Logo B5 Boutique Hotel
BOOK NOW

Privacy Policy

Privacy Policy B5 Boutique Hotel

1. responsible and content of this privacy policy

The B5 Boutique Hotel, Via Francesco Borromini 5, 6900 Lugan, is operator of the B5 Boutique Hotel and the website www.b5hotel.ch and, unless otherwise stated in this privacy policy, is responsible for the data processing listed in this privacy policy.

So that you know what personal data we collect from you and for what purposes we use it, please take note of the following information. In terms of data protection, we are primarily guided by the legal requirements of Swiss data protection law, in particular the Federal Act on Data Protection (FADP), as well as the EU GDPR, the provisions of which may apply in individual cases.

Please note that the following information is reviewed and amended from time to time. We therefore recommend that you consult this privacy policy on a regular basis. Furthermore, other companies are responsible or jointly responsible with us under data protection law for individual data processing operations listed below, so that in these cases the information provided by these providers is also authoritative.

2. contact person for data protection

If you have any questions about data protection or would like to exercise your rights, please contact our data protection officer by sending an email to the following address: daniel.hahne@bluewin.ch

You can reach our EU data protection representative at:

The B5 Boutique Hotel, Via Francesco Borromini 5, 6900 Lugan daniel.hahne@bluewin.ch

3. Scope and purpose of the collection, processing and use of personal data

3.1 Data processing when contacting us

When you contact us via our contact addresses and channels (e.g. by email, telephone or contact form), your personal data will be processed. The data that you have made available to us, such as your name, e-mail address or telephone number and your request, will be processed. In addition, the time of receipt of the enquiry is documented. We process this data in order to fulfil your request (e.g. providing information about our hotel, assisting with contract processing such as questions about your booking, incorporating your feedback into the improvement of our services, etc.).

We use a software application from Silverstripe, Level 2, 275 Cuba Street, Te Aro, Wellington, 6011, New Zealand to process contact requests via the contact form. Therefore, your data may be stored in a Silverstripe database, which may allow Silverstripe to access your data if this is necessary for the provision of the software and for support in the use of the software. Information on the processing of data by third parties and any transfer abroad can be found in section 5 of this privacy policy.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the realisation of your request or, if your request is aimed at the conclusion or execution of a contract, the necessity for the implementation of the necessary measures within the meaning of Art. 6 para. 1 lit. b GDPR.

Silverstripe may wish to use some of this data for its own purposes (e.g. to send marketing emails or for statistical analyses). Silverstripe is responsible for this data processing and must ensure compliance with data protection laws in connection with this data processing. Information about data processing by Silverstripe can be found at https://www.silverstripe.com/privacy-policy/.

3.2 Data processing for bookings

3.2.1 Booking via our website

On our website you have the possibility to book an overnight stay. We collect the following data for this purpose:

  • Date of arrival and departure
  • Number of people
  • Guest category (adult, child)
  • Age of the children
  • First and last name of the booker
  • E-mail address
  • Comments
  • Address
  • Phone number
  • Credit card details
  • Payment information
  • Confirmation of knowledge and consent regarding terms and conditions and privacy policy

We use the data to verify your identity before concluding a contract. We need your email address to confirm your booking and for any future communication with you that is necessary to fulfil the contract. We will store your data together with the marginal data of the booking (e.g. room category, period of stay as well as description, price and features of the services), the payment data (e.g. selected payment method, confirmation of payment and time; see also section 3. 7.2) as well as information on the processing and fulfilment of the contract (e.g. receipt and handling of complaints) in our CRM database (see section 4) so that we can ensure correct booking processing and contract fulfilment.

If this is necessary for the fulfilment of the contract, we will also pass on the required information to any third-party service providers (e.g. organisers or transport companies).

The legal basis for this data processing is the fulfilment of a contract with you in accordance with Art. 6 para. 1 lit. b GDPR

The provision of data that is not labelled as mandatory is voluntary. We process this data in order to tailor our offer to your personal needs in the best possible way, to facilitate the processing of contracts, to contact you via an alternative communication channel if necessary with a view to fulfilling the contract or for statistical recording and evaluation to optimise our offers.

The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by sending us a message.

