Icon Logo of Paradiso

Book A Table

Contact
Via Engiadina 3,
7500 St. Moritz, Switzerland

WEBCAM

+41 81 833 40 02
[email protected]

BADRUTT’S PALACE HOTEL

WEBCAM Summer

Privacy Policy

1. Data controller and content of this Privacy Notice

We, Badrutt’s Palace Hotel AG, Via Serlas 27, 7500 St. Moritz, Switzerland, entered in the commercial register of the Canton of Graubünden under number CHE-105.980.962 (we, us, our, etc.), are the operators of the restaurant “Paradiso Mountain Club” (Restaurant) and the website www.townhouse-stmoritz.com (website) and, unless stated otherwise in this Privacy Notice, we are responsible for the data processing described in this Privacy Notice.

To find out which personal data we collect from you and for which purposes, please read the following information. Our data protection practices are based primarily on Swiss data protection laws, especially the Federal Act on Data Protection (FADP), though the provisions of the EU General Data Protection Regulation (GDPR) may also apply in certain cases.

Please note that the information below is reviewed and amended from time to time. We therefore recommend that you consult this Privacy Notice regularly. Furthermore, for the individual data processing activities described below, other companies are legally responsible for data protection or they share this responsibility with us; this means that the information from such providers is also relevant in these instances.

2. Data protection contact

If you have any questions about data protection or would like to exercise your rights, please e-mail our contact person for data protection at the following address: [email protected]

You can contact our EU data protection representative at: MLL Bruxelles SPRL, 222 Avenue Louise, 1050 Bruxelles, Belgium ([email protected])

3. Data processing when contacting us by telephone or e-mail

If you contact us by telephone or e-mail, your personal data will be processed. The data that you have provided, such as your name, e-mail address or telephone number and the reason for contacting us, will be processed. In addition, the time of receipt of the enquiry is documented. We process this data to fulfil your request (e.g. questions about website functions, reservations or services, etc.).

The lawful basis for this data processing is our legitimate interest within the meaning of Art. 6(1)(f) GDPR in fulfilling your request or, if your enquiry concerns the conclusion or performance of a contract, e.g. if you would like to reserve a table, the necessity of carrying out the requisite measures within the meaning of Art. 6(1)(b) GDPR.

4. Data processing when reserving a table

You can make a table reservation on our website. We collect the following data for this (depending on the relevant offer):
– Selection “Paradiso Mountain Club” / “Paradiso Music Desk”
– First name
– Last name
– E-mail address
– Phone number
– Date and time of the reservation
– Number of guests
– Comments (optional)

We record and process the data in order to process the reservation and, in particular, to be able to meet any special requests for the reservation and to contact you in the event of questions or problems. We store your data together with the supplementary details of the reservation (e.g. date and time of receipt, etc.), the reservation data (e.g. allotted table), as well as information related to the performance and fulfilment of the contract (e.g. receipt and handling of complaints), so that we can ensure correct processing of the reservation and performance of the contract.

For processing table reservations, we use the software application of aleno AG, Werdstrasse 21, 8004 Zurich, Switzerland (aleno). As a result, your data is stored in an aleno database, which enables aleno to access the data if this is necessary for the provision of the software and for user support. You can find further information concerning the use of aleno in Clause 15 of this Privacy Notice. Information about the processing of data by third parties and any transfer of data abroad can be found in Clause 16 of this Privacy Notice.

The lawful basis for this data processing is the performance of a contract with you according to Art. 6(1)(b) GDPR.

It is possible that aleno might wish to use some of this data for its own purposes (e.g. to provide marketing e-mails or for statistical analyses). aleno is the data controller for the data processing that it carries out and must ensure compliance with the data protection laws in connection with this data processing. You can find further information about the data processing carried out by aleno here.

5. Data processing in connection with payment processing

If you purchase products or services in our restaurant using an electronic payment method, it is necessary to process your personal data. By using the payment terminals, you transfer the information that is stored in your payment method (e.g. the name of the cardholder, the card number) to the payment service providers involved (e.g. the payment solution provider, the credit card issuer and the credit card acquirer). In addition, they receive the information that the payment method was used in our premises, as well as the amount and the time of the transaction. Conversely, we only receive the credit for the amount of the payment made at the corresponding time, which we can assign to the relevant receipt number, or we are informed that the transaction was not possible or was aborted. Please also note the information of the relevant company, particularly the privacy notice and the general terms and conditions. The lawful basis for our data processing is the performance of a contract according to Art. 6(1)(b) GDPR.

We reserve the right to store a copy of the credit card information as security. In order to avoid default of payment, the requisite data, particularly your personal data, may be transferred to a credit agency for the automatic assessment of your creditworthiness. In this context, the credit agency may give you a credit score. This is an estimated value regarding the future risk of a payment default, e.g. using a percentage value. The value is ascertained by using a mathematical-statistical procedure together with the inclusion of data from the credit agency from other sources.  We reserve the right, based on the information received, not to offer you the “invoice” payment method. The lawful basis for this data processing is our legitimate interest according to Art. 6(1)(f) GDPR in avoiding default of payment.

