Privacy policy
Protecting your personal data is very important to SV Group AG and its group companies (SV). We respect your privacy and strictly observe all applicable data protection provisions of the Swiss Federal Act on Data Protection (FADP) and, where applicable in individual cases, the General Data Protection Regulation (GDPR). We handle such personal data with the utmost diligence, process it in accordance with its purpose and limit processing to what is necessary.
This privacy policy provides you with information regarding the personal data we collect, the purposes for which we collect it and the extent to which we process said data. We also inform you about your rights.
This privacy policy applies to the use of all SV Group AG services and products, regardless of whether you obtain our services via our website, mobile applications or by some other means.
1 Controller
The controller may be the SV Group AG or one of its group companies with which you have a relationship.
In any case, you can address your request to:
SV Group AG
Data Protection Coordinator
Wallisellenstrasse 57
8600 Dübendorf
Switzerland
Company number: CHE-105.834.415
Email: datenschutz_CH@sv-group.ch
2 Appointment of external data protection officer for all group companies
SV has appointed the following external data protection officer for the entire Group:
machCon Deutschland GmbH
Christian Herbst
Robert-Bosch-Strasse 1
78234 Engen
Germany
Company number: District Court of Freiburg HRB 715394
Email: christian.herbst@machcon.com
3 General information regarding SV’s processing of personal data
3.1 Description and scope
We process your personal data as set out below. To improve readability, we have summarised the information and categorised it. We generally endeavour to process personal data as carefully as possible.
3.2 Purpose of processing | Justification | Legal basis
The processing of your personal data is essentially based on the protection of our private or legitimate interests, the initiation and performance of contracts and on your consent insofar as processing requires your consent. Furthermore, processing may be based on a legal obligation or a legal exception, such as the exercise or enforcement of legal claims, the overriding public interest or personal data that has already been published.
3.3 Storage period
We process your personal data for as long as it is necessary to achieve the purpose for which the data was collected (including necessary back-ups). After such time, the personal data is erased or anonymised. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been fulfilled.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
4 Data protection for website visitors
4.1 Description and scope
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data is collected:
· Information about the browser type and version used
· The user’s operating system
· The user's Internet service provider
· The user’s IP address
· Date and time of access
· Websites from which the user's system accesses our website
This information is stored on our own web servers – as is customary in the industry – and is erased periodically. The data is stored for reasons of data security to ensure the stability and operational reliability of our system.
In this privacy policy, we provide a detailed explanation for only the most important cookies and technologies used. A list of all cookies and technologies used on the websites – and a brief description of each – can be accessed via the following links:
SV Restaurant CH old (https://www.sv-restaurant.ch)
SV Restaurant CH new (https://web.sv-restaurant.ch/)
4.2 Purpose of processing | Justification | Legal basis
We process your personal data to ensure a functional website and to provide you with the best possible experience with regard to our content and services. This is combined with the option of establishing targeted contact with our contacts.
The processing of your personal data is essentially based on the protection of our private or legitimate interests in familiarising you with our offers via the website.
4.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which the data was collected (including back-ups). After such time, the personal data is erased or anonymised. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
4.4 Cookies
4.4.1 Description and scope
Cookies are small text files stored by your browser in your system. Cookies allow us to recognise you when you use our website. Individual cookies are also used for marketing and analysis purposes. We use a cookie and consent management tool to provide you with comprehensive information about the cookies used when using the website. We do this via a cookie banner. You can change the cookies you wish to accept at any time by clicking on the cookie button. This button is located in the bottom left of the website.
Cookies help us ensure the proper functioning of our website and facilitate your use of our website. In some cases, cookies remain stored on your device until you delete them. Some cookies are technically necessary in order for our website to function. Both persistent and session cookies are used. A list of the cookies we use is available here:
If you prevent the setting of cookies entirely, it is possible that you will not be able to use our website at all or only to a limited extent.
Cookies allow us to collect information about the use of our website, services and products. This includes details of how you use our website and the pages you visit most often. We also use marketing and analytics cookies with your consent to make advertising more personalised and relevant to you and to measure the effectiveness/success of advertising.
When you access our website, a cookie banner will inform you about our use of cookies. If necessary, your consent to data processing in this context is obtained via the cookie banner. Cookies that are not technically necessary for our website to function smoothly are only set after you have granted your consent.
For example, the following data is stored and transmitted by the cookies (please refer to the list of cookies we use for further information)
· Language settings
· Country settings
· Last page visited
· Search terms entered
· Frequency of page views
· Use of website features
4.4.2 Purpose of processing | Justification | Legal basis
We use cookies to ensure operation of our website, to measure and evaluate use of our website and to obtain information about how we can improve our services, products and our website. Individual cookies are also used for marketing and analysis purposes.
This processing is based on the protection of our private or legitimate interests in operating our website with minimal disruptions and, where necessary, on the consent granted by you via the cookie and consent management tool.
4.4.3 Storage period
The cookies are stored on your device. This gives you control over how long the cookies are stored. You can adjust or reject the use of cookies at any time via your browser settings and/or delete cookies that have already been set.
4.5 Log files
4.5.1 Description and scope
We use log files when using our website for reasons of technical necessity. Furthermore, general access data is stored in a log file for statistical purposes.
Stored access data includes:
· Date and time of website access
· IP address
· Volume of data transferred
· Name and version of your device
· Operating system used
· Browser used
· Name of the file called up
· Access status
· Website from which the website was accessed, if applicable
· Requesting provider
· Type of device used (desktop, mobile)
Although this data does not allow any direct conclusion to be drawn about your identity, the possibility of you becoming identifiable when this data is combined with other data cannot be ruled out. We do not however perform any personal analysis of the log files.
4.5.2 Purpose of processing | Justification | Legal basis
Storage of your IP address for the duration of your visit to the website is necessary to enable transmission of our website content to your device. Storage in log files takes place to allow us to ensure the functionality of our website.
This data is used to provide, optimise, secure and ensure faultless operation of our website, and to rectify any errors and to manage server capacities.
This processing is based on the protection of our private or legitimate interests in operating our website with minimal disruptions.
4.5.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected.
With regard to data collected in connection with the provision of our website, this is the case for as long as you visit or stay on our website. The remaining data stored in log files is erased after 6 months at the latest.
4.6 Forms | Contact form
4.6.1 Description and scope
You can contact us via our website using the contact form. If you use this option, you will be prompted to enter data in the input form. We will receive and store this data. This includes the following details:
· Name (required field)
· Email address (required field)
· Content of your message to us (required field)
· Company (optional)
· Address (optional)
· Telephone (optional)
Your IP address and the date and time of the message are also stored.
Alternatively, you can contact us via the email address provided. The personal data transmitted with the email is also stored in such cases. Data can be transferred within SV. This data is only used to communicate with you and to process your requests.
