With the following information, we would like to inform you in summary about our processing of your personal data and your rights under the data protection regulations. Which specific data are processed in detail and the ways in which they are used depends largely on the concrete circumstances.
a) Who are we?
The Hotel Banana City is a business and seminar hotel with its own restaurant (Restaurant Banana) located in Winterthur and operated by SISKA Heuberger Holding AG (“Hotel Banana City“).
- interested parties, customers and suppliers of the Hotel Banana City, specifically of the hotel, gastronomy, seminar and event venue, who are natural persons.
- All other natural persons who are in contact with our company such as authorised agents, representatives or employees of legal entities, but also visitors to our website and people who register on our website.
1. Who is responsible for the data processing and who can I contact?
The data controller is:
SISKA Heuberger Holding AG / Hotel Banana City
Jerome Waldbauer, Director / Charlotte Kilger, Dep. Director
Schaffhauserstrasse 8, CH-8400 Winterthur
email@example.com / firstname.lastname@example.org
+41 52 268 16 16
If you have questions relating to data protection, please contact:
Hotel Banana City
Schaffhauserstrasse 8, CH-8400 Winterthur
+41 52 268 16 16
To the extent that the GDPR is applicable, we have appointed as representative in the EU:
Travel GmbH / Data Protection Officer
+49 89 210 94026
2. Which sources and data do we use?
We gather your personal data, in particular if you contact us, for example, via our website, as interested person, applicant, customer, etc. We process personal data that we receive from our customers within the scope of our business relationship. In addition, we process – where required for the performance of our services – personal data that we obtain from publicly accessible sources.
Furthermore, we process the data that are generated in the course of using our website and respectively the data that are specified by you (e.g. in the context of subscribing to the newsletter or registering for events or on other web forms).
Relevant personal data include personal details (name, address and other contact details, date or place of birth and nationality) as well as identification data (e.g. data on national identity cards). Apart from this, the data can also include order data, data resulting from the fulfilment of our contractual obligations, advertising and sales data, documentary data and other data that are comparable with the aforementioned categories.
If the website is used merely for informational purposes, meaning when you do not fill out any forms and do not register for an event or transmit information to us otherwise, we do not gather personal data. Solely the data are transferred to us that are transmitted by your browser such as the IP address, visitor path through the website, data and time of the website visit, browser type and version, type of end device, referrer website, etc. An identification is not possible by means of these data.
3. What are the purposes of processing your data and what is the legal basis for this?
We process personal data in accordance with the provisions of the Swiss Federal Law on Data Protection (DSG) and the European General Data Protection Regulation (GDPR) respectively to the extent, as the relevant regulations are applicable. Since the GDPR demands that we list each of the legal bases individually, we specify hereinbelow the legal bases that we rely on for our processing where the GDPR applies:
a) For the fulfilment of contractual obligations (Art. 6 (1) lit. b) GDPR)
Data are processed for the performance of services by the Hotel Banana City within the scope of the execution of our contracts with our customers (e.g. as relates to hotel reservations, seminars, events, company gatherings and our further services) or for the implementation of pre-contractual measures that are taken on request. The purposes of the data processing are primarily oriented on the concrete services and can include, e.g. activities such as hotel reservations, drafting of offers, customer services and billing of services performed.
In this regard, we process existing data (e.g. customer master data such as names and addresses), contact and communication details (e.g. email addresses, phone numbers) as well as payment information (e.g. bank details, payment history).
The contract documents, and terms and conditions can contain additional details on the purposes of the data processing.
b) Within the scope of the weighing of interests (Art. 6 (1) lit. f) GDPR)
Insofar as required, we process your data beyond the actual fulfilment of the contract for the protection of our or third parties’ legitimate interests. Examples:
- Advertising or market research and opinion polling, provided that you have not objected to the use of your data
- Asserting legal claims and defence in legal disputes
- Newsletters, event registrations and orders (provided that transmission from the data subject can be expected)
- Assurance of IT security and IT operation
- Analysis of the internet traffic on our website for the improvement of our website’s functionality
- Prevention and investigation of crimes
- Measures of business management and further development of services and products
c) Based on your consent (Art. 6 (1) lit. a) GDPR)
If you have granted your consent to us for the processing of personal data for particular purposes (e.g. sharing of data, analysis of personal data for marketing purposes, newsletters if no legal basis according to lit. b) applies), the legitimacy of this processing is given on the basis of your consent. Consent that has been granted can be revoked at any time. This also applies to the revocation of consents granted by you to us prior to the applicability of the GDPR, thus before 25 May 2018. The revocation of the consent does not affect the legitimacy of the data processing up until the revocation.
d) Based on legal requirements (Art. 6 (1) lit. c) GDPR) or for the public interest (Art. 6 (1) lit. e) GDPR)
Furthermore, we are subject to the legal regulations of the Swiss lawmaker, so that processing of personal data can also take place if this is required based on legal regulations or if the processing is in the public interest. This is the case, e.g. where reporting requirements apply.
The data entered in an online form are transmitted without encryption. It can therefore not be ruled out that data can be lost or accessed by third parties on the transmission path. The online transmission of personal data is therefore at your own risk.
The data transmitted by you are saved on our servers, stored in application of due care and protected from access by third parties. Only employees who require the data for the fulfilment of their duties have access to the data. We pass on your data to third parties only if we have made an explicit note of this.
