Privacy Policy of Signau House Zürich AG
September 2023
1. Controller and content of this privacy policy
We, Signau House Zürich AG, Signaustrasse 6, 8008 Zurich, are the operator of Signau House & Gar-den – Boutique Hotel (“hotel”) as well as the website www.signauhouse.com (hereinafter referred to as the “website”) and are responsible for the data processing specified in this privacy policy, unless other-wise stated.
To know what personal data we collect from you and for what purposes we use it, please take note of the information below. When it comes to data protection, we are guided primarily by the legal require-ments of the Swiss data protection law, in particular the Swiss Federal Act on Data Protection (FADP), as well as the EU General Data Protection Regulation (GDPR), the provisions of which may be applicable in individual cases.
2. Contact person for data protection
If you have any questions about data protection or wish to exercise your rights, please contact our Data Protection Officer by sending an e-mail to the following address:
E-mail: suzanne.gross@signauhouse.com
3. Your rights
Provided that the legal requirements are met, you have the following rights as a person affected by data processing:
Right to access: You have the right to request access to your personal data stored by us at any time and free of charge when we process it. This gives you the opportunity to check what personal data we process about you and that we use it in accordance with applicable data protection regulations.
Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort.
Right to deletion: You have the right to have your personal data deleted under certain circumstances. In individual cases, especially in the case of legal retention obligations, the right to deletion may be ex-cluded. In this case, the deletion may be replaced by a blocking of the data if the conditions are met.
Right to restrict processing: You have the right to request that the processing of your personal data be restricted.
Right to data transfer: You have the right to obtain the personal data you have provided to us in a readable format from us, free of charge.
Right to object: You can object to data processing at any time, especially for data processing in connec-tion with direct advertising (e.g. advertising e-mails).
Right of withdrawal: In principle, you have the right to withdraw your consent at any time. However, processing activities based on your consent in the past do not become unlawful as a result of your revo-cation.
To exercise these rights, please send us an e-mail to the following address:
E-mail: suzanne.gross@signauhouse.com
Right of complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g. against the way your personal data is processed. In this case, contact the Federal Data Protection and Information Commissioner.
4. Data security
We use appropriate technical and organisational security measures to protect your personal data stored with us. Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and data protection. Furthermore, these persons are only granted access to the personal data to the extent necessary to fulfil their tasks.
5. Contacting us
If you contact us via our contact addresses and channels (e.g. by e-mail, telephone or contact form), your personal data will be processed. The data you have provided us with will be processed.
We process this data exclusively in order to implement your request (e.g. providing information about our hotel, support in the processing of contracts such as questions about your booking, incorporating your feedback into the improvement of our service, etc.). The legal basis for this data processing is our legiti-mate interest within the meaning of Art. 6 para. 1 lit. f EU-GAPR in the implementation of your request or, if your request is directed towards the conclusion or execution of a contract, the necessity for the im-plementation of the required measures within the meaning of Art. 6 para. 1 lit. b EU-GDPR.
6. Use of your data for marketing purposes
6.1 Central data storage and analysis in the CRM system
Insofar as a clear allocation to your person is possible, we will store the data described in this privacy policy in a central database. This serves the efficient management of customer data and allows us to adequately respond to your requests and enables the efficient provision of the services requested by you and processing of the associated contracts. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in the efficient management of user data.
6.2 Email marketing and newsletters
We use Mailchimp, a service provider of Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (“Mailchimp”), to send our newsletter. In this process, your personal da-ta is transmitted to Mailchimp, such as your email address and other information voluntarily provided by you. This data is stored and processed on Mailchimp servers in the USA. Mailchimp is certified under the EU-US Privacy Shield and thus offers sufficient guarantee that the data also complies with data protec-tion requirements in the USA. You have the option to unsubscribe from our newsletter at any time by clicking on the corresponding link at the end of the newsletter or by informing us of this by e-mail.
7. Disclosure to and access by third parties
Without the support of other companies, we would not be able to provide our services in the desired form. In order for us to be able to use the services of these companies, it is also necessary to pass on your personal data to a certain extent. Such a transfer takes place to the extent that it is necessary for the fulfilment of the contract requested by you, i.e. e.g. to restaurants or other third-party providers, for which you have made a reservation. The legal basis for these transfers is the necessity for the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b EU-GDPR.
