Data protection policy

Data protection policy

1. Information regarding the collection of personal data

(1) The following text provides information regarding the collection of personal data when our website is used. Personal data is data that relates to you personally, such as your name, address, email addresses and user behavior.

(2) The controller in accordance with Art. 4(7) of the EU General Data Protection Regulation (GDPR) is

Mövenpick Schweiz AG

Oberneuhofstr. 12

CH-6340 Baar

Email: privacy@marche-int.com

Phone: +41 52 355 55 00

[link to the legal notice]

(3) Our data protection officers can be contacted via our postal address, care of the ‘Data protection officers’, or via the email address: privacy@marche-int.com.

2. Data subject rights

(1) You have the following rights with regard to personal data concerning you:

  • Right of access (Art. 15 GDPR),
  • Right to rectification or erasure (Art. 16 and 17 GDPR),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to object to processing (Art. 21 GDPR),
  • Right to data portability (Art. 20 GDPR).

(2) Furthermore, you have the right to make a complaint to a data protection supervisory authority regarding our processing of your personal data.

3. Collection of personal data when visiting our website

(1) When our website is solely used for informational purposes (i.e. if you do not register on it or otherwise submit information to us), we only collect the personal data that your browser transmits to our servers. When you wish to view our website, we collect the following data, which is required for technical reasons in order to display our website and guarantee stability and security (the legal basis for this is Art. 6(1)(f) GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Volume of data transmitted
  • Website from which the request originated
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

(2) In addition to the above data, cookies will also be stored on your computer when you use our website. Cookies are small text files stored on your hard drive and assigned to the browser you are using, enabling certain information to be collected by the site that sets the cookie (in this case, us). Cookies cannot execute programs or transmit viruses to your computer. They are used to make the overall online offering more user-friendly and effective.

(3) Use of cookies:

a) This website uses the following kinds of cookies. Their scope and functioning are explained below:

  • Transient cookies (see b)
  • Persistent cookies (see c)
  • Third-party cookies (see d).

b) Transient cookies are automatically deleted when you close your browser. Transient cookies include session cookies, in particular. They store a session ID, which enables the various requests made by your browser to be assigned to the session as a whole, making it possible for your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close your browser.

c) Persistent cookies are automatically deleted after a set period of time, which may differ depending on the cookie in question. You can delete cookies at any time in your browser’s security settings.

d) Third-party cookies are offered by third-party providers who are not the controller of the website. They are used as identification for reach measurements or marketing purposes.

e) You can configure your browser settings as desired and reject third-party cookies or all cookies, for example. Please note that you may then be unable to use some of the features of our website.

4. Additional functions and offerings on our website

(1) In addition to purely using our website for informational purposes, we also offer various services that you can use if you are interested in doing so. To make use of these services, you are generally required to provide additional personal data. We use this data to render the service in question; the above principles of data processing apply.

(2) We sometimes make use of external service providers to process your data. These providers have been carefully selected and commissioned by us, they are obliged to follow our instructions and are subject to regular checks.

(3) Furthermore, we use technical and organizational security measures to protect personal data that is produced or collected. In particular, these measures protect against accidental or deliberate manipulation, loss, destruction or access by unauthorized individuals. Improvements are made to our security measures on an ongoing basis in line with technical developments.

(4) We permit some of our partners to place a logo and a link on our website if we believe that these companies could be of interest to you. In these instances, third parties may receive your IP address and other data from your browser if your browser retrieves the content originating from the third party and shows it to you. This could involve the data listed under section 3(1).

(5) In addition, we may transmit your personal data to third parties if we offer promotions, competitions, contract completions or similar services in conjunction with partners. You will receive more information about this when you provide your personal data or at the bottom of the description of the offer.

(6) If our service providers or partners are headquartered in a country outside the European Economic Area (EEA), we will inform you about the consequences of this situation in the description of the offer.

5. Objection to or revocation of permission to process your data

(1) If you have agreed to your data being processed, you may revoke this consent at any time. Such revocation affects whether it is permissible to process your personal data, once you have given us notice of revocation.

(2) If we process your personal data based on the balance of interests, you may object to the processing. In particular, this is the case if it is not necessary to process the data to fulfill a contract with you, as depicted by us in the description of functions below. When exercising this right of objection, please provide the reasons why we should not process your personal data as we would otherwise. If we receive a justified objection from you, we will examine the facts of the matter and either cease to process the data or adapt how we process it. Alternatively, we will disclose to you the reasons why we need to continue processing this data.

