We provide international guests of the Zermatt destination with the website stay-zermatt.ch, which serves to obtain information and offers about our accommodations as well as to request services or book accommodations.
1. Responsible Party
The party responsible for processing your personal data is:
Aufdenblatten Apartments AG
Bühlmattstrasse 3
6045 Meggen
info@stay-zermatt.ch
2. Overview
We collect personal data in various ways. For example, data is collected when you use the website www.stay-zermatt.ch. Data is also collected when you make a booking, use our social media channels, or sign up for a newsletter. A detailed list of our data processing processes can be found in section 5 of this privacy policy.
Personal data is generally processed and stored in Switzerland or the European Union. In some cases, we work with third-party service providers who may store your data in other countries. For more information, see section 8 of this privacy policy.
3. What Personal Data is Collected?
We collect personal data from you – as the affected person – or from third parties, such as other individuals traveling with you to Zermatt, from hotels or restaurants, publicly available registers, or other public sources. This information is stored centrally in our booking tools, together with other personal data that we have collected about you (see section 7 of this privacy policy for more details).
The personal data we collect directly or through third parties includes, among other things:
- Usage data such as domain name, user settings, browser type, session ID, authentication data, visitor time, and other metadata;
- Booking data such as hotel name, number of adults/children, number of nights, number of rooms, booking price and method, payment method, room category;
- Contact information such as email, first name, last name, telephone number, address;
- Other personal information such as gender, date of birth, family members;
- Information about the organization you belong to or represent.
Personal data may be provided voluntarily or collected automatically. For example, when you use the website. Additionally, you may be asked to share personal data with us when you contact us (e.g., via email or booking form).
4. What Legal Bases Do We Rely on for Processing Personal Data?
We process your personal data for the purposes described in section 5 of this privacy policy when:
- It is necessary for the fulfillment of a contract; or
- It is necessary for compliance with legal obligations; or
- Where applicable, there is consent for data processing; or
- We or a third party, especially one of our service partners, has a legitimate interest and your interests, fundamental rights, and freedoms do not override that interest.
You will find detailed information about the processing purposes and the processed data in section 5 of this privacy policy.
5. When and Why Do We Process Personal Data?
We use personal data about you for various purposes:
5.1 Use of the Website www.stay-zermatt.ch in General
Below, we describe the data we process when you use our website. Please note that privacy policies from third parties may also be relevant. These can be accessed directly, and it is important to study them carefully.
The website www.stay-zermatt.ch is hosted by the hosting provider “Hostinger,” which has its server location in Germany.
5.1.1 Purposes and Legal Bases
We collect data about you to provide the content of the website and deliver the products and services offered through the website. In such cases, the legal basis for data processing is the fulfillment of a contract (Art. 6 para. 1 lit. b GDPR) and our legitimate interests (Art. 6 para. 1 lit. f GDPR).
Furthermore, data is collected for the following purposes: analytics, remarketing and behavioral targeting, tag management, contacting you, heat mapping, session recording, and newsletter sign-up and sending. In these cases, the legal basis for data processing is our legitimate interests (Art. 6 para. 1 lit. f GDPR) or, where legally necessary, your consent (Art. 6 para. 1 lit. a GDPR). If your personal data is transferred abroad for these purposes, we always ensure adequate data protection (see section 8 of this privacy policy).
5.1.2 Analytics Services
With the following services listed below, we can monitor and analyze traffic and track your behavior on our website.
Facebook Ads Conversion Tracking (Facebook, Inc.)
Conversion tracking from Facebook Ads is an analytics service of Facebook, Inc. that connects data from the Facebook advertising network with actions taken on this website. This allows us to optimize our advertisements by defining custom audiences that respond more strongly to our advertising.
- Collected personal data: Device information and usage data.
- Place of processing: worldwide, especially Ireland and the USA.
- Here is the link to the privacy policy of Facebook Inc.
Google Analytics (Google Inc.)
Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses the collected data to track and analyze how this website is used, compile reports on its activities, and utilize this information in conjunction with other Google services.
We also use the Google Display Advertising extension. This Google Analytics extension allows this website to access third-party visitor data and information from the DoubleClick cookie and to use data obtained through Google’s interest-based advertising. The integration of this data enhances the analytics service with demographic characteristics and interests, as well as interactions with ad impressions.
