The following data protection policy applies to the online offerings of Parkresort Rheinfelden Holding AG, Bad Rheinfelden AG, Salina Medizin AG and Park-Hotel am Rhein AG, in particular the websites www.soleuno.ch, www.salina-reha.ch, www.park-hotel.ch and www.shop-parkresort.ch.
We take protecting the privacy of our website users seriously. Most of our website content can also be used without having to register. However, we use customary technologies for measuring and improving our website services and collect data for this purpose. In part we work together with external service providers.
Based on Article 13 of the Swiss Constitution and federal data protection provisions (Data Protection Act, DSG), everyone has the right to the protection of their privacy and the protection of their personal data against misuse. We comply with these provisions. Furthermore, we also comply with the provisions of the European General Data Protection Regulation (GDPR) insofar as these are applicable. We handle personal data in the strictest confidence and it is not sold or passed on to third parties. We work closely together with our hosting providers to protect the content of our databases in the best way possible against unauthorised access, loss, misuse or falsification.
Please note that data transmission on the internet (e.g. via e-mail communication) can have security gaps. It is not possible to guarantee complete protection against access by third parties.
1. WHAT DATA DO WE COLLECT AND FOR WHAT PURPOSE?
1.1 Website visit
Our website can be used without providing any personal data. However, our website server temporarily stores information about user access. We (more specifically our webspace provider) collect data each time that our offering is accessed (so-called “server logfiles”). Access data includes:
- Name of the accessed website
- Date and time of access
- Transferred data volume
- Notification of successful access
- Browser type including version and language
- The user’s operating system
- Referrer URL (the site previously visited)
- IP address and the requesting provider
We only use the protocol data to perform statistical evaluations for the purpose of running, securing and optimising the offering. However, we (more specifically our webspace provider) reserve the right to review protocol data retrospectively if there are specific indications to support a legitimate suspicion of unlawful use.
1.2 Use of contact forms
When you use contact forms (e.g. contact, table reservation, course registration), we only collect the personal data (name, e-mail address, telephone number, subject, message text) that you provide. The data is processed for handling communication. By sending your message you agree to the transmitted data being processed. Processing is performed in line with your consent.
You can inform us that you wish to withdraw your consent at any time; this will not have an impact on the processing performed based on this consent prior to its withdrawal. We only use your e-mail address to handle your enquiry. Your data will then be deleted if you have not agreed to its further processing and use.
Even if you do not withdraw your consent, the personal data collected in the contact form will be deleted within [30 days] from handling your enquiry.
If you wish to receive the newsletter offered on the website, we need your e-mail address and information that will enable us to confirm that you are the owner of this e-mail address and agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. We only use this data for sending the requested information and do not pass it on to third parties.
Data input in the newsletter registration form is only processed based on your consent. You can withdraw your consent to your data and e-mail address being stored and used for sending the newsletter at any time via the unsubscribe link in the newsletter. The lawfulness of the data processing performed prior to the withdrawal shall not be affected by this.
We only store the data you provide for the purpose of receiving the newsletter until you unsubscribe from the newsletter and it is then deleted. Data stored by us for another purpose (e.g. e-mail addresses for the membership area) remains unaffected by this.
Our newsletter is sent by the “MailChimp” service provider, a newsletter dispatch platform from the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the dispatch provider’s data protection provisions here: https://mailchimp.com/legal/privacy. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus guarantees that it complies with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The dispatch provider can use the recipient’s data in a pseudonymised form (i.e. without it being assigned to a user) to optimise or improve its services e.g. for optimising technical aspects of the dispatch and newsletter or for statistical purposes. However, the dispatch provider does not use the data from our newsletter recipients to contact them or pass on the data to third parties.
1.4 No health data
No health data will be processed based on this data protection policy when you use our website. If we ever process your health data, this will be based on a separate agreement or declaration.