In the case of wallet payment solutions (Twint, Apple Pay, PayPal), your card details are already securely stored in the Wallet in advance. If you decide to use a wallet solution for your payment, you generally do not need to enter any credit card information. Only the data required for authorisation and transaction processing is then transmitted through the wallet. Also always note the information of the relevant company, particularly the privacy notice and the general terms and conditions.

For processing payments, we use a software application of SIX Group AG, Pfingsweidstrasse 10, 8005 Zurich. As a result, your data is stored in a SIX Group AG database, which enables SIX Group AG to access the data if this is necessary for the provision of the software and for user support. Information about the processing of data by third parties and any transfer of data abroad can be found in Clause 16 of this Privacy Notice. The lawful basis for this data processing is our legitimate interest within the meaning of Art. 6(1)(f) GDPR (EU) in the use of services of third-party providers.

It is possible that SIX Group AG might wish to use some of this data for its own purposes (e.g. to provide marketing e-mails or for statistical analyses). SIX Group AG is the data controller for the data processing that it carries out and must ensure compliance with the data protection laws in connection with this data processing. You can find information about the data processing carried out by SIX Group AG here.

6. Data processing in connection with e-mail marketing

If you register for our marketing e-mails, the following data is collected. Mandatory fields when registering are marked with an asterisk (*):
– Title
– E-mail address
– First name
– Last name

To avoid misuse and ensure that the owner of the e-mail address has themselves consented to receiving marketing e-mails, we use the double opt-in method for the registration. After you have sent your registration, you will receive an e-mail from us with a confirmation link. You have to click on this link in order to definitively register for the marketing e-mails. If you do not confirm your e-mail address within the specified period by clicking on the confirmation link, your data will be deleted and our marketing e-mails will not be sent to this address.

By registering, you consent to the processing of this data so that you can receive marketing e-mails about our products and services. These marketing e-mails can also include invitations to participate in competitions, to provide feedback or to rate our products and services. The collection of your title and first and last names permits us to associate the registration with an existing customer account, if applicable, and thereby personalise the content of the marketing e-mails. Linking you to a customer account allows us to ensure that the offers and contents in the marketing e-mails are even more relevant to you and tailored even more closely to your potential needs.

Your consent forms the lawful basis for this data processing within the meaning of Art. 6(1)(f) GDPR. We use your data for sending marketing e-mails until you decide to revoke your consent. You can revoke your consent at any time, particularly by means of the unsubscribe link that you can find in all the marketing e-mails.

Our marketing e-mails may contain a web beacon, 1×1 pixel (tracking pixel) or similar technical tool. A web beacon is an invisible graphic that is linked with the user ID of the relevant subscriber. For every marketing e-mail sent, we receive information about which e-mail addresses successfully received the e-mail, which e-mail addresses have not yet received the e-mail and which e-mail addresses failed to receive the e-mail. It is also shown how long the marketing e-mail was open for and which links were activated for which e-mail addresses. Finally, we also receive information about which subscribers have unsubscribed from the distribution list. We use this data for statistical purposes and to optimise the marketing e-mails in relation to frequency and the time they were sent as well as with regard to the structure and content. In this way, we can tailor the information and offers in our marketing e-mails more closely to the individual interests of the recipients.

By registering for the marketing e-mails, you also consent to the statistical analysis of user behaviour for the purpose of optimising and refining the marketing e-mails. This consent forms our lawful basis for this data processing within the meaning of Art. 6(1)(a) GDPR. The web beacon is deleted when you delete the marketing e-mail. You can prevent the use of the web beacon in our marketing e-mails and thus revoke your consent by configuring your e-mail programme to not display HTML in messages. In the Help settings for your e-mail software application, you can find information about how to configure this setting, e.g. here for Microsoft Outlook.

For sending marketing e-mails, we use a software application of Cendyn Group, LLC, 980 North Federal Highway Suite 200 Boca Raton, FL 33432 USA (Cendyn). As a result, your data may be stored in a Cendyn database, which enables Cendyn to access the data if this is necessary for the provision of the software and for user support. Information about the processing of data by third parties and any transfer of data abroad can be found in Clause 16 of this Privacy Notice. The lawful basis for this data processing is our legitimate interest within the meaning of Art. 6(1)(f) GDPR (EU) in the use of services of third-party providers.
It is possible that Cendyn might wish to use some of this data for its own purposes (e.g. to provide marketing e-mails or for statistical analyses). Cendyn is the data controller for this data processing and must ensure compliance with the data protection laws in connection with this data processing. You can find further information about the data processing carried out by Cendyn here.

7. Data processing when using the webcam

On our website, you can access a webcam. The video is displayed through embedding (iFrame) on our website. For the provision of the webcam, we use a software application of Seitz Phototechnik AG, Frauenfelderstr. 26, 8512 Lustdorf, Switzerland (roundshot).

By clicking on the webcam, a link is established to the servers of Seitz Phototechnik AG. As part of this, your browser and possibly the log file data (including IP address) detailed in Clause 12.1 are transferred to Seitz Phototechnik AG. This may also involve data being transferred to a server abroad, e.g. the USA (see in particular the absence of an adequate level of data protection and the intended safeguards, Clause 16.2 and 16.3).

