Guests 0 Guests 0 Adults , 0 L:Booking.Child.
L:Booking.AddRoom
L:Generic.Menu

Privacy Policy The Cambrian AG

A. Cross-channel notes

1. Responsible person and content of this privacy policy

We, The Cambrian AG (Dorfstrasse 7, 3715 Adelboden, Schweiz) are operator of the hotel The Cambrian (hereinafter "Hotel") and the website www.thecambrianadelboden.com (hereinafter "Website") and are responsible for the data processing operations set out in this privacy policy unless otherwise stated.

In order to know what personal data we collect from you and for what purposes we use it, please take note of the information below. When it comes to data protection, we are guided primarily by the legal requirements of Swiss data protection law, in particular the Federal Data Protection Act (FADP), as well as the EU Data Protection Regulation (GDPR), the provisions of which may be applicable in individual cases.

Swiss law applies to data subjects domiciled in Switzerland. References to the GDPR refer only to data subjects to whom the GDPR applies on the basis of Art. 3 GDPR. If data processing subject to Swiss law requires a justification, references to consent, legitimate interest, necessity for the performance of a contract or a legal basis are to be understood as references to the corresponding justification grounds under Swiss law.

Please note that the following information may be reviewed and amended from time to time. We therefore recommend that you consult this privacy policy on a regular basis. Furthermore, other companies are responsible under data protection law for individual data processing operations listed below or are jointly responsible with us, so that in these cases the information provided by these providers is also applicable.

2. Contact person for data protection

If you have any questions about data protection or wish to exercise your rights, please contact our data protection contact by sending an e-mail to the following address: [email protected].

You can reach our EU data protection representative at:

VGS Datenschutzpartner GmbH
Am Kaiserkai 69
20457 Hamburg
Germany
[email protected]

3. Your rights

Provided that the legal requirements are met, you have the following rights as a person whose data is processed:

Right to information: You have the right to request access to your personal data stored by us at any time, free of charge, if we are processing it. This gives you the opportunity to check what personal data we are processing about you and that we are using it in accordance with the applicable data protection regulations. 

Right to correction: You have the right to have incorrect or incomplete personal data corrected and to be informed about the correction. In this case, we will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort. If neither the correctness nor the incorrectness of personal data can be established, you also have the right to have a notice of dispute made, provided that the Swiss FADP is applicable.

Right to deletion: You have the right to have your personal data deleted under certain circumstances. In individual cases, especially in the case of legal retention obligations, the right to deletion may be excluded. In this case, the deletion may be replaced by a blocking of the data if the conditions are met.

Right to restrict processing: You have the right to request that the processing of your personal data be restricted.

Right to data transfer: In certain circumstances, you have the right to receive from us, free of charge, the personal data that you have provided to us in a readable format. However, you only have this right to data transfer if we have processed your personal data based on your consent or for the performance of a contract.

Right of objection: You can object to data processing at any time, in particular for data processing in connection with direct advertising (e.g. advertising e-mails). In individual cases, data processing may nevertheless be continued, e.g. because we have a legitimate interest in continued processing or are legally obliged to do so.

Right of withdrawal: In principle, you have the right to withdraw your consent at any time. However, processing activities based on your consent in the past do not become unlawful as a result of your withdrawal

To exercise these rights, please send us an e-mail to the following address: [email protected]

Right of complaint: You have the right to file a complaint with a competent supervisory authority, e.g. against the way your personal data is processed.

4. Data security

We use appropriate technical and organisational security measures to protect your personal data stored with us against loss and unlawful processing, namely unauthorised access by third parties. Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and data protection. Furthermore, these persons are only granted access to the personal data to the extent necessary for the fulfilment of their tasks.

Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks and even we cannot provide an absolute guarantee for the security of information transmitted in this way.

5. Contacting us

If you contact us via our contact addresses and channels (e.g. by e-mail, telephone or contact form), your personal data will be processed. The data you have provided us with, e.g. the name of your company, your name, your function, your e-mail address or telephone number and your request, will be processed. In addition, the time of receipt of the request is documented. Mandatory information is marked with an asterisk (*) in contact forms.

