Chez BeNi GmbH
Grossmeierschhüs 456
3925 Grächen
Switzerland
E-mail:
Authorized representatives
Alexander Vinzenz Hans Ris
Name of the company: Chez BeNi GmbH
Data Protection Officer:
Alexander Vinzenz Hans Ris
+41 27 956 11 16
General / Introduction
Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the Swiss Confederation (Data Protection Act, DSG), every person has the right to protection of their privacy and protection against misuse of their personal data. The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
In cooperation with our hosting providers, we make every effort to protect the databases as well as possible against unauthorized access, loss, misuse or falsification.
We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
By using this website, you consent to the collection, processing and use of data in accordance with the following description. This website can be visited without registration. Data such as pages called up or names of files called up, date and time are stored on the server for statistical purposes without this data being directly related to your person. Insofar as personal data (e.g. name, address or e-mail addresses) is collected on our website, this is always done on a voluntary basis as far as possible. This data will not be passed on to third parties without your express consent.
Processing of personal data
Personal data is all information that relates to an identified or identifiable person. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data, irrespective of the means and procedures used, in particular the storage, disclosure, acquisition, erasure, retention, modification, destruction and use of personal data.
We process personal data in accordance with Swiss data protection law. If and insofar as the EU GDPR is applicable, we also process personal data on the following legal bases in conjunction with Art. 6 (1) GDPR:
lit. a) Processing of personal data with the consent of the data subject.
lit. b) Processing of personal data for the performance of a contract with the data subject and for the implementation of corresponding pre-contractual measures.
lit. c) Processing of personal data for compliance with a legal obligation to which we are subject under applicable EU law or under applicable law of a country in which the GDPR is applicable in whole or in part.
lit. d) Processing of personal data to protect the vital interests of the data subject or another natural person.
lit. f) Processing of personal data for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental freedoms and rights and interests of the data subject. The legitimate interests include, in particular, our business interest in being able to provide our website, information security, the enforcement of our own legal claims and compliance with Swiss law.
We process personal data for the duration required for the respective purpose or purposes. In the case of longer-term storage obligations due to legal and other obligations to which we are subject, we restrict processing accordingly.
Cookies
This website uses cookies. These are small text files that make it possible to store specific information relating to the user on the user's device while the user is using the website. Cookies make it possible in particular to determine the frequency of use and the number of users of the pages, to analyze patterns of page use, but also to make our offer more customer-friendly. Cookies remain stored beyond the end of a browser session and can be retrieved when you visit the site again. If you do not want this, you should set your Internet browser to refuse to accept cookies.
A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. In addition, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that in this case not all functions of this online offer can be used.
With SSL/TLS encryption
This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Server log files
The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
Browser type and browser version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.
Third-party services
This website may use Google Maps to embed maps, Google Invisible reCAPTCHA to protect against bots and spam and YouTube to embed videos.
These services of the American Google LLC use, among other things, cookies, whereby data is transferred to Google in the USA, whereby we assume that no personal tracking takes place in this context solely through the use of our website.
Google has undertaken to guarantee appropriate data protection in accordance with the US-European and US-Swiss Privacy Shield.
Further information can be found in Google's privacy policy.
Contact form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We do not share this data without your consent.
Newsletter
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected. We use this data exclusively for sending the requested information and do not pass it on to third parties.
Once you have given your consent to the storage of the data, the e-mail address and its use for sending the newsletter, you can revoke this at any time, for example via the "unsubscribe link" in the newsletter.
Comment function
For the comment function on this website, in addition to your comment, information about the time the comment was created, your e-mail address and, if you are not posting anonymously, the user name you have chosen will be saved.
Storage of the IP address
Our comment function stores the IP addresses of users who post comments. As we do not check the comments on our site before they are activated, we need this data in order to be able to take action against the author in the event of legal violations such as insults or propaganda.
Subscribe to comments
As a user of the site, you can subscribe to comments after registering. You will receive a confirmation e-mail to check whether you are the owner of the e-mail address provided. You can unsubscribe from this function at any time via a link in the info e-mails.
Rights of the data subject
Right to confirmation
Each data subject shall have the right to obtain from the website operator confirmation as to whether or not personal data concerning him or her are being processed. If you wish to exercise this right of confirmation, you can contact the data protection officer at any time.
