Online booking

Check availability

Data protection

Bellevue Hotel & Appartment Management AG, Gotthardstrasse 4, 6490 Andermatt (thereinafter “THE CHEDI Andermatt”) is the operator of the website www.thechediandermatt.com and is thus responsible for the collection, processing, and use of your personal data and for processing data in compliance with applicable data protection laws.

Your trust is important to us; therefore, we take data protection seriously and take care to provide proper security. In doing so, as a matter of course we comply with the legal provisions of the Swiss Federal Act on Data Protection (FADP), the Swiss Ordinance to the Federal Act on Data Protection (OFADP), the Swiss Telecommunications Act (TCA) and other applicable data protection provisions under Swiss or EU law, in particular the General Data Protection Regulation (GDPR).

Please read the following information to know what personal information we collect from you and for what purpose we use it.
 

A. Data processing in connection with our website


1. Visiting our website 
When visiting our website, our servers temporarily store each access in a log file. The following technical data will be recorded by us, as usual with every connection with a web server, without your intervention, and stored by us until automatic deletion after no later than three days:

- the IP address of the requested computer,
- the date and time of access,
- the name and URL of the requested file,
- the status code
- the transmission protocol you use

The collection and processing of this data is done for the purpose of enabling the use of our website, continuously ensuring system security and stability, optimising our website, and for internal statistical purposes. This is our legitimate interest in the processing of data in the sense of Art. 6 Par. 1 lit. f GDPR.

Furthermore, the IP address will be evaluated, together with other data, in case of attacks on the network infrastructure or other unauthorized use or misuse of the website, for the purpose of intelligence and protection, and, if appropriate, used in criminal proceedings for identification and civil and criminal proceedings against the relevant users. This is our legitimate interest in the processing of data in the sense of Art. 6 Par. 1 lit. f GDPR.

2. Use of our contact form
You have the option to use a contact form to contact us. For this we require the following information:

General Request
- Title
- First and last name
- Phone number
- E-mail address
- Message

Meeting Request
- Event type
- Date
- Number of participants
- Title
- First and last name
- Phone number
- E-mail address
- Message

We use this data, along with a telephone number you may voluntarily give, only in order to answer your contact question in the best possible and personalized manner. Therefore, in accordance with Art. 6 Par. 1 lit. b GDPR, the processing of this data is required in order to conduct pre-contractual activities or is in our legitimate interest in accordance with Art. 6 Par. 1 lit. f GDPR.

3. Registration for our newsletter
You have the option to subscribe to our newsletter through our website. This requires registration. The following data must be provided in order to register:

- Title
- First and last name
- E-mail address
- Language

The above is necessary for data processing. You may voluntarily provide additional information as well. We process this data exclusively to personalise the information and offers we send you and to better align it with your interests.

By registering, you give us your consent to process the given data in order to periodically send the newsletter to the address you have given and for the statistical evaluation of user behaviour and optimisation of the newsletter. This consent constitutes the legal basis for our processing of your e-mail address in the sense of Art. 6 Par. 1 lit. a GDPR. We are entitled to commission third parties with the technical handling of promotional measures and are entitled to pass on your data for this purpose (cf. cipher. 12).

At the end of each newsletter a link is provided by means of which you can unsubscribe at any time. When unsubscribing, you may voluntarily give us the reason. After unsubscribing, your personal data will be deleted. Further processing will be done in anonymous form only in order to optimise our newsletter.

4. Opening a customer account
To make reservations through our website, you can either make your request as a guest or open a customer account. We must receive the following registration data in order to open a customer account:

- Title 
- First and last name 
- Postal address
- Date of birth 
- Telephone number 
- E-mail address
- Password

The collection of this data that you have so far voluntarily provided is used for the purpose of providing you password-protected direct access to your base data we have stored. Here you can view your past and current reservations and manage or change your personal data.
The legal basis for processing the data for this purpose lies in the consent you have provided in accordance with Art. 6 Par. 1 lit. a GDPR.

5. Reservations via the website, correspondence, or telephone
When you place a reservation through our website, by mail (e-mail or postal mail), or by telephone, we need the following data in order to execute the agreement:

- Title 
- First and last name
- Postal address
- Date of birth 
- Telephone number 
- Language 
- Credit card information 
- E-mail address 
- Password

We will use this information as well as other information you voluntarily provide (e.g. expected arrival time, vehicle license plate number, preferences, comments) only in order to execute the agreement, unless otherwise stated in this Data Privacy Policy or you have not specifically consented thereto. We will process the data by name in order to record your reservation as you have requested, to make available the booked services, to contact you in case of a question or problem, and to ensure correct payment.