Our websites use so-called cookies. Cookies do not cause any damage to your computer and do not contain any viruses. Cookies are small text files that are placed on your computer and saved by your browser. They help to make our offering more user-friendly, effective and secure. We process this data based on our legitimate interest to present our websites in a user friendly and modern manner.
Most of the cookies we use are so-called “session cookies,” which are automatically deleted at the end of your visit. Other cookies remain on your end device until you delete them. These cookies enable us to recognise your browser during your next visit.
You can set your browser in such a way that you are informed about the setting of cookies and only allow them in individual cases, exclude the acceptance of cookies in specific cases or in general, and enable the automatic deletion of cookies when you close the browser. Deactivating cookies may limit the functionality of this website.
3. HOW SECURE IS YOUR DATA?
We take technical and organisational measures to protect your data against manipulation, loss, destruction or unauthorised access by third parties. This page uses SSL encryption for security reasons and to protect the transfer of confidential content (e.g. enquiries) that you send to us as the website operator. You can recognise an encrypted connection by the fact that the browser address bar changes from http:// to https:// and the lock symbol appears.
If the SSL encryption has been activated, the data you send to us cannot be read by third parties.
4. DO WE PASS YOUR DATA ON TO THIRD PARTIES?
We only pass your personal data on to third parties if you expressly authorise this, if we have a legal obligation or authorisation to do so, if we must pass it on to assert, exercise or defend legal claims, if passing on data is required to handle our contractual relations with you or if it is based on a legitimate interest.
5. WHICH GOOGLE SERVICES DO WE USE?
Based on our legitimate interest (in the sense of Art. 6 Para. 1 lit. f GDPR), we use services from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
Google is certified under the Privacy Shield Agreement. (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
5.1 Google Tag Manager
Google Tag Manager is a solution we can use to manage so-called website tags via an interface (and incorporate, for example, Google Analytics and other Google marketing services into our online offering). Tag Manager itself does not process any personal user data. Please refer to the following information about Google services related to the processing of personal user data. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.
5.2 Google Analytics
Google uses this information on our behalf to evaluate the use of our online offering by users, prepare reports about activities within this online offering and perform other services associated with the use of this online offering and the internet. The processed data can be used to create pseudonymised user profiles.
We only use Google Analytics with activated IP anonymisation. This means that the user’s IP address is abbreviated by Google beforehand within member states of the European Union or in other countries that signed the Treaty on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and abbreviated there.
The IP address transmitted by the user’s browser will not be associated with any other data held by Google. Users can prevent cookies being stored by setting their browser software accordingly. Users can also prevent data generated by the cookie in relation to their use of the online offering being collected and transmitted to Google for processing by downloading and installing the browser plugin available via the following link:
Alternatively, you can prevent the recording of data by Google Analytics by clicking on this link: deactivate Google Analytics. This will install a so-called opt-out cookie, which prevents data tracking on the website. The function will remain until the opt-out cookie is deleted. If the opt-out cookie was deleted, it is sufficient to access the link again.
Users’ personal data will be deleted or anonymised after 26 months.
5.3 Google AdWords and conversion tracking
We use the Google “AdWords” online marketing procedure to place adverts in the Google advertising network (e.g. in search results, in videos, on websites etc.) so that they are shown to users with a perceived interest in the advert. This enables us to display advertisements for and within our online offering in a more targeted manner, so that we only show users advertisements in which they could have a potential interest. If, for example, users are shown advertisements for products for which they showed an interest on other online offerings, this is referred to as “remarketing.” For these purposes, when a user accesses our websites and other websites on which the Google advertising network is active, Google directly runs a code and so-called (re)marketing tags (invisible graphics or codes, also referred to as “web beacons”) are incorporated into the website. These are used to store an individual cookie (i.e. a small file) on the user’s device (comparable technologies can also be used instead of cookies). This file notes which websites the user visited, the content that interests them and which offers the user clicked on, as well as technical information on the browser and operating system, referring websites, visit time and other information on the use of the online offering.
