DATA PROTECTION POLICY

A. Data processing in connection with our website

1. access to our website
When you visit our website, our servers temporarily save each access in a log file. The following technical data is collected and stored without your intervention, as is generally the case with any connection to a web server:

- the IP address of the requesting computer,
- the name of the owner of the IP address range (usually your Internet access provider),
- the date and time of the access,
- the website from which the access was made (referrer URL), if applicable with the search word used,
- the name and URL of the file accessed,
- the status code (e.g. error message),
- the operating system of your computer
- the browser you use (type, version and language),
- the transmission protocol used (e.g. HTTP/1.1) and
- Your username from a registration/authentication.

The collection and processing of this data is carried out for the purpose of enabling the use of our website (connection establishment), to permanently guarantee system security and stability and to enable the optimisation of our internet offer as well as for internal statistical purposes. This is our legitimate interest in data processing within the meaning of Art. 6 Para. 1 lit. f DSGVO. Furthermore, the IP address is evaluated together with the other data in the event of attacks on the network infrastructure or other unauthorised or abusive website use for the purpose of clarification and defence and, if necessary, used in the context of criminal proceedings for identification and for civil and criminal proceedings against the users concerned. This is our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f DSGVO.

2. use of our contact form according to data protection at Hotel NI-MO
You have the option of using a contact form to get in touch with us. For this purpose, we require the following mandatory information:
- First and last name
- e-mail address
- Mobile phone number
- Message

We only use this data to be able to answer your contact request in the best possible and personalized way. The processing of this data is therefore necessary within the meaning of Art. 6 para. 1 lit. b DSGVO for the implementation of pre-contractual measures or is in our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO.

3. booking on the website, by correspondence or by telephone call
If you make bookings either via our website, by electronic correspondence (e-mail) or by telephone call,
we require the following data for the processing of the contract:
- First and last name
- mobile phone number
- e-mail address
- credit card information
We will only use this data and any other information you provide voluntarily (e.g. expected arrival time, motor vehicle registration plate, preferences, comments) to process the contract, unless otherwise stated in this data protection declaration or you have given your separate consent. We will process the data by name in order to record your booking as requested, to provide the booked services, to contact you in the event of any uncertainties or problems and to ensure correct payment.
The legal basis of data processing for this purpose is the fulfilment of a contract according to Art. 6 para. 1 lit. b DSGVO.

Cookies
Cookies help in many ways to make your visit to our website easier, more enjoyable and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our website.
For example, we use cookies to temporarily store your selected services and entries when you fill out a form on the website so that you do not have to repeat the entry when you call up another sub-page. Cookies may also be used to identify you as a registered user after you have registered on the website, without you having to log in again when you call up another sub-page.
Most internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears when you receive a new cookie. On the following pages you will find explanations of how you can configure the processing of cookies in the most common browsers:
- Microsoft Windows Internet Explorer
- Microsoft Windows Internet Explorer Mobile
- Mozilla Firefox
- Google Chrome for Desktop
- Google Chrome for Mobile
- Apple Safari for Desktop
- Apple Safari for Mobile

Disabling cookies may prevent you from using all the features of our website.

4. tracking tools
a. General
For the purpose of demand-oriented design and continuous optimisation of our website, we use the web analysis service of Google Analytics. In this context, pseudonymised usage profiles are created and small text files stored on your computer ("cookies") are used. The information generated by the cookie about your use of this website is transmitted to the servers of the providers of these services, stored there and processed for us. In addition to the data listed under point 1, we may receive the following information as a result:
- Navigation path taken by a visitor on the site,
- the time spent on the website or sub-page,
- the sub-page on which the website is left,
- the country, region or city from which the site is accessed,
- End device (type, version, colour depth, resolution, width and height of the browser window) and
- Returning or new visitors.
The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet use for the purposes of market research and to tailor this website to your needs. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.

b. Google Analytics - The provider of Google Analytics is Google Inc, a company of the holding company Alphabet Inc, based in the USA.
Before the data is transmitted to the provider, the IP address is shortened by activating IP anonymisation ("anonymizeIP") on this website within the member states of the European Union or in other contracting states to the Agreement on the European Economic Area. The anonymised IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In these cases, we ensure through contractual guarantees that Google Inc. maintains a sufficient level of data protection.
According to Google Inc., in no case will the IP address be associated with other data relating to the user. For more information about the web analytics service used, please visit the Google Analytics website. Instructions on how to prevent the processing of your data by the web analysis service can be found at http://tools.google.com/dlpage/gaoptout?hl=de.

B. Data processing in connection with your stay

5. data processing for the fulfilment of legal reporting obligations
Upon arrival at our hotel, we may require the following information from you and your companions:
- First name and surname
- Date of birth
- nationality
- e-mail address
- mobile phone number
- official identification card and number
- car registration number, if applicable
We collect this information in order to comply with legal reporting obligations, which arise in particular from hospitality or police law. Insofar as we are obliged to do so under the applicable regulations, we forward this information to the competent police authority. Our legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO lies in the fulfilment of the legal requirements.