The legal basis for data processing for this purpose lies in the fulfilment of an agreement in accordance with Art. 6 Par. 1 lit. b GDPR.

6. Cookies
Cookies help in many ways to make your visit to our website easier and more convenient and sensible. Cookies are information files that your web browser automatically saves on your computer’s hard drive when you visit our website.

We use cookies e.g. to temporarily store your selected services and data provided on a form on the website so that you need not provide the same data again when you access a subpage. Cookies may also be used to identify you as a registered user once you have registered on the website so that you do not have to login again when you visit a different page.

Most internet browsers accept cookies automatically. However, you can configure your browser so that no cookies will be stored on your computer or that a message will appear every time you receive a new cookie. Disabling cookies can result in preventing you from using all the functions of our website.

7. Tracking tools

a. General information
For the purpose of needs-oriented design and continuous optimisation of our website, we use the web analysis service of Google Analytics. In this context, pseudonymised usage profiles are created and small text files (“cookies”) are stored on your computer. The information generated by the cookie about your use of this website is transmitted to the server of the provider, stored there, and processed for us. In addition to the data listed under cipher 1, we may receive the following information:

- Navigation path that a visitor takes on the website
- Length of stay on the website or webpage
- Country, region, or city from which the access is made
- End device
- Returning or new user.

The information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage for purposes of market research and needs-based design of this website. This information may also be transferred to third parties if required by law or if the third parties are contracted for processing the data.

b. Google Analytics
The provider of Google Analytics is Google Inc., an enterprise of the holding company Alphabet Inc, domiciled in the USA. Before the data is transmitted to the provider, the IP address will be abbreviated by activating IP anonymisation (“anonymizeIP”) on this website within the member states of the European Union or in other contracting states of the agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and abbreviated there. In these cases, we provide contractual guarantees to ensure that Google Inc. maintains a sufficient level of data protection. According to Google Inc., under no circumstances will the IP address be associated with any other user-related data. More information about the web analytics service used is available at the website of Google Analytics.

c. Data protection provisions about the application and use of Google AdSense
On this website, The Chedi Andermatt has integrated Google AdSense. Google AdSense is an online service which allows the placement of advertising on third-party sites. Google AdSense is based on an algorithm that selects advertisements displayed on third-party sites to match with the content of the respective third-party site. Google AdSense allows an interest-based targeting of the Internet user, which is implemented by means of generating individual user profiles. The operating company of Google's AdSense component is Alphabet Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States. The purpose of Google's AdSense component is the integration of advertisements on our website. Google AdSense places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Alphabet Inc. is enabled to analyse the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google AdSense component is integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google AdSense component for the purpose of online advertising and the settlement of commissions to Alphabet Inc. During the course of this technical procedure, the enterprise Alphabet Inc. gains knowledge of personal data, such as the IP address of the data subject, which serves Alphabet Inc., inter alia, to understand the origin of visitors and clicks and subsequently create commission settlements. The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Alphabet Inc. from setting a cookie on the information technology system of the data subject. Additionally, cookies already in use by Alphabet Inc. may be deleted at any time via a web browser or other software programs. Furthermore, Google AdSense also uses so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in web pages to enable a log file recording and a log file analysis through which a statistical analysis may be performed. Based on the embedded tracking pixels, Alphabet Inc. is able to determine if and when a website was opened by a data subject, and which links were clicked on by the data subject. Tracking pixels serve, inter alia, to analyse the flow of visitors on a website. Through Google AdSense, personal data and information—which also includes the IP address, and is necessary for the collection and accounting of the displayed advertisements—is transmitted to Alphabet Inc. in the United States of America. These personal data will be stored and processed in the United States of America. The Alphabet Inc. may disclose the collected personal data through this technical procedure to third parties. Google AdSense is further explained under the following link https://www.google.com/intl/en/adsense/start/

