Status: May 2018
Peter Tscherrig Anenhütte Lötschental GmbH, Chutzenstrasse 65, 3047 Bremgarten b. Bern manages the Anenhütte and operates the website www.anenhuette.ch and is therefore responsible for the collection, processing, and use of your personal data and the conformity of the data processing with applicable data protection law.
Your trust is important to us, which is why we take the topic of data protection seriously and ensure appropriate security. We naturally comply with the legal provisions of the Federal Data Protection Act (FDPA), the Ordinance to the Federal Data Protection Act (OFDPA), the Telecommunications Act (TCA), and other data protection provisions that may apply under Swiss or EU law, especially the General Data Protection Regulation (GDPR).
In order for you to know what personal data we collect from you and for what purposes we use the data, please take note of the following information.
The address of our data protection representative in the EU is: Peter Tscherrig Anenhütte Lötschental GmbH, Chutzenstrasse 65, 3047 Bremgarten b. Bern, This email address is being protected from spambots. You need JavaScript enabled to view it..
A. Data processing in connection with our
website
- Accessing our website
When you visit our website, our servers temporarily store each access in a log file. As with any connection to a web server, the following technical data is collected without your intervention and stored by us until automatic deletion after 12 months at the latest:
- IP address of the requesting computer,
- Name of the owner of the IP address range (typically your Internet access provider),
- Date and time of access,
- Website from which access originated (referrer URL), with search term used if applicable,
- Name and URL of accessed file,
- Status code (e.g. error message),
- Your computer's operating system,
- The browser you used (type, version, and language),
- The transmission protocol used (e.g. HTTP/1.1), and
- If applicable, your user name from registration/authentication.
This data is collected and processed to allow the use of our website (establishing a connection), to permanently ensure system security and stability, and to optimise our Internet offer as well as for internal statistical purposes. We rely on our legitimate interests within the meaning of Art. 6 (1) f) GDPR for these processing purposes.
Furthermore, if there are attacks on the network infrastructure or other prohibited or abusive website uses, the IP address is used together with other data for clarification and defence and may be used to identify and take civil and criminal action against the users concerned as part of a criminal proceeding. We rely on our legitimate interests within the meaning of Art. 6 (1) f) GDPR for this processing purpose.
- Use of our contact form
You have the possibility to use a contact form to contact us. We require the following information for this:
- Salutatory
- First name
- Surname
- Mobile phone
- Street
- Zip code / city
- Country
- Arrival date
- Departure date
- Number of Persons
We only use this data as well as a telephone number you may voluntarily provide to answer your contact query in the best possible and personalised way. Processing of this data is therefore required in order to take steps prior to entering into a contract within the meaning of Art. 6 (1) b) GDPR or falls within our legitimate interests pursuant to Art. 6 (1) f) GDPR, respectively.
- Booking on the website, by correspondence, or by telephone
If you carry out bookings either via our website, by correspondence (email or post), or by telephone, we require the following data for the execution of the contract:
- Salutatory
- First name
- Surname
- Mobile phone
- Street
- Zip code / city
- Country
- Arrival date
- Departure date
- Number of Persons
We only use this data and other information you provide voluntarily (e.g. expected arrival time, vehicle licence plate, preferences, comments) for the execution of the contract , unless otherwise stated in this data privacy policy or unless you have provide a separate consent. We will in particular process the data to record your booking as requested, to provide the booked services, to contact you in case of ambiguities or problems, and to ensure correct payment.
The legal basis for processing the data for this purpose is the performance of a contract pursuant to Art. 6 (1) b) GDPR.
B. Data processing in connection with your stay
- Data processing for the fulfilment of legal reporting obligations
On arrival at our place, we require the following information from you and your travel companion, if applicable:
- Salutatory
- First name
- Surname
- Mobile phone
- Street
- Zip code / city
- Country
- Arrival date
- Departure date
- Number of Persons
- Room
We collect this information for the fulfilment of legal reporting obligations, which result in particular from hospitality industry or police regulations. If we are obliged to do so under the applicable regulations, we will forward this information to the relevant police authority.
We have a legitimate interest in the fulfilment of the legal requirements within the meaning of Art. 6 (1) f) DSGVO.
- Recording of services purchased
If you purchase additional services during your stay (e.g. use the mini-bar or the Pay-TV offer), we will record the service and the time of purchase of the service for billing purposes. The processing of this data is necessary for the performance of a contract within the meaning of Art. 6 (1) b) GDPR.
