data protection policy
1. Information regarding the collection of personal data
(1) The following text provides information regarding the collection of personal data when our website is used. Personal data is data that relates to you personally, such as your name, address, email addresses and user behavior.
(2) The controller in accordance with Art. 4(7) of the EU General Data Protection Regulation (GDPR) is
Mövenpick Schweiz AG
Phone: +41 52 355 55 00
(3) Our data protection officers can be contacted via our postal address, care of the ‘Data protection officers’, or via the email address: firstname.lastname@example.org.
2. Data subject rights
(1) You have the following rights with regard to personal data concerning you:
- Right of access (Art. 15 GDPR),
- Right to rectification or erasure (Art. 16 and 17 GDPR),
- Right to restriction of processing (Art. 18 GDPR),
- Right to object to processing (Art. 21 GDPR),
- Right to data portability (Art. 20 GDPR).
(2) Furthermore, you have the right to make a complaint to a data protection supervisory authority regarding our processing of your personal data.
3. Collection of personal data when visiting our website
(1) When our website is solely used for informational purposes (i.e. if you do not register on it or otherwise submit information to us), we only collect the personal data that your browser transmits to our servers. When you wish to view our website, we collect the following data, which is required for technical reasons in order to display our website and guarantee stability and security (the legal basis for this is Art. 6(1)(f) GDPR):
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Volume of data transmitted
- Website from which the request originated
- Operating system and its interface
- Language and version of the browser software.
(2) In addition to the above data, cookies will also be stored on your computer when you use our website. Cookies are small text files stored on your hard drive and assigned to the browser you are using, enabling certain information to be collected by the site that sets the cookie (in this case, us). Cookies cannot execute programs or transmit viruses to your computer. They are used to make the overall online offering more user-friendly and effective.
a) This website uses the following kinds of cookies. Their scope and functioning are explained below:
- Transient cookies (see b)
- Persistent cookies (see c)
- Third-party cookies (see d).
b) Transient cookies are automatically deleted when you close your browser. Transient cookies include session cookies, in particular. They store a session ID, which enables the various requests made by your browser to be assigned to the session as a whole, making it possible for your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close your browser.
c) Persistent cookies are automatically deleted after a set period of time, which may differ depending on the cookie in question. You can delete cookies at any time in your browser’s security settings.
d) Third-party cookies are offered by third-party providers who are not the controller of the website. They are used as identification for reach measurements or marketing purposes.
e) You can configure your browser settings as desired and reject third-party cookies or all cookies, for example. Please note that you may then be unable to use some of the features of our website.
4. Additional functions and offerings on our website
(1) In addition to purely using our website for informational purposes, we also offer various services that you can use if you are interested in doing so. To make use of these services, you are generally required to provide additional personal data. We use this data to render the service in question; the above principles of data processing apply.
(2) We sometimes make use of external service providers to process your data. These providers have been carefully selected and commissioned by us, they are obliged to follow our instructions and are subject to regular checks.
(3) Furthermore, we use technical and organizational security measures to protect personal data that is produced or collected. In particular, these measures protect against accidental or deliberate manipulation, loss, destruction or access by unauthorized individuals. Improvements are made to our security measures on an ongoing basis in line with technical developments.
(4) We permit some of our partners to place a logo and a link on our website if we believe that these companies could be of interest to you. In these instances, third parties may receive your IP address and other data from your browser if your browser retrieves the content originating from the third party and shows it to you. This could involve the data listed under section 3(1).
(5) In addition, we may transmit your personal data to third parties if we offer promotions, competitions, contract completions or similar services in conjunction with partners. You will receive more information about this when you provide your personal data or at the bottom of the description of the offer.
(6) If our service providers or partners are headquartered in a country outside the European Economic Area (EEA), we will inform you about the consequences of this situation in the description of the offer.
5. Objection to or revocation of permission to process your data
(1) If you have agreed to your data being processed, you may revoke this consent at any time. Such revocation affects whether it is permissible to process your personal data, once you have given us notice of revocation.