We use a software application from Bocco Group GmbH, Bernstrasse 8, 3005 Bern, Switzerland, to process bookings via our website. Therefore, your data may be stored in a database of Bocco Group GmbH, which may allow Bocco Group GmbH to access your data if this is necessary for the provision of the software and for support in the use of the software. Information on the processing of data by third parties and any transfer abroad can be found in section 5 of this privacy policy.

The legal basis for this data processing is the fulfilment of a contract with you in accordance with Art. 6 para. 1 lit. b GDPR

Bocco Group GmbH may wish to use some of this data for its own purposes (e.g. to send marketing emails or for statistical analyses). Bocco Group GmbH is responsible for this data processing and must ensure compliance with data protection laws in connection with this data processing. Information about data processing by Bocco Group GmbH can be found at https://boccogroup.com/datenschutzhinweis/.

3.2.2 Booking üvia a booking platform

If you make bookings via a third-party platform (i.e. via Booking, Expedia, Holidaycheck, Hotel Tonight, HRS, etc.), we receive various personal data from the respective platform operator in connection with the booking made. This is generally the data listed in section 3.7.2 of this privacy policy. In addition, we may receive enquiries about your booking. We will process this data by name in order to record your booking as requested and to provide the booked services.

The legal basis for this data processing for this purpose is the implementation of pre-contractual measures and the fulfilment of a contract in accordance with Art. 6 para. 1 lit. b GDPR.

Finally, we may exchange personal data with the platform operators in connection with disputes or complaints in connection with a booking, insofar as this is necessary to safeguard our legitimate interests. This may also include data relating to the booking process on the platform or data relating to the booking or processing of services and the stay with us. We process this data to safeguard our legitimate claims and interests in the processing and maintenance of our contractual relationships.

3.3 Data processing during payment processing

3.3.1 Payment processing in the hotel

If you purchase products, services or pay for your stay at our hotel using electronic means of payment, the processing of personal data is required. By using the payment terminals, you transmit the information stored in your means of payment, such as the name of the cardholder and the card number, to the payment service providers involved (e.g. payment solution providers, credit card issuers and credit card acquirers). They also receive the information that the payment method was used in our hotel, the amount and the time of the transaction. Conversely, we only receive the credit of the amount of the payment made at the relevant time, which we can assign to the relevant receipt number, or information that the transaction was not possible or was cancelled. Please also always refer to the information provided by the respective company, in particular the data protection declaration and the General Terms and Conditions of Business.

We use a software application from Adyen N.V. German Branch, Jägerstrasse 27, 10117 Berlin to process payments via the contact form. Therefore, your data may be stored in a database of Adyen N.V. German Branch, which may allow Adyen N.V. German Branch to access your data if this is necessary for the provision of the software and for support in the use of the software. Information on the processing of data by third parties and any transfer abroad can be found in section 5 of this privacy policy.

The legal basis for our data processing is the fulfilment of a contract with you in accordance with Art. 6 para. 1 lit. b GDPR.

Adyen N.V. German Branch may wish to use some of this data for its own purposes (e.g. to send marketing emails or for statistical analyses). For these data processing operations, [company] is the controller and must ensure compliance with data protection laws in connection with these data processing operations. Information about data processing by Adyen N.V. German Branch can be found at https://www.adyen.com/de_DE/richtlinien-und-haftungsausschluss/privacy-policy.

3.3.2 Online payment processing

If you make chargeable bookings on our website, order services or products, depending on the product or service and the desired payment method, in addition to the information specified in section 3.5.1, you may be required to provide further data, such as your credit card information or the login to your payment service provider. This information and the fact that you have purchased a service from us at the relevant amount and time will be forwarded to the respective payment service providers (e.g. payment solution providers, credit card issuers and credit card acquirers). Please also always note the information provided by the respective company, in particular the data protection declaration and the general terms and conditions of business.

The legal basis for our data processing is the fulfilment of a contract in accordance with Art. 6 para. 1 lit. b GDPR.

We reserve the right to store a copy of the credit card information as security. In order to avoid payment cases, the necessary data, in particular your personal details, may also be transmitted to a credit agency for the automated assessment of your creditworthiness. In this context, the credit agency can assign you a so-called score value. This is an estimate of the future risk of non-payment, e.g. based on a percentage. The value is calculated using mathematical-statistical methods and taking into account credit agency data from other sources. We reserve the right not to offer you the payment method "invoice" according to the information received.

The legal basis for this data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in avoiding payment defaults.

