Information about the processing of your data
- In the following, website means all of the controller’s pages;
- personal data means any information relating to an identified or identifiable natural person. A natural person is identifiable if they can be identified, either directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier or to one or more special features that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. Personal data is therefore, for example, a person’s name, email address and telephone number, but may also include information about preferences, hobbies and memberships;
- processing means operations or sets of operations carried out with or without the aid of automated procedures in connection with personal data, such as the collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction;
- pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person;
- consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes in a particular case by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; and
- Google means Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; reachable in the European Union at: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Questions about data protection
If you have any questions about data protection with regard to the hotel their website, you can contact the controller or his data protection officer.
We have taken comprehensive technical and organisational precautions to protect your personal data from unauthorised access, abuse, loss and other external disruption. To this end, we regularly review our security measures and adapt them to current standards.
You have the following rights with regard to the personal data concerning you that you can assert against us:
- right of access (Art. 15 GDPR),
- right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR),
- right to restriction of processing (Art. 18 GDPR),
- right to object to processing (Art. 21 GDPR),
- right to withdraw your consent (Art. 7(3) GDPR),
- right to receive the data in a structured, commonly used, machine-readable format (‘data portability’) and the right to transfer the data to another controller, if the prerequisites of Art. 20(1) (a) and (b) GDPR are fulfilled (Art. 20 GDPR).
You can assert your rights by informing us using the contact details specified above under ‘Responsible provider’ or by contacting the data protection officer designated by us.
You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR).
Use of the website, access data
In principle, you can use our website for purely informational purposes without disclosing your identity. When you access the individual pages of the website in this sense, this only results in access data being transferred to our web hosting service so that the website can be displayed to you. This is the following data:
- browser type/browser version
- operating system used
- language and version of the browser software
- hostname of the accessing device
- IP address
- website from which the request comes
- content of the request (specific page)
- date and time of the server request
- access status/HTTP status code
- referrer URL (website visited before)
- volume of data transferred
- time zone difference from Greenwich Mean Time (GMT)
Temporary processing of the IP address by the system is necessary to make it technically possible to deliver the website to your device. This requires processing of your IP address for the duration of the session. The legal basis for such processing is Art. 6(1) Sentence 1(f) GDPR.
The access data is not used to identify individual users and is not combined with other data sources. The access data is deleted when it is no longer required for achieving the purpose of its processing. In the case of recording the data to provide the website, this is the case when you end your visit to the website.
IP addresses are stored in log files to ensure the functionality of the website. In addition, the data serves us to optimise the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes takes place in this context either. In principal, data is deleted after seven days at the latest; further processing is possible in individual cases. In this case, the IP address is deleted or so transformed that an assignment of the retrieving client is no longer possible.
The recording of data for the provision of the website and the processing of data in log files is an absolute necessity for the operation of the website. You may object to the processing. In the event that your objection is justified, we will examine the situation and either stop or adjust the data processing or point out to you the compelling legitimate reasons on the basis of which we will continue processing.
a) Technically necessary cookies
Some elements of our website require that the retrieving browser can be identified even after a page change. This involves processing the following data in the cookies:
- language settings
- items in shopping basket
- login information
The user data collected by technically necessary cookies is not processed to create user profiles. We also use session cookies, which store a session ID that can be used to assign various requests from your browser to the shared session. Session cookies are required for using the website. In particular, they enable us to recognise the device used when you return to the website. If you have an account with us, we use this cookie to recognise you on subsequent visits to the website; otherwise you would have to log in again each time you visited. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR. We use session cookies to make using our website more attractive and effective. Session cookies are deleted as soon as you log out or close your browser.
You can object to the processing of your data by cookies. Most browsers are preset to automatically accept cookies. You can disable or restrict the transfer of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use the full functionality of the website.
b) Technically non-essential cookies
- entered search terms
- frequency of page views
- use of website functions
These cookies are used to make using the website more efficient and attractive. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR. The technically non-essential cookies are automatically deleted after a specified period, which may vary depending on the cookie.
Where we integrate cookies from third-party providers into our website, we point this out to you separately below.
Contacting our company
When contacting our company, e.g. by email or using the contact form, the support form or a feedback tool on the website, the personal data provided by you will be processed by us so that we can respond to your enquiry.