d. Data protection provisions about the application and use of Google Remarketing
On this website, The Chedi Andermatt has integrated Google Remarketing services. Google Remarketing is a feature of Google AdWords, which allows an enterprise to display advertising to Internet users who have previously resided on the enterprise's Internet site. The integration of Google Remarketing therefore allows an enterprise to create user-based advertising and thus shows relevant advertisements to interested Internet users. The operating company of the Google Remarketing services is the Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States. The purpose of Google Remarketing is the insertion of interest-relevant advertising. Google Remarketing allows us to display ads on the Google network or on other websites, which are based on individual needs and matched to the interests of Internet users. Google Remarketing sets a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google enables a recognition of the visitor of our website if he calls up consecutive web pages, which are also a member of the Google advertising network. With each call-up to an Internet site on which the service has been integrated by Google Remarketing, the web browser of the data subject identifies automatically with Google. During the course of this technical procedure, Google receives personal information, such as the IP address or the surfing behaviour of the user, which Google uses, inter alia, for the insertion of interest relevant advertising. The cookie is used to store personal information, e.g. the Internet pages visited by the data subject. Each time we visit our Internet pages, personal data, including the IP address of the Internet access used by the data subject, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties. The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google may be deleted at any time via a web browser or other software programs. In addition, the data subject has the possibility of objecting to the interest-based advertising by Google. For this purpose, the data subject must call up the link to www.google.de/settings/ads and make the desired settings on each Internet browser used by the data subject. Further information and the actual data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/

e. Data protection provisions about the application and use of Google-AdWords
On this website, The Chedi Andermatt has integrated Google AdWords. Google AdWords is a service for Internet advertising that allows the advertiser to place ads in Google search engine results and the Google advertising network. Google AdWords allows an advertiser to pre-define specific keywords with the help of which an ad on Google's search results only then displayed, when the user utilizes the search engine to retrieve a keyword-relevant search result. In the Google Advertising Network, the ads are distributed on relevant web pages using an automatic algorithm, taking into account the previously defined keywords. The operating company of Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES. The purpose of Google AdWords is the promotion of our website by the inclusion of relevant advertising on the websites of third parties and in the search engine results of the search engine Google and an insertion of third-party advertising on our website. If a data subject reaches our website via a Google ad, a conversion cookie is filed on the information technology system of the data subject through Google. The definition of cookies is explained above. A conversion cookie loses its validity after 30 days and is not used to identify the data subject. If the cookie has not expired, the conversion cookie is used to check whether certain sub-pages, e.g, the shopping cart from an online shop system, were called up on our website. Through the conversion cookie, both Google and the controller can understand whether a person who reached an AdWords ad on our website generated sales, that is, executed or canceled a sale of goods. The data and information collected through the use of the conversion cookie is used by Google to create visit statistics for our website. These visit statistics are used in order to determine the total number of users who have been served through AdWords ads to ascertain the success or failure of each AdWords ad and to optimize our AdWords ads in the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the data subject. The conversion cookie stores personal information, e.g. the Internet pages visited by the data subject. Each time we visit our Internet pages, personal data, including the IP address of the Internet access used by the data subject, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties. The data subject may, at any time, prevent the setting of cookies by our website, as stated above, by means of a corresponding setting of the Internet browser used and thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a conversion cookie on the information technology system of the data subject. In addition, a cookie set by Google AdWords may be deleted at any time via the Internet browser or other software programs. The data subject has a possibility of objecting to the interest based advertisement of Google. Therefore, the data subject must access from each of the browsers in use the link www.google.de/settings/ads and set the desired settings. Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/
 

B. Data processing in connection with your stay


8. Data processing in order to comply with legal reporting obligations
When you arrive at one of our accommodations, we may need the following information about you and the persons accompanying you:

- First and last name
- Postal address
- Date of birth 
- Place of birth 
- Nationality 
- Official ID
- Arrival and departure days, Number of Nights
- Name of the accommodation, Average daily room rate
- Number of adults and children

We collect this information in order to comply with legal reporting obligations stipulated in particular by hotel-business or police law. Insofar as we are required to do so under the applicable regulations, we will forward this information to the relevant police authorities.
In fulfilling the legal requirements, our legitimate interest is in the sense of Art. 6 Par. 1 lit. f GDPR.

9. Recording of services received
If you receive additional services as part of your stay, the service and the point in time it was received will be recorded by us for invoicing purposes. The processing of this data is in the sense of Art. 6 Par. 1 lit. b GDPR and required for executing the agreement with us.
 

C. Storage and exchange of data with third parties


10. Reservation platforms
If you place reservations through a third-party platform, we will receive various personal information from the respective platform operator. This is typically the data listed under cipher 5 of this Data Privacy Statement. In addition, enquiries regarding your reservation may be forwarded to us. We will process this data by name in order to record your reservation as requested and to provide the booked services. The legal basis of data processing for this purpose lies in the fulfilment of an agreement as described in Art. 6 1 lit. b GDPR.

Finally, we may be notified by the platform operators about disputes related to a reservation. In this case, we may also receive data on the reservation process, which may include a copy of the booking confirmation as evidence of the actual finalisation of the reservation. We process this data in order to safeguard and enforce our rights. This is our legitimate interest in the sense of Art. 6 Par. 1 lit. f GDPR.

