Privacy Policy
The Brecon AG
A. Cross-channel notes
1. Responsible person and content of this privacy policy
We, The Brecon AG (Dorfstrasse 88, 3715 Adelboden, Schweiz) are operator of the hotel The Brecon (hereinafter "Hotel") and the website www.thebrecon.com (hereinafter "Website") and are responsible for the data processing operations set out in this privacy policy unless otherwise stated.
In order to know what personal data we collect from you and for what purposes we use it, please take note of the information below. When it comes to data protection, we are guided primarily by the legal requirements of Swiss data protection law, in particular the Federal Data Protection Act (FADP), as well as the EU Data Protection Regulation (GDPR), the provisions of which may be applicable in individual cases.
Swiss law applies to data subjects domiciled in Switzerland. References to the GDPR refer only to data subjects to whom the GDPR applies on the basis of Art. 3 GDPR. If data processing subject to Swiss law requires a justification, references to consent, legitimate interest, necessity for the performance of a con-tract or a legal basis are to be understood as references to the corresponding justification grounds under Swiss law.
Please note that the following information may be reviewed and amended from time to time. We there-fore recommend that you consult this privacy policy on a regular basis. Furthermore, other companies are responsible under data protection law for individual data processing operations listed below or are jointly responsible with us, so that in these cases the information provided by these providers is also applicable.
2. Contact person for data protection
If you have any questions about data protection or wish to exercise your rights, please contact our data protection contact by sending an e-mail to the following address:
[email protected].
You can reach our EU data protection representative at:
VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
[email protected]
3. Your rights
Provided that the legal requirements are met, you have the following rights as a person whose data is processed:
Right to information: You have the right to request access to your personal data stored by us at any time, free of charge, if we are processing it. This gives you the opportunity to check what personal data we are processing about you and that we are using it in accordance with the applicable data protection regulations.
Right to correction: You have the right to have incorrect or incomplete personal data corrected and to be informed about the correction. In this case, we will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort. If neither the correctness nor the incorrectness of personal data can be established, you also have the right to have a notice of dispute made, provided that the Swiss FADP is applicable.
Right to deletion: You have the right to have your personal data deleted under certain circumstances. In individual cases, especially in the case of legal retention obligations, the right to deletion may be excluded. In this case, the deletion may be replaced by a blocking of the data if the conditions are met.
Right to restrict processing: You have the right to request that the processing of your personal data be restricted.
Right to data transfer: In certain circumstances, you have the right to receive from us, free of charge, the personal data that you have provided to us in a readable format. However, you only have this right to data transfer if we have processed your personal data based on your consent or for the performance of a contract.
Right of objection: You can object to data processing at any time, in particular for data processing in connection with direct advertising (e.g. advertising e-mails). In individual cases, data processing may nevertheless be continued, e.g. because we have a legitimate interest in continued processing or are legally obliged to do so.
Right of withdrawal: In principle, you have the right to withdraw your consent at any time. However, processing activities based on your consent in the past do not become unlawful as a result of your withdrawal.
To exercise these rights, please send us an e-mail to the following address: [email protected]
Right of complaint: You have the right to file a complaint with a competent supervisory authority, e.g. against the way your personal data is processed.
4. Data security
We use appropriate technical and organisational security measures to protect your personal data stored with us against loss and unlawful processing, namely unauthorised access by third parties. Our employ-ees and the service companies commissioned by us are obliged by us to maintain confidentiality and data protection. Furthermore, these persons are only granted access to the personal data to the extent necessary for the fulfilment of their tasks.
Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks and even we cannot provide an absolute guarantee for the security of information transmitted in this way.
5. Contacting us
If you contact us via our contact addresses and channels (e.g. by e-mail, telephone or contact form), your personal data will be processed. The data you have provided us with, e.g. the name of your company, your name, your function, your e-mail address or telephone number and your request, will be processed. In addition, the time of receipt of the request is documented. Mandatory information is marked with an asterisk (*) in contact forms.
We process this data exclusively in order to implement your request (e.g. providing information about our hotel, support in the processing of contracts such as questions about your booking, incorporating your feedback into the improvement of our service, etc.). The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the implementation of your request or, if your request is directed towards the conclusion or execution of a contract, the necessity for the implementation of the necessary measures within the meaning of Art. 6 para. 1 lit. b GDPR.
6. Use of your data for marketing purposes
Insofar as a clear reference to your person is possible, we will store and link the data described in this privacy policy, i.e. in particular your personal details, your contact details, your contract details and your surfing behaviour on our websites, in a central database. This serves the efficient administration of customer data and allows us to adequately respond to your requests and enables the efficient provision of the services you have requested and the processing of the associated contracts. The legal basis for this data processing is our legitimate interest in the efficient management of user data within the meaning of Art. 6 para. 1 lit. f GDPR.
