Skip to content

DATA PROTECTION & TERMS AND CONDITIONS

terms and conditions


General Terms and Conditions (GTC) See- und Seminarhotel FloraAlpina AG

The terms and conditions apply to the provision of accommodation services, events, and all associated deliveries and services between the customer and the FloraAlpina Lake and Seminar Hotel.

Conclusion of the contract
The contract is concluded as soon as the seminar or banquet room and/or hotel room has been booked in writing or confirmed by Hotel FloraAlpina.


options Option dates are binding for both parties. After the option dates have expired, the hotel may dispose of all rooms unless the customer has sent a written order confirmation.


The hotel rooms are available from 3:00 p.m. on the day of arrival and until 11:00 a.m. on the day of departure. The hotel may reallocate reserved hotel rooms from 6:00 p.m. onwards if no guarantee has been provided or no late arrival has been agreed.

Changes to the number of participants
The confirmed number of participants serves as the basis for billing. However, reductions in the number of participants of up to 20% of the number of participants at the time of the final booking are free of charge up to three days before arrival. If fewer than 80% of the confirmed participants attend, they will be charged. The final number of participants must be reported at least 3 days before the start of the event and will be charged in any case.

Cancellations of seminars, banquets, and hotel rooms The following conditions apply to the cancellation of the entire event. The above conditions apply to the cancellation of individual persons.


Seminars
to 60 days no charge
no charge 59 to 30 days 50%
29 to 10 days 75%
9 to 0 days 100%

Banquets/Weddings
Up to 60 days No charge
No charge 59 to 30 days 50%
29 to 10 days 75%
9 to 0 days 100%

Hotel rooms
Up to 60 days No charge
No charge 59 to 30 days 50%
29 to 10 days 75%
9 to 0 days 100%

As a matter of principle, the FloraAlpina Lake and Seminar Hotel endeavors to allocate unused capacity elsewhere. If this is successful, the customer will not incur any costs. The customer is responsible for proving that the damage was less than claimed, while the hotel reserves the right to prove that the damage was greater than claimed. If more participants than registered take part in an event, the hotel will provide rooms, places, and meals where possible.

Unclaimed consumption
There is no entitlement to a refund for services ordered but not used or food/drinks not consumed. The customer is free to provide a replacement person for the corresponding consumption. Terms of payment, means of payment Prices are net in CHF, including service, taxes, and VAT. Invoices are payable within 30 days. A reminder fee of CHF 10 will be charged for reminders. The default interest rate is 6.5%. Other payment terms must be agreed in writing between the parties.

Advance payments
We reserve the right to charge a deposit. For weddings, a deposit of 50% is due no later than 14 days before the event.

Place of jurisdiction
The place of jurisdiction is Vitznau. Swiss law applies exclusively. These terms and conditions replace all previous terms and conditions and are valid from July 1, 2014.

DATA PROTECTION

1 Responsible party and content of this privacy policy

We, See- und Seminarhotel FloraAlpina AG, are the operator of See- und Seminarhotel FloraAlpina and the website www.floraalpina.ch and, unless otherwise stated in this privacy policy, are responsible for the data processing described in this privacy policy.

To ensure that you are aware of the personal data we collect from you and the purposes for which we use it, please take note of the following information. Our data protection practices are primarily based on the legal requirements of Swiss data protection law, in particular the Federal Act on Data Protection (FADP), as well as the GDPR, the provisions of which may be applicable in individual cases.

Please note that the following information is reviewed and amended from time to time. We therefore recommend that you review this privacy policy regularly. Furthermore, other companies are responsible for data protection or jointly responsible with us for individual data processing operations listed below, in which case the information provided by these providers is also relevant.

2 Contact persons for data protection

If you have any questions about data protection or would like to exercise your rights, please contact our data protection officer by sending an email to the following address: direktion@floraalpina.ch.

You can contact our EU data protection representative at:

Sascha Graffy

63 Heerberg

DE-55413 Weiler

sascha.graffy@googlemail.com

3 Scope and purpose of the collection, processing, and use of personal data

3.1 Data processing when contacting us

When you contact us via our contact addresses and channels (e.g., by email or telephone), your personal data will be processed. The data you have provided us with, such as your name, email address, telephone number, postal address, and your request, will be processed. In addition, the time of receipt of the request is documented. Mandatory fields are marked with an asterisk (*) in contact forms. We process this data in order to respond to your request (e.g., providing information about our hotel, assisting with contract processing, such as questions about your booking, incorporating your feedback into the improvement of our services, etc.).

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in implementing your request or, if your request is aimed at concluding or processing a contract, the necessity for carrying out the necessary measures within the meaning of Art. 6 para. 1 lit. b GDPR.

3.2 Data processing for orders placed via our online shop

On our website, you have the option of ordering products, services, and vouchers. For this purpose, we collect the following data, whereby mandatory information during the ordering process is marked with an asterisk (*):

  • Salutation
  • First name
  • last name
  • company
  • Billing and delivery address
  • country
  • phone number
  • email
  • payment method
  • shipping method
  • Confirmation of the accuracy of the information provided
  • Confirmation of acknowledgment and agreement regarding the General Terms and Conditions and Privacy Policy

We use the data to verify your identity before concluding a contract. We need your email address to confirm your order and for future communication with you that is necessary for contract processing. We store your data together with the marginal data of the order (e.g., description, price, and characteristics of the products ordered), as well as the details of processing and fulfillment, so that we can ensure correct order processing and contract fulfillment.