4.6.2 Purpose of processing | Justification | Legal basis
Your personal data, which you entered in the input form or forwarded to us by email, is processed for the purpose of processing your request.
This processing is based on the protection of our private or legitimate interests, the initiation and performance of contracts and on your consent insofar as processing requires your consent.
4.6.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected. This is the case when your request has been processed in its entirety. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
4.7 Newsletter
4.7.1 Description and scope
Your data will be used to send you newsletters you have subscribed to or to send other requested information by email. You provide your name so that it is possible to address you personally within the scope of the newsletter/email marketing and, if necessary, to identify you should you wish to exercise your rights as a data subject. To receive the newsletter and other emails, it is generally sufficient to simply provide your email address. We make use of the “double opt-in” procedure to verify that the actual owner of the email address is in fact responsible for the registration. To this end, we log the subscription order, the sending of a confirmation email and the receipt of the response requested in said email. No further data is collected for this purpose.
4.7.2 Purpose of processing | Justification | Legal basis
When you register to receive a newsletter, the data you provide is used exclusively for this purpose. Subscribers to the newsletter may also be notified by email of circumstances relevant to the service or registration (e.g. changes to the newsletter and email marketing offer or technical circumstances).
On the basis of your express consent, we regularly send you our newsletter or comparable information by email to your specified email address.
We use various service providers to this end. We have concluded a data processing agreement with such providers. These service providers and corresponding privacy policies are listed below:
- Hubspot (https://www.hubspot.com/data-privacy/gdpr)
- Elaine (https://www.artegic.com/privacy/)
- Brevo (https://www.brevo.com/legal/privacypolicy/)
4.7.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
4.8 Microsoft Advertising
4.8.1 Description and scope
The website uses the “Microsoft Advertising” remarketing function of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Advertising stores a cookie on your computer if you accessed our website via a Microsoft Advertising ad. This allows both Microsoft Advertising and us to recognise that someone has clicked on an ad, been redirected to our website and reached a previously determined target page (conversion page).
4.8.2 Purpose of processing | Justification | Legal basis
We use Microsoft Advertising for our private or legitimate interests, to analyse use of our website and to regularly improve user experience. The statistics we obtain help us improve our offer and make it more interesting for you as a user. You also consent to the use of Microsoft Advertising via the cookie and consent management tool.
4.8.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
4.9 Matomo Analytics
4.9.1 Description and scope
We use the “Matomo” web analytics tool to tailor our websites to your needs. Matomo creates usage profiles based on pseudonyms. To this end, persistent cookies are stored on your device and read by us. This allows us to recognise and count returning visitors. Further information about Matomo's terms of use and data protection regulations is provided here:
4.9.2 Purpose of processing | Justification | Legal basis
We use Matomo Analytics for our private or legitimate interests, to analyse use of our website and to regularly improve user experience. The statistics we obtain help us improve our offer and make it more interesting for you as a user. You also consent to the use of Matomo Analytics via the cookie and consent management tool.
4.9.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
4.10 HubSpot Analytics
4.10.1 Description and scope
We use the services of software manufacturer HubSpot. HubSpot is a software company from the USA with a branch in Ireland (HubSpot European Headquarters, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland). HubSpot is a service platform that allows us to manage customer data and cover various aspects of our online marketing.
4.10.2 Purpose of processing | Justification | Legal basis
We use HubSpot Analytics for our private or legitimate interests, to analyse use of our website and to regularly improve user experience. The statistics we obtain help us improve our offer and make it more interesting for you as a user. You also consent to the use of HubSpot Analytics via the cookie and consent management tool.
4.10.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
4.11 Hotjar
4.11.1 Description and scope
Hotjar's technology allows us to gain a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click on, what they like and dislike, etc.). This helps us to tailor our offer based on feedback from our users. Hotjar uses cookies and other technologies to collect data about the behaviour of our users and their devices. This specifically includes the IP address of the device (only collected and stored in anonymised form while using the website), screen size, device type (unique device identifiers), information about the browser used, location (country only) and preferred language for viewing our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling the data it collects on our behalf.
4.11.2 Purpose of processing | Justification | Legal basis
We use Hotjar for our private or legitimate interests, to analyse use of our website and to regularly improve user experience. The statistics we obtain help us improve our offer and make it more interesting for you as a user. You also consent to the use of Hotjar via the cookie and consent management tool.
4.11.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
4.12 Pinterest conversion tag
4.12.1 Description and scope
The Pinterest tag is a snippet of code that we have integrated into some of our websites so that we can track user actions. For example, we can measure campaign performance, build target groups for targeting, run remarketing campaigns and optimise conversions.
4.12.2 Purpose of processing | Justification | Legal basis
We use Pinterest conversion tag for our private or legitimate interests, to analyse use of our website and to regularly improve user experience. The statistics we obtain help us improve our offer and make it more interesting for you as a user. You also consent to the use of Pinterest conversion tag via the cookie and consent management tool.
4.12.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
4.13 Contentsquare
4.13.1 Description and scope
Contentsquare is a digital experience analytics platform. It provides insights into user behaviour on websites and mobile apps. It helps us understand how visitors interact with our digital offerings, identify areas for improvement and optimise the user experience to drive conversions and engagement.
4.13.2 Purpose of processing | Justification | Legal basis
We use Contentsquare for our private or legitimate interests, to analyse use of our website and to regularly improve user experience. The statistics we obtain help us improve our offer and make it more interesting for you as a user. You also consent to the use of Contentsquare via the cookie and consent management tool.
4.13.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
4.14 Google Analytics
4.14.1 Description and scope
We use Google Analytics on our website. This is a web analytics service provided by Google Inc (“Google”). Google Analytics uses cookies that make it possible to analyse your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, in the event that IP anonymisation is activated on this website, your IP address will be truncated beforehand by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of us as the operator of the websites, Google uses this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and Internet usage.
Our website also uses Google Signals. This is an extension function of Google Analytics that enables cross-device tracking. This means that if your Internet-enabled devices are linked to your Google Account, Google can create reports about usage behaviour (especially cross-device user numbers) even if you change your device. Google uses data for this purpose, provided you have activated the “personalised advertising” setting in your Google account.
We do not process personal data in this respect. We only receive statistics compiled on the basis of Google Signals.
You can deactivate the “personalised advertising” setting in your Google account at any time and, in doing so, object to collection by Google Signals.
We also use Google Enhanced Conversion Tracking. Google Enhanced Conversion Tracking is a feature that can increase the accuracy of our conversion measurement. It securely sends hashed first-party conversion data from our website to Google as part of an addendum to the existing conversion tags.
4.14.2 Purpose of processing | Justification | Legal basis
We use Google Analytics for our private or legitimate interests, to analyse use of our website and to regularly improve user experience. The statistics we obtain help us improve our offer and make it more interesting for you as a user.
