Legal Notice

Privacy Policy (Version 19.5.2018)

Legal notice
The protection of your personal data is of particular concern to us. We therfore process your data exclusivly on the basis of the legal regulations. We are informing you with the following data protection information about the most important aspects of data processing in the context of our service provision and the use of our website. Please read the following coditions carefully before you continue. Persons who use or access our services agree to the following conditions.

The hotel is the operator of the internet websites and and is therfore responsible for the collection, processing and use of your personal data and for ensuring that the processing of data complies with Swiss law. The responsible data protection officer of the Hotel is Rudolf Rath, Deputy Director. Email:

The entire content of our website is protected by copyright. The elements on our website are freely accessible for browsing purposes only. Duplication of th  is material, or parts thereof, in any written or electronic form is permitted only with a specific mention of our company. Downloading or copying the website or parts thereof does not transfer any rights with regard to software or elements of the website. We reserve all rights in respect of all elements of our website with the exception of rights belonging to third parties.  

Although every care has been taken to ensure the reliability of the information contained on the website at the time of its publication, neither our company nor its contractual partners can provide any explicit or implicit assurance or warranty (including to third parties) with regard to the accuracy, reliability or completeness of the information. Opinions and other information on the website may be changed at any time without notice. We assume no responsibility and provide no guarantee that the functions on our website will not be interrupted or that the website or the respective server is free from viruses or other harmful components.

Limitation of liability
Should the be a contractual relationship between our company and the user of our website, or another service offered by us, we are only liable for damages caused by gross negligence or intent. We exclude any liability for demage caused by an auxiliary or support person.

Link to other websites
Our website contains links to third-party websites which may be of interest to you. When acticating such links, you may be redirected from our website or extracts from third-pary websites may be displayed within our own website. We have no control whatsoever over third-party websites that may be linked to our website and are in no way responsible or liable for the content or the functioning of such third-party websites.
Establishing such links or consulting third-party is solely at the risk and peril of the user.

  1. Data processing in connection with our website

Should you use our website to make reservations or request informations, material or other services, we require personal informations such as your name and addresse.

We will treat your personal data with full confidentially and process it ourselves. Exept for the provision of service requested by you, the data processing by us is exclusively for the purpose of providing individual information to our customers, geared to their interests and needs, and for internal statistics, and marketing purposes.
The processing of data is intended to enable us to tailor our websites and our own range of services to the needs of the user. However, data processing is also, and in particular, for market analysis and to determine the interest in the wide range of hotel offers.Conclusion regarding the design and range of services for tourists, and to meet the needs of users may be drawn. Any other us of your personal data, in particular their sale to third-parties, is expressly excluded.

1. Scope and purpose of the collection, processing and use of personal data

a. Visits to our website and

Our servers temporaly store a record of each vistit in a protocol file when you access our website. The following data is recorded without your intervention and stored by us until automatic deletion after 14 days, at the latest:

  • the IP-address of the requesting computer
  • the data and time of access
  • the name and URL of the retrieved file
  • the website from which the access was made.
  • the operating system of your computer and the browser you use
  • the country from which you accessed the site and the language settings of your browser
  • the name of your internet access provider

The data is collected and processed for the purpose for establishing a connection and the subsequen tusage of our website, to permanently guarantee system security and stability to enable to optimisation of our internet offer, as well as for internal statistical purposes. This is our legitimate interest regarding data processing within the meaning of Art. 6 Abs. 1 lit. f of the Swiss data protection Act (DSGVO). The IP-address is used in particular to record the country of residence of the website visitor. Futhermore, the IP-address could be evaluated for statistical purposes in the event of attacks on the network infrastructure of and In addition, we use pixels and cookies to display personalised advertising and to enable web analysis services. You will find more details on this in sector 2, 6 and 7 of this Privacy Policy.

b. Use of our contact form
It is possible to get in touch with us using a specific online contact formed designed for that purpose. The imput of the following personal data is mandatory:

  • Salutation
  • First- and Lastname
  • Address (Street, house number, city, postal code)
  • Phone number (optional)
  • Email-address

We will highlight which fields require mandatory entries. Failure to provide this information may hinder the proviosion of our services.