3.4 Data processing for the recording and billing of purchased services

If you purchase services as part of your stay (e.g. additional overnight stays, wellness, restaurant, activities), in addition to your contract data, the data relating to the booking (e.g. time and comments) and the data relating to the booking will be processed. time and comments) as well as the data on the booked and purchased service (e.g. subject matter of the service, price and time of service purchase) are recorded and processed by us for the purpose of processing the service, as described in sections 3.5 and 3.6.

The legal basis for our data processing is the fulfilment of a contract in accordance with Art. 6 para. 1 lit. b GDPR.

3.5 Data processing for email marketing

When you register for our marketing emails (e.g. when you open them, within your customer account or as part of an order, booking or reservation), the following data is collected. Mandatory information is marked with an asterisk (*) during registration:

  • E-mail address
  • Salutation
  • First and last name

After submitting your registration, you will receive an e-mail from us with a confirmation link. To definitively register for the marketing e-mails, you must click on this link. If you do not confirm your e-mail address using the confirmation link within the specified period, your data will be deleted and our marketing e-mails will not be sent to this address.

By registering, you consent to the processing of this data in order to receive marketing emails from us about our hotel and related information on products and services. These marketing emails may also include invitations to take part in competitions, to provide feedback or to rate our products and services. The collection of the salutation and first and last name allows us to assign the registration to any existing customer account and thereby personalise the content of the marketing emails. The link to a customer account allows us to make the offers and content contained in the marketing emails more relevant to you and better tailored to your potential needs.

We will use your data to send you marketing emails until you withdraw your consent. Revocation is possible at any time, in particular via the unsubscribe link contained in all marketing emails.

Our marketing emails may contain a so-called web beacon, 1x1 pixel (pixel-code) or similar technical aids. A web beacon is an invisible graphic that is linked to the user ID of the respective subscriber. For each marketing email sent, we receive information on which email addresses it was successfully sent to, which email addresses have not yet received the marketing email and which email addresses failed to receive it. We also see which email addresses have opened the marketing email and for how long, and which links have been clicked. Finally, we also receive information about which subscribers have unsubscribed from the mailing list. We use this data for statistical purposes and to optimise the marketing emails in terms of frequency and time of sending as well as the structure and content of the marketing emails. This enables us to better tailor the information and offers in our marketing emails to the individual interests of recipients.

The web beacon is deleted when you delete the marketing email. You can prevent the use of web beacons in our marketing emails by setting the parameters of your email programme so that HTML is not displayed in messages. You can find information on how to configure this setting in the help section of your email software application, e.g. here for Microsoft Outlook.

By subscribing to the marketing emails, you also consent to the statistical analysis of user behaviour for the purpose of optimising and adapting the marketing emails.

Your consent constitutes the legal basis for the processing of data within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time for the future.

3.6 Data processing when submitting reviews

In order to help other users with their decision and to support our quality management (in particular when processing negative feedback), you have the opportunity to rate your stay with us on our website. The data that you have made available to us will be processed and published on the website, i.e. in addition to your rating and its time, possibly also a comment that you have added to your rating or the name you have provided.

The legal basis for data processing is your consent within the meaning of Art. 6 para. 1 lit a GDPR. You can revoke your consent at any time and request the anonymisation of your rating.

We reserve the right to delete unlawful reviews and to contact you in the event of suspicion and ask you to comment.

The legal basis for this processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the provision of a lawful and unobjectionable comment and rating function and the prevention of abuse when using it.

3.7 Data processing when submitting feedback

During your stay or afterwards, you have the opportunity to provide us with feedback (e.g. praise, criticism and suggestions for improvement) using a form. We collect the following data for this purpose, depending on the form, whereby mandatory information is marked with an asterisk (*) in the corresponding form:

  • First and last name
  • Age
  • Nationality
  • Duration of the stay
  • Recognition

The processing of your data takes place as part of our quality management and thus ultimately for the purpose of better aligning our services and products with the needs of our guests. Specifically, your data is processed for the following purposes:

  • Clarification of your request, i.e. e.g. obtaining opinions from employees and supervisors contacted or obtaining feedback from you, etc.;
  • Evaluating and analysing your data, e.g. compiling satisfaction statistics, comparing individual services, etc.; or
  • Taking organisational measures in accordance with the findings, e.g. rectifying faults/deficiencies/misconduct, for example by repairing defective equipment, instructing, praising or admonishing employees.