C. Storage and exchange of data with third parties

6 Booking platforms
If you make bookings via a third-party platform, we receive various personal information from the respective platform operator. As a rule, this is the data listed in section 5 of these data protection declarations. In addition, we may receive enquiries about your booking. We will process this data by name in order to record your booking as requested and to provide the booked services. The legal basis of data processing for this purpose is the fulfilment of a contract according to Art. 6 para. 1 lit. b DSGVO.
Finally, we may be informed by the platform operators about disputes in connection with a booking. In the process, we may also receive data on the booking process, which may include a copy of the booking confirmation as proof of the actual booking completion. We process this data to protect and enforce our claims. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Please also note the information on data protection of the respective provider.

7. central storage and linking of data
We store the data specified in sections 2-5 and 8-10 in a central electronic data processing system. The data relating to you is systematically recorded and linked for the purpose of processing your bookings and handling the contractual services. For this purpose we use the Protel software of rebag data AG, hotel management solutions, Einsiedlerstrasse 533, CHF-8810 Horgen. We base the processing of this data within the framework of the software on our legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO in customer-friendly and efficient customer data management.

8. retention period
We only store personal data for as long as is necessary to use the above tracking services as well as further processing within the scope of our legitimate interest. We retain contractual data for longer as this is required by legal retention obligations.
Retention obligations that oblige us to retain data result from regulations on registration law, on accounting and from tax law. According to these regulations, business communication, concluded contracts and accounting vouchers must be kept for up to 10 years. As far as we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.

9. disclosure of data to third parties
We only pass on your personal data if you have expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. In addition, we pass on your data to third parties insofar as this is necessary in the context of the use of the website and the processing of contracts (also outside the website), namely the processing of your bookings. One service provider to whom the personal data collected via the website is passed on or who has or may have access to it is our web host cyon GmbH, Brunngässlein 12, CH-4052 Basel. The website is hosted on servers in Switzerland.

The data is passed on for the purpose of providing and maintaining the functionalities of our website. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Finally, we forward your credit card information to your credit card issuer and to the credit card acquirer when you pay by credit card on the website. If you decide to pay by credit card, you will be asked to enter all mandatory information. The legal basis for passing on the data is the fulfilment of a contract in accordance with Art. 6 Para. 1 lit. b DSGVO. Regarding the processing of your credit card information by these third parties, we ask you to also read the General Terms and Conditions as well as the privacy policy of your credit card issuer. Please also note the information in sections 7-8 and 10-11 regarding the transfer of data to third parties.

10. transfer of personal data abroad
We are also entitled to transfer your personal data to third party companies (contracted service providers) abroad for the purpose of the data processing described in this privacy policy. These are obligated to data protection to the same extent as we ourselves. If the level of data protection in a country does not correspond to that in Switzerland or the EU, we will ensure by contract that the protection of your personal data corresponds to that in Switzerland or the EU at all times.

D. Further information on data protection at Hotel NI-MO

11. right to information, correction, deletion and restriction of processing; right to data portability
You have the right to obtain information about the personal data that we store about you upon request. In addition, you have the right to have incorrect data corrected and the right to have your personal data deleted, insofar as this does not conflict with a legal obligation to retain the data or an authorisation that allows us to process the data. You also have the right to demand that we return the data you have given us (right to data portability). On request, we will also pass the data on to a third party of your choice. You have the right to receive the data in a common file format. You can contact us for the aforementioned purposes via the e-mail address welcome@hotel-nimo.ch. For the processing of your applications, we may, at our discretion, request proof of identity.

12. data security
We use appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments. You should always treat your access data confidentially and close the browser window when you have finished communicating with us, especially if you share the computer with others. We also take internal company data protection very seriously. Our employees and the service companies we commission have been obliged by us to maintain confidentiality and to comply with the provisions of data protection law.

13. note on data transfers to the USA
For the sake of completeness, we would like to point out for users resident or domiciled in Switzerland that there are surveillance measures in place in the USA by US authorities which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without any differentiation, restriction or exception based on the objective pursued and without any criterion that makes it possible to limit the access of the US authorities to the data and their subsequent use to very specific, strictly limited purposes that are capable of justifying the intrusion associated both with access to these data and with their use. Furthermore, we would like to point out that in the USA, there are no legal remedies available to data subjects from Switzerland that would allow them to gain access to the data concerning them and to obtain their correction or deletion, or that there is no effective judicial legal protection against general access rights of US authorities. We explicitly draw the attention of the data subject to this legal and factual situation in order to make an appropriately informed decision to consent to the use of his or her data.

We would like to point out to users residing in a member state of the EU that the USA does not have a sufficient level of data protection from the perspective of the European Union - among other things due to the issues mentioned in this section. Insofar as we have explained in this privacy statement that recipients of data (such as Google) are based in the USA, we will ensure either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU or Swiss-US Privacy Shield that your data is protected with our partners with an appropriate level.

14. Right to complain to a data protection supervisory authority
You have the right to complain to a data protection supervisory authority at any time.

Zurich, 1 September 2023