With this Privacy Policy we inform you which personal data we process in connection with our activities and operations including our www.gartenhotels.ch website process. We specifically inform you about what personal data we process, for what purpose, how, and where. We also inform you about the rights of individuals whose data we process.

For individual or additional activities and operations, further data protection declarations and other legal documents such as General Terms and Conditions (GTC), terms of use, or conditions of participation may apply.

We are subject to Swiss data protection law and, where applicable, foreign data protection law, particularly that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures an adequate level of data protection.

1. Contact addresses

Responsibility for personal data processing:
‍
Garden Hotels Switzerland Association
Office
Bruggerstrasse 37
5400 Baden
‍
kontakt@gartenhotels.ch
‍
We will indicate if there are other data controllers responsible for processing personal data in individual cases.
‍
Data Protection Officer
We have the following Data Protection Officer who serves as a point of contact for data subjects and for supervisory authorities regarding data protection inquiries:
‍
Fabian Weidmann
Garden Hotels Switzerland Association

Office
Bruggerstrasse 37
5400 Baden
‍
kontakt@gartenhotels.ch
‍

2. Terms and Legal Basis

2.1 Terms

‍
Personal data refers to any information relating to an identified or identifiable person. A Data subject is a person whose personal data is processed.

‍
Processing encompasses any handling of personal data, regardless of the means and procedures used, in particular the retention, disclosure, acquisition, collection, deletion, storage, modification, destruction, and use of personal data.

‍
The European Economic Area (EEA) includes the member states of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.
‍
2.2 Legal Bases
‍
We process personal data in accordance with Swiss data protection law, such as, in particular, the Federal Act on Data Protection (DSG) and the Ordinance on the Federal Act on Data Protection (VDSG).

‍
We process personal data – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – in accordance with at least one of the following legal bases:
‍
• Article 6(1)(b) GDPR for the necessary processing of personal data for the performance of a contract with the data subject and for carrying out pre-contractual measures.
‍
• Art. 6(1)(f) GDPR for the necessary processing of personal data to protect the legitimate interests of us or third parties, unless the fundamental freedoms and rights and interests of the data subject override them. Legitimate interests include, in particular, our interest in being able to carry out and communicate about our activities and operations permanently, user-friendly, securely, and reliably, ensuring information security, protection against misuse, enforcing our own legal claims, and complying with Swiss law.
‍
• Art. 6(1)(c) GDPR for the necessary processing of personal data to comply with a legal obligation to which we are subject under applicable law of Member States in the European Economic Area (EEA).
‍
• Art. 6(1)(e) GDPR for the necessary processing of personal data for the performance of a task carried out in the public interest.
‍
• Art. 6(1)(a) GDPR for the processing of personal data with the consent of the data subject.
‍
• Art. 6(1)(d) GDPR for the necessary processing of personal data to protect the vital interests of the data subject or another natural person.
‍‍

3. Type, Scope, and Purpose

‍
We process personal data that is necessary to carry out our activities and operations permanently, user-friendly, securely, and reliably. Such personal data may include, in particular, categories of inventory and contact data, browser and device data, content data, meta or edge data and usage data, location data, sales data, and contract and payment data.
We process personal data for the duration required for the respective purpose(s) or by law. Personal data whose processing is no longer required will be anonymized or deleted.

‍
We may have personal data processed by third parties. We may process personal data jointly with third parties or transmit it to third parties. Such third parties include, in particular, specialized providers whose services we use. We also ensure data protection with such third parties.

‍
We process personal data only with the consent of the data subject, unless processing is permissible for other legal reasons. Processing without consent may, for example, be permissible to fulfill a contract with the data subject and for corresponding pre-contractual measures, to protect our overriding legitimate interests, because processing is evident from the circumstances, or after prior information.
‍
In this context, we particularly process information that a data subject voluntarily provides to us when contacting us – for example, by postal mail, email, instant messaging, contact form, social media, or telephone – or when registering for a user account. We may store such information, for instance, in an address book or using similar tools.