The legal basis for this data processing is the fulfillment of a contract with you in accordance with Art. 6 (1) (b) GDPR. The provision of data that is not marked as mandatory is voluntary. We process this data in order to tailor our offer to your personal needs in the best possible way, to facilitate the processing of contracts, to contact you via an alternative communication channel if necessary with regard to the fulfillment of the contract, or for statistical recording and evaluation to optimize our offers.

The legal basis for this data processing is your consent within the meaning of Art. 6 (1) (a) GDPR. You can revoke your consent at any time by notifying us. We use a software application from Idea Creation GmbH (e-guma.ch), Walchestrasse 15, 8006 Zurich, Switzerland, to provide the online store. Your data may therefore be stored in a database belonging to Idea Creation GmbH, which may enable Idea Creation GmbH to access your data if this is necessary for the provision of the software and for support in using the software. Information on the processing of data by third parties and any transfer abroad can be found in section 4 of the privacy policy.

The legal basis for this data processing is the fulfillment of a contract with you pursuant to Art. 6 (1) (b) GDPR.

Idea Creation GmbH may wish to use some of this data for its own purposes (e.g., to send marketing emails or for statistical analysis). Idea Creation GmbH is responsible for this data processing and must ensure compliance with data protection laws in connection with this data processing. Information about data processing by Idea Creation GmbH can be found at https://www.e guma.ch/datenschutz/.

3.3 Data processing for bookings

3.3.1 Booking via our website

You can book accommodation on our website. We collect the following data for this purpose, with mandatory information marked with an asterisk (*) during the booking process:

  • Salutation
  • First name
  • last name
  • billing address
  • birthday
  • phone number
  • email
  • Country or nationality
  • Company name, company address, and VAT number for corporate customers
  • payment method
  • booking details
  • Comments
  • Confirmation of the accuracy of the information provided
  • Confirmation of acknowledgment and agreement regarding the General Terms and Conditions and Privacy Policy

We use the data to verify your identity before concluding a contract. We need your email address to confirm your booking and for future communication with you that is necessary for the execution of the contract. We store your data together with the marginal data of the booking (e.g., room category, length of stay, and description, price, and characteristics of the services), as well as information on the processing and fulfillment of the contract, so that we can ensure correct booking processing and contract fulfillment.

To the extent necessary for the performance of the contract, we will also pass on the required information to any third-party service providers (e.g., event organizers or transport companies).

The legal basis for this data processing is the fulfillment of a contract with you in accordance with Art. 6 (1) (b) GDPR.

The provision of data that is not marked as mandatory is voluntary. We process this data in order to tailor our offerings to your personal needs as best as possible, to facilitate the processing of contracts, to contact you via an alternative communication channel if necessary with regard to the fulfillment of the contract, or for statistical recording and evaluation to optimize our offerings.

The legal basis for this data processing is your consent within the meaning of Art. 6 (1) (a) GDPR. You can revoke your consent at any time by notifying us.

We use a software application from Hotel Spider, Route de Champ-Colin 18, 1260 Nyon, Switzerland, to process bookings via our website www.floraalpina.ch. Your data may therefore be stored in a Hotel Spider database, which may allow Hotel Spider to access your data if this is necessary for the provision of the software and for support in using the software. Information about the processing of data by third parties and any transfer abroad can be found in section 4 of this privacy policy.

The legal basis for this data processing is the fulfillment of a contract with you in accordance with Art. 6 (1) (b) GDPR.

Hotel Spider may wish to use some of this data for its own purposes (e.g. to send marketing emails or for statistical analysis). Hotel Spider is responsible for this data processing and must ensure compliance with data protection laws in connection with this data processing. Information about data processing can be found at: https://www.hotel-spider.com/de/datenschutzrichtlinie.

3.3.2 Booking via a booking platform

If you make bookings via a third-party platform (i.e., via booking.com, Hotel.de, Expedia, Holiday check, HRS, Kayak, Tripadvisor, Trivago, Smartbox, mydays, geschenkparadies.ch, geschenkidee.ch, etc.), we receive various personal data from the respective platform operator in connection with the booking made. This is usually the data listed in section 3.5.2 of this privacy policy. In addition, inquiries regarding your booking may be forwarded to us. We will process this data by name in order to record your booking as requested and to provide the booked services.

The legal basis for this data processing for this purpose lies in the implementation of pre-contractual measures and in the performance of a contract pursuant to Art. 6 (1) (b) GDPR.

Finally, we may exchange personal data with the platform operators in connection with disputes or complaints relating to a booking, insofar as this is necessary to protect our legitimate interests. This may also include data relating to the booking process on the platform or data relating to the booking or processing of services and your stay with us. We process this data to protect our legitimate claims and interests in the processing and maintenance of our contractual relationships with the following platform operators:

  • Booking.com B.V., Oosterdokskade 163, 1001 DL, Netherlands. Further information about data processing in connection with Booking.com B.V. can be found here.
  • Expedia, Inc., 1111 Expedia Group Way West, Seattle, WA 98119, USA. Further information about data processing in connection with Expedia, Inc. can be found here.
  • HolidayCheck AG, Bahnweg 8, 8598 Bottighofen, Switzerland. Further information about data processing in connection with HolidayCheck AG can be found here.
  • HRS GmbH, Breslauer Platz 4, 50668 Cologne, Germany. Further information about data processing in connection with HRS GmbH can be found here.
  • Tripadvisor Inc., 400 1st Avenue, Needham, MA 02494, USA. Further information about data processing in connection with Tripadvisor Inc. can be found here.
  • trivago N.V., Kesselstrasse 5-7, 40221 Düsseldorf, Germany. Further information about data processing in connection with trivago N.V. can be found here.
  • Smartbox Group, Joyce’s Court, Joyce’s Walk, Block B, Talbot St, Dublin 1, D01 C861, Ireland. Further information about data processing in connection with Smartbox can be found here.
  • geschenkidee.ch / Opari AG, Wengistrasse 7, 8004 Zurich. Further information about data processing in connection with geschenkidee.ch can be found here.
  • geschenkparadies.ch / Opari AG, Wengistrasse 7, 8004 Zurich. Further information about data processing in connection with geschenkparadies.ch can be found here.
  • mydays, Mühldorfstraße 8, 81671 Munich, Germany. Further information about data processing in connection with mydays can be found here.
  • STC Switzerland Travel Centre AG, Binzstrasse 38, 8045 Zurich, Switzerland. Further information about data processing in connection with STC can be found here.

