Data protection

Data protection

Kloster Gastbetriebe Engelberg, Mühlegraben 2, 6390 Engelberg belongs to Benedictine Monastery Engelberg, Benedictine Monastery 1, 6390 Engelberg. It is the operator of the website www.Gastbetriebe.ch. Thus, we are responsible for the collection, processing and use of your personal data. We strive to ensure the compatibility of data processing with applicable data protection law. We take the issue of data protection seriously and pay attention to appropriate security. We comply with the legal provisions of data protection. In particular, the Federal Data Protection Act (FADP), the Ordinance to the Federal Data Protection Act (FADP), the Telecommunications Act (TCA) and other data protection provisions of Swiss law that may be applicable. We also take care to comply with EU law, in particular the General Data Protection Regulation (GDPR), when applicable. The following information is intended to show you what personal data we collect from you and for what purposes we use it.
The responsible party for data processing on this website is:
Kloster Gastbetriebe Engelberg
Monastery Engelberg
Mühlegraben 2
6390 Engelberg
+41 41 639 51 00
info@Gastbetriebe.ch

1. Data processing in connection with our website

1.1. accessing our website
When you access our website, our server automatically records information of a general nature in a log file. The following technical data is collected without your intervention, as is generally the case with any connection to a web server, and stored by us until automated or requested deletion:

• the IP address of the requesting computer,
• the name of the owner of the IP address range (usually your Internet access provider),
• the date and time of the access,
• the website from which the access was made (referrer URL), if applicable, with the used
  search word used,
• the name and URL of the file accessed,
• the status code (e.g. error message),
• the operating system of your computer
• the browser you use (type, version and language),
• the transmission protocol used (e.g. HTTP/1.1) and
• if applicable, your user name from a registration/authentication.

This data is collected and processed for the following purposes, which correspond to our legitimate interests in data processing in accordance with data protection law:

Ensuring that the website connection is established without any problems
Ensuring the smooth use of our website
Evaluation of system security and stability as well as for other administrative purposes.
Optimization of our website
Internal statistical purposes
The data will be deleted as soon as they are no longer needed for the assumed purposes.

2. contact form
You have the option of using contact forms to get in touch with us. For this purpose, we require the following mandatory information:

• Company name
• First and last name
• Address
• E-mail address
• Telephone number
• Job title
• Correspondence language

We use the data you enter only for individual communication with you. We use this data only to be able to answer your contact request in the best possible and personalized way. The processing of this data is necessary for the implementation of pre-contractual measures or is in our legitimate interest according to data protection law, in particular according to Art. 6 para. 1 lit. f DSGVO.

3. newsletter
We offer you the possibility to subscribe to our newsletter on our website. Registration is required for this purpose. For successful registration, the following data must be provided:

• First and last name
• E-mail address
• Function
• Company name
• Correspondence language

By registering, you give your consent to the processing of the data provided for the regular sending of the newsletter to the address you have provided and for the statistical evaluation of the usage behavior and the optimization of the newsletter. In terms of data protection law, your consent constitutes our legal basis for processing your e-mail address. We are entitled to commission third parties with the technical processing of advertising measures and are entitled to pass on your data for this purpose. At the end of each newsletter you will find a link that allows you to unsubscribe from the newsletter at any time. After unsubscribing, your personal data will be deleted. Further processing only takes place in anonymized form for the optimization of our newsletter.

4. opening a customer account
To make bookings on our website, you can order as a Guest or open a customer account. When registering for a customer account, we compulsorily collect the following data:

• Salutation
• First and last name
• Postal address
• Date of birth
• Telephone number
• E-mail address
• Password

The collection of this and other data voluntarily provided by you (e.g. company name) is for the purpose of providing you with password-protected direct access to your basic data stored with us. In it, you can view your previous and current bookings or manage or change your personal data.

The legal basis for processing the data for this purpose is the consent you have given us pursuant to Art. 6 (1) lit. a DSGVO.

5. booking on the website, by correspondence or by telephone call.
If you make bookings either via our website, by correspondence (email or letter post) or by telephone call, we require the following mandatory data for the processing of the contract:

• Salutation
• First and last name
• Postal address
• Date of birth
• Telephone number
• Language
• Credit card information
• E-mail address

These data as well as other information voluntarily provided by you (e.g. expected arrival time, motor vehicle registration plate, preferences, remarks) will only be used by us to process the contract, unless otherwise stated in this privacy policy or you have given your separate consent to do so. We will process the data by name in order to record your booking as requested, to provide the booked services, to contact you in case of any uncertainties or problems and to ensure correct payment.

