We, ACASA Suites, Binzmühlestrasse 72, 8050 Zürich, telephone +44 44 552 78 78, E-Mail: email@example.com, are the operator of the website acasasuites.com and are responsible for collecting, processing and using your personal data as well as for the compliance of this data processing with the data protection legislation which applies to the relevant website (data protection officer: Moritz von der Heyde).
Your trust is important to us, which is why we take data protection seriously and ensure the appropriate level of security. We observe the statutory provisions of the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (DPO), the Swiss Telecommunications Act (TCA) and any other data protection provisions which may apply under Swiss or EU law, in particular the General Data Protection Regulation (GDPR), as a matter of course.
Please take note of the following information so that you are aware of the personal data we collect from you and the purposes for which we use it.
1. Processing data in connection with our website
When you visit our website, certain technical protocol files are temporarily collected and stored. The following technical data is recorded automatically at that time, as is usually the case when you connect to any web server:
- Name und URL of the visited website
- IP address of the computer sending the query
- Date and time of access
- Name of the owner of the IP address area (usually your internet provider)
- Website from which access was gained (Referrer URL) with search term used if applicable
- Status-Code (i.e. error-message)
- operating system of your computer and browser used (type, version and language)
- Country, from where you were accessing
- Name of your internet access provider
- Transfer protocol used (i.e.. HTTP/1.1) and
- User name if you registered/logged in
This technical data is recorded automatically and stored until the next automatic erasure after 24 hours after the web statistics have been recorded. This data is collected and processed to allow users to use our websites (to establish a connection), to ensure permanent system security and stability, to enable us to optimise our online offering and for internal statistical purposes. This is the basis for our legitimate interest in processing the data within the meaning of Art. 6 para. 1 letter f GDPR.
The IP address is also analysed together with the other data to investigate and prevent attacks on our network infrastructure or other unauthorised use or abuse of the websites and, if applicable, during criminal proceedings for identifying and prosecuting the relevant users under civil and criminal law. This is the basis for our legitimate interest in processing the data within the meaning of Art. 6 para. 1 letter f GDPR.
To register for our newsletter we need the following information from you:
- First name and surname
- E-Mail address
We process this data and voluntarily stated data regarding your interests (serviced apartments, hotel rooms and suites, gastronomy, meeting) only to personalise the information and offers to be sent to you and to better match them to your interests.
When you register, you give us your consent to process the data provided to regularly send the newsletter to the address you specified, to statistically analyse your usage behaviour and to optimise the newsletter. This consent constitutes our legal basis for processing your e-mail address within the meaning of Art. 6 para. 1 letter a GDPR. We are entitled to commission third parties with the technical implementation of advertising initiatives and to pass on your data for this purpose.
At the end of every newsletter, there is a link for you to unsubscribe from the newsletter at any time. When you unsubscribe you can give a reason if you wish. After you have unsubscribed from the newsletter, your personal data will be erased. It will only be processed further in an anonymised form to optimise our newsletter.
2. Booking on the website, via email correspondence, by calling or personally with us
When you book on our website, by corresponding with us (email, postmail), by calling or personally with us, we require the following data to process the contract:
- First name and surname
- E-Mail address
- Credit card information
This data as well as voluntarily given information (i.e. telephone number, date of birth, postal address, arrival time, preferences, comments etc.) will only be used to process the contract unless otherwise specified in this privacy statement or unless you have given separate consent. In particular, we will process the data to enter your booking as required, to provide the booked services, to contact you in the event of problems and to ensure that the payment is correct. The booking through our website is made with the software travelclick (an Amadeus company) 55 W 46th Street , 27th Floor, New York, NY 10036, USA.
The legal basis for processing the data for this purpose is the performance of a contract in accordance with Art. 6 para. 1 letter b GDPR.
In order to make your visit to our website more attractive and to enable certain functions, this website uses so called cookies. Cookies are information files that your web browser automatically saves to your computer’s hard drive when you visit our website.