Furthermore, data is passed on to selected service providers and only to the extent necessary for the provision of the service. Various third party service providers are also explicitly mentioned in this privacy policy, e.g. in the sections on marketing. These are, for example, IT service providers (such as providers of software solutions), advertising agencies and consultancies. Our legitimate interest within the mean-ing of Art. 6 para. 1 lit. f EU-GDPR in the procurement of third-party services forms the legal basis for this data transfer.
In addition, your data may be disclosed, in particular to authorities, legal advisors or debt collection agencies, if we are legally obliged to do so or if this is necessary to protect our rights, in particular to en-force claims arising from our relationship with you. Data may also be disclosed if another company in-tends to acquire our company or parts thereof and such disclosure is necessary to carry out due dili-gence or to complete the transaction. The legal basis for this data transfer is our legitimate interest with-in the meaning of Art. 6 para. 1 lit. f EU-GDPR in safeguarding our rights and complying with our obliga-tions or the sale of our company.
8. Transfer of personal data abroad
We are also entitled to transfer your personal data to third parties abroad, insofar as this is necessary to carry out the data processing mentioned in this privacy policy. In doing so, we comply with the legal pro-visions on the disclosure of personal data to third parties. If the country in question does not have an adequate level of data protection, we ensure through contractual arrangements that your data is ade-quately protected at these companies.
9. Retention periods
We only store personal data for as long as this is necessary to carry out the processing explained in this privacy policy within the scope of our legitimate interest.
In the case of contractual data, storage is required by statutory retention obligations. Requirements that oblige us to retain data arise from the provisions on accounting and from tax law regulations. According to these regulations, business communication, concluded contracts and accounting vouchers must be stored for up to 10 years. As far as we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used if this is necessary to fulfil the retention obligations or to defend and enforce our legal interests. The data will be deleted as soon as there is no longer an obligation to retain the data and no longer a legitimate interest in retaining it.
10. Log file data
When you visit our website, the servers of our hosting provider temporarily store every access in a log file. The following data is collected without your intervention and stored until it is automatically deleted by us:
the IP address of the requesting computer,
the date and time of access,
the name and URL of the retrieved file,
the website, from which the access was made, if applicable with the search word used,
the operating system of your computer and the browser you use (incl. type, version and lan-guage setting),
device type in case of access by mobile phones,
the city or region, from where the access was made,
the name of your Internet access provider.
11. Cookies
We use cookies when you visit our website, as well as applications and tools that are based on the use of cookies. In this context, the data described here may also be processed. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in providing a us-er-friendly and up-to-date website.
Cookies are information files that your web browser stores on your computer’s hard drive or memory when you visit our website. Cookies are assigned identification numbers that identify your browser and allow the information contained in the cookie to be read.
Among other things, cookies help to make your visit to our website easier, more pleasant and more meaningful. We use cookies for various purposes that are necessary, i.e. “technically required”, for your desired use of the website. Most Internet browsers automatically accept cookies. You may also be able to configure your browser such that no cookies are stored on your computer or such that a message always appears when you receive a new cookie. On the following pages you will find explanations of how you can configure the processing of cookies in selected browsers. Deactivating cookies may mean that you cannot use all the functions of our website.
12. Google SiteSearch / Google Custom Search Engine
This website uses the Google SiteSearch/Google Custom Search Engine of Google LLC (1600 Amphi-theatre Parkway, Mountain View, CA 94043, USA). This enables us to provide you with an efficient search function on our website.
When using our search fields, your browser may transmit the log file data described in section 10 (incl. IP address) and the search term you entered to Google if you have installed Java script in your browser. If you would like to prevent the transmission of data, you can deactivate Java Script in your browser set-tings (usually in the “Privacy” menu). Please note that the search function and other functions of the website may be impaired in this case.
The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in providing an efficient website search function.
For further processing of data by Google, please refer to Google’s privacy policy: www.google.com/intl/de_de/policies/privacy.
