Privacy policy

Status: September 2024

Groupe Oniro AG (Gerbergasse 11, 4001 Basel) manages the Restaurant Safran Zunft, the Restaurant Brauerei, the Bistro Kunstmuseum Basel, the Restaurant Le Rhin Bleu and the Hotel and Restaurant Langasthof Riehen, Landgasthof Riehen and is the operator of the website www.groupe-oniro.ch, www.safran-zunft.ch, www.lerhinbleu.ch, www.brauerei-basel.ch, www.landgasthof-riehen.ch, and is therefore responsible for the collection, processing and use of your personal data and the compliance of data processing with the applicable data protection law.

Your trust is important to us, which is why we take the issue of data protection seriously and ensure appropriate security. It goes without saying that we comply with the legal provisions of the Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (OFADP), the Telecommunications Act (TCA) and other applicable data protection provisions of Swiss or EU law, in particular the General Data Protection Regulation (GDPR).

Please take note of the following information so that you know what personal data we collect from you and for what purposes we use it.

The address of our data protection representative in the EU is
Groupe Oniro AG, Gerbergasse 11, 4001 Basel, infogroupe-oniro.ch.

A. Data processing in connection with our website

1. Accessing our website

When you visit our website, our servers temporarily store every access in a log file. As with every connection to a web server, the following technical data is recorded without any action on your part and stored by us until it is automatically deleted after twelve months at the latest:

The IP address of the requesting computer,
the name of the owner of the IP address range (usually your Internet access provider), which can be deleted
the date and time of access
the website from which the access was made (referrer URL), if applicable with the search term used,
the name and URL of the retrieved file,
the status code (e.g., error message),
the operating system of your computer
the browser you are using (type, version and language)
the transmission protocol used (e.g., HTTP/1.1) and
if applicable, your user’s name from a registration/authentication.

This data is collected and processed for the purpose of enabling the use of our website (establishing a connection), ensuring system security and stability in the long term and enabling the optimization of our website as well as for internal statistical purposes. This is our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR.

The IP address is also evaluated together with the other data in the event of attacks on the network infrastructure or other unauthorized or abusive use of the website for clarification and defense purposes and, if necessary, used in the context of criminal proceedings for identification and for civil and criminal proceedings against the users concerned. This is our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR.

2. Use of our contact form

You have the option of using a contact form to get in touch with us. You can reach us at
info@groupe-oniro.ch

We require the following information for this:

First name and surname
e-mail address
Message

We only use this data and the telephone number you provide voluntarily to answer your contact request in the best possible and personalized way. The processing of this data is therefore necessary within the meaning of Art. 6 para. 1 lit. b GDPR for the implementation of pre-contractual measures or is in our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

3. Registration for our newsletter

You have the option of subscribing to our newsletter on our website. Registration is required for this.
The following data must be provided during registration

Salutation
First name and surname
e-mail address

The above data is required for data processing. In addition, you can voluntarily provide further data (date of birth and country). Date of birth and country are not recorded in the contact form. We process this data exclusively in order to personalize the information and offers sent to you and to better tailor them to your interests.

By registering, you give us your consent to process the data provided for the regular sending of the newsletter to the address you have provided and for the statistical evaluation of user behavior and the optimization of the newsletter. This consent constitutes our legal basis for the processing of your e-mail address within the meaning of Art. 6 para. 1 lit. a GDPR. We are authorized to commission third parties with the technical processing of advertising measures and are entitled to pass on your data for this purpose (see section 13 below).

At the end of each newsletter, you will find a link that you can use to unsubscribe from the newsletter at any time. When unsubscribing, you can voluntarily inform us of the reason for unsubscribing. After cancellation, your personal data will be deleted. Further processing will only take place in anonymized form to optimize our newsletter.

Our newsletter is sent via Mailchimp. The data is therefore also stored by Mailchimp. Mailchimp is owned by Inuit: The Intuit Global Privacy Statement can be found at
https://www.intuit.com/privacy/statement/.

4. Opening a customer account

To make bookings on our website, you can order as a guest or open a customer account. When you register for a customer account, we collect the following mandatory data:

Salutation
First name and surname
postal address
Date of birth
Telephone number
E-mail address
password

The purpose of collecting this data and other data voluntarily provided by you (e.g., company name) is to provide you with password-protected direct access to your basic data stored by us. You can view your previous and current bookings or manage or change your personal data.

