Privacy Statement
Dated: August 2023
The Group of ZFV Companies, Flüelastrasse 51, 8047 Zurich runs Sorell Hotels Switzerland and all of the res-taurants belonging to the hotels, and is the operator of the website sorellhotels.com and therefore responsible for the collection, processing and use of your personal data and for ensuring that the data processing complies with the applicable data protection legislation.
Your trust is important to us, which is why we take the issue of data protection seriously and ensure the corre-sponding security. It goes without saying that we observe the statutory provisions of the Swiss Data Protection Act (DSG), the Swiss Data Protection Ordinance (DSV), the Telecommunications Act (FMG) and any other appli-cable data protection provisions under Swiss or EU law, and in particular the General Data Protection Regulation (GDPR). Within the scope of the GDPR, the terms are to be understood in accordance with the GDPR.
For questions relating to data protection and for information regarding your rights and their assertion, you can contact our data protection office at: [email protected].
Please read the following information to find out which data we collect from you and the purposes for which we use this data.
We use the following data protection representation in the European Economic Area (EEA) including the Europe-an Union (EU) and the Principality of Liechtenstein as an additional point of contact for the supervisory authori-ties and data subjects for any enquiries relating to the GDPR:
VGS Datenschutzpartner UG, Am Kaiserkai 69, 20457 Hamburg, Germany, [email protected]
Please read the following information to find out which personal data (hereinafter referred to as ‘data’) we col-lect from you and the purposes for which we use this data.
A. General information
1. Responsible company
The company responsible for the data processing outlined in this Privacy Statement is:
Sorell Hotels
Flüelastrasse 51
8047 Zürich
Tel. +41 44 388 35 35
E-Mail: @sorellhotels.com
For questions relating to data protection and for information regarding your rights and their assertion, you can contact our data protection office at: [email protected]
Certain service providers also operate under their own responsibility, such as PayPal and credit card companies where you use these services. The data protection provisions of these service providers must also be taken into account in this case.
2. What personal data do we process?
We process data from the following categories (non-exhaustive list) on our websites:
Contact data:
- This includes your surname, first name, email address, postal address and telephone numbers.
- Data on online forms: This includes your contact details and other information that is requested.
- Proof-of-identity data: This includes your user name and password on the online portal.
- Content data: This includes text entries.
- Usage data: This includes the websites you have visited as well as access times, click behaviour and interest in content.
- Payment data: This includes your bank details and payment history.
- Credit-history data: This includes your contact details and payment experiences as well as court, debt-collection and insolvency data.
- Meta/communication data: This includes your IP address, the date, the time, visited pages and device information.
- Meeting meta data: This includes participant IP addresses and device/hardware information.
- Server log files: This includes your browser type and browser version, the operating system used, the reerrer URL, the host name of the accessing computer and the time of server request.
- Marketing data: This includes the lead (contact/sales opportunities), newsletter subscriptions and unsubscriptions, and sent marketing messages.
- Newsletter data: This includes your personal details and email address, subscription and unsubscription data, as well as opening rates.
- Applicant data: In addition to personal information and information about your education, work experience, skills, comments on previous employment, availability and notice period, this also includes the usual correspondence data such as postal address, email address and telephone number
We also process the following data within the framework of the customer and business relationships:
- Contract data: This includes the commissioned services and payment information.
- Customer data: This includes your personal details, customer number, customer type, customer history, details of the purchased goods or services, order data and payment data.
- Personal data relating to course registration: This includes the course selection, personal details and contact details.
3. From whom do we get your personal data?
As a general rule, we collect personal data directly from you. The majority of the data that we process is data that you (or your end device) provide us with directly (e.g. in connection with our services, the use of our websites and apps, or communication with us). You are not obligated to provide us with your data, with exceptions in individual cases (e.g. statutory obligations). However, if you conclude contracts with us or commission our services, for example, you will need to provide us with certain information. It is also not possible to use our websites without data processing.
We can also take information from publicly accessible sources (e.g. the debt collection register, land registers, commercial registers, the media or the internet, including social media) or can receive information from (i) the authorities, (ii) your employer or client who is either in a business relationship with us or has dealings with us in another way, as well as from (iii) other third parties (e.g. clients, counterparties, legal expenses insurance companies, credit bureaus, list brokers, associations, contracting partners, web analytics services). This includes in particular such data that we process as part of the initiation, conclusion and processing of contracts, as well as data from correspondence and meetings with third parties, but also all other categories of data.
4. For what purposes do we process data?
We process your data on our websites and for the provision of our services for the following purposes in particular:
- Access to our website
- Application procedure
- Use of our contact forms
- Communication
- Enquiries about events
- Reservations via the websites, via correspondence or by telephone
- Subscription to newsletters
- Ordering of vouchers
- Orders from the online shop
- Registration and semester fee for SIS
- Competitions
- Product reviews and satisfaction surveys
- Marketing measures
- Security purposes and access controls
- Risk management and company management
5. On what legal basis do we process personal data?
We regularly use the following as a general legal basis for the processing of your personal data:
- The conclusion or execution of a contract with you or your request for this in advance.
- Your consent, which you can withdraw at any time.
- A consideration of interests, which you can, however, opt out of under certain circumstances.
- A statutory obligation, which may also be incorporated as part of a consideration of interests.
Additional legal foundations for the processing of your personal data are our overriding interests in the processing of this data. We consider the following (non-exhaustive list) as our overriding interests:
- Our customer support and the maintenance of our business relationships (e.g. cultivating contacts, communication with our business partners).
- Our advertising and marketing activities.
- The opportunity to get to know the users of our websites and our online services better.
- The improvement and further development of our products and services (e.g. IT security in connection with the use of our website, improvement of our online service offerings).
- The Group’s internal administration.