(2) If we process your personal data based on the balance of interests, you may object to the processing. In particular, this is the case if it is not necessary to process the data to fulfill a contract with you, as depicted by us in the description of functions below. When exercising this right of objection, please provide the reasons why we should not process your personal data as we would otherwise. If we receive a justified objection from you, we will examine the facts of the matter and either cease to process the data or adapt how we process it. Alternatively, we will disclose to you the reasons why we need to continue processing this data.
(3) Of course, you can object to your personal data being processed for advertising purposes and for data analysis at any time. You can inform us of your objection to this advertising-related use by contacting us at the following address: email@example.com.
6. SSL/TLS encryption
(1) We use SSL/TLS encryption on our website for security reasons and to protect the transmission of confidential content. This enables inquiries to be securely transmitted via the contact form and orders to be securely transmitted via the website. You can tell if SSL/TLS encryption is in place through the ‘https://’ prefix in your internet browser’s address bar and the closed padlock symbol depicted next to this.
(2) If SSL/TLS encryption is active, data can be transmitted to us via the website without third parties being able to read this data.
7. Email contact and use of the contact form
(1) You can use our contact form, email address, telephone number or the social networks listed to contact us and to share your inquiries, reservations, requests and feedback with us. This involves personal data, such as your name, email address or telephone number, being processed. We will process the data provided by the user in this regard solely for the purpose of contacting the user and handling the associated inquiry.
(2) The legal basis for the processing of this data is our legitimate interest in making contact and handling your inquiry, pursuant to Art. 6(1)(f) GDPR.
(3) If an inquiry submitted via the contact form or via email leads to a contract being concluded, the data provided must be processed for the contract to be fulfilled. The legal basis for this is Art. 6(1)(b) GDPR.
(4) The data provided will be processed until it is no longer needed for the objective to be achieved. The achievement of the objective shall cease to apply when the user’s inquiry has been conclusively resolved and the contact has thereby come to an end.
(5) The user may object to data processing at any time. In this case, the data provided for the purpose of making contact shall be deleted and no longer be used. Notice of objection is to be sent to the following email address: firstname.lastname@example.org.
8. Newsletter registration
(1) On our website, we offer a newsletter that provides you with information on our products and services, as well as about various offers. Personal data is collected when you subscribe to the newsletter. We need your email address so that we can send you the newsletter, but all other information is provided on a voluntary basis and is only used to personalize the newsletter.
(2) The legal basis for the processing of data for newspaper registration is your consent, pursuant to Art. 6(1)(a) GDPR.
(3) We only save the data you provide once you have submitted this data to us with your effective consent. We use a double opt-in process to seek your consent in a legally effective manner. As part of this process, we send an email to the email address you provided containing a confirmation link. Once you provide your confirmation using this link, you will have successfully subscribed to the newsletter. If you do not confirm via this link within 24 hours, it will expire. When you provide your confirmation, we will save your email address, IP address and the time of your subscription. We use this data as proof of subscription and to detect any misuse of your personal data.
(4) You can revoke the consent you provide regarding the newsletter at any time. You can address this revocation to email@example.com or click on the unsubscribe link in one of the newsletters you receive from us. If you revoke your consent or unsubscribe from the newsletter, you will not receive newsletters in the future and we will delete the data you provided in connection with this.
(5) We use performance measurement for our newsletter. The newsletter contains a single-pixel file known as a ‘web beacon’. When the newsletter is opened, the web beacon is retrieved by our server or, if we are using a dispatch service, by their server. This retrieval initially records technical information, such as details of your browser and system, as well as your IP address and the time of retrieval. This information is used to make technical improvements to the service with the aid of the technical data, or the target groups and their reading behavior with the aid of retrieval locations (determined by reference to the IP address) or access times. This statistical information also includes confirmation of whether the newsletter was opened, when it was opened and which links were clicked on. For technical reasons, this information may be associated with individual newsletter recipients. However, neither we nor the dispatch service aim to use it to monitor individual users. The legal basis for the processing of this data is Art. 6(1)(f) GDPR (balancing of interests) in conjunction with our interest in recognizing our users’ reading habits and tailoring our content to them, or sending different content depending on our users’ interests.
