Politique de confidentialité

Section I — Responsable du traitement des données et contacts

Art. (1) Le responsable du traitement responsable de la collecte, du traitement et du stockage de vos données personnelles est :

Nom légal : Le Rucher d'Evolène SA
Numéro de l'entreprise : CHE-436,917,429
Siège social : 3 Route du Contor, 1983 Evolène, Schweiz
Téléphone : +41 79 376 49 14
Courrier électronique : contact@rucher-evolene.ch
Site Web : https://rucher-evolene.com/ 

(2) Pour toutes les questions relatives à la protection de vos données personnelles, vous pouvez nous contacter en utilisant les coordonnées ci-dessus. Nous nous engageons à répondre à vos demandes dans les 30 jours.

(3) Comme nous ne traitons pas de données personnelles à grande échelle, nous n'avons pas désigné de responsable de la protection des données dédié. Toutes les responsabilités en matière de protection des données sont gérées par notre équipe de direction.

Article 2, paragraphe 1 Si vous pensez que vos droits en matière de protection des données ont été violés, vous avez le droit de déposer une plainte auprès de :

Préposé fédéral suisse à la protection des données et à l'information (FDPIC)
(Le Préposé fédéral à la protection des données et à la transparence - PFPDT)
Adresse : Feldeggweg 1, CH-3003 Berne, Suisse
Téléphone : +41 (0) 58 462 43 95
Courrier électronique : info@edoeb.admin.ch
Site Web : www.edoeb.admin.ch

(2) Vous avez le droit de déposer une plainte auprès de l'autorité de surveillance de votre pays de résidence. Une liste complète des autorités de protection des données de l'UE est disponible à l'adresse suivante :
https://www.edpb.europa.eu/about-edpb/about-edpb/members_en

(3) Le dépôt d'une plainte auprès d'une autorité de surveillance est gratuit et n'affecte pas votre droit d'exercer des recours judiciaires.

Section II — Définitions et principes

Art. 3 Aux fins de la présente Politique de confidentialité, les termes suivants ont la signification suivante :

« Responsable du traitement des données » désigne la personne physique ou morale, l'autorité publique, l'agence ou tout autre organisme qui détermine les finalités et les moyens du traitement des données personnelles. Dans le cadre de cette Politique, le responsable du traitement est Le Rucher d'Evolène SA.

« Données personnelles » désigne toute information relative à une personne physique identifiée ou identifiable. Une personne identifiable est une personne qui peut être identifiée, directement ou indirectement, par référence à un identifiant tel qu'un nom, un numéro d'identification, des données de localisation, un identifiant en ligne ou d'autres facteurs spécifiques à son identité physique, physiologique, génétique, mentale, économique, culturelle ou sociale. Les exemples incluent : nom, adresse e-mail, numéro de téléphone, détails de réservation, adresse IP.

« Traitement » désigne toute opération effectuée sur des données personnelles, qu'elle soit automatisée ou non, y compris la collecte, l'enregistrement, l'organisation, le stockage, l'adaptation, l'utilisation, la divulgation, la transmission, la restriction, l'effacement ou la destruction. Dans notre hôtel, le traitement inclut toutes les activités nécessaires pour gérer les réservations, fournir un hébergement et fournir des services.

« Personne concernée » désigne toute personne physique dont les données personnelles sont traitées par le responsable du traitement. Dans cette Politique, les personnes concernées incluent les clients de l'hôtel (enregistrés et non enregistrés), les clients potentiels et les abonnés à la newsletter.

« Bénéficiaire » désigne toute personne physique ou morale, autorité publique, agence ou autre organisme à qui des données personnelles sont divulguées. Les destinataires peuvent inclure des services de messagerie, des processeurs de paiement, des cabinets comptables et des prestataires de services informatiques qui nous aident à gérer notre hôtel.

« Consentement » désigne toute indication librement donnée, spécifique, informée et univoque des souhaits de la personne concernée par laquelle elle accepte le traitement de ses données personnelles. Le consentement doit être donné par une action positive claire (par exemple, en cochant une case).

« Processeur » désigne toute personne physique ou morale, autorité publique, agence ou autre organisme qui traite des données personnelles pour le compte du responsable du traitement. Les sous-traitants agissent uniquement sur instructions documentées du responsable du traitement et sont contractuellement tenus de mettre en œuvre des mesures de protection des données appropriées.

Section III — Catégories de données et bases juridiques

Article 5, paragraphe 1 Le responsable du traitement traite les données personnelles exclusivement dans le cadre du fonctionnement de l'hôtel, y compris la gestion des réservations, la fourniture de services d'hébergement, la gestion de la relation client et le respect des obligations légales. La portée de la collecte de données est limitée à ce qui est strictement nécessaire pour fournir des services hôteliers de haute qualité et maintenir l'efficacité opérationnelle.

