of data to the provider, the IP address will be abbreviated by activating IP anonymisation on this website (“anonymizeIP”) within the Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. The anonymised IP address sent by your browser to Google Analytics is not combined with any other data held by Google. Only in exceptional cases, will the full IP address be transferred to a Google server in the USA and abbreviated there. In these cases, we make sure by way of contractual guarantees that Google Inc. en-sures an adequate level of data protection. Google Inc. will under no circumstances connect the IP address with other data relating to the user.
For more information about the used web analytics services of Google Inc., please go to the website of Google Analytics. Instructions on how to prevent the processing of your data by the web analytics service can be found at: http://tools.google.com/dlpage/gaoptout?hl=de
B. Data processing in connection with your stay
10. Data processing to meet legal reporting obligations
On arrival at our hotel, we need you and any accompanying persons to provide the following information:
- First and last name
- Postal address and country
- Date of birth
- Official identification card and number
- Arrival and departure date
We collect this information in order to meet legal reporting obligations, in particular those relating to accommodation and police law. If we are obliged to do so under the applicable rules, we will forward this information to the competent police authority.
In addition, we store any requests, feedback and preferences in your guest profile, so we can refer to them for your arrival. If you would like us not to do so, please inform us via email@example.com.
11. Recording any services used
If, during your stay, you use additional services (e.g. restaurant services), the service will be recorded for billing purposes when it is used. This data must be processed to complete the order with us.
C. Storage and exchange of data with third parties
12. Booking platforms
If you make bookings via a third-party platform, we will receive personal information from the respective platform operator. This is usually the data listed under point 4 of this Data Protec-tion Declaration. In addition, any queries about your booking will be sent to us. This data will be processed nominally to make the booking in accordance with your request and to provide the booked services. The legality of data processing for this purpose stems from the fulfilment of an agreement.
Finally, we may be informed by the platform operators about any disputes arising out of or in connection with a booking. We may also receive information about the booking process, including a copy of the booking confirmation as proof of the actual completion of the booking. We will process this data to safeguard and enforce our claims.
Please also note the information on data protection of the provider.
13. Central storage and linking data
We save the data specified in paragraphs 2, 4 and 7-9 in a central electronic data processing system. The data about you will be systematically collected and linked in order to process your bookings and complete contractual services. For this, we use software by MEWS Systems, Holland. In Switzerland, the software is taken care of by Cloudsatwork GmbH, 8162 Steinmauer. The data is processed by this software based on our legitimate interest of customer-friendly and efficient customer-data management.
Our IT infrastructure supplier, Bytelink AG, Riedstrasse 1, 6343 Rotkreuz, is in charge of our server environment and the associated hardware and software. The daily backups of the data/systems are stored on our local servers. This is to ensure, in the event of a server failure, that the data will be safe.
14. Storage period
We store personal data only as long as it is required to use the above tracking services and to process the data further for our own legitimate interest. Contractual data will be kept for a longer period, as this is prescribed by statutory record-keeping requirements. The record-keeping requirements that oblige us to store data stem from the from rules on the right of notification as well as from accounting, civil law and tax law. In accordance with these rules, business communications, concluded contracts and accounting documents must be stored for up to 10 years. If we no longer need this data to carry out the services for you, the data will be locked. This means that the data may only be used for the purposes of accounting and tax purposes.
15. Passing on data to third parties
We only pass on your personal data if you have expressly consented to this or there is a legal obligation to do so, or it is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. Moreover, we will pass your data on to third parties, if this is necessary for the use of the website and for the execution of the contract (including outside the website), in particular for processing your bookings.
A service provider that personal data collected via the web site can be passed on to or that has access to it, is our web-host, Hostpoint, Neue Jonastrasse 60, 8640 Rapperswil-Jona. The websites are hosted on servers in Switzerland. Our webmaster, Mexan AG, Hirschmattstrasse 36, 6003 Lucerne, also has access. Data is passed on for the purpose of providing and maintaining the functionalities of our website.
Finally, we will forward your credit card information if you pay by credit card on the website to your credit card issuer as well as to the credit card acquirer. If you opt to pay by credit card, you will be asked to enter all the necessary information. The legality of passing on data for this purpose stems from the fulfilment of an agreement. Concerning the processing of your credit card information by these third parties, please read the general terms and conditions and the data protection declaration of your credit card issuer.
16. Passing on personal data to foreign countries
We are entitled for the purposes described in this Data Protection Declaration to pass on your personal data to a third-party company (service provider) abroad. These are bound by the data protection obligations to the same extent as we are. If the level of data protection in a country does not correspond to that of Switzerland or Europe, we contractually ensure protec-tion of your personal data to the same level as in Switzerland or in the EU.
17. Incorporation of services and content from third parties
Third-party content, such as videos on YouTube, maps from Google Maps, RSS feeds from other websites or graphics may be incorporated as part of this on-line offer. This always as-sumes that the provider of this content (hereinafter referred to as the “third-party provider”) will have knowledge of the IP address of the user. Because without the IP address, they could not send the content to the user's browser. The IP address is, therefore, required to present that content. We strive to use such content if the respective providers only use the IP address for the delivery of that content. However, we have no influence on whether third-party provid-ers store the IP address, for example, for statistical purposes. If we are aware of this, we will inform users thereof.
