• Data protection

Data protection policy of clubhotel.ch

For the Club Hotel Davos, the Data Protection Officer (DPO) in accordance to the EU General Data Protection Regulation (GDPR), other national data protection laws of the EU member states and the Swiss data protection regulations, is:

Claudia Stiffler
Promenade 23
CH-7270 Davos Platz

Content

1 Translation and validity 
2 Legal basis for EU citizens 
3 Legal basis for Swiss citizens 
4 Applicable law 
5 Purposes and extent of data processing by the hotel and third parties 
6 Changes to our data protection and privacy policy 
7 Questions to the data protection officer 
8 Domain names and web addresses (URLs)
9 Duration of storage, data deletion or blocking of data 
10 Collection of general information when you visit our website 
10.1 Logfiles 
10.1.1 Scope of processing of personal data 
10.1.2 Legal basis for the processing of personal data 
10.1.3 Purpose of data processing 
10.1.4 Duration of data storage 
10.1.5 Possibility of objection and data elimination 
10.2 Cookies 
10.2.1 Scope of the processing of personal data 
10.2.2 Legal basis for the processing of personal data 
10.2.3 Purpose of data processing 
10.2.4 Duration of data storage, possibility and options of objection and data elimination 
11 Enforcement of rights / data transfer of data to third parties 
11.1 Scope of the processing of personal data 
11.2 Legal basis for the processing of personal data 
11.3 Purpose of data processing 
11.4 Duration of storage 
11.5 Possibility of opposition and removal
12 Booking system
12.1 Scope of the processing of personal data
12.2 Legal basis for the processing of personal data
12.3 Purpose of data processing
12.4 Duration of data storage, possibility and options of objection and data elimination
13 Providing of fee-based services
13.1 Scope of the processing of personal data
13.2 Legal basis for the processing of personal data
13.3 Purpose of data processing
13.4 Duration of data storage
13.5 Possibility and options of objection and data elimination
14 SSL-Encryption
15 Reservation Request
15.1 Scope of processing of personal data
15.2 Legal basis for the processing of personal data
15.3 Purpose of data processing
15.4 Duration of data storage
15.5 Possibility and options of objection and data elimination
16 Customer reviews and comments
16.1 Scope of processing of personal data
16.2 Legal basis for the processing of personal data
16.3 Purpose of data processing
16.4 Duration of data storage
16.5 Possibility and options of objection and data elimination 
17 Contact form 
17.1 Scope of processing of personal data
17.2 Legal basis for the processing of personal data
17.3 Purpose of data processing
17.4 Duration of data storage
17.5 Possibility and options of objection and data elimination
18 Usage of Script libraries (Google Webfonts)
18.1 Scope of processing of personal data
18.2 Legal basis for the processing of personal data
18.3 Purpose of data processing
18.4 Duration of data storage
18.5 Possibility and options of objection and data elimination
19 Usage of Google Maps (maps.google.com)
19.1 Scope of processing of personal data
19.2 Legal basis for the processing of personal data
19.3 Purpose of data processing
19.4 Duration of data storage
19.5 Possibility and options of objection and data elimination
20 Your rights as a party concerned
20.1 Right of information
20.2 Right of access by the data subject
20.3 Right to rectification
20.4 Right to erasure (“right to be forgotten”)
20.5 Right to limit processing
20.6 Right to data portability
20.7 Right to object
20.8 Automated decisions in individual cases including profiling
20.9 Right to revoke consent under data protection law

1 Translation and validity

This English version is translated from the German version of the data protection and privacy policy. If there is any doubt about the scope and meaning of any particular paragraph, please refer to the German version as that is the legally binding data protection and privacy policy for any topic regarding your data and data processing within the Club Hotel. This English version is for your up-front information only.

2 Legal basis for EU citizens

Statute

in regards to:

Art. 6(1)(a) GDPR

our requesting your consent for the processing of your personal data

Art. 6(1)(b) GDPR

processing of your personal data in order to fulfil a contract between you and the Club Hotel. This also includes the processing procedures that are necessary to carry out pre-contractual activities.

