Responsible and content of this privacy policy

We, the Hotel Herisau AG, Bahnhofstrasse 14, CH-9100 Herisau, are the operator of the Hotel Herisau as well as the website www.hotelherisau.ch and, unless otherwise stated in this data protection declaration, are responsible for the data processing listed in this data protection declaration. In order for you to know what personal data we collect from you and for what purposes we use it, please take note of the information below. When it comes to data protection, we are primarily guided by the legal requirements of Swiss data protection law, in particular the Federal Data Protection Act (DSG). Please note that the following information will be reviewed and amended from time to time. We therefore recommend that you consult this privacy policy regularly. Furthermore, other companies are responsible under data protection law or jointly responsible with us for individual data processing operations listed below, so that in these cases the information provided by these providers is also authoritative.

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

As a rule, it is possible to use our website without providing personal data. Insofar as personal data (e.g. name, address or e-mail addresses) is collected on our pages, this is always done on a voluntary basis as far as possible. Some of this data will be passed on to third parties in accordance with this privacy policy.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. It is not possible to completely protect data from access by third parties.

Data processing when contacting us

If you contact us via our contact addresses and channels (e.g. by e-mail, telephone or contact form), your personal data will be processed. The data that you have provided to us will be processed, e.g. Your name, e-mail address or telephone number and your request. In addition, the time of receipt of the request is documented. Mandatory information is marked with an asterisk (*) in contact forms. We process this data in order to implement your request (e.g. providing information about our hotel, support in contract processing such as questions about your booking, incorporating your feedback into the improvement of our services, etc.).

Terms

By using our website and in particular by using our online booking portal, you agree to the storage and internal use of your personal data and special requests as well as to our privacy policy.

The data will not be used for advertising purposes and will not be passed on to third parties. This data is used to identify you, to process your booking and to take your special wishes into account. We would like to point out that you can revoke your consent at any time.

Booking via our website

On our website you have the possibility to book an overnight stay. For this purpose, we collect the following data, whereby mandatory information is marked with an asterisk (*) during the booking process: First name*, last name*, address, postal code, city, country*, telephone number*, e-mail*

You also have the option of reserving a table or ordering a voucher. Please note the separate data protection declarations in the online tool foratable for table reservations and e-guma for voucher orders.

Booking via a booking platform

If you make bookings via a third-party platform (i.e. Booking, Hotel, Escapio, Expedia, Ho-lidaycheck, Hotel Tonight, HRS, Kayak, Mr. & Mrs. Smith, Splendia, Tablet Hotels, Tripadvisor, Trivago, Weekend4Two, etc.), we will receive various personal data from the respective platform operator in connection with the booking made. As a rule, this is the same data as the data listed in “Bookings via our website” in this privacy policy. In addition, inquiries about your booking may be forwarded to us.

We will process this data by name in order to record your booking as requested and to provide the booked services. The legal basis for data processing for this purpose lies in the implementation of pre-contractual measures and the fulfilment of a contract in accordance with Art. 6 para. 1 lit. b DSGVO.

Finally, we may exchange personal data with the platform operators in connection with disputes or complaints in connection with a booking, insofar as this is necessary to protect our legitimate interests. This may also include data on the booking process on the platform or data relating to the booking or processing of services and the stay with us. We process this data to protect our legitimate claims and interests in the processing and maintenance of our contractual relationships with the following platform operators:

Swiss Quality Hotels Genossenschaft, Spittelstrasse 4, CH-8712 Stäfa, www.SwissQualityHotels.com

Booking.com B.V. is a limited liability company governed by Dutch law and has its registered office at Herengracht 597, 1017 CE Amsterdam, the Netherlands. www.booking.com

Expedia Group Att: Lodging Product Marketing, 1111 Expedia Group Way W., Seattle WA 98119, USA, www.expedia.ch

Your data is stored in the databases of the platform operators, which allows them to access your data. Information about the processing of data by third parties and any transfer abroad can be found in section 5 of this data protection declaration. The legal basis for data processing for this purpose lies in our legitimate interest within the meaning of Art. 6 (1) (f) GDPR

Payment processing at the hotel

If you purchase products, purchase services or pay for your stay in our hotel using electronic means of payment, the processing of personal data is necessary. By using the payment terminals, you transmit the information stored in your means of payment, such as the name of the cardholder and the card number, to the payment service providers involved (e.g. providers of payment solutions, credit card issuers and credit card acquirers). They also receive the information that the means of payment was used in our hotel, the amount and the time of the transaction. Conversely, we only receive the credit of the amount of the payment made at the corresponding time, which we can assign to the relevant document number, or information that the transaction was not possible or was cancelled.