Google itself may combine this information with data from other websites you have visited that are also analyzed by Google and use these insights for its own purposes (e.g., ad targeting). If you are registered and logged into Google, Google recognizes you. If your usual residence is in the European Economic Area or Switzerland, Google Ireland Limited is responsible for processing your personal data.
- Collected personal data: usage data, device information, and location data
- Processing location: worldwide, particularly in Ireland and the USA
- Here is the privacy policy of Google Inc.
Hotjar Heat Maps & Recordings (Hotjar Ltd.)
Hotjar Heat Maps & Recordings is a session recording and heat map service provided by Hotjar Ltd. Heat Maps visually track and display which areas of a website are most frequently visited or clicked on. With Recordings, your clicks and mouse movements on our website can be analyzed, allowing conclusions to be drawn about the website’s usability. Hotjar is not designed for tracking individual users.
- Collected personal data: usage data, device information, and location data
- Processing location: EU
- Here is the privacy policy of Hotjar Ltd.
5.1.3 Remarketing and Behavioral Targeting
With so-called remarketing and behavioral targeting services, these websites and their partners can analyze how this website was used in previous sessions to target and optimize advertising.
Facebook Retargeting / Remarketing with Facebook Pixel (Facebook, Inc.)
Facebook Retargeting/Remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects the activity on this website with the Facebook advertising network. This allows us to specifically reach people who have previously used our website and services, bringing them back and keeping them informed about our offers through Facebook Ads. For this purpose, we have implemented Facebook Pixel on our website.
- Collected personal data: Usage data and device information.
- Processing location: USA.
- Here is the link to Facebook Inc.’s privacy policy.
5.1.4 Tag Management
So-called tag management services are used to manage the tags (code snippets) or scripts needed for this website centrally. This allows your data to flow through these services and may be stored.
Google Tag Manager (Google LLC)
Google Tag Manager is a service provided by Google LLC for managing tags.
- Collected personal data: Usage data, device information, location data (if you are signed in to your Google account while using our services, this data may also be stored directly in your Google account)
- Processing location: Worldwide, particularly in Ireland and the USA
- Here is the privacy policy of Google LLC
5.1.5 Use of Cookies
This website uses cookies. In our cookie policies, we explain in more detail what cookies are and their purposes.
The use of cookies is in our legitimate interest (Art. 6 para. 1 lit. f GDPR) or is based on your consent (Art. 6 para. 1 lit. a GDPR).
The use of cookies is based on our legitimate interest (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR).
5.1.6 Contact Form
You have the option to use a contact form on the website to get in touch with us. When you use our contact form, the entry of certain data is mandatory, while other data is optional:
- Salutation (mandatory)
- First and last name (mandatory)
- Address (street, house number, city, postal code) (optional)
- Phone number (optional)
- Email address (mandatory)
This data is used primarily to respond to contact inquiries as effectively and personalized as possible, serving the provision of our services (Art. 6 para. 1 lit. b GDPR) or is in our legitimate interest (Art. 6 para. 1 lit. f GDPR).
5.2 Use of Other Products and Services
5.2.1 Bookings
When you book accommodation or anything else through our website, we and our service partner Interhome need your personal data to manage, complete, and process the booking in a legally compliant manner, which serves the provision of our services (Art. 6 para. 1 lit. b GDPR) or is in our legitimate interest (Art. 6 para. 1 lit. f GDPR):
- Salutation (mandatory)
- First and last name (mandatory)
- Booking details (hotel/restaurant name, number of people, allergies, event name, preferences, etc.) (partially mandatory)
- Email address (mandatory)
This data can also be used for statistical purposes or to target advertisements to you (by us or through social media platforms, such as Facebook). The processing of your data for analytical purposes and advertising is based on our legitimate interest under Art. 6 para. 1 lit. f GDPR.
5.2.2 Newsletter Subscription
You have the option to subscribe to a newsletter. Registration is required, during which you must provide the following data:
- Salutation (mandatory)
- First and last name (mandatory)
- Email address (mandatory)
Additionally, you can voluntarily provide further data about your hobbies, interests, or preferences. This data is processed solely to personalize the information and offers sent to you better and align them more closely with your interests.