Your data is stored in the databases of the platform operators, which enables them to access your data. Information about the processing of data by third parties and any transfer abroad can be found in section 4 of this privacy policy.

The legal basis for data processing for this purpose lies in our legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

3.4 Data processing when reserving a table

On our website, you have the option of reserving a table at a restaurant listed on our website. For this purpose, we collect the following data, depending on the respective offer, whereby mandatory information for reservations via the website is marked with an asterisk (*):

  • First name
  • last name
  • Number of guests (adults and children)
  • email address
  • phone number
  • Address
  • Menu or offer type
  • comment
  • Date and time of reservation

We collect and process the data for the purpose of processing the reservation, in particular to make your reservation request in accordance with your wishes and to contact you in case of any uncertainties or problems. We store your data together with the marginal data of the reservation (e.g., date and time of receipt, etc.), the reservation data (e.g., assigned table), and information on the processing and fulfillment of the contract so that we can ensure correct reservation processing and contract fulfillment.

We use a software application from The Fork / La Fourchette SAS, 70, rue Saint-Lazare, 75009 Paris, France, to process table reservations. Your data may therefore be stored in a database belonging to La Fourchette SAS, which may allow La Fourchette SAS to access your data if this is necessary for the provision of the software and for support in using the software. Information about the processing of data by third parties and any transfer abroad can be found in section 4 of this privacy policy.

The legal basis for this data processing is the fulfillment of a contract with you in accordance with Art. 6 (1) (b) GDPR.

La Fourchette SAS may wish to use some of this data for its own purposes (e.g., to send marketing emails or for statistical analysis). La Fourchette SAS is responsible for this data processing and must ensure compliance with data protection laws in connection with this data processing. Information about data processing by La Fourchette SAS can be found at: https://www.the fork.ch/en/legal.

3.5 Data processing during payment processing

3.5.1 Payment processing at the hotel

When you purchase products, obtain services, or pay for your stay at our hotel using electronic means of payment, the processing of personal data is necessary. By using the payment terminals, you transmit the information stored in your payment method, such as the name of the cardholder and the card number, to the payment service providers involved (e.g., payment solution providers, credit card issuers, and credit card acquirers). They also receive information that the payment method was used in our hotel, the amount, and the time of the transaction. Conversely, we only receive the credit for the amount of the payment made at the relevant time, which we can assign to the relevant receipt number, or information that the transaction was not possible or was canceled. Please always note the information provided by the respective company, in particular the privacy policy and the general terms and conditions.

We use a software application from Nexi Switzerland AG, Richtistrasse 17, 8304 Wallisellen, Switzerland, to process payments. Your data may therefore be stored in a database belonging to Nexi Switzerland AG, which may enable Nexi Switzerland AG to access your data if this is necessary for the provision of the software and for support in using the software. Information about the processing of data by third parties and any transfer abroad can be found in section 4 of this privacy policy.

The legal basis for our data processing is the fulfillment of a contract with you in accordance with Art. 6 (1) (b) GDPR.

Nexi Switzerland AG may wish to use some of this data for its own purposes (e.g. to send marketing emails or for statistical analysis). Nexi Switzerland AG is responsible for this data processing and must ensure compliance with data protection laws in connection with this data processing. Information about data processing by Nexi Schweiz AG can be found at the following links: https://ecom.nets.eu/de/datenschutz/.

3.5.2 Online payment processing

If you make paid bookings on our website or order services or products, depending on the product or service and the desired payment method, you will be required to provide additional data, such as your credit card information or login details for your payment service provider, in addition to the information specified in section 3.3.1. This information, as well as the fact that you have purchased a service from us for the relevant amount and at the relevant time, will be forwarded to the respective payment service providers (e.g., payment solution providers, credit card issuers, and credit card acquirers). Please always note the information provided by the respective company, in particular the privacy policy and the general terms and conditions.

The legal basis for our data processing is the fulfillment of a contract pursuant to Art. 6 (1) (b) GDPR.

We reserve the right to store a copy of your credit card information as security. In order to avoid payment defaults, the necessary data, in particular your personal details, may also be transmitted to a credit agency for an automated assessment of your creditworthiness. In this context, the credit agency may assign you a so-called score value. This is an estimated value of the future risk of default, e.g., based on a percentage. The value is calculated using mathematical and statistical methods and data from other sources provided by the credit agency. We reserve the right not to offer you the "invoice" payment method based on the information received.

The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR in avoiding payment defaults.

For credit checks using the contact form, we use a software application from Nexi Switzerland AG, Richtistrasse 17, 8304 Wallisellen, Switzerland. Your data may therefore be stored in a database belonging to Nexi Switzerland AG, which may enable Nexi Switzerland AG to access your data if this is necessary for the provision of the software and for support in using the software. Information about the processing of data by third parties and any transfer abroad can be found in section 4 of this privacy policy.

The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR in avoiding payment defaults.