We use a software application from LoungeUp, 21 Rue de Rocroy, 75010 Paris, in connection with employee feedback. Therefore, your data may be stored in a LoungeUp database, which may allow LoungeUp to access your data if this is necessary for the provision of the software and for support in the use of the software. Information on the processing of data by third parties and any transfer abroad can be found in section 5 of this privacy policy.

The legal basis for this processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time for the future.

LoungeUp may wish to use some of this data for its own purposes (e.g. to send marketing emails or for statistical analyses). LoungeUp is responsible for this data processing and must ensure compliance with data protection laws in connection with this data processing. Information about data processing by LoungeUp can be found at https://de.loungeup.com/privacy-policy.

3.8 Data processing for video surveillance

In order to protect our guests and employees as well as our property and to prevent and punish unlawful behaviour (in particular theft and damage to property), the entrance area and the publicly accessible areas of our hotel, with the exception of the sanitary facilities, may be monitored by cameras. The image data will only be viewed if there is a suspicion of unlawful behaviour. Otherwise, the images are automatically deleted after 30 days.

For the provision of the video surveillance system, we rely on a service provider Innotrixx ag, Rheinstrasse 81, 4133 Pratteln, Switzerland. Innotrixx AG has access to the data insofar as this is necessary for the provision of the system. If there is a suspicion of unlawful behaviour, the data may be passed on to the extent necessary to enforce claims or to file a complaint with consulting firms (in particular a law firm) and authorities. Information on the processing of data by third parties and any transfer abroad can be found in section 5 of this privacy policy. Further information about data processing in connection with Innotrixx AG can be found at https://hotelplus.ch/datenschutzerklaerung/.

The legal basis is our legitimate interest within the meaning of Article 6(1)(f) GDPR in the protection of our property, our employees and our property as well as in the protection and enforcement of our rights.

3.9 Data processing when using our WiFi network

In our hotel you have the opportunity to use our WiFi network free of charge. In order to prevent misuse and to punish illegal behaviour, prior registration is required. In doing so, you provide us with the following data:

  • MAC address of the end device (automatic)

In addition to the above data, data on the time and date of use and the end device used are recorded each time the WiFi network is used. The legal basis for this processing is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time for the future.

For the provision of our WiFi network, we work together with Innotrixx ag, Rheinstrasse 81, 4133 Pratteln, Switzerland. Therefore, your data may be stored in a database of innotrixx AG, which may allow innotrixx AG to access your data if this is necessary for the provision of the software and for support in the use of the software. Information on the processing of data by third parties can be found in section 5 of this privacy policy. Further information about data processing by innotrixx AG can be found at https://hotelplus.ch/datenschutzerklaerung/.

innotrixx AG must comply with the legal obligations of the Federal Act on the Surveillance of Postal and Telecommunications Traffic (Postal and Telecommunications Surveillance Act) and the associated ordinance. If the legal requirements are met, the operator of the WiFi network must monitor the use of the Internet and data traffic on behalf of the competent authority. The operator of the WiFi network may also be obliged to disclose the hotel guest's contact, usage and marginal data to the authorised authorities. The contact, usage and marginal data will be stored for 6 months and then deleted.

The legal basis for this processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the provision of a WiFi network in compliance with the applicable legal regulations.

3.10 Data processing for the fulfilment of legal reporting obligations

Upon arrival at our hotel, we may require the following mandatory information from you and your travelling companions:

Surname

  • First and last name of all guests
  • Residential and billing address of the primary guest
  • Date of birth of all guests
  • Nationality of all guests
  • Day of arrival and departure of all guests
  • Reason for travelling of the primary guest
  • Signature of the primary guest

We collect this information to fulfil legal reporting obligations, in particular those arising from hospitality or police law. Insofar as we are obliged to do so under the applicable regulations, we forward this information to the relevant authorities.

The legal basis for processing this data is our legitimate interest within the meaning of Art. 6 para. 1 lit. c GDPR in complying with our legal obligations.

3.11 Data processing for job applications

You have the opportunity to apply for a job in our company spontaneously or in response to a specific job advertisement. In doing so, we process the personal data provided by you.

We use the data you provide to assess your application and suitability for employment. Application documents of applicants who are not considered will be deleted after the application process has ended, unless you explicitly consent to a longer retention period or we are not legally obliged to retain them for a longer period.