We process this data exclusively in order to implement your request (e.g. providing information about our hotel, support in the processing of contracts such as questions about your booking, incorporating your feedback into the improvement of our service, etc.). The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the implementation of your request or, if your request is directed towards the conclusion or execution of a contract, the necessity for the implementation of the necessary measures within the meaning of Art. 6 para. 1 lit. b GDPR.

6. Use of your data for marketing purposes

6.1 Central data storage and analysis in the CRM system

Insofar as a clear reference to your person is possible, we will store and link the data described in this privacy policy, i.e. in particular your personal details, your contact details, your contract details and your surfing behaviour on our websites, in a central database. This serves the efficient administration of customer data and allows us to adequately respond to your requests and enables the efficient provision of the services you have requested and the processing of the associated contracts. The legal basis for this data processing is our legitimate interest in the efficient management of user data within the meaning of Art. 6 para. 1 lit. f GDPR.

We analyse this data in order to further develop our offers in a needs-oriented manner and to display and suggest the most relevant information and offers to you. We also use methods that predict possible interests and future orders based on your website usage. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in carrying out marketing measures.

6.2 E-mail marketing and ‘Cambrian Friends’ Program

When you register to be a ‘Cambrian Friend’, the following data is collected. Mandatory data is marked with an asterisk (*) in the registration form:

  • E-mail address

In order to avoid misuse and to ensure that the owner of an e-mail address has actually given his/her consent, we use the so-called double opt-in for registration. After sending the registration, you will receive an e-mail from us containing a confirmation link. In order to definitely register for the ‘Cambrian Friends’ Program, you must click on this link. If you do not click on the confirmation link within the specified period, your data will be delet-ed again and ‘Cambrian Friends’ E-Mails and the newsletter will not be sent to this address.

By registering for ‘Cambrian Friends’ Program, you consent to the processing of this data in order to receive messages from us about our hotel and related information about products and services. This may also include invitations to participate in prize draws or to evaluate one of the aforementioned products and services. The collection of the title and name allows us to verify the allocation of the registration to a possibly already exist-ing customer account and to personalise the content of the mails. The link to a customer account helps us to make the offers and content for the ‘Cambrian Friends’ Program more relevant to you and better tailored to your potential needs.

We will use your data for e-mailing until you revoke your consent. Withdrawal is possible at any time, in particular via the unsubscribe link in all our marketing emails.

Our marketing e-mails may contain a so-called web beacon or 1x1 pixel (tracking pixel) or similar technical aids. A web beacon is an invisible graphic that is linked to the user ID of the respective ‘Cambrian Friends’ Program subscriber. For each marketing e-mail sent, we receive information on which addresses have not yet received the e-mail, to which addresses it was sent and for which addresses the sending failed. We also see which addresses have opened the e-mail, for how long and which links they have clicked on. Finally, we also receive information about which addresses have unsubscribed. We use this data for statistical purposes and to optimise the promotional e-mails in terms of frequency, timing, structure and content. This allows us to better tailor the information and offers in our e-mails to the individual interests of the recipients.

The web beacon is deleted when you delete the e-mail. To prevent the use of the web beacon in our marketing e-mails, please set the parameters of your e-mail program so that HTML is not displayed in messages if this is not already the case by default. See the help sections of your e-mail software for information on how to configure this setting, e.g. here for Microsoft Outlook.

By subscribing to the ‘Cambrian Friends’ Program, you also consent to the statistical evaluation of user behav-iour for the purpose of optimising and adapting the ‘Cambrian Friends’ Program. This consent constitutes our legal basis for the processing of the data within the meaning of Art. 6 para. 1 lit. a GDPR.

We use Campaign Monitor Pty Ltd's e-mail marketing software Campaign Monitor (https://www.campaignmonitor.com/company/) for marketing e-mails. Therefore, parts of your data are stored in a database of Campaign Monitor Pty Ltd, which allows Campaign Monitor Pty Ltd to access your data when necessary to provide the software and to assist you in using the software. The legal basis for this processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the use of third-party services.

