Katara Hospitality Switzerland AG, Bahnhofplatz in 6300 Zug, Switzerland (CHE-114.959.229), operator of the website www.burgenstockselection.com
Bürgenstock Hotels AG, Bürgenstock, 6363 Obbürgen, Switzerland (CHE-105.841.711), operator of the website www.burgenstockresort.com
Hotel Schweizerhof Bern AG, Bahnhofplatz 11 in 3001 Bern, Switzerland (CHE-101.277.243), operator of the website www.schweizerhof-bern.ch
Société Anonyme de l’Hôtel Royal, Avenue d’Ouchy 40, 1000 Lausanne, Switzer-land (CHE-101.464.526), operator of the website www.royalsavoy.ch
Bürgenstock Kunst & Kulturstiftung, Bürgenstock, 6363 Obbürgen, Switzerland (CHE-115.263.885), operator of the website www.kks-buergenstock.ch
Bürgenstock Bahn AG, c/o Bürgenstock Obbürgen, 6362 Stansstad, Switzerland (CHE-108.107.719), operator of the website https://www.burgenstockresort.com/en/leisure/burgenstock-funicular
Hammetschwand Lift AG, Bürgenstock Obbürgen, 6363 Obbürgen, Switzerland (CHE-106.643.533), operator of the website https://www.burgenstockresort.com/en/leisure/hammetschwand-lift
are responsible for collecting, processing and using your personal data and for the compliance of this data processing with the data protection legislation which ap-plies to the relevant website.
Your trust is important to us, which is why we take data protection seriously and ensure the appropriate level of security. We observe the statutory provisions of the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (DPO), the Swiss Telecommunications Act (TCA) and any other data protection provisions which may apply under Swiss or EU law, in particular the General Data Protection Regulation (GDPR), as a matter of course. Please take note of the following information so that you are aware of the person-al data we collect from you and the purposes for which we use it. The address of our data protection representative in the EU is: VGS Datenschutz-partner UG, firstname.lastname@example.org
A. Processing data in connection with our website 1. Accessing our website When you visit our websites, our server temporarily stores each access in a pro-tocol file. The following technical data is recorded automatically at that time, as is usually the case when you connect to any web server, and stored by us until the next automatic erasure after no more than 12 months:
- The IP address of the computer sending the query - The name of the owner of the IP address range (usually your Inter-net access provider) - The date and time of access - The website from which access was gained (referrer URL) with the search term used if applicable - The name and URL of the file accessed - The status code (e.g. error message) - The operating system of your computer - The browser you used (type, version and language) - The transfer protocol used (e.g. HTTP/1.1) - Your user name if you registered/logged in
This data is collected and processed to allow users to use our websites (to estab-lish a connection), to ensure permanent system security and stability, to enable us to optimise our online offering and for internal statistical purposes. This is the basis for our legitimate interest in processing the data within the meaning of Art. 6 para. 1 letter f GDPR. The IP address is also analysed together with the other data to investigate and prevent attacks on our network infrastructure or other unauthorised use or abuse of the websites and, if applicable, during criminal proceedings for identifying and prosecuting the relevant users under civil and criminal law. This is the basis for our legitimate interest in processing the data within the meaning of Art. 6 para. 1 letter f GDPR. 2. Using our contact form Where you have the option on our websites to use a contact form to get in touch with us, we generally require the following information: - Title - First name and surname - E-mail address - Telephone number - Message The information that is required to process your request smoothly is marked as a mandatory entry. Entering other information is optional. We use this data and your address, if you provide it voluntarily, to reply to your request for contact as effec-tively as possible and in a personalised manner. Processing this data is therefore necessary to take steps prior to entering into a contract within the meaning of Art. 6 para. 1 letter b GDPR and is in our legitimate interest pursuant to Art. 6 para. 1 letter f GDPR. 3. Signing up for our newsletter Where you have the option on our websites to subscribe to our newsletter, you need to register. The following data must be submitted during the registration pro-cess: • Title • First name and