PRIVACY POLICY

Privacy Policy

Boutique & Art Hotel Helvetia
Version: March 2026

 

1. Controller and Content of this Privacy Policy

We, Jugendstil AG, Stauffacherquai 1, 8004 Zurich, Switzerland, are the operator of the Boutique & Art Hotel Helvetia, including the website available at www.hotel-helvetia.ch, and — unless otherwise stated in this Privacy Policy — are responsible under data protection law for the processing of personal data described herein.

With this Privacy Policy, we inform you about which personal data we process in connection with our hotel operations, our services, and our website, for what purposes this takes place, on which legal basis the processing is carried out, and what rights you are entitled to.

We primarily follow Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and the corresponding ordinance. Where applicable, we also comply with the General Data Protection Regulation of the European Union (GDPR).

Please note that this Privacy Policy may be amended from time to time. The version published on our website shall apply in each case.

 

2. Contact for Data Protection Matters

If you have any questions regarding data protection or wish to exercise your rights, you may contact us as follows:

Jugendstil AG
Attn. Data Protection
Stauffacherquai 1
\n8004 Zurich
Switzerland

Email: info@hotel-helvetia.ch
Phone: +41 44 297 99 99

 

3. Scope, Purposes and Legal Bases of Our Data Processing

3.1 Contacting Us

If you contact us by email, telephone, contact form, or by any other means, we process the personal data you provide. This includes in particular:

• Name
• Email address
• Telephone number
• Content of your request
• Time and circumstances of the contact

We process this data in order to handle your request, respond to inquiries, prepare or carry out bookings or reservations, and for quality assurance and documentation purposes.

Legal bases are:

• the performance of pre-contractual measures or the fulfilment of a contract, insofar as your request relates to this;
• our legitimate interest in orderly communication and the proper handling of inquiries;
• where applicable, your consent, insofar as this is obtained in individual cases.

 

3.2 Use of our Online Concierge Service (MyConcierge)

If you use our online concierge service, we process the data you provide, in particular:

• Name
• Company and position
• Email address
• Billing address
• Payment method
• Order or inquiry details
• Any other information you provide to us

We process this data for the provision of the concierge service, to handle your orders and requests, and for contract processing.

For the technical provision we use a software solution provided by hotelplus solutions GmbH, Rheinstrasse 81, 4133 Pratteln, Switzerland. It cannot be excluded that hotelplus solutions may gain access to personal data in the course of support or hosting services.

If hotelplus solutions processes data for its own purposes, hotelplus solutions is responsible for such processing. Their privacy policy applies in addition.

Legal bases:

• Contract initiation and contract performance
• Our legitimate interest in providing an efficient and modern digital service

3.3 Bookings

3.3.1 Booking via our Website

If you book accommodation via our website, we process the data collected during the booking process. Depending on the booking, this may include in particular:

• Title
• First name and last name
• Billing address
• Date of birth
• Company, company address, and VAT number for corporate customers
• Telephone number
• Email address
• Payment method
• Booking details
• Remarks
• Confirmations relating to terms and conditions and data protection

We process this data to receive, manage, and process your booking, to fulfil our contractual obligations, to communicate with you before, during, and after your stay, for invoicing, and for internal documentation.

Where additional information is not mandatory, providing it is voluntary. Such information is used to better tailor our services to your needs and to facilitate processing.

For the online booking system, we currently use TravelClick or services provided by Amadeus Hospitality Americas, Inc., 75 New Hampshire Avenue, Portsmouth, NH 03801, USA. The data required for the booking may therefore be transmitted to or processed by Amadeus.

If Amadeus processes data for its own purposes, in particular for its own service, analysis, or compliance purposes, Amadeus is responsible for such processing. Amadeus’ privacy notices apply in addition.

Legal bases:

• Contract initiation and contract performance
• Where applicable, your consent, insofar as voluntary additional information or optional communication methods are concerned

3.3.2 Booking via Third-Party Platforms

If you book via booking platforms such as Booking.com, Expedia, HRS, Tablet Hotels, Tripadvisor, Trivago, or other third-party providers, we receive from the respective platform operators the data required to process the booking. This includes in particular master data, contact data, booking data, and, where applicable, payment or communication data.

We process this data to record your booking, provide the booked services, communicate with you, and handle inquiries, rebookings, complaints, or disputes.

Where we exchange data with platform operators in connection with complaints, refunds, or cases of misuse, this is done in order to protect our legitimate interests in proper contract execution and legal enforcement.

Legal bases:

• Contract initiation and contract performance
• Our legitimate interest in handling complaints, misuse cases, and legal disputes

3.4 Table Reservations

If you reserve a table in our restaurant via our website or other communication channels, we process in particular the following data:

• First name and last name
• Number of guests
• Email address
• Telephone number
• Date and time of the reservation
• Menu or offer type
• Comments or special requests

We process this data to receive, manage, and carry out your reservation and to contact you in case of questions or changes.