4.14.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
In principle, Google Analytics 4 has a data retention period of 14 months. The retention period and user activity reset rules apply to both event‑level and user-level data stored in Google Analytics. However, certain user-related data – such as age, gender or interests – are erased by default if the respective user has been inactive for 2 months.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
4.15 Facebook Pixel / Facebook Custom Audiences / Facebook Conversion
4.15.1 Description and scope
We use Facebook Pixel, Facebook Custom Audiences and Facebook Conversion.
Within our online offer, we use the “Facebook Pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
Using the Facebook pixel makes it possible for Facebook, on the one hand, to identify you as a visitor to our online offer as a target group in order to display advertisements (“Facebook ads”). We use the Facebook pixel accordingly to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (“Custom Audiences”). With the help of the Facebook pixel, we also wish to ensure that our Facebook ads correspond to the potential interest of the users and do not have a pestering effect. Using the Facebook pixel allows us to perform further tracking of the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (“conversion”).
Facebook processes data within the framework of Facebook's data use policy. Accordingly, general information about the display of Facebook ads can be found here:
https://www.facebook.com/policy.php
Specific information and details about the Facebook pixel and how it works can be found here:
https://www.facebook.com/business/help/651294705016616
4.15.2 Purpose of processing | Justification | Legal basis
We use Facebook pixel for our private or legitimate interests, to analyse use of our website and to regularly improve user experience. The statistics we obtain help us improve our offer and make it more interesting for you as a user.
4.15.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected, usually 90 days. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
4.16 Geographical and cartographic representations
4.16.1 Description and scope
We use the Google Maps service for geographical and cartographic representations on our websites. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can find more information about data processing by Google in the Google privacy policy:
https://policies.google.com/privacy?hl=en
There you can also change your personal data protection settings in the data protection centre. By visiting the website, Google is informed that you have accessed the corresponding sub-page of our website. This takes place regardless of whether Google provides a user account – which you use to log in – or if no user account exists. If you are logged in to Google, your data is directly assigned to your account. If you do not want such an assignment in your profile at Google, you must log out of Google before activating the service. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or tailoring its website to your needs. Such an evaluation is carried out in particular (even for users who are not logged in) for the provision of needs-based advertising. You have a right to object to the creation of these user profiles. You must contact Google directly to exercise this right.
4.16.2 Purpose of processing | Justification | Legal basis
Google Maps allows us to show you interactive maps directly in the websites and allows you to conveniently use the map feature to gain easy access to our businesses and offers.
This processing is based on the protection of our private or legitimate interests in making our offer as accessible as possible to you.
4.16.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
4.17 Survey tools
4.17.1 Description and scope
On our website and in the hotels, there is the option of participating in surveys electronically.
4.17.2 Purpose of processing | Justification | Legal basis
We conduct the surveys on the basis of your express consent to participate and on the basis of our private or legitimate interests in optimising our offer. We do this to measure how satisfied our customers are with our offer and so that we can optimally align our offer with the wishes of our customers.
4.17.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected. With regard to surveys, the data is deleted after evaluation of the surveys has concluded. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
4.18 Userlike
4.18.1 Description and scope / purpose of processing
If you use the live chat tool to contact us, we process the data you voluntarily enter in the tool (name, email address, message) for the purpose of answering the enquiry within the framework of contract processing.
As part of processing performed on our behalf, the third-party provider Userlike, Probsteigasse 44-46, 50670 Cologne, Germany, provides the services for us to provide the live chat tool. All data collected in the course of using the chat tool is processed on its servers. You can find more information about Userlike's data protection here:
https://www.userlike.com/en/terms#privacy-policy
4.18.2 Purpose of processing | Justification | Legal basis
This tool is used to protect our overriding legitimate interests in effective and improved customer communication and is also performed on the basis of your consent where necessary.
4.19 Video platforms
4.19.1 Description and scope / purpose of processing
YouTube
We use the provider YouTube to integrate videos. YouTube is a service of YouTube LLC (“YouTube”), 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google.
We have integrated YouTube videos in our online offer. These are stored on the YouTube website and can be played directly from our website.
By visiting the website, YouTube is informed that you have accessed the corresponding sub-page of our website. This takes place regardless of whether YouTube provides a user account – which you use to log in – or if no user account exists. If you are logged in to Google, your data is directly assigned to your account. If you do not want such an assignment in your YouTube profile, you must log out before activating the button.
YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or tailoring its website to your needs. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. You must contact YouTube to exercise this right.
For further information about the processing of data within the framework of YouTube, as well as your rights in this regard and setting options for protecting your privacy, please refer to Google's terms of use and privacy policy:
https://policies.google.com/privacy?hl=en
Vimeo
Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York 10011, USA. Accordingly, this provider also processes your data in the USA. For videos from Vimeo that are embedded on our site, the Google Analytics tracking tool is integrated automatically. We have no influence on the tracking settings or on the analysis results collected in this way, nor can we view them. Web beacons are also set for website visitors via the embedding of Vimeo videos.
For details of the purpose and scope of data collection and the further processing and use of the data by Vimeo, as well as your rights in this regard and setting options for protecting your privacy, please refer to Vimeo's privacy policy:
4.19.2 Purpose of processing | Justification | Legal basis
Video platforms are used to integrate videos on our websites.
This processing is based on the protection of our private or legitimate interests in making our offer as accessible and known to you as possible and the optimal marketing of our offer.
4.19.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected. With regard to surveys, the data is deleted after evaluation of the surveys has concluded. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
4.20 Social networks
4.20.1 Description and scope
Our website contains links to our profiles on social networks Facebook and Twitter. When you leave our website via these links, you will be redirected to the website of the aforementioned social networks. It is possible that further personal data will be collected from you in this case. Detailed information about the processing of your personal data can be found in the privacy policies of the respective social networks:
Facebook (Meta): https://www.facebook.com/privacy/policy/
Twitter: https://twitter.com/en/privacy
LinkedIn: https://www.linkedin.com/legal/privacy-policy
Instagram: https://privacycenter.instagram.com/policy
4.20.2 Facebook
The Facebook fan page is operated by Facebook Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland (“Facebook”). When you visit our fan page, Facebook processes your personal data in accordance with Facebook's privacy policy.
We process the following personal data in connection with our Facebook fan page:
· Your Facebook username
· Your comments on our fan page
· Your messages which you send to our fan page
· Other information that is required to process requests from our visitors or to identify our visitors in our system
· Your activities on our fan page via “Insights” (service from Facebook)
We process the statistical analysis provided to us by Facebook about the use of our fan page in an anonymised form via the "Insights" service. It is not possible for us to draw conclusions about individual users or to access individual user profiles.