We use the Aleno tool to process restaurant reservations. Your data is stored in an Aleno database.
You can find Aleno’s privacy policy at: https://www.aleno.me/de

We use the Mews tool to process hotel reservations. Your data is stored in a Mes database.
You can find the Mews privacy policy at:
https://app.mews.com/Platform/Document/PrivacyPolicy?language=en-GB
https://www.mews.com/en/legal

The legal basis for processing the data for this purpose is the consent you have given in accordance with Art. 6 para. 1 lit. a GDPR.

5. Booking on the website, by correspondence or by telephone call

If you make bookings either via our website, by correspondence (email or letter post) or by telephone call, we require the following data in order to process the contract:

Salutation
First name and surname
postal address
Date of birth
Telephone number
Language
Credit card details
e-mail address

We will only use this data and other information voluntarily provided by you (e.g. expected arrival time, motor vehicle license plate, preferences, comments) to process the contract, unless otherwise stated in this data protection declaration or unless you have given your separate consent. We will process the data by name in order to record your booking as requested, to provide the booked services, to contact you in the event of ambiguities or problems and to ensure correct payment.

The legal basis for data processing for this purpose is the fulfilment of a contract in accordance with Art. 6 para. 1 lit. b GDPR.

6. Cookies

Cookies help in many ways to make your visit to our website simpler, more pleasant and more meaningful. Cookies are information files that your web browser automatically stores on your computer’s hard drive when you visit our website.

We use cookies, for example, to temporarily store your selected services and entries when you fill in a form on the website so that you do not have to repeat the entry when you call up another subpage. Cookies may also be used to identify you as a registered user after you have re-registered on the website, so that you do not have to log in again when you access another sub-page.

Most Internet browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears when you receive a new cookie. On the following pages you will find explanations of how you can configure the processing of cookies in the most common browsers:

If you deactivate cookies, you may not be able to use all the functions of our website.

7. Tracking tools

a. General information

We use the web analysis service of Google Analytics for the purpose of designing and continuously optimizing our website in line with requirements. In this context, pseudonymized user profiles are created and small text files stored on your computer (‘cookies’) are used. The information generated by the cookie about your use of this website is transmitted to the servers of the providers of these services, stored there and processed for us. In addition to the data listed under point 1, we may receive the following information:

Navigation path that a visitor takes on the site,
the time spent on the website or subpage
the subpage on which the website is left,
the country, region or city from which access is made,
end device (type, version, color depth, resolution, width and height of the browser window) and
Returning or new visitor.

The information is used to analyse the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.

b. Google Analytics

The provider of Google Analytics is Google Inc, a company of the holding company Alphabet Inc, based in the USA. Before the data is transmitted to the provider, the IP address is shortened by activating IP anonymization (‘anonymizeIP’) on this website within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. In these cases, we ensure through contractual guarantees that Google Inc. complies with an adequate level of data protection. According to Google Inc., under no circumstances will the IP address be associated with other data relating to the user. Further information about the web analysis service used can be found on the Google Analytics website. You can find instructions on how to prevent the processing of your data by the web analysis service at http://tools.google.com/dlpage/gaoptout?hl=de.

B. Data processing in connection with your stay

8. Data processing for the fulfilment of legal reporting obligations

On arrival at our hotel, we may require the following information from you and your travelling companions:

First name and surname
Postal address and canton
Date of birth
Place of birth
Nationality
Official identification card and number
Arrival and departure date
Room number

We collect this information to fulfil legal reporting obligations, in particular those arising from hospitality or police law. Insofar as we are obliged to do so under the applicable regulations, we forward this information to the relevant police authority.
Our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR lies in the fulfilment of legal requirements.

9. Recording of services received

If you purchase additional services during your stay (e.g., make use of the minibar or the pay TV offer), we will record the subject of the service and the time of purchase for billing purposes. The processing of this data is necessary within the meaning of Art. 6 para. 1 lit. b GDPR for the fulfilment of the contract with us.

C. Storage and exchange of data with third parties

10. Booking platforms

If you make bookings via a third-party platform, we receive various personal information from the respective platform operator. This is generally the data listed in section 5 of this privacy policy. In addition, we may receive enquiries about your booking. We will process this data by name in order to record your booking as requested and provide the booked services. The legal basis for data processing for this purpose is the fulfilment of a contract in accordance with Art. 6 para. 1 lit. b GDPR.

Finally, we may be informed by the platform operators about disputes in connection with a booking. We may also receive data on the booking process, which may include a copy of the booking confirmation as proof of the actual completion of the booking. We process this data to safeguard and enforce our claims. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Please also note the data protection information of the respective provider.

