Privacy policy

1. responsible person and content of this privacy policy

We, Swiss Holiday Park AG, are the operator of the Hotel Swiss Holiday Park (Hotel) of the website and its subpages www.shp.ch,www.swissholidaypark.ch, unless otherwise stated in this privacy policy, responsible for the data processing listed in this privacy policy.

In order for you to know what personal data we collect from you and for what purposes we use it, please take note of the information below. When it comes to data protection, we are guided primarily by the legal requirements of Swiss data protection law, in particular the Swiss Federal Data Protection Act (DSG), as well as the DSGVO, the provisions of which may be applicable in individual cases.

Please note that the following information will be reviewed and amended from time to time. We therefore recommend that you regularly review this privacy policy. Furthermore, for individual data processing listed below, other companies are responsible under data protection law or jointly responsible with us, so that in these cases the information of these providers is also authoritative.

2. contact person for data protection

If you have any questions about data protection or would like to exercise your rights, please contact our data protection contact by sending an e-mail to the following address: marketing@remove-this.shp.ch.

You can reach our EU data protection representative at:

Swiss Holiday Park AG, Dorfstrasse 11, 6443 Morschach, Switzerland.

datenschutz@remove-this.shp.ch

3 Scope and purpose of the collection, processing and use of personal data

3.1 Data processing when contacting us

If you contact us via our contact addresses and channels (e.g. by e-mail, telephone or contact form), your personal data will be processed. The data you have provided us with, such as your name, e-mail address or telephone number and your request, will be processed. In addition, the time of receipt of the request is documented. Mandatory data is marked with an asterisk (*) in contact forms. We process this data in order to implement your request (e.g. providing information about our hotel, support in the processing of contracts such as questions about your booking, incorporating your feedback into the improvement of our services, etc.).

For the processing of contact via contact form we use a software application from [TYPO3 Association, Gewerbestrasse 10, 4450 Sissach Switzerland] and [Perspective Software GmbH, Müggelstrasse 22, D-10247 Berlin, Germany]. Therefore, your data may be stored in a database of Mittwald CM Service GmBH & Co KG, which may allow Mittwald CM Service GmBH & Co KG to access your data if necessary for the provision of the Software and for support in the use of the Software. Information about the processing of data by third parties and any transfer abroad can be found in section 4 of this privacy policy.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO in the implementation of your request or, if your request is directed towards the conclusion or performance of a contract, the necessity for the implementation of the required measures within the meaning of Art. 6 (1) lit. b DSGVO.

3.2 Data processing when using our chat function

If you contact us via chat, your personal data will be processed. The data that you have provided to us is processed, e.g. the name of your company, your name, your function, your e-mail address and your request. In addition, the time of receipt of the request is documented. Mandatory data are marked with an asterisk (*). We process this data exclusively in order to implement your request (e.g. providing you with information about our hotel, assisting you with the processing of contracts such as questions about your booking, incorporating your feedback into the improvement of our services, etc.).

We use a software application from [Meta Platforms Inc, 1601 S California Ave, Palo Alto, CA 94304, USA, Privacy Notice] to handle communication via chat function. Therefore, at most, your data will be stored in a database of Meta Platforms Inc, which may allow Meta Platforms Inc to access your data if necessary to provide the software and to assist you in using the software. For information about the processing of data by third parties and any transfer abroad, please refer to section 4 of this Privacy Policy.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) (f) DSGVO in the use of up-to-date communication technologies or, if your request is directed towards the conclusion or performance of a contract, in the implementation of the necessary measures within the meaning of Art. 6 (1) (b) DSGVO.

It may be that Meta Platforms Inc wishes to use some of this data for its own purposes (e.g. for the delivery of marketing e-mails or for statistical analyses). For these data processing operations, Meta Platforms Inc is the controller and must ensure compliance with data protection laws in connection with these data processing operations. Information about data processing by Meta Platforms Inc can be found at Link.

3.3 Data processing when registering for a customer account

If you open a customer account on our website, we collect the following data, with mandatory data marked with an asterisk (*) in the corresponding form:

Personal data:
- Salutation
- Name
- First name
- Billing and delivery address, if applicable
- Birthday
- Company, company address and UID no. for corporate customers
Login data:
- E-mail address
- Password
Other data:
- Languages
- Gender

We use the personal data to establish your identity and to verify the requirements for registration. The e-mail address and password together serve as login data and thus to ensure that the correct person under your details is using the website. We also need your e-mail address for verification and confirmation of the account opening and for future communication with you - necessary for the execution of the contract. In addition, this data is stored in the customer account for future bookings or contract conclusions. For this purpose, we also enable you to store further details in the account (e.g. your preferred means of payment).

We also use the data to provide an overview of bookings made and services received and a simple way to manage your personal data, to administer our website and contractual relationships, i.e. to establish, define the content of, process and amend contracts concluded with you via your customer account (e.g. in connection with your booking with us).

We process the information on language and gender in order to display offer suggestions on the website that are best tailored to your profile or your personal needs, for statistical recording and evaluation of the selected offers and thus to optimize our suggestions and offers.

The legal basis for the processing of your data for the preceding purpose is your consent pursuant to Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time by removing the information from your customer account again or by deleting your customer account or having it deleted by notifying us.

To avoid misuse, you should always treat your login data confidentially and log out after each session and delete the browsing history, especially if you share the terminal device with others.

3.4 Data processing when ordering via our online store

On our website, you have the option of ordering products, services and vouchers. For this purpose, we collect the following data, whereby mandatory data is marked with an asterisk (*) during the ordering process:

Salutation
First and last name
Company
Billing and delivery address
Telephone number
E-mail
Birthday
Payment method
Shipping method
Information about subscription to marketing e-mails
Confirmation of the accuracy of the information provided
Confirmation of knowledge and consent regarding terms and conditions and privacy policy

We use the data to establish your identity before concluding a contract. We need your e-mail address to confirm your order and for future communication with you - necessary for the execution of the contract. We store your data together with the marginal data of the order (e.g. designation, price and characteristics of the ordered products), the data for payment (e.g. selected payment method, confirmation of payment and time; see also section 3.7.2) as well as the data for the processing and fulfillment of the contract (e.g. receipt of and handling of complaints), so that we can ensure correct order processing and contract fulfillment.

