Self check-in
Book now
Self check-in

Privacy Policy

Emma’s Hotel Bed & Breakfast GmbH manages the hotel «Emma’s Hotel Bed & Breakfast» and operates the website www.emmashotel.com and is therefore responsible for the collection, processing, and use of your personal data and the conformity of the data processing with applicable data protection law.

Your trust is important to us, which is why we take the topic of data protection seriously and ensure appropriate security. We naturally comply with the legal provisions of the Federal Data Protection Act (FDPA), the Ordinance to the Federal Data Protection Act (OFDPA), the Telecommunications Act (TCA), and other data protection provisions that may apply under Swiss or EU law, especially the General Data Protection Regulation (GDPR).

In order for you to know what personal data we collect from you and for what purposes we use the data, please take note of the following information.

The address of our data protection representative in the EU is:
VGS Datenschutzpartner
Am Kaiserkai 69
20457 Hamburg
Deutschland
info@datenschutzpartner.eu

A. Data processing in connection with our website

1. Accessing our website

When you visit our website, our servers temporarily store each access in a log file. As with any connection to a web server, the following technical data is collected without your intervention and stored by us until automatic deletion after one month:

  • IP address of the requesting computer,
  • Name of the owner of the IP address range (typically your Internet access provider),
  • Date and time of access,
  • Website from which access originated (referrer URL), with search term used if applicable,
  • Name and URL of accessed file,
  • Status code (e.g. error message),
  • Your computer’s operating system,
  • The browser you used (type, version, and language),
  • The transmission protocol used (e.g. HTTP/1.1), and
  • If applicable, your user name from registration/authentication.

This data is collected and processed to allow the use of our website (establishing a connection), to permanently ensure system security and stability, and to optimise our Internet offer as well as for internal statistical purposes. We rely on our legitimate interests within the meaning of Art. 6 (1) f) GDPR for these processing purposes.

Furthermore, if there are attacks on the network infrastructure or other prohibited or abusive website uses, the IP address is used together with other data for clarification and defence and may be used to identify and take civil and criminal action against the users concerned as part of a criminal proceeding. We rely on our legitimate interests within the meaning of Art. 6 (1) f) GDPR for this processing purpose.

2. Booking on the website, by correspondence, or by telephone

If you carry out bookings either via our website, by correspondence (email or post), or by telephone, we require the following data for the execution of the contract:

  • Address
  • First and last name
  • Postal address
  • Date of birth
  • Telephone number
  • Language
  • Credit card information
  • Email address

We only use this data and other information you provide voluntarily (e.g. expected arrival time, vehicle licence plate, preferences, comments) for the execution of the contract , unless otherwise stated in this data privacy policy or unless you have provide a separate consent. We will in particular process the data to record your booking as requested, to provide the booked services, to contact you in case of ambiguities or problems, and to ensure correct payment.

The legal basis for processing the data for this purpose is the performance of a contract pursuant to Art. 6 (1) b) GDPR.

Zur Abwicklung von Buchungen, Check-in- und Check-out-Prozessen sowie zur digitalen Gästebetreuung arbeitet das Hotel mit der bsmart services AG, Industriestrasse 2, 9487 Gamprin-Bendern, Liechtenstein,

zusammen. bsmart services AG übernimmt im Auftrag des Hotels Dienstleistungen im Bereich der virtuellen Rezeption, Buchungsverwaltung und Gästekommunikation. Die Verarbeitung der personenbezogenen Daten erfolgt gemäss den geltenden Datenschutzbestimmungen, insbesondere der EU-DSGVO sowie dem Schweizer Datenschutzgesetz.

3. Cookies

Cookies help in many ways to make your visit to our website easier, more enjoyable and more useful. Cookies are small text files that your web browser automatically saves to your computer’s hard drive when you visit our website.

We use cookies, for example, to temporarily store the services you have selected and the information you have entered when filling in a form on the website, so that you do not have to re-enter this information when visiting another page. Cookies may also be used to identify you as a registered user after you have registered on the website, so that you do not have to log in again when visiting another page.

Most web browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a notification always appears when you receive a new cookie. On the following pages, you will find instructions on how to configure cookie settings in the most common browsers:

Disabling cookies may mean that you are unable to use all the features of our website.