We point out that these changes in settings always apply for the used browser. If you use several browsers or if you change the device you need to redo the changes in the settings. You can always delete cookies from your storage medium. Please read information about the cookie settings, their change and the deletion of cookies in the help function of your web-browser.
There are session cookies and permanent cookies. Session cookies are temporary data (i.e. to avoid an additional login after change of site) and are deleted after logout or loose validity as soon as the session has ended. A permanent cookie stores a file during a suggested time period on your computer (i.e. to remember your settings for the next visit).
For the purpose of designing our website to meet our needs and those of our users, and for the ongoing optimisation of the website, we use the Google Analytics web analysis service. In this context, pseudonymised user profiles are created and small text files that are stored on your computer (‘cookies’) are used. The information generated by the cookie about your use of this website is transmitted to the servers of the providers of these services, stored there and processed for us. In addition to the data listed under 1 above, this may provide us with the following information:
- Navigation path taken by a visitor to the site
- Length of stay on the website or sub-page
- The sub-page on which the website is exited
- The country, region or city from which the site is accessed
- End device (type, version, colour depth, resolution, width and height of the browser window) and returning or new visitor.
The information is used to evaluate the use of the website, to compile reports on website activities and to provide other services associated with website and internet usage for the purpose of market research and tailoring the design of this website to suit our needs and those of users. This information may also be shared with third parties if required by law or if third parties are processing these data on our behalf.
Google Analytics is provided by Google Inc., a company of the holding company Alphabet Inc., which is based in the USA. For the Member States of the European Union or for other parties to the Agreement on the European Economic Area, the IP address is truncated before the data is transmitted to the provider due to the activation of IP anonymisation (“anonymizeIP”) on our website. Google does not associate the anonymised IP address transmitted by your browser for Google Analytics with any other data held by Google. Only in exceptional cases will the full IP address be sent to and shortened by Google servers in the USA. In such cases, we ensure that Google Inc. maintains an adequate level of data protection by means of contractual safeguards. Google Inc. states that the IP address will not be associated with other data concerning users under any circumstances.
Visit the Google Analytics website to find out more about the web analytics service we use. You can find instructions on how to prevent your data being processed by the web analytics service here: http://tools.google.com/dlpage/gaoptout?hl=de.
“Re-targeting” technology may be used on the websites. “Re-targeting” technology may be used on the websites. This technology analyses your user behaviour on our websites to offer you tailor-made advertising on later visits, including to partner websites. Your user behaviour is recorded with a pseudonym. Most re-targeting technology operates using cookies (see no. 3). You can prevent re-targeting at any time by refusing or deactivating the relevant cookies in your web browser’s menu bar.
Our website uses among other technologies Google-AdWords-Remarketing a service by von Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (afterwards «Google»),for the placement of advertisements based on the use of previously visited websites. For this purpose, Google uses the DoubleClick cookie, which enables recognition of your browser when you visit other websites. The information generated by the cookie about your visit to these websites (including your IP address) is transmitted to a Google server in the USA and stored there. Google uses the so-called DoubleClick-Cookie, which enables recognition of your browser when you visit other websites.
The information generated by the cookie about the visit to our websites (including your IP address) is sent to and stored by Google servers in the USA. Google will use this information for analysing your use of the website in view of the advertisements to display, compiling reports on website activity and advertisements for website operators and providing other services relating to website activity and Internet usage. Google may also transmit this information to third parties if required by law or if third parties process this data on its behalf. However, Google will not associate your IP address with other data held by Google under any circumstances.
In addition, we use Google Tag Manager to manage the services for usage-based advertising. The Tag Manager tool itself is a cookieless domain and does not collect any personal data. The tool rather ensures the activation of other tags which, for their part, collect data under certain circumstances (see above with respect to this). If you have applied the deactivation setting at the domain or cookie level, this will remain in place for all tracking tags implemented using Google Tag Manager.