This data processing is required to enable the playback of the webcam. The lawful basis for this data processing is our legitimate interest within the meaning of Art. 6(1)(f) GDPR in the provision of a modern website with interesting content.

It is possible that Seitz Phototechnik AG might wish to use some of this data for its own purposes (e.g. for statistical analyses). Seitz Phototechnik AG is the data controller for the data processing that it carries out and must ensure compliance with the data protection laws in connection with this data processing. You can find information about the data processing carried out by Seitz Phototechnik AG here.

8. Data processing in connection with using our Wi-Fi network

In our restaurant, you have the option of using the Wi-Fi network free of charge. The Wi-Fi network is provided by Triulzi AG, Via Surpunt 62, 7500 St. Moritz, Switzerland (Triulzi AG). When using the Wi-Fi network, you transfer the following data to Triulzi AG:
– The MAC address of your device (automatic)

In addition to the above data, data about the time and date of use and the device used is recorded each time the Wi-Fi network is used. This data processing is carried out for the purpose of providing and operating the Wi-Fi network as well as to prevent misuse and to penalise unlawful behaviour. Triulzi AG is the data controller for the described data processing.

The lawful basis for this processing is your consent within the meaning of Art. 6(1)(a) GDPR. You can revoke this consent for the future at any time.

The lawful basis for this processing is our legitimate interest within the meaning of Art. 6(1)(f) GDPR in the provision of a Wi-Fi network in compliance with the applicable legal provisions.

9. Data processing in connection with job applications

You have the option of sending a spontaneous application to us or applying in response to a specific job advertisement. To this end, we will process the personal data that you made available to us.

We use the information you have provided to check your application and your suitability for employment with us. Application documents from applicants who are not considered are deleted once the application process has finished, unless you have expressly requested that they should be stored for longer or we are obliged to store them for a longer period by law.

For processing job applications, we use a software application of Teamtailor AB, Östgötagatan 16, 11621 Stockholm, Sweden. As a result, your data may be stored in a Teamtailor database, which enables Teamtailor to access the data if this is necessary for the provision of the software and for user support. Information about the processing of data by third parties and any transfer of data abroad can be found in Clause 16 of this Privacy Notice. The lawful basis for this data processing is our legitimate interest within the meaning of Art. 6(1)(f) GDPR (EU) in the use of services of third-party providers.

10. Background data processing on our website

10.1 Data processing when visiting our website (log file data)

The web servers temporarily store every visit to our website in a log file (log file). The following data is recorded without your involvement and stored with us until it is automatically deleted:
– IP address of the requesting computer;
– Name of the owner of the IP address (normally your internet service provider);
– Date and time of access;
– Website from which the website was accessed (referrer URL), possibly with details of the search term;
– Name and URL of the file retrieved;
– Status code (e.g. error message);
– Operating system of your computer;
– Browser used (type, version and language);
– Transmission protocol used (e.g. HTTP/1.1); and possibly your username from registration/authentication;
– Name of the host header;
– The verb or word requested, such as the GET method (GETlocation); and
– The purpose of the verb or word requested, e.g. default.htm.

The collection and processing of this data is carried out to enable the use of our website (establish a connection), to guarantee system security and stability on an ongoing basis and to facilitate the error and performance analysis and optimisation of our website (also see Clause 12.6 with regard to the last points).
In the event of an attack on the network infrastructure of the website or if other unauthorised or improper use of the website is suspected, the IP address and other data will be analysed for investigation and defence purposes and possibly used to identify the user within the context of civil or criminal proceedings.

Our legitimate interest within the meaning of Art. 6(1)(f) GDPR lies in the purposes described above and this constitutes the lawful basis for the data processing.

For the operation of our website, we use the services of our hosting provider WP Engine, Inc. Irongate House, 22-30 Duke’s Place, London, EC3A 7LP United Kingdom (WP Engine). As a result, your data is stored in a WP Engine, which enables WP Engine to access the data if this is necessary for the provision of the software and for user support. Information about the processing of data by third parties and any transfer of data abroad can be found in Clause 16 of this Privacy Notice. The lawful basis for this data processing is our legitimate interest within the meaning of Art. 6(1)(f) GDPR in the use of services of third-party providers.

It is possible that WP Engine might wish to use some of this data for its own purposes (e.g. for statistical analyses for product optimisation). WP Engine is the data controller for this data processing and must ensure compliance with the data protection laws in connection with this data processing. You can find further information about data processing in connection with WP Engine here.

Finally, when you visit our website, we use cookies as well as applications and tools that are based on the use of cookies. In connection with these, the data described here can also be processed. You can find more information about this in the following clauses of this Privacy Notice, particular Clause 12.2 below.

10.2 Cookies

Cookies are information files that your web browser stores on the hard disk or in the main memory of your computer when you visit our website. Cookies are assigned identification numbers through which your computer is identified and the information contained in the cookie can be read.