(2) Toutes les activités de traitement sont fondées sur l'une des bases légales établies par la Loi fédérale suisse sur la protection des données (RevDSG) et le Règlement général sur la protection des données (RGPD). Le responsable du traitement évalue soigneusement la base juridique qui s'applique à chaque activité de traitement spécifique et documente cette détermination afin de garantir le plein respect des lois applicables en matière de protection des données.

(3) Conformément au principe de minimisation des données, le responsable du traitement ne collecte que le minimum de données personnelles nécessaires pour atteindre les objectifs spécifiés et légitimes. Cela signifie que le responsable du traitement s'abstient de collecter des données simplement pratiques ou potentiellement utiles à l'avenir, en se concentrant plutôt sur ce qui est réellement nécessaire pour la fourniture de services ou le respect des obligations légales.

Art. 6 Le tableau ci-dessous fournit un aperçu structuré des catégories de données personnelles traitées par l'hôtel, des finalités spécifiques pour lesquelles ces données sont utilisées et des bases juridiques correspondantes en vertu du RevDSG et du RGPD.

‍

‍

Article 7, paragraphe 1 Le responsable du traitement ne collecte ni ne traite aucune catégorie particulière de données personnelles sauf en cas de nécessité absolue. Les systèmes et procédures de l'hôtel sont conçus pour fonctionner sans nécessiter de telles informations sensibles.

(2) Des données limitées liées à la santé ne peuvent être traitées que lorsque la personne concernée les fournit volontairement pour permettre des aménagements spécifiques (par exemple, des chambres accessibles ou des exigences alimentaires).

(3) Ces données sont traitées exclusivement sur la base d'un consentement explicite et uniquement dans le but indiqué. L'accès est strictement limité, les données sont cryptées et elles sont supprimées peu de temps après le paiement, sauf si cela est nécessaire pour des raisons légales.

Article 13, paragraphe 1 Le responsable du traitement traite les données relatives aux enfants uniquement dans la mesure où cela est nécessaire pour les réservations familiales, généralement limitées aux exigences liées au nom, à l'âge et au séjour.

(2) Pour les enfants de moins de 16 ans, le traitement n'a lieu qu'avec le consentement d'un parent ou d'un tuteur légal, confirmé lors du processus de réservation. Les parents et tuteurs peuvent exercer tous les droits applicables en matière de protection des données au nom de leurs enfants, et une vérification peut être demandée pour garantir un accès légal.

Article 14, paragraphe 1 Le responsable du traitement n'utilise pas de prise de décision automatisée qui produit des effets juridiques ou similaires ; toutes les décisions clés sont prises par du personnel humain.

(2) Le profilage limité peut être utilisé avec votre consentement pour personnaliser les services en fonction de l'historique des réservations et des préférences, et n'est jamais utilisé pour prendre des décisions importantes. Les personnes concernées peuvent s'opposer au profilage à tout moment, demander un examen humain et retirer leur consentement sans affecter leur accès aux services de l'hôtel.

Section IV — Périodes de conservation

Article 15, paragraphe 1 Le responsable du traitement ne conserve les données personnelles que le temps nécessaire pour atteindre les objectifs pour lesquels elles ont été collectées ou conformément à la loi applicable. Les différentes catégories de données sont soumises à des périodes de conservation différentes en fonction de leur finalité et de la base légale du traitement.

(2) À l'expiration de la période de conservation applicable, le responsable du traitement supprime définitivement les données personnelles de tous les systèmes ou les rend anonymes de manière à empêcher toute nouvelle identification. Le processus de suppression ou d'anonymisation est effectué de manière systématique et sans retard injustifié.

(3) Les durées de conservation sont déterminées en fonction de la base juridique du traitement, des obligations légales de conservation en vertu du droit commercial et fiscal suisse, des délais de prescription pour les réclamations légales et des besoins opérationnels de l'hôtellerie. Le responsable du traitement des données met à jour des politiques internes documentant ces périodes de conservation et les revoit régulièrement pour garantir une conformité continue.

(4) Le tableau ci-dessous décrit les périodes de conservation spécifiques applicables à chaque catégorie de données personnelles traitées par le responsable du traitement.

Art. 16  (1) The Data Controller maintains detailed records of all consent obtained from Data Subjects, documenting the identity of the Data Subject, the date and time consent was given, the method by which consent was obtained, and the specific purposes and processing activities covered by that consent. These records also capture any subsequent modifications or withdrawals of consent.