Nexi Switzerland AG may wish to use some of this data for its own purposes (e.g., to send marketing emails or for statistical analysis). Nexi Switzerland AG is responsible for this data processing and must ensure compliance with data protection laws in connection with this data processing. Information about data processing by Nexi Schweiz AG can be found at the following link: https://ecom.nets.eu/de/datenschutz.

3.6 Data processing during the recording and billing of services received

If you use services during your stay (e.g., additional overnight stays, wellness, restaurant, activities), in addition to your contract data, the booking data (e.g., time and comments) and the data on the booked and used service (e.g., service item, price, and time of service use) will be recorded and further processed by us for the purpose of handling the service, as described in sections 3 and 4.

The legal basis for our data processing is the fulfillment of a contract pursuant to Art. 6 (1) (b) GDPR.

3.7 Data processing in email marketing

When you register for our marketing emails (e.g., upon opening an account, within your customer account, or as part of an order, booking, or reservation), the following data is collected. Mandatory fields are marked with an asterisk (*) during registration:

  • email address
  • gender
  • First and last name
  • interest

To prevent abuse and to ensure that the owner of an email address has actually given their consent to receive marketing emails, we use a double opt-in process during registration. After submitting your registration, you will receive an email from us with a confirmation link. To definitively register for marketing emails, you must click on this link. If you do not confirm your email address using the confirmation link within the specified time, your data will be deleted and our marketing emails will not be sent to this address.

By registering, you consent to the processing of this data in order to receive marketing emails from us about our hotel and related information about products and services. These marketing emails may also include invitations to participate in competitions, provide feedback, or evaluate our products and services. Collecting your title, first name, and last name allows us to assign your registration to an existing customer account, if one already exists, and thereby personalize the content of the marketing emails. Linking to a customer account allows us to make the offers and content contained in the marketing emails more relevant to you and better tailored to your potential needs.

Our marketing emails may contain a so-called web beacon, 1×1 pixel (tracking pixel) or similar technical tools. A web beacon is an invisible graphic that is linked to the user ID of the respective subscriber. For each marketing email sent, we receive information about which email addresses it was successfully delivered to, which email addresses did not receive the marketing email, and which email addresses the delivery failed. It also shows which email addresses opened the marketing email, how long they were open, and which links were clicked. Finally, we also receive information about which subscribers have unsubscribed from the mailing list. We use this data for statistical purposes and to optimize the marketing emails in terms of frequency and timing of delivery, as well as the structure and content of the marketing emails. This allows us to better tailor the information and offers in our marketing emails to the individual interests of the recipients.

The web beacon is deleted when you delete the marketing email. You can prevent the use of web beacons in our marketing emails by setting your email program's parameters so that HTML is not displayed in messages. You can find information on how to configure this setting in the help section of your email software application, e.g., here for Microsoft Outlook.

By subscribing to marketing emails, you also consent to the statistical analysis of user behavior for the purpose of optimizing and customizing marketing emails.

We use a software application from Brevo – formerly Sendinblue GmbH (Newsletter2Go), Köpenicker Strasse 126, 10179 Berlin, Germany, to send marketing emails. Therefore, your data may be stored in a database belonging to Brevo – formerly Sendinblue GmbH, which may allow Brevo – formerly Sendinblue GmbH to access your data if this is necessary for the provision of the software and for support in using the software. Information about the processing of data by third parties and any transfer abroad can be found in section 4 of this privacy policy.

Your consent constitutes the legal basis for the processing of data within the meaning of Art. 6 (1) (a) GDPR. You may revoke your consent at any time with future effect.

Brevo – formerly Sendinblue GmbH – may wish to use some of this data for its own purposes (e.g., to send marketing emails or for statistical analysis). Brevo – formerly Sendinblue GmbH – is responsible for this data processing and must ensure compliance with data protection laws in connection with this data processing. Information about data processing by Brevo – formerly Sendinblue GmbH – can be found at the following link: https://www.brevo.com/de/legal/privacypolicy/.

3.8 Data processing when submitting guest feedback

During or after your stay, you have the opportunity to provide us with feedback (e.g., praise, criticism, and suggestions for improvement) using a form. For this purpose, we collect the following data, depending on the form, with mandatory fields marked with an asterisk (*):

  • First and last name
  • age
  • nationality
  • language
  • Length of stay
  • feedback

Your data is processed as part of our quality management system and ultimately for the purpose of better tailoring our services and products to the needs of our guests. Specifically, your data is processed for the following purposes:

Clarification of your concern, e.g., obtaining statements from the employees and supervisors concerned or obtaining further information from you, etc.;

Evaluation and analysis of your information, e.g., creation of satisfaction statistics, comparison of individual services, etc.; or

Taking organizational measures in line with the findings, e.g., rectifying shortcomings/deficits/misconduct, for example by repairing defective equipment, instructing employees, and praising or reprimanding them.

In connection with guest feedback, we use a software application from IRC-Swiss GmbH, Rainweg 8, 4496 Kilchberg, Switzerland. Your data may therefore be stored in a database belonging to IRC-Swiss GmbH, which may enable IRC-Swiss GmbH to access your data if this is necessary for the provision of the software and for support in using the software. Information about the processing of data by third parties and any transfer abroad can be found in section 4 of this privacy policy.

The legal basis for this processing is your consent in accordance with Art. 6 (1) (a) GDPR. You may revoke this consent at any time with future effect.

IRC-Swiss GmbH may wish to use some of this data for its own purposes (e.g. to send marketing emails or for statistical analysis). IRC-Swiss GmbH is responsible for this data processing and must ensure compliance with data protection laws in connection with this data processing. Information about data processing by IRC-Swiss GmbH can be found at the following link: https://www.irc-feed back.com/j/privacy.

