Privacy policy
With this Privacy Policy, we inform you about the personal data we process in connection with our activities and operations, including our hotel-central-luzern.com website. We specifically inform about the purposes, methods, and locations of how we process personal data. We also inform about the rights of individuals whose data we process.
For individual or additional activities and operations, further privacy policies and other legal documents such as General Terms and Conditions (GTC), Terms of Use, or participation conditions may apply.
We are subject to Swiss data protection law and any applicable foreign data protection law, in particular that of the European Union (EU) with the General Data Protection Regulation (GDPR). The European Commission recognizes that Swiss data protection law ensures adequate data protection.
1. Contact Addresses
Responsibility for processing personal data:
Hotel Central Luzern
Morgartenstrasse 4
6003 Luzern
In individual cases, there may be other responsible parties for the processing of personal data or joint responsibility with at least one other responsible party.
Data Protection Officer or Data Protection Advisor
We have the following data protection officer or data protection advisor as a contact point for affected persons and authorities for inquiries related to data protection:
Stefan Odermatt
Morgartenstrasse 4
6003 Luzern
stefan.odermatt@hotel-central-luzern.com
2. Terms and Legal Bases
2.1 Terms
Personal data are all information relating to an identified or identifiable natural person. An affected person is a person whose personal data we process.
Processing includes any handling of personal data, regardless of the means and procedures used, such as querying, matching, adjusting, archiving, storing, reading, disclosing, acquiring, collecting, deleting, disclosing, ordering, organizing, storing, modifying, distributing, linking, destroying, and using personal data.
The European Economic Area (EEA) includes the Member States of the European Union (EU) as well as the Principality of Liechtenstein, Iceland, and Norway. The General Data Protection Regulation (GDPR) refers to the processing of personal data as the processing of personal data.
2.2 Legal Bases
We process personal data in accordance with Swiss data protection law, in particular the Federal Act on Data Protection (Data Protection Act, DPA) and the Ordinance on Data Protection (Data Protection Ordinance, DPO).
To the extent the General Data Protection Regulation (GDPR) is applicable, we process personal data according to at least one of the following legal bases:
- Art. 6 para. 1 lit. b GDPR for the necessary processing of personal data for the performance of a contract with the affected person as well as for the implementation of pre-contractual measures.
- Art. 6 para. 1 lit. f GDPR for the necessary processing of personal data to protect the legitimate interests of us or third parties, unless the fundamental freedoms and rights as well as interests of the affected person prevail. Legitimate interests are in particular our interest to carry out our activities and operations permanently, user-friendly, securely, and reliably, and to communicate about it, ensuring information security, protection against misuse, enforcement of our own legal claims, and compliance with Swiss law.
- Art. 6 para. 1 lit. c GDPR for the necessary processing of personal data to fulfill a legal obligation to which we are subject according to any applicable law of member states in the European Economic Area (EEA).
- Art. 6 para. 1 lit. e GDPR for the necessary processing of personal data for the performance of a task carried out in the public interest.
- Art. 6 para. 1 lit. a GDPR for the processing of personal data with the consent of the affected person.
- Art. 6 para. 1 lit. d GDPR for the necessary processing of personal data to protect the vital interests of the affected person or another natural person.
3. Type, Scope, and Purpose
We process those personal data that are necessary to be able to carry out our activities and operations permanently, user-friendly, securely, and reliably. Such personal data can fall into categories of inventory and contact data, browser and device data, content data, meta or marginal data, and usage data, location data, sales data, as well as contract and payment data.
We process personal data for the duration necessary for the respective purpose or purposes or as required by law. Personal data whose processing is no longer necessary are anonymized or deleted.
We may have personal data processed by third parties. We may process personal data jointly with third parties or transmit them to third parties. Such third parties are in particular specialized providers whose services we use. We also ensure data protection with such third parties.
We process personal data principally only with the consent of the affected persons. If processing for other legal reasons is permissible, we may dispense with obtaining consent. For example, we may process personal data without consent to fulfill a contract, comply with legal obligations, or protect overriding interests.