If we receive data about other individuals, the transmitting persons are obliged to ensure data protection for these individuals and to guarantee the accuracy of this personal data.
‍
We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect during the course of our activities and operations, provided that such processing is legally permissible.

‍
4. Personal Data Abroad

‍
We generally process personal data in Switzerland and the European Economic Area (EEA). However, we may also export or transfer personal data to other countries, particularly for processing there or to have it processed there.

‍
We may export personal data to all states and territories on Earth, as well as elsewhere in the universe export, provided that the local law, according to Assessment of the Federal Data Protection and Information Commissioner (FDPIC) or in accordance with Swiss Federal Council Decision adequate data protection and – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – in accordance with European Commission Decision ensures adequate data protection.
‍
We may transfer personal data to countries whose laws do not ensure an adequate level of data protection, provided that data protection is guaranteed for other reasons, particularly on the basis of standard data protection clauses or other appropriate safeguards. Exceptionally, we may export personal data to countries without adequate or appropriate data protection if the specific data protection requirements are met, for example, the explicit consent of the data subjects or a direct connection with the conclusion or performance of a contract. Upon request, we are happy to provide data subjects with information about any safeguards or supply a copy of safeguards.

5. Rights of Data Subjects

‍
Data subjects whose personal data we process have the rights according to Swiss data protection law. These include the right to information as well as the right to rectification, erasure, or blocking of the processed personal data.
‍
Data subjects whose personal data we process can – if and to the extent that the General Data Protection Regulation (GDPR) is applicable – request free confirmation as to whether we process personal data concerning them. In this case, data subjects can request information about the processing of their personal data, have the processing of their personal data restricted, exercise their right to data portability, and have their personal data rectified, erased ("right to be forgotten"), blocked, or completed.
‍
Data subjects whose personal data we process can – if and to the extent that the GDPR is applicable – revoke any given consent at any time with future effect and object to the processing of their personal data at any time.
Data subjects whose personal data we process have a right to lodge a complaint with a competent supervisory authority. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

6. Data Security

We implement appropriate technical and organizational measures to ensure data security commensurate with the respective risk. However, we cannot guarantee absolute data security.

‍
Access to our website is secured using transport encryption (SSL / TLS, specifically with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a padlock in the address bar.

‍
Our digital communication – like all digital communication in general – is subject to mass surveillance without cause or suspicion, as well as other forms of surveillance by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence how personal data is processed by intelligence services, police departments, and other security authorities.

7. Website Usage

7.1 Cookies

We may use cookies. Cookies – both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) – are data stored in the browser. Such stored data does not have to be limited to traditional text-based cookies.
‍
Cookies can be stored temporarily in the browser as "session cookies" or for a specific period as so-called permanent cookies. "Session cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies particularly enable a browser to be recognized on the next visit to our website, thereby allowing, for example, the measurement of our website's reach. However, permanent cookies can also be used for online marketing, for example.
‍
Cookies can be completely or partially deactivated and deleted at any time in the browser settings. Without cookies, our website may not be fully available. We actively request – at least where and to the extent necessary – explicit consent for the use of cookies.
‍
For cookies used for performance and reach measurement or for advertising, a general objection ("opt-out") for numerous services is available via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAd- Choices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA) available.

7.2 Server Log Files

For each access to our website, we may collect the following information, provided that it is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-page of our website accessed including the amount of data transferred, and the last website accessed in the same browser window (referrer).

We store such information, which may also constitute personal data, in server log files. This information is necessary to provide our website on an ongoing, user-friendly, and reliable basis, and to ensure data security, particularly the protection of personal data – including by or with the help of third parties.
‍
7.3 Tracking Pixels

‍
We may use tracking pixels on our website. Tracking pixels are also known as web beacons. Tracking pixels – including those from third parties whose services we use – are small, usually invisible images that are automatically retrieved when you visit our website. Tracking pixels can collect the same information as server log files.