For the purposes of the GDPR, SV Group and Facebook are considered “joint controllers”. Against this background, a corresponding responsibility agreement on shared responsibility was concluded. It can be accessed via this link:
https://www.facebook.com/legal/controller_addendum
4.20.3 Twitter
When you visit our Twitter profile, Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA processes your personal data in accordance with Twitter's privacy policy.
We process the following statistical information regarding use of our Twitter profile:
· Visits to our website
· Number of interactions
· Details of the countries and cities our visitors come from
· Statistics about the gender ratio of our visitors
We also process the following personal data in connection with our Twitter profile:
· Your Twitter username
· Your comments on our Twitter profile
· Messages you send to us via our Twitter profile
· Other information that is required to respond to requests from our visitors or to identify our visitors in our systems.
Please note that we do not process any personal data other than your Twitter username when you send us a direct message.
4.20.4 LinkedIn
When you visit our LinkedIn profile, LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA processes your personal data in accordance with LinkedIn's privacy policy.
We process the following personal data in connection with our LinkedIn profile:
· Your LinkedIn username
· Your comments on our LinkedIn profile
· Your messages which you send to us via LinkedIn
· Your activities on our LinkedIn profile via LinkedIn analytics (LinkedIn Page Insights), such as the number of activities on our LinkedIn profile
· Other information that is required to respond to requests from our visitors or to identify our visitors on our systems
We also use the statistical information provided by LinkedIn about the use of our LinkedIn profile in an anonymised form. Such information may include:
· Visits to our website
· Number of interactions
· Details of the countries and cities our visitors come from
· Statistics about the fields our visitors work in
It is not possible for us to draw conclusions about individual users or to access individual user profiles.
For the purposes of the GDPR, SV Group and LinkedIn are considered “joint controllers”. Against this background, a corresponding responsibility agreement on shared responsibility was concluded. It can be accessed via this link:
https://legal.linkedin.com/pages-joint-controller-addendum
4.20.5 Instagram
When you visit our Instagram profile, Facebook Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland, as the service provider of Instagram, processes your personal data in accordance with the data protection provisions applicable there.
We process the following personal data in connection with our Instagram profile:
· Your Instagram username
· Your comments on our Instagram profile
· Your messages which you send to us via our Instagram profile
· Your activity on our Instagram profile via the Instagram Insights service, such as:
- Visits to our website
- The reach of the posts
- Details of the countries and cities our visitors come from
- Statistics about the gender ratio of our visitors
· Other information that is required to respond to requests from our visitors or to identify our visitors on our systems
We also use the statistical information provided by Instagram via the Instagram service “Insights” about the use of our Instagram profile in an anonymised form. Such information may include:
· Visits to our website
· Number of interactions
· Details of the countries and cities our visitors come from
· Statistics about the gender ratio of our visitors
It is not possible for us to draw conclusions about individual users or to access individual user profiles via “Insights”.
4.20.6 TikTok
To date, TikTok is only used by the SPIGA Ristorante and SESH Bowls concepts.
TikTok is a video portal with social media features and, for Europe, it is operated by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.
Insofar as we exclusively process the data you transmit to us via TikTok ourselves, we are the data controller. Insofar as the data you provide to us via TikTok is also or exclusively processed by TikTok, TikTok is also the data controller in addition to us. For further information about TikTok's data processing, please refer to TikTok's privacy policy at:
https://www.tiktok.com/legal/page/eea/privacy-policy/en
We have no influence on data collection and further processing performed by TikTok. We are also not able to discern to what extent, where and for how long the data is stored, to what extent TikTok complies with existing erasure obligations, what evaluations and links are made with the data and to whom the data is passed on.
5 Data protection for applicants
As part of initiating and processing an employment relationship, we process the personal data you provide us with.
You can find detailed information here (in German):
6 Data protection for contractual partners of catering service agreements
6.1 Description and scope
As part of a contract initiation and the fulfilment of our obligations arising from a catering service agreement, we process personal data (contact data) of our contacts at our contractual partners. This specifically includes:
· Names
· Email address
· Telephone number
Within SV Group, personal data is only accessible to those who need it to fulfil contractual, legal and supervisory obligations and to protect legitimate interests (e.g. client managers, company management, financial accounting, etc.).
Insofar as necessary for business purposes, the data may be transferred to third parties contractually associated with SV (SV Group companies and external service providers). These third parties process the data on behalf of SV. All processors are contractually obliged to treat personal data confidentially. Otherwise, data is only transferred to recipients outside SV insofar as such transfers are permitted or required by law, insofar as the transfer is necessary for the processing and – consequently – the performance of the contract, insofar as there is an overriding interest or consent, or insofar as SV is authorised to provide information. In this regard, it is ensured that the transferred data is adequately protected by the measures required under data protection law (in particular by appropriate contractual bases and adequate technical and organisational measures).
Data is transferred to locations abroad insofar as such transfers are required by law (e.g. reporting obligations under tax law) or insofar as this is legitimised under data protection law by the legitimate interest and no overriding legitimate interests of the data subject conflict with such transfers.
We use service providers for certain tasks. These service providers may use sub-service providers that may have their registered office, parent company or data centres in a third country.
A transfer abroad is permissible insofar as the Swiss Federal Council has decided that an adequate level of protection exists in the recipient or access country. Insofar as the Swiss Federal Council has not made such a decision, we may only transfer personal data to a third country subject to appropriate safeguards (e.g. standard contractual clauses are in place) and enforceable rights and effective remedies are available.
Within the framework of the contractual relationship, personal data may be transferred to Germany if we share information with our group companies and make it accessible to them.
6.2 Purpose of processing | Justification | Legal basis
The purpose of the processing is to fulfil the obligations of SV Group arising from the contractual relationship entered into in connection with the conclusion and performance of the contract with the customer. The processing of your personal data is based accordingly on the protection of our private or legitimate interests, the initiation and performance of contracts and on your consent insofar as processing requires your consent. The data will be treated as confidential.
6.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
7 Data protection for users of the gustav smart fridge (app)
By providing the following information, we would like to give you an overview of how your personal data is processed by us in connection with the use of the gustav smart fridge app (hereinafter referred to as “app”).
After appropriate registration and validation, you can use the gustav app to purchase products from a gustav smart fridge (hereinafter referred to as “smart fridge”) located within Bluetooth range. When you use the app, we process your personal data.
You can access this privacy policy at any time via the terms and conditions and privacy policy menu item in the app.
We process your data as the controller, unless processing under a different responsibility is indicated. For example, third parties whose website or store the app contains a link to or through which you access the app (such as when you download the app from the Google Play or Apple store) process your personal data for their own purposes and under their own responsibility.