3.9 Data processing in video surveillance

To protect our guests and employees as well as our property, and to prevent and punish illegal behavior (in particular theft and damage to property), the entrance area and the publicly accessible areas of our hotel, with the exception of the sanitary facilities, may be monitored by cameras. The image data will only be viewed if there is suspicion of illegal behavior. Otherwise, the images will be automatically deleted after 14 days.

For the provision of the video surveillance system, we rely on the management of image material on our own servers. If suspicion of illegal behavior is confirmed, the data may be passed on to consulting firms (in particular to a law firm) and authorities to the extent necessary to enforce claims or file charges. Information about the processing of data by third parties and any transfer abroad can be found in section 4 of this privacy policy.

The legal basis is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in protecting our guests, our employees, and our property, as well as in safeguarding and enforcing our rights.

3.10 Data processing when using our WiFi network

You have the option of using our WiFi network free of charge. To prevent misuse and punish illegal behavior, prior registration is required. To do so, please provide us with the following information:

  • MAC address of the terminal device (automatic)

In addition to the above data, each time you use the WiFi network, data on the time and date of use and the device used is collected. The legal basis for this processing is your consent within the meaning of Art. 6 (1) (a) GDPR. You can revoke your consent at any time with future effect.

The WiFi network is provided by the FloraAlpina Lake and Seminar Hotel. Your data is securely managed on an in-house server. If suspicion of unlawful conduct is confirmed, the data may be passed on to consulting firms (in particular to a law firm) and authorities to the extent necessary to enforce claims or file a complaint. Information about the processing of data by third parties and any transfer abroad can be found in section 4 of this privacy policy.

We use equipment from LANCOM Systems GmbH, Adenauerstraße 20 / B2, 52146 Würselen, Germany, and Sophos Schweiz AG, c/o RA lic. iur. Hans Rudi Alder, Pestalozzistrasse 2, 8200 Schaffhausen, Switzerland, to provide our WiFi network.

3.11 Data processing in compliance with statutory reporting obligations

Upon arrival at our hotel, we may require the following information from you and your companions. Mandatory fields are marked with an asterisk (*) on the corresponding form:

  • Salutation
  • gender
  • First and last name
  • Address (postal code, city, state)
  • telephone
  • date of birth
  • nationality
  • Identity card or passport
  • Arrival and departure day

We collect this information to comply with legal reporting requirements, particularly those arising from hospitality or police law. Where we are required to do so by applicable regulations, we forward this information to the relevant authorities.

The legal basis for processing this data lies in our legitimate interest within the meaning of Art. 6 (1) (c) GDPR in complying with our legal obligations. (*)

3.12 Data processing for job applications

You have the option of applying for a position in our company either spontaneously or in response to a specific job advertisement. In this case, we will process the personal data you provide.

We use the data you provide to review your application and assess your suitability for employment. Application documents from unsuccessful applicants will be deleted after the application process has been completed, unless you explicitly agree to a longer retention period or we are legally obliged to retain them for a longer period.

The legal basis for processing your data for this purpose is the execution of a contract (pre-contractual phase) in accordance with Art. 6 (1) (b) GDPR.

4 Disclosure and transfer abroad

4.1 Disclosure to third parties and third-party access

Without the support of other companies, we would not be able to provide our services in the desired form. In order for us to use the services of these companies, it is necessary to pass on your personal data to them to a certain extent. Data is passed on to selected third-party service providers and only to the extent necessary for the optimal provision of our services.

Various third-party service providers are already explicitly mentioned in this privacy policy. These are the following service providers:

  • Fidelio Suite 8 from Fidelio Switzerland AG, c/o Attorney Hans Rudi Alder, Pestalozzistrasse 2, 8200 Schaffhausen, Switzerland, as the leading system for CRM and hospitality
  • Idea Creation GmbH (e-guma.ch), Walchestrasse 15, 8006 Zurich, Switzerland. Further information about data processing in connection with Idea Creation GmbH (e-guma.ch) can be found here: https://www.e-guma.ch/datenschutz/
  • IRC-Swiss GmbH, Rainweg 8, 4496 Kilchberg, Switzerland. Further information about data processing in connection with IRC-Swiss GmbH can be found here: https://www.irc-feed back.com/j/privacy
  • Lightspeed Commerce CH SA, Rue du Lac 12, 1207 Geneva, Switzerland. Further information about data processing in connection with Lightspeed Commerce CH SA can be found here: https://de.lightspeedhq.ch/legal/datenschutzerklarung/ – TrustYou GmbH, Schmellerstrasse 9, 80337 Munich, Germany. Further information about data processing in connection with TrustYou GmbH can be found here: https://www.trustyou.com/de/wp-content/uploads/2023/02/Datenschutzerklaerung.pdf

The legal basis for this transfer of data is the necessity to fulfill a contract within the meaning of Art. 6 (1) (b) GDPR. Your data will also be transferred to the extent necessary to fulfill the services you have requested, i.e., for example, to restaurants or providers of other services for which you have made a reservation through us. The legal basis for these transfers is the necessity to fulfill a contract within the meaning of Art. 6 (1) (b) GDPR. For this data processing, the third-party service providers are responsible within the meaning of the Data Protection Act, not us. It is the responsibility of these third-party service providers to inform you about their own data processing activities—beyond the transfer of data for the provision of services—and to comply with data protection laws.

In addition, your data may be disclosed, in particular to authorities, legal advisors, or debt collection agencies, if we are legally obliged to do so or if this is necessary to protect our rights, in particular to enforce claims arising from our relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof and such disclosure is necessary to perform due diligence or to complete the transaction. Our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR in protecting our rights and complying with our obligations or in selling our company or parts thereof forms the legal basis for this data processing.

