DECLARATION OF CONFIDENTIALITY

 

Version: September 2023

Hôtel du Rhône Sion Sàrl manages the hotel and restaurant Hôtel du Rhône Sion and is the operator of the website www.durhonesion.ch and thus responsible for the collection, processing and use of your personal data as well as the compliance of data processing with applicable data protection legislation.

We attach great importance to your trust, which is why we take data protection very seriously and ensure appropriate security. We obviously comply with the legal provisions of the Federal Data Protection Act (LPD), the Ordinance on the Federal Data Protection Act (OLPD), the Federal Telecommunications Act (LTC) and other provisions relating to data protection from Swiss or EU legislation that may be applicable, in particular the General Data Protection Regulation (GDPR).

So that you know what personal data about you we collect and for what purposes we use it, please read the information below carefully.

1.      Data processing in connection with our
   website1. Visiting our website

When you visit our site, our server temporarily records each access in a log file. The following technical data are then entered, in principle as for any connection with a web server, without any intervention on your part and stored by us until their automatic deletion after 1 month at the latest:

- the IP address of the computer accessing the site,
- the name of the owner of the IP space (generally your Internet service provider),
- the date and time of access,
- the website from which you accessed our site (original URL) and possibly the search keywords used,
- the name and URL of the file consulted,
- the status code (e.g. error message),
- the operating system of your computer,
- the browser you are using (type, version and language),
- the communication protocol used (e.g. HTTP/1.1) and
- possibly your username from registration/authentication.

The purpose of collecting and processing this data is to enable the use of our website (establishing a connection), to ensure the long-term security and stability of the system and to enable the optimization of our online offering, as well as for internal statistical purposes. These processing operations are based on our legitimate interest pursuant to Art. 6 para. 1 let. f GDPR.

The IP address is also analyzed together with other data for the purposes of recognition and defense in the event of attacks on the network infrastructure or other unauthorized or abusive use of the website, and possibly used in the within the framework of criminal proceedings for the purposes of identification and civil and criminal action against the user in question. These processing operations are based on our legitimate interest pursuant to Art. 6 para. 1 let. f GDPR.

2. Using our contact form

You can write us an e-mail at info@durhonesion.ch to contact us. To do this, we require the following information:

- first and last name
- e-mail address
- message

We only use this data, as well as your telephone number indicated on an optional basis, to be able to respond to your contact request in the best possible and personalized way. The processing of this data is therefore necessary for the execution of pre-contractual measures in accordance with Art. 6 para. 1 let. b GDPR or is based on our legitimate interest in accordance with Art. 6 para. 1 let. f GDPR, respectively.

3. Subscribe to our newsletter

You can subscribe to our newsletter on our site. To do this, you must register and provide the following data:

• title
• first and last name
• e-mail address

The above data is essential for data processing. You can also provide other optional data (date of birth and country). We process this data exclusively for the purpose of personalizing the information and offers we send you and to better tailor them to your interests.

By registering, you consent to the processing of the data you have provided in this context, with a view to the regular sending of the newsletter to the address you have provided, but also with a view to the statistical analysis of your behavior. user and optimization of the newsletter. This consent represents our legal basis for processing your email address pursuant to Art. 6 para. 1 let. a GDPR. We are entitled to use third parties for the technical implementation of advertising campaigns and are entitled to transmit your data for this purpose (see ch. 13 below).

At the end of each newsletter you will find a link to unsubscribe at any time. When unsubscribing, you can optionally tell us the reason. Your personal data is deleted following your unsubscription. Further processing only takes place in an anonymous form for the purposes of optimizing our newsletter.

4. Creation of a customer account

To make reservations on our site, you can place an order as a visitor or open a customer account. When you register for a customer account, we must collect the following data:

- title
- first and last name
- address
- date of birth
- phone number
- e-mail address
- password

These data, together with other optional information (e.g. company name), are collected for the purpose of providing you with direct, password-protected access to your master data stored in our system. You can view your previous and current reservations or manage or modify your personal data.

Your consent according to art. 6 para. 1 let. a GDPR constitutes the legal basis for processing data for this purpose.

5. Reservation on the site, by mail or by telephone

If you make reservations via our site, by correspondence (email or post) or by telephone, we require the following data for the execution of the contract:

- title
- first and last name
- address
- date of birth
- phone number
- language
- credit card information
- e-mail address

We use this data, together with other optional information you provide (e.g. expected time of arrival, motor vehicle registration plate, preferences, comments), only for the execution of the contract, unless otherwise stated in this privacy policy or if you have consented to it separately. We will process this data in particular in order to enter your reservation in accordance with your request, to provide the services reserved, to contact you in the event of uncertainties or problems, and to guarantee that payment is correctly made.

The execution of a contract according to art. 6 para. 1 let. b GDPR constitutes the legal basis for processing data for this purpose.