- If necessary, we will obtain your consent: If you have given your consent electronically by activating a check box, we will keep a record of this declaration of consent. This involves us saving information such as the user account name, the corresponding location on the website, and the date and time.
You can withdraw your consent in any manner at any time or object to the data processing. Send your withdrawal of consent to the contact specified in Section 1: [email protected].
B. Data processing in detail
6. Accesing our Website
When you visit our website, our server temporarily saves each access in a log file. This involves us recording the following technical data without you having to do anything, and saving this data until its automatic deletion after 50 months at the latest, all of which is fundamentally the case every time you connect to a web server:
- The IP address of the accessing computer.
- The name of the owner of the IP address range (usually your internet access provider).
- The date and time of access.
- The website from which the access occurred (referrer URL), with search word used where applicable.
- The name and URL of the retrieved file.
- The country from where the access occurred.
The status code (e.g. error message). - Time zone difference to Greenwich Mean Time (GMT).
The operating system of your computer. - The browser you were using (type, version and language).
- The transmission protocol used (e.g. HTTP/1.1).
- Where applicable, your user name from a registration/authentication.
- This data is collected and processed for the purpose of enabling the use of our websites (establishing a connection), permanently guaranteeing system security and stability and optimising our internet offering, as well as for internal statistical purposes. This constitutes our legitimate interest in the data processing.
The IP address is also evaluated together with the other data in the event of attacks on the network infrastructure or other unpermitted use or misuse of the website for the purpose of clarification or defence and is, where necessary, also used as part of criminal proceedings for the purpose of identifying the users in question and for civil and penal proceedings against these users. This constitutes our legitimate interest in the data processing.
7. Application procedure
When you apply for a job with us, we process the personal data that we receive from you as part of the application procedure. This includes:
- your personal details
- your education
- work experience
- skills
- notes on previous roles and availability/notice period
- the usual correspondence data such as postal address, email address and telephone number
- We also process all of the documents you submitted in connection with your application, such as your cover letter, CV, references, certificates, diplomas and other documents submitted by you. You may also voluntarily provide us with information that extends beyond this.
This data is exclusively saved, analysed, processed or transmitted within the framework of your application. We may also process your personal data for statistical purposes (e.g. reporting). In this case, however, it will not be possible to trace this information back to an individual person.
We use a service provider to process your application. This service provider guarantees that your personal data is handled in a secure and confidential manner. To this end, you will need to create a user account with your email address and password. If you have not logged in to your user account for over 6 months, we will irrevocably delete this account together with all the information contained within it.
Data from applications remains in the system for 6 months beyond the application process for the purpose of answering any queries. Your content data (but not your user account) will then be automatically anonymised.
Your applicant data will be stored separately from the other user data, and will not be merged with this data.
Your applicant data is processed based on the legal basis of our (pre-)contractual obligations as part of the application procedure, and based on our legitimate interests in the processing of your application.
You can object to this data processing and withdraw your application at any time. Send your objection to the contact specified in Section 1: [email protected].
If we enter into an employment contract with you, the data that is transmitted for the purpose of fulfilling the working relationship will be further processed in compliance with the statutory regulations.
If you have given us your consent for us to save your details for future application procedures and to contact you again as needed, we will delete this data after three years. You can withdraw this consent at any time. Your withdrawal of consent must be sent to the contact specified in Section 1 ([email protected]) or to the email address specified in the job advertisement.
8. Use of our contact forms
You have the option to use a contact form to get in touch with us. The following information will usually be collected for this:
- Title
- First name and surname
- Email address
- Telephone number
- Street and house number
- Postcode
- Town/city
- Country
- Message
Any information that is required for the smooth processing of your enquiry is marked as a mandatory entry field. The entry of other information is optional. The processing of this data is required for the implementation of pre-contractual measures, and/or lies within our legitimate interest in processing.
9. Communication
We use various collaboration tools for telephone conferences, online meetings and video conferences (hereinafter collectively referred to as ‘online meetings’). Different types of data are processed when using these tools. The scope of the data depends on, among other things, which data is provided before or during participation in an online meeting. The processed data includes the following:
- First name and surname, participant name where applicable, work email address
- Meeting meta data, e.g. date, time, meeting ID, telephone numbers, locations
- Audio, video or chat content
- Name of the meeting, and password for participating in the meeting where applicable
- Profile image where applicable
- Where applicable, additional personal data provided by the data subject during the meeting
The processing of this data is in our overriding interest, which in these cases is the effective realisation of the online meeting.
If online meetings are to be recorded, this will be transparently communicated in advance and participants asked for their consent if necessary. Send your objection to the contact specified in Section 1: [email protected].
10. Events
You can submit a request to book an event via our websites. The following information will usually be collected for this:
- Type of event
- Dates of the event
- Title
- First name and surname
- Company
- Postal address
- Email address
- Telephone number
- Correspondence language
- Details of the event (VIP attendance, catering requirements, requirements relating to conference technology, additional services (flowers, photography, music, tablecloths, transport, spa time and activities, budget)
Any information that is required for the smooth processing of your request is marked as a mandatory entry field. The entry of other information is optional. We will only use this data and an address that you have provided voluntarily in order to respond to your request in a personalised manner and in the most effective way. The processing of this data is in our legitimate interest.
Please be aware that we may disclose your data to third parties where this is required within the scope of the use of the website and the processing of the contract (see Section 39 f below).
11. Reservations on the website, via correspondence or by telephone
If you make a reservation for our restaurants either via our website, via correspondence or by telephone, we usually need the following data in order to process the contract:
- Title
- First name and surname
- Telephone number
- Email address
We will process this data in particular to record your reservation as requested.
Any information that is required for the smooth processing of your booking is marked as a mandatory entry field, or – in the case of telephone bookings - will be requested from you over the phone. The entry of other information is optional. We will only use additional information that you have provide voluntarily (e.g. date of birth, expected arrival time, preferences, comments) for the processing of the contract.