4.2 Transfer of personal data abroad

We are also entitled to transfer your personal data to third parties abroad if this is necessary to carry out the data processing operations specified in this privacy policy.

Individual data transfers have been mentioned above in section 3. The legal requirements for the disclosure of personal data to third parties are of course complied with. The countries to which data is transferred include those that, according to a decision by the Federal Council and the EU Commission, have an adequate level of data protection (such as the member states of the EEA or, from the EU's perspective, Switzerland), but also countries (such as the USA) whose level of data protection is not considered adequate (see Annex 1 of the Data Protection Ordinance (DSV) and the EU Commission website). If the country in question does not have an adequate level of data protection, we ensure, unless an exception is specified for individual data processing in individual cases (see Art. 49 GDPR), that your data is adequately protected by these companies through appropriate safeguards. Unless otherwise specified, these are standard contractual clauses within the meaning of Art. 46 (2) (c) GDPR, which can be found on the websites of the Federal Data Protection and Information Commissioner (FDPIC) and the EU Commission. If you have any questions about the measures taken, please contact our data protection officer (see section 2).

4.3 Information on data transfers to the USA

Some of the third-party service providers mentioned in this privacy policy are based in the USA. For the sake of completeness, we would like to point out to users residing or based in Switzerland or the EU that US authorities have surveillance measures in place that generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland or the EU to the USA. This is done without differentiation, restriction, or exception based on the objective pursued and without an objective criterion that would allow the US authorities' access to the data and its subsequent use to be limited to very specific, strictly limited purposes that would justify the interference associated with both access to and use of this data. We would also like to point out that in the US, data subjects from Switzerland or the EU have no legal remedies or effective judicial protection against the general access rights of US authorities, which allow them to obtain access to data concerning them and to have it corrected or deleted. We expressly draw your attention to this legal and factual situation in order to enable you to make an informed decision about consenting to the use of your data.

We would also like to point out to users residing in Switzerland or an EU member state that, from the perspective of the European Union and Switzerland, the USA does not have an adequate level of data protection, among other things due to the explanations provided in this section. Insofar as we have explained in this privacy policy that recipients of data (such as Google) are based in the USA, we will ensure through contractual arrangements with these companies and, where necessary, additional appropriate safeguards that your data is adequately protected by our third-party service providers.

5 Background data processing on our website

5.1 Data processing when visiting our website (log file data)

When you visit our website, the servers of our hosting provider Hostpoint AG, Neue Jonastrasse 60, 8640 Rapperswil-Jona, Switzerland, temporarily store each access in a log file. The following data is collected without your intervention and stored by us until it is automatically deleted:

  • IP address of the requesting computer;
  • Date and time of access;
  • Name and URL of the retrieved file;
  • Website from which access was made, including any search terms used, if applicable;
  • Your computer's operating system and the browser you are using (including type, version, and language settings);
  • Device type in the case of access via mobile phones;
  • City or region from which the access originated; and
  • Name of your Internet access provider.

This data is collected and processed for the purpose of enabling the use of our website (connection establishment), ensuring long-term system security and stability, enabling error and performance analysis, and optimizing our website (see also section 4.3 for the last points).

In the event of an attack on the website's network infrastructure or if other unauthorized or abusive use of the website is suspected, the IP address and other data will be evaluated for clarification and defense purposes and, if necessary, used in civil or criminal proceedings to identify the user concerned.

Our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR and thus the legal basis for data processing lies in the purposes described above.

Finally, when you visit our website, we use cookies and applications and tools that are based on the use of cookies. In this context, the data described here may also be processed. You can find more detailed information on this in the following sections of this privacy policy, in particular section 5.2 below.

5.2 Cookies

Cookies are information files that your web browser stores on your computer's hard drive or RAM when you visit our website. Cookies are assigned identification numbers that identify your browser and allow the information contained in the cookie to be read.

Among other things, cookies help to make your visit to our website easier, more enjoyable, and more meaningful. We use cookies for various purposes that are necessary for your desired use of the website, i.e., "technically necessary." For example, we use cookies to identify you as a registered user after you log in, so that you do not have to log in again each time you navigate to different subpages. The provision of order and booking functions is also based on the use of cookies. Cookies also perform other technical functions necessary for the operation of the website, such as load balancing, i.e., distributing the performance load of the site across different web servers to reduce the load on the servers. Cookies are also used for security purposes, e.g., to prevent unauthorized posting of content. Finally, we also use cookies in the design and programming of our website, e.g., to enable the uploading of scripts or codes.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in providing a user-friendly and up-to-date website.

Most Internet browsers automatically accept cookies. However, when you access our website, we ask for your consent to the use of cookies that are not technically necessary, in particular when using third-party cookies for marketing purposes. You can configure your preferred settings using the corresponding buttons in the cookie banner. Details on the services and data processing associated with the individual cookies can be found within the cookie banner and in the following sections of this privacy policy.

You may also be able to configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie. The following pages explain how you can configure the processing of cookies in selected browsers.

  • Google Chrome for desktop
  • Google Chrome for Mobile Apple
  • Safari Microsoft Windows Internet
  • Microsoft Windows Explorer
  • Internet Explorer Mobile
  • Mozilla Firefox

Disabling cookies may prevent you from using all the features of our website.

5.3 Tracking and web analysis tools

5.3.1 General information about tracking

We use the web analysis services listed below for the purpose of designing our website in line with user requirements and continuously optimizing it. In this context, pseudonymized usage profiles are created and cookies are used (please also note section 5.2). The information generated by the cookie about your use of this website is usually transferred together with the log file data listed in section 5.1 to a server of the service provider, where it is stored and processed. This may also involve transfer to servers abroad, e.g., in the USA (see sections 4.2 and 4.3, in particular regarding the lack of an adequate level of data protection and the safeguards provided).