7.1 Processing of personal data in connection with the app in general
We collect personal data that you provide us with when using the app (e.g. in the course of registering) or that arises during use (e.g. which product you have selected or technical data such as the version of your operating system, which may – as a whole – allow conclusions to be drawn about you). In principle, you are not obliged to provide us with personal data. However, in the absence of certain personal data (particularly with regard to registration), we may be unable to provide you with our services or may be unable to do so in full.
If you provide us with personal data from third parties (e.g. payment information), by providing it you are confirming that it is correct and up-to-date and that you are allowed to make it available to us.
We generally process your personal data in order to conclude and perform a contract with you. This includes providing you with the app and processing orders. Below, we provide further details of how personal data is collected and further processed in connection with the app. However, in addition to the examples below, we may collect other personal data for other purposes insofar as such data arises from and is related to the use of the app. In particular, we may process your personal data in connection with the app for the following purposes in which we (and possibly third parties) have a legitimate interest:
· to communicate with you (e.g. if you contact us with an enquiry);
· to advertise and market similar offers and services, provided you have not objected to the use of your personal data for such purposes
· for market and opinion research
· to ensure app security and functionality; and
for other purposes for which you have given your consent, insofar as consent is required for such purposes.
7.2 Information automatically collected by us through the app
As part of your use of the app, we automatically collect certain data that is required to use the app. This includes the internal device ID, operating system version and time of access.
This data is automatically transmitted to us in order that you can be provided with the service and related functions, the app can be improved and any misuse or errors can be prevented and eliminated. Insofar as we require a legal basis, this data processing is carried out for the performance of the contract between you as the data subject and us for the use of the app and in our legitimate interest to ensure the functionality and faultless operation of the app and to be able to offer a service that is in line with the market and interests.
7.3 Creation of a user profile (registration) and registration
We set up a profile for every customer who registers with us. This means they have password-protected direct access to their master data stored with us. Customers can view their data in their profile. If you want to create such a profile or you want to register, you must provide the following data. If you do not provide this data, you cannot create a profile (“mandatory data”):
- Email address
- Password
- First name and last name
- Country
- Payment method
- Consent to the T&Cs and the Privacy Policy
Name and email address are required so that we can identify you as the contractual partner and so that we can provide you with an optimal offer. You must specify the payment method so that it can be stored and used to process your purchases. We will use your email address to send you further information, including the gustav smart fridge newsletter if requested, and we will generally use it to communicate (e.g. sending invoices on request, complaints management) with you.
Insofar as we require a legal basis, this data processing is justified by the fact that (1) the processing is necessary for the performance of the contract between you as the data subject and us in order for you to use the app, or (2) we have a legitimate interest in ensuring the functionality and faultless operation of the app.
7.4 Data processing when using the app
You can enter, manage and edit information, tasks and activities in the app. This information specifically includes your dietary preferences (setting the filter), your consumption patterns via the selection and purchase of your products and your location data in order to provide the smart fridge offer located in your vicinity. You can track the history of your purchases in the app. You can also report problems to us and communicate with us to solve them. Via the data you entered yourself during registration for the aforementioned purposes, we process your personal data when you use the app for the following purposes and on the following legal bases (insofar as we require a legal basis):
· Data concerning you personally: When using the app, we initially process all personal data that you provide us with during registration or through subsequent changes. This concerns the following data in particular: Identification numbers of your technical devices, the master data you entered (e.g. name, email address and telephone number), the filter settings you selected and information about the payment method you used.
We process this data in order to perform the contract with you or so that we can process your enquiries in connection with the performance of the contract, for technical administration, for the fulfilment of our services, for communication with you in relation to performance of the contract or if you contact us with an enquiry, but also, in the context of a legitimate interest, to be able to offer you our services and make them more accessible to you.
· Customer activity data: From your purchases and the compilation of purchases in your history (“my purchases”), we also receive information about your shopping habits and shopping preferences. This concerns the following data in particular: Date of purchase, place, time, type, quantity and value of products purchased, payment method used. The history log helps you track your purchases and reconcile them with payments.
We use your information to track and enhance your shopping experience to make it more customer-friendly and tailored for you, to communicate with you about your orders and about specific products or marketing promotions, and to recommend gustav products and services that may be of interest to you. We have a legitimate interest in doing so. The processing of your personal data for the aforementioned purposes is thus also done with the aim of automatically assessing some of your specific personal characteristics in order to identify preferences, to perform evaluations and for our operational planning purposes.
When you use the app, we also receive information about the device you are using, your Internet connection, the operating system and information we receive from you (including automatically transmitted or generated information). We also have a legitimate interest in processing this information to optimise the app and tailor it to your needs and shopping experience. In this respect, your customer behaviour may be analysed and your data may be processed for advertising and marketing purposes within the scope of a legitimate interest. You can object to the use of your personal data for advertising purposes at any time, either fully or for individual measures.
· Location data: Depending on your app settings and your device's permission settings, we may also collect your precise or approximate location information using data such as GPS, IP address, Bluetooth and WiFi. A Bluetooth connection is required – at least temporarily – in order to open a smart fridge. In this respect, the app requests corresponding permission for Bluetooth access and location sharing as part of the purchase transaction.
Insofar as we require a legal basis, such data processing is justified by the fact that the processing is necessary for the performance of the contract between you as the data subject and us (specifically in order to fulfil our delivery obligation arising from the purchase contract) and, insofar as you allow location sharing and Bluetooth access as part of the purchase transaction, is based on your consent. We also have a legitimate interest in processing location data as this allows us to offer you a user-friendly app by being able to show you the nearest refrigerator if need be.
7.5 Google Analytics for Firebase in the app
The app uses Google Analytics for Firebase, an analytics and monitoring service provided by Google Ireland Limited (“Google”). Mobile app identifiers (in particular Analytics App Instance ID), which function in a similar way to cookies, are used to generate information about how you use this app. This information is also transmitted to a Google server in the USA and stored there. However, we have configured Google Analytics for Firebase in such a way that the IP addresses of visitors are truncated by Google in Europe before being transferred – such as to the USA – and therefore cannot be traced. Google Analytics for Firebase analyses the information to compile reports on app activity (e.g. duration and frequency of pages viewed).
Insofar as we do not obtain your consent to the use of Google Analytics for Firebase, we have a legitimate interest in using Google Analytics for Firebase so that we can analyse and regularly improve the use of our app.
However, it may also be possible for Google to draw conclusions about the identity of visitors and create personal profiles based on the data collected. In this respect, Google acts as an independent controller. You can find more information about Google’s data processing here:
User conditions:
https://marketingplatform.google.com/about/analytics/terms/us/
Privacy policy:
https://policies.google.com/privacy
7.6 Log files in the app
Each time you access our app, certain data is transmitted to us from your mobile device for technical reasons and we save this data in ‘log files’. This concerns the following data in particular: date and time of app use; your mobile device’s IP address; amount of data transferred, and your device name and version. Although this data does not allow conclusions to be drawn about your identity, it might lead to your becoming identifiable when it is combined with other data (e.g. link to your user account). This data is processed in order to perform the contract we concluded with you. We also have a legitimate interest in this processing.
