Status: May 2018

Hotel Bären Solothurn GmbH, Baselstrasse 83, 4500 Solothurn, manages the
Hotel Bären and is the operator of the website www.baeren-solothurn.ch and is therefore responsible for the collection, processing and use of your personal data and the compliance of data processing with the applicable data protection law.

Your trust is important to us, which is why we take the issue of data protection seriously and ensure appropriate security. It goes without saying that we comply with the legal provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (OFADP), the Telecommunications Act (TCA) and other applicable data protection provisions of Swiss or EU law, in particular the General Data Protection Regulation (GDPR).

Please take note of the following information so that you know what personal data we collect from you and for what purposes we use it.

A. Data processing in connection with our website

  1. accessing our website

When you visit our website, our servers temporarily store every access in a log file. As with every connection to a web server, the following technical data is recorded without any action on your part and stored by us until it is automatically deleted after 12 months at the latest:

The IP address of the requesting computer,

the name of the owner of the IP address range (usually your Internet access provider),

the date and time of access

the website from which the access was made (referrer URL), if applicable with the search term used,

the name and URL of the retrieved file

the status code (e.g. error message),

the operating system of your computer

the browser you are using (type, version and language)

the transmission protocol used (e.g. HTTP/1.1) and

if applicable, your user name from a registration/authentication.

This data is collected and processed for the purpose of enabling the use of our website (establishing a connection), ensuring system security and stability in the long term and enabling the optimisation of our website as well as for internal statistical purposes. This constitutes our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR.

The IP address is also analysed together with other data in cases of attacks on the network infrastructure or other unauthorised or abusive use of the website, for the purposes of investigation and prevention. Where necessary, it may be used in the context of criminal proceedings to identify and take civil or criminal action against the individuals concerned. This constitutes our legitimate interest in data processing within the meaning of Article 6(1)(f) of the UK GDPR.

2. Use of Our Contact Form

You have the option of contacting us via a contact form. To do so, we require the following mandatory information:

  • First and last name
  • Contact details
  • Message

We use this data, along with any voluntarily provided phone number, solely to respond to your enquiry in a personalised and effective manner. The processing of this data is therefore necessary for the implementation of pre-contractual measures in accordance with Art. 6(1)(b) UK GDPR and/or is in our legitimate interest pursuant to Art. 6(1)(f) UK GDPR.

3. Booking via Website, Correspondence or Telephone

When you make bookings either via our website, in writing (by email or post), or by telephone, we require the following data to process the contract:

  • Title
  • First and last name
  • Postal address
  • Date of birth
  • Telephone number
  • Language
  • Credit card information
  • Email address

This data, along with any additional information you provide voluntarily (e.g. expected time of arrival, vehicle registration number, preferences, comments), will be used solely for processing the contract, unless otherwise stated in this privacy notice or you have provided explicit consent. Specifically, we use this data to accurately record your booking, provide the services requested, contact you in case of queries or issues, and ensure correct payment processing.

The legal basis for processing this data is the performance of a contract in accordance with Art. 6(1)(b) UK GDPR.

Cookies

Cookies help make your visit to our website more user-friendly, effective and secure. These are text files stored on your computer by your web browser when you visit our website.

We use cookies, for example, to temporarily store your entries while completing a form so that you do not have to re-enter them when navigating to another subpage. Cookies may also be used to identify you as a registered user after you log in, so that you do not have to log in again on each subpage.

Most browsers automatically accept cookies. However, you can configure your browser to block cookies or notify you before a new cookie is stored. The following pages explain how to configure cookie settings in popular browsers:

  • Microsoft Windows Internet Explorer
  • Microsoft Windows Internet Explorer Mobile
  • Mozilla Firefox
  • Google Chrome for desktop
  • Google Chrome for mobile
  • Apple Safari for desktop
  • Apple Safari for mobile

Disabling cookies may result in some website functions being unavailable to you.

4. Tracking Tools

a. General

In order to tailor and continuously optimise our website, we use the web analytics service Google Analytics. In this context, pseudonymised usage profiles are created and small text files (“cookies”) are used. The information generated by the cookie about your use of the website is transmitted to the provider’s servers, stored there, and processed on our behalf. In addition to the data mentioned in section 1, we may receive the following information:

  • The navigation path taken by a visitor
  • Duration of stay on the website or subpage
  • The page from which the site is exited
  • Country, region or city of access
  • Device type (including version, colour depth, resolution, browser window size)
  • Whether the visitor is a returning or first-time visitor

This information is used to evaluate the use of the website, compile reports on website activity, and provide further services related to website and internet usage for market research and website customisation purposes. This information may also be shared with third parties where required by law or where third parties process the data on our behalf.

b. Google Analytics

Google Analytics is provided by Google Inc., a company of the Alphabet Inc. holding, based in the USA. Before data is transmitted to the provider, the IP address is anonymised within the EU or EEA using “anonymizeIP”. The anonymised IP address transmitted by your browser via Google Analytics will not be merged with other Google data. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. In such cases, we contractually ensure that Google Inc. complies with an appropriate level of data protection. According to Google Inc., the IP address is never linked to other user data.

Further information on the web analytics service used is available on the Google Analytics website. Instructions on how to prevent your data from being processed by this service can be found at https://tools.google.com/dlpage/gaoptout?hl=en.

