Book right here
DE EN

Data protection declaration

Hans Gosteli + Co., Dorfstrasse 32, 3706 Leissigen manages the Hotel Kreuz and operates the website www.kreuz-leissigen.ch and is therefore responsible for the collection, processing, and use of your personal data and the compliance of the data processing with the applicable data protection law.

Your trust is important to us, which is why we take data protection seriously and ensure appropriate security. Of course, we comply with the statutory provisions of the Federal Data Protection Act (DSG), the Ordinance to the Federal Data Protection Act (VDSG), the Telecommunications Act (FMG) and other applicable data protection provisions of Swiss or EU law, in particular the General Data Protection Regulation (GDPR).

Please read the following information so that you know what personal data we collect about you and for what purposes we use it.

A. Data processing in connection with our website

1. Accessing our website

When you visit our website, our servers temporarily store each access in a log file. The following technical data is collected without your intervention and stored by us until it is automatically deleted:

  • the IP address of the requesting computer,
  • the name of the owner of the IP address range (usually your Internet access provider),
  • the date and time of access,
  • the website from which access was made (referrer URL), if applicable with the search term used,
  • the name and URL of the file retrieved,
  • the status code (e.g. error message),
  • the operating system of your computer,
  • the browser you are using (type, version and language),
  • the transmission protocol used (e.g. HTTP/1.1) and
  • if applicable, your username from a registration/authentication.

The collection and processing of this data is carried out for the purpose of enabling the use of our website (establishing a connection), ensuring long-term system security and stability, optimizing our internet offering and for internal statistical purposes. This is our legitimate interest in data processing within the meaning of Art. 6 (1) point f GDPR.

Furthermore, the IP address is evaluated together with other data in the event of attacks on the network infrastructure or other unauthorized or improper use of the website for the purposes of investigation and defense and, if necessary, used in the context of criminal proceedings for identification and for civil and criminal proceedings against the users concerned. This is our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f DSGVO.

2. Use of our contact form

You have the option to use a contact form to get in touch with us (table reservation). For this, we require the following information:

  • First and last name
  • E-mail address
  • Telephone number
  • Message

We use this data and any telephone number you voluntarily provide only to answer your contact request in the best possible and most personalized way. The processing of this data is therefore necessary in accordance with Art. 6 para. 1 lit. b GDPR for the implementation of pre-contractual measures or is in our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

4. Booking on the website, by correspondence or by phone call

If you make a booking either through our website, by correspondence (email or letter post) or by telephone call, we require the following data in order to process the contract:

  • Title
  • First name and surname
  • Postal address
  • Date of birth
  • Telephone number
  • Language
  • Credit card information
  • E-mail address

We will use this data, as well as other information that you voluntarily provide (e.g. expected time of arrival, motor vehicle license plate number, preferences, comments), only to process the contract, unless otherwise stated in this data protection declaration or unless you have given your separate consent. We will process the data by name in order to record your booking as requested, to provide the booked services, to contact you in the event of ambiguities or problems and to ensure correct payment. The legal basis for data processing for this purpose lies in the fulfillment of a contract in accordance with Art. 6 para. 1 lit. b DSGVO.

5. Cookies

Cookies help in many ways to make your visit to our website easier, more pleasant and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our website.

We use cookies, for example, to temporarily store the services you have selected and the information you have entered when filling out a form on the website, so that you do not have to re-enter the information when you access another subpage. Cookies may also be used to identify you as a registered user after you have registered on the website, without you having to log in again when you access another subpage.

Most internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie. On the following pages, you will find explanations of how to configure the processing of cookies in the most common browsers:

  • Microsoft Windows Internet Explorer
  • Microsoft Windows Internet Explorer Mobile
  • Mozilla Firefox
  • Google Chrome for Desktop
  • Google Chrome for Mobile
  • Apple Safari for Desktop
  • Apple Safari for Mobile

Deactivating cookies may mean that you are unable to use all of the functions on our website.

B. Data processing in connection with your stay

7. Data processing for the purpose of fulfilling legal reporting obligations

When you arrive at our hotel, we require the following information from you and any persons accompanying you:

  • First name and surname
  • Postal address and canton
  • Date of birth
  • Place of birth
  • Nationality
  • Official identification document and number
  • Date of arrival and departure
  • Room number

We collect this information to fulfill legal reporting requirements, which arise in particular from hospitality or police law. Insofar as we are obliged to do so under the applicable regulations, we will forward this information to the relevant police authority.
Our legitimate interest in the sense of Art. 6 Para. 1 lit. f GDPR consists in fulfilling the legal requirements.

8. Recording of related services

If you purchase additional services during your stay (e.g. use of the minibar or pay TV), we will record the service and the time of purchase for billing purposes. The processing of this data is necessary for the performance of the contract with us in accordance with Art. 6 (1) point b GDPR.

