Thank you for your interest in our website. Data protection and the protection of your privacy are highly important to us. This Data Protection Policy provides you with information on the nature, scope and purpose of the processing of personal data (hereinafter “data”) within our online service and associated websites, functions and content as well as external online presences, such as our social media profile (hereinafter referred to jointly as “online service”). With respect to the terms used, such as “processing” and “controller”, we refer you to the definitions contained in Art. 4 of the General Data Protection Regulation (GDPR).

Controller

Mövenpick Schweiz AG

Head office: Oberneuhofstr. 12

6340 Baar, Switzerland

privacy@marche-int.com

Phone +41 52 355 55 00

I. The processing of your data

The protection of data and of privacy are important to us. Visitors to this website are under absolutely no obligation to disclose personal data such as their name, address, telephone number or email address. However, your personal data is essential if you wish to take advantage of our services, such as our newsletter, reservations or orders. In the Data Protection Policy below we will address these individual areas in greater detail.

Type of data processed:

- Fixed data (e.g. name, address)

- Contact data (e.g. email, telephone numbers)

- Content data (e.g. text entries, photographs, videos)

- Usage data (e.g. websites visited, interest in content, access times)

- Metadata/communications data (e.g. device information, IP addresses)

Categories of affected persons:

- Visitors and users of online services (affected persons are also hereinafter summarized as “users”).

Purpose of processing:

- Provision of online service, its functions and its content.

- Responding to contact requests and communication with users.

- Security measures.

- Reach measurement/marketing

Relevant legal basis

In accordance with Art. 13 GDPR we wish to inform you of the legal basis for our data processing. Where the legal basis is not otherwise specified in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR, the legal basis for processing in fulfillment of our services and execution of contractual measures as well as responding to queries is Art. 6(1)(b) GDPR, the legal basis for processing in fulfillment of our legal obligations is Art. 6(1)(c) GDPR, and the legal basis for processing that safeguards our legitimate interests is Art. 6(1)(f) GDPR. In the event that the vital interests of the affected person or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.

II. Hosting

The hosting services that we use serve in the provision of the following services: Infrastructure and platform services, computing capacity, memory and database services, security services as well as technical maintenance services that we use in the operation of our online service. We and/or our hosting provider process fixed data, contact data, content data, contractual data, usage data, metadata and communications data of customers, interested parties and visitors of this online service on the basis of our legitimate interest in the efficient and secure provision of this online service in accordance with Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (end of processing agreement).

III. Collection of access data and log files

In connection with our legitimate interest within the meaning offered by Art. 6(1)(f) GDPR, we and/or our hosting provider collect data on every access to the server on which this service is stored (server log files). Access data includes the name of the website accessed, file, date and time of the access, the volume of data transferred, notification of successful access, browser type and version, the user’s operating system, referring URL (the previously visited site), IP address and the requesting provider.

For security reasons (e.g. investigation of misconduct or fraudulent activity), the log file information is saved for a maximum period of 7 days and then deleted. Data that must be retained for longer for evidence purposes is exempted from deletion until the final clarification of the case in question.

IV. Use of cookies

To make our website more attractive to visitors and enable the use of certain functions, we use “cookies” from third party providers on a number of sites. Cookies are small text files that are saved onto your device. The primary purpose of a cookie is to store details about the user (and/or the device on which the cookie is saved) during or after the user’s visit to an online service. Some of these cookies are deleted after the end of the browser session, in other words after you close your browser (session cookies). Other cookies remain on your device and enable third-party providers to recognize your browser on your next visit (persistent cookies). This type of cookie can also record the interests of the user, which are used for reach measurement or marketing purposes. Third-party cookies are cookies that are offered by a provider other than the controller who operates the online service.

On visiting our website, a cookie banner makes reference to our Data Protection Policy and you have the option of viewing and accepting it. You can also configure your browser in such a way that you are informed about cookies being set and can decide on a case-by-case basis whether to accept cookies, or exclude acceptance of cookies either for certain cases or in general. Not accepting cookies may restrict the functionality of our website. You can find further information on the handling of cookies in the help function of your browser and on the internet site of: http://www.allaboutcookies.org/.