Please be aware that we may disclose your data to third parties where this is required within the scope of the use of the website and the processing of the contract (see Section 16 f).
The legal basis for the data processing for this purpose is the performance of a contract
12. Subscription to a newsletter
You have the option to subscribe to newsletters on our website. An email address is collected for this purpose. This is required in order for us to send you the newsletter. Additional information that you provide is usually voluntary, and we will only process it in order to personalise the information and offers that we send you and to better align this content to your interests.
By registering for the newsletter, you are giving us your consent to process the data provided for the regular sending of the newsletter to the email address that you provided and for the statistical evaluation of your usage behaviour and the optimisation of the newsletter. By consenting to being sent the newsletter from a ZFV company, you are also allowing us to send you general information regarding the company or competitions and sales promotions in your area. We may also send you vouchers for ZFV companies electronically.
Subscribing to the newsletter involves a double-opt-in procedure. This means that once you have subscribed and selected the relevant checkbox, you will receive an email containing a link that you will need to click on to confirm your subscription.
We are entitled to assign third parties (shipping providers) with the technical implementation of advertising measures and to disclose your data for this purpose (see Section 16 below).
There is a link at the bottom of each newsletter that you can use to unsubscribe from the newsletter at any time. When you unsubscribe, you can voluntarily inform us of your reason for unsubscribing. Your personal data will be deleted once you have unsubscribed. Further processing will only be carried out in anonymised form for the purpose of optimising our newsletter.
13. Ordering of vouchers
You have the option to order vouchers on our website. The following information will usually be collected through this process:
- Title
- Company name
- Street and house number
- Additional address details
- First name and surname
- Email address
- Telephone number
- Payment method
- Shipping method
Any information that is required for the smooth processing of your request is marked as a mandatory entry field. The entry of other information is optional. We will only use this data and the details that you have provided voluntarily in order to respond to your request in a personalised manner and in the most effective way. The processing of your data is carried out on the legal basis of our (pre-)contractual obligations and our legitimate interest.
Please be aware that we may disclose your data to third parties where this is required within the scope of the use of the website and the processing of the contract (see Section 39).
14 . Creating a customer account
Orders can be placed from shop.zfv.ch. You have the option of creating a customer account for this purpose. The following information will usually be collected through this process:
- First name and surname
- Company
- Email address
- Telephone number
- Password
The data that is collected as part of this process, as well as additional data that you provide voluntarily, is collected in order to provide you with password-protected direct access to your basic data that is stored with us. You can view your previous and current bookings or manage or change your personal details there.
The legal basis for the data processing for these purposes is the performance of a (pre-)contract and our legitimate interest.
15. Competitions
As part of our marketing measures, we may organise competitions for the purpose of sales promotion. It is always possible to participate in these competitions on an equal footing without having to make a purchase.
If you wish to take part in a competition, you will need to provide the following details on a landing page after buying a ticket or following another form of access authorisation:
- Title
- First name and surname
- Email address
We will only use this data to determine the winner. The processing of this data is therefore necessary and in our legitimate interest. Once the data has been entered, it will be processed using Gravity Forms and stored in a MYSQL database connected to the landing page on a server at our provider in Switzerland. The recorded data will not be sent to gravityforms.com or associated domains. A winner will then be determined using a random selection process.
You also have the option to subscribe to our newsletter. In this case, please also observe Section Error! Reference source not found. of this Privacy Statement. If you have not subscribed to the newsletter, your data will be removed once the winner has been determined.
16. Product reviews and satisfaction surveys
We occasionally conduct surveys about our products and services in order to improve the customer experience and react to customer requirements. To this end, we need your name or a pseudonym, which is displayed together with your country of origin.
The legal basis for the data processing for these purposes is our overriding interest in the optimisation of our offerings.
You can object to the use of data for the aforementioned purpose at any time. Send your objection to the contact specified in Section 1: [email protected].
17. Marketing mersures
We also use your contact data for the following purposes:
- to maintain contact with you
- to inform you of certain services
- to recommend services to you that might be of interest
- for statistical purposes
The processing of your personal data is in our overriding interest.
You can object to this data processing at any time. If you object, we will no longer process your personal data for the specified purposes. Send your objection to the contact specified in Section 1: [email protected].
18. Scurity purposes and access controls
We acquire and process personal data in order to guarantee and continually improve upon the adequate security of our IT systems and our other infrastructure (e.g. our buildings). This includes, for example, the control and monitoring of electronic access to our IT systems and physical access to our premises (including via methods involving the processing of biometric data), analysis and testing of our IT infrastructures, system and error testing and the creation of backup copies. For the purposes of documentation and security (for preventative purposes and in order to provide clarification in the event of incidents), we also keep access logs and/or visitor lists in relation to our premises, and use monitoring systems (e.g. security cameras). We inform you of the monitoring systems by means of signs at the affected locations.
The processing of your personal data is in our overriding interest.
19. Risk management and company management
We acquire and process personal data as part of risk management (e.g. to protect against criminal activities) and company management. This includes, among other things, our company organisation (e.g. resource planning) and company development (e.g. the purchase and sale of business units or companies).
The processing of your personal data is in our overriding interest
C. Data processing for the fulfilment of Statutory reporting obligations
20. Data processing for the fulfilment of statutory reporting obligations
When you stay in our hotels, we need the following information from you:
- First name and surname
- Postal address and canton
- Date of birth
- Nationality
- Official identification document and number
- Date of arrival and departure
- Number of guests, number of children
We collect this information in order to comply with statutory reporting obligations, in particular those arising from hospitality or police law, and forward this information to the relevant police authority.
21. Data processing in order to carry out the booked service in general
When you stay in our hotels, we need the following information from you:
- First name and surname
- Postal address and canton
- Date of birth
- Nationality
- Official identification document and number
- Date of arrival and departure
- Room number, room type
- Telephone number
- Email address
- Comments (background note)
We collect this information in order to comply with our contractual obligations to you.