13. Tracking and web analysis tools
13.1 General information on tracking
For the purpose of demand-oriented design and continuous optimisation of our website, we use the web analysis services listed below. In this context, pseudonymised usage profiles are created and cookies are used (please also note section 11). The information generated by the cookie about your use of this website is usually transmitted to a server of the service provider together with the log file data listed in section 10, where it is stored and processed. This may also involve transmission to servers abroad, e.g. in the USA (cf. on this, in particular on the guarantees taken, section 8).
By processing the data, we obtain the following information, among others:
navigation path followed by a visitor on the site (incl. content viewed and products selected or purchased or services booked),
dwell time on the website or sub-page,
the sub-page, on which the website is left,
the country, region or city, from where access is made,
end device (type, version, colour depth, resolution, width and height of the browser window) and
returning or new visitor.
On our behalf, the provider will use this information to evaluate the use of the website, to compile re-ports on website activities for us and to provide other services related to website and Internet use for the purposes of market research and demand-oriented design of these Internet pages. For these pro-cessing operations, we and the providers may be considered joint data controllers up to a certain extent.
The legal basis for this data processing with the following tools is your consent within the meaning of Art. 6 para. 1 lit. a EU-GDPR. You can revoke your consent or refuse processing at any time by rejecting or deactivating the relevant cookies in your web browser settings (see section 11) or by making use of the service-specific options described below.
For the further processing of the data by the respective provider as the (sole) controller under data pro-tection law, in particular also any forwarding of this information to third parties such as authorities on the basis of national legal regulations, please refer to the respective data protection information of the pro-vider.
13.2 Google Analytics
We use the web analytics service Google Analytics from Google Ireland Limited (Gordon House, 4 Bar-row St, Dublin, D04 E5W5, Ireland) or Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (“Google”).
In doing so, data about the use of the website may be transmitted to the Google LLC. servers in the USA. The IP address is shortened by activating IP anonymisation (“anonymizeIP”) on this website before transmission within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be trans-mitted to a Google server in the USA and shortened there.
Users can prevent the collection of the data generated by the cookie and related to the website use by the user concerned (incl. the IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin under the following link:
http://tools.google.com/dlpage/gaoptout?hl=de. Further information on data protection at Google can be found here.
14. Social media
14.1 Social media profiles
On our website, we have included links to our profiles in the social networks of the following providers:
Meta Platforms Inc, 1601 S California Ave, Palo Alto, CA 94304, USA;
Instagram Inc. 1601 Willow Road, Menlo Park, CA 94025, USA;
When you click on the icons of the social networks, you are automatically redirected to our profile in the respective network. This establishes a direct connection between your browser and the server of the respective social network. This provides the network with the information that you have visited our web-site with your IP address and clicked on the link.
If you click on a link to a network while you are logged into your user account with the network in ques-tion, the content of our website may be linked to your profile so that the network can assign your visit to our website directly to your account. If you want to prevent this, you should log out before clicking on the relevant links. A connection between your access to our website and your user account is made in any case if you log in to the respective network after clicking on the link. The respective provider is the controller under data protection law for the associated data processing. Please therefore note the infor-mation on the network’s website.
The legal basis for any data processing attributed to us is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in the use and promotion of our social media profiles.
14.2 Social Media Plugins
On our website, you can use social plugins from the providers listed below:
Meta Platforms Inc, 1601 S California Ave, Palo Alto, CA 94304, USA, Privacy Policy;
Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA, Privacy Policy;
We use the social plugins to make it easier for you to share content from our website. The social plugins help us to increase the visibility of our content on social networks and thus contribute to better market-ing.
The plugins are deactivated by default on our websites and therefore do not send any data to the social networks when you simply call up our website. To increase data protection, we have integrated the plugins in such a way that a connection is not automatically established with the networks’ servers. Only when you activate the plugins and thus give your consent to the transmission and further processing of data by the providers of the social networks, does your browser establish a direct connection to the servers of the respective social network.
The content of the plugin is transmitted directly to your browser by the social network and integrated into the website by it. This provides the respective provider with the information that your browser has ac-cessed the corresponding page of our website, even if you do not have an account with this social net-work or are not currently logged in to it. This information (including your IP address) is transmitted from your browser directly to a server of the provider (usually in the USA) and stored there. We have no influ-ence on the scope of the data that the provider collects with the plugin, although from a data protection perspective we can be considered as joint controller together with the providers up to a certain extent.
