With the following information, we would like to inform you in summary about our processing of your personal data and your rights under the data protection regulations. Which specific data are processed in detail and the ways in which they are used depends largely on the concrete circumstances.
a) Who are we?
The Hotel illuster is a business and seminar hotel with its own restaurant (Restaurant Ustaria) located in Uster and operated by SISKA Heuberger Holding AG (“Hotel illuster“).
The data controller is:
SISKA Heuberger Holding AG / Hotel illuster
Lucas P. Treichler, Direktor
Zürichstrasse 14, CH-8610 Uster
+41 44 944 85 85
If you have questions relating to data protection, please contact:
Hotel illuster c/o SISKA Heuberger Holding AG
Brunngasse 6, CH-8400 Winterthur
+41 52 260 05 05
To the extent that the GDPR is applicable, we have appointed as representative in the EU:
Travel GmbH / Data Protection Officer
+49 89 210 94026
We gather your personal data, in particular if you contact us, for example, via our website, as interested person, applicant, customer, etc. We process personal data that we receive from our customers within the scope of our business relationship. In addition, we process – where required for the performance of our services – personal data that we obtain from publicly accessible sources.
Furthermore, we process the data that are generated in the course of using our website and respectively the data that are specified by you (e.g. in the context of subscribing to the newsletter or registering for events or on other web forms).
Relevant personal data include personal details (name, address and other contact details, date or place of birth and nationality) as well as identification data (e.g. data on national identity cards). Apart from this, the data can also include order data, data resulting from the fulfilment of our contractual obligations, advertising and sales data, documentary data and other data that are comparable with the aforementioned categories.
If the website is used merely for informational purposes, meaning when you do not fill out any forms and do not register for an event or transmit information to us otherwise, we do not gather personal data. Solely the data are transferred to us that are transmitted by your browser such as the IP address, visitor path through the website, data and time of the website visit, browser type and version, type of end device, referrer website, etc. An identification is not possible by means of these data.
We process personal data in accordance with the provisions of the Swiss Federal Law on Data Protection (DSG) and the European General Data Protection Regulation (GDPR) respectively to the extent, as the relevant regulations are applicable. Since the GDPR demands that we list each of the legal bases individually, we specify hereinbelow the legal bases that we rely on for our processing where the GDPR applies:
a) For the fulfilment of contractual obligations (Art. 6 (1) lit. b) GDPR)
Data are processed for the performance of services by the Hotel illuster within the scope of the execution of our contracts with our customers (e.g. as relates to hotel reservations, seminars, events, company gatherings and our further services) or for the implementation of pre-contractual measures that are taken on request. The purposes of the data processing are primarily oriented on the concrete services and can include, e.g. activities such as hotel reservations, drafting of offers, customer services and billing of services performed.
In this regard, we process existing data (e.g. customer master data such as names and addresses), contact and communication details (e.g. email addresses, phone numbers) as well as payment information (e.g. bank details, payment history).
The contract documents, and terms and conditions can contain additional details on the purposes of the data processing.
b) Within the scope of the weighing of interests (Art. 6 (1) lit. f) GDPR)
Insofar as required, we process your data beyond the actual fulfilment of the contract for the protection of our or third parties’ legitimate interests. Examples:
c) Based on your consent (Art. 6 (1) lit. a) GDPR)
If you have granted your consent to us for the processing of personal data for particular purposes (e.g. sharing of data, analysis of personal data for marketing purposes, newsletters if no legal basis according to lit. b) applies), the legitimacy of this processing is given on the basis of your consent. Consent that has been granted can be revoked at any time. This also applies to the revocation of consents granted by you to us prior to the applicability of the GDPR, thus before 25 May 2018. The revocation of the consent does not affect the legitimacy of the data processing up until the revocation.
d) Based on legal requirements (Art. 6 (1) lit. c) GDPR) or for the public interest (Art. 6 (1) lit. e) GDPR)
Furthermore, we are subject to the legal regulations of the Swiss lawmaker, so that processing of personal data can also take place if this is required based on legal regulations or if the processing is in the public interest. This is the case, e.g. where reporting requirements apply.