7. Disclosure to and access by third parties

Without the support of other companies, we would not be able to provide our services in the desired form. In order for us to be able to use the services of these companies, it is also necessary to pass on your personal data to a certain extent. Such disclosure takes place in particular insofar as this is necessary for the performance of the contract requested by you, i.e. e.g. to restaurants or other third-party providers for which you have made a reservation. The legal basis for these disclosures is the necessity for the fulfilment of the contract within the meaning of Art. 6 para. 1 lit. b GDPR.

Furthermore, data is passed on to selected service providers and only to the extent necessary for the provision of the service. Various third-party service providers are also explicitly mentioned in this privacy policy, e.g. in the sections on marketing. These are, for example, IT service providers (such as providers of software solutions), advertising agencies and consultancies. In addition, we pass on your data to companies affiliated with us in the group (cf. imprint) and to partner hotels if, for example, you request a service from a partner hotel. The legal basis for this data transfer is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in obtaining third-party services.

In addition, your data may be passed on, in particular to authorities, legal advisors or debt collection companies, if we are legally obliged to do so or if this is necessary to protect our rights, in particular to enforce claims arising from our relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof and such disclosure is necessary to carry out due diligence or to complete the transaction. The legal basis for this data transfer is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the protection of our rights and compliance with our obligations or the sale of our company.

8. Transfer of personal data abroad

We are also entitled to transfer your personal data to third parties abroad if this is necessary to carry out the data processing mentioned in this privacy policy (see in particular sections 12-15). In doing so, the legal provisions on the disclosure of personal data to third parties will of course be complied with. If the country in question does not have an adequate level of data protection, we guarantee through contractual regulations that your data is adequately protected at these companies.

If data to which the Swiss FADP applies is disclosed in EU states or EEA states, this is done on the basis of a decision on the adequacy of the level of data protection by the competent Swiss authority.

We also work together with service providers from the USA. For the sake of completeness, we would like to point out to users resident or domiciled in Switzerland or the EU/EEA that there is no level of data protection in the USA comparable to that in Switzerland or the EU/EEA. In particular, the USA does not grant data subjects from Switzerland or the EU/EEA any legal remedies that allow them to obtain access to the data concerning them and to obtain its correction or deletion, and there is no effective judicial legal protection against access rights of US authorities.

Unless otherwise indicated, the transfer of data to companies in the USA is based on standard contractual clauses of the EU Commission approved by the EU Commission or recognised as appropriate by the FDPIC. Standard contractual clauses are written commitments by the US company that can serve as a basis for data transfers from the EU or Switzerland to third countries such as the US by providing appropriate data protection guarantees.

9. Storage periods

We only store personal data for as long as necessary to carry out the processing explained in this privacy policy within the scope of our legitimate interest. In the case of contractual data, storage is required by statutory retention obligations. Requirements that oblige us to retain data result from the provisions on accounting and from tax law regulations. According to these regulations, business communication, concluded contracts and accounting vouchers must be stored for up to 10 years. As soon as we no longer need this data to perform services for you, the data will be blocked. This means that the data may then only be used if this is necessary to fulfil the retention obligations or to defend and enforce our legal interests. The data will be deleted as soon as there is no longer a retention obligation and no longer a legitimate interest in retaining the data.

B. Special information for our website

Privacy Policy
Cookie Policy

11. Order via our online shop

On our website you have the opportunity to order a wide selection of products and vouchers. For this purpose, we collect the following data, whereby mandatory data are marked with an asterisk (*) in the corresponding form:

  • Title
  • First name
  • Surname
  • Company
  • Street and house number
  • Address suffix
  • Postcode
  • City
  • Country
  • Telephone number
  • E-mail
  • Date of birth
  • Payment method
  • Shipping method
  • Alternative address
  • Yes, I would like to subscribe to your newsletter.
  • I confirm that the information provided is correct and I have read and accept the General Terms and Conditions and the Privacy Policy.

We use this data and other data voluntarily provided by you only to process your order in accordance with your wishes. The processing of this data is therefore carried out in accordance with Art. 6 para. 1 lit. b GDPR for the implementation of pre-contractual measures as well as for the execution of a contract.