Cookies

In many ways, cookies make your visit to our site simpler, more pleasant and more useful. Cookies are files containing information that your web browser automatically saves to your computer's hard drive when you visit our site.

For example, we use cookies to temporarily store your selected services and information entered when you fill out a form on our site so that you no longer have to enter them a second time when you visit a subpage. Furthermore, cookies can also be used to identify you as a registered user following your registration on our site. This saves you from having to log in again when you visit another subpage.

Most web browsers automatically accept cookies. However, you can configure your browser so that it does not store any cookies on your computer or that a message appears each time you receive a new cookie. You will find explanations on the configuration of cookie processing for the most commonly used browsers on the following pages:

-  Microsoft Windows Internet Explorer
-  Microsoft Windows Internet Explorer Mobile
-  Mozilla Firefox
-  Google Chrome for desktop
-  Google Chrome for mobile
-  Apple Safari for Desktop
-  Apple Safari for mobile

Disabling cookies may prevent you from using all the features of our site.

7. Monitoring tools 1. General

For the purpose of the appropriate presentation and continuous optimization of our website, we use the audience analysis service of Google Analytics. We therefore create pseudonymised user profiles and use small text files stored on your computer (“cookies”). The information generated by the cookie about your use of this site is transmitted to the servers of the providers of these services, then stored and processed for us. In addition to the data indicated in ch. 1 below, we receive the following information if applicable:

- navigation path taken by a visitor on the site,
- duration of the visit to the site or page,
- the page from which the visitor leaves the site,
- the country, region or city from which access takes place,
- device (type, version, color depth, resolution, width and height of the navigation window) and
- returning visitor or new visitor.

The information is used to analyze the use of the website, compile reports on website activities and provide other services relating to use of the website and use of the Internet for purposes market research and adapted presentation of this site. This information may also be passed on to third parties to the extent that this is required by law or to the extent that third parties are commissioned to process this data.

1. Google Analytics

 The provider of Google Analytics is Google Inc., a holding company Alphabet Inc., headquartered in the United States. Before the data is transmitted to the provider, the IP address is shortened by activating IP anonymization (“anonymizeIP”) on this website within member states of the European Union or in other signatory states of the the Agreement on the European Economic Area. Google does not combine the anonymized IP address transmitted by your browser with other data as part of Google Analytics. In exceptional cases, the full IP address will be transmitted to a Google server in the USA and shortened there. In this case, we ensure via contractual guarantees that Google Inc. respects a sufficient level of data protection. According to Google Inc., the IP address will under no circumstances be associated with other user data.

Additional information about the audience analysis service used can be found on the Google Analytics website. To find out how to prevent the processing of your data by the audience analysis service, please visit the following address http://tools.google.com/dlpage/gaoptout?hl=fr.

1. Processing of data relating to your stayProcessing of data to meet legal obligations to inform

When you arrive at our hotel, we need the following information about you and the people accompanying you:

- first and last name
- postal address and canton
- date of birth
- Place of birth
- Nationality
- official ID and number
- arrival and departure day
- room number

We collect this information to meet legal obligations to provide information arising in particular from police and hotel legislation. To the extent that we are obliged to do so under applicable regulations, we will transmit this information to the competent police authority.

We have a legitimate interest under Art. 6 para. 1 let. f GDPR to comply with the legal provisions.

9. Entry of services provided

To the extent that you receive additional services as part of your stay (e.g. use of the mini bar or our pay television offer), we enter for billing purposes the purpose of the service as well as the date on which you perceived it. The processing of this data is necessary for the execution of your contract with us pursuant to Art. 6 para. 1 let. b GDPR.

1.      Storage and exchange of data with third parties
   
   Reservations platforms

If you make reservations through a third-party platform, the operator of the platform in question sends us various personal information. In principle, these are the data indicated in ch. 5 of this privacy policy. In addition, requests regarding your reservation may be sent to us. We process this data in particular to enter your reservation in accordance with your request and provide the reserved services. The execution of a contract according to art. 6 para. 1 let. b GDPR constitutes the legal basis for processing data for this purpose.

Finally, platform operators potentially inform us of disputes related to a reservation. They then also transmit to us data regarding the reservation process, for which a copy of the reservation confirmation can serve as proof of the effective closing of the reservation. We process this data for the protection and respect of our rights. For this processing we rely on our legitimate interest pursuant to Art. 6 para. 1 let. f GDPR.

Please also read the privacy policies of the respective providers.