(2) Consent records are retained for a maximum of 2 years after the Data Subject withdraws consent or after the Data Controller ceases processing for the purposes covered by that consent. This retention period enables the Data Controller to demonstrate to supervisory authorities that processing was lawful at the time it occurred, even after the underlying personal data has been deleted.

Section V - Data Subject Rights

Art. 17 (1) As a Data Subject whose personal data is processed by the Data Controller, the individual has the right to exercise a comprehensive set of rights designed to ensure transparency, enable control over personal information, and provide remedies in case of improper processing. These rights are established by the Swiss Federal Act on Data Protection and the General Data Protection Regulation and may be exercised at any time.

(2) To exercise any of these rights, the Data Subject should submit a written request to the Data Controller using the contact details provided in Article 1 of this Privacy Policy. Requests may be submitted by email to contact@rucher-evolene.ch, by phone at +41 79 376 49 14, or by postal mail addressed to Le Rucher d'Evolène SA, 3 Route du Contor, 1983 Evolène, Switzerland.

(3) The Data Controller will respond to requests within 30 days of receipt, providing information about the action taken or explaining why the request cannot be fulfilled. In cases of particular complexity or where multiple requests are received from the same Data Subject, this period may be extended by an additional 60 days, though the Data Subject will be informed of any such extension and the reasons for the delay within the initial 30-day period.

(4) Exercising these rights is free of charge for the Data Subject, except in cases where requests are manifestly unfounded, excessive, or repetitive, in which case the Data Controller may charge a reasonable administrative fee or refuse to act on the request. Before applying any such fee or refusal, the Data Controller will inform the Data Subject and provide an opportunity to withdraw or clarify the request.

Art. 18 (1) The Data Subject has the right to obtain confirmation from the Data Controller as to whether personal data concerning them is being processed. If such processing is taking place, the Data Subject has the right to receive a copy of their personal data along with comprehensive information about how that data is being used.

(2) Upon receiving an access request, the Data Controller will provide the Data Subject with information regarding the purposes of processing, the categories of personal data being processed, the recipients or categories of recipients to whom data has been or will be disclosed, and the envisaged period for which the data will be stored or the criteria used to determine that period. The Data Controller will also inform the Data Subject of their other rights, including the rights to rectification, erasure, and restriction, as well as the right to lodge a complaint with a supervisory authority.

(3) The Data Subject may request that personal data be provided in a structured, commonly used, and machine-readable format such as CSV, JSON, or XML. The first copy of personal data is provided free of charge, though the Data Controller may charge a reasonable fee for any additional copies requested by the same Data Subject.

(4) The right of access does not extend to information that would adversely affect the rights and freedoms of other individuals, including trade secrets or intellectual property belonging to the Data Controller or third parties. In such cases, the Data Controller will redact or withhold the specific information that cannot be disclosed while providing all other requested data.

Art. 19 (1) The Data Subject has the right to obtain rectification of inaccurate personal data concerning them without undue delay. When the Data Controller becomes aware that personal data is inaccurate, incomplete, or outdated, it will promptly correct or update the information to ensure accuracy.

(2) The Data Subject may supplement incomplete personal data by providing additional information, including through a supplementary statement that clarifies or updates previously provided information. For example, if the Data Subject's contact details have changed, such as a new email address or phone number, or if their postal address has been updated, the Data Subject may request that the Data Controller update its records accordingly.

(3) Where inaccurate or incomplete data has been disclosed to third parties, the Data Controller will inform those recipients of the rectification unless doing so proves impossible or involves disproportionate effort. Upon request, the Data Controller will inform the Data Subject about the recipients to whom the rectified data has been communicated.

Art. 20 (1) The Data Subject has the right to obtain erasure of personal data concerning them without undue delay when one of several conditions is met. These conditions include situations where the personal data is no longer necessary for the purposes for which it was collected, where the Data Subject withdraws consent on which processing is based and there is no other legal ground for continued processing, or where the Data Subject objects to processing based on legitimate interests and there are no overriding legitimate grounds for the Data Controller to continue processing.

(2) The right to erasure also applies where personal data has been unlawfully processed, where erasure is necessary to comply with a legal obligation under Swiss or European Union law, or where the Data Subject successfully demonstrates that their particular circumstances warrant deletion even when processing might otherwise be justified.

(3) The Data Controller may refuse to erase personal data when retention is necessary for compliance with legal obligations under Swiss commercial, tax, or hotel registration laws, for the establishment, exercise, or defense of legal claims, or for purposes of archiving in the public interest or scientific research where erasure would likely render impossible or seriously impair the achievement of those objectives.