Please also note the privacy policy of the respective provider.

11. Retention period
We store personal data only as long as necessary in order to use the aforementioned tracking services and the further processing within the scope of our legitimate interest. We store contract data for a longer period of time in order to comply with legal obligations for data retention. Data retention requirements that are obligatory for us arise from regulations set forth by reporting, accounting, and tax law. According to these regulations, business communication, closed contracts, and reservation documents must be retained for up to 10 years. Once we no longer require these data to carry out the services for you, the data will be blocked. This means that the data may then be used only for tax and accounting purposes.

12. Passing on data to third parties
We pass on your personal data only if you have expressly consented to it, if we are legally obligated to, or if this is necessary to enforce our rights, especially rights concerning the contractual relationship. Furthermore, we pass on your personal data to third parties (e.g. The Leading Hotels of the World, Swiss Deluxe Hotels, Medallia, service providers) insofar as this is required in the context of using the website and in contract processing, specifically, the processing of your reservation. 

A service provider to whom the personal data collected via the website is passed on or who has or can have access to it is our web host METANET AG, Josefstrasse 218, CH-8005 Zürich. The website is hosted on servers in Switzerland. The transfer of data is for the purpose of providing and maintaining the functionality of our website. This is our legitimate interest in the sense of Art. 6 Par. 1 lit. f GDPR.

Finally, if you pay by credit card through the website, we forward your credit card information to the credit card issuer and the credit card acquirer. If you choose to pay by credit card, you will be asked to provide all the necessary information. The legal basis for passing on the data lies in the fulfilment of an agreement in the sense of Art. 6 Par. lit. b GDPR.

13. International transfer of personal data
We are also entitled to transfer your personal data to third parties abroad for the purposes of the data processing described in this Data Privacy Statement. They are obliged to protect data privacy to the same extent as we ourselves. If the level of data protection in a given land does not correspond to the Swiss or European level, we contractually ensure that the protection of your personal data corresponds to that in Switzerland or the EU at all times.
 

D. Further information


14. Rights to information, correction, deletion, and limitation of processing, right to data portability
You have the right to request and receive information about your personal data that we have stored. Furthermore, you have the right to correct inaccurate data and the right to have your personal data deleted, as far as no legal retention obligation stands in the way or a regulatory authorisation that allows us to process the data.

You also have the right to reclaim from us the data you have given us (right to data portability). On request, we will also pass the data on to a third party of your choice. You have the right to receive the data in a commonly used file format.

You can contact us for the aforementioned purposes at the e-mail address privacy@chediandermatt.com. We may, at our sole discretion, require proof of identity before processing your request.

15. Minors
We do not want to collect personal information from minors; however, we cannot always verify the age of people who visit and use our websites. If a minor provides us with their information without the consent of their parent or guardian, we will ask the parent or guardian to contact us for the purpose of deleting that information and preventing the minor from receiving any promotional material from us in the future.

16. Data security
We use appropriate technical and organizational security measures to protect your stored personal data against manipulation, partial or complete loss, and unauthorized access by third parties. Our security measures are being continuously improved in line with technical developments. 

You should always treat your access data confidentially and close the browser window when you have finished communicating with us, especially if you share your computer with others.

17. Notice about data transfer to the USA
In the interest of completeness, we would like to point out to users domiciled in or residing in Switzerland that in the USA there are government surveillance measures that generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without differentiation, limitation, or exception on the basis of the objective pursued and without objective criteria that would limit the access of US authorities to the data and their subsequent use to very specific, strictly limited purposes that could justify both the access to these data and intervention related to their use. Furthermore, we would like to point out that in the USA there are is no right of appeal for affected people in Switzerland that would allow them to gain access to their personal data or to effect their correction or deletion, and there is no effective judicial protection against general access by US authorities. We explicitly inform affected persons of this legal and factual situation in order for them to make an accordingly informed decision concerning consent to the use of their data.

We point out to users domiciled in an EU member state that, in the point of view of the European Union, the USA – partly because of the issues mentioned in this paragraph – does not have a sufficient level of data protection. To the extent we have explained in this Data Privacy Statement that recipients of data (such as Google) are based in the USA, we will ensure that your data is protected at a reasonable level by our partners either through contractual arrangements with these companies or by ensuring the certification of such companies under the EU- or Swiss-US Privacy Shield.