The legal basis for the data processing is the fulfilment of the contract and our legitimate interest. For further data processing, the legal basis is the consent you provided.
22. Recording of purchased services in the spa and wellness area
If you purchase services from our spa and wellness area during your stay in our hotels, the service (e.g. single entry) and the time that the service was purchased will be recorded and processed by us for invoicing purposes and in order to provide the booked service. We usually need the following information for this:
- First name and surname
- Postal address
- Email address
- Telephone number
- Room number (if available)
The processing of this data is required in order to process the contract with us.
23. Recording of purchased recreational services and booked activities.
If you purchase recreational services or book activities during your stay in our hotels, the service (e.g. fitness analysis or cinema entry) and the time that the service was purchased will be recorded and processed by us for invoicing purposes and in order to provide the booked service. We usually need the following information for this:
- Title
- First name and surname
- Gender
- Date of birth
- Nationality
- Postal address
- Email address
- Telephone number
- Room number (if available)
- Language
- Contact person
- Referring physician
Additionally for patients/guests from Switzerland: your insurance details including policy number, VEKA and AHV no. and address
The processing of this data is required in order to process the contract with us.
24. Recording for events, meetings and conferences
You can submit a request to book a meeting, conference or event via our websites. We usually need the following information to process this request:
- The hotel to which the request applies
- Type of event
- Dates of the event
- Title
- First name and surname
- Company
- Postal address
- Email address
- Telephone number
- Correspondence language
Details of the event (VIP attendance, catering requirements, requirements relating to conference technology, additional services (flowers, photography, music, tablecloths, transport, spa time and activities, budget)
Any information that is required for the smooth processing of your request is marked as a mandatory entry field. The entry of other information is optional. We will only use this data and an address that you have provided voluntarily in order to respond to your request in a personalised manner and in the most effective way. The processing of this data is in our legitimate interest.
25. Recording of additional services
If you purchase additional services during your stay in our hotels (e.g. items from the mini-bar or Wi-Fi services), the service and the time that the service was purchased will be recorded and processed by us for invoicing purposes. The processing of this data is required in order to process the contract with us.
D. Data processing in connection with our CRM system (guest database)
The personal data that we collect from you is stored in a centralised location in our CRM system. We process the data in the central CRM system in order to manage the customer relationship and for advertising purposes, and in particular to enable us to offer you personalised services and products.
The legal basis for the data processing in the context of customer administration is the performance of the contract. With regard to data processing as part of advertising activities, the legal basis is, on the one hand, the performance of the contract (the existing customer relationship justifies data processing for the purpose of advertising activities) and, on the other hand, the consent provided by you (see Section 3).
26. Booking platforms
If you make bookings via a third-party platform, we will receive different personal information from each platform operator (e.g. via the external Bookatable and La Fourchette platforms for table reservations). This data is usually the data listed in Section 5 of this Privacy Statement. We may also be forwarded requests about your booking. We will process this data in particular to record your booking as requested and to provide the booked services. The legal basis for the data processing for this purpose is the performance of a contract.
Finally, the platform operators may inform us of any disputes in connection with a booking. As part of this provision of information, we may receive data relating to the booking process, whereby a copy of the booking confirmation may serve as proof of the actual conclusion of the booking. We process this data in order to uphold and implement our aspired service level. This constitutes our legitimate interest.
Please also observe the data protection information provided by the relevant provider.
27. Central storage and linking of data
We store the data provided in a central electronic data processing system. In this system, personal data is systematically recorded and linked in order to process your bookings and perform the contractual services.
We use a software program from Revinate Inc., 1 Letterman Drive, San Francisco, California 94129, USA to do this. We base the processing of this data within the software program on our legitimate interest in a customer-friendly and efficient customer data administration system.
E. Cookies
Cookies help in many ways to make your visit to our websites easier, more pleasant and more useful. Cookies are information files that your web browser automatically saves on your computer’s hard drive when you visit our website.
In general, we use cookies to analyse interest in our websites and to improve the user-friendliness of our websites. As a general rule, you can also access our websites without cookies. If you want to use our websites in a convenient way and to their full extent, however, you should accept cookies that facilitate the use of certain functions.
When you use our websites, you are agreeing to the use of cookies where cookies are accepted in accordance with your browser settings. Most browsers are set up to accept all cookies as standard. You do, however, have the option to adjust your browser settings so that cookies are displayed prior to being saved, or so that only certain cookies are accepted or rejected, or so that cookies in general are rejected.
Please note that any settings adjustments will only affect the browser in question. If you use a different browser or switch your end device, you will need to adjust the settings again. You can also delete cookies from your storage medium at any time. Information on cookie settings, how to change them and how to delete cookies can be found in the help function of your web browser.
Most internet browsers are set up to accept cookies as standard. If you don't want this to happen, you can adjust your browser settings so that you are informed about the setting of cookies, so that cookies are only accepted in individual cases for certain purposes and so that cookies are rejected in general. You can also activate the automatic deletion of cookies when you close your browser. You can also delete cookies already set at any time via an internet browser or other software programs. The procedure for the control and deletion of cookies depends on the browser you are using. You can find more information about this in the help menu of your browser. You can find out about this option for the most common browsers via the following links:
Microsoft Edge MOZILLA FIREFOX[A1]
GOOGLE CHROME FOR DESKTOP
GOOGLE CHROME FOR MOBILE
APPLE SAFARI FOR DESKTOP
A distinction is made between the following cookies (this also includes methods with comparable functioning, such as fingerprinting):
- Necessary cookies: Certain cookies are necessary for the functioning of the website in itself, or for certain functions. They ensure, for example, that you can switch between pages without the information entered in a form being lost. They also ensure that you stay logged in. These cookies are only temporary (‘session cookies’). If you block them, the website may not function correctly. Other cookies are needed in order to ensure that your decisions or the data you have entered are saved by the server beyond the length of a session (i.e. a visit to the website) if you use this function (e.g. selected language, consent granted, automatic login function etc.).