(4) When the Data Controller has made personal data public and is then obliged to erase it, the Data Controller will take reasonable steps to inform other controllers that are processing the data that the Data Subject has requested erasure of any links to, copies of, or replications of that data.

Art. 21 (1) The Data Subject has the right to obtain restriction of processing when they contest the accuracy of personal data, in which case processing is restricted for a period enabling the Data Controller to verify the accuracy of the data. Restriction is also appropriate where processing is unlawful but the Data Subject does not want the data to be erased and instead requests that its use be restricted.

(2) The Data Subject may request restriction where the Data Controller no longer needs the personal data for processing purposes but the Data Subject requires the data for the establishment, exercise, or defense of legal claims. Restriction is also available where the Data Subject has objected to processing based on legitimate interests, pending verification of whether the Data Controller's legitimate grounds override those of the Data Subject.

(3) When processing has been restricted, the Data Controller may only store the personal data and may not carry out any other processing operations except with the Data Subject's consent, for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest.

Art. 22 (1) Where processing is based on consent or on a contract and is carried out by automated means, the Data Subject has the right to receive their personal data in a structured, commonly used, and machine-readable format. This right enables Data Subjects to reuse their personal data for their own purposes across different services and platforms.

(2) The Data Subject has the right to transmit the portable data to another controller without hindrance from the Data Controller, and where technically feasible, the Data Subject may request that the Data Controller transmit the data directly to another controller. The Data Controller will cooperate with such requests to the extent technically possible.

(3) The right to data portability applies only to personal data that the Data Subject has actively provided to the Data Controller, such as information entered during registration or booking, and does not extend to derived or inferred data created by the Data Controller's systems. The exercise of this right does not affect the continued lawfulness of processing that occurred prior to the data portability request.

Art. 23 (1) The Data Subject has the right to object at any time to processing of personal data based on the Data Controller's legitimate interests, including profiling based on those legitimate interests. Upon receiving an objection, the Data Controller must cease processing unless it can demonstrate compelling legitimate grounds that override the interests, rights, and freedoms of the Data Subject, or where processing is necessary for the establishment, exercise, or defense of legal claims.

(2) Where personal data is processed for direct marketing purposes, the Data Subject has an absolute right to object to such processing at any time, including profiling related to direct marketing. When the Data Subject exercises this right, the Data Controller will cease all marketing processing immediately and will not require the Data Subject to provide any justification for the objection.

(3) To facilitate the exercise of the right to object to direct marketing, the Data Controller includes an unsubscribe link in every marketing email sent to Data Subjects. The Data Subject may also object by contacting the Data Controller directly through any of the communication channels listed in Article 1, and the Data Controller will process the objection within 48 hours.

Art. 24 (1) Where processing is based on the Data Subject's consent, the Data Subject has the right to withdraw that consent at any time. Withdrawal of consent is as easy as giving consent and may be accomplished through the same mechanisms used to provide consent initially, ensuring that Data Subjects are not discouraged from exercising this right by burdensome procedures.

(2) The Data Subject may withdraw consent by clicking the unsubscribe link in marketing emails, by adjusting cookie preferences through the website's cookie management tool, by sending an email to contact@rucher-evolene.ch, by calling +41 79 376 49 14, or by informing reception staff during check-out or any subsequent visit to the hotel.

(3) Withdrawal of consent does not affect the lawfulness of processing that occurred prior to withdrawal, meaning that the Data Controller's use of personal data up until the point of withdrawal remains valid and appropriate. However, once consent is withdrawn, the Data Controller will cease all processing that was based solely on that consent unless another legal basis applies.

(4) Withdrawing consent for marketing communications or optional data processing activities does not impact the Data Subject's ability to make bookings, stay at the hotel, or access any core services. The Data Controller ensures that declining optional processing never results in disadvantageous treatment or reduced service quality.

Art. 25 (1) If the Data Subject believes that the processing of their personal data violates applicable data protection law or that their data protection rights have been infringed in any way, they have the right to lodge a complaint with the competent supervisory authority. This right exists independently of any other administrative or judicial remedy and may be pursued in addition to seeking resolution directly with the Data Controller.

(2) Data Subjects in Switzerland should direct complaints to the Swiss Federal Data Protection and Information Commissioner (FDPIC) at Feldeggweg 1, CH-3003 Berne, Switzerland, by phone at +41 (0)58 462 43 95, by email at info@edoeb.admin.ch, or through the FDPIC's website at www.edoeb.admin.ch. The FDPIC investigates complaints, issues recommendations, and has the authority to take enforcement action against controllers that violate Swiss data protection law.