Art. 6(1)(c) GDPR

when the processing of personal data is necessary to fulfil a legal obligation to which our company is subject

Art. 6(1)(d) GDPR

where your vital interests or those of another natural person require the processing of personal data

Art. 6(1)(f) GDPR

when processing is necessary to safeguard a legitimate interest of our company or a third party and when your interests, fundamental rights and freedoms do not outweigh the former interest.

Art. 6(1)(f) GDPR

the temporary storage of data resulting from your visit to our website on the web server and the log files and cookies generated by the web server

DE: §147 AO, §257 HGB,

CH: Art. 957 OR, Art. 962 OR

§147 AO, §257 HGB (German Commercial Code) are the two German standards which define the storage period for your digital (electronic) or analogue, e.g. on paper, stored data. These storage periods are a period of 10 or 6 years, depending on the type of data stored.

In Switzerland, this is regulated by the OR in Art. 957 OR and Art. 962 OR.

If we request the consent of the data subject for the processing of their personal data, the legal basis applied is Art. 6(1)(a) GDPR.

Article 6(1)(b) GDPR applies to the processing of the data subject's personal data in order to fulfil a contract between Club Hotel and the data subject. This also includes the processing procedures that are necessary to carry out pre-contractual activities.

If the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6(1)(c) GDPR applies as the legal basis.

Where the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6(1)(f) GDPR constitutes the legal basis for processing.

The legal basis for the temporary storage of data resulting from your visit to our website on the web server and the log files and cookies generated by the web server is Art. 6(1)(f) GDPR.

The storage period for your data stored digitally (electronically) or analogically, e.g. on paper, is governed by §147 AO and §257 HGB and has a period of 10 or 6 years, depending on the type of data stored. After expiry of these statutory periods, the data will be deleted and cannot be restored.

3 Legal basis for Swiss citizens

The legal basis for the processing of personal data by Club Hotel, Du Midi AG and their contract processors is generally Article 13(2)(a) DSG (processing in direct connection with the conclusion or execution of a contract) and Article 13 (1) DSG (consent of the data subject or obligation to process by law).

In cases in which we wish to refuse to conclude contracts with data subjects in the future due to misuse, non-payment or similar legitimate reasons, we reserve the right to store the surname, first name, address and e-mail address of a data subject as well as the personal data relating to the circumstances of the relevant case in our own interest on the basis of Article 13(1) DSG.

In Art. 957 OR and Art. 962 OR, the Swiss OR regulates the retention periods for data and documents that prove the financial situation of the business and allow the results of the individual financial years to be determined. This includes, among other things, invoices issued to guests.

For Swiss citizens, the current version of the Federal Act on Data Protection (DSG) applies:

https://www.admin.ch/opc/de/classified-compilation/19920153/index.html

4 Applicable law

This Privacy Policy and the contracts concluded on the basis of or in connection with this Privacy Policy shall be governed by Swiss law, unless the application of the laws of another country is mandatory.

The place of jurisdiction is Club Hotel, Du Midi AG, unless another place of jurisdiction is mandatory.

5 Purposes and extent of data processing by the hotel and third parties

We process your personal data only for the purposes stated in this data protection declaration. Your personal data will not be passed on to third parties for purposes other than those mentioned. We will only pass on your personal data to third parties if:

  • you have given your explicit consent,
  • processing is necessary to conclude a contract with you,
  • processing is needed to carry out a contract with you,
  • processing is required to fulfil a legal obligation,
  • processing is necessary to protect legitimate interests
  • and there is no reason to believe that you have an outweighing interest worthy of protection in not disclosing your data.

6 Changes to our data protection and privacy policy

We reserve the right to adapt this data protection policy so that it always complies with current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration will then apply for your next visit.

