The data controller within the meaning of data protection legislation, in particular the EU General Data Protection Regulation (GDPR), is:

Neuhaus Golf- & Strandhotel
Jürgen Ritschard
Seestrasse 121
3800 Unterseen

Telephone: +41 33 822 82 82
E-Mail: info@hotel-neuhaus.ch
Website: https://www.hotel-neuhaus.ch/

General note

Pursuant to Article 13 of the Swiss Federal Constitution and the federal data protection provisions (Data Protection Act, DPA), every person has the right to the protection of their privacy and to protection against the misuse of their personal data. The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

In collaboration with our hosting providers, we strive to protect our databases as effectively as possible against unauthorised access, loss, misuse or tampering.

Please note that data transmission over the internet (e.g. when communicating by email) may be vulnerable to security breaches. It is not possible to guarantee complete protection of data against access by third parties.

By using this website, you consent to the collection, processing and use of data in accordance with the description below. In principle, this website can be visited without registration. In doing so, data such as the pages accessed or the names of the files retrieved, along with the date and time, are stored on the server for statistical purposes, without this data being directly linked to you personally. Personal data, in particular your name, address or email address, is collected on a voluntary basis wherever possible. Your data will not be passed on to third parties without your consent.

Processing of personal data

Personal data refers to any information relating to an identified or identifiable individual. A data subject is a person in respect of whom personal data is processed. Processing encompasses any handling of personal data, regardless of the means and methods used, in particular the collection, disclosure, acquisition, erasure, storage, alteration, destruction and use of personal data.

We process personal data in accordance with Swiss data protection law. Furthermore, where and to the extent that the EU GDPR applies, we process personal data in accordance with the following legal bases in relation to Article 6(1) of the GDPR:

• Consent (Article 6(1)(a) of the GDPR) – The data subject has given consent to the processing of personal data relating to them for a specific purpose or for several specific purposes.
• Performance of a contract and pre-contractual enquiries (Article 6(1)(b) of the GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures taken at the data subject’s request.
• Legal obligation (Article 6(1)(c) of the GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Protection of vital interests (Article 6(1)(d) of the GDPR) – Processing is necessary to protect the vital interests of the data subject or of another natural person.
• DSGVOLegitimate interests (Article 6(1)(f) of the GDPR)) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
• The recruitment process as a pre-contractual or contractual relationship (Article 9(2)(b) of the GDPR) – Insofar as, during the recruitment process, special categories of personal data within the meaning of Article 9(1) of the GDPR (e.g. health data, such as severe disability status or ethnic origin) are requested from applicants so that the controller or the data subject can exercise their rights arising from labour law and the law on social security and social protection and fulfil their obligations in this regard, such processing is carried out in accordance with Article 9(2)(b) GDPR, or in the case of the protection of the vital interests of applicants or other persons pursuant to Article 9(2)(c) GDPR; or for the purposes of preventive healthcare or occupational medicine, for the assessment of an employee’s fitness for work, for medical diagnosis, care or treatment in the health or social sector, or for the management of systems and services in the health or social sector in accordance with Article 9(2)(h) of the GDPR. Where the provision of special categories of data is based on voluntary consent, such data is processed on the basis of Article 9(2)(a) of the GDPR.

We process personal data for the duration necessary for the respective purpose(s). Where longer retention periods are required due to legal or other obligations to which we are subject, we restrict processing accordingly.

Relevant legal bases

In accordance with Article 13 of the GDPR, we inform you of the legal bases for our data processing. Unless otherwise stated in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR; the legal basis for processing data to fulfill our services and implement contractual measures, as well as to respond to inquiries, is Article 6(1)(b) of the GDPR; the legal basis for processing data to comply with our legal obligations is Article 6(1)(c) of the GDPR; and the legal basis for processing data to protect our legitimate interests is Article 6(1)(f) of the GDPR. In the event that processing personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.

Security measures

In accordance with legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, transfer of, and ensuring the availability and separation of the data. Furthermore, we have established procedures that guarantee the exercise of data subject rights, the deletion of data, and responses to data breaches. We also consider the protection of personal data during the development and selection of hardware, software, and processes, in accordance with the principles of data protection by design and by default.