You may prevent or deactivate the retargeting at any time by adjusting the settings in the cookie settings on our websites, or by modifying or turning off the relevant cookies in the menu bar of your web browser (also see section 6 below). In addition, you may request an opt-out for the other named advertising and retargeting tools through the website of Digital Advertising Alliance at optout.aboutads.info
5. Processsing data in connection with your stay
5.1 Processing data to comply with statutory notification
When you arrive at our hotels, we may require the following information from you and the people accompanying you:
- First name and surname
- Postal address and canton
- Date of birth
- Place of birth
- Official form of identification and number
- Arrival and departure day
- Room number
We collect this information to comply with statutory notification obligations arising from hotel and catering industry and police legislation in particular. Insofar as we are obliged to do so by the applicable provisions, we will forward this information to the relevant police authority.
Our legitimate interest within the meaning of Art. 6 para. 1 letter f GDPR is to comply with the legal requirements.
5.2 Recording services received
If you receive additional services during your stay (e.g. mini bar, wellness treatment), the service and the time it was received will be recorded and processed by us for billing purposes and to provide the booked service. The processing of this data is necessary for processing the contract with us within the meaning of Art. 6 para. 1 letter b GDPR.
6. Social media
We have included links to our social media profiles on our websites. The links may lead to the following networks:
- Facebook Inc., 1601 S California Ave, Palo Alto, CA 94304,USA
- Instagram Inc., 1601 Willow Road, Meno Park, CA 94025, USA
- Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA
- LinkedIn Irleand Unlimited Company, Dublin 2, Ireland
If you click on the relevant symbols of the social networks, you will automatically be redirected to our profiles on the respective networks. You may have to log in to your user account to use the relevant network’s functions. If you open a link to one of our social media profiles, a direct connection will be established between your browser and the server of the relevant social network. The network will then receive the information that you are visiting our websites with your IP address and have opened the link. If you open a link to a network while you are logged into your account with the relevant network, the content of our website can be linked to your profile on the network, which means that the network can directly associate your visit to our websites with your user account. If you want to prevent this, you should log out before clicking on these links. However, this association will be made anyway if you log into the relevant network after clicking the link.
7. Storing and exchanging data with third parties
7.1 Booking platforms
If you book via a third-party platform, we receive various personal information from the relevant platform operator. This is generally the data listed in no. 2 of this privacy statement. Any requests concerning your booking are also forwarded to us. In particular, we will process the data to enter your booking as required and to provide the booked services. The legal basis for processing the data for this purpose is the performance of a contract in accordance with Art. 6 para. 1 letter b GDPR.
Finally, we may be informed by the platform operators about disputes in connection with a booking. If so, we may also receive data concerning the booking process in some cases, which may include a copy of the booking confirmation to serve as evidence of the booking actually being completed. We process this data to safeguard and enforce our claims. This is the basis for our legitimate interest within the meaning of Art. 6 para. 1 letter f GDPR.
Please also observe the privacy information of the relevant provider.
7.2 Central storage and combination of data
We store the data submitted in a central electronic data processing system. Your personal data is systematically recorded and combined to process your bookings and perform the contractual services. We use software of Shiji HK Ltd, namely the software StayNtouch (a shiji group brand) 7700 Old Georgetown Rd, Suite 550, Bethesda, Maryland, 20814, USA. Also, for our customer data management we use the CRM Salesforce, Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA.
This data is processed using the software based on our legitimate interest within the meaning of Art. 6 para. 1 letter f GDPR in customer-friendly and efficient customer data management.
7.3 Retention period
We only pass on your personal data if you have explicitly given your consent, if there is a statutory obligation to do so or if it is necessary to enforce our rights, in particular to enforce claims arising from the contractual relation. We also pass your data on to third parties if it is required for using the website and processing the contract, such as to process your booking or to analyse your user behaviour. Third parties include service providers such as booking partners, IT-providers, agencies as well as authorities and law enforcement bodies.
