Privacy Guidelines - Swiss Quality Hotels

Privacy Policy Swiss Quality Hotels

The Swiss Quality Hotels Cooperative (SQHI) collects and processes personal data in the course of its business activities. In this privacy statement, we explain how we collect and process personal data. Personal data is any information that relates to an identified or identifiable natural person.

This privacy policy is subject to Swiss law. The collection and processing of personal data is governed in particular by the Federal Act on Data Protection (FADP). As far as applicable, provisions of the European Union (EU), in particular the EU General Data Protection Regulation (GDPR) are taken into account.

We may amend this privacy policy at any time without prior notice. The current version published on our website applies.

Status 10.2023

Person Responsible for Data Processing

The person responsible for data processing is:

Swiss Quality Hotels Cooperative
Seestrasse 353
CH-8038 Zurich
Telephone: +41 44 928 27 27
E-mail: E-Mail

If you have any concerns regarding data protection, you can send them to us at the above contact address.

1. General

1.1 Collection and Processing of Personal Data

We collect and process personal data that we receive during our business activities and the business relationship with customers and business partners as well as other persons.
Publicly known or accessible personal data may also be processed by us if this is appropri-ate for our business activities.
Within the scope of our business relationship, you must provide the personal data required for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations. Without this data, we will in general not be able to conclude a contract with you (or the organization or person you represent) or to perform such a contract. Also, the website cannot be used if certain information to secure data traffic (such as IP address) is not disclosed.

1.2 Processing Purposes

We use the personal data we collect primarily to process our contracts and our services with our affiliated hotels and with our business partners. If you work for such a customer or business partner, your personal data may of course also be affected in this capacity.
Personal data is collected by us based on Art. 6 para. 1 lit. b GDPR if you provide it to us for the execution of a contract (e.g., a booking or booking request) or when opening a customer account. This data is used for the execution of the contract and processing of your inquiries.
We also collect personal data when you apply for a job with us. The processing of this personal data is necessary for the implementation of the application process and is also based on Art. 6 para. 1 lit. b GDPR.
In addition, we process personal data of you and other persons, insofar as permitted and it appears to be appropriate, also for the following purposes, in which we (and sometimes also third parties) have a legitimate interest (Art. 6 para. 1 lit. f GDPR):
• Offering and further developing our offers, services and web sites, apps and other platforms;
• Advertising and marketing (including events), unless you have objected to the use of your data (if we send you advertising as an existing customer of ours, you can object to this at any time, we will then put you on a block list against further advertising mailings).

1.3 Data Disclosure

During our business activities, we disclose the data to the hotels or service providers with whom we place bookings made by you via our online reservation system.
For order processing, guest reviews and distribution of the hotels affiliated with us, third party companies may be involved.
The recipients are partly in domestic territory but can be anywhere in the world. You should expect your information to be transferred to all countries where we are represented by group companies, branches or other offices, as well as to other countries in Europe (such as Italy, France and Germany) and the United States, where the service providers we use are located.
If a recipient is located in a country without adequate legal data protection, we contractual-ly oblige the recipient to comply with the applicable data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have consented or if it is a matter of data made generally available by you, the processing of which you have not objected to.
Within the framework of the GDPR, we will only disclose data if this is necessary for the performance of the contract (Art. 6 para. 1 lit. b) or if we have a legitimate interest in doing so (Art. 6 para. 1 lit. f GDPR).

1.4 Retention period

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, for example for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) as well as beyond that in accordance with the statutory retention and documentation obligations. In this context, it is possible that personal data will be retained for the time during which claims can be asserted against our company and insofar as we are otherwise legally obligated to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized as far as possible. For operational data (e.g., system logs, logs), shorter retention periods of twelve months or less generally apply.

1.5 Data security

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse.

1.6 Your rights

You have the following rights vis-à-vis us and the hotels with which you have made a booking with regard to the personal data concerning you:
• Right to information,
• Right to correction or deletion,
• Right to restriction of processing,
• the right to object to processing.
If data processing is based on your consent, you can revoke this at any time for the future without giving reasons. The revocation should be sent to the address [E-Mail]. To process your requests to exercise your rights, it may be necessary for you to identify yourself so that we can clearly identify you.
In Switzerland, there is no right of appeal to a supervisory authority. Persons in Switzerland may report a data protection infringement to the Federal Data Protection and Information Commissioner. For citizens in the EU, in the event of a data protection breach, the affected parties have a right to lodge a complaint with the competent supervisory authority in the EU in accordance with Art. 77 GDPR.