12. Booking on the website, by correspondence or by telephone call

When you make bookings or order vouchers either via our website, by correspondence (e-mail or letter post) or by telephone call, we collect the following data, with mandatory data marked with an asterisk (*) in the relevant form:

  • Title
  • First name
  • Surname
  • Street and no.
  • Postcode
  • City
  • Country
  • Date of birth or age group of guests (child, adult)
  • E-mail address
  • Telephone number
  • Language
  • Accompanying persons
  • Additional details and settings
  • Credit card information

We will only use this data and other information voluntarily provided by you (e.g. expected arrival time, motor vehicle registration plate, preferences, remarks) to process the contract, unless otherwise stated in this privacy policy or you have separately consented to this. We will process the data, for example, in order to record your booking as requested, to provide the booked services, to contact you in the event of any uncertainties or problems and to ensure correct payment. Your credit card details will be automatically deleted after your departure.

The legal basis for data processing for this purpose is the fulfilment of a contract according to Art. 6 para. 1 lit. b GDPR or your consent according to Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future.

13. Online payment processing

If you make chargeable bookings or purchase products on our website, depending on the product or service and the desired method of payment - in addition to the information mentioned in section 18 or section 19 - the provision of further data is required, such as your credit card information or the login to your payment service provider. This information, as well as the fact that you have purchased a service from us for the amount and at the time in question, will be forwarded to the respective payment service providers (e.g. providers of payment solutions, credit card issuers and credit card acquirers). Please always refer to the information provided by the respective company, in particular the data protection statement and the general terms and conditions. The legal basis for this transfer is the fulfilment of a contract in accordance with Art. 6 para. 1 lit. b GDPR.

14. Book a table

On our website you have the possibility to book a table in our restaurant. For this purpose, we collect the following data, whereby mandatory data are marked with an asterisk (*) in the corresponding form:

  • Title
  • First name
  • Surname
  • Number of guests
  • E-mail address
  • Telephone number
  • Comment
  • Date and time of reservation
  • I accept the terms and conditions
  • I would like to receive information about special offers and promotions

We collect and process the data only to process the reservation, in particular to compile your reservation request according to your wishes, to make the reservation and to contact you in case of uncertainties or problems.

We use a tool from The Fork (La Fourchette SAS, 70 rue Saint-Lazare, 75009 Paris, France) to process reservations. Therefore, your data will be stored in a database of La Fourchette, which may allow La Fourchette to access your data if necessary to provide the software and to assist you in using the software. Information on the transfer and processing of data by third parties can be found in section 7 of this privacy policy and in the privacy and cookie statement of The Fork.

The legal basis for processing your data for this purpose is the fulfilment of a contract pursuant to Art. 6 para. 1 lit. b GDPR.

15. Book a spa treatment

On our website you have the possibility to book a spa treatment. For this purpose, we collect the following data, whereby mandatory data are marked with an asterisk (*) in the corresponding form:

  • Title
  • First name
  • Surname
  • Address (street, house number, postcode, city, country)
  • Number of guests
  • E-mail address
  • Telephone number
  • Date of birth
  • Comment
  • Date and time of reservation
  • I accept the terms and conditions
  • I would like to receive information about special offers and promotions

We collect and process the data only to process the reservation, in particular to compile your reservation request according to your wishes, to make the reservation and to contact you in case of uncertainties or problems.

We use a tool from TAC (TAC Informationstechnologie GmbH, Schildbach 211, 8230 Hartberg, Austria) to process reservations. Therefore, your data is stored in a database of TAC, which may allow access to your data if this is necessary for the provision of the software and for support in the use of the software. Information on the transfer and processing of data by third parties can be found, on the one hand, under point 7 of this privacy policy and, on the other hand, in the privacy policy of TAC.

The legal basis for processing your data for this purpose is the fulfilment of a contract pursuant to Art. 6 para. 1 lit. b GDPR.

16. Bookings via booking platforms

If you make bookings via a third-party platform (i.e. for example via booking.com, Hotel, Escapio, Expedia, Holidaycheck, Hotel Tonight, HRS, Kayak, Mr. & Mrs. Smith, Splendia, Tablet Hotels, Tripadvisor, Trivago, Weekend4Two), we receive various personal information from the respective platform operator in connection with the booking made. This generally concerns the data listed in section 19 of this privacy policy. In addition, enquiries about your booking may be forwarded to us. We will process the data, for example, in order to record your booking as requested and to provide the booked services. The legal basis for data processing for this purpose is the implementation of pre-contractual measures and the fulfilment of a contract in accordance with Art. 6 para. 1 lit. b GDPR.

