top of page

Privacy Policy

Status: December 22, 2025

1. Introduction and Controller

We appreciate your interest in our brand presence. The protection of your personal data is important to us. This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data in connection with the use of our website alexander-gerbi.ch.

 

Since our offering is aimed at both the Swiss market and the European Economic Area (EEA), data processing is carried out in accordance with the Swiss Federal Act on Data Protection (FADP) and the European General Data Protection Regulation (GDPR).

 

Controller in the sense of the FADP and the GDPR:

 

Hotels Alexander & Gerbi Hertensteinstrasse 42 6353 Weggis Switzerland Email: info@alexander-gerbi.ch Phone: +41 (0)41 392 22 22

 

The brand presence is jointly operated by:

 

  • Alexander Hotel-Betriebs AG (Commercial Register No.: CH-100.3.787.582-4)

  • Gerbi Hotel-Betriebs AG Weggis (Commercial Register No.: CH-100.3.006.239-8)

2. General Information on Data Processing

2.1 Legal Bases for Processing

The processing of your data is based on various legal grounds, depending on the context of the processing:

 

Legal Basis (GDPR)

Application Case

Art. 6 para. 1 lit. a GDPR (Consent)

Processing of data for non-essential services (e.g., marketing cookies, analytics tools) that you enable via Usercentrics.

Art. 6 para. 1 lit. b GDPR (Performance of a contract)

Processing for the fulfillment of a contract or pre-contractual measures (e.g., bookings via the Bookeo Widget).

Art. 6 para. 1 lit. c GDPR (Legal obligation)

Storage of data to comply with legal obligations (e.g., commercial or tax law retention obligations).

Art. 6 para. 1 lit. f GDPR (Legitimate interest)

Processing to ensure the technical operation of the website, to optimize services, and to assert legal claims.

 

Under the Swiss FADP, processing is based on the principles of lawfulness, proportionality, and purpose limitation.

2.2 Your Rights as a Data Subject (Data Subject Rights)

You have the right at any time to receive information free of charge about the origin, recipients, and purpose of your stored personal data. Furthermore, you have the right to rectification, blocking, or erasure of this data.

 

In particular, you have the following rights:

 

Right

Description

Right of access (Art. 15 GDPR, Art. 25 FADP)

You can request confirmation as to whether and which data concerning you we process.

Right to rectification (Art. 16 GDPR)

You can request the immediate rectification of inaccurate data or the completion of incomplete data.

Right to erasure (Art. 17 GDPR, Art. 32 FADP)

You can request the erasure of your personal data, provided that no legal retention obligations prevent this.

Right to restriction of processing (Art. 18 GDPR)

You can request the restriction of processing if the accuracy of the data is contested or the processing is unlawful.

Right to object (Art. 21 GDPR)

You can object to the processing of your personal data, provided that the processing is based on legitimate interests.

Right to data portability (Art. 20 GDPR)

You have the right to have data that we process automatically handed over to you or to a third party in a common, machine-readable format.

Right to withdraw consent (Art. 7 para. 3 GDPR)

You have the right to withdraw consent once given at any time with effect for the future.

Right to lodge a complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement. The competent Swiss supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC).

 

To assert your rights, please contact the address mentioned in section 1.

3. Consent Management Platform (Usercentrics)

We use the Consent Management Platform (CMP) Usercentrics (Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany) to obtain your consent for the storage of cookies and the use of tracking technologies and to document this in compliance with data protection regulations.

 

Usercentrics allows you to give or refuse your consent for specific data processing operations. Your selection is stored to ensure that your desired settings are taken into account on future visits.

 

  • Processed Data: Consent data (consent ID, time of consent, type of consent), browser information, device information.

  • Purpose: Fulfillment of legal proof obligations for consents (Art. 7 para. 1 GDPR) and compliance with the requirements of the FADP.

  • Legal Basis: Legal obligation (Art. 6 para. 1 lit. c GDPR) and Legitimate interest (Art. 6 para. 1 lit. f GDPR).

 

You can change or withdraw your cookie settings at any time via the corresponding link (usually in the footer of the website).

4. Hosting and Essential Services

4.1 Wix (Hosting and Platform)

Our website is hosted by Wix.com Ltd. (40 Namal Tel Aviv St., Tel Aviv 6350671, Israel). Wix provides the infrastructure and platform for operating the website.

 

  • Processed Data: Inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, prospective customers, and visitors.

  • Purpose: Provision of the website, ensuring technical security and stability.

  • Legal Basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR) in a secure and efficient operation of the website.

  • Data Transfer to Third Countries: Wix is an Israeli company. Israel is considered a safe third country with an adequate level of data protection (Adequacy Decision of the EU Commission).

