DATA PROTECTION

Hôtel de Verbier SA (the “Hotel”) operates the website www.hoteldeverbier.com.

The Hotel is thus responsible for the collection, processing, and use of your personal data in connection with the websites and bookings at the Hotel and for processing data in compliance with applicable data protection laws.

Your trust is important to us; therefore, we take data protection seriously and take care to provide proper security. In doing so, as a matter of course we comply with the legal provisions of the Swiss Federal Act on Data Protection (“FADP”), the Swiss Ordinance to the Federal Act on Data Protection (“OFADP”), the Swiss Telecommunications Act (“TCA”) and other applicable data protection provisions under Swiss or EU law, in particular the General Data Protection Regulation (“GDPR”).

Please carefully read the information provided in this privacy policy (the “Privacy Policy”) to know what personal data we collect from you and for what purpose we use it.

If you have any questions regarding data protection you can contact us at www.hoteldeverbier.com.

 

A. DATA PROCESSING IN CONNECTION WITH OUR WEBSITE

 

1. Visiting our website

When visiting our website, servers temporarily store each access in a log file. The following technical data is thereby collected for every connection with a web server without requiring any action by you, and is maintained until the business relationship is terminated:

– The IP address of the requesting computer;
– The name of the owner of the IP address (normally your internet access
provider);
– The date and time of the access;
– The website from which the access was made (referrer URL), where applicable with the search word used;
– The name and the URL of the accessed file;
– The status code (e.g. error report);
– The operating system of your computer;
– The browser you use (type, version and language);
– The transfer log used (e.g. HTTP/1.1); and
– Where applicable your user name from registration/authentication;
– The host header name;
– The number of bytes sent by the server;
– The number of bytes received and processed by the server;
– The duration of access;
– The requested verb or word, such as the GET method (GET location);
– The goal of the requested verb or word, e.g. Default.htm.

The collection and processing of this data is done for the purpose of enabling the use of our website, continuously ensuring system security and stability, optimising our website, and for internal statistical purposes. Furthermore, the IP address will be evaluated, together with other data, in case of attacks on the network infrastructure or other unauthorized use or misuse of the website, for the purpose of intelligence and protection, and, if appropriate, used in criminal proceedings for identification, civil and criminal proceedings against the relevant users. This is within our legitimate interest to ensure a stable and secure connection to our website as well as to improve our websites to provide a more customer-friendly and personalised experience.

 

2. Keeping up to date with information about the Hotel

We may send you an email update with information about the Hotel or the services offered by the Hotel. We only process your email address for such direct marketing efforts based on our legitimate interest to inform you about our offers after you have stayed with us as a Guest. We will only send you such information for a period of 18 months since our last interaction.

We are entitled to commission third parties with the technical handling of promotional measures and are entitled to pass on your data for this purpose (cf. clause 14).

At the end of each newsletter a link is provided by means of which you can unsubscribe at any time. When unsubscribing, you may voluntarily give us the reason. After unsubscribing, your personal data will be deleted.

 

3. Opening a customer account

To make a booking through our website, you can either make your request as a guest (cf. clause 2) or you may open a customer account. For this, we require the following registration data:

– Title;
– First and last name;
– Postal address;
– Date of birth;
– Telephone number;
– E-mail address;
– Password.

The collection of this data, as well as any additional data voluntarily provided by you, is used for the purpose of providing you password-protected direct access to your base data. In your account you can view your past and current reservations and manage or change your personal data.

The legal basis for processing the data for this purpose lies in the consent you have provided by clicking on the relevant check boxes when opening your customer account.

 

4. Reservations via website, correspondence or telephone

When you place a reservation through our website, by mail (e-mail or postal mail) or by telephone, we need the following data to execute the agreement:
– Last name;
– Credit card information;
– E-mail address.

We will use this data as well as other data you voluntarily provide (e.g. first name, telephone, nationality, expected arrival time, address, language, date of birth, vehicle license plate number, special requests, comments) only in order to execute the agreement. In particular, we will process the data by name in order to record your reservation as you have requested, to make available the booked services, to contact you in case of a question or problem, and to ensure correct payment.

If you make your booking on our website, we may share your personal data with MEWS SYSTEMS BV, Kleine-Gartmanplantsoen 21, 1017RP, Amsterdam, the Netherlands, who operates the property management system on our website. The system ensures the proper administration of reservations and other hotel operations via the website.

The processing of this data is necessary for the performance of the contract we have concluded with you.