If you do not wish to be included in this performance measurement, you can object to it by unsubscribing from the newsletter. To do this, you can click the link included in every newsletter, or send your objection to firstname.lastname@example.org. If you do so, you will not receive any more newsletters in the future.
9. Bookatable reservation system
(1) On our website, we use the Bookatable function provided by Livebookings Holdings Limited, 5th Floor, Elizabeth House, 39 York Road, London, SE1 7NQ. This enables visitors to our website to reserve a table at our establishment.
(2) The legal basis for the use of Bookatable is the simplification of reservations and optimization of our commercial enterprise. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
(3) As part of this, two types of data are stored about users. Firstly, data that you transmit to the third-party provider in the course of your reservation request for one of our restaurants that can be used to identify the user personally (e.g. name, email address and contact details). Secondly, data that is of significance for the use of partner websites (e.g. duration of visit, geographical data).
(1) We use TripAdvisor on our website. TripAdvisor is a product provided by TripAdvisor LLC, 160 Greentree Drive, Suite 101, Dover, Delaware, 19904, USA. It gives visitors to our website the opportunity to leave reviews about our service, which we can use to improve and refine our service. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
(2) The service is not directly incorporated into our website. Instead, it takes the form of a link to TripAdvisor’s website. User information is only transmitted to TripAdvisor once the link is activated (by clicking on the link or the corresponding icon).
(1) We use Lieferando on our website. Lieferando is a product provided by Takeaway.com N.V., Oosterdoksstraat 80, 1011 DK Amsterdam, Netherlands. This enables visitors to the website to place orders online and have the order delivered to their home or office. We use this product to enhance our service range. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
(2) The service is not directly incorporated into our website. Instead, it takes the form of a link to Lieferando’s website. User information is only transmitted to Lieferando once the link is activated (by clicking on the link).
12. Data protection for applications and during the application process
(1) We collect and process personal data from applicants who send their data to us via email, an appropriate contact form, an applicant portal or by post. This data includes their name, address, contact details, qualifications and other documentation. The data provided is processed by us for the purposes of handling the application process. The legal basis for this is Art. 88(1) GDPR in conjunction with section 26(1) of the new German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).
(2) If the application process has a positive outcome and ends in an employment contract being concluded with the applicant, the data will be processed further for the purposes of handling the employment relationship, in accordance with Art. 88(1) GDPR in conjunction with section 26(1) BDSG (new).
(3) If the application process ends without an employment contract being concluded with the applicant, then the data provided by the applicant will be deleted six months after the decision has been communicated, at the latest. This is due to our other legitimate interests, e.g. to document proof and evidence obligations for potential proceedings under the German General Equal Treatment Act.
(4) If the applicant wishes to remain within the application process to be considered for other potential roles at the company, despite having received a rejection, we will seek the appropriate consent from the applicant for the further processing of their data. The data provided by the applicant will be deleted after two years from the date on which consent was granted, unless the applicant revokes their consent at an earlier point in time. The same shall apply to speculative applications.
(5) Notice of revocation is to be sent to the following email address: email@example.com.
13. Use of Google Analytics
(1) We use Google Analytics on our website. Google Analytics is a tracking tool provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. Further information can be found here:
(2) Google Analytics stores cookies on your computer, which can be used to analyze the use of our website. The data stored may include the user’s IP address, the website retrieved, the website from which the user reached our website, the sub-pages retrieved from the site retrieved, the duration of the visit and the frequency of retrieval our website. The information generated by the cookie is generally transmitted to a Google server in the USA and stored there. If IP anonymization is activated on our website, your IP address will be truncated by Google within the member states of the European Union or in another state party to the Agreement on the European Economic Area. Only in exceptional circumstances will the full IP address be transmitted to a Google server in the USA and truncated there. The data is used to compile information about the use of the website and create reports, as well as to improve our offering and make the website more interesting to our users.
(3) We use Google Analytics on our website with the ‘_anonymizeIp()’ extension. This truncates your IP address so that it cannot be connected to you personally.
(4) The IP address transmitted by your browser as part of the Google Analytics service is not combined with other data held by Google.
