4.0 Data storage and exchange with third-parties
4.1 Booking platforms
If you make a booking via a third-party platform, we receive various kinds of personal information from the respective platform operator. These are generally the data listed in section 1.4 of this privacy policy. Furthermore, inquiries regarding your booking may be forwarded to us. We use these data in particular to register your booking as requested and provide the booked services. The legal basis for processing data for this purpose is the performance of a contract in accordance with Art. 6 (1) (b) GDPR.
Finally, we may be informed by the platform operator about disputes in connection with a booking. In this case, it is possible that we receive data relating to the booking process, whereby a copy of the booking confirmation counts as evidence that the booking has been made. We process these data to enforce and assert our rights. This is for the purpose of pursing our legitimate interests in accordance with Art. 6 (1) (f) GDPR.
Please also note the information on data protection by the respective provider.
4.2 Central storage and linking of data
We store the data provided to us in sections 1.1 to 1.10 and 2.1 to 2.3 in a central, electronic data processing system (CRM). The data relating to you are systematically recorded and linked for the purpose of processing your bookings and handling contractual services, or based on your consent. To this end, we use software provided by the company “protel hotelsoftware Gmbh” in 44269 Dortmund, Germany. Personal data are processed in a CRM program using software provided by the company “Toedt, Dr. Selk & Coll. GmbH” in 80333 Munich, Germany. These data are processed using the software for the purpose of pursing our legitimate interests in managing data in a customer-friendly and efficient way in accordance with Art. 6 (1) (f) GDPR, and for the performance of contractual measures in accordance with Art. 6 (1) (b) GDPR.
Based on your consent, we use your data for further purposes as described in the following. In doing so, we combine your data with data stored in our company relating to your stay in our hotel, your visits to the restaurant, the SPA and Internet use, and then use this combined data to send you general information and offers for products and services of our hotel, tailored individually to you and your interests, by e-mail, SMS or post, during or after your stay.
The legal basis for processing data for this purpose is your consent in accordance with (Art. 6 (1) (a) GDPR). You may revoke your consent at any time with future effect by email ([email protected]).
4.3 Duration of storage
We only store personal data for as long as is necessary to use the tracking services named above and to process them further for the purpose of pursuing our legitimate interests. We keep contractual data for longer, as this is required by statutory storage obligations. Obligations to store data result from regulations on reporting rights, accounting and tax law. According to these regulations, business communication, concluded contracts and accounting documents must be kept for up to 10 years. If we no longer require these data to be able to provide services for you, the data are blocked. This means that they may then only be used for accounting and tax purposes.
4.4 Passing data on to third parties
We only pass on your personal data to third parties if you have given your express consent, if we are legally obliged to do so, or if it is necessary to enforce our rights, in particular to assert our claims resulting from the contractual relationship. In addition, we pass on your data to third parties insofar as this is necessary within the scope of using the website and performing the contract (also outside the website), and in particular processing your bookings.
Please also take note of the information in the preceding sections of this privacy policy regarding the transfer of data to third parties.
We may share your personal information with all affiliates in our group if necessary, provided that it is used for the same original purposes as described in this privacy policy.
These are in particular:
Widder Hotel AG
Rennweg 7
8001 Zürich
Hotel Storchen AG
Weinplatz 2
8001 Zürich
Terreni alla Maggia SA
Via Muraccio 105
6612 Ascona
Castello del Sole - Terreni alla Maggia SA
Via Muraccio 142
6612 Ascona
Sammlung E.G. Bührle
Rämistrasse 46
8001 Zürich
Géza Anda-Stiftung
Bleicherweg 18
8002 Zürich
In the following, we provide an overview of third parties we employ:
4.4.1 Webmasters
We work together with technical partners to operate and maintain our website and guarantee contractual services and offers on our website. As a result, personal data are passed on to, or can be accessed by, the following partners:
Positioner SA
Via Stazione 32
6592 S. Antonino
Schweiz
www.positioner.com
The websites are hosted on servers in Switzerland. Data are passed on for the purpose of offering and maintaining the functions of our website. This constitutes our legitimate interests in accordance with Art. 6 (1) (f) GDPR.