4.2 Bookeo Widget (Booking System)

We use the Bookeo Widget to process online bookings.

 

  • Provider: Bookeo Pty Ltd (Level 2, 11-13 York Street, Sydney NSW 2000, Australia).

  • Processed Data: Name, email address, and specific booking details (date, service, etc.).

  • Purpose: Implementation of pre-contractual measures and fulfillment of the accommodation contract.

  • Legal Basis: Performance of a contract (Art. 6 para. 1 lit. b GDPR).

  • Data Transfer to Third Countries: Australia is considered a safe third country with an adequate level of data protection.

4.3 Wix Pro Gallery

We use the Wix Pro Gallery to display images.

 

  • Purpose: Optimized and appealing presentation of media content.

  • Legal Basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR) in an attractive presentation of our offer.

5. Functional and Analytical Services

5.1 Google Maps

We integrate the maps of the service Google Maps from the provider Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to show our location and facilitate directions.

 

  • Processed Data: When accessing the page on which Google Maps is integrated, your IP address and location data are transmitted to Google.

  • Purpose: Display of our location and provision of an interactive map.

  • Legal Basis: Your Consent (Art. 6 para. 1 lit. a GDPR), which you provide via Usercentrics. Without consent, the map is not loaded.

  • Data Transfer to Third Countries: Data may be transferred to the USA. We rely on the Standard Contractual Clauses of the EU Commission for this.

5.2 Functional Components

These components serve to increase user-friendliness by, for example, storing language settings or login information.

 

  • Purpose: Optimization of the user experience and provision of convenience functions.

  • Legal Basis: Your Consent (Art. 6 para. 1 lit. a GDPR), which you provide via Usercentrics.

6. Marketing and Social Media Services

6.1 Facebook Pixel

We use the Facebook Pixel from Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

 

  • Processed Data: Information about your usage behavior on our website (e.g., pages visited, bookings made).

  • Purpose: Conversion measurement (recording whether users were redirected to our website after clicking on a Facebook ad) and creation of target groups for advertisements.

  • Legal Basis: Your Consent (Art. 6 para. 1 lit. a GDPR), which you provide via Usercentrics.

  • Data Transfer to Third Countries: Data may be transferred to the USA. We rely on the Standard Contractual Clauses of the EU Commission for this.

6.2 YouTube Video

We embed videos from the YouTube platform, provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

 

  • Processed Data: When a video is played, data is transmitted to YouTube (IP address, device ID, browser information).

  • Purpose: Embedding video content.

  • Legal Basis: Your Consent (Art. 6 para. 1 lit. a GDPR), which you provide via Usercentrics.

  • Note: We use YouTube in enhanced privacy mode. According to YouTube, cookies are only set when the video is actually played. Nevertheless, consent is required because data is transferred to Google when the video is played.

6.3 Social Stream and Twitter Feed (Powr)

We use the services Social Stream by Powr and Twitter Feed by Powr to integrate social media content.

 

  • Provider: Powr.io (POWR, Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA).

  • Processed Data: When these feeds are loaded, data (e.g., IP address, browser information) may be transferred to Powr and the respective social media platforms (Twitter/X, Facebook, etc.).

  • Purpose: Display of current social media activities.

  • Legal Basis: Your Consent (Art. 6 para. 1 lit. a GDPR), which you provide via Usercentrics. Without consent, these feeds are blocked.

  • Data Transfer to Third Countries: Powr is a US company. Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission.

7. Tag Management

7.1 Google Tag Manager

We use the Google Tag Manager (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

 

  • Note: The Google Tag Manager itself does not process any personal data. It is only used to manage and trigger other tags (code snippets) which may, in turn, collect data.

  • Purpose: Simplified management of website tags.

  • Legal Basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR) in the efficient management of services.

8. Data Transfer to Third Countries

We point out that we use services from providers whose servers are sometimes located outside Switzerland and the European Union (EU) or the European Economic Area (EEA) (e.g., USA).

 

  • Switzerland and EU/EEA: The transfer of data to Switzerland from the EU/EEA is secured by the Adequacy Decision of the EU Commission.

  • USA and other Third Countries: When transferring data to third countries without an adequate level of data protection (such as the USA), we rely on the Standard Contractual Clauses (SCC) of the EU Commission to ensure an adequate level of protection for your data.

9. Changes to the Privacy Policy

We reserve the right to adapt this Privacy Policy so that it always complies with current legal requirements or to implement changes to our services in the Privacy Policy (e.g., when introducing new services). The current Privacy Policy applies to your renewed visit.

bottom of page