We analyse this data in order to further develop our offers in a needs-oriented manner and to display and suggest the most relevant information and offers to you. We also use methods that predict possible interests and future orders based on your website usage. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in carrying out marketing measures.
6.2 E-mail marketing and newsletters
When you register for our e-mail newsletter, the following data is collected. Mandatory data is marked with an asterisk (*) in the registration form:
- E-mail address
In order to avoid misuse and to ensure that the owner of an e-mail address has actually given his/her consent, we use the so-called double opt-in for registration. After sending the registration, you will receive an e-mail from us containing a confirmation link. In order to definitely register for the newsletter, you must click on this link. If you do not click on the confirmation link within the specified period, your data will be deleted again and our newsletter will not be sent to this address.
By registering, you consent to the processing of this data in order to receive messages from us about our hotel and related information about products and services. This may also include invitations to participate in prize draws or to evaluate one of the aforementioned products and services. The collection of the title and name allows us to verify the allocation of the registration to a possibly already existing customer account and to personalise the content of the mails. The link to a customer account helps us to make the offers and content in the newsletter more relevant to you and better tailored to your potential needs.
We will use your data for e-mailing until you revoke your consent. Withdrawal is possible at any time, in particular via the unsubscribe link in all our marketing emails.
Our marketing e-mails may contain a so-called web beacon or 1x1 pixel (tracking pixel) or similar technical aids. A web beacon is an invisible graphic that is linked to the user ID of the respective newsletter subscriber. For each marketing e-mail sent, we receive information on which addresses have not yet received the e-mail, to which addresses it was sent and for which addresses the sending failed. We also see which addresses have opened the e-mail, for how long and which links they have clicked on. Finally, we also receive information about which addresses have unsubscribed. We use this data for statistical purposes and to optimise the promotional e-mails in terms of frequency, timing, structure and content. This allows us to better tailor the information and offers in our e-mails to the individual interests of the recipients.
The web beacon is deleted when you delete the e-mail. To prevent the use of the web beacon in our marketing e-mails, please set the parameters of your e-mail program so that HTML is not displayed in messages if this is not already the case by default. See the help sections of your e-mail software for in-formation on how to configure this setting, e.g. here for Microsoft Outlook.
By subscribing to the newsletter, you also consent to the statistical evaluation of user behaviour for the purpose of optimising and adapting the newsletter. This consent constitutes our legal basis for the processing of the data within the meaning of Art. 6 para. 1 lit. a GDPR.
We use Campaign Monitor Pty Ltd's e-mail marketing software Campaign Monitor (https://www.campaignmonitor.com/company/) for marketing e-mails. Therefore, parts of your data are stored in a database of Campaign Monitor Pty Ltd, which allows Campaign Monitor Pty Ltd to access your data when necessary to provide the software and to assist you in using the software. The legal basis for this processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the use of third-party services.
7. Disclosure to and access by third parties
Without the support of other companies, we would not be able to provide our services in the desired form. In order for us to be able to use the services of these companies, it is also necessary to pass on your personal data to a certain extent. Such disclosure takes place in particular insofar as this is necessary for the performance of the contract requested by you, i.e. e.g. to restaurants or other third-party providers for which you have made a reservation. The legal basis for these disclosures is the necessity for the fulfillment of the contract within the meaning of Art. 6 para. 1 lit. b GDPR.
Collaboration with 7's AG
To provide our services, we collaborate with 7's AG, Dorfstrasse 69, 3715 Adelboden. 7's AG acts as an external service provider for various administrative tasks such as finance, marketing, human resources, and revenue management. As part of this collaboration, 7's AG has access to the hotel's data and soft-ware to perform the contracted services. The processing of data by 7's AG is based on a data processing agreement in accordance with Art. 28 GDPR, ensuring that your personal data is processed in compliance with applicable data protection regulations.
7's AG is contractually obligated to keep the data confidential and to use it only for the agreed purposes. They have also implemented appropriate technical and organizational measures to ensure the security of your data.
If you have any questions about the processing of your personal data by 7's AG or wish to exercise your related rights, please contact our data protection officer at [email protected].
Furthermore, data is passed on to selected service providers and only to the extent necessary for the provision of the service. Various third-party service providers are also explicitly mentioned in this privacy policy, e.g. in the sections on marketing. These are, for example, IT service providers (such as providers of software solutions), advertising agencies and consultancies. In addition, we pass on your data to companies affiliated with us in the group (cf. imprint) and to partner hotels if, for example, you request a service from a partner hotel. The legal basis for this data transfer is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in obtaining third-party services.
