DATA PROTECTION STATEMENT

The company Badehotel Salina Maris, Dr. Francisca Schmid-Naef, Breiten 1, 3983 Breiten ob Mörel runs the Badehotel Salina Maris and operates the websites www.salina.maris.ch and www.salina-maris.ch and is therefore responsible for the collection, processing and use of your personal data and the compatibility of data processing with the applicable data protection law.
Your trust is important to us, which is why we take the subject of data protection seriously and pay attention to appropriate security. Of course, we comply with the legal provisions of the Federal Data Protection Act (DSG), the Ordinance to the Federal Data Protection Act (VDSG), the Telecommunications Act (FMG) and other applicable data protection provisions of Swiss or EU law, in particular the Basic Data Protection Ordinance (DSGVO).
In order for you to know what personal data we collect from you and for what purposes we use it, please take note of the information below.
The address of our data protection representative is: Markus Schmid, Breiten 1, 3983 Breiten ob Mörel.

When you visit our website, our servers temporarily store each access in a log file. As with any connection to a web server, the following technical data is recorded without your intervention and stored by us until automated deletion after 24 months at the latest:

• the IP address of the computer making the request,
• the name of the owner of the IP address range (usually your Internet access provider)
• the date and time of access,
• the website from which the access was made (referrer URL), possibly with the search term used,
• the name and URL of the file retrieved,
• the status code (e.g. error message),
• your computers operating system,
• the browser you are using (type, version and language),
• the transmission protocol used (e.g. HTTP/1.1) and, if applicable, your user name from a registration/authentication.

These data are collected and processed for the purpose of enabling the use of our website (connection establishment), to permanently guarantee system security and stability and to enable the optimisation of our Internet offer as well as for internal statistical purposes. This is our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f DSGVO.
The IP address is also evaluated together with the other data in the event of attacks on the network infrastructure or other unauthorised or abusive use of the website for reconnaissance and defence purposes and may be used in the course of criminal proceedings to identify and prosecute the users concerned under civil and criminal law. This is our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f DSGVO.

You have the possibility to use a contact form to get in touch with us. For this we absolutely need the following information:

• First and last name
• E-mail address
• Message

We only use this data as well as a telephone number that you voluntarily provide in order to answer your contact enquiry in the best possible and personalised way. The processing of this data is therefore necessary for the implementation of pre-contractual measures within the meaning of Art. 6 para. 1 lit. b DSGVO or is in our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

On our website you have the possibility to subscribe to our newsletter. This requires registration. The following data must be provided during registration:

• Salutation
• First and last name
• E-mail address
• Preferred language

The above data are necessary for data processing. We process these data exclusively to personalize the information and offers sent to you and to better align them with your interests. By registering, you give us your consent to process the data provided for the regular dispatch of the newsletter to the address you have given us and for the statistical evaluation of user behaviour and optimisation of the newsletter. This consent constitutes our legal basis for processing your e-mail address in accordance with Art. 6 Para. 1 letter a DSGVO. We are entitled to commission third parties with the technical processing of advertising measures and are entitled to pass on your data for this purpose (cf. point 13 below).
At the end of each newsletter you will find a link where you can cancel the newsletter at any time. When you unsubscribe, you can voluntarily tell us the reason for the cancellation. After cancellation your personal data will be deleted. Further processing is only carried out in an anonymous form to optimise our newsletter.

If you make bookings either via our website, by correspondence (e-mail or letter post) or by telephone call, we require the following data for the processing of the contract:

• Salutation
• First and last name
• Postal address
• Date of birth
• Phone number
• Language
• Credit card information
• E-mail address

We will only use this data as well as other information provided voluntarily by you (e.g. expected time of arrival, motor vehicle control plate, preferences, remarks) for processing the contract, unless otherwise stated in this data protection declaration or unless you have given your separate consent. We will process the data by name in order to record your booking according to your wishes, to provide the booked services, to contact you in case of any uncertainties or problems and to ensure correct payment.
The legal basis for data processing for this purpose is the fulfilment of a contract in accordance with Art. 6 para. 1 letter b DSGVO.