4. Tracking Tools

a. General

We use the web analytics service Google Analytics to ensure our website is tailored to your needs and to optimise it on an ongoing basis. In this context, pseudonymised user profiles are created and small text files stored on your computer (‘cookies’) are used. The information generated by the cookie regarding your use of this website is transmitted to the servers of the providers of these services, stored there and processed on our behalf. In addition to the data listed under point 1, we may thereby receive the following information:

The navigation path a visitor takes on the site, the length of time spent on the website or a subpage, the subpage from which the visitor leaves the website, the country, region or city from which the site is accessed, the device (type, version, colour depth, resolution, width and height of the browser window) and whether the visitor is a returning or new visitor.

The information is used to analyse website usage, to compile reports on website activity, and to provide other services related to website and internet usage for the purposes of market research and to tailor this website to users’ needs. This information may also be disclosed to third parties where required by law or where third parties process this data on our behalf.

b. Google Analytics

The provider of Google Analytics is Google Inc., a subsidiary of the holding company Alphabet Inc., based in the USA. Before the data is transmitted to the provider, the IP address is truncated within the Member States of the European Union or in other signatory states to the Agreement on the European Economic Area by activating IP anonymisation (“anonymizeIP”) on this website. The anonymised IP address transmitted by your browser as part of Google Analytics is not merged with other data held by Google. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. In such cases, we ensure through contractual guarantees that Google Inc. maintains an adequate level of data protection. According to Google Inc., the IP address will under no circumstances be associated with other data relating to the user.

Further information about the web analytics service used can be found on the Google Analytics website. Instructions on how to prevent the web analytics service from processing your data can be found at http://tools.google.com/dlpage/gaoptout?hl=de.

B. Data processing in connection with your stay

5. Data processing to comply with statutory reporting obligations

Upon arrival at our hotel, we may need the following details from you and your companions:

  • First and last name
  • Postal address and county
  • Date of birth
  • Place of birth
  • Nationality
  • Official identification card and number
  • Day of arrival and departure
  • Room number

We collect this information in order to comply with statutory reporting obligations arising, in particular, from hospitality or police regulations. Where we are required to do so under the applicable regulations, we will pass this information on to the relevant police authority.

Note: Automatic check-in/check-out

As check-in and check-out at Emma’s Hotel are handled by a self-service machine provided by Ariane Systems Group, 23 rue Baudin, 93310 Le Pré Saint Gervais, France, your registration and payment details are collected and processed by this machine. For information regarding this data, please refer to the privacy policy of Ariane Systems AG.

Our legitimate interest, within the meaning of Article 6(1)(f) of the GDPR, lies in complying with legal requirements.

6. Recording of services received

If you make use of additional services during your stay (e.g. the minibar or pay-TV), we will record the nature of the service and the time at which it was used for billing purposes. The processing of this data is necessary for the performance of the contract with us, in accordance with Article 6(1)(b) of the GDPR.

C. Storage and sharing of data with third parties

7. Booking platforms

If you make bookings via a third-party platform, we receive various personal data from the respective platform operator. This data generally comprises the information listed in section 5 of this privacy policy. In addition, enquiries regarding your booking may be forwarded to us. We process this data specifically to record your booking as requested and to provide the services you have booked. The legal basis for data processing for this purpose is the performance of a contract pursuant to Article 6(1)(b) of the GDPR.

Finally, we may be notified by the platform operators of any disputes relating to a booking. In such cases, we may also receive data relating to the booking process, which may include a copy of the booking confirmation as proof that the booking was actually completed. We process this data to safeguard and enforce our claims. This constitutes our legitimate interest within the meaning of Article 6(1)(f) of the GDPR.

Please also note the privacy policy of the relevant provider.

8. Centralised storage and linking of data

We store the data specified in sections 2–5 and 8–10 in a central electronic data processing system. The data relating to you is systematically recorded and linked for the purpose of processing your bookings and fulfilling the contractual services. For this purpose, we use software from Protel, represented in Switzerland by rebagdata AG, Einsiedlerstrasse 533, 8810 Horgen. We base the processing of this data within the software on our legitimate interest, within the meaning of Article 6(1)(f) of the GDPR, in customer-friendly and efficient customer data management.

