Privacy Policy

Important Legal Notices – Palais Coburg Residenz GmbH

Please read the following terms carefully before proceeding. Persons who access the Palais Coburg website agree to the terms set out below.

Palais Coburg Residenz GmbH operates the website [www.palais-coburg.com
] and is therefore responsible for the collection, processing and use of your personal data and for ensuring that data processing complies with the applicable data protection law.

Your trust is important to us, which is why we take data protection seriously and pay attention to appropriate security. We naturally observe the statutory provisions of the Federal Act on Data Protection (DSG), the Ordinance to the Federal Act on Data Protection (VDSG), the Telecommunications Act (FMG) and any other data protection provisions of Swiss or EU law that may apply, in particular the General Data Protection Regulation (GDPR).

So that you know which personal data we collect from you and for what purposes we use it, please take note of the information below.

A. Data processing in connection with our website

1. Accessing our website

When you visit our website, our servers temporarily store each access in a log file. The following technical data are recorded in the process, as is generally the case with every connection to a web server, without any action on your part, and stored by us:

the IP address of the requesting computer,
the name of the owner of the IP address range (as a rule your internet access provider),
the date and time of access,
the website from which the access took place (referrer URL), possibly with the search term used,
the name and URL of the file retrieved,
the status code (e.g. error message),
the operating system of your computer,
the browser you use (type, version and language),
the transmission protocol used (e.g. HTTP/1.1) and
where applicable, your user name from a registration/authentication.

The collection and processing of these data take place for the purpose of enabling the use of our website (establishing a connection), ensuring long-term system security and stability and enabling the optimisation of our online offering, as well as for internal statistical purposes. This constitutes our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR.

The IP address is also evaluated together with the other data in the event of attacks on the network infrastructure or other unauthorised or abusive website use for clarification and defence purposes and, where appropriate, used in the context of criminal proceedings to identify and take civil and criminal action against the relevant users. This constitutes our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR.

2. Use of our contact form

You have the option of using a contact form for event enquiries to get in touch with us. For this we require the following details as mandatory:

First and last name
Postal address
Email address
Telephone number
Message

We use these data solely to respond to your contact enquiry in the best and most personalised way possible. The processing of these data is therefore necessary within the meaning of Art. 6 para. 1 lit. b GDPR for the performance of pre-contractual measures and/or lies in our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

3. Subscription to our newsletter

You have the option on our website to subscribe to our newsletter. Registration is required for this. As part of the registration, the following data must be provided:

Salutation
First and last name
Email address

The above data are necessary for data processing. You can also voluntarily provide further data (title, street, postcode/town, country). We process these data solely in order to personalise the information and offers sent to you and to tailor them better to your interests.

By registering you give us your consent to process the specified data for the regular sending of the newsletter to the address you have provided and for the statistical analysis of usage behaviour and the optimisation of the newsletter. This consent constitutes our legal basis within the meaning of Art. 6 para. 1 lit. a GDPR for processing your email address. We are entitled to commission third parties with the technical implementation of promotional measures and are entitled to pass on your data for this purpose (see para. 13 below).

At the end of each newsletter there is a link via which you can unsubscribe from the newsletter at any time. As part of the unsubscription you can voluntarily inform us of the reason for unsubscribing. After unsubscribing, your personal data will be deleted. Further processing only takes place in anonymised form to optimise our newsletter.

4. Booking on the website, by correspondence or by telephone call

If you make bookings either via our website, by correspondence (email or postal mail) or by telephone call, we require the following data as mandatory for the execution of the contract:

Salutation
First and last name
Postal address
Date of birth
Telephone number
Language
Credit card information
Email address

We will use these data as well as other information voluntarily provided by you (e.g. expected arrival time, motor vehicle registration number, preferences, remarks) only to process the contract, unless otherwise stated in this privacy policy and/or you have given separate consent. In particular, we will process the data in order to record your booking as requested, provide the booked services, contact you in case of ambiguities or problems and ensure correct payment.

The legal basis for data processing for this purpose lies in the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR.

5. Cookies and similar technologies

Our website uses cookies to improve user-friendliness, provide certain functions, record usage statistically, and personalise content and adverts. Cookies are small text files that are stored on your device when you visit our website.

5.1 What are cookies?

Cookies enable us and commissioned third-party providers to recognise your device when you visit again. They do not contain directly personal information, but can be combined with further data, for example if you have a user account with us.

5.2 Cookie categories

We use the following cookie categories:

Necessary cookies: These cookies are technically required for the operation of the website, e.g. to enable navigation or save your privacy settings. Without them, the website cannot function correctly.
Functional cookies: These cookies enable enhanced functionality and personalisation, for example by saving language settings or user preferences.
Analytics and performance cookies: These cookies help us understand how our website is used – e.g. which pages are accessed particularly often or how users move around the site. For analysis we use, among others, Google Analytics and Microsoft Clarity.
Marketing and advertising cookies: These cookies enable us or third parties to show you targeted content and advertising – based on your browsing behaviour. They also help measure the effectiveness of campaigns.
Uncategorised cookies: Cookies that are not currently assigned to a defined category and are being reviewed.