(3) Data Subjects from European Union or European Economic Area member states may lodge a complaint with the data protection authority in their country of residence, place of work, or place where the alleged infringement occurred. A complete and current list of EU/EEA data protection authorities is available at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.

(4) Lodging a complaint with a supervisory authority is entirely free of charge for the Data Subject. The Data Controller respects the right to complain and will not take any retaliatory or discriminatory action against Data Subjects who exercise this right, even if the complaint is ultimately found to be without merit.

Section VI - Data Sharing and Recipients

Art. 26 (1) The Data Controller discloses personal data to third parties only when necessary to fulfill the purposes described in Section III of this Privacy Policy or when required by applicable law. All recipients who receive access to personal data are contractually bound to protect that data and to process it only in accordance with the Data Controller's documented instructions and applicable data protection regulations.

(2) The Data Controller does not sell, rent, or trade personal data to third parties for their own commercial purposes. Any disclosure of personal data is strictly limited to what is necessary for the provision of hotel services, compliance with legal obligations, or protection of the legitimate interests of the Data Controller or third parties.

Art. 27 (1) The Data Controller engages payment service providers to securely process credit card transactions and other forms of electronic payment. These providers have access to payment information necessary to authorize and complete transactions but do not receive access to other guest data unrelated to the payment process. All payment processors maintain PCI-DSS certification and implement industry-standard security measures to protect financial data.

(2) To facilitate the physical delivery of guest communications, invoices, or other documents when required, the Data Controller may share names and postal addresses with postal and courier services. These providers receive only the information necessary to complete the delivery and are contractually prohibited from using recipient data for any other purpose.

(3) The Data Controller is legally obligated to share certain personal data with Swiss governmental authorities, including the local police for guest registration purposes, tax authorities for verification of financial declarations, and other agencies when legally compelled by court order or statutory requirement. In such cases, disclosure is limited to the specific data requested and is made only in response to lawful requests that comply with applicable legal procedures.

(4) External accounting firms and tax advisors receive financial data, including guest names and invoice details, to enable the Data Controller to fulfill its statutory obligations under Swiss commercial and tax law. These professional service providers are bound by legal and contractual confidentiality obligations and process data solely for the purpose of providing accounting, bookkeeping, and tax compliance services.

(5) Legal counsel may receive personal data when necessary for the provision of legal advice, representation in disputes, or defense of legal claims arising from the hotel's operations. Lawyers are bound by professional secrecy obligations under Swiss law and maintain strict confidentiality with respect to all client information, including personal data of Data Subjects.

Art. 28 (1) The Data Controller utilizes Amazon Web Services EMEA SARL, with registered offices at 38 avenue John F. Kennedy, L-1855 Luxembourg, to provide cloud hosting and data storage infrastructure. Data processed through AWS is stored on servers physically located in data centers within France, which is part of the European Economic Area. For compliance with GDPR, AWS implements the European Commission's Standard Contractual Clauses and participates in the EU-US Data Privacy Framework; for compliance with Swiss law, AWS participates in the Swiss-US Data Privacy Framework and benefits from Switzerland's recognition of the European Union as providing adequate data protection.

(2) For website analytics purposes, the Data Controller uses Matomo, operated by InnoCraft Ltd, 7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand. Matomo processes aggregated usage statistics and technical data, with servers located in both New Zealand and Germany. The European Commission has issued an adequacy decision recognizing New Zealand as providing adequate data protection, and Switzerland similarly recognizes both New Zealand and the European Union as jurisdictions with sufficient protection, ensuring that data transfers to Matomo comply with both GDPR and Swiss requirements.

(3) The Data Controller engages Yellow Cactus, located at 10 bis rue du Bel Air, 92310 Sèvres, France, for specialized hotel technology services. As Yellow Cactus is established within France, data transfers benefit from Switzerland's recognition that the European Union guarantees an adequate level of protection, and any potential transfers to the United States are covered by the Swiss-US Data Privacy Framework.

Art. 29 (1) While the Data Controller prioritizes processing personal data within Switzerland and the European Economic Area, certain third-party service providers that support hotel operations maintain infrastructure or processing facilities in countries outside these jurisdictions. Before engaging any provider that involves cross-border data transfers, the Data Controller evaluates the legal framework in the destination country and implements appropriate safeguards to ensure that the level of data protection is not undermined.