surname • E-mail address The data above is required for data processing. We only process this data to per-sonalise the information and offers sent to you and to better match them to your interests. When you register, you give us your consent to process the data provided to regu-larly send the newsletter to the address you specified, to statistically analyse your usage behaviour and to optimise the newsletter. This consent constitutes our legal basis for processing your e-mail address within the meaning of Art. 6 para. 1 letter a GDPR. We are entitled to commission third parties with the technical implemen-tation of advertising initiatives and to pass on your data for this purpose (see no. 20 below). At the end of every newsletter, there is a link for you to unsubscribe from the newsletter at any time. When you unsubscribe you can give a reason if you wish. After you have unsubscribed from the newsletter, your personal data will be erased. It will only be processed further in an anonymised form to optimise our newsletter. 4. Opening a customer account Where you have the option on our websites to make bookings, you can place an order as a guest or open a customer account. When you register for a customer account, we generally collect the following data: - Title - First name and surname - Postal address - Telephone number - E-mail address - Password and security question The information that is required to process the opening of your customer account smoothly is marked as a mandatory entry. Entering other information is optional. We collect this data and other information you provide voluntarily (e.g. company name) to provide you with direct, password-protected access to your basic data stored with us. In your account, you can view previous and current bookings or manage and amend your personal data. The legal basis for processing the data for this purpose is the consent you have given in accordance with Art. 6 para. 1 letter a GDPR. 5. Booking on the website or by calling or corresponding with us If you book overnight stays, leisure activities, spa services or medical services and/or purchase vouchers via our websites, by corresponding with us (by e-mail or letter) or by calling us, we generally require the following data to process the contract: - Title - First name and surname - Postal address - Telephone number - Credit card information - E-mail address The information that is required to process your booking smoothly is marked as a mandatory entry or – if you book by telephone – requested from you in person. Entering other information is optional. We will only use other information you pro-vide voluntarily (e.g. date of birth, expected arrival time, vehicle number plate, preferences, comments) to process the contract unless otherwise specified in this privacy statement or unless you have given separate consent. In particular, we will process the data to enter your booking as required, to provide the booked ser-vices, to contact you in the event of problems or if anything is unclear, and to en-sure that the payment is correct. Please note that we may pass your data on to third parties insofar as this is required for the use of the websites and for pro-cessing the contract, for example when purchasing vouchers (see no. 20). The legal basis for processing the data for this purpose is the performance of a contract in accordance with Art. 6 para. 1 letter b GDPR. 6. Applying for a job Where you have the option on our websites to apply for jobs, you must submit a complete application. As a general rule, the following data must be submitted: - Title - First name and surname - Language - Postal address - Date of birth - E-mail address - Application documents (CV, covering letter, etc.) The information that is required to process your application smoothly is marked as a mandatory entry. This data and other information you provide voluntarily (e.g. telephone number) will be used in the application process. Unless you explicitly consent to further processing, the data will be erased after the relevant application procedure. The legal basis for data processing is therefore to take steps prior to entering into a contract and that it is in our legitimate interest pursuant to Art. 6 para. 1 letters b and f GDPR. The legal basis for further data processing is the consent you have given pursuant to Art. 6 para. 1 letter a GDPR. 7. Cookies Cookies help to make your visit to our website easier, more pleasant and more useful in many ways. Cookies are information files placed automatically on your computer’s hard drive by your web browser when you visit our website.