5.3 Cookie management with CookieYes

We use the consent tool CookieYes (CookieYes Ltd, UK) to obtain, document and manage the legally required consent to the use of cookies. A corresponding cookie banner appears on your first visit to our website. You can change your consents at any time via the Cookie button on our website.

5.4 Disabling cookies in the browser

You can also adjust your cookie settings directly in the browser. Most browsers accept cookies automatically. However, complete deactivation can lead to certain functions of the website no longer being available.

Instructions for cookie management can be found, for example, here:

Disabling cookies may mean that you cannot use all functions of our website.

6. Tracking tool

a. General

For the purpose of needs-based design and ongoing optimisation of our website, we use various web analytics services – including, for example, Google Analytics and Microsoft Clarity (see the following sections). For the purpose of needs-based design and ongoing optimisation of our website, we use the web analytics service Google Analytics. In this context, pseudonymised usage profiles are created and small text files stored on your computer (“cookies”) are used. The information generated by the cookie about your use of this website is transmitted to the servers of the providers of these services, stored there and prepared for us. In addition to the data listed under para. 1, we may thereby receive the following information:

navigation path taken by a visitor on the site,
time spent on the website or subpage,
the subpage from which the website is left,
the country, region or city from which access occurs,
device (type, version, colour depth, resolution, width and height of the browser window) and
returning or new visitor.

The information is used to evaluate the use of the website, to compile reports on website activity and to provide further services related to website and internet use for market research and the needs-based design of this website. This information may also be transferred to third parties where required by law or where third parties process these data on our behalf.

b. Google Analytics

The provider of Google Analytics is Google Inc., a company of the holding company Alphabet Inc., based in the USA. Before the data are transmitted to the provider, the IP address is shortened by activating IP anonymisation (“anonymizeIP”) on this website within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The anonymised IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. In these cases we ensure by contractual guarantees that Google Inc. maintains an adequate level of data protection. According to Google Inc., under no circumstances will the IP address be associated with other data relating to the user.

Further information about the web analytics service used can be found on the Google Analytics website. Instructions on how you can prevent the processing of your data by the web analytics service can be found at tools.google.com/dlpage/gaoptout.

c. Microsoft Clarity

We use Microsoft Clarity on our website, a web analytics service of Microsoft Corporation, USA. Clarity helps us to better understand usage behaviour on our website and to make it more user-friendly. Among other things, mouse movements, clicks, scrolling behaviour as well as technical information about the device and browser used are recorded. The evaluation is carried out in the form of session replays and heatmaps.

Clarity is integrated via Google Tag Manager, whereby the script is only loaded after consent to analytics cookies has been given. The processing of these data therefore takes place exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR.

The information collected by Clarity may be transmitted to the USA. Microsoft processes the data partly on our behalf, but acts as an independent controller in certain processing steps. Further information on data processing by Microsoft can be found in the Microsoft Privacy Statement.

d. Google Tag Manager

We use Google Tag Manager, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), to manage website tags. Google Tag Manager enables us to manage tracking codes and other services via a unified user interface. Google Tag Manager itself is not used to collect personal data, but serves to trigger other tags that may in turn collect data.

Google Tag Manager does not access these data. If a deactivation has been carried out at domain or cookie level, it remains in place for all tracking tags implemented with Google Tag Manager.

Further information can be found in Google’s privacy policy and in the terms of use of Google Tag Manager.

B. Data processing in connection with your stay

7. Data processing to fulfil statutory registration obligations

Upon arrival at our hotel, we may require the following details from you and your accompanying persons:

First and last name
Postal address and canton
Date of birth
Nationality
Official identification document and number
Day of arrival and departure
Room number

We collect these details to fulfil statutory registration obligations arising in particular from hospitality or police law. Insofar as we are obliged to do so under the applicable provisions, we forward this information to the competent police authority.

Complying with legal requirements constitutes our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Recording of services received

If you obtain additional services during your stay (e.g. make use of the minibar or pay-TV offering), the service item and the time the service was obtained will be recorded by us for billing purposes. The processing of these data is necessary within the meaning of Art. 6 para. 1 lit. b GDPR for the performance of the contract with us.

C. Storage and sharing of data with third parties

9. Booking platforms

If you make bookings via a third-party platform, we receive from the respective platform operator various personal information. As a rule, this consists of the data listed in para. 5 of this privacy policy. In addition, enquiries regarding your booking may be forwarded to us. We will process these data in particular to record your booking as requested and to provide the booked services. The legal basis for data processing for this purpose lies in the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR.

Finally, we may be informed by the platform operators about disputes in connection with a booking. In doing so we may also receive data about the booking process, which can include a copy of the booking confirmation as proof of the actual conclusion of the booking. We process these data to protect and enforce our claims. This constitutes our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Please also note the data protection information of the respective provider.