Transfer of personal data

As part of our processing of personal data, it may be necessary to transfer or disclose data to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, IT service providers or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to ensure its protection.

Data processing in third countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of using third-party services or disclosing or transferring data to other persons, bodies or companies, this will only be done in accordance with legal requirements.

Subject to explicit consent or where transfer is required by contract or law, we process data only in third countries with a recognized level of data protection, contractual obligations through so-called standard contractual clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Articles 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Privacy policy for cookies

This website uses cookies. Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie primarily serves to store information about a user during or after their visit to an online service. The stored information can include, for example, language settings on a website, login status, items in a shopping cart, or the point at which a video was paused. We also include other technologies that perform the same functions as cookies in the term “cookies” (e.g., when user data is stored using pseudonymous online identifiers, also known as “user IDs”).

The following cookie types and functions are distinguished:

• Temporary cookies (also known as session cookies):Temporary cookies are deleted at the latest after a user has left an online service and closed their browser.
• Persistent cookies: Persistent cookies remain stored even after the browser is closed. This allows, for example, login status to be saved or preferred content to be displayed directly when the user revisits a website. Similarly, user interests, which are used for audience measurement or marketing purposes, can be stored in such a cookie.
• First-party cookies: First-party cookies are set by us.
• Third-party cookies: Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
• Necessary (also: essential or absolutely required) cookies: Cookies may be absolutely necessary for the operation of a website (e.g. to save logins or other user input, or for security reasons).
• Statistics, marketing, and personalization cookies: Cookies are also typically used for audience measurement and when a user’s interests or behavior (e.g., viewing specific content, using certain functions, etc.) are stored in a user profile across individual websites. These profiles are used to display content to users that matches their potential interests. This process is also known as “tracking,” i.e., monitoring users’ potential interests. If we use cookies or tracking technologies, we will inform you separately in our privacy policy or when obtaining your consent.

Opt-out complete; your visits to this website will not be recorded by the Web Analytics tool. Note that if you clear your cookies, delete the opt-out cookie, or if you change computers or Web browsers, you will need to perform the opt-out procedure again.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

You are not opted out. Uncheck this box to opt-out. You are currently opted out. Check this box to opt-in.

The tracking opt-out feature requires cookies to be enabled.

Information on the legal basis: The legal basis for processing your personal data using cookies depends on whether we ask for your consent. If so, and you consent to the use of cookies, the legal basis for processing your data is your explicit consent. Otherwise, data processed using cookies is processed based on our legitimate interests (e.g., in the efficient operation and improvement of our online services) or, if the use of cookies is necessary to fulfill our contractual obligations.

Storage period: Unless we provide you with explicit information on the storage period of persistent cookies (e.g., as part of a so-called cookie opt-in), please assume that the storage period can be up to two years.

General information on revocation and objection (opt-out): Depending on whether processing is based on consent or legal permission, you have the right to revoke any consent you have given or to object to the processing of your data by cookie technologies at any time (collectively referred to as “opt-out”). You can initially declare your objection via your browser settings, e.g., by disabling the use of cookies (although this may also restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via a variety of services, especially in the case of tracking, through the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. You can also find further information on how to object in the details provided about the service providers and cookies used.

Processing of cookie data based on consent: We use a cookie consent management process to obtain, manage, and revoke user consent for the use of cookies and the processing activities and providers mentioned within the cookie consent management process. The consent declaration is stored to avoid having to request it again and to be able to demonstrate consent in accordance with legal requirements. Storage can be server-side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) to assign the consent to a user or their device. Subject to individual information regarding the providers of cookie management services, the following applies: The storage period for consent can be up to two years. A pseudonymous user identifier is created and stored along with the time of consent, information on the scope of the consent (e.g., which categories of cookies and/or service providers), and the browser, operating system, and device used.

• Types of data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• Affected persons: Users (e.g., website visitors, users of online services).
• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Privacy policy for SSL/TLS encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the website operator. You can recognize an encrypted connection by the fact that the browser’s address bar changes from “https://” to “https://” and by the lock symbol in your browser’s address bar.

When SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties.

Privacy policy for server log files

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes:

• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request

This data cannot be linked to specific individuals. This data will not be combined with other data sources. We reserve the right to review this data subsequently if we become aware of concrete indications of unlawful use.

Privacy policy for contact form

If you send us inquiries via the contact form, your information from the inquiry form, including the contact details you provided, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not share this data without your consent.

Using Google Maps

This website uses Google Maps. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function. By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Google provides a user account that you are logged into, or whether no user account exists. If you are logged into Google, your data will be directly associated with your account. If you do not want this association with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research, and/or the needs-based design of its website. Such analysis is carried out in particular (even for users who are not logged in) to provide targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact Google to exercise this right. Further information on the purpose and scope of data collection and processing by Google, as well as information on your related rights and settings options to protect your privacy, can be found at: www.google.de/intl/de/policies/privacy.

Using Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter “Google”. reCAPTCHA is used to verify whether data entered on our websites (e.g., in a contact form) is entered by a human or by an automated program. To this end, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various pieces of information (e.g., IP address, the website visitor’s time spent on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place.

Data processing is carried out on the basis of Article 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its website from abusive automated access and spam. Further information on Google reCAPTCHA and Google’s privacy policy can be found at the following links: https://www.google.com/intl/de/policies/privacy/ and https://policies.google.com/terms?hl=de.

Privacy policy for the use of Google Web Fonts

This website uses web fonts provided by Google for consistent font display. When you visit a page, your browser loads the necessary web fonts into its cache to display text and fonts correctly. If your browser does not support web fonts, a standard font from your computer will be used.

Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/

Privacy policy for Facebook

This website uses features from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. When you visit our pages with Facebook plugins, a connection is established between your browser and Facebook’s servers. Data is then transmitted to Facebook. If you have a Facebook account, this data can be linked to it. If you do not want this data to be associated with your Facebook account, please log out of Facebook before visiting our site. Interactions, in particular using a comment function or clicking a “Like” or “Share” button, are also transmitted to Facebook. You can find out more at https://de-de.facebook.com/about/privacy.

Instagram Privacy Policy

Our website integrates features of the Instagram service. These features are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to our pages with your user account. Please note that as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by Instagram.

Further information can be found in Instagram’s privacy policy: https://instagram.com/about/legal/privacy/

Copyrights

The copyright and all other rights to content, images, photos, or other files on this website belong exclusively to the operator of this website or the specifically named rights holders. Prior written consent from the copyright holder is required for the reproduction of any files.

Anyone who commits copyright infringement without the consent of the respective rights holder may be liable to prosecution and possibly damages.

General disclaimer

All information on our website has been carefully reviewed. We strive to keep our information up-to-date, accurate, and complete. However, errors cannot be entirely ruled out, and therefore we cannot guarantee the completeness, accuracy, or timeliness of any information, including journalistic and editorial content. Liability claims for damages of a material or immaterial nature caused by the use of the information provided are excluded, unless there is evidence of willful misconduct or gross negligence.

The publisher may, at its sole discretion and without notice, modify or delete texts and is under no obligation to update the content of this website. Use of or access to this website is at the visitor’s own risk. The publisher, its clients, or partners are not responsible for any damages, including direct, indirect, incidental, consequential, or punitive damages, allegedly arising from visiting this website and therefore assume no liability whatsoever.

The publisher also assumes no responsibility or liability for the content and availability of third-party websites accessible via external links on this website. The operators of the linked sites are solely responsible for their content. The publisher expressly distances itself from all third-party content that may be criminally or civilly liable or that violates common decency.

Changes

We may amend this privacy policy at any time without prior notice. The current version published on our website applies. If the privacy policy is part of an agreement with you, we will inform you of any updates by email or other suitable means.

Questions for the Data Protection Officer

If you have any questions about data protection, please send us an email or contact the person responsible for data protection in our organization, whose contact details are listed at the beginning of the privacy policy.

[Source: SwissLawyer]