We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect in the course of carrying out our activities and operations, provided such processing is permissible for legal reasons.
4. Communication
We process personal data to communicate with third parties. In this context, we particularly process data transmitted by an affected person when making contact, for example, by postal mail or email. We may store such data in an address book or with similar tools.
Third parties transmitting data about other persons are obliged to ensure data protection towards such affected persons. This includes, among other things, ensuring the accuracy of the transmitted personal data.
We use selected services from suitable providers to better communicate with third parties.
5. Applications
We process personal data about applicants to the extent necessary for assessing their suitability for an employment relationship or for the subsequent implementation of an employment contract. The required personal data result in particular from the information requested, for example, as part of a job advertisement. We may publish job advertisements with the help of suitable third parties, for example, in electronic and printed media or on job portals and job platforms.
We also process those personal data that applicants voluntarily provide or publish, in particular as part of cover letters, resumes, and other application documents, as well as online profiles.
To the extent the General Data Protection Regulation (GDPR) is applicable, we process personal data about applicants in particular according to Art. 9 para. 2 lit. b GDPR.
6. Data Security
We take appropriate technical and organizational measures to ensure data security appropriate to the respective risk. With our measures, we ensure in particular the confidentiality, availability, traceability, and integrity of the processed personal data, though without being able to guarantee absolute data security.
Access to our website and our other online presence is secured by transport encryption (SSL / TLS, in particular with Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers indicate transport encryption with a small padlock in the address bar.
Our digital communication is subject to – as is basically any digital communication – mass surveillance without cause and suspicion by security authorities in Switzerland, the rest of Europe, the United States of America (USA), and other countries. We cannot directly influence the corresponding processing of personal data by intelligence services, police authorities, and other security agencies. We cannot exclude targeted surveillance of individual affected persons.
7. Personal Data Abroad
We process personal data principally in Switzerland and in the European Economic Area (EEA). However, we may also export or transmit personal data to other countries, in particular, to process them there or have them processed.
We can export personal data to all states and territories on Earth and elsewhere in the universe, provided that the local law according to the decision of the Swiss Federal Council ensures adequate data protection and – to the extent the General Data Protection Regulation (GDPR) is applicable – according to the decision of the European Commission ensures adequate data protection.
We can transmit personal data to countries whose law does not guarantee adequate data protection, provided data protection is ensured for other reasons, in particular based on standard data protection clauses or with other appropriate guarantees. Exceptionally, we can export personal data to countries without adequate or appropriate data protection if specific data protection legal requirements are met, for example, the explicit consent of the affected persons or a direct connection with the conclusion or execution of a contract. We are happy to provide affected persons with information about any guarantees upon request or deliver a copy of any guarantees.
8. Rights of Affected Persons
8.1 Data Protection Legal Claims
We grant affected persons all claims according to the applicable data protection law. In particular, affected persons have the following rights:
- Information: Affected persons can request information on whether we process personal data about them, and if so, which personal data. Furthermore, affected persons receive additional information necessary to assert their data protection legal claims and ensure transparency. This includes the processed personal data as such, but also information on the purpose of processing, the duration of storage, any disclosure or export of data to other countries, and the origin of the personal data.
- Correction and Restriction: Affected persons can correct incorrect personal data, complete incomplete data, and restrict the processing of their data.
- Deletion and Objection: Affected persons can have personal data deleted ("right to be forgotten") and object to the processing of their data with effect for the future.
- Data Release and Data Transfer: Affected persons can request the release of personal data or the transfer of their data to another controller.
We may postpone, restrict, or refuse the exercise of rights of affected persons within the legally permissible framework. We may point out to affected persons any conditions that must be met for exercising their data protection legal claims. For example, we may partially or completely refuse to provide information with reference to trade secrets or the protection of other persons. Similarly, we may also partially or completely refuse the deletion of personal data with reference to statutory retention obligations.
We may exceptionally provide for costs for exercising rights. We will inform affected persons in advance about any costs.