10. Central storage and linking of data

We store the data specified in sections 2–5 and 8–10 in a central electronic data processing system. The data relating to you are systematically recorded and linked for the processing of your bookings and the handling of contractual services. For this we use the following software (Protel / rebagdata ag, hotel management solutions, Einsiedlerstrasse 533, CH-8810 Horgen / RIMS MP-Network, Anemonenweg 5, DE-85586 Poing / Aleno GmbH, restaurant reservation system, Buckhauserstrasse 37, CH-8048 Zurich / TAC Informationstechnologie GmbH, Schildbach 211, AT-8230 Hartberg / straiv GmbH, Eichwiesenring 4F DE-70567 Stuttgart).

We base the processing of these data within the software on our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in customer-friendly and efficient customer data management.

11. Retention period

We store personal data only as long as is necessary to use the tracking services mentioned above and the other processing within the scope of our legitimate interest. We retain contractual data for a longer period, as this is required by statutory retention obligations. Retention obligations that require us to retain data arise from regulations on registration law, on accounting and from tax law. Under these provisions, business correspondence, concluded contracts and booking records must be retained for up to 10 years. If we no longer need these data to perform services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.

12. Disclosure of data

As an internationally active hotel management company, it is essential that we share information with our subsidiaries and other organisations within the Pühringer Foundation Group in order to continue to provide you with the best possible service. Exactly which information is shared depends on the context of your interaction with HVLL AG, the services you use and insofar as this is, in reasonable judgement, for the purposes and within the legal bases set out in this policy.

We only pass on your personal data to third parties if you have expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. In addition, we share your data with third parties insofar as this is necessary in the context of the use of the website and the handling of the contract (also outside the website), in particular the processing of your bookings.

A service provider to whom the personal data collected via the website are disclosed or who has or may have access to them is our web host (Hostpoint AG, Neue Jonastrasse 60, 8640 Rapperswil-Jona). The website is hosted on servers in [Switzerland]. The disclosure of the data takes place for the purpose of providing and maintaining the functionalities of our website. This constitutes our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Please also note, with regard to the disclosure of data to third parties, the information in paras. 7–8 and 10–11.

13. Transfer of personal data abroad

We are entitled to transfer your personal data to third-party companies (commissioned service providers) abroad for the purposes of the data processing described in this privacy policy. These are obliged to protect data to the same extent as we are. If the level of data protection in a country does not correspond to that of Switzerland and/or the EU, we ensure contractually that the protection of your personal data corresponds to that in Switzerland and/or the EU at all times.

D. Further information

15. Right of access, rectification, erasure and restriction of processing; right to data portability

You have the right to receive, upon request, information about the personal data stored by us about you. In addition, you have the right to rectification of incorrect data and the right to erasure of your personal data, insofar as there is no statutory retention obligation or a legal basis that permits us to process the data.

You also have the right to demand the return of the data you have provided to us (right to data portability). On request we will also transfer the data to a third party of your choice. You have the right to receive the data in a commonly used file format.

You can reach us for the aforementioned purposes via the email address [datenschutz@hvll.ch]. For the processing of your requests we may, at our discretion, require proof of identity.

For enquiries from the EU, please contact our EU representative MLL Brussel SPRL [hospitalityvisions@mll-gdpr.com]

15. Data security

We use appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

You should always treat your access data confidentially and close the browser window when you have finished communicating with us, especially if you use the computer jointly with others.

We also take internal company data protection very seriously. Our employees and the service companies commissioned by us have been obliged by us to maintain confidentiality and to comply with data protection regulations.

16. Note on data transfers to the USA

For reasons of completeness, we would like to point out for users resident or domiciled in Switzerland that there are surveillance measures by US authorities in the USA which generally enable the storage of all personal data of all persons whose data have been transferred from Switzerland to the USA. This is done without differentiation, limitation or exception according to the pursued objective and without an objective criterion that enables the access of the US authorities to the data and their subsequent use to be restricted to very specific, strictly limited purposes which are capable of justifying the interference associated both with access to these data and with their use. We also point out that, in the USA, data subjects from Switzerland have no legal remedies that would allow them to obtain access to the data concerning them and to obtain their rectification or erasure, nor is there effective judicial protection against general access rights of US authorities. We expressly draw the attention of those affected to this legal and factual situation in order to enable an appropriately informed decision to consent to the use of their data.

We would like to point out to users resident in a member state of the EU that, from the perspective of the European Union – among other things due to the issues mentioned in this section – the USA does not have an adequate level of data protection. Insofar as we have explained in this privacy policy that recipients of data (such as Google) are based in the USA, we will ensure, either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU or Swiss–US Privacy Shield, that your data are protected at an appropriate level with our partners.

17. Right to lodge a complaint with a data protection supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority at any time.

Status: Vienna, November 2025

Christmas & New Year’s Eve at the Palais Coburg