8. Notifications and Communications

‍
We send notifications and communications via email and other communication channels such as instant messaging or SMS.
‍
8.1 Success and Reach Measurement

‍
Notifications and communications may contain web links or tracking pixels that record whether an individual message has been opened and which web links were clicked. Such web links and tracking pixels can also record the use of notifications and communications on a personal basis. We require this statistical collection of usage data for success and reach measurement to be able to send notifications and communications effectively, user-friendly, and permanently, securely, and reliably, based on the needs and reading habits of the recipients.
‍
8.2 Consent and Objection

‍
You must generally give your express consent to the use of your email address and other contact addresses, unless their use is permissible for other legal reasons. For any consent, we use the "double opt-in" procedure where possible, meaning you receive an email with a web link that you must click to confirm, thereby preventing misuse by unauthorized third parties. We may log such consents, including the Internet Protocol (IP) address, as well as the date and time, for evidentiary and security reasons.

You can generally object to receiving notifications and communications, such as newsletters, at any time. By doing so, you can simultaneously object to the statistical collection of usage data for success and reach measurement. Necessary notifications and communications related to our activities remain reserved.

‍
9. Social Media

‍
We maintain a presence on social media platforms and other online platforms to communicate with interested individuals and to provide information about our activities. In connection with such platforms, personal data may also be processed outside Switzerland and the European Economic Area (EEA).
‍
The General Terms and Conditions (GTC), terms of use, data protection declarations, and other provisions of the individual operators of such platforms also apply. These provisions specifically inform data subjects about their rights directly vis-à-vis the respective platform, which includes, for example, the right to information.
‍
For our Social Media Presence on Facebook including the so-called Page Insights, we are – insofar as the General Data Protection Regulation (GDPR) is applicable – jointly responsible with Meta Platforms Ireland Limited (Ireland). Meta Platforms Ireland Limited is part of the Meta companies (including in the USA). Page Insights provide information on how visitors interact with our Facebook presence. We use Page Insights to effectively and user-friendly provide our social media presence on Facebook.
‍

Further details on the nature, scope, and purpose of data processing, information on the rights of data subjects, as well as contact details for Facebook and Facebook's Data Protection Officer can be found in the Facebook's Privacy Policy. We have entered into the so-called « with FacebookAddendum for Controllers» concluded, thereby specifically agreeing that Facebook is responsible for ensuring the rights of data subjects. For the so-called Page Insights, the relevant information can be found on the page «Information on Page Insights» including «Information on Page Insights Data».

10. Third-Party Services

‍
We use services from specialized third parties to ensure our activities and operations are continuous, user-friendly, secure, and reliable. These services allow us, among other things, to embed functions and content into our website. When such content is embedded, the services used will, for technically compelling reasons, temporarily record the Internet Protocol (IP) addresses of users.
‍
For necessary security-related, statistical, and technical purposes, third parties whose services we use may process data related to our activities and operations in an aggregated, anonymized, or pseudonymized form. This includes, for example, performance or usage data required to provide the respective service.
‍
Specifically, we use:
• Google Services: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General information on data protection: «Privacy and Security Principles», Privacy Policy, «Google is committed to complying with applicable data protection laws», «Privacy Guide for Google Products», «How we use data from websites or apps where our services are used» (Google's information), «Types of cookies and other technologies used by Google», «Personalized Advertising» (Activation / Deactivation / Settings).
‍
• Microsoft Services: Providers: Microsoft Corporation (USA) / Microsoft Ireland Operations Limited (Ireland) for users in the European Economic Area (EEA), Great Britain, and Switzerland; General information on data protection: «Data Protection at Microsoft», «Data Protection (Trust Center)», Privacy Policy.