2. Website

When you use our websites, various personal data is collected. This privacy policy explains what data we collect when you visit our website and what we use it for. It also explains how and for what purpose this is done.
This statement applies to the following web pages:
• www.SwissQualityHotels.com;
• www.sqh.ch;
• https://reservations.verticalbooking.com/premium/group_index.html;
• https://reservations.verticalbooking.com/premium/index2.html;
It should be noted that links to other websites with different data protection rules are possible. When linking to other websites, the data protection regulations of the respective website apply.

2.1 General collection

Our Internet pages collect a series of general data with each page visit. This general data and information are stored in the log files of the server. The following data is collected:
• IP address
• Date and time of the request
• Time zone difference to GMT time zone
• Content of the request
• Access status/http status code
• Amount of data transferred
• Internet page from which the request originated
• Browser (incl. language and version)
• Operating system and its interface
When using this general data, no allocation to a specific person takes place. The collection of this data is technically necessary to display our website and to ensure its stability and security.
Insofar as the GDPR is applicable, Art. 6 para. 1 lit. b and f constitute the legal basis for the processing.

2.2 Contacting

If you contact us via the contact form or the e-mail addresses provided, we will always treat the data you provide in accordance with the applicable data protection provisions. The data you provide will be used exclusively to process your inquiry.
The processing of this data is based on Art. 6 para. 1 lit. a. in accordance with your consent, which you can revoke at any time.
We store the data you entered in the contact form until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory legal provisions – in particular retention periods – are reserved.

2.3 SSL or TLS encryption

This website uses SSL or TSL encryption for security reasons and to protect the transmis-sion of confidential content, such as the inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the brows-er changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

2.4 Cookies

Our website uses so-called cookies, which are small text files that are stored on your computer and can be retrieved there. Cookies are used to enable you to register for our services and to personalize our website for you. For this purpose, our website is supported by cookies, which collect information about your IP address, the time and duration of your visit, the number of visits, form usage, your search settings, your display view and your settings for favorites on our website. The storage period of cookies varies.
You can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time us-ing an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet brows-er used, not all functions of our website may be fully usable.
The legal basis for the collection of data through cookies in the scope of the GDPR is Art. 6 (1) lit. a and lit. f.

2.4.1 Google Analytics

Our internet pages use Google Analytics 4, a web analysis service of Google Inc. (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.). Google Analytics uses cookies that allow an analysis of the use of the website. Google Analytics uses this information on behalf of the operator of this website to evaluate the use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.
The legal basis is Art. 6 para. 1 lit. f GDPR.

2.4.2 Google Ads

Google Ads is an advertising program of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA via which companies can place targeted ads.
Google Ads also uses cookies and uses this information on behalf of the operator of this website to evaluate the success of the advertising campaign, to compile reports and to provide other services related to website use and internet use to the website operator. The IP address transmitted by your browser in the context of Google Ads will not be merged with other Google data.
The legal basis is Art. 6 para. 1 lit. f GDPR.

2.5 Social Media Plugins

Plugins from various third-party providers of social media platforms may be integrated within the scope of the website. When visiting the website, these plugins may automatically transmit data to the third-party providers.

2.5.1 Facebook

Plugins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated on our pages. You can recognize the Facebook plugins by the Facebook logo or the “Like button” (“Like”) on our page. You can find an overview of the Facebook plugins here: www.facebook.com/about/privacy/.
When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook “Like” button while you are logged into your Facebook account, you can link the content of our pages on your Facebook profile. This allows Facebook to associate the visit to our pages with your user ac-count. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook.
For more information, please refer to Facebook’s privacy policy at www.facebook.com/about/privacy/. For the transmission of European data, the following contract addendum applies: https://www.facebook.com/legal/EU_data_transfer_addendum. It applies to the extent that Facebook Ireland, as a processor, processes European data in accordance with the Terms of Use for Covered Products and transfers of such data from the EU, the EEA, the United Kingdom or Switzerland are made to Facebook, Inc.

2.5.2 X Corp (formerly “Twitter”).

Functions from X Corp. are integrated on our pages. These functions are offered by X Corp., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. By using X and the “Re-Tweet” function, the websites you visit are linked to your X account and made known to other users. In the process, data such as IP address, browser type, domains called up, pages visited, mobile phone provider, device and application IDs and search terms, among other things, are transmitted to X Corp.
We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or how X uses it. You can change your privacy settings at X Corp. in the account settings at twitter.com/account/settings. If you have any questions, contact E-Mail.
Due to ongoing updates to the X Corp. privacy policy, please refer to the current version at http://twitter.com/privacy. X Corp. adheres to the standard contractual clauses approved by the EU Commission when transferring data to the USA.

2.5.3 YouTube

Our Internet pages use plugins from YouTube of Google LLC, D/B/A YouTube, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. For more information on the handling of user data, please refer to YouTube’s privacy policy at: www.google.de/intl/de/policies/privacy.
At Google, the standard contractual clauses of the European Commission (Standard Con-tractual Clauses, SCC; https://support.google.com/publisherpolicies/answer/ 10437486?hl=en) apply to the transfer of data for online advertising and personal data originating from the European Economic Area, Switzerland and the United Kingdom.

2.5.4 Instagram

Plugins of the social network Instagram, 1601 Willow Rd, Menlo Park CA 94025, USA of Fa-cebook Inc. are integrated on our pages. With the functions for embedding Instagram content (embed function), we can display images and videos.
By calling up Internet pages that use such functions, data (IP address, browser data, date, time, cookies) are transmitted to Instagram, stored and evaluated.
If you have an Instagram account and are logged in, this data will be assigned to your per-sonal account and the data stored therein. You can prevent this by logging out.
The privacy policy, which information Instagram collects and how they use it, can be found at https://help.instagram.com/519522125107875. The standard contractual clauses approved by the European Commission apply to the transfer of European data, insofar as Facebook Ireland Inc. processes European data as a processor in accordance with the terms of use for covered products and transfers of such data are made from the EU, the EEA, the United Kingdom or Switzerland to Facebook Inc.

2.5.5 Pinterest

Functions of the Pinterest service are integrated on our pages. These functions are offered by Pinterest Inc, 651 Brannan Street, San Francisco, CA 94107, USA. By using Pinterest and the “Like” function, the web pages you visit are linked to your Pinterest account and made known to other users. In the process, data such as IP address, browser type, domains called up, pages visited, mobile phone provider, device and application IDs and search terms, among other things, are transmitted to Pinterest.
We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Pinterest.
Due to ongoing updates of Pinterest’s privacy policy, we refer to the current version at https://policy.pinterest.com/de/privacy-policy. Pinterest adheres to the standard contractual clauses approved by the EU Commission when transferring data to the USA.

2.6 Newsletter

You can subscribe to our newsletter, with which we inform you about interesting develop-ments. You can use the corresponding web form to register. Mandatory information is marked separately; all other information is voluntary. Furthermore, we may send you our newsletter as part of a business or contractual relationship with you. You can unsubscribe from the newsletter at any time. You can declare the cancellation by clicking on the link provided in every newsletter e-mail or via the contact details of the responsible person given in the imprint.

2.7 Data security

To protect your data, we have implemented numerous technical and organizational measures to ensure the most complete possible protection of personal data processed via this website. Communication by e-mail, fax, mobile phones or Internet applications involves risks such as the possibility of viewing the content of the message, its modifica-tion or loss. The Swiss Quality Hotels Cooperative accepts no liability for this.

2.8 Your rights

You have the following rights with respect to your personal data that we collect on our website:
• Right to information,
• Right to correction or deletion,
• Right to restriction of processing,
• Right to object to processing.
If data processing on our website is based on your consent, you can revoke this consent for the future at any time without giving reasons. The revocation should be sent to the address [E-Mail]. The legality of the data processing carried out until the revocation remains unaffected by the revocation. To be able to process your requests to exercise your rights, it may be necessary for you to identify yourself so that we can clearly identify you.
For citizens in the EU, in the event of a data protection breach, the affected parties have a right to lodge a complaint with the competent supervisory authority in the EU. In Switzerland, there is no right of appeal to a supervisory authority. Persons in Switzerland may report a data protection infringement to the Federal Data Protection and Information Commissioner.