Right to information
Any person affected by the processing of personal data has the right to receive information about the personal data stored about them and a copy of this information from the operator of this website at any time and free of charge. In addition, information may be provided on the following:
Purposes of the processing
Categories of personal data processed
Recipients to whom the personal data has been or will be disclosed
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
the existence of a right to rectification or erasure of personal data concerning them or to restriction of processing by the controller or a right to object to such processing
the existence of a right to lodge a complaint with a supervisory authority
if the personal data are not collected from the data subject: All available information about the origin of the data.
In addition, the data subject has the right to be informed whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.
If you wish to make use of this right to information, you can contact our data protection officer at any time.
Right to rectification
Any person affected by the processing of personal data has the right to demand the immediate correction of incorrect personal data concerning them. In addition, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
If you wish to exercise this right to rectification, you can contact our data protection officer at any time.
Right to erasure (right to be forgotten)
Any person affected by the processing of personal data has the right to obtain from the controller of this website the erasure of personal data concerning him or her without undue delay where one of the following grounds applies and the processing is no longer necessary:
The personal data was collected or otherwise processed for purposes for which it is no longer required.
The data subject withdraws the consent on which the processing was based and there is no other legal basis for the processing
The data subject objects to the processing on grounds relating to his or her particular situation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in the case of direct marketing and associated profiling
The personal data was processed unlawfully
The erasure of personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject
The personal data was collected in relation to information society services offered directly to a child
If one of the above reasons applies and you wish to have personal data stored by the operator of this website deleted, you can contact our data protection officer at any time. The data protection officer of this website will ensure that the request for deletion is complied with immediately.
Right to restriction of processing
Any person affected by the processing of personal data has the right to request the controller of this website to restrict the processing if one of the following conditions is met:
The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
The processing is unlawful, the data subject objects to the erasure of the personal data and requests the restriction of the use of the personal data instead
The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims, or for the establishment, exercise or defense of legal claims. The data subject has objected to processing on grounds relating to his or her particular situation and it is not yet clear whether the legitimate interests of the controller override those of the data subject.
If one of the aforementioned conditions is met, you can contact our data protection officer at any time to request the restriction of the processing of personal data by the operator of this website. The data protection officer of this website will arrange for the restriction of processing.
Right to data portability
Any person affected by the processing of personal data has the right to receive the personal data concerning them in a structured, commonly used and machine-readable format. In addition, the data subject shall have the right to obtain that the personal data be transmitted directly from one controller to another controller, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.
To assert the right to data portability, you can contact the data protection officer appointed by the operator of this website at any time.
A right of objection
Any person affected by the processing of personal data has the right to object to the processing of personal data concerning them at any time for reasons arising from their particular situation.
In the event of an objection, the operator of this website will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
To exercise your right to object, you can contact the data protection officer of this website directly.
Right to withdraw consent under data protection law
Any person affected by the processing of personal data has the right to withdraw their consent to the processing of personal data at any time.
If you wish to exercise your right to withdraw your consent, you can contact our data protection officer at any time.
Objection to e-mail marketing
We hereby object to the use of contact data published in the context of the imprint obligation to send unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
Paid services
For the provision of chargeable services, we request further data, such as payment data, in order to be able to execute your order. We store this data in our systems until the statutory retention periods have expired.
Copyrights
The copyright and all other rights to the content, images, photos or other files on the website belong exclusively to the operator of this website or the specifically named rights holders. The written consent of the copyright holder must be obtained in advance for the reproduction of all files.
Anyone who commits a copyright infringement without the consent of the respective copyright holder may be liable to prosecution and may be entitled to claim damages.
Disclaimer
All information on our website has been carefully checked. We make every effort to ensure that the information we provide is up-to-date, correct and complete. Nevertheless, the occurrence of errors cannot be completely ruled out, so that we cannot assume any liability for the completeness, correctness and topicality of the information, including journalistic and editorial information. Liability claims relating to material or immaterial damage caused by the use or non-use of the information provided or by the use of incorrect or incomplete information are fundamentally excluded.
The publisher may change or delete texts at its own discretion and without prior notice and is not obliged to update the contents of this website. The use of or access to this website is at the visitor's own risk. The publisher, its customers or partners are not responsible for any damages, such as direct, indirect, incidental or consequential damages, allegedly caused by visiting this website and consequently assume no liability for such damages.
The publisher also assumes no responsibility or liability for the content and availability of third-party websites that can be accessed via external links from this website. The operators of the linked pages are solely responsible for their content. The publisher therefore expressly distances itself from all third-party content that may be relevant under criminal or liability law or offend common decency.