The legal basis of this data processing is the fulfillment of a contract with you according to Art. 6 para.1 lit. b DSGVO.

The provision of data that is not marked as mandatory is voluntary. We process this data in order to tailor our offer to your personal needs in the best possible way, to facilitate the processing of contracts, to contact you by an alternative communication channel if necessary with a view to fulfilling the contract, or for statistical collection and evaluation to optimize our offers.

The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time by notifying us.

To provide the online store, we use a software application from [Idea Creation GmbH, Walchestrasse 15, 8006 Zurich, Switzerland, Zucchetti Switzerland SA Centro San Martino, Via Moree 16, 6850 Mendrisio, Switzerland, TAC Informationstechnologie GmbH, Schildbach 211, 8230 Hartberg, Austria and ‍GiggleGmbH, Jahnstrasse 18, 6020 Innsbruck, Austria-EU. Therefore, your data may be stored in a database by the above-mentioned companies, which may allow the companies to access your data if this is necessary for the provision of the Software and for support in the use of the Software. Information about the processing of data by third parties and any transfer abroad can be found in section 4 of this privacy policy.

The legal basis for this data processing is the fulfillment of a contract with you according to Art. 6 para.1 lit. b DSGVO.

3.5 Data processing for bookings

3.5.1 Booking via our website

On our website, you have the option of booking an overnight stay. For this purpose, we collect the following data, whereby mandatory data is marked with an asterisk (*) during the booking process:

Salutation
First name
Last name
Billing address
Telephone number
E-mail
Payment method
Booking details
Remarks
Confirmation of the accuracy of the information provided
Confirmation of knowledge and consent regarding terms and conditions and privacy policy

We use the data to establish your identity before concluding a contract. We need your e-mail address to confirm your booking and for future communication with you, which is necessary for the execution of the contract. We store your data together with the marginal data of the booking (e.g. room category, period of stay as well as designation, price and characteristics of the services), the data for payment (e.g. selected payment method, confirmation of payment and time; see also section 3.7.2) as well as the data for the processing and fulfillment of the contract (e.g. receipt of and handling of complaints) so that we can ensure correct booking processing and contract fulfillment.

Insofar as this is necessary for the fulfillment of the contract, we will also pass on the required information to any third-party service providers (e.g. organizers or transport companies).

The legal basis for this data processing is the fulfillment of a contract with you according to Art. 6 para.1 lit. b DSGVO.

The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time by notifying us.

For booking processing via our website, we use a software application from Sabre GLBL Inc, 3150 Sabre Drive, Southlake, Texas. As a result, your information may be stored in a Sabre GLBL Inc database, which may allow Sabre GLBL Inc to access your information as necessary to provide the software and to assist you in using the software. Information about the processing of data by third parties and any transfer abroad can be found in section 4 of this Privacy Policy.

The legal basis for this data processing is the fulfillment of a contract with you according to Art. 6 para.1 lit. b DSGVO.

3.5.2 Booking via a booking platform

If you make bookings via a third-party platform (i.e., Booking, Hotel, Escapio, Expedia, Holidaycheck, Hotel Tonight, HRS, Kayak, Mr. & Mrs. Smith, Splendia, Tablet Hotels, Tripadvisor, Trivago, Weekend4Two, etc.), we receive various personal data from the respective platform operator in connection with the booking made. This is usually the data listed in section 3.7.2 of this privacy policy. In addition, inquiries about your booking may be forwarded to us. We will process this data by name in order to record your booking as requested and to provide the booked services.
The legal basis of data processing for this purpose is the implementation of pre-contractual measures and the fulfillment of a contract pursuant to Art. 6 (1) lit. b DSGVO.
Finally, we may exchange personal data with platform operators in connection with disputes or complaints related to a booking, to the extent necessary to protect our legitimate interests. This may also include data relating to the booking process on the platform or data relating to the booking or processing of services and the stay with us. We process this data to protect our legitimate claims and interests in the processing and maintenance of our contractual relationships with the following platform operators:

- Booking Holdings Inc, 800 Connecticut Ave, Norwalk, CT 06854, USA.
  For more information about data processing in connection with Swiss Holiday Park AG, please see[Link].
- Expedia Group, 1111 Expedia Group Way West, Seattle WA 98119, USA
  For more information about data processing in connection with Swiss Holiday Park AG, please see[Link].
- HRS GmbH, Breslauer Platz 4, 50668 Cologne, Germany
  For further information on data processing in connection with Swiss Holiday Park AG, please see[Link].
- STC Switzerland Travel Centre AG, Binzstrasse 38, 8045 Zurich, Switzerland
  For further information on data processing in connection with Swiss Holiday Park AG, please refer to[Link].
- Invit Travel GmbH, Hardeggerstrasse 30, 3008 Bern, Switzerland
  For further information on data processing in connection with Swiss Holiday Park AG, please refer to[Link].
- trivago N.V., Kesselstrasse 5 - 7, 40221 Düsseldorf, Germany
  For further information about data processing in connection with Swiss Holiday Park AG, please see[Link]
- gruppenhaus.ch GmbH, Seestrasse 112, 8806 Bäch, Switzerland
  For more information about data processing in connection with Swiss Holiday Park AG, please see[Link]
- HolidayCheck AG, Bahnweg 8, 8598 Bottighofen, Switzerland
  HC Touristik GmbH, Neumarkter Strasse 61, 81673, Munich, Germany
  For more information about data processing in connection with Swiss Holiday Park AG, please see[Link]
- Airbnb Payments Luxembourg SA, 4 rue Henri Schnadt, L-2350 Luxembourg
  For more information about data processing in connection with Swiss Holiday Park AG, please see[Link]
- Landal GreenParks GmbH, Max-Planck-Straße 12, 54296 Trier, Germany
  For further information on data processing in connection with Swiss Holiday Park AG, please refer to[Link].
- Schweizer Reisekasse, Neuengasse 15, 3001 Bern, Switzerland
  For more information about data processing in connection with Swiss Holiday Park AG, please see[Link]
- TouristDataShop AG (Tomas), rue du midi 3, 1860 Aigles, Switzerland
  For more information on data processing in connection with Swiss Holiday Park AG, please see[Link].