Among other things, cookies help to make your visit to our website easier, more pleasant and more relevant. We use cookies for different purposes that are required, i.e. “strictly necessary”, for you to use the website as you wish. For example, we use cookies to identify you after logging in as a registered user and to enable you to navigate to and from the different sub-pages without having to log in again. The provision of website elements, such as the order function, is also based on the use of cookies, since your information when completing a form is temporarily stored on the website so that you do not have to re-enter it after accessing a different sub-page. In addition, cookies also carry out the technical functions required for the operation of the website, such as load balancing, i.e. the distribution of the performance load of the pages over the different web servers in order to relieve the server or content delivery network (CDN), so that content can be distributed more quickly to the end user. Cookies are also used for security purposes, in order to prevent the posting of illegal content. Finally, we use cookies within the framework of the structure and programming of our website, e.g. to facilitate the uploading of scripts or codes.

The lawful basis for this data processing is our legitimate interest within the meaning of Art. 6(1)(f) GDPR in the provision of a user-friendly and modern website.

Most internet browsers automatically accept cookies. However, when you access our website, we ask for your permission to use cookies that are not strictly necessary, particularly cookies from third-party providers for marketing purposes. By using the corresponding function buttons in the cookie banner, you can select the desired settings. Details regarding the services and data processing associated with individual cookies can be found in the cookie banner and in the following clauses of this Privacy Notice.

For cookie control and consent on our website, we use the services of Onetrust, Mühldorfstraße 8, 81671 Munich, Germany (OneTrust). When using WhatsApp, your data is stored in a OneTrust database. OneTrust is the data controller for the data processing that it carries out and must ensure compliance with the data protection laws in connection with this data processing. Information about the processing of data by third parties and any transfer of data abroad can be found in Clause 16 of this Privacy Notice. You can find further information about the data processing carried out by OneTrust here.

You may also be able to configure your browser in such a way that no cookies are stored on your computer or you always receive an alert when you receive a new cookie. On the following pages, you can find information about how to configure the processing of cookies for certain browsers.
Google Chrome for Desktop
Google Chrome for Mobile
Apple Safari
Microsoft Windows Internet Explorer
Microsoft Windows Internet Explorer Mobile
Mozilla Firefox

The deactivation of cookies may result in you being unable to use all the functionalities of our website.

10.3 Google Tag Manager

To manage the functions of our website, we use Google Tag Manager provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). With Google Tag Manager, tracking codes and associated code fragments (tags) can be managed without the code having to be manually altered. Following implementation, it is possible for the tracking tools we have set to be managed, triggered and controlled through Google Tag Manager. Google Tag Manager is therefore closely involved in the data processing specified below and is used indirectly for the purposes described therein, which is why the lawful basis for the processing can be found in the sections on the individual tools. If some autonomous data processing is deemed to be carried out by Google Tag Manager, our legitimate interest within the meaning of Art. 6(1)(f) GDPR (EU) is the use of third parties for the efficient management of our websites and the performance of our marketing activities.

10.4 SoundCloud Widget

To share music and audio content, we use a software application ofSoundCloud Limited & Co. KG, Rheinsberger Str. 76/77, 10115 Berlin, Germany (SoundCloud).

The SoundCloud Widget is a playback function that enables you to access and play back content that is hosted on SoundCloud directly on our website. If you access a page on our website that contains such a widget, your browser will establish a direct link with the servers of SoundCloud. The contents of the widget are transferred directly by SoundCloud to your browser and integrated into the page. Through the integration of the widget, SoundCloud receives the information that your browser has accessed the corresponding webpage, even if you do not have a profile or are not logged in at that time. This information (including your IP address) is transferred from your browser directly to a SoundCloud server, where it is stored.

If you are logged in with your SoundCloud profile, SoundCloud can associate the visit to our website directly with your profile. If you interact with the widget (e.g. by playing content), the corresponding information is also transferred directly to a SoundCloud server, where it is stored. The information can also be published in SoundCloud and shown to your contacts.

The lawful basis is our legitimate interest within the meaning of Art. 6(1)(f) GDPR in the use of third-party services for the attractive and interactive design of our website. Information about the processing of data by third parties and any transfer of data abroad can be found in Clause 16 of this Privacy Notice. You can find further information about data processing in connection with SoundCloud here.

10.5 Adobe Typekit

On our website, we use Adobe Typekit, a service provided by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland (Adobe), for the integration of font types. Adobe Typekit is a service that facilitates access to a font library. To be able to integrate the fonts that we use on our website, your IP address is transferred to an Adobe server and stored there (see Clause 12.1 for this).

The lawful basis for the data processing for this purpose is our legitimate interest according to Art. 6(1)(f) GDPR in the use of third-party services for the corresponding design of our website. Information about the processing of data by third parties and any transfer of data abroad can be found in Clause 16 of this Privacy Notice. You can find further information about data processing in connection with SoundCloud here.

It is possible to deactivate the services of Adobe and to prevent the data transfer to Google by deactivating Java Script in your browser. However, we would like to point out that this could affect the functionality of Adobe Typekit and other functions, since Java Script is generally used by Adobe to load fonts. In such case, you would not be able to use the map screen.