18. Social Plug-ins Facebook, Google+, Twitter and Instagram
On our site called Social Plugins ("Plugins") the social networks Facebook and Google+, the micro-blogging service Twitter and Instagram are used. These services are provided by the company Facebook Inc., Google Inc., Twitter Inc. and Instagram LLC. offered ("providers").

Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). An overview about the plugins from Facebook and their appearance can be found here: https://developers.facebook.com/docs/plugins. The information about the privacy policy can be found here: http://www.facebook.com/policy.php.

Google+ is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). You can find an overview of the plug-ins from Google and their appearance here: https://developers.google.com/+/web/. The information about the privacy policy can be found here: http://www.google.com/intl/de/+/policy/+1button.html.

Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). You can find an overview of the Twitter buttons and their appearance here: https://twitter.com/about/resources/buttons. The information about the privacy policy can be found here: https://twitter.com/privacy

Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). An overview about the Instagram buttons and their appearance here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges. The information about the privacy policy can be found here: https://help.instagram.com/155833707900388/

When you visit a page of our website that contains a social plugin, your browser makes a direct connection to the servers of Facebook, Google, Twitter or Instagram. The content of the plugin is the provider directly to your browser and integrated into the side. By integrating the plugin get the provider the information that your browser has accessed the corresponding page of our website, even if you are not have a profile or just not logged in. This information (including your IP address) is transmitted from your browser directly to a server of the provider in the USA and stored there. If you are logged in to one of the services that providers can assign to visit our site to your profile on Facebook, Google+, Twitter or Instagram directly. If you interact with the plugins, for example the "Like" -, the "+1" -, the "Tweet" - press or the "Instagram" button, the corresponding information is also transmitted directly to a server of the provider and stored. The information will also be published in the social network, to your Twitter or Instagram account and there appear to your contacts. Purpose and scope of data collection and the further processing and use of data by the providers as well as your rights and ways to protect your privacy, please refer to the privacy policies of the provider. If you do not want Google to assign, Facebook, Twitter or Instagram collected on our web data directly to your profile in the respective service, you must log out before you visit our site to the appropriate service. You can also add-ons completely prevent the loading of plug-ins for your browser, z. B. with the Script Blocker "NoScript" (http://noscript.net/).

19. Social Plug-ins Pinterest
On our website, the "Pin it" button is the social network Pinterest, which of the options, Inc. - operated - resident 808 Brannan St, San Francisco, CA 94103, USA. Because of the use of the "Pin it" button Pinterest gets the information that you have visited one of our websites. If you during which to log in to your Pinterest account, it is Pinterest also possible to assign your visit to your Pinterest account. By clicking the "Pin it" button data to Pinterest are received, which are stored on servers (in the US). If you want to avoid this, you should log out prior to clicking on the "Pin it" button from your Pinterest account. To protect your privacy, you obtain additional details for data collection or processing and use of your data by Pinterest and your legal options and settings options please check the privacy policies of options under: http://pinterest.com/about/privacy/.

20. Social Plug-ins Linkedin
Our site uses LinkedIn social plugins from LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland. These buttons can be identified by the "LinkedIn Logo" or "Share Button". When you access a web page on this site that features one of these buttons, the browser establishes a direct connection with LinkedIn's servers as soon as the LinkedIn button is pressed. LinkedIn then transfers the content of the "In" button directly to your browser, which integrates the content into the web page. We have no control over the amount of data that LinkedIn collects via the button after you click on it. Thanks to the integration of the plugin, LinkedIn knows that you have accessed the relevant page of our website. If you are logged in to LinkedIn, LinkedIn can recognize you based on your LinkedIn account and record your visit. If you want to find out what data LinkedIn collects about you and why, please refer to LinkedIn's data protection policy https://www.linkedin.com/legal/privacy-policy.

21. Social Plug-ins Weibo
Our website uses plugins of the platform Sina Weibo. Operator of the platform is the SINA Corporation (Century Avenue, Pudong, Shanghai Jinmao Tower, 37th floor, 88th If you visit one of our pages equipped with a Sina Weibo Plugin it connects to the servers of Sina Weibo. In this case, the Sina Weibo server gets information about which of our pages you have visited. If you are logged into your Sina Weibo account you are allowing the platform to connect your surfing habits directly to your personal profile. You can prevent this by logging out of your Sina Weibo-logout account.

22. Our contact details
Please do not hesitate to contact us if you have any questions regarding the data policy and our general terms and conditions:
Bellevue Hotel & Appartement Management AG, Gotthardstrasse 4, CH – 6490 Andermatt privacy@chediandermatt.com 


Last update: 23 May 2018