We have a legitimate interest in evaluating log files to make the app available to you and to further improve our app and make it more user-friendly, to find and fix errors faster and to manage server capacities. The log files allow us, for instance, to determine times when our app is particularly popular and provide the appropriate data volume to ensure the best possible user experience for you.
7.7 Credit check
When processing a purchase, our payment processing partner performs a credit check to ensure that you are able to fulfil the payment obligation you have entered into. This check is carried out by Datatrans AG, Kreuzbühlstrasse 26, 8008 Zurich under its own responsibility. For details of data processing in this context, please refer to the data protection information provided by our service provider, which you can access here:
https://www.datatrans.ch/en/privacy-policy/
7.8 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
8 Data protection for restaurant guests
8.1 Description and scope
You have the option of making reservations and bookings or placing orders directly via our restaurants and possibly via apps. Depending on the services you request, we process the following personal data if necessary:
· Name
· Email address
· Address
· Telephone number
· Age
· Payment information
· Nutritional information
· Health restrictions such as food intolerances and allergies
8.2 Purpose of processing | Justification | Legal basis
We process your personal data insofar as such processing is necessary for the initiation and performance of the contract, for the fulfilment of the services you have used and with the aim of providing you with optimal service and an enjoyable experience. We also use your contact details, subject to your consent, to provide you with information about similar services and products that you have already purchased and to improve our services.
8.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
9 Data protection for hotel guests
9.1 Booking / hotel reservation
9.1.1 Description and scope
As part of the services we provide you with, we process the following items of your personal data:
· Name
· Gender
· Address
· Telephone number
· Email address
· Financial information such as credit card information
· Language settings
· Date and place of birth
· Nationality
· ID | passport information
· Personal data about family members
· Photographs, video and audio data, e.g. from surveillance cameras
· Preferences for your stay, e.g. special service requests or dietary instructions
· Any information about the itinerary
9.1.2 Purpose of processing | Justification | Legal basis
We process your personal data insofar as such processing is necessary for the initiation and performance of the contract, for the fulfilment of the services you have used and with the aim of providing you with optimal service and an enjoyable experience. We also use your contact details, subject to your consent, to provide you with information about similar services and products that you have already purchased and to improve our services.
9.1.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
9.2 likeMagic app
9.2.1 Description and scope
With regard to the guest journey, we use the software-supported hotel management solution and central data management platform ‘likeMagic’ of likeMagic AG, Memphispark, Wallisellenstrasse 57, 8600 Dübendorf, Switzerland (a subsidiary of SV) (hereinafter referred to as the “platform”). This platform enables the control, monitoring, handling, analysis and evaluation of accommodation processes in hotels and it combines all functions of the reservation, front office and property management areas in a single interface. Interfaces connect the platform with other applications and infrastructure for operating and managing our hotels. Furthermore, the platform also bundles access for us via corresponding interfaces to application programs licensed by us from third parties. It thus supports defined services in the area of essential, typical hotel operating processes as part of the guest journey such as booking, billing, guest entry and exit processing, guest communication, guest hospitality, locking system management, cleaning management, etc. SV is responsible for the data stored in the platform, which is stored by Google on servers in Switzerland.
SV has concluded a data processing agreement with likeMagic AG to ensure that your personal data is protected. By agreeing to this privacy policy, you authorise likeMagic AG to use your personal data – which we process – for its own research and product development purposes.
9.2.2 Categories of personal data
Personal data that we collect from you and other parties (e.g. family members, accompanying persons) in connection with the guest journey via our website, apps and via other channels is stored and processed in the aforementioned platform.
This specifically includes the following categories of personal data:
- Data and information provided to us when booking a room (specifically title, first and last name, address, email address, date of birth, telephone number, language, booking details [date of stay, number of rooms, room category, number of persons recorded in the booking, selected additional packages etc.], credit card information (PCI/DSS compliant, encrypted), date and time of booking [time stamp]; if applicable, expected time of arrival, desired bed type and/or other preferences, comments)
- Data and information that are disclosed to us or become known to us in connection with your stay in our hotel, specifically for the purpose of fulfilling the statutory registration obligations (first and last name, address and canton, date of birth, place of birth, nationality, date of arrival and departure; including copy of official identification card and signature, room number), in connection with the purchase of additional (chargeable) services such as restaurant, mini-bar, spa treatments, excursion offers, sports offers etc. (specifically first and last name, subject of service, time of service purchase/provision, or details you inform us about (e.g. preferences)
- Data and information related to the use of our facilities, the common areas and your room (i.e. dates and times of access)
- Data and information disclosed to us when using the communication function and in the course of communication with you (specifically first and last name or, if applicable, user name; communication channel; communication product/solution; email address and/or telephone number; date and time of communication; status of messages (opened, read, clicked); content of communication)
- Data disclosed to us when opening a customer account (specifically first and last name, email address, password [encrypted as hash with salt], date and time of registration [time stamp], status of email verification)
- Data disclosed to us when you log in to the customer account, depending on the type of login you selected (email login authentication data [email address, password] or social login authentication data [email address, ID token], dates and time of login [time stamp])
Such personal data is generally collected from our guests themselves. However, this data can also be collected via third parties. This is the case if a guest provides us with personal data of other persons / accompanying persons (e.g. family members) or if a booking is initiated by a third person. Insofar as you provide us with personal data of other persons (e.g. family members, accompanying persons), we ask you to ensure that such persons are aware of this privacy policy and that you only share their personal data with us if you are allowed to do so and said personal data is correct.
We then receive certain data from you via interfaces that connect the platform to application programmes licensed from third parties in connection with the guest journey in the area of essential, typical hotel operating processes such as booking, billing, guest entry and exit processing, guest communication, guest catering, locking system management, cleaning management, etc. and to the other applications and infrastructure of our hotel.
If a booking or check-in takes place using a customer account, the data already stored in the customer account and required for the booking or check-in – such as title, first and last name, address, email address, date of birth, telephone number, language and registration form data – is used for this purpose.
Insofar as you make your bookings for a stay at one of our hotels via a third-party platform, we receive various personal data and information from you from the respective platform operator. We store and process this data in the platform we use. This is essentially data and information that we also collect if we receive a booking without a third-party platform. This specifically includes title, first and last name, address, email address, date of birth, telephone number, language, booking details (date of stay, number of rooms, room category, number of persons covered by the booking, selected additional packages, etc., date and time of booking [time stamp]; expected arrival time, if applicable, bed type and/or other preferences, remarks).