For the handling of table reservations we use a software solution provided by Aleno AG, Zurich, Switzerland. Aleno may gain access to personal data in the course of technical provision or support.

If Aleno processes data for its own purposes, Aleno is responsible for such processing. Aleno’s privacy notices apply in addition.

Legal basis: contract initiation and contract performance.

 

3.5 Payment Processing

3.5.1 Payments in the Hotel

If you pay in the hotel or restaurant using electronic means of payment, the data required for payment processing is transmitted directly to the involved payment service providers, card issuers, and acquirers. This includes in particular:

• Name of the cardholder
• Card data or tokenized card data
• Transaction amount
• Time of the transaction
• Merchant location

As a rule, we only receive the information whether a payment was successful and the transaction data required for accounting.

Legal basis: contract performance.

3.5.2 Payments in Connection with Online Bookings and Orders

For paid online bookings or orders, we additionally process the information required for payment and transmit it to the payment service providers used.

Where we store a credit card to secure bookings or carry out a pre-authorization, this is done only to the extent necessary and in compliance with the applicable security requirements. Where technically possible, we use tokenized or otherwise protected procedures and do not store complete credit card data in plain text.

To avoid payment defaults, we may, where necessary and permitted, carry out credit checks or involve external service providers. In this context, master data and contract data may be transmitted to the relevant providers.

Legal bases:

• Contract performance
• Our legitimate interest in preventing payment defaults and misuse

3.6 Recording and Billing of Services Used

If you use additional services during your stay, such as extra overnight stays, gastronomic services, activities, or other additional services, we process the data required for this purpose, in particular:

• Booking and contract data
• Services used
• Time of use
• Prices and billing information
• Any remarks or special requests

This processing takes place for the purpose of service provision, internal allocation, invoicing, and follow-up processing.

Legal basis: contract performance.

3.7 Email Marketing

If you subscribe to our newsletter or other marketing emails, we process in particular:

• Email address
• Title
• First and last name

We generally use the double opt-in procedure for registration. This means that we activate your subscription only after you have verified your email address via a confirmation link.

We process this data in order to send you information about our hotel, our offers, events, restaurant offers, or other services. Where you have given your consent, we may personalize content and carry out statistical evaluations, for example whether emails are opened or links are clicked.

Our marketing emails may contain tracking pixels or comparable technologies in order to measure openings and interactions. Such evaluations are carried out only where this is permitted under data protection law and, where required, on the basis of your consent.

For sending marketing emails we use Mailchimp, a service of Intuit / The Rocket Science Group LLC, Atlanta, USA. Data may therefore be processed on servers outside Switzerland or the EEA.

You may withdraw your consent at any time with effect for the future, in particular via the unsubscribe link contained in every marketing email or by notifying us.

Legal basis: your consent.

3.8 Reviews

If you submit reviews or comments on our website or via integrated functions, we process the data you provide, in particular:

• Review content
• Name or pseudonym, if provided
• Time of the review
• Any additional comments

We process this data for the publication of the review, quality assurance, handling of feedback, and prevention of misuse.

You may withdraw your consent to publication at any time with effect for the future; statutory obligations or overriding interests in retention remain reserved.

Legal bases:

• Your consent, insofar as publication is concerned
• Our legitimate interest in maintaining a functional and lawful review system and in preventing misuse

3.9 Video Surveillance

For the protection of our guests, employees, facilities, and assets, as well as for the prevention and investigation of misuse, theft, violence, or damage to property, certain publicly accessible areas of our premises may be monitored by video surveillance. In particular, sanitary facilities and highly private areas are not monitored.

We ensure that surveillance is proportionate. Video surveillance is indicated on site in an appropriate manner.

Video recordings are generally stored only as long as necessary for the respective purpose. If no security-relevant incident occurs, recordings are deleted within a reasonable period. In the event of incidents, recordings may be secured to the extent required and passed on to authorities, insurers, or legal advisors.

Legal basis: our legitimate interest in security, protection of property, and legal enforcement.

3.10 Use of our WiFi Network

If you use our guest WiFi, we process the data required to provide and secure the network. This may include in particular:

• Mobile phone number (if registration is required)
• MAC address or device identifier
• Time and duration of use
• Technical connection data
• Assigned IP address
• Log data in connection with security or misuse incidents

This processing is carried out in order to provide the WiFi service, ensure technical operation, prevent misuse, and comply with legal obligations where applicable.

For the technical provision of the WiFi we cooperate with HPE Aruba Networking, Dübendorf, Switzerland.