The gathered data are used only for the respectively declared purpose.
We are happy to inform you in our various newsletters about news/events relating to the Hotel Banana City and our products. To mail a newsletter, we need at least your email address, usually your name and your gender as well as your address if necessary (to be able to assess the applicable legal bases). If you would like to sign up for the first time for one or more newsletters, you can enter the information in the designated fields. After you have sent these data, you will receive an email from us at the email address specified by you, in which you need to click on a confirmation link to verify the email address specified by you.
You can unsubscribe our newsletters at any time and thereby object to the further use of your data. To do so, you can deregister from the distribution list at the end of each Hotel Banana City newsletter.
6. Who receives my data?
Within the Hotel Banana City, the people who need your data to fulfil our contractual and legal obligations will receive access to your data. Also external service providers engaged by us (e.g. for IT services, logistics, printing services, telecommunications, advising and consulting, as well as in sales and marketing) and vicarious agents can receive data for these purposes.
Recipients of personal data can be, for example:
- Public offices and institutions (e.g. law enforcement authorities, the police) if a legal or public obligation applies.
- Contractors such as web hosting providers if these are engaged by us
Further data recipients can be the entities in respect of which you have granted your consent for the data transmission or released us from the non-disclosure obligation under an agreement or consent declaration.
7. Are data transmitted to a third country or an international organisation?
Data transmission to entities in countries outside of the European Union or Switzerland (so-called third countries) takes place (e.g. if transmission of the data to third parties such as payment service providers is required for the contract fulfilment), provided that it is
- legally mandated, or
- you have given us your consent for this, or
- we have ensured suitable guarantees through corresponding mechanisms (e.g. contracts). Insofar as the GDPR is applicable, we will readily provide you with a copy of such measures on your request (see contact details under Section 1).
8. For how long are my data stored?
We process and store your personal data for as long, as it is required for the fulfilment of our contractual or statutory duties, and respectively for as long as we consider it to be necessary for the purposes for which they are processed and our legitimate interest applies respectively or for as long, as your consent has not been revoked.
If the data are no longer needed for the fulfilment of contractual or statutory duties, they will be deleted in the normal case, unless their further processing – for a limited time – is required for the following purposes:
- Fulfilment of retention obligations under commercial and tax law: In this respect, it should be referred to the Swiss Law of Obligations (OR) and the tax law. The periods prescribed there are usually ten years for the retention or documentation.
- Preservation of evidence within the scope of the legal statutes of limitation. Pursuant to Art. 127 seqq. Swiss Law of Obligations (OR), these statutes of limitation can be up to 10 years.
9. What are my data privacy rights?
Depending on the applicable legal basis, you have different rights. Insofar as the Swiss Data Protection Law applies, your rights are determined by this law’s regulations.
Insofar as the GDPR applies, the following applies:
Each data subject has the right to receive information pursuant to Art. 15 GDPR, the right to correction pursuant to Art. 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of the processing pursuant to Art. 18 GDPR, the right to objection according to Art. 21 GDPR and the right to data portability pursuant to Art. 20 GDPR. If you state your objection, we will cease the processing of your personal data, unless we can prove compelling reasons for the processing that qualify for protection and override your interests, rights and freedoms, or if the processing serves the purpose of the assertion or enforcement of or defence against legal claims. If you object to the processing for the purposes of direct marketing, we will no longer process your personal data for these purposes. The objection can be declared formlessly and if possible, it should be directed to: email@example.com
If you believe that processing by us violates the applicable data protection laws, you can contact us (see contact details under Section 1) or lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR).
10. Do I have an obligation to provide data?
Within the scope of our business relationship, you need to provide the personal data that are required for the commencement and implementation of the business relationship and the fulfilment of the related contractual obligations or the data that we are legally obligated to gather. Without these data, we will usually not be able to conclude or execute a contract with you.
11. To what extent does an automated decision-making process take place?
For the purpose of establishing and implementing the business relationship, we generally do not use any fully automated decision-making process according to Article 22 GDPR. If we were to use such processes in individual cases, we would inform you about this separately provided that this is legally mandated.
12. Tracking cookies
The website of the Hotel Banana City uses so-called tracking cookies. They are used to register your IP address, the website from which you were referred to us, and the type of the browser software used, and the pages of the Hotel Banana City website that you are visiting at the moment including the date and duration of the visit. Such tracking data do not permit any conclusions as to individual users, which is why no persons can be identified based on these data.
Cookies are files that are set and stored in a computer system by an internet browser. The data subject can prevent at any time that cookies are stored by our website by means of a corresponding adjustment in the settings of the web browser used and can thereby object permanently to the setting of cookies. In addition, cookies already set can be deleted at any time via a web browser or other software program.
13. Plug-ins of social media platforms
Plug-ins of various third-party providers of social media platforms (Facebook, Google+, Tripadvisor, etc.) are embedded on the websites of the Hotel Banana City. When calling up a webpage on which plug-ins of such third-party providers are placed, data can be transmitted to the third-party providers through these plug-ins. If the visitor is simultaneously logged in to the network of the respective third-party provider, the visit on the website can be attributed to the visitor’s user account depending on the provider. The Hotel Banana City has no influence on the way and manner of the data transmission.