If you are logged in to the social network, it can assign your visit to our website directly to your user ac-count. If you interact with the plugins, the corresponding information is also transmitted directly to a server of the provider and stored there. The information (e.g. that you like a product or service from us) may also be published on the social network and possibly displayed to other users of the social network. The provider of the social network may use this information for the purpose of placing advertisements and designing the respective offer in line with requirements. For this purpose, usage, interest and rela-tionship profiles could be created, e.g. to evaluate your use of our website with regard to the advertise-ments displayed to you on the social network, to inform other users about your activities on our website and to provide other services associated with the use of the social network. The purpose and scope of the data collection and the further processing and use of the data by the providers of the social net-works, as well as your rights in this regard and setting options for protecting your privacy, can be found directly in the privacy policy of the respective provider.
If you do not want the provider of the social network to assign the data collected via our website to your user account, you must log out of the social network before activating the plugins. Your consent within the meaning of Art. 6 para. 1 lit. a EU-GDPR forms the legal basis for the data processing described. You can revoke your consent at any time by declaring your revocation to the provider of the plugin in accordance with the information in their privacy policies.
15. Online advertising and targeting
15.1 General information
We use services from various companies to provide you with interesting offers online. In the process, your user behaviour on our website and websites of other providers is analysed in order to subsequently be able to show you online advertising that is individually tailored to you.
We and our service providers use your data to identify whether you belong to the target group we ad-dress and take this into account when selecting advertisements. The data may be analysed for the pur-pose of billing the service provider as well as to assess the effectiveness of advertising measures in or-der to better understand the needs of our users and customers and to improve future campaigns. This may also include information that the action (e.g. visiting certain sections of our websites or sending in-formation) is due to a particular advertising ad. We also receive aggregated reports from service provid-ers of advertising activity and information about how users interact with our website and ads.
The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a EU-GDPR.
15.2 Google Ads
This website uses the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) for online advertising. Google uses cookies for this purpose, such as the so-called Dou-bleClick cookie, which enable your browser to be recognised when visiting other websites. The infor-mation generated by the cookies about your visit to these websites (including your IP address) will be transmitted to and stored by Google on servers in the United States (please also see section 6). Further information on data protection at Google can be found here.
The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a EU-GDPR. You can revoke your consent at any time by rejecting or switching off the relevant cookies in your web browser settings. You can find further options for blocking advertising here.
16. Booking on the website, by correspondence or by telephone call
When you make bookings or order vouchers either via our website, by correspondence (e-mail or letter post) or by telephone call, we collect the following data, with mandatory data marked with an asterisk (*) in the relevant form:
Salutation
First name
Last name
Street and no.
Post code
Place
Country
Date of birth
E-mail address
Telephone number
Language
Credit card information
We will only use this data and other information voluntarily provided by you (e.g. expected arrival time, motor vehicle number plate, preferences, remarks) to process the contract, unless otherwise stated in this privacy policy or you have separately consented to this. We will process the data by name in order to record your booking as requested, to provide the services booked, to contact you in the event of any ambiguities or problems and to ensure correct payment. Your credit card details will be automatically de-leted after your departure.
The legal basis for data processing for this purpose is the fulfilment of a contract according to Art. 6 pa-ra. 1 lit. b EU-GDPR or your consent according to Art. 6 para. 1 lit. a EU-GDPR. You can revoke your consent at any time with effect for the future.
17. Online payment processing
If you make chargeable bookings on our website, depending on the service and the desired payment method, you may be required to provide additional data, such as your credit card information or the login to your payment service provider. This information, as well as the fact that you have purchased a service from us for the amount and at the time in question, is forwarded to the respective payment service pro-viders (e.g. payment solution providers, credit card issuers and credit card acquirers). In doing so, please always also note the information provided by the respective company, in particular the privacy policy and the General Terms and Conditions. The legal basis for this transfer is the fulfilment of a contract accord-ing to Art. 6 para. 1 lit. b EU-GDPR.