7 Questions to the data protection officer

If you have any questions about data protection, please write us an e-mail or directly contact our data protection officer:

Claudia Stiffler
info@clubhotel.ch
+41 (0)81 414 91 00

8 Domain names and web addresses (URLs)

Many web browsers today are able to translate web addresses, also called URLs, in short and long form and to direct the user to the corresponding internet offers. Therefore, the URL clubhotel.ch is identical to the URL www.clubhotel.ch. Both formats can be used in this data protection policy and the policy always refers to both formats.

9 Duration of storage, data deletion or blocking of data

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as provided for in the various storage periods provided for by law. After the expiration of the purpose and/or of these periods the corresponding data is blocked or deleted routinely and according to legal regulations.

10 Collection of general information when you visit our website

When you access our website, general information is automatically collected and stored using cookies and web server-side log files. This information includes the type of web browser, the operating system used, the domain name of your Internet service provider and similar information. This is strictly information that does not allow any conclusions to be drawn about you personally.

This information is technically necessary in order to correctly deliver the content you have requested from websites and is essential when using the Internet. It is processed in particular for the following purposes:

  • Ensuring a trouble-free connection to our website,
  • Ensuring a smooth use of our website,
  • evaluation of system security and stability as well as
  • for other administrative purposes.

The processing of your personal data is based on our legitimate interest in the aforementioned purposes for data collection. We do not use your data to draw conclusions about your person. The recipients of the data are only the responsible party and, if applicable, the contract processor.

Anonymous information of this kind may be statistically evaluated by us in order to optimize our Internet presence and the technology behind it.

10.1 Logfiles

10.1.1 Scope of processing of personal data

Every time you visit our website, our system automatically collects data and information from the computer system of the retrieving computer. The following data is collected:

  • information about the browser type and version used
  • the user's operating system
  • the user's Internet service provider
  • the IP address of the user
  • date and time of access
  • websites from which the user's system reaches our website
  • websites accessed by the user's system through our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

10.1.2 Legal basis for the processing of personal data

The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.

10.1.3 Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this the IP address of the user must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These are also the purposes for which we have a legitimate interest in data processing under Art. 6(1)(f) GDPR.

10.1.4 Duration of data storage

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this the IP address of the user must remain stored for the duration of the session.

If the data is stored in log files, this data is deleted after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an identification of the calling client is no longer possible.

10.1.5 Possibility of objection and data elimination

The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

10.2 Cookies

10.2.1 Scope of the processing of personal data

Our website and the following websites that can be reached through our website use cookies:

  • dirs21.de
  • whatbrowser.org
  • facebook.com
  • google.de
  • google.com
  • davos.ch
  • customer-alliance.com
  • booking.com

Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system and are retrieved by the web server. If a user calls up a website, a cookie can be stored locally on the user's computer system or it can be retrieved again by the web server.

These cookies contain a characteristic character string, the so-called session ID, which makes it possible to uniquely identify the browser when the website is accessed again.

Our website and the websites you can access trough it use cookies to make browsing more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is stored and transmitted in the above mentioned cookies:

  • PHPSESSIONID -> A uniquely identifiable string (combination of characters), so we know if you are still active on our site.

We accept no responsibility under data protection law for cookies on pages integrated into our site or pages that can be accessed via our website (third party cookies). We would like to point out that you can ask the respective providers for their data protection policies. You should find relevant information on their websites.

Of course, you can also view our website without cookies. Internet browsers are regularly set to accept cookies.

10.2.2 Legal basis for the processing of personal data

The legal basis for the processing of personal data using cookies is Art. 6 (1)(f) GDPR.

10.2.3 Purpose of data processing

The purpose of using cookies is to simplify the use of websites for users. Some functions of our website could not be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.

The user data collected by us through cookies is not used to create user profiles.

For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Art. 6 (1)(f) GDPR.

10.2.4 Duration of data storage, possibility and options of objection and data elimination

You can deactivate the use and thus the sending of cookies from any web server to your computer at any time via the settings of your browser. Please use the help functions of your Internet browser to find out how you can change these settings. Please note that some features of our website may not work if you have disabled the use of cookies.

Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user also have full control over the use of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically.

11 Enforcement of rights / data transfer of data to third parties

11.1 Scope of the processing of personal data

The data we disclose in the event of a breach of law, non-payment, manipulation, misuse or to enforce our rights are, if available:

  • surname, first name
  • address
  • reason for disclosure
  • booking and invoice details
  • further data for the reporting and clarification of the facts depending on the specific case.

11.2 Legal basis for the processing of personal data

The legal basis for the processing of personal data is Art. 6 (1)(f) GDPR.

11.3 Purpose of data processing

We will pass on your personal data if this is necessary to enforce our rights, in particular to enforce claims arising from the relationship between you and the Club Hotel in the event of misuse or non-payment. In this case, your data may be sent for example to collection agencies, authorities or lawyers.

11.4 Duration of storage

The storage period of your data depends on the legal requirements and is 10 years for data necessary for invoicing and contract conclusion (Art. 962 OR, §147 AO and §257 HGB). For all other data it is 6 years.

11.5 Possibility of opposition and removal

An objection possibility or deletion possibility do not exist before expiry of the indicated periods for storage.

12 Booking system

12.1 Scope of the processing of personal data

If you make a booking or reservation via our website, you will be redirected to the Dirs21 website (external service provider). The data you enter is therefore collected and stored by an external service provider (https://www.dirs21.de). The privacy policy of Dirs21 can be viewed here: https://www.dirs21.de/disclaimer/

It may be that Dirs21.de collects different and further data from you than stated below. This can be done through so-called script libraries, cookies, social plugins and other methods. We have no influence on what data is collected and stored there, nor can we estimate what happens or will happen in future to your data outside the process described here.

Please note that you do not have to use our booking system. You can also send us your request directly by e-mail or telephone.

If you use our booking system, your data will be sent to us via e-mail from the external service provider. You will then receive a confirmation email from us in which your data will be used again.

Depending on your input at the time of booking, the following data will be transmitted to Dirs21:

  • booking number
  • date the booking was made
  • booked using: clubhotel.ch
  • travel period
  • daily rate
  • reason for travel
  • room
    • quantity
    • number of days
    • number of guests
    • unit price
    • subtotal
  • type of salutation
  • first name
  • surname
  • company
  • street
  • zip code
  • city
  • country
  • phone number
  • fax number
  • mobile phone number
  • email
  • remarks
  • desired arrival time
  • names of guests arriving
  • invoiced amount
  • credit card information
    • number
    • CCV
    • name
    • type
    • expiration date

12.2 Legal basis for the processing of personal data

The processing of the data required for the conclusion of this accommodation contract is carried out in accordance with Art. 6(1)(b) DSGVO.

For the storage of the data relevant to contracts or invoices and their storage periods, the legal basis is §147 AO and §257 HGB.

12.3 Purpose of data processing

The data collection and storage is carried out with the aim and purpose of fulfilling your reservation or booking request.

12.4 Duration of data storage, possibility and options of objection and data elimination

The storage period of your data is 10 years (§147 AO and §257 HGB) for data required for invoicing and contract conclusion. For all other data it is 6 years.

There is no possibility of objection and deletion before the specified periods for storage have expired.

13 Providing of fee-based services

13.1 Scope of the processing of personal data

Depending on your input, the following data will be stored:

  • booking number
  • date the booking was made
  • booked using: clubhotel.ch
  • travel period
  • daily rate
  • reason for travel
  • room
    • quantity
    • number of days
    • number of guests
    • unit price
    • subtotal
  • type of salutation
  • first name
  • surname
  • company
  • street
  • zip code
  • city
  • country
  • phone number
  • fax number
  • mobile phone number
  • email
  • remarks
  • desired arrival time
  • names of guests arriving
  • invoiced amount
  • credit card information
    • number
    • CCV
    • name
    • type
    • expiration date

Please refer to the section Reservation request for further data that might be stored.