 

5. Social plug-ins and embedded links

We have embedded links and social plugins (“Plugins”) such as Facebook and Instagram (“Providers”) on our website.

When you visit a page of our website that contains a social plug-in, your browser makes a direct connection to the servers of the Provider. The plug-in allows the Provider to obtain the information that your browser has accessed the corresponding page respectively has clicked on the icon of the social plug-in on our website. This is the case even if you do not have a profile with the Provider or are just not logged in. This information (including your IP address) is transmitted from your browser directly to a server of the Provider. If you are logged in to one of the accounts, the Provider can assign your visit on our website to your profile. If you interact with the plugins, the corresponding information is also transmitted directly to a server of the Provider and stored there. The information may also be published on the social network of your Twitter or Instagram account and appear to your contacts.  We offer you the possibility to directly share content of our website by clicking on the respective button on the website with the Provider. We cannot influence what data these Providers process. Therefore, we recommend that you check their respective privacy policies before accessing these social media platforms.

You may prevent this by downloading an add-on, which completely prevents that certain social plug-ins can establish a connection to your browser, e.g. with the Script Blocker “NoScript” (http://noscript.net/).

Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).

Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).

Pinterest is operated by Pinterest Inc., 651 Brannan Street, San Francisco, CA 94107, USA.

TripAdvisor is operated by TripAdvisor LLC., 400 1st Avenue, Needham, MA 02494, USA.

 

6. Google Maps

We use the product of Google Maps Inc. By using our website and accessing services provided by Google Maps you agree to the collection, processing and use of automated data by Google Inc., its agents and third parties.

The Terms and Conditions of Google Maps can be found at: https://www.google.com/intl/e/help/terms_maps.html.

 

7. Cookies

Cookies help in many ways to make your visit to our website easier and more convenient and sensible. Cookies are information files that your web browser automatically saves on your computer’s hard drive when you visit our website.

For example, we use cookies to temporarily store your selected services and data provided on a form on the website so that you need not provide the same data again when you access a subpage. Cookies may also be used to identify you as a registered user once you have registered on the website so that you do not have to log in again when you visit a different page.

Most Internet browsers accept cookies automatically. However, you can configure your browser so that no cookies will be stored on your computer or that a message will appear every time you receive a new cookie. Disabling cookies can result in preventing you from using all the functions of our website.

 

8. Tracking tools and re-targeting

For needs-oriented design and continuous optimisation of our website, we use tracking tools. In this context cookies are stored on your computer. The information generated by the cookie about your use of this website is transmitted to the server of the provider, stored there, and processed for us. In addition to the data listed under clause 1, we may receive the following data:

– Navigation path that a visitor takes on the website;
– Length of stay on the website or webpage;
– Country, region, or city from which the access is made;
– End device; and
– Returning or new user.

The data is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage for purposes of market research and needs-based design of this website. It is within our legitimate interest to process such data to continuously improve our website according to our customers’ needs.

This data may also be transferred to third parties if required by law or if the third parties are contracted for processing the data. It may be that the third parties and/ or the Hotel processes or stores the personal data abroad, in which case we will make sure that an adequate level of data protection is maintained, for example by ensuring that an adequacy decision or contractual warranties are in place.

Please note that you have the possibility to object to interest-based advertising by Google Inc. For this purpose, you must call up the link to www.google.de/settings/ads and change the settings on each Internet browser used by you.

We are using the following tracking and re-targeting tools:

a. Google Analytics

We use the web analysis service of Google Analytics. Google Analytics is a service provided by Google Inc., a company of the holding company Alphabet Inc., with its registered office in the USA. Before being transferred to the service provider, the IP address is abbreviated by activating the IP anonymising function (“anonymizeIP”) on this website within a member state of the EU or the EEA. The anonymised IP address transferred by your browser is not compiled with other data from Google Inc. Only in exceptional cases is the full IP address transferred to a server of Google Inc. in the USA and abbreviated there. In these cases we ensure, by undertaking contractual guarantees, that Google Inc. maintains a sufficient level of data protection. According to Google Inc. the IP address is not linked to other data associated with the user.

Further information and the actual data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/.

b. Google Tag Manager

To manage the usage-based advertising service, we use Google Tag Manager, which is also a service of Google Inc. We use Google Tag Manager to manage usage-based advertising services. The Tool Tag Manager itself is a cookie-free domain and does not compile any personal data. Instead, the tool removes other tags which may compile your data. If you perform deactivation at domain or cookie level, this applies to all tracking tags which are implemented with Google Tag Manager.

