Privacy policy

Contact and owner of the website

Centurion Towerhotel
Steinackerstrasse 1
AG-5210 Windisch-Brugg

Technical implementation

Sara Fischer Content
Stadthöfli 2
5000 Aarau

Status: September 2020

Centurion Towerhotel GmbH manages the Centurion Towerhotel and is the operator of the website and is therefore responsible for the collection, processing and use of your personal data and the compatibility of the data processing with the applicable data protection law.

Your trust is important to us, which is why we take the issue of data protection seriously and ensure appropriate security. It goes without saying that we comply with the legal provisions of the Federal Data Protection Act (FADP), the Ordinance to the Federal Data Protection Act (FADP), the Telecommunications Act (TCA) and any other applicable data protection provisions of Swiss or EU law, in particular the General Data Protection Regulation (GDPR).

To help you understand what personal information we collect from you and for what purposes we use it, please review the information below.

A. Data processing in connection with our website

1. call our website

When you visit our website, our servers temporarily store each access in a log file. The following technical data is collected without your intervention, as is generally the case with any connection to a web server, and stored by us until automated deletion after 36 months at the latest:

  • the IP address of the requesting computer,
  • the name of the owner of the IP address range (usually your Internet access provider),
  • the date and time of access,
  • the website from which the access was made (referrer URL) with the search term used, if applicable,
  • the name and URL of the retrieved file,
  • the status code (e.g. error message),
  • the operating system of your computer,
  • the browser you use (type, version and language),
  • the transmission protocol used (e.g. HTTP/1.1) and
  • Your username from a registration/authentication.

This data is collected and processed for the purpose of enabling the use of our website (establishing a connection), ensuring system security and stability on a permanent basis and enabling the optimization of our Internet offering, as well as for internal statistical purposes. This is our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR.

The IP address is also evaluated together with the other data in the event of attacks on the network infrastructure or other unauthorized or abusive website use for the purpose of clarification and defense and, if necessary, used in the context of criminal proceedings to identify and take civil and criminal action against the users concerned. This is our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR.

2. use of our contact form

You have the possibility to use a contact form to get in touch with us. For this purpose, we require the following mandatory information:

  • Name
  • Address
  • E-mail address
  • Phone number
  • Message

We use this data as well as a telephone number provided by you only to be able to answer your contact request in the best possible and personalized way. Therefore, the processing of this data is in the sense of Art. 6 para. 1 lit. b DSGVO is necessary for the implementation of pre-contractual measures or is in our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

3. subscribe to our newsletter

You have the possibility to subscribe to our newsletter on our website. Registration is required for this. The following data must be submitted as part of the registration process:

  • Salutation
  • First and last name
  • E-mail address

The above data are necessary for data processing. In addition, you can voluntarily provide further data (date of birth and country). We process this data exclusively in order to personalize the information and offers sent to you and to better align them with your interests.

By registering, you give us your consent to process the data provided for the regular dispatch of the newsletter to the address you have provided and for the statistical evaluation of user behavior and the optimization of the newsletter. This consent constitutes in the sense of Art. 6 para. 1 lit. a DSGVO constitutes our legal basis for processing your e-mail address. We are entitled to commission third parties with the technical processing of advertising measures and are entitled to pass on your data for this purpose (cf. section 13 below).

At the end of each newsletter you will find a link that allows you to unsubscribe at any time. As part of the deregistration process, you may voluntarily provide us with the reason for deregistration. After unsubscribing, your personal data will be deleted. Further processing only takes place in anonymized form for the optimization of our newsletter.

4. opening a customer account

To make online room bookings on our website, you can order as a guest or open a customer account. When registering for a customer account, we compulsorily collect the following data:

  • Salutation
  • First and last name, company name if applicable
  • Address, zip code, city, country
  • Phone number
  • E-mail address
  • Password
  • Credit card data

The collection of this and other data provided by you (e.g. company name) is for the purpose of providing you with password-protected direct access to your basic data stored with us. In it you can view your previous and current bookings or manage or change your personal data.

The legal basis of the processing of the data for this purpose lies in the consent given by you pursuant to Art. 6 para. 1 lit. a GDPR.

5. booking on the website, by correspondence or by phone call.