The legal basis for processing your data for this purpose is the fulfilment of a contract (pre-contractual phase) in accordance with Art. 6 para. 1 lit. b GDPR.

4. centralised data storage and analysis in the CRM system

If a clear assignment to your person is possible, we will store and link the data described in this privacy policy, i.e. in particular your personal details, your contacts, your contract data and your surfing behaviour on our websites, in a central database. This serves the efficient administration of customer data, allows us to process your requests appropriately and enables the efficient provision of the services you have requested and the processing of the associated contracts.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the efficient management of user data.

We also analyse this data in order to further develop our offers in line with your needs and to be able to display and suggest information and offers that are as relevant to you as possible. We also use methods that predict your interests and future orders based on your use of our website.

5. Disclosure and transfer abroad

5.1 Disclosure to and access by third parties

Without the support of other companies, we would not be able to provide our services in the desired form. In order for us to be able to use the services of these companies, it is also necessary to pass on your personal data to these companies to a certain extent. Disclosure is made to selected third-party service providers and only to the extent necessary for the optimal provision of our services.

Different third-party service providers are already explicitly mentioned in this privacy policy. These are the following service providers:

  • Google Analytics, provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Further information about data processing in connection with Google Inc. can be found at https://support.google.com/analytics/answer/6004245?hl=de.

The legal basis for these transfers is the necessity for the fulfilment of a contract within the meaning of Art. 6 para. 1 lit. b GDPR.

Your data will also be passed on if this is necessary for the fulfilment of the services you have requested, e.g. to restaurants or providers of other services for which you have made a reservation through us. The legal basis for these transfers is the necessity for the fulfilment of a contract within the meaning of Art. 6 para. 1 lit. b GDPR. The third-party service providers are responsible for this data processing within the meaning of the Data Protection Act and not us. It is the responsibility of these third-party service providers to inform you about their own data processing that goes beyond the provision of services and to comply with data protection laws.

In addition, your data may be passed on, in particular to authorities, legal advisors or debt collection agencies, if we are legally obliged to do so or if this is necessary to protect our rights, in particular to enforce claims arising from the relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof and such disclosure is necessary to carry out due diligence or to complete the transaction.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the protection of our rights and fulfilment of our obligations or the sale of our company or parts thereof.

5.2 Transfer of personal data abroad

We are authorised to transfer your personal data to third parties abroad if this is necessary to carry out the data processing mentioned in this privacy policy. Individual data transfers have been mentioned above in section 3. It goes without saying that the statutory provisions on the disclosure of personal data to third parties are complied with. The countries to which data is transferred include those which, according to the decision of the Federal Council and the EU Commission, have an adequate level of data protection (such as the member states of the EEA or, from the EU's point of view, Switzerland), but also those countries (such as the USA) whose level of data protection is adequate. (such as the USA) whose level of data protection is not considered adequate (see Annex 1 of the General Data Protection Regulation (GDPR) and the website of the EU Commission). If the country in question does not have an adequate level of data protection, we ensure that your data is adequately protected by these companies by means of suitable guarantees, unless an exception is specified for individual data processing (see Art. 49 GDPR). Unless otherwise stated, these are standard contractual clauses within the meaning of Art. 46 para. 2 lit. c GDPR, which can be found on the websites of the Federal Data Protection and Information Commissioner (FDPIC) and the EU Commission. If you have any questions about the measures taken, please get in touch with our contact person for data protection (see section 2).

5.3 Notes on data transfers to the USA

Some of the third-party service providers mentioned in this privacy policy are based in the USA. For reasons of completeness, we would like to point out to users residing or domiciled in Switzerland or the EU that there are surveillance measures by US authorities in the USA that generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland or the EU to the USA. This is done without differentiation, limitation or exception on the basis of the objective pursued and without an objective criterion that makes it possible to restrict the US authorities' access to the data and its subsequent use to very specific, strictly limited purposes that are capable of justifying the interference associated with both access to and use of this data. In addition, we would like to point out that in the USA there are no legal remedies or effective legal protection for data subjects from Switzerland or the EU against general access rights of US authorities that would allow them to obtain access to the data concerning them and to obtain its correction or deletion. We explicitly draw your attention to this legal and factual situation in order to enable you to make an appropriately informed decision to consent to the use of your data.