Legal bases:

• Contract performance / provision of the requested service
• Our legitimate interest in network security and prevention of misuse
• Legal obligations, where applicable

3.11 Compliance with Legal Reporting Obligations

Upon arrival or in connection with your stay, we may be legally obliged to collect certain information and transmit it to the competent authorities. This includes in particular:

• First name and last name
• Address
• Date of birth
• Nationality
• ID or passport data
• Date of arrival and departure

This processing takes place exclusively in order to comply with statutory reporting and documentation obligations.

Legal bases:

• Compliance with a legal obligation
• Contract performance, where applicable

3.12 Job Applications

If you apply for a position with us, we process the application documents and personal data you submit, in particular:

• Master data and contact data
• Curriculum vitae
• Certificates and references
• Correspondence
• References, insofar as provided or lawfully obtained

We process this data in order to review your application, conduct the recruitment procedure, and fill open positions.

If your application is not successful, we delete or anonymize your data after completion of the recruitment process, unless statutory retention obligations apply or you have consented to longer storage.

Legal basis: pre-contractual measures.

4. Central Data Storage and Data Exchange within the Group

We may store personal data in central systems and make it accessible to internal departments or companies affiliated with us, insofar as this is necessary for the purposes described in this Privacy Policy.

Such internal data transfers take place in particular for:

• administration and accounting
• booking and guest management
• IT and system administration
• marketing and customer communication
• legal compliance and documentation

Access is limited to those persons who require the data for the respective purpose.

Legal basis: our legitimate interest in efficient organization and administration.

 

5. Disclosure of Personal Data to Third Parties

We may disclose personal data to third parties where this is necessary for the purposes described in this Privacy Policy, in particular to:

• IT service providers
• booking system providers
• payment service providers
• marketing service providers
• newsletter providers
• authorities and public bodies
• legal advisors, auditors, and insurers

Such disclosure takes place only to the extent required and, where necessary, on the basis of data processing agreements.

Where third parties process data for their own purposes, they are responsible for such processing under data protection law.

Legal bases:

• Contract performance
• Legal obligation
• Legitimate interest
• Consent, where applicable

6. Transfer of Personal Data Abroad

Personal data may also be transferred to recipients in countries outside Switzerland or the European Economic Area.

If a country does not provide an adequate level of data protection, we ensure appropriate safeguards, in particular by:

• standard contractual clauses
• contractual safeguards
• statutory exceptions
• consent, where required

Further information on safeguards may be obtained from us upon request.

Legal bases:

• Contract performance
• Legitimate interest
• Consent
• Legal obligation

 

7. Data Processing in Connection with our Website

When you visit our website, certain technical data is automatically collected, in particular:

• IP address
• date and time of access
• browser type and version
• operating system
• referrer URL
• pages accessed

This data is processed to ensure the operation, stability, and security of the website and to optimize our services.

Legal basis: legitimate interest in secure and efficient operation.

7.1 Cookies

We use cookies and comparable technologies on our website. Cookies are small text files that are stored on your device.

Cookies may be necessary for the operation of the website or used for analysis, statistics, or marketing.

You can configure your browser to refuse cookies or to delete stored cookies at any time. However, this may limit the functionality of the website.

Legal bases:

• Legitimate interest
• Consent, where required

7.2 Analytics and Tracking Tools

We may use analytics and tracking tools to evaluate the use of our website and to improve our services.

Such tools may collect in particular:

• IP address
• device information
• usage behavior
• visited pages
• duration of visit

Where required by law, such tools are used only with your consent.

Legal bases:

• Legitimate interest
• Consent

7.3 Social Media and External Services

Our website may contain links or integrations to external services or social media platforms.

When using such services, personal data may be transmitted to the respective provider. The provider is responsible for the processing of such data.

The privacy policies of the respective providers apply in addition.

 

8. Retention Period

We process personal data only as long as necessary for the respective purpose, in particular:

• for the duration of the contractual relationship
• for statutory retention periods
• for documentation and evidence purposes
• for security and misuse prevention

After expiry of the applicable periods, the data will be deleted or anonymized.

 

9. Data Security

We take appropriate technical and organizational measures to protect personal data against:

• unauthorized access
• loss
• misuse
• alteration
• disclosure

Our security measures are continuously adapted to the current state of the art.

 

10. Rights of the Data Subject

You have the following rights under applicable data protection law:

• right of access
• right to rectification
• right to erasure
• right to restriction of processing
• right to data portability
• right to object
• right to withdraw consent at any time
• right to lodge a complaint with a supervisory authority

To exercise your rights, you may contact us at the address stated above.

We may request proof of identity where necessary.

11. Final Provisions

This Privacy Policy may be amended at any time.

The version published on our website shall apply.

Last updated: March 2026.