(3) Of course, you can object to your personal data being processed for advertising purposes and for data analysis at any time. You can inform us of your objection to this advertising-related use by contacting us at the following address: privacy@marche-int.com.

6. SSL/TLS encryption

(1) We use SSL/TLS encryption on our website for security reasons and to protect the transmission of confidential content. This enables inquiries to be securely transmitted via the contact form and orders to be securely transmitted via the website. You can tell if SSL/TLS encryption is in place through the ‘https://’ prefix in your internet browser’s address bar and the closed padlock symbol depicted next to this.

(2) If SSL/TLS encryption is active, data can be transmitted to us via the website without third parties being able to read this data.

7. Email contact and use of the contact form

(1) You can use our contact form, email address, telephone number or the social networks listed to contact us and to share your inquiries, reservations, requests and feedback with us. This involves personal data, such as your name, email address or telephone number, being processed. We will process the data provided by the user in this regard solely for the purpose of contacting the user and handling the associated inquiry.

(2) The legal basis for the processing of this data is our legitimate interest in making contact and handling your inquiry, pursuant to Art. 6(1)(f) GDPR.

(3) If an inquiry submitted via the contact form or via email leads to a contract being concluded, the data provided must be processed for the contract to be fulfilled. The legal basis for this is Art. 6(1)(b) GDPR.

(4) The data provided will be processed until it is no longer needed for the objective to be achieved. The achievement of the objective shall cease to apply when the user’s inquiry has been conclusively resolved and the contact has thereby come to an end.

(5) The user may object to data processing at any time. In this case, the data provided for the purpose of making contact shall be deleted and no longer be used. Notice of objection is to be sent to the following email address: privacy@marche-int.com.

8. Newsletter registration

(1) On our website, we offer a newsletter that provides you with information on our products and services, as well as about various offers. Personal data is collected when you subscribe to the newsletter. We need your email address so that we can send you the newsletter, but all other information is provided on a voluntary basis and is only used to personalize the newsletter.

(2) The legal basis for the processing of data for newspaper registration is your consent, pursuant to Art. 6(1)(a) GDPR.

(3) We only save the data you provide once you have submitted this data to us with your effective consent. We use a double opt-in process to seek your consent in a legally effective manner. As part of this process, we send an email to the email address you provided containing a confirmation link. Once you provide your confirmation using this link, you will have successfully subscribed to the newsletter. If you do not confirm via this link within 24 hours, it will expire. When you provide your confirmation, we will save your email address, IP address and the time of your subscription. We use this data as proof of subscription and to detect any misuse of your personal data.

(4) You can revoke the consent you provide regarding the newsletter at any time. You can address this revocation to privacy@marche-int.com or click on the unsubscribe link in one of the newsletters you receive from us. If you revoke your consent or unsubscribe from the newsletter, you will not receive newsletters in the future and we will delete the data you provided in connection with this.

(5) We use performance measurement for our newsletter. The newsletter contains a single-pixel file known as a ‘web beacon’. When the newsletter is opened, the web beacon is retrieved by our server or, if we are using a dispatch service, by their server. This retrieval initially records technical information, such as details of your browser and system, as well as your IP address and the time of retrieval. This information is used to make technical improvements to the service with the aid of the technical data, or the target groups and their reading behavior with the aid of retrieval locations (determined by reference to the IP address) or access times. This statistical information also includes confirmation of whether the newsletter was opened, when it was opened and which links were clicked on. For technical reasons, this information may be associated with individual newsletter recipients. However, neither we nor the dispatch service aim to use it to monitor individual users. The legal basis for the processing of this data is Art. 6(1)(f) GDPR (balancing of interests) in conjunction with our interest in recognizing our users’ reading habits and tailoring our content to them, or sending different content depending on our users’ interests.

If you do not wish to be included in this performance measurement, you can object to it by unsubscribing from the newsletter. To do this, you can click the link included in every newsletter, or send your objection to privacy@marche-int.com. If you do so, you will not receive any more newsletters in the future.

9. Bookatable reservation system

(1) On our website, we use the Bookatable function provided by Livebookings Holdings Limited, 5th Floor, Elizabeth House, 39 York Road, London, SE1 7NQ. This enables visitors to our website to reserve a table at our establishment.

(2) The legal basis for the use of Bookatable is the simplification of reservations and optimization of our commercial enterprise. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR.

(3) As part of this, two types of data are stored about users. Firstly, data that you transmit to the third-party provider in the course of your reservation request for one of our restaurants that can be used to identify the user personally (e.g. name, email address and contact details). Secondly, data that is of significance for the use of partne