10.6 Tracking and web analysis tools

10.6.1 General information about tracking

For the purposes of the tailored design and ongoing optimisation of our website, we use the web analytics services specified below. In this connection, pseudonymised user profiles are created and cookies are used (also see Clause 12.2). The information generated by the cookie regarding your use of this website is generally transferred to a server of the service provider together with the log file data set out in Clause 12.1, where it is stored and processed. This may also involve data being transferred to a server abroad, such as in the USA (see in particular the absence of an adequate level of data protection and the intended safeguards, Clause 16.2 and 16.3).

Information that we receive when processing the data includes:
– Navigation path that the visitor to the website uses (including contents viewed and selected or purchased products and/or services booked);
– Length of stay on the website or sub-page;
– Sub-page from which the website is exited;
– Country, region or city from where the website is accessed;
– Device (type, version, colour depth, resolution, height and depth of the browser window); and
– Returning or new visitor.

On our behalf, the provider will use this information to analyse the use of the website, particularly to compile reports on the website activities and to provide further services related to website and internet use for the purpose of market research and the tailored design of this website. To a certain degree, both we and the provider can be seen as the data controller for the processing under data protection law.

The lawful basis for this data processing with the following services is your consent within the meaning of Art. 6(1)(a) GDPR. Part of the data processing can be classed as profiling (with or without high risk), which is also included in your consent. You can revoke your consent at any time and/or refuse the processing by blocking/disabling the relevant cookies in the settings of your browser (see Clause 12.2), or by using the service-specific options described in the following.

For the further processing of the data by the relevant provider as the (sole) data controller (particularly the potential transfer of this data to third parties such as authorities due to national legal regulations), please consult the relevant privacy notices of the provider.

10.6.2 Google Analytics

We use the web analytics services of Google Analytics Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5 Ireland) and/or Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043USA (Google).

In deviation from the description in Clause 12.6.1, IP addresses are not logged or stored in Google Analytics (in the version “Google Analytics 4” used here). In the case of access from the EU, IP addresses are only used to determine location data, after which they are immediately deleted. In the case of the collection of measurement data in Google Analytics, all the IP searches are carried out on EU-based servers before the traffic is forwarded for processing on Analytics servers. Regional data centres are used for Google Analytics. If a link is established to the nearest available data centre of Google in Google Analytics, the measurement data is sent to Analytics via an encrypted HTTPS connection. The data is further encrypted in these centres before it is forwarded to the processing servers of Analytics and made available on the platform. Based on the IP addresses, the most suitable local data centre is determined. This may also involve data being transferred to a server abroad, e.g. the USA (see in particular the absence of an adequate level of data protection and the intended safeguards, Clause 16.2 and 16.3).

We also use the technical extension “Google Signals”, which facilitates cross-device tracking, i.e. technology that enables the tracking of users across multiple devices. This makes it possible to assign an individual website visitor to different devices. However, this only happens if the visitor has logged into a Google service during their website visit and at the same time has activated the option “personalised advertising” in their Google account settings. Even so, we are still unable to access any personal data or user profiles. If you do not wish to use “Google Signals”, you can deactivate the option “personalised ads” in your Google account settings.

Users can prevent Google from recording and processing the data created by the cookie and related to their website use (including the IP address) and revoke their consent by disabling or rejecting the relevant cookies in the cookie banner or in the settings of their web browser (see Clause 12.2) or by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. For the further processing of the data by Google, please consult the data privacy notices of Google: https://policies.google.com/privacy?hl=en-US.

10.6.3 Boxzilla

We use the web analytics service Boxzilla from ibericode BV, Wassenaarweg 40, 6843 NW Arnhem, Netherlands. As a result, the described data about the use of the website may be transferred to the servers of Boxzilla in the Netherlands for the described processing purposes (see Clause 22.4.1).
You can find further information about Boxzilla and how Boxzilla processes data here.

10.7 Online advertising and targeting

10.7.1 In general

We use the services of different companies to provide you with interesting online offers. In the course of this, your user behaviour on our website and on the websites of other providers is analysed so that we can then show you online advertising that has been individually tailored to you.

Most of the technologies for following your user behaviour (tracking) and for the targeted display of advertisements (targeting) work with cookies (also see Clause 12.2) or similar technologies and unique identifiers (e.g. advertising ID) with which your browser can be recognised across different websites. Depending on the provider, it will then also be possible for you to be recognised online even when using different devices (e.g. laptop and smartphone). This could be the case if you have registered for a service that you use with several devices.

In such case, it is possible that the data used when accessing the websites (log file data, see Clause 12.1) and when using cookies (Clause 12.2) is transferred to the companies involved in the advertising networks and further processed by them. This may also result in the disclosure of data in potentially all countries worldwide (see in particular the absence of an adequate level of data protection and the intended safeguards, Clause 16.2 and 16.3). In addition, the following data is used in particular for selecting the potentially most relevant advertising for you:
– Personal information that you divulged when registering or when using a service of advertising partners (e.g. your gender, your age group); and
– User behaviour (e.g. search queries, interactions with advertising, types of websites visited, products or services viewed and purchased, subscriptions to newsletters).