9.2.3 Central storage and linking of your data
The aforementioned data and information, which we specifically collect in connection with the guest journey, are systematically recorded and linked by us for the purpose of processing your bookings and handling the contractual services. As stated above, we use the software-supported hotel management solution and central data management platform ‘likeMagic’ from likeMagic AG, Dübendorf, Switzerland to this end. Your personal data is transferred to the platform via interfaces that connect the platform to application programmes licensed from third parties in connection with the guest journey in the area of essential, typical hotel operating processes such as booking, billing, guest entry and exit processing, guest communication, guest hospitality, locking system management, cleaning management, etc., and to the other applications and infrastructure of our hotel.
In order to store and link the personal data of our guests, a separate guest ID is created for each guest for the respective hotel or hotel group. Accordingly, we also try to identify the guest in our database for every booking. Insofar as we have previously welcomed you to our hotel or hotel group and we are authorised to do so, we also perform a comparison with any personal data we may have stored about you. We do this particularly to keep our customer data up to date, to enable you to check in efficiently and to ensure that your stay is tailored to your needs.
We base these processing operations on our legitimate interest in the efficient management and control of our hotel and in ensuring customer-friendly and efficient customer data management.
Furthermore, please note that by granting your consent when you agree to this Privacy Policy, we may also use the aforementioned personal data and information about you – which we store and link in the platform – to analyse certain personal aspects, such as personal preferences, interests, etc. We do this with the help of the software-based hotel management solution we use. We may use the knowledge gained from this to enable a stay tailored to your needs or to make you offers tailored to your personal interests and preferences. Furthermore, such data generally helps us to increase the efficiency of our operational processes and to continuously improve our offer for our guests.
9.2.4 Transfer of personal data
The personal data collected from you as part of the guest journey will be transferred – to the extent necessary – both to internal departments and, via appropriate interfaces, to external service providers in Switzerland and abroad. This is done as part of the processing and handling of your bookings and as part of your stay. External service providers to whom your personal data may be transferred or who have or may have access to it include, in addition to the aforementioned likeMagic AG, Dübendorf, Switzerland, other order processors and service providers (including IT service providers, service for processing reservation data [property management] or in the area of CRM, payment processing, digital key solution, etc.). An overview of the processors and service providers used in connection with the platform can be found on likeMagic AG’s website:
If, in connection with the use of external service providers, it is necessary to transfer personal data to a country in which the data protection level does not correspond to the Swiss or European level, we ensure that your personal data is protected by contract (e.g. using the EU standard contractual clauses for the transfer of personal data).
Otherwise, we only transfer your personal data if you have expressly consented to such a transfer, if this is necessary for the initiation or performance of the contract, if there is a legal obligation to do so or if such a transfer is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship or other rights, or if the processing is carried out to protect a legitimate interest on our part or on the part of third parties. In rare cases, the transfer of personal data may be necessary to protect vital interests of the data subject or another natural person.
9.2.5 Storage period
Without your consent, we store your personal data in the platform after your stay only to the extent and as long as it is necessary to comply with our legal obligations or we have a legitimate interest in doing so (such as namely an interest in evidence in case of claims, documentation of compliance with legal or other requirements, or an interest in non-personal evaluations). In particular, we retain contractual data in accordance with the statutory retention obligations. Retention obligations that oblige us to retain data are derived from regulations relating to registration law, accounting and tax law. According to these regulations, business communication (including emails), concluded contracts and accounting documents must be kept for up to 10 years. Insofar as we no longer require such data to perform the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.
Insofar as we are permitted to process your personal data beyond the initiation and performance of the contract with your consent, we generally process this data without a specific time limit. We retain such data for as long as it is necessary to achieve the processing purposes or you request that we stop such processing (and for a short period thereafter to enable us to comply with your request), unless we have other legally permissible grounds for continuing to retain your personal data. We also record the fact that you have asked us not to process your data any further so that we can continue to comply with your request. Consent to storage can be revoked by email at any time, with future effect.
Insofar as you have a customer account, the data stored in or linked to your customer account is stored by us until you delete your customer account, unless and insofar as there are legal retention obligations or legitimate interests on our part to the contrary.
10 Data protection for webshop customers
10.1 Description and scope
In the course of using our webshop, we set up a profile for every customer who registers with us. This means they have password-protected direct access to their master data stored with us. You can manage your data there. If you want to create such a profile or you want to register, you must provide us with some data. If you do not provide this data, you cannot create a profile (“mandatory data”). The following data must be provided during registration:
- Email address
- Password
- Consent to the T&Cs and the Privacy Policy
- Information about the payment method used by you
You can voluntarily enter, manage and edit various other information in the webshop.
10.2 Purpose of processing | Justification | Legal basis
Name and email address must be provided so that we can identify you as the contractual partner and so that we can provide you with an optimal offer. While the registration process is in progress, we need your email address, as the information about your order is sent to your email address and we generally use the email address to communicate with you.
Customer activity data: Your purchases provide us with information about your shopping habits and shopping preferences. This specifically includes the following data: Date of purchase, place, time, type, quantity and value of products purchased, payment method used. The history log is designed to allow you to track your purchases and reconcile them with payments.
We also use customer activity data to track and continuously improve your shopping experience. We do this to make it more customer-friendly and tailored for you, to communicate with you about your orders and about specific products or marketing promotions, and to recommend products and services that may be of interest to you. In this respect, your customer behaviour may be analysed and your data may be processed for advertising and marketing purposes.
This data processing is justified by the fact that (1) the processing is necessary for the performance of the contract between you and us for use of the webshop, or (2) we have a legitimate interest in ensuring the functionality and faultless operation of the webshop and so that we can make you offers and familiarise you with our services in the best possible way.
10.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
10.4 Credit check
When processing a purchase, our payment processing partner performs a credit check to ensure that the purchase contract can be properly fulfilled. This is done by Six Payment Services via Datatrans (Planet). For details of data processing in this context, please refer to the data protection information provided by our service provider, which you can access here:
https://www.six-payment-services.com/en/services/legal/privacy-statement.html
11 Data protection for other business partners | suppliers | service providers
11.1 Description and scope
When initiating a contract, we collect all necessary information from the business partner. This is information required for the provision of services, invoicing and administration of the customer relationship. It is possible that personal data of staff members could be processed in the process. This specifically includes the following data:
· Names
· Email address
· Telephone number
11.2 Purpose of processing | Justification | Legal basis
We process your personal data insofar as such processing is necessary for the initiation and performance of the contract or for the performance of the services you have requested. We also use your contact details to provide you with information about services and products similar to those you have already purchased, to improve our services and for general communication with you.