Further information and the actual data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/.

c. Google AdSense

Google AdSense is an online service which allows the placement of advertising on third-party websites. Google AdSense is based on an algorithm that selects advertisements displayed on third-party websites to match with the content of the respective third-party website. Google AdSense allows an interest-based targeting of the Internet user, which is implemented by means of generating individual user profiles. The operating company of Google’s AdSense component is Google Inc.,1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United StatesUSA.

The purpose of Google’s AdSense component is the integration of advertisements on our website. Google AdSense places a cookie on the information technology system of the user. With the setting of the cookie, the Provider is enabled to analyse the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the Hotel and into which a Google AdSense component is integrated, the Internet browser on the information technology system of the user will automatically submit data through the Google AdSense component for the purpose of online advertising and the settlement of commissions to the Provider. During the course of this technical procedure, the Provider gains knowledge of personal data, such as the IP address of the user, which serves the Provider, inter alia, to understand the origin of visitors and clicks and subsequently create commission settlements.

Furthermore, Google AdSense also uses so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in web pages to enable a log file recording and a log file analysis through which a statistical analysis may be performed. Based on the embedded tracking pixels, the Provider is able to determine if and when a website was opened by a user, and which links were clicked on by the user. Tracking pixels serve, inter alia, to analyse the flow of visitors on a website. Through Google AdSense, personal data and information including the IP address and additional data, which is necessary for the collection and accounting of the displayed advertisements, is transmitted to Alphabet Inc. in the USA.

Further information and the actual data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/.

d. Google Remarketing

On this website, the Hotel has integrated Google Remarketing services. Google Remarketing is a feature of Google AdWords, which allows an enterprise to display advertising to Internet users who have previously resided on the enterprise’s Internet site. Therefore, the integration of Google Remarketing allows an enterprise to create user-based advertising and thus shows relevant advertisements to interested Internet users. The operating company of the Google Remarketing services is the Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google Remarketing is the insertion of interest-relevant advertising. Google Remarketing allows us to display ads on the Google network or on other websites, which are based on individual needs and matched to the interests of Internet users. Google Remarketing sets a cookie on the information technology system of the user. With the setting of the cookie, Google Inc. enables us to recognise the visitor on our website if he calls up consecutive web pages, which are also a member of the Google advertising network. With each call-up to an Internet site, on which the service has been integrated by Google Remarketing, the web browser of the user identifies automatically with Google Inc. During the course of this technical procedure, Google Inc. receives personal data, such as the IP address or the surfing behaviour of the user, which Google Inc. uses, inter alia, for the insertion of interest relevant advertising. The cookie is used to store personal data, e.g. the visited Internet pages.

Further information and the actual data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/.

e. Google AdWords

On this website, the Hotel has integrated Google AdWords. Google AdWords is a service for Internet advertising that allows the advertiser to place ads in Google search engine results and the Google advertising network. Google AdWords allows an advertiser to pre-define specific keywords with the help of which an ad on Google’s search results only then displayed, when the user utilizes the search engine to retrieve a keyword-relevant search result. In the Google Advertising Network, the ads are distributed on relevant web pages using an automatic algorithm, taking into account the previously defined keywords. The operating company of Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is the promotion of our website by the inclusion of relevant advertising on the websites of third parties and in the search engine results of the search engine Google and an insertion of third-party advertising on our website. If a user reaches our website via a Google ad, a conversion cookie is filed on the information technology system of the user through Google Inc. The definition of cookies is explained above. A conversion cookie loses its validity after 30 days and is not used to identify the user. If the cookie has not expired, the conversion cookie is used to check whether certain sub-pages, e.g, the shopping cart from an online shop system, were called up on our website. Through the conversion cookie, both Google Inc. and the Hotel can understand whether a person who reached an AdWords ad on our website generated sales, that is, executed or cancelled a sale of goods. The data and information collected through the use of the conversion cookie is used by Google Inc. to create visit statistics for our website. These visit statistics are used in order to determine the total number of users who have been served through AdWords ads to ascertain the success or failure of each AdWords ad and to optimize our AdWords ads in the future. Neither our company nor other Google AdWords advertisers receive information from Google Inc. that could identify the user. The conversion cookie stores personal data, e.g. the Internet pages visited by the user. Each time we visit our Internet pages, personal data, including the IP address of the Internet access used by the user, is transmitted to Google Inc. in the USA. These personal data are stored by Google Inc. in the USA. Google Inc. may pass these personal data collected through the technical procedure to third parties.

f. Mouseflow

We use Mouseflow, a web analysis that analyses the user behaviour on our website and makes corresponding optimisations. Mouseflow obtains and processes the following data:

– Clicks, mouse movements, hovering, scrolling;
– Browser and device (desktop/tablet/mobile);
– Language;
– Operating system and screen resolution;
– Duration of visit;
– Navigation (URLs) and page content (HTML), referrer URL;
– IP address and location (city, country);
– Type of visitor (first visitor/repeat visitor);
– Individual tags or variables.