Your data will be stored in the databases of the platform operators, which allows them to access your data. Information about the processing of data by third parties and any transfer abroad can be found and you under point 4 of this privacy policy.
The legal basis of data processing for this purpose is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO.

3.6 Data processing when reserving a table

On our website, you have the option of reserving a table in a restaurant named on our website. For this purpose, we collect - depending on the respective offer - the following data, whereby mandatory data are marked with an asterisk (*) when reserving via the website:

First name
Last name
Number of guests
E-mail address
Telephone number
Special diet
Comment
Date and time of the reservation

We collect and process the data to process the reservation, in particular to make your reservation request according to your wishes and to contact you in case of any uncertainties or problems. We store your data together with the marginal data of the reservation (e.g. date and time of receipt, etc.), the data on the reservation (e.g. assigned table) as well as information on the processing and fulfillment of the contract (e.g. receipt of and handling of complaints), so that we can ensure correct reservation processing and contract fulfillment.

For the processing of table reservations we use a software application from aleno AG, Aegertenstrasse 6, 8003 Zurich, Switzerland]. Therefore, your data may be stored in a database of aleno AG, which may allow aleno AG to access your data if this is necessary for the provision of the software and for support in the use of the software. Information about the processing of data by third parties and any transfer abroad can be found in section 4 of this privacy policy.

The legal basis for this data processing is the fulfillment of a contract with you according to Art. 6 para.1 lit. b DSGVO.

It may be that aleno AG wishes to use some of this data for its own purposes (e.g. for the delivery of marketing e-mails or for statistical analyses). For these data processing operations, aleno AG is the controller and must ensure compliance with data protection laws in connection with these data processing operations. Information about data processing by aleno AG can be found under Link.

3.7 Data processing during payment processing

3.7.1 Payment processing in the hotel

If you purchase products, obtain services or pay for your stay in our hotel using electronic means of payment, the processing of personal data is required. By using the payment terminals, you transmit the information stored in your payment means, such as the name of the cardholder and the card number, to the payment service providers involved (e.g. payment solution providers, credit card issuers and credit card acquirers). They also receive the information that the payment method was used in our hotel, the amount as well as the time of the transaction. Conversely, we only receive the credit for the amount of the payment made at the relevant time, which we can assign to the relevant voucher number, or information that the transaction was not possible or was cancelled. In this regard, please always also observe the information provided by the respective company, in particular the data protection declaration and the general terms and conditions.

For payment processing via contact form, we use a software application from Worldline Schweiz AG, Hardturmstrasse 201, 8051 Zurich, Switzerland. Therefore, your data may be stored in a database of Worldline Schweiz AG, which may allow Worldline Schweiz AG to access your data if this is necessary for the provision of the software and for support in the use of the software. Information about the processing of data by third parties and any transfer abroad can be found in section 4 of this privacy policy.

The legal basis of our data processing is the fulfillment of a contract with you according to Art. 6 para.1 lit. b DSGVO.

It may be that Worldline Schweiz AG would like to use some of this data for its own purposes (e.g. for the delivery of marketing e-mails or for statistical analyses). For these data processing operations, Worldline Schweiz AG is the controller and must ensure compliance with data protection laws in connection with these data processing operations. Information about data processing by Worldline Schweiz AG can be found under Link.

3.7.2 Online payment processing

If you make chargeable bookings on our website, order services or products, depending on the product or service and the desired payment method - in addition to the information mentioned in section 3.5.1 - the provision of further data is required, such as your credit card information or login with your payment service provider. This information, as well as the fact that you have purchased a service from us for the amount and at the time in question, will be forwarded to the respective payment service providers (e.g. payment solution providers, credit card issuers and credit card acquirers). In this regard, please also always observe the information provided by the respective company, in particular the data protection declaration and the general terms and conditions.

The legal basis of our data processing is the fulfillment of a contract according to Art. 6 para.1 lit. b DSGVO.

We reserve the right to store a copy of the credit card information as security. Furthermore, in order to avoid payment incidents, the necessary data, in particular your personal details, may be transmitted to a credit agency for the automated assessment of your creditworthiness. In this context, the credit agency may assign you a so-called score value. This is an estimate of the future risk of non-payment, e.g. based on a percentage. The value is collected using mathematical-statistical methods and including data from the credit agency from other sources. We reserve the right, in accordance with the information received, not to offer you the payment method "invoice".

The legal basis for this data processing is our legitimate interest according to Art. 6 para. 1 lit. f. DSGVO in the avoidance of payment defaults.

For the credit check via contact form, we use a software application from Worldline Schweiz AG, Hardturmstrasse 201, 8051 Zurich, Switzerland. Therefore, your data may be stored in a database of Worldline Schweiz AG, which may allow Worldline Schweiz AG to access your data if this is necessary for the provision of the software and for support in the use of the software. Information about the processing of data by third parties and any transfer abroad can be found in section 4 of this privacy policy.

The legal basis for this data processing is our legitimate interest according to Art. 6 para. 1 lit. f. DSGVO in the prevention of payment defaults.

It may be that Worldline Schweiz AG wishes to use some of this data for its own purposes (e.g. for the delivery of marketing e-mails or for statistical analyses). Worldline Schweiz AG is the data controller for these data processing operations and must ensure compliance with data protection laws in connection with these data processing operations. Information about data processing by Swiss Holiday Park AG can be found under Link.