The legal basis of data processing for this purpose is the fulfillment of a contract according to Art. 6 para. 1 lit. b DSGVO.

6. orders in the webshop
In order to take orders on our website, we collect the following data:

• Hotel company
• Member number
• First and last name
• Position/Function
• Postal address
• Telephone number
• E-mail address
• Website

The legal basis for processing the data for this purpose is the consent you have given.

7.cookies
Cookies are small text files that are automatically stored on your computer when you visit a website. Cookies on our website serve many different purposes. For example, they enable you to navigate efficiently from page to page, they save your preferred settings and generally improve your visitor experience on our website. For example, we use cookies to temporarily store your selected services and entries when you fill out a form on the website so that you do not have to repeat the entry when you access another sub-page. Cookies may also be used to identify you as a registered user after you have registered on the website, without you having to log in again when you call up another sub-page. Most Internet browsers accept cookies automatically. If you do not wish to receive cookies, you can set your browser to display a message as soon as a cookie is to be stored. You can generally refuse cookies. You can also delete cookies that have already been set.

If you want to restrict or block web browser cookies stored on your device, you can do this via your browser settings. Information on this can be found in the help function of your browser. Information on how to block cookies in the most popular browsers can be found on the following pages:

• Microsoft’s Windows Internet Explorer
• Microsoft’s Windows Internet Explorer Mobile
• Mozilla Firefox
• Google Chrome for Desktop
• Google Chrome for Mobile
• Apple Safari for Desktop
• Apple Safari for Mobile

Disabling cookies may prevent you from using all features of our website.

8. tracking tools, analytics tools and third-party tools

Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (‘Google’). Google Analytics uses ‘cookies’, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website (including your IP address, which, however, is anonymized using the _anonymizeIp() method before being stored so that it can no longer be assigned to a connection) is transmitted to a Google server in the USA and stored there. The following data is collected: Address and title of the visited page or of downloaded files, screen resolution, browser type, browser version, browser window size, color depth, browser language, Java plugin enabled or not, Flash version and origin information. This list may be expanded by Google and reflects only its current knowledge of the analysis. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
You can object to the collection of data by Google Analytics with effect for the future by installing a deactivation add-on for your browser (http://tools.google.com/dlpage/gaoptout?hl=de).

Google Tag Manager
This website also uses the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool takes care of routing data and triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager.

Third-party provider information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. So-called standard contractual clauses pursuant to Art. 46 DSGVO have been concluded with this service provider as suitable guarantees. The FDPIC (Federal Data Protection and Information Commissioner) recognizes the standard contractual clauses of the European Union pursuant to Art. 6 para. 3 VDSG (Ordinance to the Federal Act on Data Protection) also for Swiss data transfers. Further information can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_de.

9. social plugins

We use social media plugins on our website. Such plugins enable the integration of social media in our online offer for the benefit of our users. Via these plugins, information, which may also include personal data, may be sent to the service provider and possibly used by the latter. By default, the functions of the plugins are deactivated to prevent the automatic transfer of user data to the providers. Only when the user clicks on the plugin is it activated and data is transmitted. The plugins are independent extensions of the plugin providers. We therefore have no influence on the scope of the data collected and stored by the plugin providers via the plugins. Currently, it must be assumed that log files (including IP address) are transmitted from your internet browser directly to a server of the respective plugin provider and, if applicable, stored there. This server may be located outside the EU or the EEA. If you do not want the data exchange between you and social media, you should log out of social media before using our online offers. In addition, you should activate private mode in the privacy settings of your browser. Likewise, there is the possibility that the service providers try to save cookies on the computer used. Please refer to the data protection information of the respective service provider to find out which specific data is collected and how it is used.

B. Data processing in connection with your stay

10. data processing for the fulfillment of legal reporting obligations

Upon arrival at our Hotel, we may require the following information from you and your companions:

• First and last name
• Postal address and canton
• Date of birth
• Place of birth
• Nationality
• Official identification card and number
• Arrival and departure date
• Room number

We collect this information in order to fulfill legal reporting obligations, which arise in particular from hospitality or police law. Insofar as we are obliged to do so under the applicable regulations, we forward this information to the relevant police authority. Our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO is the fulfillment of the legal requirements

11. recording of services received

If you obtain additional services during your stay (e.g. make use of the mini-bar or the pay TV offer), we will record the subject of the service and the time at which the service was obtained for billing purposes. The processing of this data is necessary within the meaning of Art. 6 para. 1 lit. b DSGVO for the processing of the contract with us.