(2) For transfers to countries that have not received an adequacy decision from the European Commission or recognition from Switzerland, the Data Controller implements Standard Contractual Clauses adopted by the European Commission and approved by the Swiss Federal Data Protection Commissioner. These contractual clauses impose binding obligations on data recipients to protect personal data according to European and Swiss standards, provide Data Subjects with enforceable rights, and establish audit mechanisms to verify compliance.

(3) In addition to contractual safeguards, the Data Controller conducts Transfer Impact Assessments to evaluate whether the legal environment in the destination country might interfere with the effectiveness of the Standard Contractual Clauses, particularly regarding potential government access to data. Where risks are identified, the Data Controller implements supplementary measures such as enhanced encryption, data minimization, or contractual provisions requiring notification of any government data requests.

(4) The Data Controller regularly reviews the adequacy and effectiveness of transfer mechanisms, updating safeguards in response to legal developments, new guidance from supervisory authorities, or changes in the services provided by data recipients. Data Subjects may request information about specific safeguards applied to transfers of their personal data by contacting the Data Controller using the details provided in Article 1.

Art. 30 (1) The Data Controller does not currently participate in any joint controllership arrangements as defined by Article 26 of the GDPR, whereby two or more controllers jointly determine the purposes and means of processing. Should joint controllership arrangements be established in the future, this Privacy Policy will be updated to identify the joint controllers, explain the allocation of responsibilities between them, and provide information about how Data Subjects can exercise their rights with respect to jointly controlled data.

Section VII - Security Measures

Art. 31 (1) The Data Controller implements appropriate technical and organizational security measures to protect personal data against unauthorized access, accidental loss, destruction, alteration, or unlawful disclosure. These measures are designed to ensure a level of security appropriate to the risks associated with processing guest data in the hospitality context.

(2) Security measures are regularly reviewed and updated to reflect evolving threats, technological advances, and changes in the nature or scope of processing activities. The Data Controller conducts annual security assessments to verify the effectiveness of implemented measures and identify areas requiring enhancement.

(3) While the Data Controller implements robust security measures, no system can guarantee absolute security. The Data Controller makes reasonable efforts to protect personal data but cannot eliminate all risks inherent in electronic data storage and transmission.

Art. 32 (1) All personal data transmitted through the hotel's website, including during the booking process and account login, is protected by Transport Layer Security (TLS) encryption using industry-standard protocols. This encryption ensures that data cannot be intercepted or read by unauthorized parties during transmission over the internet.

(2) Personal data stored in the Data Controller's databases is encrypted at rest using AES-256 encryption standards. Passwords are stored using one-way cryptographic hashing algorithms that prevent recovery of the original password even if the database is compromised. Regular encrypted backups are maintained in geographically separate locations to enable data recovery in the event of system failure or disaster.

Art. 33 (1) Access to personal data is restricted to employees and authorized service providers who require such access to perform their duties. Each individual is assigned unique user credentials, and access permissions are configured according to the principle of least privilege, ensuring that users can access only the specific data necessary for their role.

(2) Administrative access to systems containing personal data is protected by multi-factor authentication, requiring both password verification and a secondary authentication factor such as a time-based code. All access to sensitive systems is logged and these access logs are regularly reviewed to detect any unauthorized or suspicious activity.

(3) The Data Controller maintains an inventory of all individuals who have been granted access to personal data systems, documenting their roles, the level of access granted, and the business justification for that access. Access rights are reviewed quarterly and are immediately revoked when an employee's role changes or their employment ends.

(4) Physical access to servers, network equipment, and paper records containing personal data is strictly controlled through locked facilities, keycard access systems, and surveillance monitoring. Only authorized technical personnel are permitted to enter areas where data processing equipment is housed.

Art. 34  Employees are bound by contractual confidentiality obligations that survive the termination of their employment. Clear policies govern the handling of personal data, including requirements for secure password management, prohibition of unauthorized data transfers, and procedures for reporting security incidents or data protection concerns.

Art. 35 (1) The Data Controller maintains comprehensive incident response procedures that define how security breaches are detected, assessed, contained, and remediated. These procedures designate specific individuals responsible for coordinating the response, establish communication protocols for notifying affected parties and authorities, and outline steps for preventing recurrence of similar incidents.

(2) All data breaches and security incidents are documented in a breach register that records the facts surrounding each incident, the personal data affected, the number of Data Subjects impacted, the actual and potential consequences, and the corrective actions taken. This register enables the Data Controller to identify patterns, improve security measures, and demonstrate accountability to supervisory authorities.

(3) In the event of a data breach that is likely to result in a risk to the rights and freedoms of Data Subjects, the Data Controller will notify the Swiss Federal Data Protection Commissioner within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk, affected Data Subjects will be notified without undue delay, receiving clear information about the nature of the breach, the likely consequences, and recommended protective measures.