11. Central storage and linking of data

We store the data specified in sections 2-5 and 8-10 in a centralized electronic data processing system. The data relating to you is systematically recorded and linked in order to process your bookings and fulfil the contractual services. Malchimp, Aleno and Mews. We base the processing of this data as part of the software on our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in customer-friendly and efficient customer data management.

12. Storage period

We only store personal data for as long as is necessary to use the above-mentioned tracking services and other processing within the scope of our legitimate interest. We store contractual data for longer, as this is prescribed by statutory retention obligations. Retention obligations that require us to retain data result from regulations on reporting law, accounting and tax law. According to these regulations, business communications, concluded contracts and accounting documents must be stored for up to 10 years. If we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.

13. Disclosure of data to third parties

We only pass on your personal data if you have expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. In addition, we will pass on your data to third parties if this is necessary in the context of using the website and processing the contract (including outside the website), in particular processing your bookings.

A service provider to whom the personal data collected via the website is passed on or who has or may have access to it is our web host onlinefactory.ch. The website is hosted on servers in Switzerland. The data is passed on for the purpose of providing and maintaining the functionalities of our website. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Finally, we forward your credit card information to your credit card issuer and the credit card acquirer when you pay by credit card on the website. If you decide to pay by credit card, you will be asked to enter all mandatory information. The legal basis for passing on the data is the fulfilment of a contract in accordance with Art. 6 para. 1 lit. b GDPR. With regard to the processing of your credit card information by these third parties, please also read the General Terms and Conditions and the privacy policy of your credit card issuer.

Please also note the information in sections 7-8 and 10-11 regarding the transfer of data to third parties.

14. Transfer of personal data abroad

We are authorized to transfer your personal data to third parties (contracted service providers) abroad for the purposes of the data processing described in this data protection declaration. These companies are obliged to protect data to the same extent as we are. If the level of data protection in a country does not correspond to that in Switzerland or the EU, we contractually ensure that the protection of your personal data corresponds to that in Switzerland or the EU at all times.

15. Video Surveillance

To prevent misuse and address unlawful behavior, the entrance area of the Hotel Landgasthof Riehen is monitored by cameras. The recorded video data is only reviewed if there is a suspicion of illegal activity. Otherwise, the video data is automatically deleted after 72 hours.

16. Use of Our WIFI Network

In our establishments, you have the opportunity to use our WIFI network free of charge. Access is password-protected to prevent misuse and address unlawful behavior. The following data is transmitted: the MAC address of the device.

D. Additional Information

17. Right to Information, Correction, Deletion, and Restriction of Processing; Right to Data
Portability

You have the right to request information about the personal data we have stored about you. Additionally, you have the right to correct incorrect data and the right to have your personal data deleted, provided that no legal retention obligation or other legal basis for processing the data exists.

You also have the right to retrieve the data you have provided to us (right to data portability). Upon request, we will transfer the data to a third party of your choice. You have the right to receive the data in a commonly used format.

You can reach us for the aforementioned purposes via the email address: info@groupe-oniro.ch. For the processing of your requests, we may, at our discretion, require proof of identity.

18. Data Security

We use appropriate technical and organizational security measures to protect your personal data stored with us against manipulation, partial or complete loss, and unauthorized access by third parties. Our security measures are continually improved in line with technological developments.

You should always keep your access data confidential and close the browser window when you have finished communicating with us, especially if you share the computer with others.

We also take internal data protection very seriously. Our employees and the service providers we commission are obligated to maintain confidentiality and comply with data protection regulations.

19. Notice Regarding Data Transfers to the USA

For the sake of completeness, we inform users residing in Switzerland that US authorities have surveillance measures in place that generally allow the storage of all personal data of individuals whose data is transferred from Switzerland to the USA. This is done without differentiation, limitation, or exception based on the purpose pursued and without any objective criteria that would limit the access of US authorities to the data and its subsequent use to specific, strictly limited purposes that justify both the access to and use of the data.

Additionally, we inform you that individuals from Switzerland do not have legal remedies in the USA that allow them to access their data, request correction or deletion, nor do they have effective legal protection against the general access rights of US authorities. We explicitly inform affected individuals of this legal and factual situation so they can make an informed decision about consenting to the use of their data.

For users residing in an EU member state, we inform you that, from the perspective of the European Union – among other reasons due to the issues mentioned in this section – the USA does not have an adequate level of data protection. As explained in this privacy policy, if recipients of data (such as Google) are based in the USA, we ensure through either contractual agreements with these companies or by ensuring their certification under the EU or Swiss-US Privacy Shield, that your data will be protected at an appropriate level with our partners.

20. Right to Lodge a Complaint with a Data Protection Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority at any time.

Effective Date: Groupe Oniro AG, September 2024