9. Retention period

We only store personal data for as long as is necessary to use the tracking services mentioned above and to carry out further processing in accordance with our legitimate interests. We retain contractual data for longer, as this is required by statutory retention obligations. Retention obligations requiring us to retain data arise from regulations concerning reporting requirements, accounting and tax law. In accordance with these regulations, business correspondence, concluded contracts and accounting documents must be retained for up to 10 years. Where we no longer require this data to perform services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.

10. Disclosure of data to third parties

We will only disclose your personal data if you have given your express consent, if we are legally obliged to do so, or if it is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. In addition, we will disclose your data to third parties to the extent that this is necessary in connection with the use of the website and the performance of the contract (including outside the website), specifically for the processing of your bookings.

One service provider to whom the personal data collected via the website is disclosed, or who has or may have access to it, is our web host Metanet AG, Josefstrasse 218, CH-8005 Zürich. The website is hosted on servers in Switzerland. The data is disclosed for the purpose of providing and maintaining the functionalities of our website. This constitutes our legitimate interest within the meaning of Article 6(1)(f) of the GDPR.

Finally, when you make a credit card payment on the website, we pass on your credit card details to your credit card issuer and to the credit card acquirer. If you choose to pay by credit card, you will be asked to enter all the necessary information. The legal basis for the transfer of data is the performance of a contract in accordance with Article 6(1)(b) of the GDPR. Regarding the processing of your credit card information by these third parties, we ask you to also read the terms and conditions and the privacy policy of your credit card issuer.

Please also note the information in sections 7–8 and 10–11 regarding the disclosure of data to third parties.

11. Transfer of personal data abroad

We are entitled to transfer your personal data to third-party companies (contracted service providers) abroad for the purposes of data processing described in this privacy policy. These providers are bound by the same data protection obligations as we are. If the level of data protection in a country does not correspond to that in Switzerland or the EU, we ensure through contractual arrangements that the protection of your personal data corresponds to that in Switzerland or the EU at all times.

D. Further information

12. Right of access, rectification, erasure and restriction of processing; right to data portability

You have the right to request information about the personal data we hold about you. You also have the right to have inaccurate data corrected and the right to have your personal data erased, provided this does not conflict with any statutory retention obligations or legal grounds that permit us to process the data.

You also have the right to request that we return the data you have provided to us (right to data portability). Upon request, we will also transfer the data to a third party of your choice. You have the right to receive the data in a commonly used file format.

You can contact us for the above purposes via the email address info(at)emmashotel(dot)com. We may, at our discretion, request proof of identity in order to process your enquiries.

13. Data security

We employ appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss, and unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

You should always keep your login details confidential and close the browser window once you have finished communicating with us, particularly if you share the computer with others.

We also take data protection within our company very seriously. Our employees and the service providers we engage are bound by us to maintain confidentiality and to comply with data protection regulations.

14. Information regarding data transfers to the USA

For the sake of completeness, we would like to point out to users residing or having their registered office in Switzerland that US authorities in the United States have surveillance measures in place which generally allow for the storage of all personal data relating to any individuals whose data has been transferred from Switzerland to the United States. This occurs without differentiation, restriction or exception based on the objective pursued, and without an objective criterion that would allow the US authorities’ access to the data and its subsequent use to be restricted to very specific, strictly limited purposes capable of justifying the intrusion associated with both access to and use of this data. Furthermore, we would like to point out that in the USA, data subjects from Switzerland have no legal remedies available to them that would allow them to obtain access to the data concerning them and to secure its rectification or erasure, nor is there any effective judicial protection against the general access rights of US authorities. We explicitly draw the data subject’s attention to this legal and factual situation so that they may make a fully informed decision regarding consent to the use of their data.

We would like to draw the attention of users residing in an EU Member State to the fact that, from the European Union’s perspective – partly due to the issues mentioned in this section – the US does not provide an adequate level of data protection. Where we have explained in this privacy policy that recipients of data (such as Google) are based in the USA, we will ensure that your data is protected to an adequate standard by our partners, either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU-US or Swiss-US Privacy Shield.

15. Right to lodge a complaint with a data protection supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority at any time.

As of March 2025