We would also like to point out to users residing in Switzerland or a member state of the EU that, from the perspective of the European Union and Switzerland, the USA does not have an adequate level of data protection, partly due to the statements made in this section. Insofar as we have explained in this privacy policy that recipients of data (such as Google) are based in the USA, we will ensure that your data is adequately protected by our third-party service providers through contractual arrangements with these companies and, if necessary, additional appropriate guarantees.

6. Background data processing on our website

6.1 Data processing when visiting our website (log file data)

When you visit our website, the servers of our hosting provider [company, address, country] temporarily store every access in a log file. The following data is recorded without your intervention and stored by us until automated deletion:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which the access was made, if applicable with the search term used
  • Operating system of your computer and the browser you are using (incl. type, version and language setting)
  • Device type in the case of access via mobile phones
  • City or region from where the access was made; and
  • Name of your internet access provider.

This data is collected and processed for the purpose of enabling the use of our website (connection establishment), ensuring system security and stability on a permanent basis, enabling error and performance analysis and optimisation of our website (see also section 6.4 for the last points).

In the event of an attack on the network infrastructure of the website or in the event of suspicion of other unauthorised or abusive use of the website, the IP address and other data will be evaluated for clarification and defence purposes and, if necessary, used in the context of civil or criminal proceedings to identify the user concerned.

The purposes described above constitute our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR and thus the legal basis for data processing.

Finally, when you visit our website, we use cookies as well as applications and tools that are based on the use of cookies. In this context, the data described here may also be processed. Further information on this can be found in the following sections of this privacy policy, in particular section 6.2 below.

6.2 Cookies

Cookies are information files that your web browser stores on your computer's hard drive or memory when you visit our website. Cookies are assigned identification numbers that identify your browser and allow the information contained in the cookie to be read.

Cookies help, among other things, to make your visit to our website easier, more pleasant and more meaningful. We use cookies for various purposes that are required for your desired use of the website, i.e. are "technically necessary". For example, we use cookies to be able to identify you as a registered user after you have logged in without you having to log in again when navigating the various subpages. The provision of the ordering and booking functions is also based on the use of cookies. Furthermore, cookies also perform other technical functions required for the operation of the website, such as load balancing, i.e. the distribution of the performance load of the site to different web servers in order to relieve the servers. Cookies are also used for security purposes, e.g. to prevent the unauthorised posting of content. Finally, we also use cookies as part of the design and programming of our website, e.g. to enable the uploading of scripts or codes.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the provision of a user-friendly and contemporary website.

Most Internet browsers automatically accept cookies. However, when accessing our website, we ask for your consent to the cookies we use that are not technically necessary, especially when using third-party cookies for marketing purposes. You can make the settings you require via the corresponding buttons in the cookie banner. Details on the services and data processing associated with the individual cookies can be found within the cookie banner and in the following sections of this privacy policy.

You can also configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie. On the following pages you will find explanations on how you can configure the processing of cookies for selected browsers.

  • Google Chrome for desktop
  • Google Chrome for mobile
  • Apple Safari
  • Microsoft Windows Internet Explorer
  • Microsoft Windows Internet Explorer Mobile
  • Mozilla Firefox

Disabling cookies may prevent you from using all the features of our website.

6.3 Tracking and web analysis tools

6.3.1 General information on tracking

We use the web analysis services listed below for the purpose of designing and continuously optimising our website to meet your needs. In this context, pseudonymised user profiles are created and cookies are used (please also refer to section 6.2). The information generated by the cookie about your use of this website is usually transmitted to a server of the service provider together with the log file data listed under section 6.1, where it is stored and processed. This may also result in a transfer to servers abroad, e.g. the USA (see, in particular, the lack of an adequate level of data protection and the guarantees provided, sections 5.2 and 5.3).

By processing the data, we receive the following information, among other things:

  • Navigation path taken by a visitor on the site (incl. content viewed and products selected or purchased or services booked)
  • Duration spent on the website or subpage
  • Subpage on which the website is left
  • Country, region or city from where access is made
  • End device (type, version, colour depth, resolution, width and height of the browser window); and
  • Returning or new visitor.

On our behalf, the provider will use this information to analyse the use of the website, in particular to compile website activities and to provide further services associated with the use of the website and the Internet for the purposes of market research and the needs-based design of these websites. For these processing operations, we and the providers can be regarded as joint controllers under data protection law up to a certain extent.