We will only use this data in order to answer your contact request in the best possible and personalised way. We have a legitimate interest in the processing of your contact request in the sense of Art. 6 Abs. 1 lit. f DSGVO. You can object to this data processing at any time (for contact data see section 10 below).

c. Suscribe to our newsletter
It is possible to suscribe to our newsletter via our website. Registration is required for this purpose and the following data must be provided:

  • Salutation
  • First- and Lastname
  • Email-address
  • Address (Street, postal code, city)
  • Phone number

The above data is neccessary in order to process the data. You may also voluntarily provide futher data (date of birth and country). We process this data exclusively in order to personalise the information and offers sent to you and to better align them with your interests. By registering, you give us your consent to process the data provided for the regualr dispatch of the newsletter to the address you have provided and for the statistical evaluation of user behaviour and optimisation of the newsletter. This consent constitutesour legal basis for processing your email address in accordance with Art. 6 Abs. 1 lit. a, DSGVO. We are entitled to commission third-parties with the technical processing of advertising measures and are entitlet to pass on your data for this purpose (see Section 3 below). At the end of each newsletter you will find a link to unsuscribe from the newsletter at any time. Your personal data will be deleted after cancellation. Your data will only be processed in an anonymous form to optimise our newsletter. We expressly refer to the data analyses within the scope of the newsletter dispatch (see Section 2,b below).

d. Opening a customer account
Individuals wishing to make bookings via our website have the possibility to plache their order as a guet or to crate a customer account. When registering a new customer account, we usually ask for the following informations:

  • Salutation
  • First- and Lastname
  • Email-address
  • Address (Street, postal code, city)
  • Phone number
  • Password and security question

The fields that are neccessary for the smooth processing of your customer account opening are marked as madatory. The imput of other information is optional. The collection of this and other data you provide voluntarily (e.g. company name) is for the purpose of providing you password-protected direct access to your basic data stored with us. You can view your previous and current bookings, or manage and chage your personal data.

The legal basis for the processing of data for this purpose is the consent given by you in accordance with Art. 6 Abs. 1 lit. a, DSGVO.

e. Booking on the website, by correspondence, or by telephone call
If you make bookings for accomondation, leisure activities, wellness services, medical services and / or vocher purchases either via our website, by correspondence (email or letter), or by telephone, we generally require the following data for the processing of the contact:

  • Salutation
  • First- and Lastname
  • Postal address
  • Phone number
  • Credit card informations
  • Email-address

The fields which are necessary for the smooth processing of your booking will be marked as mandatory or -in case of telephone booking- you will be asked directly. The input of other information is optional. Other information provided voluntarily by you (e.g. date of birth, expected time of arrival, motor vehicle registration plate, preferences, remarks) will only be used by us to process the contract, unless otherwise stated in this privacy policy, or unless you have given your specific consent. We will process the data specifically in order to record your booking according to your wishes, to make the booked services available, to contact you in case of any uncertainities or problems, and to esure correct payment. Please note that we may pass on your data to third-parties if this is neccessary for the use of the web pages and the processing of teh contract, for example when purchasing vouchers (see Section 10).

The legal basis for data processing for this purpose is the fulfilment of a contract in accordance with Art. 6 Abs. 1 lit. b, DSGVO.

f. Applying for an advertised job
Individuals making use of the opportunity to aply for jobs on our websites must submit a complete application. As a rule, the following informations must be provided:

  • Salutation
  • First- and Lastname
  • Language
  • Postal address
  • Date of birth
  • Email address
  • Application documents (CV, motivation letter, etc.)

The fields which are neccessary for the smooth precessing of your application will be marked as mandatory . This data, as well as other information provided voluntarily by you (e.g. telephone number), will be used for the processing of your application. The data will be deleted after the respective application process unless you explicitly agree to futher processing.

The legal basis for the data processing is therefore the implementation of pre- contractual measures and in our legitimate interest according to Art. 6 Abs. 1 lit. b und f, DSGVO. For futher data processing, the legal basis lies in the consent you have given us in accordance with Art. 6 Abs. 1 lit. a, DSGVO.

2. Use of your data for advertising purposes    

a. Creation of pseudonymised user profiles
We use and analyse the data we collect about you when you visit the website in order to provide you with personalised services and information on our website (on-site targeting). Cookies may also be used for the corresponding processing (see Section 6 below). The analysis of your user behaviour can lead to the creation of a user profil. Any consolidation of the usage data is carried out only with the use of pseudonyms; never with non-pseudonymous personal data.

