Privacy Police

for the company

Hotel Pestalozzi Lugano, Piazza Indipendenza 9, CH-6901 Lugano

+41 91 921 46 46 - -


The above company is a cooperative. The company undertakes to provide services which are or may be related to the accommodation or board contract or other contract of sale with the guest for the service offered. The company takes the protection of the personal data of his customers very seriously and thus commit equally to compliance with the requirements of the Swiss Federal Data Protection Act (DSG) and the European General Data Protection Regulation (GDPR). The company regards as data controller, and a request for information, blocking, deletion and the like is automatically carried out.



The following explains what personal data company collects at what point, how, where and how it is stored and processed, and what rights and opportunities are associated with this.

What is personal data?
Personal data is all data with which a guest could be personally identified.

How is such data collected? 
On the one hand, it is possible for such data to be personally communicated by guests in the context of a hotel or table reservation, either by telephone, fax, e-mail, letter or personally on site. The data may also be transmitted by a third party (a mediator) to the contractor. Also, data will be transmitted when ordering vouchers and purchasing promotional items or other goods & services. We restrict ourselves exclusively to the data, which is necessary for the fulfillment of the contract or the pre-contractual measures. 
On the other hand, the data can be sent to us automatically via our website, Wi-Fi access or our social media channels. This is mostly technical data that is captured by the IT systems (e.g.: operating system, time and origin of the page request or internet browser, etc.)

What is the data collected and processed for? 
First and foremost data is collected for fulfilling contracts, for example in connection with the guest reception contract or a reservation. If the contract is concluded, legal obligations can arise from this, such as a legal obligation to report. It is also quite possible that a legitimate interest exists on our part, which requires that personal data is known and/or processed, for example to improve our immediate service (e.g.: preferred mattress hardness) Finally, the data processing concerns improving our communication by analyzing user behavior and ensuring that the site is properly delivered. In general, however, we always get explicit consent.

What rights do customers retain regarding their data?
Our customers have, at any time and free of charge, the right to information about the origin, recipient and purpose of the data stored by the companies. In addition, customers have, at any time, free of charge, the right to delete or block the data as well as to transfer the data on the basis of the customer’s consent to a third party in a machine-readable format. All of this happens via simple contact by means of an informal message, for example, by e-mail to one of the above-mentioned data controllers. Of course, any consent provided by the customer can be revoked free of charge at any time without providing reasons. An informal e-mail to the address mentioned in the imprint is sufficient for this as well.

Objection to advertising e-mails 
The use of the information from the above mentioned imprint for the transmission of unsolicited advertising and informational materials is hereby clearly objected to, and the companies expressly reserve the right to take legal action in the event of violation of this point.

OFFLINE (within our company)

In order to fulfill our service, we sometimes have to collect and process personal data. Within our enterprises this can happen in the following contexts:

1. Room reservation

For contractual fulfillment
From the reserving party: First name, last name, date of birth, country of origin, title & language, e-mail address, telephone number (mobile), credit card details, length of stay, reservation channel, date of reservation, correspondence, arrival means, arrival time, pets 
From fellow travelers: First name, last name, date of birth

Due to legal obligation
From the reserving party: First name, last name, date of birth, country of origin, title & language, e-mail address, telephone number 
From fellow travelers: First name, last name, date of birth

With the consent of the customer
Contact information of fellow travelers, social media contacts, intolerances & allergies, bank information, food and drink preferences, bedding preferences, special wishes regarding the organization of the stay and services on site, private anniversaries (wedding anniversary, family celebrations, etc.) 

With the express consent of the customer
Newsletter and direct offers (advertising e-mails/advertising mail)

Systems used

  • Fidelio Suite 8 hotel software – on a central server at the company site as a PMS system and debtor accounting
  • newsletters and communication software empaction GmbH , Marktstrasse 33-35, 60388 Frankfurt am Main

In the context of the contractual fulfillment of our service, we generally use the following standard communication in which personal data is processed: Offer | Confirmation | Pre-Stay Mail (for information on how to get there and how to plan additional experiences locally) | Post-Stay Mail (for information on guest satisfaction)

2. Table reservations

For contractual fulfillment
Name, number of persons, time, phone number/e-mail

With the consent of the customer 
Birthday, additional contact information, credit card details, intolerances & allergies, food & beverage preferences

With the express consent of the customer 
Newsletter and direct offers (advertising e-mails/advertising mail)

Systems used

  • Hotel own website -

ONLINE (on our website and our social media accounts)

1. Gathering of information

We collect information when you register on our website, make a booking, enter a contest and/or de-register. The information collected includes your name, e-mail address, telephone number, and/or credit card. In addition, we automatically receive and store information from your computer and browser, including your IP address, software and hardware, and the page you requested.