The following lists various types of cookies that we use on our website:

• Session cookies: Our internet site was created by Open Shift (Nine Hosting). It contains cookies (e.g. for determining the browser) to improve performance (faster loading of content). Storage duration: Deleted on closing the browser.
• Security cookies: If you log into an area with restricted access, these cookies ensure that your device remains logged in for the duration of your visit. You will usually need a user name and password to enter such areas (ordering the Food Lovers’ Card gift voucher, newsletter subscriptions). Storage duration: Deleted on closing the browser or ending the session.
• Analysis cookies: We use analysis cookies from third-party providers to understand how visitors use our site. This helps us to improve the quality and content of our site. The aggregated statistical information incorporates data such as the total number of visitors. For further information see point II.2. “Google Analytics”. Storate duration: Remain. The storage of cookies is governed by the data protection regulations of Google Inc.: Currently one-year storage duration.
• Third-party cookies: We use social media widgets to enable sharing of content on social media channels. If you use social media widgets, cookies may also be stored on your devices. Third-party cookies (e.g. Vimeo, TripAdvisor, Bookatable, Issuu, Google Maps) are not always deleted when you close your browser. The storage of cookies is determined solely by the data protection regulations of the respective third-party provider. Storage duration: Remain. The storage of cookies is determined by the data protection regulations of the respective third-party provider.

V. Social media widgets and applications

Our website enables sharing of content on various social media channels. The purpose of social media applications is to make it easier to share knowledge and content. If you use these tools, your personal data may be collected, processed and used by the social media applications. The collection, processing and usage of personal data in this case is exclusively governed by the data protection regulations of the respective social media provider.

Facebook plug-ins

Our website uses functions of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. When accessing pages with Facebook plug-ins, a connection between your browser and Facebook servers is established. This already sends data to Facebook. If you have a Facebook account, this data may be linked to it. If you do not wish to associate this data with your Facebook account, please log out from Facebook before visiting our site. Interactions, particularly the use of comment functions or clicking on the “like” or “share” buttons, are also passed on to Facebook. You can find more detailed information here: https://www.facebook.com/about/privacy.

Facebook remarketing (advertisements)

This website also uses Facebook Inc.’s “Custom Audiences” remarketing function. This function allows us to present users of this website with interest-related advertisements (“Facebook Ads”) in the context of a visit to the social media network Facebook. To this end, the Facebook remarketing tag has been implemented on this website. This tag generates a direct connection to Facebook servers when visiting this site and forwards them information about your visit, which Facebook assigns to your personal Facebook user account.

You can find more information on the collection and use of data via Facebook as well as your related rights and options regarding the protection of your privacy in Facebook’s Data Policy. You can also deactivate the “Custom Audiences” remarketing function via the following link. You must be logged into Facebook to do this.

Instagram

Functions of the Instagram service are incorporated into our sites. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account you can link content on our sites to your Instagram profile by clicking on the Instagram button. This means that Instagram can associate your visit to our site with your user account. We wish to point out that as providers of the site we receive no information on the content of the data so transferred, nor its usage by Instagram.

You can find more information in the Instagram Privacy Policy.

YouTube

Our website uses plug-ins from the site YouTube, operated by Google. The operator of the site is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages which is fitted with a YouTube plug-in, a link to YouTube servers is created. This will inform the YouTube servers which of our pages you visited. When you are logged in with your YouTube account, YouTube enables your surfing to be directly associated with your personal profile. You can prevent this by logging out of your YouTube account. You can find more information on the use of user data in the YouTube Privacy Policy. Click on the link for Opt-out.

Vimeo

We incorporate videos from the Vimeo platform provided by Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Vimeo Privacy Policy.

VI. Google

Google Analytics

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online service in the meaning provided by Art 6(1)(f) GDPR) we use Google Analytics, a web analysis service of Google LLC (“Google”). Google uses cookies. The information about the user’s usage of the online service generated by the cookie is generally transferred to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Framework, which provides a guarantee that it complies with European data protection laws. Google uses this information on our behalf to evaluate the user’s usage of our online service, to create reports on activity within the online service and to render other associated services related to usage of the online service and of the internet. Pseudonymous usage profiles may be created for the user from the data so processed. Google may also transfer this information to third parties where legally required to do so or where third parties process this data on behalf of Google. Google will never associate your IP address with other Google data. By using our website you declare your consent to Google’s processing of the data it has collected on you in the manner described above and for the aforementioned purposes.