We are obliged to identify affected persons who request information or assert other rights with appropriate measures. Affected persons are required to cooperate.
8.2 Legal Protection
Affected persons have the right to enforce their data protection legal claims through legal proceedings or to file a complaint or report with a competent data protection supervisory authority.
The data protection supervisory authority for complaints from affected persons against private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
European data protection supervisory authorities for complaints from affected persons – to the extent the General Data Protection Regulation (GDPR) is applicable – are organized as members of the European Data Protection Board (EDPB). In some member states in the European Economic Area (EEA), the data protection supervisory authorities are federally structured, especially in Germany.
9. Website Use
9.1 Cookies
We may use cookies. Cookies – both our own cookies (First-Party Cookies) and cookies from third parties whose services we use (Third-Party Cookies) – are data stored in the browser. Such stored data need not be limited to traditional cookies in text form.
Cookies can be stored in the browser temporarily as "Session Cookies" or for a certain period as so-called permanent cookies. "Session Cookies" are automatically deleted when the browser is closed. Permanent cookies have a specific storage duration. Cookies enable, in particular, a browser to be recognized on the next visit to our website, thereby measuring, for example, the reach of our website. Permanent cookies can also be used for online marketing, for instance.
Cookies can be disabled and deleted in the browser settings at any time, in whole or in part. Without cookies, our website may not be fully available. We request – at least to the extent necessary – the explicit consent for the use of cookies.
For cookies used for success and reach measurement or for advertising, a general objection ("Opt-out") is possible for numerous services through the AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
9.2 Logging
We may log at least the following information for each access to our website and our other online presence, provided such information is transmitted to our digital infrastructure during such access: date and time including time zone, IP address, access status (HTTP status code), operating system including user interface and version, browser including language and version, visited individual sub-page of our website including transmitted data volume, last webpage called up in the same browser window (referrer or referrer).
We log such information, which can also constitute personal data, in log files. The information is necessary to be able to provide our online presence permanently, user-friendly, and reliably. The information is also necessary to ensure data security – also by third parties or with the help of third parties.
9.3 Tracking Pixels
We may integrate tracking pixels into our online presence. Tracking pixels are also known as web beacons. Tracking pixels – also from third parties whose services we use – are usually small, invisible images or scripts formulated in JavaScript that are automatically retrieved when accessing our online presence. Tracking pixels can capture at least the same information as logged in log files.
10. Social Media
We are present on social media platforms and other online platforms to communicate with interested individuals and inform about our activities and operations. In connection with such platforms, personal data may also be processed outside of Switzerland and the European Economic Area (EEA).
The General Terms and Conditions (GTC), Terms of Use, Privacy Policies, and other provisions of the individual operators of such platforms also apply. These provisions specifically inform about the rights of affected persons directly against the respective platform, which includes, for example, the right to information.
11. Services from Third Parties
We use services from specialized third parties to be able to conduct our activities and operations in a permanent, user-friendly, secure, and reliable manner. With such services, we can embed functions and content into our website, among other things. In such an embedding, the services used capture the IP addresses of users for technically mandatory reasons at least temporarily.
For necessary security-related, statistical, and technical purposes, third parties whose services we use can process data related to our activities and operations in an aggregated, anonymized, or pseudonymized manner. This can include, for example, performance or usage data to provide the respective service.
We use in particular:
- Services by Google: Providers: Google LLC (USA) / Google Ireland Limited (Ireland) for users in the European Economic Area (EEA) and Switzerland; General privacy information: "Principles of privacy and security", Privacy Policy, "Google's commitment to comply with applicable data protection laws", "Guide to privacy in Google products", "How we use data from websites or apps that use our services" (Information by Google), "Types of cookies and similar technologies used by Google", Advertising you can control (Personalized Advertising).
11.1 Digital Infrastructure
We use services from specialized third parties to access the necessary digital infrastructure in connection with our activities and operations. This includes, for example, hosting and storage services from selected providers.
We use in particular:
- METANET: Hosting; Provider: METANET AG (Switzerland); Privacy information: Privacy Policy, "Technical and organizational measures".