B. Data Processing in Connection with Your Stay

5. Data Processing to Comply with Legal Reporting Obligations

Upon arrival at our hotel, we may require the following information from you and your accompanying guests:

  • First and last name
  • Postal address and canton
  • Date of birth
  • Place of birth
  • Nationality
  • Official identification and ID number
  • Arrival and departure dates
  • Room number

We collect this information to comply with legal reporting obligations, particularly those related to hospitality or police regulations. Where required by applicable law, we will pass this information on to the relevant police authorities.

Our legitimate interest in this data processing lies in fulfilling these legal obligations, in accordance with Art. 6(1)(f) UK GDPR.

6. Recording of Additional Services

If you use additional services during your stay (e.g. minibar, pay TV), the specific service and the time of use will be recorded for billing purposes. This data processing is necessary for the performance of the contract with us and is based on Art. 6(1)(b) UK GDPR.

C. Data Storage and Disclosure to Third Parties

7. Booking Platforms

If you make bookings via a third-party platform, we receive various personal data from the respective platform operator. This generally includes the data specified in section 5 of this privacy policy. Additionally, we may receive enquiries regarding your booking. We process this data to record your booking and provide the services you have requested. The legal basis for this data processing is the performance of a contract pursuant to Art. 6(1)(b) UK GDPR.

We may also be informed by the platform provider of disputes related to a booking. In this context, we may receive data concerning the booking process, such as a copy of the booking confirmation. We process this data to safeguard and assert our rights. This constitutes our legitimate interest in accordance with Art. 6(1)(f) UK GDPR.

Please also consult the privacy policies of the respective providers.

8. Centralised Data Storage and Linking

We store the data specified in sections 2–5 and 7–10 in a central electronic data processing system. Your data is systematically recorded and linked for the purpose of handling bookings and fulfilling our contractual obligations. We use software provided by Rebag Data AG, P.O. Box 20, 8813 Horgen, Switzerland. Data processing within this software is based on our legitimate interest in efficient and customer-friendly data management as per Art. 6(1)(f) UK GDPR.

9. Data Retention Period

We store personal data only for as long as is necessary to use the tracking services mentioned above and for other processing activities under our legitimate interest. Contractual data will be retained for a longer period due to legal retention obligations. These obligations stem from laws regarding hospitality, accounting and tax regulations. According to these, business communication, concluded contracts and accounting records must be retained for up to 10 years. Once we no longer need this data to provide services to you, it will be restricted. This means the data will only be used for accounting and tax purposes.

10. Disclosure of Data to Third Parties

We only share your personal data if you have expressly consented, if we are legally obliged to do so, or if it is necessary to enforce our rights—especially those arising from the contractual relationship. Additionally, we may share your data with third parties as necessary for the use of our website and for the execution of your booking and contract.

One such service provider that may access or receive personal data is our web hosting company, Olai AG, 4500 Solothurn. Our website is hosted on servers located in Switzerland. This data disclosure ensures the provision and maintenance of our website and constitutes a legitimate interest in accordance with Art. 6(1)(f) UK GDPR.

In the case of credit card payments on the website, your credit card details will be passed on to your card issuer and the acquirer. When choosing this payment method, you will be prompted to provide all required information. The legal basis for this data transfer is the performance of a contract as defined in Art. 6(1)(b) UK GDPR. Please also consult your credit card issuer’s general terms and conditions and privacy policy regarding their data processing practices.

For further information on data transfers to third parties, please also refer to sections 7–8 and 10–11.

11. Transfer of Personal Data Abroad

We are entitled to transfer your personal data to third-party companies (contracted service providers) abroad for the purposes described in this privacy policy. These parties are obligated to maintain the same level of data protection as we are. If the data protection level in a particular country does not correspond to that of the UK or Switzerland, we will ensure by contractual agreement that your personal data is protected in accordance with UK and Swiss standards at all times.

D. Further Information

12. Right to Access, Rectification, Erasure and Restriction; Right to Data Portability

You have the right to request access to the personal data we hold about you. You are also entitled to have incorrect data rectified and to have your personal data erased, provided there are no legal obligations or justifications allowing us to retain the data.

You also have the right to request that we return the data you have provided to us (right to data portability). Upon request, we will also forward the data to a third party of your choice. The data will be provided in a commonly used format.

You may contact us regarding these rights at:
info@baeren-solothurn.ch
We may require proof of identity before processing your request.

13. Data Security

We use appropriate technical and organisational security measures to protect your personal data against manipulation, partial or total loss, and unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

Please keep your login details confidential and close your browser window after communicating with us—especially if you are using a shared computer.

We also take internal data protection seriously. Our employees and service providers are contractually bound to confidentiality and to compliance with applicable data protection laws.

14. Notice on Data Transfers to the USA

For users residing in Switzerland, we point out that US authorities may conduct surveillance measures that permit the general storage of all personal data transferred from Switzerland to the USA. This is done without differentiation or limitation, and without an objective criterion to restrict access and use of the data to specific, justified purposes.

We also inform you that US citizens do not have adequate legal remedies to access, rectify, or delete their data, nor any effective legal protection against general access rights of US authorities. We explicitly inform affected persons of this legal situation so they can make an informed decision regarding consent to the use of their data.

For users residing in an EU member state, we point out that the USA does not offer an adequate level of data protection from the EU’s perspective, due in part to the issues mentioned above. If recipients of your data (e.g. Google) are based in the USA, we will ensure that an adequate level of protection is maintained through contractual agreements or by ensuring that the companies are certified under the EU or Swiss–US Privacy Shield frameworks.

15. Right to Lodge a Complaint with a Data Protection Supervisory Authority

You have the right to lodge a complaint at any time with a data protection supervisory authority.

Version: 25 May 2018