We also receive an individual “conversion cookie.” The information obtained using the cookie enables Google to prepare conversion statistics for us. However, we only learn about the anonymous total number of users who clicked on our advertisement and were forwarded to a page marked with a conversion tracking tag. We do not obtain any information that could be used to identify users personally.
Users’ data is processed in a pseudonymised form within the Google advertising network. This means, for example, that Google does not store and process users’ names or e-mail addresses but rather the relevant cookie-related data within pseudonymised user profiles. From Google’s perspective, the advertisements are not administered and displayed for a specific identifiable person but rather for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly authorised Google to process the data without this pseudonymisation. The information collected about the users is sent to Google and stored on Google’s servers in the USA.
6. HOW DO WE INCORPORATE THIRD-PARTY SERVICES AND CONTENT?
It may be the case that third-party content (e.g. YouTube videos, Google Maps material, RSS feeds or graphics from other websites) is incorporated within this online offering. This always requires the providers of this content (hereinafter referred to as “third-party providers”) to be aware of the user’s IP address, as without the IP address they could not send content to the browser of the relevant user. The IP address is therefore required to present this content. We endeavour only to use such content from providers who solely use the IP address to deliver the content. However, we have no influence as to whether third-party providers store the IP address e.g. for statistical purposes. If we are aware of this, we shall advise users accordingly.
7. WHAT ARE WEB BEACONS / PIXEL TAGS?
Some pages on our website and e-mail updates may contain electronic images, so-called “web beacons,” also known as One-Pixel GIFs, Clear GIFs or Pixel Tags. They enable us to count the visitors who viewed our pages. Within advertising e-mails and newsletters, they enable us to count how many subscribers have read them. Web beacons provide us with statistical data about the activities and features that most interest our users so that we can make our content more personal. However, in general they will not be used to record personally identifiable data without your authorisation.
8. HOW DO WE USE SOCIAL MEDIA?
8.1 Facebook plugins (like button)
Plugins from the Facebook social network (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA) are integrated into our websites so that you can recommend our content on Facebook. Facebook plugins can be recognised by the Facebook logo or "like button" on our website. You can find an overview of the Facebook plugins here: developers.facebook.com/docs/plugins/.
If you do not want Facebook to be able to assign your visit to our websites to your Facebook user account, please log out of your Facebook account beforehand.
The data controller has integrated YouTube components into this website. YouTube is an internet video portal that enables video publishers to upload video clips free of charge and also allows other users to watch, rate and comment on them at no cost. YouTube permits the publication of all kinds of videos, which is why entire film and television series and also music videos, trailers or videos made by users are available on the internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
During each visit to an individual page on this website, which is operated by the data controller and incorporates a YouTube component (YouTube video), the relevant YouTube component automatically triggers the internet browser on the data subject’s information technology system to download the corresponding YouTube components from YouTube. Further information on YouTube can be accessed here: https://www.youtube.com/yt/about/de/. During this technical process, YouTube and Google get information about the specific sub-page of our website visited by the data subject.
If the data subject is also logged on to YouTube, accessing a sub-page containing a YouTube video enables YouTube to recognise which specific sub-page on our website was visited by the data subject. This information is then collected by YouTube and Google and assigned to the relevant YouTube account of the data subject. YouTube and Google always receive information via the YouTube components that the data subject has visited our website if the person is also logged into YouTube when they access our website, regardless of whether or not the data subjects click on a YouTube video. If the data subject does not want this information to be sent to YouTube and Google it can be prevented by logging out of the YouTube account before accessing our website.
9. WHAT ARE YOUR RIGHTS IN RELATION TO YOUR DATA?
You have the right of information, rectification, erasure, restriction of processing, data portability, and the right to withdraw your consent and object. If you believe that the processing of your data constitutes a breach of data protection law, you can report this to us or the responsible supervisory authority.
10. DATA PROTECTION OFFICER
Parkresort Rheinfelden Holding AG