11.2 Audio and Video Conferences
We use specialized services for audio and video conferences to communicate online. For example, we can hold virtual meetings or conduct online teaching and webinars. Participation in audio and video conferences is subject to the legal texts of the individual services, such as privacy policies and terms of use.
We recommend, depending on the situation, muting the microphone by default during participation in audio or video conferences and blurring the background or displaying a virtual background.
We use in particular:
- TeamViewer Meeting: Video conferences; Provider: TeamViewer Germany GmbH (Germany); Privacy information: Privacy Policy, "First-class privacy protection".
11.3 Social Media Functions and Social Media Content
We use services and plugins from third parties to embed functions and content from social media platforms and to enable sharing of content on social media platformsand other ways.
We use in particular:
- Instagram Platform: Embedding Instagram content; Providers: Meta Platforms Ireland Limited (Ireland) and other Meta companies (including in the USA); Privacy information: Privacy Policy (Instagram), Privacy Policy (Facebook).
11.4 Maps
We use services from third parties to embed maps into our website.
We use in particular:
- Google Maps including Google Maps Platform: Map service; Provider: Google; Specific information about Google Maps: "How Google uses location information".
11.5 Digital Audio and Video Content
We use services from specialized third parties to enable the direct playback of digital audio and video content such as music or podcasts.
11.6 Fonts
We use services from third parties to embed selected fonts as well as icons, logos, and symbols into our website.
We use in particular:
- Google Fonts: Fonts; Provider: Google; Specific information about Google Fonts: "Your Privacy and Google Fonts", "Privacy and data collection".
12. Extensions for the Website
We use extensions for our website to be able to use additional functions. We can use selected services from suitable providers or use such extensions on our own server infrastructure.
We use in particular:
- Google reCAPTCHA: Spam protection (differentiation between desired content from humans and unwanted content from bots and spam); Provider: Google; Specific information about Google reCAPTCHA: "What is reCAPTCHA?".
13. Success and Reach Measurement
We attempt to determine how our online offer is used. In this context, we can measure, for example, the success and reach of our activities and operations as well as the impact of third-party links on our website. We can also experiment and compare how different parts or versions of our online offer are used ("A/B testing" method). Based on the results of success and reach measurement, we can particularly fix errors, strengthen popular content, or make improvements to our online offer.
For success and reach measurement, the IP addresses of individual users are stored in most cases. In this case, IP addresses are generally shortened ("IP masking") to follow the principle of data minimization through the corresponding pseudonymization.
In success and reach measurement, cookies can be used, and user profiles can be created. Any created user profiles may include, for example, visited individual pages or viewed content on our website, information about the size of the screen or browser window, and the – at least approximate – location. Generally, any user profiles are created exclusively in a pseudonymized manner and are not used for identifying individual users. Individual services from third parties, where users are logged in, may possibly assign the use ofour online offer to the user account or profile with the respective service.
We use in particular:
- Google Analytics: Success and reach measurement; Provider: Google; Specific information about Google Analytics: Measurement also across different browsers and devices (Cross-Device Tracking) as well as with pseudonymized IP addresses, which are only exceptionally transmitted in full to Google in the USA, "Privacy", "Browser Add-on to deactivate Google Analytics".
14. Video Surveillance
We use video surveillance for the prevention of crimes and for evidence gathering in case of crimes as well as for the exercise of our house rights. In this context, if and to the extent the General Data Protection Regulation (GDPR) is applicable, this constitutes legitimate interests according to Art. 6 Para. 1 lit. f GDPR.
We store recordings from our video surveillance as long as they are necessary for evidence purposes.
We can secure recordings due to legal obligations, to enforce our own legal claims, and in case of suspicion of crimes and transmit them to competent authorities such as courts or law enforcement agencies.
15. Final Provisions
We have created this privacy policy with the Privacy Policy Generator from Datenschutzpartner.
We can adjust and supplement this privacy policy at any time. We will inform about such adjustments and supplements in an appropriate manner, in particular by publishing the current version of the privacy policy on our website.