The legal basis for this data processing with the following services is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent or object to the processing at any time by rejecting or switching off the relevant cookies in your web browser settings (see section 6.2) or by making use of the service-specific options described below.

For the further processing of the data by the respective provider as the (sole) controller under data protection law, in particular any disclosure of this information to third parties, e.g. to authorities due to national legal regulations, please refer to the respective data protection information of the provider.

6.3.2 Google Analytics

We use the web analytics service Google Analytics from Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

Apart from the description in section 6.4.1, IP addresses are not logged or stored in Google Analytics (in the "Google Analytics 4" version used here). In the case of access originating from the EU, IP address data is only used to derive location data and then deleted immediately. When collecting measurement data in Google Analytics, all IP searches are carried out on EU-based servers before the traffic is forwarded to Analytics servers for processing. Regional data centres are used in Google Analytics. If a connection is established in Google Analytics to the nearest available Google data centre, the measurement data is sent to Analytics via an encrypted HTTPS connection. The data is further encrypted in these centres before it is forwarded to the Analytics processing servers and made available on the platform. The most suitable local data centre is determined based on the IP addresses. This may also result in data being transferred to servers abroad, e.g. in the USA (see section 5.2 for more information, in particular on the lack of an adequate level of data protection and the guarantees provided).

We also use the technical extension „Google Signals“, which enables cross-device tracking – i.e. end-to-end tracking. This allows an individual website visitor to be associated with different end devices. However, this only happens if the visitor has logged into a Google service when visiting the website and at the same time activated the "personalised advertising" option in their Google account settings. Even then, however, no personal data or user profiles are made available to us; they remain anonymous to us. If you do not wish to use „Google Signals“, you can deactivate the „personalised advertising“ option in your Google account settings.

Users can prevent Google from collecting the data generated by the cookie and relating to the use of the website by the user concerned (including the IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

As an alternative to the browser plugin, users can click this link to prevent Google Analytics from collecting data on the website in the future. An opt-out cookie is stored on the user's end device. If users delete cookies (see section 6 Cookies), the link must be clicked again.

6.3.3 Name of web analysis service

We use the web analysis service ennit interactive GmbH, Gerhard-Fröhler-Strasse 14, 24106 Kiel, Germany, ennit interactive GmbH. The data described above about the use of the website may be transmitted to the servers of ennit interactive GmbH in Germany for the processing purposes explained (see section 5).

Users can prevent the collection of data generated by the cookie and related to the use of the website by the user concerned (including the IP address) to ennit interactive GmbH and the processing of this data by ennit interactive GmbH by clicking on the following link and following the instructions: https://www.ennit.de/datenschutz/

6.4 Social media

6.4.1 Social Media Profile

On our website, we have included links to our profiles in the social networks of the following providers:

  • Facebook, Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. https://de-de.facebook.com/about/privacy.
  • LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland, https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

When you click on the social network icons, you are automatically redirected to our profile in the respective network. This establishes a direct connection between your browser and the server of the respective social network. As a result, the network receives the information that you have visited our website with your IP address and clicked on the link. This may also result in data being transferred to servers abroad, e.g. in the USA (see, in particular, the lack of an adequate level of data protection and the guarantees provided, sections 5.2 and 5.3).

If you click on a link to a network while you are logged into your user account with the network in question, the content of our website may be linked to your profile so that the network can directly associate your visit to our website with your account. If you want to prevent this, you should log out before clicking on the relevant links. A connection between your access to our website and your user account takes place in any case if you log in to the respective network after clicking on the link. The respective provider is responsible under data protection law for the associated data processing. Please therefore note the data protection information on the network's website.

The legal basis for any data processing attributed to us is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the use and advertising of our social media profiles.

6.5 Online advertising and targeting

6.5.1 In general

We use services from various companies to provide you with interesting offers online. This involves analysing your user behaviour on our website and the websites of other providers in order to be able to show you online advertising tailored to you.

Most technologies for tracking your user behaviour (tracking) and for the targeted display of advertising (targeting) work with cookies (see also section 6.2), with which your browser can be recognised via various websites. Depending on the service provider, it may also be possible for you to be recognised online even when using different end devices (e.g. laptop and smartphone). This may be the case, for example, if you have registered with a service that you use on several devices.