C. Storage and exchange of data with third parties

12 Booking platforms
If you make bookings via a third-party platform, we receive various personal information from the respective platform operator. As a rule, this is the data listed in Section 5 of these data protection declarations. In addition, inquiries about your booking may be forwarded to us. We will process this data by name in order to record your booking as requested and to provide the booked services. The legal basis of data processing for this purpose is the fulfillment of a contract according to Art. 6 para. 1 lit. b DSGVO.
Finally, we may be informed by the platform operators about disputes in connection with a booking. In the process, we may also receive data about the booking process, which may include a copy of the booking confirmation as proof of the actual booking completion. We process this data to protect and enforce our claims. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
Furthermore, please note the information on data protection of the respective provider.

13 Data storage
We store the data specified in sections 2-6 and 10-12 in a central electronic data processing system. The data concerning you will be systematically recorded and linked for the purpose of processing your bookings and handling the contractual services. For this purpose we use a software of Mews Systems B.V, Kleine – Gartmanplantsoen 21; 1017 RP, Amsterdam, Netherlands. We base the processing of this data within the framework of the software on our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO in customer-friendly and efficient customer data management.

14. retention period

We store personal data only as long as it is necessary to use the tracking services mentioned above as well as the further processing within the scope of our legitimate interest. Contractual data will be stored by us for a longer period of time, as this is required by legal retention obligations. Retention obligations that require us to retain data result from regulations on accounting and from tax law. According to these regulations, business communication and concluded contracts must be kept for up to 10 years.

15 Passing on data to third parties
We only pass on your personal data if you have either expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. In addition, we pass on your data to third parties if this is necessary in the context of the use of the website and the execution of the contract (also outside the website).

16. transfer of personal data abroad

We are entitled to transfer your personal data for the purpose of the data processing described in this privacy policy also to third companies (contracted service providers) abroad. These are obligated to data protection to the same extent as we ourselves. If the level of data protection in a country does not correspond to that in Switzerland or the EU, we will ensure by contract that the protection of your personal data corresponds to that in Switzerland or the EU at all times.

D. Further information

17. right to information, correction, deletion and restriction of processing; right to data portability
You have the right to obtain information about the personal data that we store about you upon request. In addition, you have the right to have incorrect data corrected and the right to have your personal data deleted, insofar as this does not conflict with a legal obligation to retain the data or an authorization that allows us to process the data. You also have the right to demand that we return the data you have provided to us (right to data portability). Upon request, we will also transfer the data to a third party of your choice. You have the right to receive the data in a common file format. You can contact us for the aforementioned purposes via the e-mail address info@josefshaus-engelberg.ch. For the processing of your requests, we may, at our discretion, require proof of identity.

18. data security

We use appropriate technical and organizational security measures to protect your personal data stored by us against manipulation, partial or complete loss and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. You should always keep your information confidential and close the browser window when you have finished communicating with us, especially if you share a computer with others. We also take internal company data protection very seriously. Our employees and the service companies commissioned by us have been obligated by us to maintain confidentiality and to comply with the provisions of data protection law.

19. note on data transfers to the USA

For the sake of completeness, we would like to point out for users resident or domiciled in Switzerland that in the USA there are monitoring measures by US authorities which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without any differentiation, limitation or exception based on the objective pursued and without any objective criterion that would make it possible to limit the access of the U.S. authorities to the data and their subsequent use to very specific, strictly limited purposes that are capable of justifying the intrusion associated both with the access to these data and with their use. Furthermore, we would like to point out that in the U.S. there are no legal remedies available to data subjects from Switzerland that would allow them to gain access to the data concerning them and to obtain its correction or deletion, or that there is no effective judicial legal protection against general access rights of U.S. authorities. We explicitly draw the attention of the data subject to this legal and factual situation so that he or she can make an appropriately informed decision to consent to the use of his or her data. We would like to point out to users residing in a member state of the EU that, from the perspective of the European Union, the USA does not have a sufficient level of data protection – among other things due to the issues mentioned in this section. To the extent that we have explained in this Privacy Policy that recipients of data (such as Google) are based in the USA, we will ensure either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU or SwissUS Privacy Shield that your data is protected with our partners with an appropriate level.

20 Right to complain to a data protection supervisory authority.
You have the right to complain to a data protection supervisory authority at any time.