A newsletter may also contain a so-called web beacon (tracking pixel) or similar technical means. A web beacon is a 1×1 pixel invisible graphic that is associated with the user ID of the respective newsletter subscriber. The use of such web beacons serves to evaluate whether the emails containing the newsletter have been opened, to track and analyze your click behavior. Furthermore, this data will be used for statistical purposes and for optimizing the newsletter or for targeted advertising to you (by us or through other social media platforms, such as Facebook).
Newsletters are sent to you only based on your consent in accordance with Art. 6 (1) lit. a GDPR, which you can withdraw at any time by unsubscribing (at which point you will be removed from our system). The processing of your data for evaluation purposes and for displaying advertisements is also based on our legitimate interest in accordance with Art. 6 (1) lit. f GDPR.
Mailchimp is used for sending the newsletters. You can find Mailchimp’s privacy policy here.
5.2.3 Guest Services
If you use our guest service from Interhome and share personal information such as name, address, email, language, payment method, or date of birth with staff, your data may be used to answer questions you may have regarding a booking or the Zermatt – Matterhorn destination.
If you call our guest service, the call may be monitored and recorded for training purposes or quality management.
The legal basis for this data processing lies in fulfilling a contract according to Art. 6 para. 1 lit. b GDPR, our legitimate interest (Art. 6 para. 1 lit. f GDPR), or, if necessary, we will obtain your consent in advance (Art. 6 para. 1 lit. a GDPR).
5.2.4 Collection and Control of Tourist Taxes
Guests of the Zermatt, Täsch, and Randa destinations are required to pay a tourist tax. Zermatt Tourism is the legally appointed revenue authority for this tax. Zermatt Tourism is responsible for the billing and control of this tax. Zermatt Tourism receives the necessary data from us (service providers, e.g., hotels, mountain hut operators, etc.).
This data includes name, number of overnight stays, number of adults/children, place of residence, and date of birth. In addition, Zermatt Tourism collects email addresses and (mobile) phone numbers, number of rooms, nationality, and language of guests, partially room categories, company names, titles, salutation, date of birth, age, address, as well as the booking methods and prices of the guests via the digital registration form.
We and Zermatt Tourism have a legal mandate or legitimate interest to process this data (Art. 6 para. 1 lit. c and f GDPR).
5.3 Further Processing Purposes
The data you provide or that we collect (as described above) may additionally be processed for the following purposes:
- Payment Processing: We also integrate third-party service providers who handle the payment processing between you and us or a service partner. These service providers provide us with payment information so that we can process and manage your booking.
- Marketing and Other Communication:
- We use your contact information to send travel-related products and services if you have made a booking through us. You can unsubscribe from these marketing messages at any time by simply clicking the “Unsubscribe” link in the newsletter.
- Based on the information you share with us or receive from social media partners through the use of cookies, you can see personalized offers on our website or on third-party websites/apps. The content of the pages displayed to you may also be personalized.
- If you participate in other promotional activities (e.g., sweepstakes or contests), personal data may be collected for entry and conduct of these promotional activities. This may be the case, for example, when we collect your contact details because you participate in one of our sweepstakes or contests so that we can identify and contact you if you win.
- Ensuring a Safe and Reliable Service: We may use personal data to detect and prevent fraud and other illegal or undesirable activities.
- Improving Our Services and Internal Purposes: We also use personal data for analytical purposes. This is not only for the improvement of our services and optimization of the user experience but may also be for testing purposes, troubleshooting, and improving the functionality of our website. Here, we aim to use only pseudonymized data for these analytical purposes.
- Legal Purposes: We process your data to fulfill any legal obligations and to assert, defend, or enforce claims.
6. With Whom and Why Do We Share Your Data with Third Parties?
Under certain circumstances, we share your personal data with third parties, e.g., in connection with the provision of our services or when it is in our legitimate interest. These third parties may be located in Switzerland or abroad.
- The service provider you booked with: To complete your booking, answer questions, or process payments, we transmit the relevant booking data to our service partner Interhome.
- Business Partners: We collaborate with business partners, such as tour operators or travel agencies, worldwide. In general, we do not share your personal data with these business partners unless you have given your consent or the exchange serves the provision of our services in connection with an inquiry from you (e.g., forwarding inquiries regarding accommodation, etc.).