We and our service providers use this data to identify whether you belong to our target group and we take this into account when selecting the advertisements. For example, after you have visited our website, you may see the products or services that you viewed displayed again when you visit other websites (re-targeting). Depending on the scope of the data, it is possible that a profile of the user is created that is automatically analysed, i.e. with the use of profiling, whereby the advertisements are selected according to the information stored in the profile, such as affiliation to certain demographic segments or potential interests or behaviours. Such advertisements can be shown to you across different channels, which, in addition to ones on our website or app (as part of onsite and in-app marketing), may include advertisements delivered through the online advertising networks we use, such as Google.

The data can then be analysed for the purpose of billing with the service provider as well as for assessing the effectiveness of advertising measures, so that we can better understand the needs of our users and customers and improve future campaigns. This can also contain the information that a specific action (e.g. visiting certain sections of our websites or sending information) is attributed to a particular advertisement. In addition, we receive aggregated reports from the service providers about advertising activities, as well as information about how our users interact with our website and our advertisements.

The lawful basis for this data processing is your consent within the meaning of Art. 6(1)(a) GDPR. Part of the data processing can be classed as profiling (with or without high risk), which is also included in your consent. You can revoke your consent at any time by rejecting and/or disabling the relevant cookies in the settings in your web browser (see Clause 12.2). Further options for blocking advertisements can be found in the information of the relevant service provider, such as Google.

10.7.2 Facebook Pixel / Facebook Custom Audience

On our website, we use “Facebook Pixel” provided by the social network Facebook, which is operated by Meta Platforms Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta). With the aid of Facebook Pixel, Facebook is able to determine the visitors to our website as a target group for displaying advertisements (Facebook Ads). Accordingly, we use Facebook Pixel to show the Facebook Ads only to those Facebook users who have shown an interest in our website or who demonstrate certain characteristics (e.g. interest in specific topics or products that are determined based on visited websites) that we transfer to Facebook (Custom Audiences). With the help of Facebook Pixel, we aim to guarantee that our Facebook Ads meet the potential interest of the user and are not a nuisance. In addition, with the help of Facebook Pixel, we can trace the effectiveness of Facebook Ads for statistical and market research purposes by seeing whether users are forwarded to our website after clicking on the Facebook Ad (conversion). Facebook Pixel is directly integrated by Facebook when our website is accessed and can store a cookie on your device (see Clause 12.2). If you then log in with Facebook or visit Facebook while you are logged in, the visit to our website is recorded in your profile. The personal data that has been collected about you is anonymous for us and therefore offers us no clues as to the identity of the user. However, the data is stored and processed by Facebook, so that a link to the relevant user profile is possible. The data can therefore be used by Facebook for its own market research and advertising purposes. If we have to transfer data to Facebook for comparison purposes, this is encrypted locally on the browser and only then transferred to Facebook via a secure HTTPS connection. This is carried out with the sole purpose of creating a comparison with the similar data encrypted by Facebook. Furthermore, with the use of Facebook Pixel, we use the additional “advanced matching” feature, whereby the data used to create target groups (custom audience or lookalike audience) is transferred to Facebook in encrypted form.

We also use Facebook Pixel for the purposes of re-targeting (see Clause 12.7.1). With the aid of Facebook Pixel, we can track the Facebook advertisements that you looked at during your visit to our website, the sub-pages that you accessed and which products you placed in your basket. This information is used to offer you individually tailored advertisements on a partner website.

The processing of your data by Facebook is carried out within the context of the data protection guidelines of Facebook (https://www.facebook.com/about/privacy/update). Special information and details about Facebook Pixel and its operating modes can be found in Facebook’s help section. You can object to the recording and use of your data by Facebook Pixel to display Facebook Ads and/or revoke your consent. To configure what kind of advertisements are displayed to you within Facebook, you can access the page provided by Facebook and follow the directions there for the settings for interest-based advertising.
The lawful basis for this data processing is your consent within the meaning of Art. 6(1)(a) GDPR. You can revoke your consent at any time by rejecting and/or disabling the relevant cookies in the settings in your web browser (see Clause 12.2).

Based on your prior consent, we can use data within the context of a customer match and the “advanced matching” feature of Facebook Custom Audience. To this end, we transfer data (such as your e-mail address, telephone number or other identifying characteristics) in encrypted form to Facebook, which then compares this data with the data available for you. If there is a match, this means that the user is also active on this third-party platform. Based on the matched customer data, a target group is created that enables us to tailor advertising campaigns specifically to this target group in order to make the advertising more relevant and effective.

The lawful basis for this data processing is your consent within the meaning of Art. 6(1)(a) GDPR. You can revoke your consent for the future at any time.

11. Social media profiles

On our website, we have incorporated links to our profiles in the social networks of the following providers: Meta Platforms Ireland Limited (Facebook and Instagram), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Privacy Notices;

If you click on the icons of the social networks, you will be automatically forwarded to our profile in the relevant network, during which a direct link between your browser and the server of the relevant social network will be established. As a result, the network receives in particular the data that was described in the section on log files (Clause 12.1), i.e. namely the information that you visited our website with your IP address and clicked on the link. This may also involve data being transferred to a server abroad, e.g. the USA (see in particular the absence of an adequate level of data protection and the intended safeguards, Clause 16.2 and 16.3).