By processing the data, we obtain the following information, among other things:

  • Navigation path that a visitor takes on the site (including content viewed and products selected or purchased or services booked);
  • Time spent on the website or subpage;
  • Subpage from which the website is being exited;
  • Country, region, or city from which access is made;
  • Device (type, version, color depth, resolution, width, and height of the browser window);
  • Returning or new visitor.

On our behalf, the provider will use this information to evaluate the use of the website, in particular to compile website activity and to provide other services related to website and internet usage for the purposes of market research and the needs-based design of these websites. For these processing operations, we and the providers can be considered jointly responsible under data protection law to a certain extent. The legal basis for this data processing with the following services is your consent within the meaning of Art. 6 (1) (a) GDPR. You can revoke your consent at any time or refuse processing by rejecting or disabling the relevant cookies in your web browser settings (see section 5.2) or by making use of the service-specific options described below.

For further processing of the data by the respective provider as the (sole) controller under data protection law, in particular any disclosure of this information to third parties, such as authorities on the basis of national legal provisions, please refer to the respective data protection information provided by the provider.

5.3.2 Google Analytics

We use the web analytics service Google Analytics from Google Ireland Limited, based at Gordon House, Barrow Street, Dublin 4, Ireland, or Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google).

Contrary to the description in section 5.3.1, IP addresses are not logged or stored in Google Analytics (in the version used here, "Google Analytics 4"). For access originating in the EU, IP address data is only used to derive location data and is then immediately deleted. When collecting measurement data in Google Analytics, all IP searches are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing. Regional data centers are used in Google Analytics. When Google Analytics connects to the nearest available Google data center, the measurement data is sent to Analytics via an encrypted HTTPS connection. In these centers, the data is further encrypted before being forwarded to the Analytics processing servers and made available on the platform. The most suitable local data center is determined based on IP addresses. This may also involve data being transferred to servers abroad, e.g., in the US (see section 4.2, in particular regarding the lack of an adequate level of data protection and the safeguards provided).

We also use the technical extension "Google Signals," which enables cross-device tracking—i.e., tracking across different devices. This allows us to assign individual website visitors to different devices. However, this only happens if the visitor has logged into a Google service when visiting the website and has also activated the "personalized advertising" option in their Google account settings. Even then, however, we do not have access to any personal data or user profiles; they remain anonymous to us. If you do not want to use "Google Signals," you can deactivate the "personalized advertising" option in your Google account settings.

Users can prevent Google from collecting the data generated by the cookie and relating to their use of the website (including their IP address) and from processing this data by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

As an alternative to the browser plugin, users can click this link to prevent Google Analytics from collecting data on the website in the future. An opt-out cookie will be stored on the user's device. If users delete cookies (see section 5 Cookies), they must click the link again.

5.4 Social Media

5.4.1 Social media profiles

On our website, we have included links to our profiles on the social networks of the following providers:

  • Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Privacy Policy
  • LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland, Privacy Notice

When you click on the social network icons, you will be automatically redirected to our profile on the respective network. This establishes a direct connection between your browser and the server of the respective social network. This provides the network with the information that you have visited our website with your IP address and clicked on the link. This may also result in data being transferred to servers abroad, e.g., in the USA (see sections 4.2 and 4.3, in particular regarding the lack of an adequate level of data protection and the safeguards provided).

If you click on a link to a network while you are logged into your user account with that network, the content of our website may be linked to your profile, allowing the network to associate your visit to our website directly with your account. If you wish to prevent this, you should log out before clicking on the relevant links. A connection between your access to our website and your user account will be established in any case if you log in to the respective network after clicking on the link. The respective provider is responsible for data protection in relation to the associated data processing. Please therefore note the data protection information on the network's website.

The legal basis for any data processing attributed to us is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in the use and promotion of our social media profiles.

5.4.2 Social media plugins

On our website, you can use social media plugins from the providers listed below:

  • Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Privacy Policy
  • LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland, Privacy Notice

We use social media plugins to make it easier for you to share content from our website. Social media plugins help us increase the visibility of our content on social networks and thus contribute to better marketing.

The plugins are disabled by default on our websites and therefore do not send any data to social networks when you simply visit our website. To increase data protection, we have integrated the plugins in such a way that a connection to the servers of the networks is not established automatically. Only when you activate the plugins by clicking on them and thus give your consent to the transmission and further processing of data by the providers of the social networks does your browser establish a direct connection to the servers of the respective social network.

The content of the plugin is transmitted directly from the social network to your browser and integrated into the website. This provides the respective provider with the information that your browser has accessed the corresponding page of our website, even if you do not have an account with this social network or are not currently logged in. This information (including your IP address) is transmitted directly from your browser to a server of the provider (usually in the USA) and stored there (see, in particular, sections 4.2 and 4.3 regarding the lack of an adequate level of data protection and the guarantees provided). We have no influence on the scope of the data that the provider collects with the plugin, although from a data protection perspective we can be considered jointly responsible with the providers to a certain extent.

If you are logged into the social network, it can directly associate your visit to our website with your user account. If you interact with the plugins, the corresponding information is also transmitted directly to a server of the provider and stored there. The information (e.g., that you like a product or service from us) may also be published on the social network and may be displayed to other users of the social network. The social network provider may use this information for the purpose of placing advertisements and designing the respective offer in line with demand. For this purpose, usage, interest, and relationship profiles may be created, e.g., to evaluate your use of our website with regard to the advertisements displayed to you on the social network, to inform other users about your activities on our website, and to provide other services related to the use of the social network. The purpose and scope of the data collection and the further processing and use of the data by the providers of the social networks, as well as your rights in this regard and setting options for protecting your privacy, can be found directly in the privacy policy of the respective provider.