(4) The Data Controller conducts annual penetration testing and vulnerability assessments to proactively identify security weaknesses before they can be exploited by malicious actors. These assessments are performed by qualified external security experts and any identified vulnerabilities are prioritized and remediated according to their severity and potential impact.

(5) Network security is maintained through firewalls, intrusion detection systems, and regular security patching of all software and systems. The hotel's guest WiFi network is isolated from internal systems containing personal data, preventing guests from accessing sensitive operational systems even if they successfully compromise the guest network.

Section VIII - Cookies and Online Tracking

Art. 36 (1) The Data Controller's website uses cookies and similar tracking technologies to enhance user experience, analyze website traffic patterns, enable booking functionality, and personalize content displayed to visitors. Cookies are small text files stored on the Data Subject's device when accessing the website, allowing the system to recognize the device during subsequent visits and remember user preferences and settings.

(2) Not all cookies serve the same purpose or present the same privacy implications. Strictly necessary cookies are essential for the website's core functionality, including maintaining secure sessions during the booking process and remembering items placed in the reservation cart. Functional cookies remember user preferences such as language selection and currency display. Analytics cookies collect aggregated statistical information about how visitors use the website, helping the Data Controller identify popular content and technical issues. Marketing cookies track visitor behavior across sessions and websites to deliver targeted advertising and measure campaign effectiveness.

(3) The legal basis for using strictly necessary cookies is the Data Controller's legitimate interest in providing a functional and secure website, as these cookies are essential to deliver services explicitly requested by the Data Subject. All other categories of cookies require the Data Subject's explicit consent before deployment, in accordance with applicable privacy regulations.

Art. 37 (1) When a Data Subject first accesses the website, a cookie consent banner appears explaining the different categories of cookies used and requesting permission to deploy non-essential cookies. The banner provides clear options to accept all cookies, reject all non-essential cookies, or access detailed settings to make granular choices about specific cookie categories.

(2) Data Subjects can modify their cookie preferences at any time by accessing the Cookie Management Center, which is available through a clearly labeled link in the website footer on every page. The Cookie Management Center displays all cookie categories with descriptions of their purposes and allows the Data Subject to enable or disable each category independently using toggle switches.

(3) Beyond the website's built-in cookie management tools, Data Subjects can control cookies through their web browser settings, which typically offer options to block all cookies, delete existing cookies, or be notified before any cookie is set. Instructions for managing cookies in common browsers are available in the browser's help documentation, though blocking certain cookies may impact website functionality.

(4) The Data Controller collects separate consent for each distinct processing purpose that is not strictly necessary for fulfilling the accommodation booking contract. Marketing communications via email, SMS, and postal mail each require individual consent, as do different categories of analytics and advertising cookies.

(5) Consent is never bundled or presented in an all-or-nothing manner. Each consent request is accompanied by a clear explanation of what will be done with the data if consent is granted, and the Data Subject can freely accept some purposes while declining others without any negative consequences for their ability to book accommodation or use core website features.

(6) Consent records are stored securely and linked to the Data Subject's booking or user account where applicable. These records document precisely which consents were given, when they were provided, through which interface they were collected, and whether they have been subsequently modified or withdrawn.

Art. 38 (1) For comprehensive information about the specific cookies deployed on the website, including their names, purposes, expiration periods, and the third-party providers that set or access them, Data Subjects should consult the detailed Cookie Policy, which is available as a separate document at link to Cookie Policy. The Cookie Policy provides a complete inventory of all cookies categorized by type and function.

(2) The Cookie Policy is regularly updated to reflect changes in the Data Controller's use of tracking technologies, addition or removal of third-party services, and modifications to cookie retention periods. The effective date of the current Cookie Policy version is clearly displayed at the top of the document.

Art. 39 (1) To enhance website functionality, analyze visitor behavior, and conduct targeted marketing activities, the Data Controller integrates services provided by external technology platforms. These third-party services may set their own cookies and collect data about website visitors according to their respective privacy policies.

(2) Data Subjects who visit the website should be aware that personal data, including IP addresses, device identifiers, and browsing behavior, may be transmitted to and processed by the following third-party service providers:

• Google LLC – for Google Analytics (website traffic analysis), Google Ads (advertising campaign management), and Google Tag Manager (code deployment and tracking management)
• Meta Platforms, Inc. (Facebook) – for Facebook Pixel (advertising measurement and retargeting)

(3) Google's data protection practices, including information about how Google collects and processes data across its services, are described in Google's Privacy Policy, which is available at https://policies.google.com/privacy. Data Subjects can also learn about Google's advertising practices and opt out of personalized advertising by visiting https://adssettings.google.com.