If you click on a link to a network while you are logged in to your user account in the network, the contents of our website can be linked with your profile so that the network can directly associate your visit to our website with your account. If you wish to prevent this, you should log out before clicking on the corresponding links. A connection between your visit to our website and your user account is established whenever you register with the respective network after clicking on the link. The respective provider is the data controller for the data processing. Therefore, please consult the privacy notice on the website of the network.

The lawful basis for any data processing that may be attributed to us is our legitimate interest within the meaning of Art. 6(1)(f) GDPR in the use and advertising of our social media profiles.

12. Google Maps

On our website, you can access Google Maps, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, (Google Maps) via a link. Google Maps is a web service that displays interactive (country) maps to visually represent geographical information. When you use this service, our locations are displayed to you, making it easier for you to find us.

By clicking on the links to Google Maps, cookies are stored and read once the pages are accessed and Google Maps is used (see general section 12.2). In this way, Google collects data about the browsing behaviour of the user and infers information about their possible interests in order to display advertisements on Google services and partner services that are tailored to the personal interests of the user. In certain circumstances, Google can associate this information with your user account. If you do not want Google to collect data about you through this website and associate it with your stored member data, you must log out of Google before visiting this website. The lawful basis for the processing of your data is your consent according to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by rejecting and/or disabling the relevant cookies in the settings in your web browser (see Clause 12.2). Further information about the collection and use of your data by Google can be found in Google’s privacy notice: https://policies.google.com/privacy.

13. Central data storage and analysis in the CRM system

If a clear association with your person is possible, we will save and link the data described in this Privacy Notice, particularly your personal details, your contact details, your contract data and your browsing behaviour on our website, in a central database. This facilitates the efficient management of customer data, allows us to adequately fulfil your request and enables efficient provision of the requested services and performance of the associated contracts.

The lawful basis for this data processing is our legitimate interest within the meaning of Art. 6(1)(f) GDPR in the efficient management of user data.

In addition, we analyse this data to further develop our products and services in line with your needs and to show you and suggest the most relevant information and offers. Moreover, we use methods that predict possible interests and future orders based on your use of our website. Some of these analyses can also be classed as profiling (with or without high risk).

For central data storage and analysis in the CRM system, we use a software application of Cendyn Group, LLC, 980 North Federal Highway Suite 200 Boca Raton, FL 33432 USA (Cendyn). As a result, your data may be stored in a Cendyn database, which enables Cendyn to access the data if this is necessary for the provision of the software and for user support. Information about the processing of data by third parties and any transfer of data abroad can be found in Clause 16 of this Privacy Notice. You can find further information about data processing in connection with Cendyn here.

In addition, we use a restaurant management system provided by aleno AG, Werdstrasse 21, 8004 Zurich, Switzerland (aleno). As a result, your data is stored in an aleno database, which enables aleno to access the data if this is necessary for the provision of the software and for user support. Information about the processing of data by third parties and any transfer of data abroad can be found in Clause 16 of this Privacy Notice. You can find further information about data processing in connection with aleno here.

The lawful basis for this data processing is our legitimate interest within the meaning of Art. 6(1)(f) GDPR in the performance of marketing activities.

14. Forwarding and transfer abroad

14.1 Forwarding to third parties and access by third parties

Without the support of other companies, we would not be able to provide our products and services in the manner we desire. To be able to use the services of these companies, it is necessary for us to forward your personal data to them within a certain scope. Forwarding is carried out to selected third-party providers and only to the degree that is required for the optimum provision of our services.

Various third-party providers have already been explicitly mentioned in this Privacy Notice. This concerns the following service providers in particular:
– Revinate, 2345 Yale Street, First Floor, Palo Alto, CA 94306, United States. You can find further information about data processing in connection with Revinate here.
In the case of this forwarding, the lawful basis is the necessity to perform a contract within the meaning of Art. 6(1)(b) GDPR.

Your data is also forwarded if this is necessary for fulfilling the contractual relationship, e.g. to transport companies or providers of other services. In the case of this forwarding, the lawful basis is the necessity to perform a contract within the meaning of Art. 6(1)(b) GDPR. It is the third-party providers, not us, who are the data controllers for this data processing within the meaning of the data protection law. It is the duty of these third-party providers to inform you about their own data processing that exceeds the forwarding of the data for the provision of the service and to comply with the data protection laws.

In addition, your data may be forwarded, particularly to authorities, legal advisers or debt collection agencies, if we are obliged to do so by law or if this is necessary for the protection of our rights, particularly for asserting claims arising from our relationship with you. Data can also be forwarded if another company intends to acquire our company or parts thereof and the forwarding is necessary for due diligence or for the completion of the transaction.

The lawful basis for this data processing is our legitimate interest within the meaning of Art. 6(1)(f) GDPR in the protection of our rights and compliance with our duties and/or the sale of our company or parts thereof.