We only use Google Analytics with activated IP anonymization. This means that the user’s IP address will be truncated by Google within member states of the European Union or in other treaty states of the Framework via the European Economic Area. Only in exceptional circumstances will the full IP address be transferred to a Google server in the USA and truncated there.

You can prevent cookies being stored by changing the settings in your browser software; however, we wish to point out that this may prevent you from using the complete range of functions of this website.

You may also prevent the capture of the data generated by the cookie which is related to your usage of the website (incl. your IP address) by Google as well as Google’s processing of this data by downloading and installing the browser plug-in at this link.

As an alternative to the browser plug-in you can click this link to prevent Google Analytics capturing your data from this website in the future. This will place an opt-out cookie on your device. If you delete your cookies, you must click the link again.

You can find more information on Google Analytics’ use of user data in the Google Analytics Terms of Service.

Google Maps

We incorporate maps from Google Maps, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Privacy Policy. Link to opt-out.

Google ReCaptcha

We incorporate a function for detecting bots, e.g. when filling out online forms ("ReCaptcha") provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Privacy Policy. Link to opt-out.

VII. Contact & feedback form

When you contact us (e.g. via the contact form, email, telephone or via social media), your user details are processed to allow handling and settlement of your contact query in accordance with Art. 6(1)(b) GDPR. User details may be stored in a customer relationship management (“CRM”) system or similar query organizer. We delete these details when they are no longer required. We monitor requirements every two years; statutory archiving obligations also apply.

VIII. Newsletter

The section below provides information on the content of our newsletter as well as the processes for registering, sending and statistical evaluation as well as your right of objection. By subscribing to our newsletter, you declare your consent for receipt of this newsletter and the processes described below. Content of the newsletter: We only send newsletters with promotional information (hereinafter “newsletter”) with the consent of the recipient. Double opt-in and logging: Subscription to our newsletter occurs through a “double opt-in process”. That means that upon registering you will receive an email requesting confirmation of your registration. This confirmation is required to prevent third parties registering with your email address. Registrations to the newsletter are logged as proof that the registration process corresponds with legal requirements. That includes the storage of the time of registration and of the confirmation, as well as the IP address. Any changes you make to the data stored by the dispatch service are also logged.

Registration data: To register for the newsletter, you need only provide your email address. We may also request that you provide your name, title and an address for the purposes of localization/local relevance in the CRM system, but this is optional.

The dispatch of the newsletter and associated performance measurement is carried out on the basis of the recipient’s consent as defined by Art. 6 (1)(a), Art. 7 GDPR in conjunction with Section 7(2) no. 3 UWG (Unlauterer Wettbewerbs-Gesetz; Act Against Unfair Competition) and/or on the basis of legal permission defined by Section 7(3) UWG. The registration process is logged on the basis of our legitimate interest in accordance with Art. 6(1)(f) GDPR. Our interest focuses on the use of a newsletter system that is both user-friendly and secure, and which also serves our business purposes while meeting the expectations of the user and allowing us to prove consent.

Termination/revocation: You may choose to stop receiving our newsletter – in other words, revoke your consent – at any time. You can find a link for terminating the newsletter at the bottom of every newsletter. We may store the email address entered for up to three years on the basis of our legitimate interests before we delete it for the purpose of sending the newsletter, so that we are able to prove that consent had been given at a prior date. The processing of this data is restricted to the purposes of possible defense against claims. An individual deletion request is possible at any time, as long as previous consent can be confirmed.

Newsletter – dispatch service

Should we exhaust the capacity of our internal CRM system, the newsletter may also be sent by the dispatch service Clever Elements, Prinzessinnenstr. 19-20, 10969 Berlin, Germany. You can find the Data Protection Regulations for the dispatch service here. The dispatch service is used on the basis of our legitimate interest in accordance with Art. 6(1)(f) GDPR and a processing agreement in accordance with Art. 28(3)(1) GDPR.

The dispatch service may use the data of the recipient in anonymous form, i.e. without association with a user, for optimization or improvement of its own services, e.g. for technical optimization of dispatch and presentation of the newsletter or for statistical purposes. However, the dispatch service does not use the data from our newsletter recipients to write to them directly, nor does it transfer this data to third parties.