The provider of Mouseflow is a company of Mouseflow ApS, with its registered office at Flaesketorvet 68, 1711 Copenhagen, Denmark. Further information about the web analysis services used can be found on the Mouseflow website. Further information about the forwarding and processing of data by third parties can be found on the website of Mouseflow ApS.

g. Facebook Custom Audience

We use a communication tool called Facebook Custom Audience. In general, a non- reversible and non-personal related test value (fingerprint) is generated from your usage data by Custom Audience, which can be sent to Facebook for analysis and marketing purposes (using a so-called Facebook cookie).
Custom Audience is a service of Facebook Inc., 1601 S California Ave, Palo Alto, CA 94304, USA or, if you are a resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Further information about Facebook Custom Audience can be found on the website of Facebook Inc.

 

B. DATA PROCESSING IN CONNECTION WITH YOUR STAY

 

9. Data processing to comply with legal reporting obligations

When you arrive at one of our accommodations, we may need the following data about you and the persons accompanying you:

– First and last name;
– Postal address;
– Date of birth;
– Place of birth;
– Nationality;
– Official ID;
– Arrival and departure days, number of nights;
– Name of the accommodation, average daily room rate;
– Number of adults and children.

We collect part of these details in order to meet our legal reporting obligations, based in particular on the hospitality and police laws. If we are obliged to do so by the applicable regulations, we forward this data to the responsible police authorities. Also, the processing of this data is necessary for the performance of pre-contractual and contractual activities.

 

10. Data processing in relation to services

a. Data processing to execute booked services in general

For your stay we may process and collect the following details from you and the other people travelling with you:

– First name and surname;
– Address;
– Nationality;
– Official ID card and number;
– Date of arrival and departure;
– Room number;
– Preferences and habits.

If you use extra services during your stay (e.g. the mini bar), we may process additional data regarding the extra services such as the time of the provision of the service or the recording of this information for invoicing purposes.

We process this data to fulfil our pre-contractual and contractual obligations to you as well as in our legitimate interest to offer you the best possible service.

b. Data processing to perform related spa services

If you book spa services during your stay at our hotel, the subject of the service and the time of the service are compiled and processed by us for invoicing purposes and to perform the booked service. Normally we require the following details for this:

– First name and surname;
– Address;
– E-mail address;
– Telephone number;
– Room number (if available).

We process this data as well as any additional data (e.g. preferences, health information) voluntarily provided by you to perform the booked service. Therefore, the processing of this data is necessary to perform the contract with you.

 

C. STORAGE AND EXCHANGE OF DATA WITH THIRD PARTIES

 

11. Reservation platforms

If you place reservations through a third-party platform, we will receive personal data from the respective platform operator. This is typically the data listed under clause 5 of this Privacy Policy. In addition, enquiries regarding your reservation may be forwarded to us. We will process this data by name to record your reservation as requested and to provide the booked services. The processing of this data is necessary to perform the contract with you.

Finally, we may be notified by the platform operators about disputes related to a reservation. In this case, we may also receive data on the reservation process, which may include a copy of the booking confirmation as evidence of the actual finalisation of the reservation. We process this data to safeguard and enforce our rights, which is in our legitimate interest.

Please also take note of the privacy policy as well as the terms and conditions of the respective platform provider.

 

12. Retention period

We store personal data only as long as it is necessary to process the data as described in this Privacy Policy. We store contract data for a longer period in order to comply with legal obligations for data retention. Data retention requirements are mandatory for us and arise out of regulations set forth by reporting, accounting, and tax law. According to these regulations, business communication, closed contracts, and reservation documents must be retained for up to 10 years. Once we no longer require these data to carry out services for you, the data will be blocked. This means that the data may then be used only for tax and accounting purposes.

 

13. Passing on data to third parties

We pass on your personal data only if you have expressly consented to it, if we are legally obligated to, or if this is necessary to enforce our rights, especially rights concerning the contractual relationship. Furthermore, we pass on your personal data to third parties insofar as this is required in the context of using the website and in contract processing, specifically, the processing of your reservation.