External payment service providers
This website uses external payment service providers through whose platforms users and we can carry out payment transactions. For example about
PostFinance (https://www.postfinance.ch/de/detail/rechtliches-barrierefreiheit.html)
Visas (https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html)
Mastercard (https://www.mastercard.ch/de-ch/datenschutz.html)
American Express (https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html)
Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)
Bexio AG (https://www.bexio.com/de-CH/datenschutz)
Payrexx AG (https://www.payrexx. ch/site/assets/files/2592/datenschutzerklaerung.pdf)
Apple Pay (https://support.apple.com/de-ch/ht203027)
Stripe (https://stripe.com/ch/privacy)
Klarna (https://www.klarna.com/de/datenschutz/)
Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/)
Giropay (https://www.giropay.de/rechtliches/datenschutzerklaerung) etc.
As part of the fulfillment of the contract, we use the payment service providers on the basis of the Swiss Data Protection Ordinance and, if necessary, Art. 6 para. 1 lit. b. EU GDPR. In addition, we use external payment service providers on the basis of our legitimate interests in accordance with the Swiss Data Protection Ordinance and, where necessary, Art. 6 para. 1 lit. f. EU GDPR in order to offer our users effective and secure payment options.
The data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, sum and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed by the payment service providers and stored by them. As the operator, we do not receive any information about the (bank) account or credit card, but only information to confirm (accept) or reject the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to verify identity and creditworthiness. In this regard, we refer to the terms and conditions and data protection notices of the payment service providers.
Payment transactions are subject to the terms and conditions and privacy policy of the respective payment service providers, which can be accessed within the respective website or transaction applications. We also refer to these for the purpose of further information and assertion of rights of revocation, information and other data subject rights.
Audio and video conferencing
We use audio and video conferencing services to communicate with our users and others. In particular, we can use it to hold audio and video conferences, virtual meetings and training courses such as webinars.
We only use services for which an appropriate level of data protection is guaranteed. In addition to this privacy policy, the terms and conditions of the services used, such as terms of use or privacy policies, also apply.
In particular, we use Zoom, a service of the American Zoom Video Communications Inc. Zoom also grants users in Switzerland the rights under the European General Data Protection Regulation (GDPR). Further information on the type, scope and purpose of data processing can be found in the data protection guidelines and on the "Legal provisions and data protection" page of Zoom.
YouTube
Functions of the "YouTube" service are integrated on this website. "YouTube" is the property of Google Ireland Limited, a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, which operates the services in the European Economic Area and Switzerland.
Your legal agreement with "YouTube" consists of the Terms, which you can find at the following link: https://www.youtube.com/static?gl=de&template=terms&hl=de. These Terms constitute a legally binding agreement between you and "YouTube" regarding your use of the Services. Google's privacy policy explains how "YouTube" handles and protects your personal data when you use the service.
Vimeo
Plugins from the Vimeo video portal of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA are integrated on this website. When you access a page that offers one or more Vimeo video clips, a direct connection is established between your browser and a Vimeo server in the USA. Information about your visit and your IP address is stored there. Through interactions with the Vimeo plugins (e.g. clicking on the start button), this information is also transmitted to Vimeo and stored there. Vimeo's privacy policy with more detailed information on the collection and use of your data by Vimeo can be found in Vimeo's privacy policy.
If you have a Vimeo user account and do not want Vimeo to collect data about you via this website and link it to your membership data stored with Vimeo, you must log out of Vimeo before visiting this website.
In addition, Vimeo calls up the Google Analytics Tracker via an iFrame in which the video is called up. This is Vimeo's own tracking, to which we have no access. You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some Internet browsers. You can also prevent the collection of data generated by Google Analytics and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de
Online store / Webshop
We process the data of our customers in accordance with the data protection regulations of the Federal Government (Data Protection Act, DSG) and the EU GDPR as part of the ordering processes in our online store in order to enable them to select and order the selected products and services as well as their payment and delivery or processing.
The processed data includes master data (inventory data), communication data, contract data, payment data and the persons affected by the processing include our customers, interested parties and other business partners. Processing is carried out for the purpose of providing contractual services in the context of operating an online store, billing, delivery and customer service. In this context, we use session cookies, e.g. to store the contents of the shopping cart, and permanent cookies, e.g. to store the login status.