Finally, we may be informed by the platform operators of disputes relating to a booking. In the process, we may also receive data on the booking process, which may include a copy of the booking confirmation as proof of the actual booking completion. We process this data to protect and enforce our claims. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Please also note the information on data protection of the respective booking platform.

17. Application for a vacant position

You have the option of applying to us spontaneously or via a corresponding e-mail address for a specific job advertisement.

We use this and other data you provide voluntarily to review your application. Application documents of unsuccessful applicants are deleted at the end of the application process, unless you explicitly agree to a longer retention period or we are legally obliged to retain them for a longer period.

The legal basis for the processing of your data for this purpose is therefore the execution of a contract (pre-contractual phase) in accordance with Art. 6 para. 1 lit. b GDPR.

  1. Data processing in connection with your stay

18. Data processing for the fulfilment of legal reporting obligations

Upon arrival at our hotel, we may require the following information from you and your accompanying persons (mandatory legal information is marked *):

  • First name and Surname
  • Address
  • Date of birth
  • Nationality
  • Official identification card and number
  • Vehicle registration plate
  • E-mail address
  • Telephone number
  • Number of accompanying persons / guests / names of guests
  • Arrival and departure day

We collect this information in order to comply with legal reporting obligations, which arise in particular from hospitality or police law. Insofar as we are obliged to do so under the applicable regulations, we forward this information to the competent police authority.

The processing of this data is based on a legal obligation within the meaning of Art. 6 para. 1 lit. c GDPR.

19. Recording of purchased services

If you purchase additional services during your stay (e.g. wellness, restaurant, activities), we will record the subject of the service and the time of the service purchase for billing purposes. The processing of this data is necessary in the sense of Art. 6 para. 1 lit. b GDPR for the processing of the contract with us.

20. Guest feedback

If you have given us your e-mail address in connection with your booking, you will receive an electronic form after departure. For this purpose, we collect the following data, whereby mandatory data are marked with an asterisk (*) in the corresponding form:

  • First name and Surname
  • Age
  • Nationality
  • Duration and date of stay

The information provided is voluntary and serves us to continuously improve our offer and our services and to adapt them to your needs. We will generally use the information provided for statistical purposes, unless otherwise stated in this privacy policy or you have separately consented to this. We may also process the data in order to contact you.

For the aforementioned purposes, the legal basis of the processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

21. Video surveillance

In order to prevent misuse and to take action against illegal behaviour (especially theft and damage to property), the entrance area and the publicly accessible areas of our hotel are monitored by cameras. The image data is only viewed if there is a suspicion of illegal behaviour. Otherwise, the images are automatically deleted after 72 hours.

For the provision of the video surveillance system, we rely on a service provider who may have access to the data insofar as this is necessary for the provision of the system. Should the suspicion of illegal conduct be substantiated, the data may then be passed on to consulting companies (in particular our law firm), insurance companies as well as authorities to the extent necessary for the enforcement of claims or the filing of charges.

The legal basis is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in protecting our property and safeguarding and enforcing our rights.

22. Use of our WiFi network

In our hotel you have the possibility to use free of charge the WiFi network operated by the company GuestTek (Alberta, Canada).

For more information about this data processing, please refer to Guest Tek's privacy policy, which will be displayed to you before you log in to the WiFi network.

23. Payment processing

When you purchase products or services or pay for your stay in our hotel using electronic means of payment, the processing of personal data is required. By using the payment terminals, you transmit the information stored in your means of payment, such as the name of the cardholder and the card number, to the payment service providers involved (e.g. providers of payment solutions, credit card issuers and credit card acquirers). They also receive the information that the means of payment was used in our hotel, the amount and the time of the transaction. Conversely, we only receive the credit note for the amount of the payment made at the corresponding time, which we can assign to the relevant voucher number, or information that the transaction was not possible or was cancelled. Please always refer to the information provided by the respective company, in particular the data protection declaration and the general terms and conditions. The legal basis for this transmission is the fulfilment of the contract with you according to Art. 6 para. 1 lit. b GDPR.