Menu
Réservez
Hotel Coronado Mendrisio Scopri Il Mendrisiotto DJI 20240605120441 0058 D
Hotel Coronado Mendrisio Rooms Dscf0295 Copia
Hotel Coronado Bar Unicorn 1B1A0974
Hotel Coronado Bar Unicorn DSCF2228 Copia
Foto Fournier Reception
Hotel Coronado Sale Meeting Bellavista Untitled HDR 62 Copy
DSCF0378 Copia
Hotel Coronado Mendrisio Bike Hotel DSCF3565 04
Hotel Coronado Mendrisio Skybar DSC2076 1 Copy
Hotel Coronado Mendrisio Clubhouse DJI 0045
DJI 0022 Copia

Privacy Notice – Personal Data Protection
Hotel Coronado – Mendrisio

This privacy notice explains how we process your personal data, for what purposes it is used, to whom it may be disclosed, and what your rights are in relation to such data processing.

Data Controller Contact Details

The data controller is Piccadilly SA (hereinafter referred to as the "Controller").
Any questions regarding data protection or the processing of personal data can be sent by post to the following address:

Piccadilly SA
Via Carlo Diener 13
6500 Mendrisio – Switzerland

or via email to:
[email protected]

 

Data Protection Advisor (DPA) / Data Protection Officer (DPO)

The Controller has appointed a Data Protection Advisor who can be contacted via the following email address:
[email protected] 

 

Definitions

Personal data refers to any information relating to an identified or identifiable natural person.

Processing means any operation performed on personal data, regardless of the means or procedures used, such as the collection, recording, storage, use, alteration, communication, archiving, deletion, or destruction of data.

Controller means the private individual or federal authority that, alone or jointly with others, determines the purposes and means of the processing.

Processor means the private individual or federal authority that processes personal data on behalf of the Controller.

 

Legal Framework

In Switzerland, the processing of personal data is governed by the Federal Act on Data Protection (FADP) of September 25, 2020 (in force as of September 1, 2023) and the Data Protection Ordinance (DPO) of August 31, 2022 (in force as of September 1, 2023).

Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (General Data Protection Regulation – GDPR) applies to the processing of personal data of data subjects located in the EU, where such processing is carried out by a controller or processor not established in the EU and relates to the offering of goods or services to such data subjects, regardless of whether payment is required.

Norway, Liechtenstein, and Iceland, as members of the European Economic Area (EEA), are also subject to the GDPR. In the United Kingdom, the UK GDPR applies.

Data subjects from other countries, beyond Switzerland and the EEA, are encouraged to consult the section “Data Subject Rights” to understand their rights in full.

 

Purposes of Processing

We collect your personal data primarily for purposes related to your stay at the hotel. If you have given consent for marketing purposes, we also process your data to inform you about initiatives and promotions of our facility.

Specifically, your personal data is processed for the following purposes:

Bookings and Communication

  • Room and related service reservations
  • Pre-arrival communication, including guest preferences, additional service requests, reservation modifications, and deposit records

Reception and Services During Stay

  • Check-in upon arrival and guest data registration
  • Provision of services such as parking, taxi or shuttle transfers, wellness and fitness area access, and use of the helipad
  • Arrangements with third-party providers for guest services (e.g., tours, excursions, taxis, restaurant or event bookings)
  • Handling guest requests (e.g., room service, laundry, maintenance)
  • Managing guest complaints
  • Check-out and payment processing upon departure

Meetings and Events

  • Event and meeting room bookings
  • Handling of related services such as catering
  • Participant name verification and coordination with security services for event access
  • Coordination with third-party providers for services such as audiovisual or transportation

Food and Beverage Services

  • Restaurant reservations
  • Collection of dietary requirements or other personal needs when ordering food
  • Recording of preferences and tastes to provide a personalized experience

Legal and Tax Obligations

  • Storing accounting records and tax-related documents regarding your stay
  • Responding to public authority requests
  • Legal proceedings involving the hotel or the Controller

Safety and Emergency Management

  • Ensuring the safety of guests, event participants, visitors, and hotel staff
  • Emergency response in case of fire, flooding, medical emergencies, vandalism, or threats
  • Monitoring video surveillance footage

Marketing and Newsletters

  • Marketing initiatives, advertising promotions, customer loyalty programs
  • Newsletters on hotel services and guest-related initiatives
  • Promotion of products or services offered by hotel partners

 

Categories of Personal Data Processed

We collect only the personal data necessary to offer our guests the best possible service, comply with legal requirements, or respond to safety needs. The categories of personal data we process include:

Identification Data

Personal details such as title, full name, address, date of birth, nationality, email address, and phone number

Identity Documents

Copy of a valid identification document (e.g., passport or identity card) and the personal data it contains

Billing Data

Invoice holder information (if different from the guest), credit or debit card details, or other payment methods

Preferences

If you consent to share your preferences, we can provide a more personalized service. This may include preferred communication language, dietary requirements, room accommodation preferences, food preferences, and general interests

Video Surveillance Images

We collect surveillance footage only in common areas of the hotel (e.g., reception, hallways, parking area). These recordings are processed solely for security purposes, accessible only by authorized personnel, and disclosed to authorities only upon written request from the Public Prosecutor

Group Guest Data

For group reservations, we receive a list of participant data from the group organizer, including only title, full name, date of birth, and residence. At check-in, it is the responsibility of the tour leader to confirm the accuracy of this information

 

Recipients or Categories of Recipients

In processing your personal data, we strictly adhere to the principles of Privacy by Design and Privacy by Default. This means that within our facility, your personal data is accessible only to authorized staff who need it to perform their duties.