In order for us to process enquiries submitted via the contact form on the website, it is essential that you provide a name or pseudonym, company, job title, telephone number and a valid email address. At the moment when you submit the message to us, the following data, among others, will also be processed:
- IP address
- date/time of registration
Processing the personal data from the form allows us to process the contact you make with us. Where you contact us by email, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process serves to prevent any misuse of the contact form and to ensure the security of our information technology systems.
The data will not be transmitted to third parties in this context. As soon as processing is no longer necessary, we delete the data generated in this context or, if statutory retention obligations apply, restrict processing of the data.
You have the possibility to object to the processing of your personal data for contact requests at any time. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the previous description of the functions. In such a case, it may not be possible to continue processing the request. In the event that your objection is justified, we will examine the situation and either stop or adjust the data processing or point out to you the compelling legitimate reasons on the basis of which we will continue processing.
Processing and transmission of personal data for contractual purposes
We process your personal data if and to the extent necessary for the initiation, creation, execution and/or termination of a legal transaction with our company. The legal basis for this results from Art. 6(1) Sentence 1(b) GDPR.
Once the purpose has been achieved (e.g. contract processing), the personal data will be blocked for further processing or erased, unless we are entitled to retain the data for a longer period and process it as required in the respective context on the basis of a consent granted by you (e.g. consent to the processing of your email address for sending promotional emails), a contractual agreement, a statutory authorisation (e.g. authorisation to send direct advertising) or on the basis of justified interests (e.g. retention for asserting claims).
Your personal data will be passed on if
- it is necessary for the creation, execution or termination of legal transactions with our company (e.g. when transmitting data to a payment service provider/a shipping company to process a contract with you) (Art. 6(1) Sentence 1(b) GDPR), or
- a subcontractor or party we use to perform our obligations, which we use exclusively within the framework of providing the offers or services requested by you, needs this data (unless you are expressly informed otherwise, such auxiliary parties are only entitled to process the data insofar as this is necessary for the provision of the offer or service), or
- there is an enforceable official order (Art. 6(1) Sentence 1(c) GDPR) or
- there is an enforceable court order (Art. 6(1) Sentence 1(c) GDPR) or
- we are legally obliged to do so (Art. 6(1) Sentence 1(c) GDPR) or
- the processing is necessary in order to protect the vital interests of the data subject or another natural person (Art. 6(1) Sentence 1(d) GDPR) or
- we are authorised or even obliged to pursue overriding legitimate interests (Art. 6(1) Sentence 1(f) GDPR).
Your personal data will not be transmitted to other persons, companies or bodies unless you have effectively consented to such transmission. The legal basis for the processing is then Art. 6(1) Sentence 1(a) GDPR.
Your booking data is also processed as follows:
Your booking data (e.g. title, first name, last name, nationality, language, e-mail address, mobile telephone number, postal address, number of persons, arrival date, departure date, number of nights of stay and any visitor’s tax exemption) are forwarded to Bonfire AG and Zermatt Tourism (either by us or via our electronic booking system).
Your booking data is recorded in a central database by Bonfire AG and/or Zermatt Tourism. If accommodation providers take part in Zermatt Tourism e-mail marketing, the guest data is likewise stored with the third-party provider «Salesforce» and used as part of the business relationship between the accommodation provider and the guest.
Your booking data is processed exclusively in Switzerland and the EU.
Based on this, Zermatt Tourism settles the visitor's tax owed and collects the corresponding amount from the service partners.
Zermatt Tourism also reports information to the Federal Statistical Office.
Bonfire AG and Zermatt Tourism grant the police access to the database with booking data so that the police can access relevant booking data for missing persons, for example.
Zermatt Tourism uses the booking data to collect statistics (in particular regarding occupancy, length of stay, number of arrivals, etc.).
The legal basis for this data processing is the fulfilment of a legal obligation within the meaning of Art. 6 para. 1 (c) GDPR (billing and collection of visitor's tax/reporting to the Federal Statistical Office) and in the sense of Art. 6 para. 1 (f) GDPR (granting access to the police/collection of statistics).
Your booking data is only used for direct marketing purposes (e.g. newsletter distribution) if you have given us your consent for this.