A service provider to whom the personal data collected via the website is passed on or who has or can have access to it is our web host Infomaniak. The website is hosted on servers in Switzerland. The transfer of data is for the purpose of providing and maintaining the functionality of our website and is therefore in our legitimate interest.

Finally, if you pay by credit card through the website, we forward your credit card information to the credit card issuer and the credit card acquirer. If you choose to pay by credit card, you will be asked to provide all the necessary information. The legal basis for passing on the data lies in the performance of a contract.

 

14. International transfer of personal data

We are also entitled to transfer your personal data to third parties abroad for the purposes of the data processing described in this Privacy Policy. The recipients of such data are obliged to protect data to the same extent as we are. If the level of data protection in a given country does not correspond to the Swiss or EU level, we ensure that the protection of your personal data corresponds to that in Switzerland or the EU at all times by having in place appropriate legal safeguards.

 

D. FURTHER INFORMATION

 

15. Rights to information, correction, deletion, and limitation of processing, right to data portability

You have the right to request and receive information about your personal data that we have stored. Furthermore, you have the right to correct inaccurate data and the right to have your personal data deleted, as far as no legal retention obligation stands in the way or a regulatory authorisation that allows us to process the data.

You also have the right to reclaim from us the data you have given us (right to data portability). On request, we will also pass the data on to a third party of your choice. You have the right to receive the data in a commonly used file format.

You can contact us for the aforementioned purposes at info@hoteldeverbier.com. We may, at our sole discretion, require proof of identity before processing your request.

In many countries, you also have the right to file a complaint with the relevant data protection authority if you have concerns about how we process your data.

These rights depend on the applicable data protection legislation and may be either more limited or more comprehensive than set out in this Privacy Policy.

 

16. Minors

We do not want to collect personal data from minors; however, we cannot always verify the age of people who visit and use our websites. If a minor provides us with their data without the consent of their parent or guardian, we will ask the parent or guardian to contact us for the purpose of deleting that data and preventing the minor from receiving any promotional material from us in the future. For this you may contact us at info@hoteldeverbier.com.

 

17. Data security

We use appropriate technical and organizational security measures to protect your stored personal data against manipulation, partial or complete loss, and unauthorized access by third parties. Our security measures are being continuously improved in line with technical developments. You should always treat your access data confidentially and close the browser window when you have finished communicating with us, especially if you share your computer with others.

 

18. Notice about data transfer to the USA

In the interest of completeness, we would like to point out to users domiciled or residing in Switzerland that in the USA there are government surveillance measures that generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without differentiation, limitation, or exception on the basis of the objective pursued and without objective criteria that would limit the access of US authorities to the data and their subsequent use to very specific, strictly limited purposes that could justify both the access to these data and intervention related to their use. Furthermore, we would like to point out that in the USA there is no right of appeal for affected people in Switzerland that would allow them to gain access to their personal data or to effect their correction or deletion, and there is no effective judicial protection against general access by US authorities. We explicitly inform affected persons of this legal and factual situation for them to make an accordingly informed decision concerning consent to the use of their data.

We point out to users domiciled in an EU member state that, in the point of view of the EU/EEA and Switzerland, the USA – partly because of the issues mentioned in the previous paragraph – does not have a sufficient level of data protection. To the extent we have explained in this Privacy Policy that recipients of data (such as Google Inc.) are based in the USA, we will ensure that your data is protected at a reasonable level by our partners either through contractual arrangements with these companies or by ensuring the certification of such companies under the Swiss-US Privacy Shield or a similar regime.

 

19. Applicable law and jurisdiction

This Privacy Policy and the contracts concluded based on, or in connection with, this Privacy Policy are subject to Swiss law, unless the law of another country is mandatory.

The place of jurisdiction is the registered office of the Hotel unless another place of jurisdiction is mandatory.

 

20. Modification of the Privacy Policy

Should individual parts of this Privacy Policy be invalid, this shall not affect the validity of the rest of the Privacy Policy. The invalid part of this Privacy Policy shall be replaced in such a way that it comes as close as possible to the economically intended purpose of the invalid part.

Due to the further development of our website and offers or changes to the statutory requirements, it may become necessary to amend this Privacy Policy. The most current Privacy Policy is published on our website.

This page was last modified on 23 September 2020.

 

21. Questions about data protection? Please, contact us!

If you have any questions or comments about our legal notices or data protection, please contact us at  info@hoteldeverbier.com.