In addition, your data may be passed on, in particular to authorities, legal advisors or debt collection companies, if we are legally obliged to do so or if this is necessary to protect our rights, in particular to enforce claims arising from our relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof and such disclosure is necessary to carry out due diligence or to complete the transaction. The legal basis for this data transfer is our legitimate interest with-in the meaning of Art. 6 para. 1 lit. f GDPR in the protection of our rights and compliance with our obligations or the sale of our company.
8. Transfer of personal data abroad
We are also entitled to transfer your personal data to third parties abroad if this is necessary to carry out the data processing mentioned in this privacy policy (see in particular sections 12-15). In doing so, the legal provisions on the disclosure of personal data to third parties will of course be complied with. If the country in question does not have an adequate level of data protection, we guarantee through contractual regulations that your data is adequately protected at these companies.
If data to which the Swiss FADP applies is disclosed in EU states or EEA states, this is done on the basis of a decision on the adequacy of the level of data protection by the competent Swiss authority.
We also work together with service providers from the USA. For the sake of completeness, we would like to point out to users resident or domiciled in Switzerland or the EU/EEA that there is no level of data protection in the USA comparable to that in Switzerland or the EU/EEA. In particular, the USA does not grant data subjects from Switzerland or the EU/EEA any legal remedies that allow them to obtain access to the data concerning them and to obtain its correction or deletion, and there is no effective judicial le-gal protection against access rights of US authorities.
Unless otherwise indicated, the transfer of data to companies in the USA is based on standard contractual clauses of the EU Commission approved by the EU Commission or recognised as appropriate by the FDPIC. Standard contractual clauses are written commitments by the US company that can serve as a basis for data transfers from the EU or Switzerland to third countries such as the US by providing appropriate data protection guarantees.
9. Storage periods
We only store personal data for as long as necessary to carry out the processing explained in this priva-cy policy within the scope of our legitimate interest. In the case of contractual data, storage is required by statutory retention obligations. Requirements that oblige us to retain data result from the provisions on accounting and from tax law regulations. According to these regulations, business communication, concluded contracts and accounting vouchers must be stored for up to 10 years. As soon as we no longer need this data to perform services for you, the data will be blocked. This means that the data may then only be used if this is necessary to fulfil the retention obligations or to defend and enforce our legal interests. The data will be deleted as soon as there is no longer a retention obligation and no longer a legitimate interest in retaining the data.
B. Special information for our website
Privacy Policy11. Order via our online shop
On our website you have the opportunity to order vouchers and gift cards. For this purpose, we collect the following data, whereby mandatory data are marked with an asterisk (*) in the corresponding form:
- Gender and Title
- First name
- Surname
- Company
- Street and house number
- Address suffix
- Postcode
- City
- Country
- Telephone number
- Date of birth
- Payment method
- Shipping method
- Alternative address
- Yes, I would like to subscribe to your newsletter.
- I confirm that the information provided is correct and I have read and accept the General Terms and Conditions and the Privacy Policy.
We use this data and other data voluntarily provided by you only to process your order in accordance with your wishes. The processing of this data is therefore carried out in accordance with Art. 6 para. 1 lit. b GDPR for the implementation of pre-contractual measures as well as for the execution of a contract.
12. Booking on the website, by correspondence or by telephone call
When you make bookings or order vouchers either via our website, by correspondence (e-mail or letter post) or by telephone call, we collect the following data, with mandatory data marked with an asterisk (*) in the relevant form:
- First name
- Surname
- Street and no.
- Postcode
- City
- Country
- E-mail address
- Telephone number
- Language
- Additional details and settings
- Credit card information
We will only use this data and other information voluntarily provided by you (e.g. expected arrival time, motor vehicle registration plate, preferences, remarks) to process the contract, unless otherwise stated in this privacy policy or you have separately consented to this. We will process the data, for example, in order to record your booking as requested, to provide the booked services, to contact you in the event of any uncertainties or problems and to ensure correct payment. Your credit card details will be automat-ically deleted after your departure.
The legal basis for data processing for this purpose is the fulfillment of a contract according to Art. 6 pa-ra. 1 lit. b GDPR or your consent according to Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future.
13. Online payment processing
If you make chargeable bookings or purchase products on our website, depending on the product or service and the desired method of payment - in addition to the information mentioned in section 18 or section 19 - the provision of further data is required, such as your credit card information or the login to your payment service provider. This information, as well as the fact that you have purchased a service from us for the amount and at the time in question, will be forwarded to the respective payment service providers (e.g. providers of payment solutions, credit card issuers and credit card acquirers). Please al-ways refer to the information provided by the respective company, in particular the data protection statement and the general terms and conditions. The legal basis for this transfer is the fulfillment of a contract in accordance with Art. 6 para. 1 lit. b GDPR.