The processing is carried out on the basis of Art. 6 para. 1 lit. b (execution of order processes) and c (legally required archiving) GDPR. The data marked as required are necessary for the establishment and fulfillment of the contract. We only pass on the data to third parties within the scope of delivery, payment or within the scope of legal permissions and obligations. The data will only be processed in third countries if this is necessary to fulfill the contract (e.g. at the customer's request for delivery or payment).
Users can optionally create a user account in which they can view their orders in particular. As part of the registration process, users are provided with the required mandatory information. User accounts are not public and cannot be indexed by search engines, e.g. Google. If users have terminated their user account, their data relating to the user account will be deleted, provided that their retention is required for commercial or tax law reasons in accordance with the provisions of the GDPR. Art. 6 para. 1 lit. c GDPR. Information in the customer account is retained until it is deleted and subsequently archived in the event of a legal obligation. It is the responsibility of users to save their data in the event of termination before the end of the contract.
As part of registration and new registration as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests and those of the users in protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. a GDPR. 1 lit. c GDPR.
The deletion takes place after the expiry of statutory warranty and comparable obligations; the necessity of storing the data is reviewed at irregular intervals. In the case of statutory archiving obligations, deletion takes place after their expiry.
Data transfer to the USA
Tools from companies based in the USA are integrated on our website. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing operations.
Changes
We may change this privacy policy at any time without prior notice. The current version published on our website applies. If the privacy policy is part of an agreement with you, we will inform you of the change by e-mail or other suitable means in the event of an update.
Disclaimer
The author assumes no liability for the correctness, accuracy, up-to-dateness, reliability and completeness of the information.
Liability claims against the author for damages of a material or immaterial nature arising from access to or use or non-use of the published information, through misuse of the connection or through technical faults are excluded.
All offers are subject to change. The author expressly reserves the right to change, supplement or delete parts of the pages or the entire offer without prior notice or to cease publication temporarily or permanently.
Source: BrainBox Solutions
Data security
We use suitable technical and organizational security measures to protect your personal data stored by us against loss and unlawful processing, in particular unauthorized access by third parties. Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and to observe data protection. Furthermore, these persons are only granted access to personal data to the extent necessary to fulfill their tasks.
Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks and we cannot provide an absolute guarantee for the security of information transmitted in this way.
Contact us
If you contact us via our contact addresses and channels (e.g. by e-mail, telephone or contact form), your personal data will be processed. We process the data that you have made available to us, e.g. the name of your company, your name, your function, your e-mail address or telephone number and your request. In addition, the time of receipt of the request is documented. Mandatory information is marked with an asterisk (*) in contact forms.
We process this data exclusively in order to implement your request (e.g. providing information about our hotel, support with contract processing such as questions about your booking, incorporating your feedback into the improvement of our service, etc.). The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR in the implementation of your request or, if your request is aimed at the conclusion or execution of a contract, the necessity for the implementation of the necessary measures within the meaning of Art. 6 para. 1 lit. b EU GDPR.
Disclosure to third parties and access by third parties
Without the support of other companies, we would not be able to provide our services in the desired form. In order for us to be able to use the services of these companies, it is also necessary to pass on your personal data to a certain extent. Such disclosure is made in particular if this is necessary to fulfill the contract you have requested, e.g. to restaurants or other third-party providers for which you have made a reservation. In the case of these transfers, the necessity for the fulfillment of the contract within the meaning of Art. 6 para. 1 lit. b EU GDPR is the legal basis.
Data is also passed on to selected service providers and only to the extent necessary for the provision of the service. Various third-party service providers are also already explicitly mentioned in this privacy policy, e.g. in the sections on marketing. These are, for example, IT service providers (such as providers of software solutions), advertising agencies and consulting firms. In addition, we transmit your data to companies affiliated with us in the Group (see Imprint). For this data transfer, our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR on the purchase of third-party services is the legal basis.
In addition, your data may be passed on, in particular to authorities, legal advisors or debt collection agencies, if we are legally obliged to do so or if this is necessary to protect our rights, in particular to enforce claims arising from the relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof and such disclosure is necessary to carry out a due diligence review or to complete the transaction. For this data transfer, our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR in the protection of our rights and compliance with our obligations or the sale of our company is the legal basis.
Transfer of personal data abroad
We are also entitled to transfer your personal data to third parties abroad if this is necessary to carry out the data processing mentioned in this data protection declaration (see in particular sections 12-15). It goes without saying that the legal regulations on the disclosure of personal data to third parties are complied with. If the country in question does not have an adequate level of data protection, we ensure through contractual arrangements that your data is adequately protected by these companies.