11.3 Storage period
The data is stored for as long as it is necessary to achieve the purpose for which it was collected. Insofar as the data is required for a longer period of time for criminal prosecution purposes or to secure, establish or enforce legal claims, such data will be processed until these purposes have been achieved.
Please note that due consideration must be given to legal archiving and retention obligations, which may lead to an extension of the retention period.
12 Obligations to provide information
12.1 Exemptions from the obligation to provide information in Switzerland
We are not obliged to provide information if
· You already have the information in question
· Processing is provided for by law, or
· We, as media professionals, are not obliged to provide information
· It is not possible to provide the information
· Providing the information would require disproportionate effort
We can postpone or waive the obligation to provide information if
· Overriding interests of third parties require the measure
· Providing the information would defeat the purpose
· Our overriding interests require this measure
· We do not disclose personal data to third parties
When applying the data protection provisions of the Swiss Federal Act on Data Protection, companies belonging to SV are not considered third parties.
13 Disclosure of data within the Group and to third parties
13.1 Description and scope
We generally process personal data within the SV Group and affiliated group companies in Switzerland and Germany.
We sometimes use external third parties in connection with the provision of our services or to process your requests. Such third parties may include:
· External service providers, e.g. IT service providers, data destruction companies etc.
· Suppliers
· Subcontractors
· Other business partners
· Legal advisers
· Auditors
· Data protection advisers
· Potential buyers and other parties involved in a transaction
These third parties only receive personal data if such data is absolutely essential for the provision of the service. We may outsource the processing of personal data to third parties on the basis of a data processing agreement. In such cases, we contractually oblige the processors to process the personal data only in compliance with all applicable data protection provisions of the Swiss Federal Act on Data Protection (FADP) and, where applicable, the General Data Protection Regulation (GDPR) and to ensure that the rights of data subjects are protected.
We may also transfer your personal data to courts, law enforcement agencies or other authorities for processing if such a transfer is necessary for criminal prosecution, clarification of unlawful acts, to secure, establish or enforce legal claims or due to a legal obligation.
13.2 Justification | Legal basis
This processing is based on the protection of our private or legitimate interests, the initiation and performance of contracts and on your consent insofar as processing requires your consent. Furthermore, processing may be based on a legal obligation or a legal exception, such as the exercise or enforcement of legal claims, the overriding public interest or personal data that has already been published.
13.3 International data transfers
We process personal data mainly – but not exclusively – in countries within the European Economic Area (EEA) or Switzerland. In particular, personal data is processed in the following countries:
· Switzerland
· European Union countries, mainly in Germany, Belgium, Ireland and the Netherlands
With regard to individual processing of personal data, it is possible that this data will be processed in the USA. The USA does not offer an adequate level of data protection from the perspective of the Swiss Federal Act on Data Protection (FADP) and, where applicable in individual cases, the General Data Protection Regulation (GDPR). In the event that your personal data is processed in the USA, we ensure an adequate level of data protection in other ways. This includes agreeing the standard contractual clauses of the European Commission. The standard contractual clauses can be viewed here:
https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en
14 Your rights
Within the scope of the applicable data protection law, you have the following rights as a data subject.
To exercise your rights, you can contact us at any time using the contact details provided in Section 1 and Section 2.
However, you are also welcome to contact the competent supervisory authority and to lodge a complaint with them. A list of the competent supervisory authorities in the European Economic Area can be found here:
https://edpb.europa.eu/about-edpb/about-edpb/members_en
The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner:
https://www.edoeb.admin.ch/edoeb/en/home.html
14.1 Right of access
You have the right to obtain information about your personal data that we process at any time. To do this, you can submit a request using the contact details given in Section 1 and Section 2.
When applying the data protection provisions of the Swiss Federal Act on Data Protection, we may refuse, restrict or postpone the provision of information if:
· This is provided for by law, namely to protect professional secrecy
· This is necessary due to the overriding interests of third parties
· The request for information is manifestly unfounded or vexatious
· Our overriding interests require this measure
· We do not disclose any personal data to third parties
14.2 Right to data release and portability
Depending on the applicable data protection law, you have the right to receive your personal data we process at any time. You have the right to receive this data in a structured, common, machine-readable format and/or to have it transferred to a controller.
When applying the data protection provisions of the Swiss Federal Act on Data Protection, we may refuse, restrict or postpone the release or transfer of data – and state the reasons for doing so – if:
· This is provided for by law, namely to protect professional secrecy
· This is necessary due to the overriding interests of third parties
· The request for information is manifestly unfounded or vexatious
· Our overriding interests require this measure
· We do not disclose any personal data to third parties
14.3 Right to rectification
You have the right to request the completion and/or rectification of your personal data that we process at any time. You can submit a request using the contact details given in Section 1 and Section 2.
14.4 Erasure
You have the right to request the erasure of your personal data that we process at any time. You can submit a request using the contact details given in Section 1 and Section 2. As soon as all existing contracts – if any – and other legal relationships with you have concluded, no legal archiving and retention obligations need to be taken into account and/or the processing does not aid the establishment, exercise or defence of legal claims, we will erase your personal data that we process.
14.5 Right to object
You have the right to object to our processing of your personal data at any time. You can submit a request using the contact details given in Section 1 and Section 2. In such cases, we will immediately stop processing your personal data, provided that no compelling reasons and/or overriding interests on our part or on the part of third parties override your interests, or the processing does not conflict with any statutory archiving and retention obligations, and/or the processing does not aid the establishment, exercise or defence of legal claims.
14.6 Restriction of processing
You have the right, within the scope of the applicable data protection law, to request that we restrict processing. In particular, this right may exist for the period required to verify accuracy if there is a dispute between you and us about the accuracy of the personal data and, in the event that a right to erasure exists, if you request limited processing instead of erasure; it may also apply in the event that the data is no longer necessary for the purposes we are pursuing but you require it for the establishment, exercise or defence of legal claims and if you and we still dispute whether an objection has been successfully exercised.
14.7 Revocation of consent with future effect
You have the right to revoke any consent you have granted us regarding the processing of personal data. You can exercise this right at any time with future effect. This means that, in future, we will no longer process your personal data, which we were processing on the basis of your consent. Please note that this does not apply insofar as we process your personal data on another basis, such as a legal obligation. Revoking your consent may mean you are no longer able to use our services.
15 Data security
We take appropriate technical and organisational measures to maintain the security of your personal data in accordance with the current state of technology and to protect it against unauthorised or unlawful processing and/or against accidental loss, alteration, disclosure, destruction or unauthorised access. However, you should always be aware that the transmission of information online and via other electronic means involves certain security risks and we cannot guarantee the security of information transmitted in this way.
16 Changes to this privacy policy
Due to ongoing technical development and/or changes in legal and/or regulatory requirements, it may be necessary to amend this privacy policy. The current version is always available on this page.
Date: September 2023