We share your personal data with third parties only to the extent necessary for them to fulfil their functions. Your personal data may be disclosed to the following categories of entities, acting as either Processors or Independent Controllers, and their employees or collaborators:

  • ICT Service Providers
    For example, IT companies with access to our IT systems, external storage providers, outsourcing partners, or telecommunications companies
  • Trust and Fiduciary Service Providers
    Such as fiduciaries, auditors, or consultants
  • Security Service Providers
    Including companies specialized in physical security or video surveillance
  • Marketing Service Providers
    If you have given your consent for direct marketing, such as promotions, discounts, newsletters, or personalized offers, we may share your data with marketing service providers to enhance your experience with us
  • Other Business Partners
    If you have requested external services (e.g., transportation, entertainment, catering), we may share only the essential data required for our partners to fulfil your request and offer a personalized service
  • Authorities
    We share your personal data with public authorities when required by law

All recipients are required to maintain confidentiality, comply with applicable data protection laws, and implement appropriate technical and organizational measures to safeguard your personal data against unauthorized or unlawful processing, accidental loss, alteration, disclosure, or access.

 

Legal Bases

We process your personal data for the purposes described above, based on the following legal grounds:

  • For the performance of a contract
    When we collect and process your personal data in order to fulfil our contractual obligations. For example, to organize your hotel stay, coordinate meetings and events, or provide any other services offered by our facility.
  • To comply with a legal obligation
    When we are required to process your personal data to meet legal requirements. For example, to respond to requests from public authorities.
  • Based on the legitimate interest of the Controller
    When your personal data is used for security reasons. For instance, the recording of video surveillance images within the hotel premises and surrounding areas.
  • With your consent
    When your explicit consent is required, such as for marketing purposes. This consent may be revoked at any time without affecting the lawfulness of processing based on consent before its withdrawal.

 

Retention Period of Personal Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. We may retain your data for a longer period if required by legal or contractual obligations or if we have a legitimate interest to do so (e.g., to assert or defend legal claims until the applicable limitation periods expire).

In general, we retain your personal data as follows:

All personal data collected for the performance of a contract is retained for up to 10 years after its termination, in accordance with fiscal regulations

In the event of legal proceedings, personal data will be retained for the duration of the proceedings and until all avenues of appeal have been exhausted

Video surveillance recordings are retained for a maximum of 30 days from collection, unless requested by authorities to investigate incidents that occurred within or around the hotel

Data collected for marketing purposes is retained until you withdraw your consent

Once the above retention periods have expired, the personal data will be either deleted or anonymized.

 

Provision of Data

The provision of your personal data is necessary for the conclusion and performance of the contract, as well as for compliance with legal obligations to which the Controller is subject.
Any refusal, even partial, to provide such data may prevent the Controller from properly fulfilling the contract and/or complying with the related legal requirements.

For purposes that require your consent, the provision of personal data is optional. However, failure to provide consent will make it impossible to pursue those specific purposes (e.g., receiving marketing communications).

 

Transfer of Personal Data to Third Countries

We process and store your personal data on servers located in Switzerland.

For cloud-based data processing, we work exclusively with providers who ensure that servers used are located in Switzerland.

If you have any questions regarding the transfer of your personal data and the safeguards applied, you may contact us at any time using the contact details provided above.

 

Data Subject Rights

In accordance with the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR), you have the following rights regarding the processing of your personal data:

  • Right of access: to obtain confirmation as to whether or not personal data concerning you is being processed, and, if so, to receive a copy of it.
  • Right to rectification: to request the correction of inaccurate data or the completion of incomplete data.
  • Right to erasure: to request the deletion of your personal data, in the cases provided for by law.
  • Right to restriction of processing: to request the limitation of processing under certain conditions.
  • Right to object: to object to the processing of your data based on reasons related to your specific situation.
  • Right to data portability: to receive your personal data in a structured, commonly used and machine-readable format, and to transmit it to another controller.
  • Right to withdraw consent: to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint: to submit a complaint to the competent supervisory authority.

 

Additional Guarantees

Data subjects are entitled to all rights and protections provided under the applicable laws of their country of residence, including but not limited to:

  • the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA)
  • the Lei Geral de Proteção de Dados Pessoais (LGPD)
  • the Personal Information Protection Law (PIPL)
  • the Digital Personal Data Protection Act (DPDPA)

 

Additional Rights in Certain Jurisdictions

In specific jurisdictions, such as California, data subjects may have additional rights, including:

  • Right to opt-out of the sale or sharing of personal data: to request that personal data not be sold or shared with third parties for commercial purposes
  • Right to limit the use of sensitive personal data: to request that such data be used only to the extent necessary to provide requested services or for legally permitted purposes
  • Right to non-discrimination: the right not to be subject to discriminatory treatment for exercising privacy rights, including denial of goods or services, or receiving different prices or conditions, unless such differences are directly related to the value of the data provided

 

These rights are in addition to those already listed and may be exercised following the instructions in this Privacy Notice.

 

Exercising Your Rights

To exercise any of your rights or for more information on the protection of your personal data, you can contact us using the Controller’s contact details mentioned above or write an email to:

[email protected]

 

Security

We have implemented appropriate technical and organizational measures to safeguard the security of your personal data and to protect it against unauthorized or unlawful processing, accidental loss, alteration, disclosure, or unauthorized access.

 

Privacy Policy Updates

We are constantly working to improve our services and to offer you new experiences, with the goal of ensuring a memorable stay. This ongoing effort also affects the way we process your personal data. For this reason, we update our privacy policy to keep it aligned with the services we provide. Next to the "Last update" caption at the end of this text, you will find the date of the most recent revision of our privacy policy.

 

Last update: 28.04.2025

Réserver maintenant