- Performance cookies: These cookies are used to collect information about how a website is used – e.g. how visitors have arrived at our website, which pages a visitor accesses most frequently, how visitors have navigated around our websites during their visit, and whether they have received any error messages. We may also use these cookies to collect certain statistical and analytical information, e.g. how many visitors have accessed our website. These cookies are used to monitor the level of activities on the website and to improve the performance of the website.
- Advertising or targeting cookies: These cookies allow us or a third-party provider to place personalised ads on our websites or on third-party websites. They may also be used to evaluate the effectiveness of the ad or for the purpose of sales promotion.
F. Analyse und Tracking Tool
28. Google Services
We use the following services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or, if your habitual residence is in the European Economic Area (EEA) or in Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (in short: Google):
- Google Analytics 4
- Google Tag Manager
- reCAPTCHA
- Google Maps
- Google Ads
- Google Fonts
- Global Tag Site
- Google Marketing Platform
Google generally uses cookies. The cookies used by Google allow us to carry out an analysis of the use of our websites. The information generated via the cookies in relation to your use of our websites (including your IP address) is transmitted to and stored on a Google server in Ireland or the USA.
According to its own information, Google may process personal data for advertising products in any country where Google or processors subcontracted by Google maintain facilities. Information about the locations of Google data centres can be found at www.google.com/about/datacenters/locations/.
More detailed information on the processing of personal data by Google and the privacy settings can be found in Google’s Privacy Policy and Privacy Controls.
Google Analytics 4
We use Google Analytics 4 on our websites. This is a web analytics service from Google that makes it possible to analyse your use of our websites.
Google Analytics uses cookies that are saved on your end device (laptop, tablet, smart phone etc.) and that allow for the analysis of your use of our websites. This allows us to analyse the usage behaviour on our websites and to use the statistics/reports generated to make our offerings more appealing.
The anonymisation of IP addresses is activated as standard in Google Analytics 4. This means that your IP address is shortened by Google within Switzerland or the EU/EEA prior to transmission. The full IP address will only be transferred to a Google server and shortened there in exceptional cases.
We have concluded an order processing contract with Google that ensures the protection of the data of our page visitors and prohibits unauthorised transmission to third parties. For the transmission of data to the USA, Google invokes standard contractual clauses of the European Commission, which are intended to ensure compliance with the European data protection level. Additional legal information on Google Analytics 4 and a copy of the aforementioned standard contractual clauses can be found here.
Demographic details: Google Analytics 4 uses the special demographic details function, which it can use to generate statistics that provide information regarding the age, gender and interests of page visitors. This is performed by the analysis of ads and information from third-party providers. The function means that target groups can be identified for marketing activities. The data collected cannot, however, be assigned to a specific person, and is deleted after a storage period of two months.
Google Signals: Google Signals can be used on the websites as an extension of Google Analytics 4 in order to generate cross-device reports. If you have activated personalised ads and linked your devices with your Google account, Google can, subject to your consent to the use of Google Analytics 4, carry out a cross-device analysis of your usage behaviour and generate database models on, among other things, cross-device conversions. We do not receive any personal data from Google, only statistics. If you would like to stop the cross-device analysis, you can deactivate the personalised ads function in the settings area of your Google account. To do so, follow the instructions on this page.
UserIDs: The UserIDs function can be used on the websites as an extension of Google Analytics 4. If you have consented to the use of Google Analytics 4 and have set up an account on these websites and logged in to this account on various different devices, then your activities, including conversions, can be analysed in a cross-device manner.
Google uses this information to analyse your use (under a pseudonym) of our websites in order to compile reports about the website activities and to provide us with additional services connected to the website use and internet use. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. When you visit our website, your user behaviour is recorded in the form of events (e.g. page accesses, purchase activities incl. sales, interaction with the website or your ‘click path’) and other data such as your approximate location (country and town/city), technical information related to your browser and the end devices that are used by you, or the referrer URL, i.e. via which website/promotional material you arrived at our websites.
In addition to the data listed in Section 1, we may therefore also receive the following information:
- navigation path followed by a visitor to the site
- length of time spent on the website or subpage
- the subpage from which the website was exited
- the country, region or town/city from where the website was accessed
- end device (type, version, colour depth, resolution, width and height of the browser window)
- repeat or new visitor
Google Tag Manager
We use Google Tag Manager to integrate Google’s analytics and marketing services into our website and manage them. Google Tag Manager is a tag management system that can be used to create and monitor tags on a user interface without having to write a new code every time. The tool that implements the tags is a cookie-free domain and does not record any personal data. The tool does, however, trigger other tags that may record data. Google Tag Manager itself, however, does not access this data.
If a deactivation is performed at domain level or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
Further information relating to Google Tag Manager can be found in Google’s Usage Guidelines.
reCAPTCHA
Captcha is an abbreviation of completely automated public Turing test to tell computers and humans apart. It is a test designed to tell the difference between humans and machines/robot programs, or ‘bots’ for short.
reCAPTCHA is a Captcha service from Google that aims to work out whether a certain action on the internet is being performed by a human or by a computer program. reCAPTCHA is used as part of the double-opt-in procedure when subscribing to newsletters, and, if applicable, online forms.
Further information on data processing and data protection by reCAPTCHA can be found at: Google Terms – Privacy & Terms – Google.
Google Ads
If you reached our website via a Google ad, a cookie will be set on your computer based on your consent (‘conversion cookie’). These cookies have a limited validity and do not contain any personal data, meaning that they cannot be used for personal identification. If you visit certain websites of ours and the cookie has not yet expired, we and Google will be able to detect that you have clicked on the ad and therefore been forwarded to our websites.