13.2 Legal basis for the processing of personal data

The processing and storage of the data is necessary for the conclusion of the contract. Art. 6 (1)(b) GDPR serves as authorisation standard for data processing.

13.3 Purpose of data processing

The data processing serves the purpose of fulfilling reservation request. Once the contract is concluded, the data processing serves the purpose of fulfilling the legal provisions (duty of proof, obligation to keep records, obligation to keep accounts).

13.4 Duration of data storage

The storage of your data in case of a reservation request is the number of days until a reservation is made, until you withdraw from your request or until we refuse it. These is usually a period of 10 working days. If a reservation is made, the legal retention period is six years. The booking data itself must be kept for 10 years.

13.5 Possibility and options of objection and data elimination

When a reservation or booking is made, there are no options for objection or removal.

You can object to the storage of your data at any time until the reservation is confirmed and request its deletion. Please send an e-mail to the e-mail address of the data protection officer afore mentioned.

14 SSL-Encryption

To protect the security of your data during electronic transmission, we use modern encryption methods (e.g. SSL/TSL, HTTPS).

15 Reservation Request

15.1 Scope of processing of personal data

The following data can be collected:

  • Date of arrival
  • Date of departure
  • Number of adults
  • Number of children
  • Company name
  • First name
  • Last name
  • Street name and house number
  • Zip code
  • City
  • Country
  • Phone number
  • Email address
  • Need of a garage (Yes/No)
  • Desired room category
  • Free text for your extra requirements/comments
  • Security question

The following data will at least be collected in order to process your request:

  • Date of arrival
  • Date of departure
  • Number of adults
  • First name
  • Last name
  • Street name and house number
  • City
  • Email address
  • Security question

15.2 Legal basis for the processing of personal data

For the processing of your personal data, which is necessary for the fulfilment of a contract with you, Art. 6(1)(b) GDPR serves as legal basis. This also applies to the processing of reservation requests, which are part of the "processing procedures for implementing pre-contractual measures".

15.3 Purpose of data processing

On the basis of the data from the reservation request, we are able to inform you whether room capacities are still available on the desired dates and periods. If this is the case, we will send you a confirmation email with a quotation based on your details. Afterwards, the offer is stored by us to comply with our legal obligations.

15.4 Duration of data storage

The data of the reservation request will be stored until the reservation request is processed. Usually this is a period of less than 2 days if we cannot confirm your reservation. In the event of confirmation (offer), we are bound by the statutory retention period. Once the period has elapsed, the data will be irrevocably deleted.

15.5 Possibility and options of objection and data elimination

As long as we haven't sent you a confirmation (offer), you can exercise your right to objection and removal of your personal data at any time. Please send an e-mail to the aforementioned e-mail address. If you have received a confirmation (offer) from us, we are bound by the statutory periods. Consequently, there is no possibility of objection.

16 Customer reviews and comments

16.1 Scope of processing of personal data

Users and guests can leave rating comments for our website and our hotel on the following services on the Internet:

  • Customer Alliance
  • Expedia
  • Facebook
  • Google
  • HolidayCheck
  • de
  • com
  • HRS
  • ru
  • Yelp
  • Zoover

We use customer-alliance.com as our external provider to collect customer reviews on our hotel available on the web. This service searches the above services for comments and ratings.

The data we receive from you via these services and customer-alliance.com will be stored and processed in Germany.

Please refer to the privacy policy of the relevant service to determine which data is collected when you enter a comment or rating for our hotel on one of these services.

We receive the following data from customer-alliance.com:

  • author: your specified name
  • overallRating: the general rating you have given us
  • overallComment: your comments
  • category: rating category like room, location etc.
  • rating: your rating per rating category
  • comment: any comments you may have left on these ratings
  • Reply from the Club Hotel: A reply from the hotel to your rating

16.2 Legal basis for the processing of personal data

The legal basis for the processing of personal data using the customer review and commentas function is Art. 6(1)(f) GDPR.