18. Booking and hotel management
If you make bookings via a third-party platform (i.e. via booking.com, Hotel, Escapio, Expedia, Holiday-check, Hotel Tonight, HRS, Kayak, Mr. & Mrs. Smith, Splendia, Tablet Hotels, Tripadvisor, Trivago, Weekend4Two), we receive various personal information from the respective platform operator in con-nection with the booking made. As a rule, this is the information described in para. 19 of this privacy pol-icy. In addition, we may receive enquiries about your booking. We will process this data by name in order to record your booking as requested and to provide the booked services. The legal basis for data pro-cessing for this purpose lies in the implementation of pre-contractual measures and the fulfilment of a contract in accordance with Art. 6 para. 1 lit. b EU-GDPR.
Finally, we may be informed by the platform operators of disputes relating to a booking. In the process, we may also receive data on the booking process, which may include a copy of the booking confirmation as proof of the actual booking completion. We process this data to protect and enforce our claims. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR.
Please also note the information on data protection of the respective booking platform.
We also use Aleno, a service provider of Aleno AG, Neuhofstrasse 9, 6340 Baar, Switzerland (“Aleno”), to facilitate our booking processes. In this process, personal data from you is transmitted to Aleno, such as your name, contact details and booking information. This data is stored and processed on Aleno servers in Switzerland. Aleno is a data protection compliant company and meets the data protection law requirements. We have also concluded an order processing agreement with Aleno, in which Aleno un-dertakes to process the data of our booking processes only in accordance with our instructions and in compliance with data protection regulations.
We use Protel Air, a service provider of Protel Hotelsoftware GmbH, Europadamm 2-6, 41460 Neuss, Germany (“Protel Air”), to operate our hotel management software. This involves processing your per-sonal data, such as your name, address, contact details, bookings, payment information, specific re-quests and requirements. This data is stored and processed on Protel Air servers in Germany and other EU countries as appropriate. Protel Air is a data protection compliant company and meets the data pro-tection law requirements. We have also concluded an order processing agreement with Protel Air, in which Protel Air undertakes to process the data of our booking processes only in accordance with our instructions and in compliance with data protection regulations.
19. Data processing for the fulfilment of legal reporting obligations
On arrival at our hotel, we may require the following information from you and your companions:
first and last name
postal address and canton
date of birth
nationality
official identification card and number
arrival and departure day
We collect this information in order to comply with legal reporting obligations, which arise in particular from the hospitality industry or police law. Insofar as we are obliged to do so under the applicable regu-lations, we forward this information to the competent police authority.
The processing of this data is based on a legal obligation within the meaning of Art. 6 para. 1 lit. c EU-GDPR.
20. Recording of purchased services
If you purchase additional services as part of your stay, we will record the subject of the service and the time of the purchase of service for billing purposes. The processing of this data is necessary within the meaning of Art. 6 para. 1 lit. b EU-GDPR for the processing of the contract with us.
21. Guest feedback
If you have given us your e-mail address in connection with your booking, you will receive an electronic form after departure. For this purpose, we collect the following data, whereby mandatory data is marked with an asterisk (*) in the corresponding form:
first and last name
age
nationality
length of stay
The information provided is voluntary and serves us to continuously improve our offer and our services and to adapt them to your needs. We will use the information provided to us exclusively for statistical purposes, unless otherwise stated in this privacy policy or you have given your separate consent. We will process the data by name in order to contact you in the event of any ambiguities.
For the aforementioned purposes, the legal basis of the processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR.
22. Payment processing
When you purchase products or services or pay for your stay in our hotel using electronic means of payment, the processing of personal data is required. By using the payment terminals, you transmit the information stored in your means of payment, such as the name of the cardholder and the card number, to the payment service providers involved (e.g. providers of payment solutions, credit card issuers and credit card acquirers). They also receive the information that the payment method was used in our hotel, the amount and the time of the transaction. Conversely, we only receive the credit note for the amount of the payment made at the relevant time, which we can assign to the relevant receipt number, or infor-mation that the transaction was not possible or was cancelled. In this regard, please always also note the information provided by the respective company, in particular the privacy policy and the General Terms and Conditions. The legal basis for this transmission is the fulfilment of the contract with you ac-cording to Art. 6 para.1 lit. b EU-GDPR.