3.8 Data processing during the recording and billing of purchased services

If you obtain services as part of your stay (e.g. further overnight stays, wellness, restaurant, activities), we will - in addition to your contractual data - record and process the booking data (e.g. time and remarks) as well as the data on the booked and obtained service (e.g. subject of the service, price and time of the service) for the purpose of processing the service, as described in sections 3.5 and 3.6.

The legal basis for our data processing is the fulfillment of a contract in accordance with Art. 6 Para. 1 lit. b DSGVO.

3.9 Data processing for email marketing

If you register for our marketing emails (e.g. when opening, within your customer account or as part of an order, booking or reservation), the following data is collected. Mandatory data is marked with an asterisk (*) during registration:

E-mail address
Salutation
First and last name
Birthday
Country

To avoid misuse and to ensure that the owner of an e-mail address has actually given his or her consent to receive marketing e-mails, we use the so-called double opt-in during registration. After sending the registration, you will receive an e-mail from us with a confirmation link. In order to definitely register for the marketing e-mails, you must click on this link. If you do not confirm your e-mail address using the confirmation link within the specified period, your data will be deleted again and our marketing e-mails will not be sent to this address.

By registering, you consent to the processing of this data in order to receive marketing e-mails from us about our hotel and related information on products and services. These marketing emails may include invitations to participate in sweepstakes, provide feedback, or rate our products and services. Collecting the salutation and first and last name allows us to associate the registration with any existing customer account and thereby personalize the content of the marketing emails. The link to a customer account allows us to make the offers and content contained in the marketing emails more relevant to you and better tailored to your potential needs.

We will use your data to send marketing emails until you revoke your consent. Revocation is possible at any time, in particular via the unsubscribe link included in all marketing emails.

Our marketing emails may contain a so-called web beacon, 1x1 pixel (tracking pixel) or similar technical tools. A web beacon is an invisible graphic that is linked to the user ID of the respective subscriber. For each marketing email sent, we receive information on which email addresses it was successfully transmitted to, which email addresses have not yet received the marketing email and for which email addresses the transmission failed. It is also displayed which e-mail addresses have opened the marketing e-mail and for how long and which links have been clicked. Finally, we also receive information about which subscribers have unsubscribed from the mailing list. We use this data for statistical purposes and to optimize the marketing e-mails in terms of frequency and time of sending as well as regarding the structure and content of the marketing e-mails. This allows us to better tailor the information and offers in our marketing emails to the individual interests of the recipients.

The web beacon is deleted when you delete the marketing email. You can prevent the use of the web beacons in our marketing emails by setting the parameters of your email program so that HTML is not displayed in messages. See the help files for your email software application for information on how to configure this setting, for example, here for Microsoft Outlook.

By subscribing to marketing emails, you also consent to the statistical analysis of user behavior for the purpose of optimizing and customizing marketing emails.

For the provision of marketing emails, we use a software application from [The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA]. Therefore, at most, your data will be stored in a database of The Rocket Science Group, LLC, which may allow The Rocket Science Group, LLC to access your data if necessary to provide the software and to assist you in using the software. Information about the processing of data by third parties and any transfer abroad can be found and you under section 4 of this privacy policy.

Your consent constitutes the legal basis for the processing of data within the meaning of Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time for the future.

3.10 Data processing when submitting ratings

In order to help other users with their decision and to support our quality management (esp. in the processing of negative feedback), you have the option on our website to rate your stay with us. The data processed and published on the website are those that you have provided to us, i.e. in addition to your evaluation and its time, possibly also a comment that you have added to your evaluation, or the name you have given.

The legal basis for data processing is your consent within the meaning of Art. 6 (1) lit a DSGVO. You can revoke your consent at any time and request the anonymization of your rating.

We reserve the right to delete unlawful ratings and to contact you in case of suspicion and ask you to comment.

The legal basis for these processing operations is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO in providing a lawful and unadulterated comment and rating function, as well as the prevention of abuse in its use.

3.11 Data processing when providing guest feedback

During your stay or afterwards, you have the opportunity to give us feedback (e.g. praise, criticism and suggestions for improvement) using a form. For this purpose, we collect - depending on - the following data, whereby mandatory data are marked with an asterisk (*) in the corresponding form:

First and last name
Age
Nationality
Length of stay
Feedback

Your data will be processed as part of our quality management and thus ultimately for the purpose of better tailoring our services and products to the needs of our guests. Specifically, your data will be processed for the following purposes:

Clarification of your request, i.e. e.g. obtaining statements from addressed employees and superiors or obtaining queries from you, etc.;
Evaluating and analyzing your information, e.g. compiling satisfaction statistics, comparing individual services, etc.; or
Taking organizational measures in accordance with the findings, e.g. remedying grievances/deficits/misconduct, e.g. by repairing defective equipment, instructing and praising or admonishing employees.

In connection with guest feedback, we use a software application from IRC-Swiss GmbH, Rainweg 8 4496 Kilchberg, Switzerland Therefore, your data may be stored in a database of IRC-Swiss GmbH, which may allow IRC-Swiss GmbH to access your data if this is necessary for the provision of the software and for support in the use of the software. Information about the processing of data by third parties and any transfer abroad can be found in section 4 of this privacy policy.

The legal basis for these processing operations is your consent pursuant to Art. 6 para.1 lit. a DSGVO. You can revoke this consent at any time for the future.

3.12 Data processing for video surveillance

For the protection of our guests and employees as well as our property and for the prevention and punishment of illegal behavior (esp. theft and property damage), the entrance area as well as the publicly accessible areas of our hotel, with the exception of the sanitary facilities, can be monitored by cameras. The image data will only be viewed if there is a suspicion of illegal behavior. Otherwise, the image recordings are automatically deleted after [72] hours.