14.2 Transfer of personal data abroad

We are also entitled to transfer your personal data to third parties abroad if this is necessary for data processing as set out in this Privacy Notice. Individual data transfers are mentioned above (see in particular Clauses 12 and 13). The statutory provisions governing the forwarding of personal data to third parties are observed in this. The countries to which data can be transferred include those that, according to the decision of the Federal Council and the EU Commission, have an adequate level of data protection (such as the member states of the EEA or, from the perspective of the EU, Switzerland as well), but also those countries (such as the USA) whose data protection level is not considered to be adequate (see Appendix 1 of the Data Protection Regulation (GDPR) as well as the website of the EU Commission). If the country affected does not have an adequate level of data protection, we take appropriate measures to ensure that your data is adequately protected at these companies, unless an exception is specified for the individual data processing (see Art. 49 GDPR). Unless otherwise specified, this concerns the choice of companies that are certified under the Privacy Framework Agreement or standard contractual clauses within the meaning of Art. 46(2)(c) GDPR, which can be found on the websites of the Federal Data Protection and Information Commissioner (FDPIC) and the EU Commission. If you have any questions about the measures taken, please get in touch with our data protection contact (see Clause 2).

14.3 Information concerning data transfer to the USA

Some of the third-party service providers mentioned in this Privacy Notice have their registered office in the USA. For the sake of completeness, we would like to point out for users domiciled in Switzerland or in the EU that the US authorities have monitoring measures in place in the USA that generally enable the storage of all the personal data of all the people whose data is transferred from Switzerland or the EU to the USA. This occurs without differentiation, limitation or exception in terms of the aims pursued and without an objective criterion that would allow limiting the access of the US authorities to the data and its subsequent use to very specific, strictly limited purposes that could justify the interference involved in both accessing and using the data. In addition, we would like to point out that in the USA there is no legal recourse for the affected persons from Switzerland and/or the EU, i.e. no effective legal protection against the general access rights of the US authorities that allow them access to the relevant data and to effect the correction or the deletion thereof. We would like to explicitly point out this legal and factual situation so that you can make an informed decision regarding consent or objection to the use of your data.

We would further like to point out to users domiciled in Switzerland or a member state of the EU that, from the perspective of the European Union and Switzerland, the USA does not have an adequate data protection level due to the reasons set out in this clause, among others. Insofar as we have already explained in this Privacy Notice that recipients of data (such as Google) have their registered office in the USA, we will ensure that your data is adequately protected with our third-party providers; we will do so through the choice of companies that are certified under the Privacy Framework Agreement or through contractual arrangements with these companies, as well as through any additionally required, appropriate guarantees.

15. Retention periods

We store personal data only for as long as is necessary for us to carry out the processing as set out in this Privacy Notice within the context of our legitimate interest. In the case of contractual data, the retention period is prescribed by statutory storage obligations. The requirements that oblige us to store data arise from accounting regulations and tax laws. According to these provisions, business communication, contracts concluded and booking receipts must be stored for a period of up to 10 years. Once we no longer require this data to provide services to you, it will be restricted. This means that the data can only be used if this is necessary for fulfilling the retention requirements or for defending and asserting our legal interests. The data is deleted as soon as there is no longer a retention requirement for or a legitimate interest in the storage thereof.

16. Data security

We take appropriate technical and organisational security measures to protect your personal data that is stored with us against loss and illegal processing, particularly any unauthorised access by third parties. Our employees and the service providers that we use are obligated by us to maintain confidentiality and ensure data protection. In addition, these persons are allowed access to personal data only insofar as this is necessary for fulfilling their duties.

Our security measures are constantly revised in line with technological developments. However, the transfer of information over the internet and through electronic communication channels always carries certain security risks, meaning we cannot provide an absolute guarantee regarding the security of information transferred in this way.

17. Your rights

Provided that the legal requirements are met, you have the following rights as a data subject in relation to the processing of data:
Right to be informed: You have the right to request at any time and free of charge what personal data about you is being held by us and how we use it. This makes it possible for you to check whether we process it in accordance with the applicable data protection regulations.

Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed about the rectification. In such cases, we will also inform the recipients of the affected data about the changes we have made, unless this is not possible or would involve a disproportionate amount of effort.

Right to erasure: You have the right to have your personal data erased under certain circumstances. In some cases, especially if legal retention requirements apply, there may be no right to erasure. In these instances, if the conditions are met, it may be possible to restrict the processing of data instead of erasing it.

Right to restrict processing: You have the right to request that the processing of your personal data be restricted.

Right to data portability: You have the right to receive your provided personal data from us free of charge in a readable format.

Right to object: You have the right to object to data processing at any time, especially in the case of data processing for direct marketing purposes (e.g. marketing e-mails).

Right to withdraw consent: In principle, you have the right to withdraw your consent at any time. However, processing activities based on consent that you have given in the past will not be rendered unlawful by your withdrawal.

To exercise these rights, please e-mail us at the following address: [email protected]

Right to lodge a complaint: You have the right to lodge a complaint with the relevant supervisory authority (e.g. against the way in which your personal data is processed).

Site built by Didgeroo