We reserve the rights to include remarketing pixels from Facebook and Twitter on the website in order to enable personalised marketing on social networks. If you have an account with one of these social networks and are logged in when you visit the site, this pixel will link your visit to your account. If you wish to deactivate the link, please log out of your social network account before visiting our website. You can register futher settings for advertising in your user profil in the respective social networks. The creations of pseudonymised user profiles for advertising and analysis purposes is based on a legitimate interest in the sens of Art. 6 Abs. 1 lit. f, DSGVO.
This applies to all data prcessing operations listed in this Section 2. The legitimate interest consists of direct marketing and the analysis of the use of our website.

b. Re-Targeting
We reserve the right to use re-targeting technologies on the website. This involves analysing your user behviour on our website in order to be able to offer you advertising tailored to your individual needs. Your user behaviour is recorded pseudonymously. Most re-targeting technologies work with cookies (see Section 6 below). You can prevent re-targeting at any time by rejecting or deactivating the relevant cookies in the menu bar of your web browser (see Section 6 below).

Our website uses AdWords Remarketing and Doubleclick by Google services by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043,USA („Google“), to serve ads based on the use of previously visited websites. Google uses the Doubleclick cookie to recognise your browser when you visit other websites. The information generated by the cookie about your visit to this website (including your IP-address) is tranferred to a Google server in the USA and stored there (for more informations on the transfer of personal data to the USA, see Section 10 below).
Googel will use this information for the purpose of evaluating your use of the website with respect to the advertisement to be placed, compiling reports on website activity and advertising for website operators, and providing other services relating to website activity and internet usage. Google may also tranfer this information to third-parties where required to do so by law, or where such third-parties process the information on Google's behalf. Google will never associate your IP address with other Googel data. We also use the Google Tag Manager to manage the services for usage-based advertising. The Tag Manager tool itself is a cookie-less domain and does not collect any personal data. The tool triggers other tags that may collect data (see above). If you have disabled cookies or domains, this will remain in effect for all tracking tags implemented with Google Tag Manager.

c. AppNexus
We use tracking technology from AppNexus Inc., 28 W 23rd Street, 4th floor, New York, NY 10010, USA on our website. This technology collects informations about the surfing behaviour of website visitors for marketing purposes in a purely anonymous form, and uses cookies for this purpose. No personal data is collected or stored.
You may at any time object to the collection, processing and recording of data generated by Appnexus by setting an apt-out or deavtivation cookie at

3. Sharing data with third-parties
We will only pass on our personal data if you have expressly consented to this, if there is a legal obligation to do so, or if this is neccessary to enforce our rights, in particular to enforce claims arising from the relationship between you and your company. In addition, we will pass on your data to third-parties if this is neccessary within the scope of using the website to provide the services you have requested and to analyse your user behaviour. The transfer may also take place abroad to the extent neccessary for the purpose. If the website contains links to websites of third-parties, after those links are clicked, we no loger have any influence on the collection, processing, storage or use of personal data by third-parties and accept no responsibility for this.

One service provider to whom the personal data collected via the website is passed on or who has or can have access to it is our webhost Cloudrexx AG, Burgstrasse 20, 3600 Thun, Schweiz.
The website is hosted on servers in Switzerland. The data is transferred for the purpose of providing and maintaining the functionality of our website. This is our legitimate interest within the meaning of Art. 6 Abs. 1 lit. f DSGVO.

Finally we forwarded your credit card information to your credit card issurer as well as to the credit card acquirer when you pay by credit card on the website. If you choose to pay by credit card, you will be asked to enter all mendatory informations. The legal basis for the transfer of data is the fulfilment of a contract according to Art. 6 Abs. 1 lit. b DSGVO.
We ask you to also read the General Terms and Conditions and the Privacy Policy of your credit card issuer regarding the processing of your credit card information by these third-parties.

4. Transfer of personal data abroad
We may also transfer your personal data to third-parties (contracted service providers) abroad if this is neccessary for the data processing described in this privacy policy. These companies are obliged to protect your data to the same extent as we are. If the level of data protection in a country does not correspond to that in Switzerland or the European Union, we will ensure by contract that the protection of your personal data is always equivalent to that in Switzerland or the EU.

5. Datasecurity
We use appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss, and against unauthorised access by third-praties. Our security measures are continuously improved according to technological developments.

You should always keep your payment information confidential, and close the browser window when you have finished communicating with us, especially if you share a computer with others.