Newsletter – performance measurement

The newsletter contains a “web beacon”, i.e. a one-pixel file which on opening of the newsletter is called up by our server or, if we are using a dispatch service, their server. This call initially captures technical information, such as details of your browser and system, as well as your IP address and the time of the call. This information is used for technical improvements to the service using the technical data or target groups and their reading behavior using the location of the call (determined by reference to the IP address) or the access time. This statistical information also includes confirmation of whether the newsletter was opened, when it was opened and what links were clicked. For technical reasons this information may be associated with individual newsletter recipients. However, neither we nor the dispatch service aim to use it to monitor individual users. Rather, this evaluation helps us to determine the reading habits of our users and to adapt our content to them or to send different content that accords with the interests of our users.

IX. Integration of third-party services and content

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online service in the meaning provided by Art 6(1)(f) GDPR) we use content and services (hereinafter referred to consistently as “content”) from third parties and incorporate them into our sites. As such, Mövenpick Schweiz AG permits some of its partners to place a logo and a link on our website if we believe that the company could be of interest to you. The content of partners’ sites so linked does not reflect the opinion of the website operator, serving solely for information and to represent connections. The responsibility for the content on the linked site always lies with the respective provider or operator of that site. The linked site is checked for potential legal infringements at the time of linking. No unlawful content was detected at the time of linking. However, it is unreasonable to expect permanent monitoring of the content of the linked site without a concrete indication of legal infringement.

This always assumes that the third-party provider of this content is aware of the user’s IP address, as without this, content cannot to be sent to the user’s browser. The IP address is required only for the presentation of this content. We endeavor to only use such content for which the respective provider uses the IP address solely for delivery of content. The pseudonymous information can also be stored in cookies on the user’s device and may contain technical information on the browser and operating system, referring websites, time of visit as well as other details on the use of our online service, and may also be associated with such information from other sources.

X. Reservation systems

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online service in the meaning provided by Art 6(1)(f) GDPR) we use content and services from third parties and incorporate them into our sites. To simplify reservations we incorporate online reservation masks from two providers. One is the reservation software of the “Bookatable” service from the provider Livebookings Holdings Limited, 5th Floor, Elizabeth House, 39 York Road, London, SE1 7NQ, UK. And the other is the reservation software of the “OpenTable” service from the provider OpenTable Inc., 1 Montgomery St., Suite 700, San Francisco, CA 94014, USA.

These services store two types of data: First, data that you send to the third-party provider in the course of your reservation for one of our restaurants that can be used to identify you personally (e.g. your name, email address and contact details). Second, data that cannot be used to identify you, but which is of significance to the partner website (e.g. duration of visit, geographical data). You can find further information on data usage and storage in the privacy policies of our partners’ websites:

• Bookatable Privacy Policy
• OpenTable Privacy Policy

XI. Your right to information and the correction, deletion or blocking of data

Information

On request we would be happy to inform you, at no charge, whether we have personal data stored on you, and which data this represents. You have the right to demand confirmation of whether relevant data is processed and to information on this data as well as other information and a copy of the data in accordance with Art. 15 GDPR.

Data correction

In accordance with Art. 16 GDPR you have the right to complete the data concerning you or correct incorrect data concerning you.

Data deletion

In accordance with Art. 17 GDPR, you have the right to demand that relevant data be deleted without delay, or alternatively in accordance with Art. 18 GDPR you may demand a restriction to the processing of your data. You have the right to demand receipt of the data concerning you that you have made available to us in accordance with Art. 20 GDPR and to request its transferral to other controllers. Moreover, in accordance with Art. 77 GDPR, you have the right to lodge a complaint with the relevant regulatory authority.

Right of revocation

In accordance with Art. 7(3) GDPR, you have the right to revoke previously issued consent with effect for the future.

Right of objection

You may object to the future processing of the data concerning you at any time in accordance with Art. 21 GDPR. In particular, you may object to processing for the purposes of direct marketing.

XII. Updating the Data Protection Policy

The Data Protection Policy will be regularly updated.

XIII. Operational data protection officers at Mövenpick Schweiz AG

For general questions or suggestions on data protection at Mövenpick Schweiz AG, please contact the operational data protection officers at customerservice@marche-int.com.