C. Storage and exchange of data with third parties
- Retention period
We only store personal data as long as it is necessary to use the abovementioned tracking services and to carry out the further processing activities in the framework of our legitimate interests. We retain contractual data for a longer period of time, as this is prescribed by legal retention obligations. Retention obligations that require us to retain data arise from regulations relating to reporting law, accounting, and tax law. According to these regulations, business communication, concluded contracts, and accounting records must be kept for up to 10 years. If we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used for billing and tax purposes.
- Disclosure of data to third parties
We only disclose your personal data if you have given your express consent, if there is a legal obligation to do so, or if this is necessary to enforce our rights, especially to enforce claims arising from the contractual relationship. In addition, we disclose your data to third parties as far as this is necessary in the context of use of our website and contract processing (including outside the website), namely to process your bookings.
A service provider to whom personal data collected through the website is disclosed to or who has or can have access to is our web host Metanet AG, Josefstrasse 218, 8005 Zürich. The website is hosted on servers in Switzerland. The data is disclosed for the purpose of providing and maintaining the functionalities of our website. This constitutes our legitimate interest within the meaning of Art. 6 (1) f) GDPR.
Finally, if you make a credit card payment on the website, we disclose your credit card information to your credit card issuer and to the credit card acquirer. If you decide to pay by credit card, you will in each case be asked to enter all required information. The legal basis for disclosing the data is the performance of a contract pursuant to Art. 6 (1) b) GDPR. In regard to the processing of your credit card information by these third parties, we ask that you also read the general terms and conditions and the data privacy policy of your credit card issuer.
Please also note the information in Section 3 regarding the transfer of data to third parties.
- Transmission of personal data abroad
We have the right to transmit your personal data to third parties (contracted service providers) located abroad for the purpose of the data processing described in this data privacy policy. These are obliged to ensure data protection to the same extent as we are. If the level of data protection in a country does not correspond to the Swiss or European level, we shall ensure by contract that the protection of your personal data corresponds at all times to that in Switzerland or the EU.
D. Further information
- Right to access, correction, deletion, and restriction of processing; right to data portability
You have the right to know about the personal data that we store about you on request. In addition, you have the right to the correction of incorrect data and the right to the deletion of your personal data, insofar as this does not conflict with any legal obligation to retain data or a legal basis that allows us to process the data.
You further have the right to ask for the release of the data you have given us (right to data portability). On request, we will also pass on the data to a third party of your choice. You have the right to receive the data in a current file format.
You can contact us at the email address This email address is being protected from spambots. You need JavaScript enabled to view it. for the aforesaid purposes. We may, at our discretion, require proof of identity to process your requests.
- Data security
We take appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, full or partial loss or destruction, and unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
You should always treat your access data confidentially and close the browser window when you have ended communication with us, especially if you used a shared computer.
We also take internal data protection very seriously. Our employees and the service providers we retain have been obliged by us to maintain confidentiality and to comply with data protection regulations.
- Notice regarding data transfers to the US
For the sake of completeness, we would like to point out to users residing or domiciled in Switzerland that monitoring measures are in place in the US by US authorities, which generally allow the storage of all personal data of all persons whose data is transmitted from Switzerland to the US. This is done without distinction, restriction, or exception by reference to the goal and without an objective criterion that allows access by US authorities to the data and later use thereof to be restricted to very specific, strictly limited purposes that could justify the intervention associated with access to and use of this data. In addition, we would like to point out that there are no legal remedies in the US for data subjects from Switzerland that would allow them to obtain access to the data relating to them and to obtain the correction or deletion thereof, and that there is no effective court protection against general access rights of US authorities. We explicitly point out this legal and factual situation to the data subject so that he or she can make an informed decision about consenting to the use of his or her data.
Users residing in an EU Member State are advised that the US does not have an adequate level of data protection from the perspective of the European Union – partly because of the issues mentioned in this section. Insofar as we have stated in this data privacy policy that recipients of data (such as Google) have their headquarters in the US, we will ensure that your data is protected at an adequate level by our partners, either through contractual agreements with these companies or by ensuring that these companies are certified under the EU- or Swiss-US Privacy Shield.
- Right to file a complaint with a data protection supervisory authority
You have the right to file a complaint with a data protection supervisory authority at any time.
Status: May 2018