16.3 Purpose of data processing

The information sent to us by Customer Alliance is used solely for the purpose of displaying customer ratings and comments on our website.

16.4 Duration of data storage

This data is only kept in our volatile memory and is not stored. The duration of data storage in the volatile memory depends exclusively on the duration of page impressions.

16.5 Possibility and options of objection and data elimination

As a user, you have the option of exercising your right to objection and removal with the respective services mentioned above at any time. As soon as they have deleted your data, the data will no longer be transmitted to us and will therefore no longer be displayed on our site.

17 Contact form

17.1 Scope of processing of personal data

There is a contact form on our website which can be used for electronic contact with us. If you use this option to contact us, the data entered in the input mask will be transmitted to us after clicking the "Request contact" button and saved. This data is:

  • Name: First and/or last name, depending on what your input is
  • E-Mail: email address
  • Phone: telephone number
  • Comment: everything you wrote us

At the time the message is sent, the following data is also stored:

  • your current IP address
  • the date and time of the transmission of the message

By clicking on the "Request contact" button you give us your data for storage and processing. It is therefore your responsibility what data you transmit to us. Furthermore, it is your decision if you want to use this contact channel. An alternative is mentioned below the form. We will not request your consent to contact us additionally (further opt-in).

As an alternative, you can contact us via the e-mail address provided. In this case, your personal data transmitted by e-mail will be stored.

The data received in this context will not be passed on to third parties. The data will only be used for the processing of the conversation.

17.2 Legal basis for the processing of personal data

The legal basis for the processing of this data is Art. 6(1)(a) GDPR if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6(1)(f) GDPR. If the e-mail contact aims at the conclusion of a contract, then the additional legal basis for the processing is Art. 6(1)(b) GDPR.

17.3 Purpose of data processing

The processing of the personal data from the contact form is used solely to process the contact request. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

We reserve the right to process and pass on the data sent to us in the event that this data contains illegal content or constitutes a violation of the law.

17.4 Duration of data storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose of collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with you has ended. The conversation is finished when it can be inferred from the circumstances that the matter in question has been clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

If statutory requirements or regulations for further storage of data exist, the statutory storage periods shall apply.

17.5 Possibility and options of objection and data elimination

You have the possibility to revoke your consent to the processing of personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.

If you would like to exercise your right to revoke your consent or your right to object to the storage, please send an e-mail to the data protection officer mentioned above.

All personal data stored in the course of contacting us will be irretrievably deleted in this case.

If there are legal obligations for the further storage of your data or a part of your data transmitted to us, we will inform you immediately after receipt of your revocation or objection e-mail. In these cases, you may not have the right to object or revoke. We will inform you of this. In this case, the storage periods mentioned above shall apply.

18 Usage of Script libraries (Google Webfonts)

18.1 Scope of processing of personal data

The following data is collected:

  • SessionID
  • IP address
  • browser type
  • browser version number

18.2 Legal basis for the processing of personal data

The legal basis for the processing of personal data using script libraries is Art. 6(1)(f) GDPR.

18.3 Purpose of data processing

In order to present our contents correctly and in an appealing graphical manner across all browsers, we use script libraries and font libraries such as Google Web Fonts (https://www.google.com/webfonts/) on this website. Google Web Fonts are transferred to your browser's cache to avoid multiple loading. If your browser does not support Google Web Fonts or does not allow access, content will be displayed in a default font.

Calling script libraries or font libraries automatically triggers a connection to the library operator. It is theoretically possible - but currently also unclear whether and, if necessary, for what purposes - that operators of corresponding libraries collect data.

18.4 Duration of data storage

The data is stored on your computer until your browser deletes it. You can also delete this data manually by clearing the cache of your browser. Please check the help pages of your browser to find out how to do this.

18.5 Possibility and options of objection and data elimination

For detailed instructions on how to manage your own data related to Google products, please visit www.dataliberation.org.