Always observe the information of the respective company, in particular the privacy policy and the general terms and conditions: Nets Schweiz AG, Richtistrasse 17, 8304 Wallisellen, Switzerland CHE-106.611.303, e-mail: [email protected]

The legal basis for our data processing lies in the fulfilment of a contract with you in accordance with Art. 6 (1) (b) GDPR. We reserve the right to store a copy of the credit card information as security.

Data processing in the fulfillment of legal reporting obligations

Upon arrival at our hotel, we may require the following information from you and your companions, whereby mandatory information is marked with an asterisk (*) in the corresponding form: title, first and last name, billing address, date of birth, nationality, identity card or passport, day of arrival and departure.

We collect this information in order to fulfil legal reporting obligations, which arise in particular from hospitality or police law. Insofar as we are obliged to do so under the applicable regulations, we will forward this information to the competent authority.

Data processing for applications

You have the opportunity to apply for a job in our company spontaneously or in response to a specific job advertisement. In doing so, we process the personal data provided by you.

We use the data you provide to check your application and suitability for employment. Application documents from applicants who have not been considered will be deleted at the end of the application process, unless you explicitly agree to a longer retention period or we are not legally obliged to store them for a longer period of time.

Cookies

Some of the Internet pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit our website.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

Hosting Provider & Server-Logfiles

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• IP address

• Browser type and browser version

• Operating system used

• Referrer URL

• Host name of the accessing computer

• Time of the server request

This data cannot be directly assigned to specific persons. This data will not be merged with other data sources. We reserve the right to check this data retrospectively if we become aware of concrete indications of illegal use.

This data, as well as all data on this website, is stored by our hosting provider hosttech GmbH, Seestrasse 15a, 8805 Richterswil, Switzerland, whose privacy policy can be found here.

SSL Encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

Seminar and voucher request form

If you send us enquiries via the seminar or voucher enquiry form, your details from the form, including the contact details you provided there, including your IP address, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

IP anonymization

We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser Plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de

For more information on how Google Analytics handles user data, please refer to Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

Order data processing

We have concluded a contract with Google for order data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic characteristics in Google Analytics

This website uses the “demographic characteristics” function of Google Analytics. As a result, reports can be created that contain statements about the age, gender and interests of the site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section “Objection to data collection”.

Fast Fonts

Fonts from the Fonts.com are used on this website. To the best of our knowledge, no personal data is stored by Fonts.com.

For technical reasons, however, your IP address must be transmitted to fast.fonts.net so that the fonts can be transmitted to your browser.

More information from Fonts.com can be found here.

Google Maps

This website uses functions of the map service Google Maps. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Google Maps uses so-called “cookies”. These are text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Facebook plugins

Plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our pages. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our site. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/.

When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. As a result, Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook “Like” button while you are logged into your Facebook account, you can link the contents of our pages to your Facebook profile. This allows Facebook to associate your visit to our website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to Facebook’s privacy policy at https://de-de.facebook.com/policy.php.

If you do not want Facebook to be able to assign your visit to our pages to your Facebook user account, please log out of your Facebook user account.

Data integrity

We use appropriate technical and organizational security measures to protect your personal data stored by us against loss and unlawful processing, in particular unauthorized access by third parties. Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and data protection. In addition, these persons are granted access to personal data only to the extent necessary to perform their duties.

Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always entails certain security risks and we cannot therefore guarantee the absolute security of information transmitted in this way.

Right to information, deletion, blocking

You have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing as well as a right to correction, blocking or deletion of this data at any time. If you have any questions about data protection or would like to exercise your rights, please contact our contact person for data protection by sending an e-mail to the following address: [email protected].

In the event of translation errors, only the German version of this privacy policy is legally binding.