Retention periods
We only store personal data for as long as is necessary to carry out the processing described in this privacy policy within the scope of our legitimate interest. In the case of contract data, storage is prescribed by statutory retention obligations. Requirements that oblige us to store data result from accounting and tax regulations. According to these regulations, business communications, concluded contracts and accounting documents must be stored for up to 10 years. If we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used if this is necessary for the fulfillment of retention obligations or for the defense and enforcement of our legal interests. The data will be deleted as soon as there is no longer an obligation to retain it and there is no longer a legitimate interest in retaining it.
Booking on the website, by correspondence or by phone call
When you make bookings or order vouchers either via our website, by correspondence (e-mail or letter post) or by telephone call, we collect the following data, whereby mandatory information is marked with an asterisk (*) in the corresponding form:
We will only use this data and other information voluntarily provided by you (e.g. expected arrival time, motor vehicle license plate, preferences, comments) to process the contract, unless otherwise stated in this privacy policy or unless you have given your separate consent. We will process the data by name in order to record your booking as requested, to provide the booked services, to contact you in the event of ambiguities or problems and to ensure correct payment. Your credit card details will be automatically deleted after your departure.
The legal basis for data processing for this purpose is the fulfillment of a contract pursuant to Art. 6 para. 1 lit. b EU GDPR or in your consent pursuant to Art. 6 para. 1 lit. a EU GDPR. You can revoke your consent at any time with effect for the future.
Bookings via booking platforms
If you make bookings via a third-party platform (i.e. via booking.com, Hotel, Escapio, Expedia, Holidaycheck, Hotel Tonight, HRS, Kayak, Mr. & Mrs. Smith, Splendia, Tablet Hotels, Tripadvisor, Trivago, Weekend4Two), we receive various personal information from the respective platform operator in connection with the booking made. As a rule, these are the items listed in para. 19. of this privacy policy. In addition, we may receive inquiries about your booking. We will process this data by name in order to record your booking as requested and provide the booked services. The legal basis for data processing for this purpose is the implementation of pre-contractual measures and the fulfillment of a contract in accordance with Art. 6 para. 1 lit. b EU GDPR.
Finally, we may be informed by the platform operators about disputes in connection with a booking. We may also receive data on the booking process, which may include a copy of the booking confirmation as proof of the actual completion of the booking. We process this data to safeguard and enforce our claims. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR.
Please also note the data protection information of the respective booking platform.
Data processing to fulfill legal reporting obligations
On arrival at our hotel, we may need the following information from you and your companions (mandatory *):
We collect this information to fulfill legal reporting obligations, which arise in particular from hospitality or police law. If we are obliged to do so under the applicable regulations, we will forward this information to the competent police authority.
This data is processed on the basis of a legal obligation within the meaning of Art. 6 para. 1 lit. c EU GDPR.
Recognition of purchased services
If you purchase additional services during your stay (e.g. wellness, restaurant, activities), we will record the subject matter of the service and the time of purchase for billing purposes. The processing of this data is within the meaning of Art. 6 para. 1 lit. b EU-DSGVO for the execution of the contract with us.
Payment processing
If you purchase products or services in our hotel using electronic means of payment or pay for your stay, the processing of personal data is required. By using the payment terminals, you transmit the information stored in your means of payment, such as the name of the cardholder and the card number, to the payment service providers involved (e.g. payment solution providers, credit card issuers and credit card acquirers). They also receive the information that the means of payment was used in our hotel, the amount and the time of the transaction. Conversely, we only receive a credit note for the amount of the payment made at the relevant time, which we can assign to the relevant voucher number, or information that the transaction was not possible or was canceled. Please always note the information provided by the respective company, in particular the privacy policy and the general terms and conditions. The legal basis for this transfer is the fulfillment of the contract with you in accordance with Art. 6 para. 1 lit. b EU GDPR.
Video surveillance
To prevent misuse and to take action against unlawful behavior (in particular theft and damage to property), the entrance area and the publicly accessible areas of our hotel are monitored by cameras. The image data will only be viewed if there is a suspicion of unlawful conduct. Otherwise, the images will be automatically deleted after 10 days.
For the provision of the video surveillance system, we use a service provider who may have access to the data if this is necessary for the provision of the system. If the suspicion of unlawful conduct is substantiated, the data may then be passed on to the extent necessary to enforce claims or to file a complaint with consulting firms (in particular our law firm) and authorities.
The legal basis is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR on the protection of our property and the protection and enforcement of our rights.