For the provision of the video surveillance system, we rely on a service provider Tyco Integrated Fire & Security (Schweiz) AG, Bahnweg 11 - 8808 Pfäffikon/, SwitzerlandTyco Integrated Fire & Security (Schweiz) AG has access to the data insofar as this is necessary for the provision of the system. Should the suspicion of unlawful conduct be substantiated, the data may be passed on to consulting companies (in particular to a law firm) as well as to authorities to the extent necessary for the enforcement of claims or the filing of charges. Information on the processing of data by third parties and any transfer abroad can be found in section 4 of this privacy policy. Further information about data processing in connection with Tyco Integrated Fire & Security (Schweiz) AG can be found at www.johnsoncontrols.com/de_ch/de/impressum.

The legal basis is our legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO in protecting our guests, our employees and our property as well as in safeguarding and enforcing our rights.

3.13 Data processing when using our WiFi network

In our hotel, you have the possibility to use the WiFi network operated by Swisscom (Schweiz) AG, Alte Tiefenaustrasse 6, 3050 Bern, Switzerland, free of charge. In order to prevent misuse and to punish illegal behavior, prior registration is required. In doing so, you will transmit the following data to Swisscom (Switzerland) Ltd:

Option Free SMS Login

Cell phone number
MAC address of the terminal device (automatic)

Option Free Voucher Login

Payment method
Email
MAC address of the terminal (automatic)

Option Hotel Login

Room number
Guest Name
MAC address of the end device (automatic)

In addition to the above data, data on the time and date of use, the network used and the end device are collected each time the WiFi network is used. The legal basis for these processing operations is your consent within the meaning of Art. 6 (1) lit. a DSGVO. You can revoke this consent at any time for the future.

The responsible party for this data processing is Swisscom (Switzerland) Ltd. As part of the registration process, you give your consent to Swisscom (Switzerland) Ltd. and must accept the terms of use and the privacy policy of Swisscom (Switzerland) Ltd.

The legal basis for these processing operations is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO in providing a Wifi network in compliance with the applicable legal provisions.

3.14 Data processing for the fulfillment of legal reporting obligations.

Upon arrival at our hotel, we may require the following information from you and your accompanying persons, with mandatory information marked with an asterisk (*) in the corresponding form:

Salutation
First and last name
Billing address
Date of birth
Nationality
Identity card or passport only for foreign guests
Date of arrival and departure

We collect this information in order to fulfill legal reporting obligations, which arise in particular from the hospitality industry or police law. Insofar as we are obliged to do so under the applicable regulations, we forward this information to the competent authority.

The legal basis for the processing of this data lies in our legitimate interest within the meaning of Art. 6 (1) lit. c DSGVO in complying with our legal obligations.

3.15 Data processing for applications

You have the option of applying to us spontaneously or in response to a specific job advertisement for employment in our company. In doing so, we process the personal data provided by you.

We use the data you provide to review your application and suitability for employment. Application documents of unsuccessful applicants are deleted at the end of the application process, unless you explicitly agree to a longer retention period or we are not legally obliged to retain them for a longer period.

For the processing of applications, we use a software application from New Work SE (Onlyfy), Am Strandkai 1 20457 Hamburg Germany. Therefore, at most, your data will be stored in a database of New Work SE, which may allow New Work SE to access your data if this is necessary for the provision of the software and for support in the use of the software. Information about the processing of data by third parties and any transfer abroad can be found and you under section 4 of this privacy policy.

The legal basis for processing your data for this purpose is the execution of a contract (pre-contractual phase) according to Art. 6 para.1 lit. b DSGVO.

4. disclosure and transfer abroad
4.1 Disclosure to third parties and access by third parties

Without the support of other companies, we would not be able to provide our services in the desired form. In order for us to be able to use the services of these companies, a transfer of your personal data to these companies is also necessary to a certain extent. A transfer is made to selected third-party service providers and only to the extent necessary for the optimal provision of our services.

Various third-party service providers are already explicitly mentioned in this privacy policy. Incidentally, these are the following service providers:

[Idea Creation GmbH, Walchestrasse 15, 8006 Zurich, Switzerland]. Further information on data processing in connection with Swiss Holiday Park AG can be found at www.e-guma.ch/datenschutz/.
Unifocus, 10 John St. London WC1N 2EB, United Kingdom.
BLENT Sàrlc/o, Ecole hôtelière de Lausanne, Route de Cojonnex, 181000 Lausanne Switzerland
Aleno, Werstrasse 21, 8004 Zurich, For more information about data processing in connection with aleno, please click here: www.aleno.me.

In the case of these disclosures, the legal basis is the necessity for the performance of a contract within the meaning of Art. 6 (1) lit. b DSGVO.

Your data will also be passed on if this is necessary to fulfill the services you have requested, i.e. e.g. to restaurants or providers of other services for which you have made a reservation through us. The legal basis for these disclosures is the necessity for the fulfillment of a contract within the meaning of Art. 6 (1) lit. b DSGVO. For this data processing, the third-party service providers are responsible parties within the meaning of the Data Protection Act and not us. It is the responsibility of these third-party service providers to inform you about their own - beyond the transfer of data for the provision of services - data processing and to comply with data protection laws.

In addition, your data may be passed on, in particular to authorities, legal advisors or collection agencies, if we are legally obliged to do so or if this is necessary to protect our rights, in particular to enforce claims arising from our relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof and such disclosure is necessary to conduct due diligence or to complete the transaction.

Our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO in the protection of our rights and compliance with our obligations or the sale of our company or parts thereof forms the legal basis for such data processing.

4.2 Transfer of personal data abroad

We are entitled to transfer your personal data also to third parties abroad, insofar as this is necessary to carry out the data processing activities mentioned in this data protection declaration. Individual data transfers have been mentioned above in section 3. It goes without saying that the statutory provisions governing the disclosure of personal data to third parties will be complied with. The countries to which data is transferred include those that have an adequate level of data protection according to the decision of the Federal Council and the EU Commission (such as the member states of the EEA or, from the perspective of the EU, also Switzerland), but also those countries (such as the USA) whose level of data protection is not considered adequate (see Annex 1 of the Data Protection Ordinance (DPA) and the website of the EU Commission). If the country in question does not have an adequate level of data protection, we ensure that your data is adequately protected at these companies by means of suitable guarantees, unless an exception is specified in individual cases for the individual data processing (cf. Art. 49 DSGVO). Unless otherwise stated, these are standard contractual clauses within the meaning of Art. 46(2)(c) of the GDPR, which can be found on the websites of the Federal Data Protection and Information Commissioner (FDPIC) and the EU Commission. If you have any questions about the measures taken, please contact our contact person for data protection (see section 2).