(4) Meta Platforms' approach to data protection and the specific information collected through Facebook integrations are detailed in Facebook's Privacy Policy, accessible at https://www.facebook.com/privacy/policy. Data Subjects can manage their Facebook advertising preferences through their Facebook account settings.

(5) The Data Controller has implemented contractual safeguards with these third-party providers and, where necessary, relies on Standard Contractual Clauses and adequacy frameworks such as the EU-US Data Privacy Framework to ensure that data transferred to these providers receives adequate protection in accordance with Swiss and European data protection standards.

Section VIII - Policy Updates and Final Provisions

Art. 40 (1) The Data Controller reserves the right to modify this Privacy Policy at any time to reflect changes in data processing practices, legal requirements, business operations, or technological developments. Updates may be necessary to comply with new legislation, implement enhanced security measures, introduce new services, or clarify existing provisions based on feedback from Data Subjects or supervisory authorities.

(2) Each version of this Privacy Policy is assigned a version number and effective date, which are displayed at the beginning of the document. Previous versions are archived and may be made available to Data Subjects upon request to demonstrate how privacy practices have evolved over time.

Art. 41 (1) When material changes are made to this Privacy Policy that affect how personal data is processed, the purposes for which it is used, or the rights available to Data Subjects, the Data Controller will provide advance notice through prominent notification on the website homepage and, where applicable, by email to registered guests whose contact information is on file.

(2) Material changes include modifications to the legal bases for processing, introduction of new categories of recipients with whom data is shared, implementation of new processing activities such as profiling or automated decision-making, changes to data retention periods that extend how long data is stored, or alterations to international data transfer arrangements.

(3) For non-material changes, such as updates to contact information, clarifications of existing provisions without substantive change, or corrections of typographical errors, the Data Controller will simply publish the revised policy on the website with an updated effective date. Data Subjects are encouraged to review the Privacy Policy periodically to stay informed about how their personal data is protected.

(4) If changes to the Privacy Policy require new consent from Data Subjects—for example, because the Data Controller intends to process personal data for purposes not covered by previously obtained consent—the Data Controller will seek fresh consent before implementing the new processing activities. Continued use of the website and services after receiving notice of changes constitutes acceptance of the updated policy for processing activities based on contract or legitimate interest.

Art. 42 (1) This Privacy Policy is governed by and construed in accordance with the laws of Switzerland, specifically the Swiss Federal Act on Data Protection (revDSG), and for Data Subjects in the European Union or European Economic Area, the General Data Protection Regulation (GDPR). Where both frameworks apply, the Data Controller complies with whichever regulation provides the highest level of protection to the Data Subject.

(2) Any disputes arising from or relating to this Privacy Policy or the processing of personal data will be resolved first through good faith negotiations between the Data Subject and the Data Controller. If a resolution cannot be reached, Data Subjects may pursue their rights through the competent Swiss courts or, for EU/EEA residents, the courts of their country of residence.

Art. 43  If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable by a court or supervisory authority, that provision will be modified to the minimum extent necessary to make it valid and enforceable while preserving its original intent, or if modification is not possible, it will be severed from the policy. The invalidity of any single provision does not affect the validity or enforceability of the remaining provisions.

Art. 44 (1) Data Subjects who have questions about this Privacy Policy, wish to exercise their data protection rights, or need clarification about how their personal data is processed should contact the Data Controller using the information provided in Article 1 of this Privacy Policy. The Data Controller is committed to responding promptly and transparently to all inquiries.

(2) For specific requests to exercise rights such as access, rectification, erasure, or objection, Data Subjects should clearly identify themselves and specify the nature of their request. The Data Controller may request additional information to verify the identity of the requester before processing requests that involve disclosure of personal data or changes to processing activities.

Art. 45 (1) In case of any discrepancy between language versions, the English version will prevail as the authoritative text for interpretation purposes.

(2) The Data Controller commits to maintaining the highest standards of data protection and regularly reviews its practices to ensure alignment with best practices in the hospitality industry and evolving legal requirements. The Data Controller welcomes feedback from Data Subjects regarding privacy practices and continuously seeks opportunities to enhance transparency and strengthen protections.

Art. 46 (1) This Privacy Policy enters into force on 10.12.2025 and supersedes all previous privacy notices, policies, or statements issued by the Data Controller. Data Subjects who booked accommodation prior to this effective date are subject to the terms of this updated policy for all processing that occurs after the effective date, while processing that occurred before remains governed by the policy in effect at that time.

‍