- Competent Authorities and Police:
- We disclose personal data for law enforcement purposes if required by law, or urgently needed to prevent, detect, or prosecute criminal acts or fraud, or if we are obliged to do so for other reasons. In addition, we may also share personal data with the competent authorities to protect our rights and those of the service or business partners.
- If a person is missing or another police emergency occurs, we assist the police in their investigations. In such cases, the police may have direct (but limited) access to the contact and residence data of the affected person.
- Municipalities of Zermatt, Täsch, and Randa: Certain data is shared with the municipalities of Zermatt, Täsch, or Randa when we process your personal data on their behalf, when there is a legal obligation to do so, or when there is a resolution from the cantonal or municipal council.
- Other Third-Party Service Providers: We rely on service providers such as payment providers, IT/software providers, CRM providers, banks, insurers, advertising agencies, social media platform operators, or external consultants who process personal data on our behalf. All third-party service providers are subject to confidentiality obligations and bound by contracts for processing. They are not authorized to process personal data for other purposes than those defined by us. These third-party service providers include, among others, Facebook, Instagram, Google, Interhome, Hotel Alpen Resort & SPA, Zermatt Tourism, and Zermatt Bergbahnen AG.
7. Do We Transfer Personal Data Abroad?
Personal data is only transferred abroad if the applicable legal requirements are met. We transmit data, store data in, or allow access to data from the following countries: United Kingdom and EU member states, as well as the USA. Third parties abroad are or will be subject to data protection obligations to the same extent as we are.
8. How Long Do We Store Your Personal Data?
Personal data is only processed and stored as long as necessary for the purpose for which it was collected.
Therefore:
- Personal data collected for the purpose of fulfilling a contract between you and us will be stored until the complete fulfillment of this contract.
- Personal data collected to protect our legitimate interests will be retained as long as necessary to fulfill these purposes.
- Additionally, we are allowed to store personal data for a longer period if you have consented, as long as the consent is not revoked or if this is necessary to fulfill a legal obligation (for example, accounting laws or tax laws) or at the request of an authority or in the context of a procedure.
After the retention period has expired, personal data will be deleted.
9. How Is Your Data Protected?
We take appropriate security measures to prevent unauthorized access to or distribution, alteration, or destruction of data. Security measures are continually improved in line with technological developments.
Within the website visit, the SSL protocol (Secure Socket Layer) is used in conjunction with the highest encryption level supported by your browser. This is typically a 256-bit encryption. If the browser does not support 256-bit encryption, 128-bit v3 technology is used instead. Whether a specific page of the website is transmitted encrypted can be recognized by the closed representation of the key or lock icon in the lower status bar of the browser.
Data processing is conducted by computer or other IT-based systems according to organizational procedures and processes explicitly focusing on the specified purposes. Electronic data collections are protected by logins and passwords.
Our partners, employees, and third-party service providers who have access to their data (including personal data) are subject to confidentiality obligations.
10. What Rights Do You Have?
You can exercise various rights regarding your data processed by us.
In particular, you have the right to:
- Withdraw consent at any time. If you have consented to the processing of personal data, you can withdraw your consent at any time.
- Object to the processing of your data. You have the right to object to the processing of your data if it is based on a legal basis other than consent.
- Obtain information about the processed data. You have the right to know whether your data are being processed by us, to obtain information about individual aspects of the processing, and to receive a copy of the data.
- Verify and request correction. You have the right to verify the accuracy of your data and to request their update or correction.
- Request restriction of processing. You have the right to restrict the processing of your data under certain circumstances.
- Request deletion or removal of personal data. You have the right to request the deletion of your data under certain circumstances.
- Obtain and transfer data to another controller. You have the right to receive your data in a structured, commonly used, and machine-readable format and, where technically feasible, to transmit it to another controller without hindrance.
- Submit a complaint. You have the right to lodge a complaint with the competent supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner.
All inquiries regarding the exercise of rights can be directed to us via the contact details provided. Please note that the granting of these rights may be denied or restricted for legal reasons or based on data protection law.
11. Changes to This Privacy Policy
We reserve the right to make changes to this privacy policy at any time. Changes or modified versions of this privacy policy will be published on www.stay-zermatt.ch. Therefore, we recommend that you regularly check this page and review the last modified date indicated at the bottom of the page. If changes affect data usage based on your consent, we will obtain a new consent if necessary.
Effective: October 17, 2024