C. Storage and exchange of data with third parties

9. Booking platforms

If you make bookings via a third-party platform, we receive various personal information from the respective platform operator. This is usually the data listed in Section 5 of this privacy policy. In addition, we may receive requests regarding your booking. We will process this data in particular in order to record your booking as requested and to provide the booked services. The legal basis for data processing for this purpose is the performance of a contract in accordance with Art. 6 (1) point b GDPR.
Finally, we may be informed by the platform operators of disputes in connection with a booking. In doing so, we may also receive data on the booking process, which may include a copy of the booking confirmation as proof of the actual booking. We process this data to protect and enforce our claims. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Please also note the data protection information of the respective provider.

10. Central storage and linking of data

We store the data specified in sections 2-5 and 8-10 in a central electronic data processing system. The data concerning you is systematically recorded and linked for the purpose of processing your bookings and providing the contractual services. For this we use software from VELOX, Hartstrasse 54, 82110 Germering, Germany. We base the processing of this data within the framework of the software on our legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO in customer-friendly and efficient customer data management.

11. Retention period

We only store personal data for as long as is necessary to use the above-mentioned tracking services and for further processing in the context of our legitimate interest. We store contract data for longer because this is required by statutory retention obligations. Retention obligations that oblige us to store data arise from regulations on the right to report, on accounting and from tax law. According to these regulations, business communications, concluded contracts and accounting records must be kept for up to 10 years. If we no longer need this data to provide our services to you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.

12. Disclosure of data to third parties

We will only disclose your personal data if you have expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. In addition, we will pass on your data to third parties if this is necessary in the context of using the website and processing the contract (including outside the website), namely processing your bookings.

One service provider to whom personal data collected via the website is passed on and who has or can have access to it is our web host [netfuchs gmbh, Untere Bönigstrasse 10a, CH 3800 Interlaken]. The data is passed on for the purpose of providing and maintaining the functionalities of our website. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

Finally, we forward your credit card information to your credit card issuer and to the credit card acquirer when you make a credit card payment on the website. If you decide to make a credit card payment, you will be asked to enter all the necessary information. The legal basis for the disclosure of the data lies in the performance of a contract in accordance with Art. 6 (1) point b GDPR. Regarding the processing of your credit card information by these third parties, we ask you to also read the general terms and conditions and the privacy policy of your credit card issuer.

Please also note the information in sections 7-8 and 10-11 regarding the disclosure of data to third parties.

13. Transfer of personal data abroad

We are also entitled to transfer your personal data to third-party companies (commissioned service providers) abroad for the purposes of the data processing described in this data protection declaration. These companies are obliged to protect data to the same extent as we are. If the level of data protection in a country does not correspond to that in Switzerland or Europe, we will ensure by contract that your personal data is protected in the same way as in Switzerland or the EU at all times.

D. Further information

14. Right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability

You have the right to request and receive information about the personal data that we store about you. In addition, you have the right to have inaccurate data corrected and the right to have your personal data erased, provided that this does not conflict with any statutory retention requirement or any legal basis that allows us to process the data.

You also have the right to demand the return of the data that you have provided to us (right to data portability). Upon request, we will also forward the data to a third party of your choice. You have the right to receive the data in a common file format.

You can contact us for the aforementioned purposes via the e-mail address inf@kreuz-leissigen.ch. We may, at our discretion, require proof of identity in order to process your requests.

15. Data security

We use appropriate technical and organizational security measures to protect your personal data stored by us against manipulation, partial or complete loss and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

You should always keep your access data confidential and close the browser window when you have finished communicating with us, especially if you share your computer with others.

We also take internal data protection very seriously. Our employees and the service providers we commission are bound by us to maintain confidentiality and to comply with data protection regulations.

16. Note on data transfers to the USA

For the sake of completeness, we would like to point out to users residing or based in Switzerland that the US authorities have surveillance measures in place in the USA that generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without distinction, restriction or exception on the basis of the objective pursued and without an objective criterion that would make it possible to limit the US authorities' access to the data and its subsequent use to very specific, strictly limited purposes that could justify both access to and use of the data. Furthermore, we would like to point out that there are no legal remedies available in the USA for data subjects from Switzerland that would allow them to gain access to the data concerning them and to have it corrected or deleted, and that there is no effective judicial protection against the general access rights of US authorities. We explicitly draw the attention of the data subject to this legal and factual situation in order to enable him or her to make an informed decision on whether to consent to the use of his or her data.

We would like to point out to users residing in an EU member state that, from the perspective of the European Union, the USA does not have an adequate level of data protection, partly for the reasons mentioned in this section. Insofar as we have explained in this data protection declaration that recipients of data (such as Google) are based in the USA, we will ensure that your data is protected at an appropriate level by our partners, either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU or Swiss-US Privacy Shield.

17. Right to complain to a data protection supervisory authority

You have the right to complain to a data protection supervisory authority at any time.

Leissigen, September 2024