11. Centralized storage and data linking

We store the data indicated in ch. 2-5 and 8-10 in a centralized electronic data processing system. The data concerning you is then systematically entered and grouped for the purpose of processing your reservations and carrying out contractual services. To do this, we use software from Mews Systems BV, headquartered in Amsterdam, with offices at Wibautstraat 137D, 1097DN Amsterdam, the Netherlands, registered with the Dutch Commercial Register under number 66426995  https://app.mews.com/Platform/Document/PrivacyPolicy?language=fr. The processing of this data by the software is based on our legitimate interest pursuant to Art. 6 para. 1 let. f GDPR for customer data management that is both customer-friendly and efficient.

12. Shelf life

We only store personal data for as long as necessary for the use of the aforementioned tracking services as well as for further processing based on our legitimate interest. We keep contractual data for a longer period if this is required by legal retention obligations. The retention obligations that require us to retain data arise from provisions relating to the right to notify authorities, financial accounting and tax law. In accordance with these provisions, commercial communication, contracts concluded and accounting documents must be kept for up to 10 years. If we no longer need this data for the performance of the services, it will be blocked. This means that this data can only be used for accounting and tax purposes.

13. Transmission of data to third parties

We only transmit your personal data if you have expressly consented to this, if we are subject to a legal obligation to do so or if this is necessary to assert our rights, in particular to assert our rights arising from the contractual relationship. Furthermore, we transmit your data to third parties to the extent that this is necessary for the use of the website and the execution of the contract (including outside the website), in particular for the processing of your reservations.

Our web host gandi.net is a service provider to whom we transmit the personal data collected via the website, or who has access or can have access to them. The website is hosted on servers in Luxembourg. The purpose of data transmission is to provide and maintain the functionality of our site. This processing is based on our legitimate interest pursuant to Art. 6 para. 1 let. f GDPR.

Finally, we transmit information relating to your credit card to the issuer and acquirer of your credit card when paying by credit card on our site. If you choose to pay by credit card, you must enter all the necessary information. The execution of a contract according to art. 6 para. 1 let. b GDPR constitutes the legal basis for the transmission of data. Regarding the processing of your credit card information by these third parties, please also read the terms and conditions and privacy policy of your credit card issuer.

Please also read the instructions in ch. 7-8 and 10-11 regarding the transmission of data to third parties.

14. Transmission of personal data abroad

We are also entitled to transmit your personal data to third party companies (commissioned service providers) abroad for the data processing specified in this privacy policy. These companies are subject to the same level of data protection as us. If the level of data protection in a given country does not correspond to the Swiss or European level, we will contractually ensure that the protection of your personal data corresponds to that of Switzerland or the EU.

1.     Other information
2. Right to information, rectification, erasure and restriction of processing; right to data portability

You have the right to obtain, upon request, information relating to the personal data concerning you that we store. Furthermore, you have the right to the rectification of incorrect data and the erasure of your personal data as long as there is no legal retention obligation or no legal basis allowing us to process the data.

You also have the right to demand the return of the data you have transmitted to us (right to data portability). On request, we also transmit the data to a third party of your choice. You have the right to obtain the data in a standard format.

You can contact us for the aforementioned purposes at the following email address info@durhonesion.ch. We may ask you, at our sole discretion, for proof of identity in order to process your requests.

16. Data security

We use appropriate technical and organizational security measures to protect the personal data we store about you against manipulation, partial or total loss and against unauthorized access by third parties. Our security measures are constantly improved in line with technological progress.

You should always keep your access data confidential and close the browser window when you have finished communicating with us, particularly if you are not the only person using the computer.

We also take data protection very seriously within our company. Our employees and the service providers we mandate are subject to secrecy and compliance with legal data protection provisions.

17. Note on data transmissions to the United States

For the sake of completeness, we inform users whose domicile or headquarters are in Switzerland that the USA is subject to surveillance measures by the US authorities. These generally allow the recording of all personal data of persons whose data has been transmitted from Switzerland to the United States. This is done without differentiation, limitation or exception based on the aim pursued and without objective criteria making it possible to limit the access of the American authorities to the data and their subsequent use for very precise and strictly limited purposes likely to justify the infringement that implies access to this data as well as their use. Furthermore, we inform you that in the United States, there is no recourse for data subjects from Switzerland allowing you to have access to the data concerning you and to obtain their rectification or erasure, nor to effective judicial protection against general access rights of the American authorities. We explicitly draw the attention of the data subject to this legal and factual situation so that they can make an informed decision about consent to the use of their data.

We inform users domiciled in an EU member state that according to the EU, the USA – particularly due to the matters discussed in this part – does not have a sufficient level of data protection. To the extent that we have explained in this privacy policy that certain data recipients (e.g. Google) have their headquarters in the United States, we will ensure either through contractual arrangements with these companies or through their certification under the EU-US or Swiss-US Privacy Shield, that your data receives a reasonable level of protection from our partners.

18. Right to lodge a complaint with a supervisory authority responsible for data protection supervision

You have the right to lodge a complaint with a data protection supervisory authority.

Version: 01.09.2023