1.1 Data Controller
In accordance with the applicable data protection laws (the FADP and where applicable the GDPR), we would like to inform you about how we process your personal data.
1.2 Storage Period
Your data will generally only be stored as long as necessary to fulfil the specific purpose and will be deleted as soon as this purpose no longer exists. Alternatively, your data will be deleted at the end of any statutory retention periods.
1.3 Transfer of Data to Third Parties
Your data may be transferred within our group or to service providers. We ensure that such transfers are based on appropriate legal grounds (consent, legitimate interests, contractual necessity) and that we impose appropriate safeguards.
We will only share your personal data with third parties (e.g., tax authorities, banks, courts, law enforcement) when we are legally obliged or when it is necessary for the performance of a contract or service.
1.4 Transfer of Data to Third Countries
Where we transfer personal data outside Switzerland or the EU/EEA, we will ensure an adequate level of data protection (for example via standard contractual clauses or recognised adequacy decisions).
As Switzerland is regarded as providing an adequate level of data protection by the EU, transfers from the EU to Switzerland can be effected under the adequacy regime.
1.5 Website / Other Processing (e.g., IP address, Wi-Fi, bookings)
When you use our website or services in our restaurants (e.g., Wi-Fi, bookings), we may collect data such as your IP address, contact details (name, email, phone) and other usage data.
We use this data for internal purposes such as system security, service improvement and to respond to your enquiries.
2. Rights of the Data Subject
You have the right to access the personal data we process about you, to request correction or deletion (where applicable), to object to processing in certain circumstances, and to request data portability (where applicable).
You may exercise these rights by contacting us at info@vapiano.ch.
3. Storage of IP Address / Legal Bases for Processing
Our processing of your data is carried out on the following legal bases:
3.1a) Compliance with a legal obligation
3.1b) Legitimate interest (where your rights and freedoms are not overridden)
3.1c) Consent (when required)
4. Data Security
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction or damage.
Where required by law, we maintain records of processing activities and may conduct data protection impact assessments.
5. Changes to These Terms
We reserve the right to change these privacy and usage terms at any time. If we make significant changes, we will inform you via email or a notice on our website.