Provided that it is required for the purposes specified above, disclosure may also be sent to a foreign country. If the websites contain links to websites of third parties, once such links are clicked, we no longer has any control over the collection, processing, storage or use of personal data by the third parties, and does not accept any responsibility in this regard.
One service provider to which the personal data collected via the website is passed on, or which has or may have access to the personal data, is our web hosting provider cyon GmbH, Brunngässlein 12, 4052 Basel, Schweiz as well as our web agency Media Motion AG, Arbonstrasse 6, 9300 Wittenbach, Schweiz. The website is hosted on servers in Switzerland. The data is passed on for the purpose of providing and maintaining our website’s functions. This is the basis for our legitimate interest within the meaning of Art. 6 para. 1 letter f GDPR.
Finally, we forward your credit card information to your credit card issuer and the credit card acquirer when you pay by credit card on the website. If you choose to pay by credit card, you will be asked to enter all the necessary information each time. The legal basis for passing on the data is the performance of a contract in accordance with Art. 6 para. 1 letter b GDPR. For information about the processing of your credit card information by these third parties, please also read the general terms and conditions and privacy statement of your credit card issuer.
7.5 Transmitting personal data to another country
We are entitled to transmit your personal data, including to external companies (commissioned service providers) in another country, for the data processing described in this privacy statement. These companies are subject to the same data protection obligations as we are. If the level of data protection in a country is not equivalent to that of Switzerland or Europe, we ensure by means of a contract that the protection of your personal data is equivalent to the protection provided in Switzerland and/or in the EU at all times.
8. FURTHER INFORMATION
8.1 Right to access, rectification, erasure and restriction of processing; right to data portability
You have the right to receive access to the personal data that we store about you on request. You also have the right to rectification of incorrect data and the right to erasure of your personal data if this is not precluded by any statutory retention obligation or permission which allows us to process the data.
In addition, you have the right to ask us to return the data you have submitted to us (right to data portability). We will also pass the data on to a third party of your choice on request. You have the right to receive the data in a commonly used file format.
You can contact us using the e-mail address firstname.lastname@example.org for the purposes specified above. We reserve the right to ask for proof of your identity to process your requests.
8.2 Data security
We implement technical and organisational security measures that are suitable for us to protect your personal data that we store from manipulation, partial or total loss and unauthorised access by third parties. Our security measures are improved on an ongoing basis in line with technological development.
You should always keep your login details confidential and close the browser window when you have finished communicating with us, especially if you share your computer with others.
We also take data protection within the company very seriously. Our employees and the service providers commissioned by us are subject to confidentiality obligations and are obliged to comply with data protection provisions.8.3 Hinweis zu Datenübermittlungen in die USA
8.3 Note on transmitting data to the USA
For the sake of completeness, we wish to point out to users residing or established in Switzerland that, in the USA, US authorities carry out monitoring activities which allow all personal data belonging to all persons whose data has been transmitted from Switzerland to the USA to be stored as a general rule. These activities are carried out without differentiation, restriction or exception based on the aim pursued and with no objective criterion that makes it possible to restrict the US authorities’ access to the data and its subsequent use to specifically defined, strictly limited purposes which are able to justify the intrusion associated with both access to this data and to its use. We also wish to point out that, in the USA, there are no legal remedies available to the data subjects from Switzerland that enable them to receive access to the data concerning them and to have it rectified or erased, and no effective judicial protection from the general access rights of US authorities. We explicitly make data subjects aware of these facts and the legal situation so that they can make a suitably informed decision about giving their consent to the use of their data.
We wish to point out to users residing in a Member State of the EU that, from the perspective of the European Union, the USA does not have an adequate level of data protection due to the issues mentioned in this section, among other points. Insofar as we have specified in this privacy statement that data recipients (e.g. Google) are based in the USA, we will ensure that your data is protected to an adequate level by our partners, either by means of contractual regulations imposed on these companies or by making sure these companies are certified under the EU- or Swiss-US Privacy Shield framework.
9. Right to lodge a complaint with a data protection authority
You have the right to lodge a complaint with a data protection authority at any time.