In addition to the data already mentioned, which is collected when websites are accessed (log file data, see section 6.1) and when cookies are used (section 6.2) and which may be passed on to the companies involved in the advertising networks, the following data in particular is used to select the advertising that is potentially most relevant to you:

  • information about you that you provided when registering or using a service of advertising partners (e.g. your gender, your age group)
  • User behaviour (e.g. search queries, interactions with advertising, types of websites visited, products or services viewed and purchased, newsletters subscribed to).

We and our service providers use this data to recognise whether you belong to the target group we are addressing and take this into account when selecting advertisements. For example, after you have visited our site, you may be shown adverts for the products or services you have consulted when you visit other sites (re-targeting). Depending on the scope of the data, a user profile may also be created that is automatically evaluated, with the ads being selected according to the information stored in the profile, such as the affiliation to certain demographic segments or potential interests or behaviours. Such adverts may be displayed to you on various channels, including our website or app (as part of on-site and in-app marketing) as well as adverts placed via the online advertising networks we use, such as Google.

The data can then be analysed for the purpose of billing the service provider and assessing the effectiveness of advertising measures in order to better understand the needs of our users and customers and improve future campaigns. This may also include the information that the performance of an action (e.g. visiting certain sections of our websites or sending information) is attributable to a specific advert. We also receive aggregated reports from the service providers on advertising activities and information on how users interact with our website and our adverts.

The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by rejecting or switching off the relevant cookies in the settings of your web browser (see section 6.2). Further options for blocking advertising can also be found in the information provided by the respective service provider, e.g. Google.

6.5.2 Google Ads

This website uses the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google) for online advertising, as explained in section 6.6.1. Google uses cookies for this purpose (see the list here), which enable your browser to be recognised when you visit other websites. The information generated by the cookies about your visit to these websites (including your IP address) is transmitted to a Google server in the USA and stored there (see, in particular, the lack of an adequate level of data protection and the guarantees provided, sections 5.2 and 5.3). Further information on data protection at Google can be found here.

The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by rejecting or switching off the relevant cookies in the settings of your web browser (see section 6.2). You can find further options for blocking advertising here.

7. retention periods

We only store personal data for as long as is necessary to carry out the processing described in this privacy policy within the scope of our legitimate interest. In the case of contract data, storage is prescribed by statutory retention obligations. Requirements that oblige us to store data result from the provisions on accounting and from tax regulations. According to these regulations, business communication, concluded contracts and accounting documents must be stored for up to 10 years. If we no longer need this data to perform the services for you, the data will be blocked. This means that the data may only be used if this is necessary for the fulfilment of retention obligations or for the defence and enforcement of our legal interests. The data will be deleted as soon as there is no longer an obligation to retain it and there is no longer a legitimate interest in retaining it.

8. data security

We use suitable technical and organisational security measures to protect your personal data stored by us against loss and unlawful processing, in particular unauthorised access by third parties. Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and to respect data protection. Furthermore, these persons are only granted access to personal data to the extent necessary for the fulfilment of their tasks.

Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always harbours certain security risks and we therefore cannot provide an absolute guarantee for the security of information transmitted in this way.

9. Your rights

If the legal requirements are met, you have the following rights as a data subject affected by data processing:

Right to information: You have the right to request access to your personal data stored by us at any time free of charge if we process it. This gives you the opportunity to check what personal data we process about you and whether we process it in accordance with the applicable data protection regulations.

Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will also inform the recipients of the data concerned about the adjustments we have made, unless this is impossible or involves disproportionate effort.

Right to erasure: You have the right to have your personal data erased under certain circumstances. In individual cases, particularly in the case of statutory retention obligations, the right to erasure may be excluded. In this case, the data may be blocked instead of erased if the conditions are met.

Right to restriction of processing: You have the right to request that the processing of your personal data be restricted.

Right to data portability: You have the right to receive from us, free of charge, the personal data that you have provided to us in a readable format.

Right to object: You can object to data processing at any time, particularly in the case of data processing in connection with direct marketing (e.g. marketing emails).

Right to withdraw consent: You generally have the right to withdraw your consent at any time. However, processing activities based on your consent in the past are not rendered unlawful by your revocation.

To exercise these rights, please send us an email to the following address: daniel.hahne@bluewin.ch

Right to lodge a complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g. against the way in which your personal data is processed.