You can change your security settings for Google products here:

https://policies.google.com/privacy?hl=en

19 Usage of Google Maps (maps.google.com)

19.1 Scope of processing of personal data

Our website uses Google Maps API to display geographical information visually. When using Google Maps, Google also collects, processes and uses data about your use of the map functions. For further information on data processing and the scope of data collected and processed by Google, please refer to the Google Privacy Policy (https://policies.google.com/privacy#infocollect). If you have a Google Account, you can also change your personal data protection settings in the Data Protection Center.

For detailed instructions on how to manage your own data related to Google products, please visit www.dataliberation.org.

19.2 Legal basis for the processing of personal data

The legal basis for the processing of personal data using Google Maps is Art. 6(1)(f) GDPR.

19.3 Purpose of data processing

We would like to make your journey to and from the hotel as easy as possible and therefore show the location information of our hotels on our directions pages.

19.4 Duration of data storage

No data is stored on our website using Google Maps. It is possible that Google saves the data itself. Please see the Google Privacy Notice for more details (http://www.google.com/privacypolicy.html).

19.5 Possibility and options of objection and data elimination

You have the possibility to revoke your consent to the processing of personal data at any time. You can change your personal data protection settings accordingly in the Google Privacy Center.

20 Your rights as a party concerned

You can exercise the following rights at any time using the contact details provided by our data protection officer:

  • Information about your data stored with us and their processing,
  • correction of incorrect personal data,
  • deletion of your data stored with us,
  • restriction of data processing if we are not yet allowed to delete your data due to legal obligations,
  • objection to the processing of your data with us and
  • data transferability, provided that you have consented to the data processing or have concluded a contract with us.

If you have given us your consent, you can revoke it at any time with effect for the future.

You can contact your local data protection authority (DPA) at any time with a complaint. Your responsible data protection authority depends on your place of residence, your work or the alleged violation.

A list of DPAs and their addresses can be found at:

http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

20.1 Right of information

You have the right granted by the European legislator for directives and regulations to ask the data protection officer to confirm whether your personal data is being processed. If you wish to make use of this right of confirmation, please contact the data protection officer.

20.2 Right of access by the data subject

You have the right granted by the European Directive and Regulation Giver to obtain free information and a copy of this information regarding your personal data stored by the hotel at any time. Furthermore, the European Directive and Regulation provider has given you the right to obtain the following information regarding the data collected and processed about your person:

  • the processing purposes
  • the categories of personal data being processed
  • the recipients or categories of recipients to whom the personal data have been or are still being disclosed, in particular recipients in third countries or international organisations
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
  • the existence of a right to have the personal data concerning you rectified or deleted or to have the data controller restrict or oppose such processing
  • the existence of a right of appeal to a supervisory authority
  • if the personal data are not collected from the data subject: All available information about the origin of the data
  • the existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You also have a right of access to information on whether personal data has been transferred to a third country or to an international organisation. If this is the case, you also have the right to obtain information about the appropriate guarantees in connection with the transmission.

If you would like to make use of this right of information for yourself, you can contact the data protection officer at any time.

20.3 Right to rectification

You have the right granted by the European legislator of directives and regulations to request the immediate correction of incorrect personal data concerning you. You also have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, also by means of a supplementary declaration.

If you would like to make use of this right of correction, you can contact the data protection officer at any time.

20.4 Right to erasure (“right to be forgotten”)

You have the right granted by the European regulator to require the data protection officer to delete personal data concerning you without delay, provided that one of the following reasons applies and insofar as processing is not a requisite:

  • the personal data have been collected or otherwise processed for such purposes for which they are no longer necessary.
  • you revoke your consent on which the processing was based pursuant to Art. 6 (1)(a) GDPR or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
  • you file an objection to the processing pursuant to Art. 21(1) GDPR, and there are no overriding legitimate reasons for the processing, or you file an objection to the processing pursuant to Art. 21(2) GDPR.
  • the personal data have been processed unlawfully.
  • other erasure of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
  • the personal data was collected in relation to information services offered in accordance with Art. 8(1) GDPR.