2. Use of information

All information we collect from you can be used for:

  • Personalization of your experience and fulfillment of your individual needs
  • Provision of personalized advertising content 

  • Improvement of our website 

  • Improvement our customer service and support needs 

  • Contact by e-mail 

  • Management of a competition, promotion or survey
3. Data protection in online retail

We are the only owner of the information collected on this website. Your personal data will not be sold, exchanged, transferred or transmitted to another company without your consent, unless it is necessary to fulfill a request and/or transaction, e.g. to place an order or to order an accommodation card with customer benefits.

4. Transfer to third parties

We do not sell, trade or transfer your personal data to third parties. This does not apply to reliable third parties who assist us in managing our website or conducting our business, provided that they commit to keeping the data confidential. 
We believe that it is necessary to exchange information in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations in which the physical safety of a person could be at risk, violations of our terms of use or if required by law, in accordance with the legal obligations of the municipal, cantonal or national authorities. However, non-private information may be provided to other parties for marketing, advertising or other purposes.

5. Protection of information

We implement a variety of security measures to protect your personal information. We use the latest encryption technology (SSL certificates to protect confidential information transmitted online. We protect your data offline as well. Only employees who need to perform certain tasks, such as billing or customer service, have access to personal information. The computers and servers used to store personal information are stored in a secure environment. 

Do we use cookies?
Yes. Our cookies improve access to our website and identify regular visitors. In addition, our cookies enhance the user experience by tracking and targeting their interests. However, this use of cookies in no way involves personally identifiable information on our website.

6. Unsubscribe

We use the e-mail address you provided to send you information and updates regarding your order, occasional company news, related product information, and more. If you want to unsubscribe and no longer want to receive e-mails, you will find an unsubscribe link at the end of each e-mail.

7. Consent

By using our website you consent to our privacy policy.

8. Responsibility

Responsibility lies with the company indicated in the imprint.

9. List of various ONLINE data sources and systems we use

Ennit Interactive AG - Projensdorfer Str. 324 - 24106 Kiel
P +49 (0)431 – 7097-10 - F +49 (0)431 – 7097-555 -

CMS used 
1 St Katharine's Way - London E1W 1UN, United Kingdom 
P +44 20 3637 5420 -

Hotel’s own booking platform/systems 
Simple Booking
Via Lucca,52 - 50142 – Firenze - Italy 
P +39(0)55 705718


If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored in order to process the inquiry and in case of follow-up questions. We will not share this data without your consent. 
The processing of the data entered into the contact form is therefore exclusively based on your consent (Art. 6 (1) (a) GDPR). You can revoke this consent at any time. An informal message by e-mail to us is sufficient for this purpose. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation. 
The data entered by you in the contact form remains with us until you ask us us to delete it, you revoke your consent to the storage, or the purpose for the data storage no longer applies (e.g. after completion of processing your inquiry). Mandatory statutory provisions – especially retention periods – remain unaffected.


This website uses functions of the web analytics service Google Analytics. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. 
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Google Analytics cookies are stored on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.


You can prevent the storage of cookies by a corresponding setting of your browser software; However, we would like to point out that in this case you may not be able to use all the functions of our web pages in full. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link:


You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics. For more information on the handling of user data on Google Analytics, please refer to the Google privacy policy:


Our websites leverages the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. This feature allows the Google Analytics Remarketing ad groups to be linked to the cross-device features of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that are adapted to you depending on your previous usage and surfing behavior on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC). Once you have given your consent, Google will associate your web and app browsing history with your Google account for this purpose. That way, the same personalized advertising messages can appear on any device you sign in to with your Google account. To support this feature, Google Analytics collects Google-authenticated IDs of users who are temporarily linked to our Google Analytics data to define and create target groups for cross-device ad promotion. You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google account; to do this, follow this link:

The aggregation of the collected data in your Google account is based solely on your consent, which you can submit or revoke on Google (Article 6 (1) (a) GDPR). For data collection operations that are not merged into your Google account (e.g., because you do not have a Google Account or have objected to the merge), the collection of data is based on Art. 6 (1) (f) GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymous analysis of the website visitors for advertising purposes. For more information, see the Google privacy policy at:


This website uses Google AdWords. AdWords is an online advertising program of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”). 
As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that the internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used for the personal identification of the users. If the user visits certain pages of this website and the cookie has not expired yet, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. The cookies cannot be tracked through the websites of AdWords customers. The information gathered using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users. If you do not wish to participate in tracking, you can opt-out of this usage by disabling the Google conversion tracking cookie through your internet browser under user preferences. You will not be included in the conversion tracking statistics. The storage of “conversion cookies” is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. For more information about Google AdWords and Google conversion tracking, see the Google privacy policy: You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases or only for certain cases or generally exclude cookies and enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.