4.3 Information on data transfers to the USA

Some of the third-party service providers mentioned in this data protection declaration are based in the USA. For the sake of completeness, we would like to point out for users who are resident or domiciled in Switzerland or the EU that there are monitoring measures in place in the USA by US authorities which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland or the EU to the USA. This is done without any differentiation, limitation or exception based on the objective pursued and without any objective criterion that would make it possible to limit the access of the US authorities to the data and their subsequent use to very specific, strictly limited purposes that are capable of justifying the intrusion associated both with the access to these data and with their use. In addition, we would like to point out that in the USA, data subjects from Switzerland or the EU do not have any legal remedies or effective legal protection against general access rights of US authorities that would allow them to obtain access to the data concerning them and to obtain their correction or deletion. We explicitly draw your attention to this legal and factual situation in order to enable you to make an appropriately informed decision about consenting to the use of your data.

We would also like to point out to users who are resident in Switzerland or a member state of the EU that, from the perspective of the European Union and Switzerland, the USA does not have an adequate level of data protection - due, among other things, to the statements made in this section. Insofar as we have explained in this data protection statement that recipients of data (such as Google) are based in the USA, we will ensure that your data is adequately protected by our third-party service providers through contractual arrangements with these companies as well as any additional appropriate guarantees that may be required.

5 Background data processing on our website
5.1 Data processing when visiting our website (log file data)

When you visit our website, the servers of our hosting provider [Mittwald CM Service GmbH & Co. KG, Königsberger Strasse 4-6, 32339 Espelkamp], temporarily store every access in a log file. The following data is collected without your intervention and stored by us until automated deletion:

IP address of the requesting computer;
Date and time of access;
Name and URL of the accessed file;
Website from which the access was made, if necessary with the search word used;
Operating system of your computer and the browser you are using (including type, version and language setting);
Device type in the case of access by cell phones;
City or region from which the access was made; and
Name of your internet access provider.

This data is collected and processed for the purpose of enabling the use of our website (connection establishment), ensuring system security and stability on a permanent basis, and enabling error and performance analysis and optimization of our website (see also section 5.4 for the last points).

In the event of an attack on the network infrastructure of the website or a suspicion of other unauthorized or improper use of the website, the IP address and the other data will be evaluated for the purpose of clarification and defense and, if necessary, used in the context of civil or criminal proceedings for identification against the user concerned.

In the purposes described above, there is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO and thus the legal basis for data processing.

Finally, when visiting our website, we use cookies as well as applications and tools that are based on the use of cookies. In this context, the data described here may also be processed. You will find more details on this in the other subsequent sections of this data protection declaration, in particular section 5.2 below.

5.2 Cookies

Cookies are information files that your web browser stores on your computer's hard drive or memory when you visit our website. Cookies are assigned identification numbers by which your browser is identified and the information contained in the cookie can be read.

Among other things, cookies help to make your visit to our website easier, more pleasant and more meaningful. We use cookies for various purposes that are necessary, i.e. "technically necessary", for your desired use of the website. For example, we use cookies to be able to identify you as a registered user after logging in, without you having to log in again each time when navigating the various sub-pages. The provision of the ordering and booking functions is also based on the use of cookies. Furthermore, cookies also perform other technical functions required for the operation of the website, such as so-called load balancing, i.e. the distribution of the performance load of the site to different web servers in order to relieve the servers. Cookies are also used for security purposes, e.g. to prevent the unauthorized posting of content. Finally, we also use cookies as part of the design and programming of our website, e.g. to enable the uploading of scripts or codes.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO in providing a user-friendly and up-to-date website.

Most internet browsers accept cookies automatically. However, when you access our website, we ask for your consent to the cookies we use that are not technically necessary, in particular when we use cookies from third-party providers for marketing purposes. You can use the corresponding buttons in the cookie banner to make your desired settings. Details on the services and data processing associated with the individual cookies can be found within the cookie banner as well as in the following paragraphs of this privacy policy.

You may also be able to configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie. On the following pages you will find explanations of how you can configure the processing of cookies in selected browsers.

Disabling cookies may prevent you from using all the features of our website.

5.3 Google Custom Search Engine

This website uses the Programmable Search Engine of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). This enables us to provide you with an efficient search function on our website.

By pressing the enter key or clicking on the search button, the search function is activated and the search results from Google are displayed on the search results page by means of an embedding (iFrame). In the course of retrieving the search results, a connection is established with Google servers and your browser may send the log file data listed in section 5.1 (including IP address) and the search term you entered to Google. This may also result in data being transferred to servers abroad, e.g. the USA (cf. on this, in particular on the lack of an appropriate level of data protection and on the guarantees provided, sections 4.2 and 4.3).

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO in providing an efficient website search function.

For the further processing of data by Google, please refer to Google's privacy policy: www.google.com/intl/de_de/policies/privacy.

5.4 Tracking and web analysis tools

5.4.1 General information on tracking

For the purpose of demand-oriented design and continuous optimization of our website, we use the web analysis services listed below. In this context, pseudonymized usage profiles are created and cookies are used (please also refer to section 5.2). The information generated by the cookie about your use of this website is usually transmitted together with the log file data listed in section 5.1 to a server of the service provider, where it is stored and processed. This may also result in a transfer to servers abroad, e.g. the USA (cf. on this, in particular on the lack of an adequate level of data protection and on the guarantees provided, sections 4.2 and 4.3).

By processing the data, we obtain, among other things, the following information:

Navigation path followed by a visitor on the Site (including content viewed and products selected or purchased or services booked);
Time spent on the website or subpage;
Subpage on which the website is left;
Country, region or city from where an access takes place;
terminal device (type, version, color depth, resolution, width and height of browser window); and
returning or new visitors.