If one of the above-mentioned reasons applies and you wish to have your personal data that is stored at Club Hotel deleted, you can contact the data protection officer at any time. The Club Hotel's data protection officer will arrange for the deletion request to be complied with immediately. As the Club Hotel, we also comply with this obligation if the personal data has been passed on by us to third parties and we are obliged to delete the personal data in accordance with Art. 17(1) GPDR. We will then take appropriate measures, taking into account the available technology and implementation costs, to inform these parties of their deletion obligation, unless the processing is legally required. The Club Hotel's data protection officer will take the necessary steps in each individual case.

20.5 Right to limit processing

They shall have the right granted by the European legislator of directives and regulations to require the data protection officer to restrict processing of your data if one of the following conditions is met:

  • You deny the accuracy of the personal data for a period of time, which enables the data protection officer to check the accuracy of the personal data.
  • The processing is unlawful, but you refuse the deletion of the personal data and instead demand the restriction of the use of the personal data.
  • The data processor no longer needs the personal data for the purposes of processing, but you do need them to assert, exercise or defend legal claims.
  • You have filed an objection against the processing in accordance with Art. 21(1) GPDR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your own.

If one of the above conditions is met and you wish to request the limitation of personal data stored by Club Hotel, you can contact the data protection officer at any time. The Club Hotel's data protection officer will arrange for the data processing to be restricted.

20.6 Right to data portability

You have the right to receive the personal information you have provided to Club Hotel in a structured, standard, and machine-readable format, as granted by the European Regulatory Authority. You also have the right to transfer this data to other parties, provided that the processing is based on the consent provided for in Art. 6(1) GPDR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out using automated procedures. This shall apply unless processing is necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller. You may not hinder the persons in charge to whom the personal data has been provided.

Furthermore, when exercising your right to data transferability pursuant to Art. 20(1) GDPR, you have the right to have the personal data transferred directly by the data controller to other parties, insofar as this is technically feasible and provided that the rights and freedoms of other persons are not affected by this.

You may contact the Club Hotel data protection officer at any time to exercise your right to data portability.

20.7 Right to object

You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation (art. 6 par. 1 letter e or f DSGVO). This also applies to profiling based on these provisions.

Club Hotel will no longer process personal data in the event of an objection, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

When Club Hotel processes personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data for such advertising purposes. This also applies to profiling insofar as it is connected with such direct advertising. If you object to Club Hotel processing your personal data for direct marketing purposes, Club Hotel will no longer process your personal data for these purposes.

You also have the right to object to the processing of your personal data for scientific or historical research or statistical purposes (pursuant to Art. 89 para. 1 DSGVO). Excluded from this right is the processing of data for the fulfilment of a task in the public interest.

To exercise your right of objection, you can contact Club Hotel's data protection officer directly. You are also free to exercise your right of opposition by means of automated procedures in connection with the use of Information Society services, notwithstanding Directive 2002/58/EC.

20.8 Automated decisions in individual cases including profiling

You have the right granted by the European Directive and Regulation Giver not to be subject to a decision based exclusively on automated processing - including profiling - which has legal effect against you or significantly impairs you in a similar manner. This applies provided that this Decision

(1) is not required for the conclusion or performance of a contract between you and the Club Hotel; or

(2) is permitted by law to which the Club Hotel is subject and that law contains appropriate measures to protect your rights, freedoms and legitimate interests; or

(3) with your express consent.

If the decision is

(1) necessary for the conclusion or performance of a contract between you and the Club Hotel; or

(2) is carried out with your express consent,

the Club Hotel will take appropriate measures to protect your rights and freedoms as well as your legitimate interests. This includes at least the right to obtain the intervention of a physical person by the responsible party, to state your own position and to challenge the decision.

If you wish to assert rights relating to automated decisions, you can contact the data protection officer at any time.

20.9 Right to revoke consent under data protection law

You have the right to revoke your consent to the processing of personal data at any time, granted by the European Directive and Regulation giver.