If you make bookings either via our website, by correspondence (email or letter post) or by telephone call, we require the following mandatory data for the processing of the contract:

  • Salutation
  • First and last name
  • Postal address
  • Date of birth
  • Phone number
  • Language
  • Credit card information
  • E-mail address

We will only use this data and other information voluntarily provided by you (e.g. expected arrival time, motor vehicle registration plate, preferences, remarks) to process the contract, unless otherwise stated in this privacy policy or you have separately consented to this. We will process the data by name in order to record your booking as requested, to provide the booked services, to contact you in case of ambiguities or problems and to ensure the correct payment.

The legal basis of data processing for this purpose is the fulfillment of a contract pursuant to Art. 6 para. 1 lit. b GDPR.


Cookies help in many aspects to make your visit to our website easier, more pleasant and more meaningful. Cookies are information files that your web browser automatically stores on your computer’s hard drive when you visit our website.

We use cookies, for example, to temporarily store your selected services and entries when you fill out a form on the website so that you do not have to repeat the entry when you call up another sub-page. Cookies may also be used to identify you as a registered user after you have registered on the website, without you having to log in again when you access another sub-page.

Most Internet browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears when you receive a new cookie. On the following pages you will find explanations on how to configure the processing of cookies in the most popular browsers:

Disabling cookies may prevent you from using all the features of our website.

6. tracking tools

a. General

For the purpose of demand-oriented design and continuous optimization of our website, we use the web analytics service of Google Analytics. In this context, pseudonymized usage profiles are created and small text files that are stored on your computer (“cookies”) are used. The information generated by the cookie about your use of this website is transmitted to the servers of the providers of these services, stored there and processed for us. In addition to the information provided under para. 1 listed data, we may thereby obtain the following information:

  • Navigation path that a visitor follows on the site,
  • Dwell time on the website or subpage,
  • the subpage on which the website is left,
  • the country, region or city from where access is made,
  • End device (type, version, color depth, resolution, width and height of the browser window) and
  • Returning or new visitor.

The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to the use of the website and the Internet for the purposes of market research and demand-oriented design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.

b. Google Analytics

The provider of Google Analytics is Google Inc, a company of the holding company Alphabet Inc, based in the USA. Before the data is transmitted to the provider, the IP address is truncated by activating IP anonymization (“anonymizeIP”) on this website within the member states of the European Union or in other contracting states to the Agreement on the European Economic Area. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In these cases, we ensure through contractual guarantees that Google Inc. maintains a sufficient level of data protection. According to Google Inc., in no case will the IP address be associated with other data concerning the user.

For more information about the web analytics service used, please visit the Google Analytics website. Instructions on how to prevent the processing of your data by the web analytics service can be found at

B. Data processing in connection with your stay

7. data processing for the fulfillment of legal reporting obligations

Upon arrival at our hotel, we may require the following information from you and your companions:

  • First and last name
  • Street, zip code, place of residence, state/canton
  • Place of birth (CH citizen home town)
  • Date of birth
  • Birthplace
  • Nationality
  • Official identification card and number
  • Car license plate
  • E-mail address
  • Credit card information
  • Arrival and departure day
  • Room number
  • Company address
  • Signature

We collect this information in order to fulfill legal reporting obligations, which arise in particular from hospitality or police law. To the extent we are required to do so by applicable law, we will forward this information to the appropriate law enforcement agency.

In the fulfillment of the legal requirements is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

8. recording of purchased services

If you receive additional services during your stay, we will record the subject of the service and the time of receipt for billing purposes. The processing of this data is in the sense of Art. 6 para. 1 lit. b DSGVO required for the processing of the contract with us.

C. Storage and exchange of data with third parties

9. booking platforms

If you make bookings via a third-party platform, we receive various personal information from the respective platform operator. As a rule, these are the items listed in para. 5 of these data protection declarations. In addition, inquiries about your booking may be forwarded to us. We will process this data by name in order to record your booking as requested and to provide the booked services. The legal basis of data processing for this purpose is the fulfillment of a contract pursuant to Art. 6 para. 1 lit. b GDPR.

Finally, we may be notified by platform operators of disputes related to a booking. In the process, we may also receive data about the booking process, which may include a copy of the booking confirmation as evidence of the actual booking completion. We process this data to protect and enforce our claims. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Please also note the privacy policy of the respective provider.