On our behalf, the provider will use this information for the purpose of evaluating the use of the website, in particular to compile website activity and to provide other services relating to website activity and internet usage for the purposes of market research and demand-oriented design of these websites. For these processing operations, we and the providers can be considered jointly responsible parties under data protection law up to a certain extent.

The legal basis for this data processing with the following services is your consent within the meaning of Art. 6 (1) lit. a DSGVO. You can revoke your consent or refuse the processing at any time by rejecting or switching off the relevant cookies in your web browser settings (see section 5.2) or by making use of the service-specific options described below.

For the further processing of the data by the respective provider as the (sole) data protection controller, in particular also any disclosure of this information to third parties, such as authorities based on national legal requirements, please refer to the respective data protection information of the provider.

5.4.2 Google Analytics

We use the web analysis service Google Analytics from Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

In deviation from the description in Section 5.4.1, Google Analytics (in the "Google Analytics 4" version used here) does not log or store IP addresses. For accesses originating from the EU, IP address data is only used to derive location data and then deleted immediately. When collecting measurement data in Google Analytics, all IP searches take place on EU-based servers before the traffic is forwarded to Analytics servers for processing. Regional data centers are used in Google Analytics. If a connection is established in Google Analytics to the nearest available Google data center, the measurement data is sent to Analytics via an encrypted HTTPS connection. At these centers, the data is further encrypted before being forwarded to Analytics' processing servers and made available on the platform. The most appropriate local data center is determined based on the IP addresses. This may also result in data being transferred to servers abroad, e.g. the USA (cf. on this, in particular on the lack of an adequate level of data protection and the guarantees provided, section 4.2).

We also use the technical extension "Google Signals", which enables cross-device tracking. This makes it possible to associate an individual website visitor with different end devices. However, this only happens if the visitor has logged into a Google service when visiting the website and has also activated the "personalized advertising" option in their Google account settings. Even then, however, no personal data or user profiles become accessible to us; they remain anonymous to us. If you do not wish to use "Google Signals", you can deactivate the "personalized advertising" option in your Google account settings.

Users can prevent the collection of the data generated by the cookie and related to the website usage by the respective user (including the IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

As an alternative to the browser plugin, users can click this link to prevent the collection by Google Analytics on the website in the future. In doing so, an opt-out cookie will be stored on the user's terminal device. If users delete cookies (see section 5 Cookies), the link must be clicked again.

5.5 Social media
5.5.1 Social media profiles

On our website, we have included links to our profiles in the social networks of the following providers:

Meta Platforms Inc, 1601 S California Ave, Palo Alto, CA 94304, USA, Privacy Policy;
Twitter Inc, located at 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, privacy notice;
TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland Privacy Notice.
LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland, Privacy Notice.

If you click on the icons of the social networks, you will automatically be redirected to our profile on the respective network. This establishes a direct connection between your browser and the server of the respective social network. This provides the network with the information that you have visited our website with your IP address and clicked on the link. This may also result in data being transferred to servers abroad, e.g. the USA (cf. on this, in particular on the lack of an appropriate level of data protection and on the guarantees provided, sections 4.2 and 4.3).

If you click on a link to a network while you are logged into your user account with the network in question, the content of our website may be linked to your profile so that the network can assign your visit to our website directly to your account. If you want to prevent this, you should log out before clicking on the relevant links. A connection between your access to our website and your user account takes place in any case if you log in to the respective network after clicking on the link. The respective provider is responsible under data protection law for the associated data processing. Please therefore refer to the data protection information on the website of the network.

The legal basis for any data processing attributed to us is our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO in the use and promotion of our social media profiles.

5.5.2 Social media plugins

On our website, you can use social media plugins from the providers listed below:

Meta Platforms Inc, 1601 S California Ave, Palo Alto, CA 94304, USA, Privacy Notice;
Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, privacy notice;
TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.
Google LLC, D/B/A YouTube, 901 Cherry Ave, San Bruno, CA 94066, USA Privacy Notice.
LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland, Privacy Notice.

We use the social media plugins to make it easier for you to share content from our website. The social media plugins help us to increase the perceptibility of our content on social networks and in this respect contribute to better marketing.

The plugins are deactivated by default on our websites and therefore do not send any data to the social networks when simply calling up our website. To increase data protection, we have integrated the plugins in such a way that a connection is not automatically established with the networks' servers. Only when you activate the plugins by clicking on them and thus give your consent to the transmission and further processing of data by the providers of the social networks, your browser establishes a direct connection to the servers of the respective social network.

The content of the plugin is transmitted by the social network directly to your browser and integrated by it into the website. This provides the respective provider with the information that your browser has accessed the corresponding page of our website, even if you do not have an account with this social network or are not currently logged in to it. This information (including your IP address) is transmitted by your browser directly to a server of the provider (usually in the USA) and stored there (cf. on this, in particular on the lack of an adequate level of data protection and on the guarantees provided, sections 4.2 and 5.3). We have no influence on the scope of the data that the provider collects with the plugin, although from a data protection perspective we can be considered jointly responsible with the providers up to a certain extent.

If you are logged into the social network, it can assign your visit to our website directly to your user account. If you interact with the plugins, the corresponding information is also transmitted directly to a server of the provider and stored there. The information (e.g., that you like a product or service of ours) may also be published on the social network and possibly displayed to other users of the social network. The provider of the social network may use this information for the purpose of placing advertisements and tailoring the respective offer to your needs. For this purpose, usage, interest and relationship profiles could be created, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on the social network, to inform other users about your activities on our website and to provide other services associated with the use of the social network. The purpose and scope of the data collection and the further processing and use of the data by the providers of the social networks, as well as your rights in this regard and settings options for protecting your privacy, can be found directly in the privacy notices of the respective provider.