‍
10.1 Digital Infrastructure

‍
We use services from specialized third parties to leverage the necessary digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.
‍
Specifically, we use:
• Hoststar: Hosting; Provider: Multimedia Networks AG (Switzerland); Information on data-
protection: Privacy Policy, «Data Security at Hoststar».
‍
• StackPathCDN: Content Delivery Network (CDN); Providers: StackPath LLC (USA) / Highwinds Network Group Inc. (USA); Privacy information: Privacy Policy.
‍
• webflow: Website Builder; Provider: Webflow Inc. (USA); Privacy information: Privacy Policy for Users in the European Economic Area, Great Britain, and Switzerland («EU & Swiss Privacy Policy»), Privacy Policy for Users in the Rest of the World («Global Privacy Policy»), Cookie Policy.

‍
10.2 Social Media Features and Social Media Content

‍
We use third-party services and plugins to embed functions and content from social media platforms and to enable content sharing on social media platforms and by other means.
‍
We use in particular:
• Facebook (Social Plugins): Embedding Facebook functions and Facebook content, for example «Like» or «Share»; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Privacy information: Privacy Policy.
‍
• Instagram platform: Embedding Instagram content; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Privacy information: Privacy Policy (Instagram), Privacy Policy (Facebook).
‍
• LinkedIn Consumer Solutions Platform: Embedding functions and content from LinkedIn, for example with Plugins such as the "Share Plugin"; Provider: Microsoft; LinkedIn-specific details: "Privacy" ("Privacy"), Privacy Policy, Cookie Policy, Cookie management / Opt-out of email and SMS communication from LinkedIn, Opt-out of interest-based advertising.
‍
• Pinterest(SocialPlugins):Embedding features and content or Pins from Pinterest (Example: «Pin Widget»); Providers: Pinterest Inc. (USA) / Pinterest Europe Ltd. (Ireland) for users in the European Economic Area (EEA); Privacy information: «Privacy, Security, and Legal», Privacy Policy, «Personalization and Data», Cookie Policy.
                           

10.3 Map Content

‍
We use third-party services to embed maps on our website.
We specifically use:

‍
• Google Maps including Google Maps Platform: Map service; Provider: Google; Google Maps-specific information: «How Google uses location information».
‍
10.4 Digital Audio and Video Content
‍
We use services from specialized third parties to enable the direct playback of digital audio and video content such as music or podcasts.
‍
Specifically, we use:

‍
• YouTube: Video platform; Provider: Google; YouTube-specific information: «Data-
protection and security center», «My data on YouTube».

10.5 Fonts

‍
We use third-party services to embed selected fonts, icons, logos, and symbols into our website.
‍
We use in particular:

‍
• Google Fonts: Fonts; Provider: Google; Google Fonts-specific information: «Datenschutz und Google Fonts» («Privacy and Google Fonts»), «Data Protection and Data Collection».
‍

10.6 Advertising
‍
We leverage the ability to specifically Advertising our activities and operations at
to be displayed to third parties such as social media platforms and search engines.
With such advertising, we particularly aim to reach individuals who are already interested in our activities and operations or who might be interested in them (Remarketing and Targeting).

For this purpose, we may transmit corresponding – possibly also personal – data to third parties who enable such advertising. We can also determine whether our advertising is successful, meaning in particular whether it leads to visits to our website (Conversion Tracking).
Third parties with whom we advertise and where you are logged in as a user may be able to associate your use of our online offering with your profile there.
‍
Specifically, we use:

‍
• Facebook Advertising (Facebook Ads): Social media advertising; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (among others in the USA); Data protection information: Remarketing and targeting, especially with the Facebook Pixel and Custom Audiences including Lookalike Audiences, Privacy Policy, "Ad Preferences" (Registration as a user required).
‍
• Google Ads: Search engine advertising; Provider: Google; Google Ads-specific information: Advertising based on search queries, among other things, whereby various domain names – particularly doubleclick.net, googleadservices.com and googlesyndication.com – are used for Google Ads, «Ads» (Google), «Why am I seeing a particular ad?».
‍
• Instagram Ads: Social media advertising; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (among others in the USA); Privacy information: Remarketing and targeting particularly with Facebook Pixel as well as Custom Audiences including Lookalike Audiences, Privacy Policy (Instagram), Privacy Policy (Facebook), «Ad Preferences» (Instagram) (Login as a user required), «Ad Preferences» (Facebook) (Login as a user required).
‍
• LinkedInAds: Social Media Advertising; Providers: LinkedIn Corporation (USA)/LinkedIn Ireland Unlimited Company (Ireland); Privacy information: Remarketing and targeting, especially with the LinkedIn Insight Tag, «Privacy», Privacy Policy, Cookie Policy, Opt-out of personalized advertising.
‍
• Pinterest Ads:Social media advertising; Providers: Pinterest Inc. (USA)/Pinterest Europe Ltd. (Ireland) for users in the European Economic Area (EEA); Data protection information: Remarketing and targeting, especially with the Pinterest Tag, «Privacy, Security, and Legal», Privacy Policy, «Personalization and Data», «Personalized Ads on Pinterest», «Data Sharing on Pinterest», Cookie Policy.

11. Website Extensions

‍
We use extensions for our website to enable additional functionalities.
‍
Specifically, we use:
‍
• Google reCAPTCHA: Spam protection (distinguishing between desired comments from humans and unwanted comments from bots, as well as spam); Provider: Google; Google reCAPTCHA-specific information: "What is reCAPTCHA?" («What is reCAPT- CHA?»).
‍
• jQuery(OpenJSFoundation):Free JavaScript library; Provider: OpenJS Foundation (USA) using StackPath CDN; Privacy information: Privacy Policy (OpenJS Foundation), Cookie Policy (OpenJS Foundation).
‍
• jQuery(GoogleHostedLibraries):Free JavaScript library; Provider: Google; Google Hosted Libraries-specific information: «What does using the Google Hosted Libraries mean for the privacy of my users?» («What does using the Google Hosted Libraries mean for the privacy of my users?»).

‍
12. Performance and Reach Measurement

‍
We use services and programs to determine how our online offering is used. In this context, we can, for example, measure the success and reach of our activities and operations, as well as the impact of third-party links to our website. We can also, for example, test and compare how different versions of our online offering or parts of our online offering are used ("A/B testing" method).

Based on the results of performance and reach measurement, we can, in particular, fix errors, strengthen popular content, or make improvements to our online offering.
When using services and programs for performance and reach measurement, the Internet Protocol (IP) addresses of individual users must be stored. IP addresses are generally truncated ("IP masking") to follow the principle of data minimization through appropriate pseudonymization and thus improve user data protection.

When using services and programs for performance and reach measurement, cookies may be used and user profiles created. User profiles include, for example, the pages visited or content viewed on our website, information about screen or browser window size, and the – at least approximate – location. As a rule, user profiles are created exclusively pseudonymously. We do not use user profiles to identify individual users. Individual third-party services where users are logged in may, if applicable, associate the use of our online offering with the user account or user profile of the respective service.

‍
We use in particular:
• Google Analytics: Performance and reach measurement; Provider: Google; Google Analytics-specific information: Measurement across different browsers and devices (Cross-Device Tracking) and with pseudonymized Internet Protocol (IP) addresses, which are only exceptionally transmitted in full to Google in the USA, «Privacy», «Browser Add-on for deactivating Google Analytics».
‍
• GoogleTagManager:Integration and management of other services for success and reach measurement, as well as other services from Google and third parties; Provider: Google; Google Tag Manager-specific information: «Data collected with Google Tag Manager»; further information on data protection can be found with the individual integrated and managed services.

• Microsoft Clarity: We use Microsoft Clarity and Microsoft Advertising to analyze the use of our website (e.g., with heatmaps and session recordings). This involves the use of cookies and similar technologies. The data helps us optimize our website, display advertisements, and prevent misuse. More information can be found in the Microsoft Privacy Policy.

‍
13. Final Provisions

‍
We have prepared this privacy policy with the Privacy Policy Generator by Privacy Partner created.
We may amend and supplement this privacy policy at any time.

We will inform you about such adjustments and additions in an appropriate manner, particularly by publishing the current privacy policy on our website.

‍

‍