(5) In the exceptional cases when personal data is transmitted to the USA, Google is subject to the EU-US Privacy Shield.
(6) The legal basis for the processing of data using Google Analytics is our specific interest in analyzing and better designing our online presence, pursuant to Art. 6(1)(f) GDPR.
(7) If you wish to prevent cookies from being set and stored, you can adjust your browser’s settings accordingly. However, please note that you may then be unable to make full use of some of the functions of our website. In addition, you can prevent Google Analytics from setting a cookie for processing your data by downloading and installing the following browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=en.
As an alternative to the browser plug-in, you can click ‘this link’ to prevent Google Analytics from collecting your data regarding this website in the future. This will place an opt-out cookie on your end device, which prevents tracking from taking place. If you delete your cookies, you must click the link again.
14. Use of Google ReCaptcha
(1) On our website, we use the Google ReCaptcha function, provided by Google LLC, to prevent the content we offer from being misused. This system helps us to identify whether a user is a human or an internet bot.
(2) For the Google ReCaptcha function to be used, an IP address must be saved, and other data about the visitor to the website may potentially be saved, as well. This information is usually transmitted to a Google server in the USA and stored there. We have no influence over the transmission of data.
(3) Google ReCaptcha is used in the interest of preventing misuse of the offering provided on our website by automated or machine-based processing. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
15. Social media applications
(1) On our website, we use links to social networks such as Facebook, Instagram, Xing and LinkedIn. We use these applications to make it easier to disseminate our offering and content and to present them to a wider audience. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
(2) These services are not directly incorporated into our website. Instead, they take the form of a link to the website of the social network in question. User information is only transmitted to the service of the social network in question once the link is activated (by clicking on the link or the corresponding icon).
(3) You can find more information about the handling of user data in the privacy policies of the social networks in question:
- Privacy policies Facebook
- Privacy policies Instagram
- Privacy policies Xing
- Privacy policies LinkedIn
16. Integration of YouTube videos
(1) We have integrated YouTube videos into our website. These videos are stored on YouTube’s platform, where they can be viewed. YouTube is a platform offered by Google LLC. The videos are integrated into our website in privacy-enhanced mode, meaning that personal data about you as a user is not automatically transmitted to YouTube. The data listed under paragraph 2 is only transmitted if you actually play the videos. We cannot influence the portability of data.
(2) When you visit our website, YouTube receives information that you have retrieved the corresponding sub-page, along with the data listed under section 3. This happens regardless of whether you have a YouTube account or not. If you have a YouTube account and are logged in via your Google account when you visit our website, this data will be assigned directly to your account. If you do not want this data to be associated with your account, you must log out before clicking on the button. YouTube uses this data to create usage profiles, and also uses it for advertising purposes, market research or, if necessary, designing its websites to meet demand. You can object to the creation of usage profiles of this kind. However, you must address this objection to YouTube directly.
(4) YouTube, or Google, stores and processes your personal data in the USA, which is why it has committed to complying with the EU-US Privacy Shield.
17. Integration of Vimeo videos
(1) We have integrated videos from the Vimeo platform into our website. Vimeo is a platform provided by Vimeo Inc, Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. We use Vimeo to make our online presence and services more attractive. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
(2) A link to Vimeo’s servers is created when you visit one of our pages with a Vimeo plug-in. This will inform Vimeo’s servers which of our pages you visited.
18. Integration of Google Maps
(1) We use Google Maps on our website. Google Maps is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA. This service enables us to show interactive maps, permitting users to use the map function with ease.
(2) When you visit our website, Google receives information that you have retrieved the corresponding sub-page, and is also provided with the data listed under section 3. This happens regardless of whether you have a Google account or not. If you have a Google account and are logged in when you visit our website, this data will be assigned directly to your Google account. If you do not want this data to be associated with your account, you must log out before clicking on the button. Google uses this data to create usage profiles, and also uses it for advertising purposes, market research or, if necessary, designing its websites to meet demand. You can object to the creation of usage profiles of this kind. However, you must address this objection to Google directly.
(4) Google stores and processes your personal data in the USA, which is why it has committed to complying with the EU-US Privacy Shield.