Each Google Ads customer receives a different cookie. This means that there is no possibility that cookies are tracked via the websites of Ads customers. The information obtained using the conversion cookies helps Google to generate conversion statistics for Ads customers who have opted for conversion tracking. These statistics tell us the total number of users who clicked on our ads and which of our websites were then accessed by these users. We do not receive any information that can be used to personally identify you.
Interest-based categories will be allocated to your browser based on the information collected. These categories are used to activate interest-based ads.
We use the data obtained using the aforementioned cookie (known as conversion tracking) for the following purposes:
Remarketing
- Target groups with shared interests
- User-defined target groups with shared interests
- Ready-to-buy target groups
- Similar target groups
- Demographic and geographic targeting
- Dynamic remarketing
- User lists
You can prevent the storage of cookies in general by deactivating the storage of cookies in your browser. You also have the option to object to interest-based ads via Google Ads by adjusting the corresponding settings under www.google.com/settings/ads.
Further information on Google’s terms of use and privacy policy can be found here Ads – Privacy & Terms – Google.
Google Maps
Based on your consent, we incorporate Google Maps on our location page in order to show our locations.
The provider of Google Maps is Google LLC[A1] , 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, or, if your habitual residence is in the European Economic Area (EEA) or in Switzerland, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’).
When you visit our website, data (e.g. your IP address) is transmitted to and stored on a Google server in the USA. Google saves this data as a usage profile in order to shape the services, ads and market research according to your needs. If you are logged in to Google, this data will be directly allocated to your account. If you do not want this to happen, you will need to log out beforehand.
You can prevent the use of Google Maps by deactivating JavaScript in your browser settings. In individual cases, this may potentially lead to function restrictions when using the website.
Further information on data processing and data protection by Google Maps can be found at: Google Maps/Google Earth Additional Terms of Service – Google.
Google Fonts
In order to display our content correctly and in a graphically appealing way across different browsers, we use script and font libraries (Google Fonts) to display text on our websites. Google Fonts is transferred to your browser’s cache in order to prevent it loading up multiple times. If your browser does not support Google Fonts or is blocking access, the content will be displayed in a standard font.
Accessing script libraries or font libraries automatically triggers a connection to the library operator. As part of this process, it is theoretically possible that Google could collect personal data (e.g. your IP address) and transmit this to a server in Ireland or the USA.
Further information on Google Fonts can be found at Frequently Asked Questions | Google Fonts | Google Developers and in Google’s Privacy Statement: Privacy Policy – Privacy & Terms – Google.
Global Tag Site
Global Site Tag (gtag.js) is a tag management system that was developed by Google. It is used to track and manage data such as traffic, sales, conversions and more via a unique line of code. It allows companies to implement tracking tags for various purposes, e.g. Google Ads, Google Analytics and more.
Google Marketing Platform
The Google Marketing Platform (GMP) is an advertising tool from Google, which is used to activate and display interest-based ads for visitors to our websites and third-party websites. The tool allocates a pseudonymous identification number (ID) in order to check which ads have been shown in your browser and which ads have been opened. The use of GMP cookies allows Google to activate ads based on previous visits to our websites or other websites.
You can prevent the storage of the cookies set with this tool by adjusting the corresponding setting in your browser. You will need to deactivate the execution of JavaScript in your browser or install a tool such as NoScript.
You can also prevent the processing of the data generated by the cookies relating to your use of the website (including your IP address) by downloading and installing the browser plug-in available at the following link: www.google.com/settings/ads/plugin.
29. Hotjar
We use Hotjar. Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: www.hotjar.com). Hotjar is a tool for the analysis of your user behaviour on our website. We can use Hotjar to record your mouse and scroll movements and clicks, among other things. Hotjar can also detect how long you have remained with your mouse pointer over a certain point. Hotjar uses this information to generate heatmaps, which make it possible to detect which areas of the website are preferred by the website visitor.
We can also establish how long you stayed on a page, and when you exited the page. We can work out the point at which you stopped entering details in a contact form (known as conversion funnels).
Hotjar can also be used to obtain direct feedback from website visitors. This function serves to improve the web content of the website operator.
Hotjar uses cookies and tracking codes to collect user data for website operators. The tracking codes collect information such as:
- the IP address of the end device
- the end device type
- the screen size of the end device
- the geographical location
- the language used on the website
- the referring domain
- date and time of the website visit
In particular, these cookies make it possible to tell whether our website was visited using a certain end device, or whether the Hotjar functions were deactivated for the browser in question. Hotjar cookies remain on your end device until you delete them.
Hotjar itself states that it will save users’ IP addresses in anonymised form. To this end, it only collects the first 3 octets of the IP address in order to determine the country where the visitor is located. Hotjar does not save the remaining octets. Hotjar also states that it stores all acquired data on servers in Ireland.
We have concluded an order processing contract with Hotjar in order to implement the strict European data protection regulations.
If you would like to deactivate the collection of data by Hotjar, click on the following link and follow the instructions: www.hotjar.com/opt-out.
30. Meta Conversion Tracking
We use Meta Conversion Tracking (via Meta Pixel, formerly Facebook Pixel) by social network Facebook for the analysis and optimisation of our website. The provider of this service is Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if your habitual residence is in the European Economic Area (EEA) or in Switzerland, Meta Platforms Technologies Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
The use of the Meta Pixel allows us to identify visitors to our websites as a potential target group for the placement of ads on Facebook, known as Facebook ads, and to ensure that our Facebook ads are only displayed to Facebook users who are potentially interested in the content. By using the Meta Pixel, we can also track the effectiveness of the Facebook ads using statistics for the purposes of market research. We can analyse whether Facebook users are forwarded to our websites after clicking on a Facebook ad, and whether a conversion is therefore taking place.