If you do not want the provider of the social network to assign the data collected via our website to your user account, you must log out of the social network before activating the plugins. For the data processing described above, your consent within the meaning of Art. 6 (1) lit. a DSGVO forms the legal basis. You can revoke your consent at any time by declaring your revocation to the provider of the plugin in accordance with the information in its privacy policy.

5.6 Online advertising and targeting
5.6.1 In general

We use services of various companies to provide you with interesting offers online. This involves analyzing your user behavior on our website and websites of other providers in order to subsequently display online advertising tailored to your individual needs.

Most technologies for tracking your user behavior and for the targeted display of advertising (targeting) work with cookies (see also section 5.2), which can be used to recognize your browser across different websites. Depending on the service provider, it may also be possible for you to be recognized online even when using different end devices (e.g. laptop and smartphone). This may be the case, for example, if you have registered with a service that you use with multiple devices.

In addition to the data already mentioned, which is generated when websites are called up (log file data, see Section 5.1) and when cookies are used (Section 5.2) and which may reach the companies involved in the advertising networks, the following data in particular is used to select the advertising that is potentially most relevant to you:

Information about you that you provided when registering or using a service of advertising partners (e.g., your gender, age group); and
User behavior (e.g., search queries, interactions with advertisements, types of websites visited, products or services viewed and purchased, newsletters subscribed to).

We and our service providers use this data to identify whether you belong to the target group we address and take this into account when selecting advertisements. For example, after you have visited our site, you may be shown ads of the products or services you consulted when you visit other sites (re-targeting). Depending on the scope of the data, a user's profile may also be created and automatically analyzed, with ads selected according to the information stored in the profile, such as membership in certain demographic segments or potential interests or behaviors. Such ads may be displayed to you on various channels, which, in addition to our website or app (as part of onsite and in-app marketing), also include ads served via the online advertising networks we use, such as Google.

The data may then be analyzed for the purpose of billing the service provider and assessing the effectiveness of advertising measures in order to better understand the needs of our users and customers and to improve future campaigns. This may also include information that the performance of an action (e.g., visiting certain sections of our websites or sending information) is due to a certain advertising ad. Furthermore, we receive aggregated reports from the service providers of ad activities and information about how users interact with our website and our ads.

The legal basis for this data processing is your consent within the meaning of Art. 6 (1) lit. a DSGVO. You can revoke your consent at any time by rejecting or switching off the relevant cookies in your web browser settings (see section 5.2). You can also find further options for blocking advertising in the information provided by the respective service provider, such as Google.

5.6.2 Google Ads

This website uses the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google) for online advertising, as explained in Section 5.6.1. Google uses cookies for this purpose (cf. the list here), which enable your browser to be recognized when you visit other websites. The information generated by the cookies about your visit to these websites (including your IP address) will be transmitted to and stored by Google on servers in the United States (see also, in particular, the lack of an adequate level of data protection and the guarantees provided, sections 4.2 and 4.3). Further information on data protection at Google can be found here.

The legal basis for this data processing is your consent within the meaning of Art. 6 (1) a DSGVO. You can revoke your consent at any time by rejecting or switching off the relevant cookies in your web browser settings (see section 5.2). Further options for blocking advertising can be found here.

5.6.3 Bing Ads

This website uses the services of Bing Ads for online advertising, as explained in section 5.6.1. Service Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Bing uses cookies for this purpose, which enable your browser to be recognized when you visit other websites. The information generated by the cookies about your visit to these websites (including your IP address) will be transmitted to and stored by Bing on servers in the United States (see also, in particular, the lack of an adequate level of data protection and the guarantees provided, sections 4.2 and 4.3). Further information on data protection at Bing can be found here.

6. retention periods

We only store personal data for as long as is necessary to carry out the processing operations explained in this data protection declaration within the scope of our legitimate interest. In the case of contractual data, storage is required by statutory retention obligations. Requirements that oblige us to retain data result from accounting regulations and from tax law regulations. According to these regulations, business communication, concluded contracts and accounting vouchers must be stored for up to 10 years. As soon as we no longer need this data to perform services for you, the data will be blocked. This means that the data may then only be used if this is necessary to fulfill the retention obligations or to defend and enforce our legal interests. The data will be deleted as soon as there is no longer any obligation to retain it and no longer any legitimate interest in retaining it.

7. data security

We use appropriate technical and organizational security measures to protect your personal data stored by us against loss and unlawful processing, namely unauthorized access by third parties. Our employees and the service companies commissioned by us are obligated by us to maintain confidentiality and data protection. Furthermore, these persons are only granted access to personal data to the extent necessary for the performance of their duties.

Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks, and we cannot therefore provide an absolute guarantee for the security of information transmitted in this way..

8. your rights

Provided that the legal requirements are met, as a data subject you have the following rights:

Right of access: you have the right to request at any time, free of charge, to inspect your personal data stored by us, if we process them. This gives you the opportunity to check what personal data we are processing about you and whether we are processing it in accordance with the applicable data protection regulations.

Right to rectification: you have the right to have inaccurate or incomplete personal data rectified and to be informed about the rectification. In this case, we will also inform the recipients of the data concerned about the adjustments we have made, unless this is impossible or involves disproportionate effort.

Right to deletion: you have the right to have your personal data deleted under certain circumstances. In individual cases, especially in the case of legal retention obligations, the right to deletion may be excluded. In this case, the deletion may be replaced by a blocking of the data if the conditions are met.

Right to restriction of processing: You have the right to request that the processing of your personal data be restricted.

Right to data transfer: you have the right to receive from us, free of charge, the personal data you have provided to us in a readable format.

Right to object: You can object to data processing at any time, especially in the case of data processing in connection with direct marketing (e.g. marketing e-mails).

Right of revocation: In principle, you have the right to revoke any consent you have given at any time. However, processing activities based on your consent in the past will not become unlawful as a result of your revocation.

To exercise these rights, please send us an e-mail to the following address: [email protected].

Right to lodge a complaint: you have the right to lodge a complaint with a competent supervisory authority, e.g. against the way your personal data is processed.

Info current situation

current opening hours

Let us inspire you

Current highlights