Our website uses Facebook’s visitor action Pixel for conversion measurement: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
This allows the behavior of the site visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. As a result, the effectiveness of Facebook advertisements can be evaluated for statistical and market research purposes and future advertising measures optimized. The collected data is anonymous to us as the operator of this website; we cannot draw conclusions about the identity of the users from this data. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible, and Facebook can use the data for their own advertising purposes, according to Facebook data use policy. Facebook can thereby enable ads to be displayed on Facebook and outside of Facebook. This use of data cannot be influenced by us as the site operator. In the privacy policy of Facebook you will find more information on the protection of your privacy: You can also deactivate the “Custom Audiences” remarketing feature in the ads settings section under To do this, you must be logged in to Facebook. If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website:


If you would like to receive the newsletter offered on the website, we require an e-mail address from you, your family and first name. Further data is not collected or is collected only on a voluntary basis. We use this data exclusively for the delivery of the requested information and do not pass it on to third parties. The processing of the data entered into the newsletter registration form takes place exclusively on the basis of your consent (Article 6 (1) (a) GDPR). The granted consent to the storage of the data, the e-mail address and their use for sending the newsletter can be revoked at any time, for example via the “unsubscribe” link in the newsletter. The legality of the already completed data processing operations remains unaffected by the revocation. 
The data deposited with us for the purpose of obtaining the newsletter will be saved by us until your cancellation and will be deleted after cancellation of the newsletter. Data stored for other purposes with us (e.g. e-mail addresses for the members area) remains unaffected.


Our website uses plug-ins from the Google-powered YouTube page. The site operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. 
When you visit one of our YouTube plug-in-enabled sites, you will be connected to the servers of YouTube. The YouTube server is then told which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. The use of YouTube serves the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. For more information on the handling of user data, please refer to the YouTube privacy policy at:


This site uses so-called web fonts, provided by Google, for the uniform representation of fonts. When you visit a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. To do this, the browser you use must connect to Google’s servers. As a result, Google learns that our website has been accessed via your IP address. The use of Google web fonts serves the interest of a consistent and attractive presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If your browser does not support web fonts, a default font will be used by your computer. For more information about Google web fonts, see also see Google’s privacy policy:


This site uses the mapping service Google Maps via an API. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. 
To use the features of Google Maps, it is necessary to save your IP address. This information is usually transmitted to and stored on a Google server in the United States. The provider of this site has no influence on this data transfer. The use of Google Maps serves the interest of an attractive presentation of our online offers and easy findability of the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. For more information on the handling of user data, please refer to the Google privacy policy at:


Our website integrates plug-ins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. 
The Facebook plugins can be recognised by the Facebook logo or the “Like Button” (“Like”) on our site. An overview of the Facebook plug ins can be found here:
When you visit our website, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our website with your IP address. If you click on the Facebook “Like Button” while you are logged into your Facebook account, you can link the contents of our pages to your Facebook profile. As a result, Facebook can assign your visit to our website to your user account. We point out that we as the provider of the website are not aware of the content of the data transmitted and its use by Facebook. For more information, see the Facebook privacy policy at:
If you do not want Facebook to be able to associate your visit of our website with your Facebook user account, please log out of your Facebook user account.


TripAdvisor plug-ins are integrated into our website (TripAdvisor Inc., 141 Needham Street, Newton, MA 02464, USA) and can be recognized by the logo. When you visit our website a direct connection is made between your browser and the plug in provider. These firms receive the information that you have visited our website with your IP-Address. We wish to advise you that we, as site provider, receive no information regarding the content of the data transmitted nor the use thereof. Further information can be found in TripAdvisor's Data Protection Declaration:
Contact: Attn: Privacy Officer/Legal Department. E-Mail:


Our website contains links to external websites. When you use these links to visit other websites the operators of these websites may receive information which they may use (in accordance with data protection laws). These may differ from our data protection declaration. We advise you to read the data protection declarations on these websites to receive information about the type of collection, use and disclosure of personal data.