The data entered in an online form are transmitted without encryption. It can therefore not be ruled out that data can be lost or accessed by third parties on the transmission path. The online transmission of personal data is therefore at your own risk.
The data transmitted by you are saved on our servers, stored in application of due care and protected from access by third parties. Only employees who require the data for the fulfilment of their duties have access to the data. We pass on your data to third parties only if we have made an explicit note of this.
The gathered data are used only for the respectively declared purpose.
Within the Hotel illuster, the people who need your data to fulfil our contractual and legal obligations will receive access to your data. Also external service providers engaged by us (e.g. for IT services, logistics, printing services, telecommunications, advising and consulting, as well as in sales and marketing) and vicarious agents can receive data for these purposes.
Recipients of personal data can be, for example:
Further data recipients can be the entities in respect of which you have granted your consent for the data transmission or released us from the non-disclosure obligation under an agreement or consent declaration.
Data transmission to entities in countries outside of the European Union or Switzerland (so-called third countries) takes place (e.g. if transmission of the data to third parties such as payment service providers is required for the contract fulfilment), provided that it is
We process and store your personal data for as long, as it is required for the fulfilment of our contractual or statutory duties, and respectively for as long as we consider it to be necessary for the purposes for which they are processed and our legitimate interest applies respectively or for as long, as your consent has not been revoked.
If the data are no longer needed for the fulfilment of contractual or statutory duties, they will be deleted in the normal case, unless their further processing – for a limited time – is required for the following purposes:
Depending on the applicable legal basis, you have different rights. Insofar as the Swiss Data Protection Law applies, your rights are determined by this law’s regulations.
Insofar as the GDPR applies, the following applies:
Each data subject has the right to receive information pursuant to Art. 15 GDPR, the right to correction pursuant to Art. 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of the processing pursuant to Art. 18 GDPR, the right to objection according to Art. 21 GDPR and the right to data portability pursuant to Art. 20 GDPR. If you state your objection, we will cease the processing of your personal data, unless we can prove compelling reasons for the processing that qualify for protection and override your interests, rights and freedoms, or if the processing serves the purpose of the assertion or enforcement of or defence against legal claims. If you object to the processing for the purposes of direct marketing, we will no longer process your personal data for these purposes. The objection can be declared formlessly and if possible, it should be directed to: firstname.lastname@example.org
If you believe that processing by us violates the applicable data protection laws, you can contact us (see contact details under Section 1) or lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR).
Within the scope of our business relationship, you need to provide the personal data that are required for the commencement and implementation of the business relationship and the fulfilment of the related contractual obligations or the data that we are legally obligated to gather. Without these data, we will usually not be able to conclude or execute a contract with you.
For the purpose of establishing and implementing the business relationship, we generally do not use any fully automated decision-making process according to Article 22 GDPR. If we were to use such processes in individual cases, we would inform you about this separately provided that this is legally mandated.
The website of the Hotel illuster uses so-called tracking cookies. They are used to register your IP address, the website from which you were referred to us, and the type of the browser software used, and the pages of the Hotel illuster website that you are visiting at the moment including the date and duration of the visit. Such tracking data do not permit any conclusions as to individual users, which is why no persons can be identified based on these data.
Cookies are files that are set and stored in a computer system by an internet browser. The data subject can prevent at any time that cookies are stored by our website by means of a corresponding adjustment in the settings of the web browser used and can thereby object permanently to the setting of cookies. In addition, cookies already set can be deleted at any time via a web browser or other software program.
Plug-ins of various third-party providers of social media platforms (Facebook, Tripadvisor, etc.) are embedded on the websites of the Hotel illuster. When calling up a webpage on which plug-ins of such third-party providers are placed, data can be transmitted to the third-party providers through these plug-ins. If the visitor is simultaneously logged in to the network of the respective third-party provider, the visit on the website can be attributed to the visitor’s user account depending on the provider. The Hotel illuster has no influence on the way and manner of the data transmission.