If you do not want the social network provider to assign the data collected via our website to your user account, you must log out of the social network before activating the plugins. Your consent within the meaning of Art. 6 (1) (a) GDPR forms the legal basis for the data processing described above. You can revoke your consent at any time by declaring your revocation to the plugin provider in accordance with the information provided in their privacy policy.

5.5 Online advertising

5.5.1 In general

We use the services of various companies to provide you with interesting offers online. Your user behavior on our website and the websites of other providers is analyzed so that we can then display online advertising tailored to your individual needs.

Most technologies for tracking your user behavior and displaying targeted advertising work with cookies (see also section 5.2), which allow your browser to be recognized across different websites. Depending on the service provider, it may also be possible for you to be recognized online even when using different devices (e.g., laptop and smartphone). This may be the case, for example, if you have registered for a service that you use with multiple devices.

In addition to the data already mentioned, which is collected when you visit websites (log file data, see section 5.1) and when cookies are used (section 5.2) and which may be passed on to companies participating in advertising networks, the following data in particular is used to select the advertising that is most relevant to you:

  • Personal information that you have provided when registering or using a service from advertising partners (e.g., your gender, age group); and
  • User behavior (e.g., search queries, interactions with advertising, types of websites visited, products or services viewed and purchased, newsletters subscribed to).

We and our service providers use this data to determine whether you belong to the target group we are addressing and take this into account when selecting advertisements. For example, after you have visited our site, advertisements for the products or services you have consulted may be displayed when you visit other sites (retargeting). Depending on the scope of the data, a user profile may also be created, which is evaluated automatically, whereby the ads are selected according to the information stored in the profile, such as membership of certain demographic segments or potential interests or behaviors. Such ads may be displayed to you on various channels, including our website or app (as part of onsite and in-app marketing) as well as ads served through the online advertising networks we use, such as Google.

The data can then be evaluated for the purpose of billing the service provider and assessing the effectiveness of advertising measures in order to better understand the needs of our users and customers and improve future campaigns. This may also include information that an action (e.g., visiting certain sections of our websites or sending information) can be attributed to a specific advertisement. Furthermore, we receive aggregated reports from service providers on advertising activities and information on how users interact with our website and our advertisements.

The legal basis for this data processing is your consent within the meaning of Art. 6 (1) (a) GDPR. You can revoke your consent at any time by rejecting or disabling the relevant cookies in your web browser settings (see section 5.2). Further options for blocking advertising can also be found in the information provided by the respective service provider, e.g., Google.

5.5.2 Google Ads

This website uses the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google) for online advertising, as explained in section 5.5.1. Google uses cookies for this purpose (see the list here), which enable your browser to be recognized when you visit other websites. The information generated by the cookies about your visit to these websites (including your IP address) is transmitted to a Google server in the USA and stored there (see sections 4.2 and 4.3, in particular regarding the lack of an adequate level of data protection and the safeguards provided). Further information on data protection at Google can be found here. The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by rejecting or disabling the relevant cookies in your web browser settings (see section 5.2). Further options for blocking advertising can be found here.

6 Retention periods

We only store personal data for as long as is necessary to carry out the processing operations described in this privacy policy within the scope of our legitimate interests. In the case of contract data, storage is required by statutory retention obligations. Requirements that oblige us to store data arise from accounting regulations and tax law provisions. According to these regulations, business communications, concluded contracts, and booking documents must be retained for up to 10 years. If we no longer need this data to perform services for you, the data will be blocked. This means that the data may then only be used if this is necessary to fulfill the retention obligations or to defend and enforce our legal interests. The data will be deleted as soon as there is no longer any retention obligation or legitimate interest in its retention.

7 Data security

We use appropriate technical and organizational security measures to protect your personal data stored with us against loss and unlawful processing, namely unauthorized access by third parties. Our employees and the service providers we commission are bound by us to maintain confidentiality and protect data privacy. Furthermore, these persons are only granted access to personal data to the extent necessary for the performance of their tasks.

Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks, and we cannot therefore provide an absolute guarantee for the security of information transmitted in this way.

8 Your rights

Provided that the legal requirements are met, you, as a data subject, have the following rights:

Right to information: You have the right to request access to your personal data stored by us at any time, free of charge, if we process it. This allows you to check what personal data we process about you and whether we process it in accordance with the applicable data protection regulations.

Right to rectification: You have the right to have inaccurate or incomplete personal data corrected and to be informed of the correction. In this case, we will also inform the recipients of the data concerned about the adjustments we have made, unless this is impossible or involves disproportionate effort.

Right to erasure: You have the right to have your personal data erased under certain circumstances. In individual cases, particularly where there are legal retention obligations, the right to erasure may be excluded. In this case, the data may be blocked instead of erased, provided that the relevant conditions are met.

Right to restriction of processing: You have the right to request that the processing of your personal data be restricted.

Right to data portability: You have the right to receive the personal data you have provided to us in a readable format free of charge. Right to object: You can object to data processing at any time, in particular to data processing in connection with direct marketing (e.g., marketing emails).

Right of withdrawal: You have the right to withdraw your consent at any time. However, processing activities based on your consent in the past will not become unlawful as a result of your withdrawal.

To exercise these rights, please send us an email to the following address: direktion@floraalpina.ch

Right to lodge a complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g., against the manner in which your personal data is processed.