14. Application for a vacant position
You have the option of applying to us spontaneously via a corresponding e-mail address or through our job portal for a specific job advertisement. This job portal is managed by 7's AG, Dorfstrasse 69, 3715 Adelboden, and the software is provided by Rexx (https://jobs.7s-ag.com). In this context, 7's AG has access to your application data to support the application process.
We use this and other data you provide voluntarily to review your application. Application documents of unsuccessful applicants are deleted at the end of the application process, unless you explicitly agree to a longer retention period or we are legally obliged to retain them for a longer period.
The legal basis for the processing of your data for this purpose is therefore the execution of a contract (pre-contractual phase) in accordance with Art. 6 para. 1 lit. b GDPR.
C. Data processing in connection with your stay
15. Data processing for the fulfillment of legal reporting obligations
Upon arrival at our hotel, we may require the following information from you and your accompanying per-sons (mandatory legal information is marked *):
- First name and Surname
- Address
- Date of birth
- Nationality
- Official identification card and number
- Vehicle registration plate
- E-mail address
- Telephone number
- Number of accompanying persons / guests / names of guests
- Arrival and departure day
We collect this information in order to comply with legal reporting obligations, which arise in particular from hospitality or police law. Insofar as we are obliged to do so under the applicable regulations, we forward this information to the competent police authority.
For automatic guest registration with the tourism destination, we use the services of FRIVA Digital Solutions GmbH, Brehmweg 14/2, 2201 Gerasdorf.
The processing of this data is based on a legal obligation within the meaning of Art. 6 para. 1 lit. c GDPR.
16. Recording of purchased services
If you purchase additional services during your stay (e.g. wellness, restaurant, activities), we will record the subject of the service and the time of the service purchase for billing purposes. The processing of this data is necessary in the sense of Art. 6 para. 1 lit. b GDPR for the processing of the contract with us.
17. Guest feedback
If you have given us your e-mail address in connection with your booking, you will receive an electronic form after departure. For this purpose, we collect the following data, whereby mandatory data are marked with an asterisk (*) in the corresponding form:
- First name and Surname
- Age
- Nationality
- Duration and date of stay
The information provided is voluntary and serves us to continuously improve our offer and our services and to adapt them to your needs. We will generally use the information provided for statistical purposes, unless otherwise stated in this privacy policy or you have separately consented to this. We may also process the data in order to contact you.
For the aforementioned purposes, the legal basis of the processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
18. Video surveillance
In order to prevent misuse and to take action against illegal behaviour (especially theft and damage to property), the entrance area and the publicly accessible areas of our hotel are monitored by cameras. The image data is only viewed if there is a suspicion of illegal behaviour. Otherwise, the images are au-tomatically deleted after 72 hours.
For the provision of the video surveillance system, we rely on a service provider who may have access to the data insofar as this is necessary for the provision of the system. Should the suspicion of illegal con-duct be substantiated, the data may then be passed on to consulting companies (in particular our law firm), insurance companies as well as authorities to the extent necessary for the enforcement of claims or the filing of charges.
The legal basis is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in protecting our property and safeguarding and enforcing our rights.
19. Use of our WiFi network
In our hotel, you have the opportunity to use the WiFi network operated by Fischer ICT GmbH (Dorf-strasse 2, 3715 Adelboden) free of charge. To prevent misuse and to take action against illegal behav-ior, prior registration is required. In this process, you will transmit the following data to Fischer ICT GmbH: MAC address of the device (automatically)
In addition to the aforementioned data, each time the WiFi network is used, data regarding the visited hotel, including time, date, and device, is collected. The legal basis for this processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. The customer can revoke their registration at any time by no-tifying us.
20. Payment processing
When you purchase products or services or pay for your stay in our hotel using electronic means of payment, the processing of personal data is required. By using the payment terminals, you transmit the information stored in your means of payment, such as the name of the cardholder and the card number, to the payment service providers involved (e.g. providers of payment solutions, credit card issuers and credit card acquirers). They also receive the information that the means of payment was used in our ho-tel, the amount and the time of the transaction. Conversely, we only receive the credit note for the amount of the payment made at the corresponding time, which we can assign to the relevant voucher number, or information that the transaction was not possible or was cancelled. Please always refer to the information provided by the respective company, in particular the data protection declaration and the general terms and conditions. The legal basis for this transmission is the fulfillment of the contract with you according to Art. 6 para. 1 lit. b GDPR.