4.4.2 Room reservation system
Personal data relating to room reservations on the website are collected and sent to us by
QNT S.r.l. a Socio Unico
Via Lucca,52 – 50142
Florence
Italy
4.4.3 Central storage and linking of data
Personal data are consolidated to enhance and improve our services to guests using a CRM. The data are supplied and processed by
Toedt, Dr. Selk & Coll. GmbH
Augustenstr. 79
80333 Munich
4.4.4 Restaurant reservations
Personal data for restaurant reservations on the website are collected and processed by
aleno AG
Aegertenstrasse 6
8003 Zurich
Switzerland
+41 43 508 24 65
4.4.5 Event tickets and vouchers
Personal data for the purchase of event tickets and vouchers on the website are collected, processed and supplied by
pdc salespitcher ag
Schwimmbadstrasse 45
5430 Wettingen
Switzerland
and
Idea Creation GmbH
Walchestrasse 15
8006 Zurich
Switzerland
www.e-guma.ch
4.4.6 Credit card payments
If you pay on the website by credit card, we pass on your credit card information to your credit card issuer and to the credit card acquirer. To this end, we work with the software platform “Stripe” provided by
Stripe Inc.
510 Townsend Street,
CA 94107 San Francisco
USA
and
SIX Payment Services AG
Hardturmstrasse 201
CH-8005 Zurich
If you decide to pay by credit card, you are asked each time to enter all mandatory information. The legal basis for processing data for this purpose is the performance of a contract in accordance with Art. 6 (1) (b) GDPR. Regarding the processing of your credit card information by these third parties, please also read the general terms and conditions and the privacy policy of your credit card issuer.
4.4.7 Chat
Personal data for the use of the chat tool on the website are collected and processed by
JivoSite Inc.
1013 Centre Rd, Suite 403-B
Wilmington, Delaware 19805
4.4.8 Application tool
Personal data for the use of the application tool on the website are collected and processed by
Jacando AG
Münchensteinerstrasse 41
4052 Basel
Switzerland.
4.4.9 WiFi provider
Personal data for the use of WiFi in the hotel are collected and processed by
Monzoon Networks AG
Spinnerei-Lettenstrasse
Riverside
8192 Zweidlen
Switzerland.
4.5 Transferring personal data abroad
We are entitled to also transfer your personal data to third-party companies (contracted service providers) abroad for the purpose of data processing as described in this privacy policy. These third parties are obliged to protect data to the same extent as we are. If the level of data protection in a country does not correspond to that of Switzerland or Europe, we contractually ensure that the protection of your personal data corresponds to that of Switzerland or the EU at all times.
4.5.1 Note on data transfers to the USA
For the sake of completeness, we would like to point out to users resident or domiciled in the EU or Switzerland that US authorities impose surveillance measures in the USA that generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland or the EU to the USA. This is done without any differentiation, limitation or exception, based on the objective pursued, and without any objective criterion that would make it possible to restrict the US authorities' access to, and subsequent use of, the data to very specific, strictly limited purposes that could justify such an intervention related to both access to and use of the data. Furthermore, we would like to point out that in the USA, there are no legal means available to data subjects from Switzerland and the EU that would allow them to access, rectify or erase their data, and that there is no effective legal protection against general access rights of US authorities. We explicitly draw the attention of data subjects to this legal and factual situation to allow them to make an informed decision before giving their consent to the use of their data.
We point out to users who are resident in a member state of the EU that, from the point of view of the European Union, the USA does not have an adequate level of data protection, partly due to the issues mentioned in this section. Insofar as we have explained in this privacy statement that recipients of data (such as Google) are based in the USA, we will ensure that your data stored at our partners is protected to an appropriate extent, either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU or Swiss-US Privacy Shield.
The Living Circle – is a hand-picked collection of first-class hotels and restaurants in incomparably beautiful locations, run by dedicated hosts. Rice, vegetables, fruit and a whole array of exquisite products – including wine, of course – is whisked fresh from our own farms directly to your table. That is how we define luxury. That is The Living Circle – luxury fed by nature.
Discover The Living Circle website