Cookies help in many ways to make your visit to our website easier, more pleasant and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our website.
We use cookies, for example, to temporarily save your selected services and entries when you fill out a form on the website so that you do not have to repeat the entry when you call up another subpage. Cookies may also be used to identify you as a registered user after you have registered on the website, so that you do not have to log in again when you access another subpage.
Most Internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message appears every time you receive a new cookie. On the following pages you will find explanations on how to configure the processing of cookies with the most common browsers:

• Microsofts Windows Internet Explorer
• Microsofts Windows Internet Explorer Mobile
• Mozilla Firefox
• Google Chrome für Desktop
• Google Chrome für Mobile
• Apple Safari für Desktop
• Apple Safari für Mobile

Disabling cookies may mean that you will not be able to use all the features of our website.

Our pages integrate plugins from the social network Facebook, provider Facebook Inc. 1 Hacker Way, Menlo Park, California 94025, USA. You can recognize the Facebook plugins by the Facebook logo or the "Like Button" ("Like") on our site. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/
When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook "Like-Button" while you are logged in to your Facebook account, you can link the contents of our Pages on your Facebook profile. This allows Facebook to associate your visit to our Pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. You can find further information on this in the Facebook privacy policy at https://de-de.facebook.com/policy.php
If you do not want Facebook to be able to assign visits to our pages to your Facebook user account, log in please log out of your Facebook account.

We use the web analysis service of Google Analytics for the purpose of designing our website in line with your needs and continuously optimizing it. In this context, pseudonymised user profiles are created and small text files stored on your computer ("cookies") are used. The information generated by the cookie about your use of this website is transferred to the servers of the providers of these services, stored there and prepared for us. In addition to the data listed under point 1, we may receive the following information as a result:

• Navigation path that a visitor follows on the site,
• Dwell time on the website or subpage,
• the page on which you leave the website,
• the country, region or city from where access is made,
• Terminal device (type, version, colour depth, resolution, width and height of the browser window) and
• Returning or new visitor.

The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services connected with the use of the website and the Internet for the purposes of market research and the design of this website in line with requirements. This information may also be transferred to third parties where required by law or where third parties process this data on our behalf.

The provider of Google Analytics is Google Inc, a company of the holding company Alphabet Inc, with headquarters in the USA. Before the data is transmitted to the provider, the IP address is shortened by activating IP anonymization ("anonymizeIP") on this website within the member states of the European Union or in other states that are party to the Agreement on the European Economic Area. The anonymised IP address transmitted by your browser within the framework of Google Analytics is not combined with other data from Google. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. In these cases we ensure by contractual guarantees that Google Inc. maintains an adequate level of data protection. According to Google Inc., the IP address will never be associated with other data concerning the user.
Further information about the web analysis service used can be found on the Google Analytics website. For instructions on how to prevent the web analytics service from processing your data, see http://tools.google.com/dlpage/gaoptout?hl=de

Upon arrival at our hotel, we may need the following information from you and your accompanying persons:

• First and last name
• Postal address and canton
• Date of birth
• Place of birth
• Nationality
• Official identification card and number
• Arrival and departure day
• Room number

We collect this information in order to fulfil legal reporting obligations, which arise in particular from hospitality or police law. Insofar as we are obliged to do so under the applicable regulations, we forward this information to the competent police authority.
In the fulfilment of the legal requirements, our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO exists.

If you receive additional services during your stay (e.g. you make use of the mini-bar or the pay TV offer), the object of the service and the time of the service receipt will be recorded by us for accounting purposes. The processing of this data is required in accordance with Art. 6 Para. 1 lit. b DSGVO for the processing of the contract with us.

If you make bookings via a third-party platform, we receive various personal information from the respective platform operator. As a rule, this is the data listed in section 5 of this data protection declaration. In addition, we may receive requests for information about your booking. We will process these data by name in order to record your booking according to your wishes and to provide the booked services. The legal basis of the data processing for this purpose is the fulfilment of a contract according to Art. 6 paragraph 1 lit. b DSGVO.
Finally, we may be informed by the platform operators about disputes in connection with a booking. We may also receive information about the booking process, including a copy of the booking confirmation as evidence of the actual booking. We process this data to protect and enforce our claims. This is our legitimate interest within the meaning of Art. 6 Para. 1 letter f DSGVO. Please also note the data protection information of the respective provider.