We also take the company's internal data protection very seriously. Our employees and the service providers we commission have been obligated by us to maintain secrecy and to comply with data protection regulations

6. Cookies
Cookies help in many ways to make your visit to our website easier, more pleasant and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our website. Cookies do not damage the hard dirve of your computer, nor do they transmit personal data of users to us. We use cookies, for example, to better tailor the information , offers and advertising displayed to you to your individual interests. Their use does not result in us obtaining new personal data about you as an online visitor. Most Internet browser automaticlly accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a new message appears every time you recive a new cookie. Disabling cookies may mean that you will not be able to use all the features of our website.

7. Social media plugins
The website uses social pluings described below. The plugins are deactivated by default on our website and therefore do not send any data. You can activate the plugins by clicking on the corresponding social media button.
If these plugins are activated, your browser will establish a direct connection with the servers of the respective social network as soon as you visit one of our websites. The content of the plugin is transmitted directly from the social network to your browser, which integrates it into the website. The plugins can be deactivated with a single click. You can find further information in the respective privacy policies of Facebook, Instagram, TripAdvisor, Trustyou and Google.

8. Tracking tools
We use various tracking tools to observe your surfing behaviour on our website. This enables continuous demand-oriented design and the optimisation of our website. To this end, pseudonymised user profiles are created and small text files called cookies are stored on your computer.

9. Evaluation of newsletter usage
We use third party email marketing services to send our newsletter. Our newsletter may therefore contain a web beacon (counting pixel) or similar technical means. A web beacon is a 1x1 pixel invisib  le graphic that is associated with the user ID of the respective newsletter subscriber.
Recourse to corresponding services enables us to evaluate whether emails containing our newsletter have been opened. Furthermore, the click behaviour of the newsletter recipients can also be recorded and evaluated. We use this data for statistical purposes and to optimise the newsletter in terms of content and structure. This enables us to better tailor the information and offers in our newsletter to the individual interests of each recipient. The tracking pixel is deleted when you delete the newsletter. If you wish to prevent tracking pixels in our newsletter, please set your mail program so that no HTML is displayed in messages.

10. Note on data tranfer to the USA
For the sake of transparency, we would like to point out to users who are resident or domiciled in Switzerland that there are surveillance measures in the USA by US authorities which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is carried out without differentiation, restriction, or exception. It is based on the objective pursued and without any objective criterion that would make it possible to limit the access to and subsequent use of the data by the US authorities to very specific, strictly limited purposes that could justify the interference associated with both access to and use of the data. Furthermore, we would like to point out that there are no legal remedies available in the United States for Swiss subjects to obtain access to data concerning them and to obtain its correction or deletion, or that there is no effective judicial protection against the general access rights of US authorities. We explicitly draw the attention of the person concerned to this legal and factual situation so that he/she can make an appropriately informed decision to consent to the use of his/her data.
Users residing in a member state of the EU are advised that the USA does not provide an adequate level of data protection from the perspective of the European Union - among other things due to the issues mentioned in this Section. Insofar as we have explained in this data protection declaration that recipients of data (such as Google, Facebook and Twitter) are based in the USA, we will ensure that your data is protected to an appropriate level with our partners, either through contractual packages with these companies or by ensuring that these companies are certified under the EU-US Privacy Shield.

11. Right of access, rectification, erasure and limitation of processing; right to data transferability
You have the right to request information free of charge about the personal data that we store about you. In addition, you have the right to have incorrect data corrected and to have your personal data deleted, provided that this does not conflict with any legal obligation to retain such data or with any permission that allows us to process it. In accordance with Articles 18 and 21 DSGVO, you also have the right to demand a restriction of data processing and to object to data processing. You also have the right to request the return of the data you have provided us with (right to data portability). Upon request, we will also pass on the data to a third party of your choice. You have the right to receive the data in a standard data format.

You can contact us for the above-mentioned purposes by email at daten­

We may use our discretion and require proof of identity in order to process your request. You may also instruct us about what steps to take with your data following your death.

B Data processing in connection with your hotel stay

12. Data processing to fulfil legal reporting obligations
Upon arrival at our hotels, we require the following informations from yourself and your accompanying person:

  • Frist- and Lastname
  • Postaladdress and canton
  • Date of birth
  • Place of birth
  • Nationality
  • Official ID-card and number
  • Arrival and departure day
  • Room number (if available)

We collect this information in order to fulfil legal reporting obligations which are particularly stated in the laws governing the hospitality industry or policing practices within Switzerland. We forward this information to the relevant policing authority insofar as we are obliged to do so under the applicable regulations.

Our legitimate interest in the fulfilment of the legal requirements lies in the fulfilment of the legal requirements in the sense of Art. 6 Para. 1 lit. f, DSGVO.