Most Internet browsers accept cookies automatically. However, you can config-ure your browser so that no cookies are placed on your computer or a message always appears when you receive a new cookie. Please visit the following webpages to find out how to configure the processing of cookies in the most common browsers: - Microsoft Windows Internet Explorer - Microsoft Windows Internet Explorer Mobile - Mozilla Firefox - Google Chrome for desktop - Google Chrome for mobile - Apple Safari for desktop - Apple Safari for mobile Deactivating cookies may mean that you are not able to use all the functions on our website. 8. Tracking tools a. Google Analytics
We use the web analytics service from Google Analytics to design our websites to meet users’ needs and optimise them continuously. User profiles with pseudo-nyms are created and cookies placed on your computer are used for this pur-pose. The information generated by the cookie is transmitted to the Google Ana-lytics server where it is stored and processed for us. In some cases, we may re-ceive the following information in addition to the data listed in no. 1 as a result: - Navigation path taken by a user on the site - Time spent on the website or a subpage - The subpage from which the webpage is left - The country, region or city from which a website is accessed - Device (type, version, colour depth, resolution, width and height of the browser window) - Returning or new visitor The information is used for evaluating use of the website, compiling reports on website activity and providing other services relating to website activity and Inter-net usage for market research and designing our website to meet users’ needs. This information may also be transmitted to third parties if required by law or if third parties process this data on our behalf (see also no. 17 ff.).
Google Analytics is provided by Google Inc., a company of the holding company Alphabet Inc., which is based in the USA. For the Member States of the European Union or for other parties to the Agreement on the European Economic Area, the IP address is truncated before the data is transmitted to the provider due to the activation of IP anonymisation (“anonymizeIP”) on our website. Google does not associate the anonymised IP address transmitted by your browser for Google Analytics with any other data held by Google. Only in exceptional cases will the full IP address be sent to and shortened by Google servers in the USA. In such cases, we ensure that Google Inc. maintains an adequate level of data protection by means of contractual safeguards. Google Inc. states that the IP address will not be associated with other data concerning users under any circumstances.
E. Further information 23. Right to access, rectification, erasure and restriction of processing; right to data portability You have the right to receive access to the personal data that we store about you on request. You also have the right to rectification of incorrect data and the right to erasure of your personal data if this is not precluded by any statutory retention obligation or permission which allows us to process the data.
In addition, you have the right to ask us to return the data you have submitted to us (right to data portability). We will also pass the data on to a third party of your choice on request. You have the right to receive the data in a commonly used file format.
You can contact us using the e-mail address email@example.com for the purposes specified above. We reserve the right to ask for proof of your identity to process your requests. 24. Data security We implement technical and organisational security measures that are suitable for us to protect your personal data that we store from manipulation, partial or total loss and unauthorised access by third parties. Our security measures are im-proved on an ongoing basis in line with technological development.
You should always keep your login details confidential and close the browser win-dow when you have finished communicating with us, especially if you share your computer with others.
We also take data protection within the company very seriously. Our employees and the service providers commissioned by us are subject to confidentiality obli-gations and are obliged to comply with data protection provisions. 25. Note on transmitting data to the USA For the sake of completeness, we wish to point out to users residing or established in Switzerland that, in the USA, US authorities carry out monitoring activities which allow all personal data belonging to all persons whose data has been trans-mitted from Switzerland to the USA to be stored as a general rule. These activities are carried out without differentiation, restriction or exception based on the aim pursued and with no objective criterion that makes it possible to restrict the US authorities’ access to the data and its subsequent use to specifically defined, strictly limited purposes which are able to justify the intrusion associated with both access to this data and to its use. We also wish to point out that, in the USA, there are no legal remedies available to the data subjects from Switzerland that enable them to receive access to the data concerning them and to have it rectified or erased, and no effective judicial protection from the general access rights of US authorities. We explicitly make data subjects aware of these facts and the legal situation so that they can make a suitably informed decision about giving their consent to the use of their data.
We wish to point out to users residing in a Member State of the EU that, from the perspective of the European Union, the USA does not have an adequate level of data protection due to the issues mentioned in this section, among other points. Insofar as we have specified in this privacy statement that data recipients (e.g. Google) are based in the USA, we will ensure that your data is protected to an adequate level by our partners, either by means of contractual regulations im-posed on these companies or by making sure these companies are certified un-der the EU- or Swiss-US Privacy Shield framework. 26. Right to lodge a complaint with a data protection authority You have the right to lodge a complaint with a data protection authority at any time.