We store the data specified in paragraphs 2-5 and 8-10 in a central electronic data processing system. The data concerning you will be systematically recorded and linked for the purpose of processing your bookings and handling the contractual services. For this purpose we use software from [hotelpac ag, Postfach, CH-3900 Brig]. We base the processing of this data within the framework of the software on our justified interest in the sense of Art. 6 Para. 1 letter f DSGVO in customer-friendly and efficient customer data management.

We store personal data only as long as it is necessary to use the above-mentioned tracking services and further processing within the scope of our legitimate interest. Contract data will be stored by us for a longer period of time, as this is required by legal storage obligations. Retention obligations which oblige us to retain data result from regulations on the right to report, on accounting and from tax law. According to these regulations, business communication, concluded contracts and accounting records must be kept for at least 10 years. If we no longer need this data to provide services to you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.

We will only pass on your personal data if you have expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. In addition, we will pass on your data to third parties as far as this is necessary within the scope of the use of the website and the processing of the contract (also outside the website), namely the processing of your bookings.
One service provider to whom the personal data collected via the website is passed on or who has or can have access to it is our web host HOSTSTAR - Multimedia Networks AG [Switzerland], Kirch-gasse 30, 3312 Fraubrunnen. The website is hosted on servers in [Switzerland, Germany and Austria]. The data is transferred for the purpose of providing and maintaining the functionality of our website. This is our legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO.
Finally, when you make a credit card payment on the Website, we forward your credit card information to your credit card issuer and to the credit card acquirer. If you choose to pay by credit card, you will be asked to enter all mandatory information. The legal basis for the transfer of data is the fulfilment of a contract according to Art. 6 para. 1 lit. b DSGVO. With regard to the processing of your credit card information by these third parties, we ask you to also read the General Terms and Conditions and the data protection declaration of your credit card issuer
. Please also note the information in sections 7-8 and 10-11 regarding the transfer of data to third parties.

We may also transfer your personal data to third companies (commissioned service providers) abroad for the purposes of the data processing described in this privacy policy. These companies are obliged to the same extent as we are ourselves to protect your data. If the level of data protection in a country does not correspond to that in Switzerland or the EU, we will ensure by contract that the protection of your personal data corresponds to that in Switzerland or the EU at all times.

You have the right to request information about the personal data that we store about you. In addition, you have the right to have incorrect data corrected and the right to have your personal data deleted, provided that this does not conflict with any legal obligation to retain the data or any permission that allows us to process it.
You also have the right to reclaim from us the data you have given us (right to data portability). Upon request, we will also pass on the data to a third party of your choice. You have the right to receive the data in a standard file format.
You can contact us for the above-mentioned purposes by e-mail at
webmaster@breiten.ch . We may, at our discretion, require proof of identity for the processing of your applications.

We use suitable technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
You should always keep your access data confidential and close the browser window when you have finished communicating with us, especially if you share the computer with others.
We also take internal data protection very seriously. Our employees and the service companies we commission have been obligated by us to maintain secrecy and to comply with data protection regulations

For the sake of completeness, we would like to point out to users who are resident or domiciled in Switzerland that surveillance measures are in place in the USA by US authorities, which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without any differentiation, restriction or exception based on the objective pursued and without any objective criterion that would make it possible to limit access to the data by the US authorities and its subsequent use to very specific, strictly limited purposes that could justify the interference associated with both access to and use of the data. Furthermore, we would like to point out that there are no legal remedies available in the United States for Swiss data subjects that would allow them to access, correct or delete data relating to them, or that there is no effective judicial protection against general access rights of US authorities. We explicitly draw the attention of the person concerned to this legal and factual situation in order to make an appropriately informed decision to consent to the use of their data.
Users residing in a member state of the EU are advised that the USA does not provide an adequate level of data protection from the perspective of the European Union - among other things due to the issues mentioned in this section. Insofar as we have explained in this data protection declaration that recipients of data (such as Google) are based in the USA, we will ensure that your data is protected at an adequate level with our partners, either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU or Swiss-US Privacy Shield.