18. Using social plug-ins
Use of the social plug-ins of Facebook, Twitter, Google+ Instagram, Pinterest, AddThis with the Shariff solution:
Social plug-ins (“plug-ins”) of social networks are used on our website.
To increase the protection of your data when you visit our website, the plug-ins are not unre-stricted; they are just integrated into the website using an HTML link (the so-called “Shariff solution” by c't).
Including this feature means that when you access a page of our website that contains such a plug-in, no connection will be made with the servers of the provider of the respective social network. Clicking on one of the buttons will open a new window of your browser and retrieve the page of the respective service provider on which you (possibly after entering your login data), for example, can hit the like or share button. You can view the purpose and scope of data collection and further processing, the use of data by the provider on their websites, as well as your rights in this respect and the settings options for protecting your privacy on the privacy information of the provider.
On our website, we use the social media plug-in by TrustYou, Munich Center of Technology, Agnes-Pockels-Bogen 1, 80992, Munich. TrustYou is a service that collects and reviews ho-tels and makes the reports available. We use data by TrustYou to offer an independent opin-ion on the service.
On our website, we use the social media plug-in of TripAdvisor Inc., 400 1st Avenue, Needham, MA 02494 USA. TripAdvisor is an on-line company in the travel industry, which gathers reviews from their users about tourist offers, and combines it with booking recommendations. We use the widget by TripAdvisor to show customer reviews about us in an impartial manner. TripAdvisor will place a cookie on your computer when you access a page with the widget.
Data protection policy of TripAdvisor.
D. For more information
19. Right of access, rectification, cancellation and restriction of processing; right to data portability
You have the right to access personal data we have stored about you upon request. You also have the right to correct inaccurate data and the right to delete your personal data, provided there is no legal obligation to store the data or a there is a regulated activity that enables us to process data contrary to the aforementioned right.
You also have the right to request that data that you gave to us be returned to you (right to data portability). Upon, request, we will give the data to a third party of your choice. You have the right to receive the data in a common file format.
You can contact us for the above purpose via this e-mail address: info(at)aparthotel-rotkreuz.ch. To handle your requests, we can, at our discretion, require proof of identity.
In many countries, you also have the right to file a complaint with the competent data protec-tion authority if you have any concerns about how we process your data.
The above-mentioned rights depend on the applicable data protection legislation, and can, therefore, be either limited or comprehensive.
20. Data security
We use appropriate technical and organisational security measures to protect your personal data stored by us from manipulation, partial or complete loss and to protect it against unau-thorized access by third parties. Our security measures are being continuously improved to keep pace with technological developments.
You should always treat your access information confidentially and close the browser window when you have finished your communication with us, especially if you share your computer with others.
We also take internal company data protection very seriously. Our employees and appointed service providers are bound to maintain confidentiality and to comply with the provisions of data protection law.
21. Note on data transfers to the USA
For the sake of comprehensiveness, we would like to point out to users residing or domiciled in Switzerland that in the USA there are monitoring measures implemented by U.S. authorities that in general permit the storage of all personal data of all persons whose data was sent from Switzerland to the United States. This happens without differentiation, limitation or exception based on the pursued aim and without an objective criterion that would restrict access by the US authorities and the subsequent use thereof to very specific, strictly limited purposes, which may justify access to the data and intervene in relation to the use thereof. We would also like to point out that in the USA for the persons concerned from Switzerland, there are no remedies available that allow you to access the data and to have the said data corrected or deleted, and no effective judicial protection against general access rights by US authorities. We refer those affected explicitly to this legal and factual situation, so they can make an in-formed decision about giving their consent for their data to be used.
We would like to point out to users residing in a Member State of the EU that the United States from the point of view of the European Union, among other things because of the subjects referred to in this section, do not offer a sufficient level of data protection. In as far as we have outlined in this data protection declaration that recipients of data (such as Google) have their headquarters in the USA, we will, either by way of contractual arrangements with these companies, or by ensuring the certification of these companies under the EU/Swiss-US pri-vacy banner, make sure that your data with our partners enjoys an adequate level of protec-tion.
22. Right to file a complaint with a data protection supervisory authority
You have the right, at any time, to file a complaint with the data protection supervisory authority.
23. Applicable law and jurisdiction
This data protection declaration and the contracts that are based on or in connection with this privacy statement are subject to Swiss law, if not necessarily the law of another State is ap-plicable. The court of jurisdiction is the headquarters of APART AG if no another court of jurisdiction is specified.
24. Final provisions
Should individual parts of this data protection declaration become invalid, the validity of the rest of the data protection declaration will not be affected. In event of further developments to our website and changes to our offers or changes to the legal and/or regulatory requirements, it may be necessary to amend this data protection declaration. The current data protection declaration is published on our website.
If you have any questions or comments about our legal indications or data protection, please contact our data protection officer Karin Müller at karin.mueller(at)aparthotel-rotkreuz.ch.
25.06.2018 / Rotkreuz