You can prevent the recording of your data by the Meta Pixel and the use of your data for the display of Facebook ads. To specify which types of ads you would like to be displayed to you within Facebook, please follow the instructions provided by Facebook in relation to the settings for usage-based ads at the following link: https://www.facebook.com/settings?tab=ads. The settings are applied in a platform-independent manner, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
General information on the processing of data by Meta can be found at https://www.facebook.com/policy.php. Further information and details about Meta Pixel can be found at https://www.facebook.com/business/help/651294705016616.
31. KnowBe4
We use KnowBe4. The provider is KnowBe4, Inc., 33 N Garden Avenue, Suite 1200, Clearwater, FL 33755, USA. KnowBe4 uses the usual information collecting tools such as usage-based collection tools, cookies, web beacons and similar technologies that automatically analyse information when you navigate through the website, use our subscription services or send email enquiries.
KnowBe4 process the following personal data:
Business contact information: first name, surname, employer, title, town/city, state or county, country, telephone number, IP address and business email address
Automatically collected information: this is any information that is collected via cookies and web beacons, including IP addresses, browser names, operating system details, domain name, date of visit, time of visit and visited pages, and similar information
Information on the console: simulated phishing, results of tests and training sessions on security awareness, results of the security evaluation and information that was uploaded to the subscription service.
Personal data is collected and processed by KnowBe4 as soon as it has been forwarded to KnowBe4 by the account administrator of your organisation (the ‘account admin’) at the discretion of your organisation. KnowBe4 only collects and processes the minimum personal data required for the functioning of the subscription service.
Further information on how KnowBe4 processes your personal data can be found here: https://www.knowbe4.de/datenschutzerklaerung.
32. Microsoft Clarity
We use the service Microsoft Clarity by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA (hereinafter referred to as ‘Microsoft’) for the statistical analysis of user behaviour and for optimisation and marketing purposes. This service collects and stores various items of user information.
Microsoft Clarity is a tool that allows the company to check the usability of its websites. To this end, Microsoft Clarity records selected user sessions. Companies can then analyse the sessions. The tool provides measured values that indicate potential problems with usability.
Microsoft Clarity collects user data such as
- access times
- IP addresses
- cursor and scroll movements
This data can be used to create and analyse pseudonymised usage profiles for the same purpose. Cookies are set for collection and analysis.
Collected information may be transmitted to and stored on Microsoft servers in the USA. We have concluded a processing contract with Microsoft that obligates Microsoft to protect our customers’ data and not transmit it to third parties.
Further information on the privacy terms of Microsoft Clarity can be found at https://clarity.microsoft.com/terms.
33. Yahoo Dot
We use the service Yahoo Dot, a web analytics tool by Yahoo Advertising Conversion Tracking of Verizon Media Inc., 770 Broadway, NY 10003-9563.
Yahoo Dot is a tool that allows website operators to analyse and track the traffic on their websites. It helps them to track the performance of their websites and to understand which pages are visited most frequently, how long visitors spend on the websites, where the visitors come from and how many visitors click on a certain element. Yahoo Dot can also be used to track the conversion rate, the number of visitors, the daily clicks per month and much more.
Yahoo’s privacy terms in connection with collected data can be found at the following link: legal.yahoo.com/.
34. Bing Universal Event Tracking
We use the service Bing Universal Event Tracking (UET) by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA (hereinafter referred to as ‘Microsoft’) for the statistical analysis of user behaviour and for optimisation and marketing purposes. This service collects and stores various items of user information.
UET is used to track website visitors and to understand how they behave on the website. UET allows companies to measure their conversions, analyse the Return on Investment (ROI) and collect more information about their target group. UET can also be used to track behaviour on the website, e.g. how many visitors visit a page, how long they stay there and which links they click on.
Microsoft’s privacy terms in connection with collected data can be found at the following link: privacy.microsoft.com/en-gb/privacystatement/
G. Social Media
We operate pages and other online presence on social networks and other platforms operated by third parties, and we process data about you in relation to this. This involves us receiving data from you (e.g. when you communicate with us or comment on our content) and from the platforms (e.g. statistics).
We use social plug-ins (plug-ins) from various social networks on our websites. These plug-ins allow you to share content or recommend products, for example. The details of the platform operators are as follows:
- Facebook Inc., 1601 S California Ave, Palo Alto, CA 94304, USA
- Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
- Instagram Inc., 1601 Willow Road, Meno Park, CA 94025, USA
- YouTube, a service operated by Google Inc.
- TripAdvisor Inc., 400 1st Avenue, Needham, 02494 MA, USA
- Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA
- LinkedIn Ireland Unlimited Company, Dublin 2, Ireland
- Xing SE, Dammtorstrasse 30, 20354 Hamburg, Germany
- Kununu GmbH, Neutorgasse 4-8, A – 1010 Vienna
When you click on the relevant symbols for the social networks, you will automatically be forwarded to our profiles with the networks in question. To use the network functions there, it will in some cases be necessary for you to log in to your user account. When you click on a link to our social media profiles, a direct connection will be established between your browser and the server of the social network in question. This informs the network that you have visited our websites with your IP address and clicked on the link.
When you click on a link to a network while logged in to your account with this network, the content of this page may be linked to your profile with the network, meaning that the network can allocate your visit to our websites directly to your user account. If you want to prevent this, you should log out before clicking on the relevant links. Allocation will definitely take place if you log in to the relevant network after clicking on the link.
35. Facebook Plugins (Pixel, Signal)
Facebook plug-ins are in some cases integrated into our websites on the basis of our overriding interests and your consent.
According to a statement from Facebook, however, the data collected is also transmitted to the USA and other third countries. The Facebook plug-ins can be recognised by the Facebook logo or the like button on this website. An overview of the Facebook plug-ins can be found here: https://developers.facebook.com/docs/plugins/?locale=en_GB.
When you click on the Facebook like button while you are logged in to your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to allocate your visit to this website to your user account.