10. central storage and linking of data

We store the data specified in items 2-5 and 8-10 in a central electronic data processing system. The data concerning you will be systematically collected and linked for the purpose of processing your bookings and handling the contractual services. For this we use a software of the company Rebagdata AG, Einsiedlerstrasse 533, 8810 Horgen (hotel software protel) . We base the processing of this data within the scope of the software on our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR on customer-friendly and efficient customer data management.

11. retention period

We store personal data only as long as it is necessary to use the tracking services mentioned above as well as the further processing within the scope of our legitimate interest. Contractual data is retained by us for longer periods of time, as this is required by legal retention obligations. Retention obligations, which oblige us to retain data, result from regulations on registration law, on accounting and from tax law. According to these regulations, business communications, concluded contracts and accounting records must be kept for up to 10 years. Insofar as we no longer need this data to perform the services for you, the data will be blocked. This means that the data may then only be used for accounting and tax purposes.

12. disclosure of data to third parties

We will only pass on your personal data if you have expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. In addition, we share your data with third parties to the extent necessary in the context of the use of the website and the execution of contracts (also outside the website), namely the processing of your bookings.

A service provider to whom the personal data collected via the website is transferred or who has or may have access to it is our web hoster, 5000 Aarau. The website is hosted on servers in Switzerland. The data is passed on for the purpose of providing and maintaining the functionalities of our website. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Finally, if you pay by credit card on the Website, we will forward your credit card information to your credit card issuer and to the credit card acquirer. If you choose to pay by credit card, you will be asked to enter all mandatory information in each case. The legal basis for the transfer of the data is the fulfillment of a contract according to Art. 6 para. 1 lit. b GDPR. Regarding the processing of your credit card information by these third parties, we ask you to also read the terms and conditions as well as the privacy policy of your credit card issuer.

Please also note the information regarding the transfer of data to third parties provided in section. 7-8 and 10-11.

13. transfer of personal data abroad

We may also transfer your personal data to third party companies (contracted service providers) abroad for the purposes of the data processing described in this Privacy Policy. These are obligated to data protection to the same extent as we ourselves. If the level of data protection in a country does not correspond to that in Switzerland or the EU, we contractually ensure that the protection of your personal data corresponds to that in Switzerland or the EU at all times.

D. More information

14. right of access, rectification, erasure and restriction of processing; right to data portability

You have the right to obtain information about the personal data that we store about you upon request. In addition, you have the right to correct inaccurate data and the right to have your personal data deleted, provided that this does not conflict with a legal obligation to retain the data or an authorization that allows us to process the data.

You also have the right to demand that we return the data you have given us (right to data portability). Upon request, we will also share the data with a third party of your choice. You have the right to receive the data in a common file format.

You can contact us for the aforementioned purposes via the e-mail address
Reach We may, at our discretion, require proof of identity to process your applications.

15. data security

We use appropriate technical and organizational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

You should always keep your access data confidential and close the browser window when you have finished communicating with us, especially if you share the computer with others.

We also take internal data protection very seriously. Our employees and the service companies commissioned by us have been obligated by us to maintain confidentiality and to comply with the provisions of data protection law.

16. note on data transfers to the USA

For the sake of completeness, we would like to point out for users who are resident or domiciled in Switzerland that there are surveillance measures in place in the USA by US authorities which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without any differentiation, limitation or exception based on the objective pursued and without any objective criterion that would make it possible to limit the access of the U.S. authorities to the data and their subsequent use to very specific, strictly limited purposes that are capable of justifying the interference associated both with the access to these data and with their use. In addition, we would like to point out that there are no legal remedies available in the U.S. for data subjects from Switzerland to obtain access to the data concerning them and to have it corrected or deleted, or that there is no effective judicial legal protection against general access rights of U.S. authorities. We explicitly point out this legal and factual situation to the data subject in order to make an appropriately informed decision to consent to the use of his or her data.

We would like to point out to users residing in a member state of the EU that the USA does not have a sufficient level of data protection from the perspective of the European Union – among other things due to the issues mentioned in this section. To the extent that we have explained in this Privacy Policy that recipients of data (such as Google) are located in the United States, we will ensure that your data is protected with an appropriate level of protection with our partners either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU or Swiss-US Privacy Shield.

17. right to complain to a data protection supervisory authority

You have the right to complain to a data protection supervisory authority at any time.

Status: September 2020