13. Data to fulfil the booked sevice in general
Upon arrival at our hotel, we require the following informations from you and your accompanying person:

  • First- and Lastname
  • Postaladdress and Canton
  • Date of birth
  • Pace of birth
  • Nationality
  • Official ID-card and number
  • Arrival and departure date
  • Room number (if available)

For international guests, we also require a copy of the official ID-card or passport. We collect this information to fulfil our contractual and post-contractual obligations with you.
Fulfilling the legal requirements is our legitimate interest within the meaning of Art. 6 Abs. 1 lit. b DSGVO.

14. Registration of services received in the spa and wellness area
If you receive services from our spa and wellness area during your stay in our hotels, the object of the service (e.g. individual entry) as well as the time of receipt of the service will be recorded and processed by us for billing purposes as well as to provide the booked service. As a rule, we require the following informations:

  • First- and Lastname
  • Postaladdress
  • Email address
  • Phone number
  • Room number (if available)

Futhermore, you have the possibility, to join our Vital-Club. We require the following informations in order to process your member request and to be able to contact you.

  • First- and Lastname
  • Postaladdress
  • Email adresse

Our legitimate interest in the sense of Art. 6 Abs. 1 lit. b DSGVO is the fulfilment of the legal requirements.

15. Registration of received medical services
If you receive medical services during your stay in our hotels, the object of the service (e.g. diagnostics, therapy) as well as the time of the service receipt will be recorded and prcessed by us for billing purposes, as well as for the provision of the booked service and the preparation of the treatment plans. As a rule, we require the following information for this purpose:

  • First- and Lastname
  • Postaladdress
  • Date of birth
  • Health insurance informations
  • Informations on the state of health
  • Email address
  • Phone number
  • Room number (if available)

Our legitimate interest in the sense of  Art. 6 Abs. 1 lit. b DSGVO is the fulfilment of the legal requirements.

C Data processing in connection with our CRM system
The personal data mentioned in the previous sections are stored centrally in our CRM system. The data in the central CRM system are processed by us for the management of customer relationships and for advertising purposes; in particular to offer you personalised services and products.

The legal basis for data processing within the framework of customer management is the execution of the contract in the sense of Art. 6 Para. 1 letter b, DSGVO. With regard to data processing within the scope of advertising activities, the legal basis is also the execution of the contract (the existing customer relationship justifies data processing for the purpose of advertising activities)   and the consent you have given in accordance with Art. 6 Para. 1 letter a, DSGVO, which you provide when registering for the newsletter (see Section 3).

D. Storage and exchange of data with third-paries

16. booking platforms
We receive diverse personal information from the respective platform operator if you make bookings via a third-party platform. As a rule, this is the data listed in Section 1 e of this Data Protection Declaration. In addition, we may be forwarded inquiries regarding your booking. We will process this data according to your name in order to record your booking as requested and to provide the services you have booked. The legal basis for data processing for this purpose is the fulfilment of a contract according to Art. 6 Para. 1 lit. b, DSGVO.

Finally, we may be informed by the platform operators about disputes in connection with a booking. In doing so, we may also receive data concerning the booking process which may include a copy of the booking confirmation as proof of the actual booking. We process this data to protect and enforce our claims. This is our legitimate interest in the sense of  Art. 6 Abs. 1 lit. f DSGVO.

Please also note the information on data protection of the respective provider.

17. Storage period
We storage personal data only as long as neccessary,

  • to use the tracking, advertising and analysis services mentioned above in the context of our legitimate interest;
  • to carry out services to the above-mentioned extent that you have requested or for which you have given your consent. (e.g. newsletter);
  • to comply with our legal obligations.

Contract data will be stored by us for a longer period of time as this is required by legal retention obligations. Storage obligations which oblige us to store data result from accounting regulations and tax law provisions. According to these regulations, business communication, concluded contracts, and accounting records must be stored for up to 10 years. If we no longer need this data to perform services for you, the data will be made inaccessible. This means that the data may then only be used for accounting and tax purposes.

18. Right to complain to a data protection supervisory authority
All restidents of EU countries have the right to complain to a data protection authority at any time.

19. Applicable law and place of jurisdiction

All contracts concluded with with the hotel under these GTC shall be governed exclusively by Swiss law. The parties agree that Thun shall be the exclusive place of jurisdiction.

In case of translation of the General Terms and Conditions, in the event of any contradictory or unclear wording, only the German version shall apply.