We would like to point out here that as the website provider, we do not have any knowledge of the content of the transferred data or how it is used by Facebook. Further information about this can be found in Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation .
If you do not want Facebook to be able to allocate your visit to this website to your Facebook user account, please log out of your Facebook user account.
36. LinkedIn Ads
LinkedIn Ads is used to create, publish and manage ad campaigns on the LinkedIn platform. These ad campaigns can then be displayed on websites in order to reach more visitors, increase a company’s visibility and reach more potential customers.
Further information about data processing by LinkedIn can be found at the following link: de.linkedin.com/legal/privacy-policy.
37. LinkedIn Insight Tag
We use the LinkedIn Insight Tag on our website. This is a service by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland and the LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA; referred to collectively as ‘LinkedIn’, whereby LinkedIn Ireland Unlimited Company is responsible for the processing of personal data.
The LinkedIn Insight Tag sets a cookie on your device. This cookie is used for the optimisation of marketing campaigns and to re-address website visitors.
LinkedIn analyses the collected data on our behalf so that we can optimise our marketing campaigns and find out more about our target group. This constitutes our legitimate interest.
You can prevent the storage of cookies by adjusting the corresponding settings in your browser. You can also object to cross-device data processing by deactivating this in your LinkedIn account (linkedin.com/psettings/). Further information about data processing by LinkedIn can be found at the following link: https://de.linkedin.com/legal/privacy-policy.
H Storage and exchange of data with third parties
38. Storage duration
We only store personal data for as long as is necessary to use the aforementioned tracking services and for the additional processing as part of our legitimate interest. We store contractual data for longer, as this is prescribed by statutory storage obligations. Storage obligations that require us to store data arise from regulations relating to the compulsory registration law, accounting, and tax law. According to these regulations, business communication, contracts concluded and accounting records must be stored for up to 10 years. If we no longer need this data in order to perform services for you, the data will be blocked. This means that it will then only be permissible to use the data for accounting and tax purposes.
39. Disclosing the data to third parties
We only disclose your personal data to third parties if you have expressly consented to this, if there is a statutory obligation for us to do so or if this is necessary in order for us to assert our rights, or in particular to assert claims arising from the contractual relationship. We also disclose your data to third parties if this is necessary as part of the use of the websites and the performance of the contract (including outside out the websites), namely the processing of your bookings.
We disclose your data to the following categories of recipients:
- IT service providers, hosting providers
- Third parties to which we have outsourced the sending of newsletters, translation work or document reviews.
- Third parties that we have brought in for the provision of additional services that we provide for our customers.
- Third parties that are involved in holding or organising events, seminars and webinars.
- Advisors, trust companies, law firms.
- Authorities and courts where applicable.
Finally, we disclose your credit card information to your credit card issuer and to the credit card acquirer when you make a payment on a credit card. If you choose to pay by credit card, you will be asked to enter all of the essential information. The legal basis for the disclosure of the data is the performance of a contract. Regarding the processing of your credit card information by these third parties, we ask that you also read the general terms & conditions and the privacy statement of your credit card issuer.
Please also refer to the information in Section 40 regarding the disclosure of data to third parties.
It goes without saying that the statutory regulations regarding disclosure to third parties are complied with when disclosing data to third parties. If we use processors to provide our services, we take suitable legal precautions and implement appropriate technical and organisational measures in order to ensure the protection of your data in accordance with the applicable statutory regulations
40. Transfer of personal data abroad
We are entitled to transmit your personal data to third-party companies (contracted service providers) abroad for the purposes of the data processing described in this Privacy Statement. These companies are obligated to the same extent as us with regard to data protection. If the level of data protection in a country does not correspond to the Swiss or European level, we contractually ensure that the protection of your personal data corresponds to that in Switzerland or the EU at all times.
If we transmit your data to third parties abroad (i.e. outside Switzerland or the European Economic Area (EEA)), these third parties will be obligated to the same extent as us with regard to data protection. If the level of data protection in the country in question is inadequate, we ensure that the protection of your data is at an adequate level.
We ensure this in particular by concluding standard data protection clauses of the European Commission with the companies in question, and/or by ensuring the existence within the companies of Binding Corporate Rules (BCR) recognised by a European data protection authority and/or by the existence of additional guarantees that comply with applicable law. Where this is not possible, we base the data transmission on your express consent or the necessity of transmission for contract fulfilment.
I. Data security
We use suitable technical and organisational measures to protect your personal data stored with us against manipulation, complete or partial loss, and unauthorised access by third parties. Our security measures are continually improved according to technological developments.
You should always keep your access data confidential and close your browser window when you have finished communicating with us, and in particular if you share your computer with other people.
We take internal data protection very seriously. Our employees and the service providers contracted by us are bound by us to a duty of confidentiality.
J. Right of access and right to rectification, erasure, restriction of processing and data portability
You have the following rights with regard to your personal data:
- Right of access: You have the right to find out which personal data we process, what happens to this data and how long it is stored for.
- Right to block and right to rectification: You have the right to expand upon, correct or block your personal data at any time.
- Right to erasure: You have the right to request the erasure of your personal data at any time.
- Right to release and transmission of your data: You have the right to request all of your personal data from the controller and to transmit it to another controller in full.
- Right to object: You have the right to object to the processing of your data. We will comply with this objection unless there are legitimate reasons for the processing.
- Right to withdraw consent: If you provide us with your consent to process your personal data, you have the right to withdraw this consent and have your personal data erased.
In order for us to rule out an unlawful use of data, we need to be able to identify you (e.g. by means of a copy of your identification where necessary).
Please note that conditions, exceptions or restrictions apply to these rights (e.g. for the protection of third-parties or business secrets, or due to our professional duty of secrecy).
You can reach us at [email protected] for the purposes mentioned above.
You have the right to complain to a data protection supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC).