Privacy Policy Matterhorn App

1. Scope

This Data Protection Statement applies to use of the Matterhorn App (hereafter the “App”).

The App is operated by Zermatt Tourism, Bahnhofplatz 5, 3920 Zermatt (“we”, "us”, “our”). Zermatt Tourism is responsible for collecting, processing and using your personal data. Zermatt Tourism is therefore also responsible for all data processing taking place in accordance with applicable law. You can contact us with your questions about the processing of your data at any time:

Zermatt Tourism
Bahnhofplatz 5
CH - 3920 Zermatt

Email: datenschutz@zermatt.swiss

Zermatt Tourism has also appointed an EU representative in accordance with Art. 27 GDPR and a UK representative in accordance with Art. 27 UK GDPR, whom you can contact by email or post as follows for enquiries:

EU representative:
Swiss Infosec (Deutschland) GmbH
Unter den Linden 24
10117 Berlin
Deutschland

E-Mail-Adresse: zermatt-tourismus.dataprivacy@swissinfosec.de

UK representative:
Swiss GRC UK Limited
The Nova Centre
1 Purser Road
Northampton
NN1 4PG
England

E-Mail-Adresse: zermatt-tourismus.dataprivacy@swissgrc.uk.com

Protection of your personal data is very important to us. We take the subject of data protection seriously and pay attention to your data’s security. We observe all the applicable statutory regulations, in particular the Swiss Data Protection Act (DSG) and the Ordinance to this Act (VDSG), as well as the provisions of the Swiss Telecommunications Act (FMG). Insofar as applicable, we also comply with the provision of the European Union General Data Protection Regulation (GDPR).

We want you to know which personal data we collect from you, how we do this, how this data is processed and for what purposes. Therefore, we ask that you read the following information carefully.

 

2. Which data do we process when you use the App?

The interactive Matterhorn App is your customised mobile companion for experiencing a perfect summer and winter in Zermatt. The following data supplied by you may be processed when using the App: Name, client address data, contact information, payment method, travel information, transaction data and transaction history when purchasing tickets, articles or reservations, as well as location data. Your data will be linked to your profile. Your data is stored in the app database, which is hosted by a third-party provider, and will be deleted on deletion of your profile, which you can initiate yourself at any time in the settings. The legal basis for this processing of data lies in fulfilment of a contract (Art. 6 (1b) GDPR).

If you wish to avoid location data being transmitted, please deactivate your device’s GPS function, either by rejecting use of the function when you first install the App, or later by adjusting your device and App settings.

When you use the App, further information will be collected every time you open it. This concerns information about the App version, device, device network, operating system, screen information, location (only if GPS function is activated) and IP address. This information is used to make our service more user friendly, more effective and safer. If personal data is processed in this regard, this is necessary to uphold our overriding legitimate interests (Art. 6 (1f) GDPR).

  

3. Why do we collect and process your data?

We only collect and process the data that is needed to use, operate and support the app and to buy e-tickets using the app.

ZBAG and MGBahn/GGB also have access to this data and process it in accordance with their own privacy policies.

Zermatt Tourism, ZBAG and MGBahn/GGB use appropriate security systems to protect the data against foreseeable risks.

Furthermore, personal data and travel data are processed by us and our partners in anonymised form and in the form of statistics (e.g. sales revenues, number of journeys undertaken) for the purpose of further development to improve the app. Anonymous tracking information is collected when the app is used and sent to third-party providers for the purpose of analysis and evaluation in order to optimise the app. In addition, anonymised crash reports are collected regarding technical errors and sent to a third-party provider for evaluation and troubleshooting in order to make technical improvements to the app. Further information about the processing of your data by our service providers is given below.

  

4. Which external service providers are used to operate the App?

We work with miscellaneous external service providers for specific purposes such as analytics, contacting customers, registration and authentication, payments processing, infrastructure monitoring, creating and managing back-up copies, hosting and back-end infrastructure, tag management, location-related interactions, user database management and performance testing of content and functions. Below please find an overview of these service providers:

 

App evaluation/analysis/monitoring

We collaborate with “Firebase” for evaluation, analysis and monitoring of our App. This service is provided by the US company Google Inc. In Europe, the responsible company is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Store accounts are linked to Firebase. Firebase provides us, as the App Owner, with statistics from Apple, Google and other app stores, to allow us to better evaluate the success of our App. Further information can be found at https://policies.google.com/privacy?hl=de.

If personal data is processed in this regard, this is necessary to uphold our overriding legitimate interests (Art. 6 (1f) GDPR).

 

Advertising and information campaigns

"Braze" (Braze Inc., 318 West 39th Street, 5th Floor, New York, New York 10018; formerly Appboy Inc.) is an analysis tool that processes personal data and user activity, so that we can provide you with personalised advertising and information campaigns. Data is processed in the USA. Further information can be found at www.braze.com/legal/.

If personal data is processed in this regard, this is necessary to uphold our overriding legitimate interests (Art. 6 (1f) GDPR).

Opt out: If you do not want to receive push notifications in the Android or iOS App, you can block them in your smartphone’s system settings. 

 

Infrastructure monitoring

The App uses the “Bugsnag” error diagnosis service from SmartBear Software Inc. (450 Artisan Way, Somerville, MA0214, USA). If the App crashes during use, or if unexpected errors occurs, specific information (device type, operating system version, error date and time, country from which the request came and operating system language setting) is sent to Bugsnag. Data is processed in the USA. Further information can be found at https://smartbear.com/privacy/.

Processing takes place in order to record and analyse errors. The information obtained is used to maintain and improve our App. If personal data is processed in this regard, this is necessary to uphold our overriding legitimate interests (Art. 6 (1f) GDPR).

You can refuse data processing by Crashlytics by switching off collection and transmission of usage information and diagnosis data by Crashlytics in the App’s settings. This option is activated when the App is supplied. The analysis data processed and stored using Crashlytics is automatically erased after a specific period of time.

 

Registration and authentication

We use the "Auth0” authentication service (10900 NE 8th Street Suite 700, Bellevue, Washington 98004), to which we transmit images, cookies, e-mail, surname, password and IP address. The service ensures that the right person accesses your account. Data is processed in the USA. Further information can be found at https://auth0.com/privacy/.

If personal data is processed in this regard, this is necessary to uphold our overriding legitimate interests (Art. 6 (1f) GDPR).

   

Hosting and backend infrastructure

We collaborate with Amazon Web Services (AWS) and mLab (Amazon.com, Inc.,2021 Seventh Ave, Seattle, Washington 98121) for hosting and backend infrastructure. These services provide a secure platform for cloud services and offer processing and database storage, and provide content and other functions. Amazon may process data in the USA. Further information can be found at https://aws.amazon.com/privacy/.

If personal data is processed in this regard, this is necessary to uphold our overriding legitimate interests (Art. 6 (1f) GDPR).

 

Creation and management of backup copies

We collaborate with Amazon Glacier (Amazon.com, Inc.,2021 Seventh Ave, Seattle, Washington 98121) for creation and management of backup copies. Amazon Glacier is a Cloud storage service for long-term security and archiving of data. Amazon may process data in the USA. Further information can be found at https://aws.amazon.com/privacy/.

If personal data is processed in this regard, this is necessary to uphold our overriding legitimate interests (Art. 6 (1f) GDPR).

 

Handling and processing payments

Our App gives you the option of making bookings. For this purpose your data is also supplied to our payments service provider. Payment is possible only via the stated online payments process. Our credit card payments are processed by Datatrans AG, whose registered office is at Kreuzbühlstrasse 26, 8008 Zürich7, Switzerland. Please refer to https://www.datatrans.ch/de/datenschutzbestimmungen/ for further information. If personal data is processed in this regard, this is necessary for performance of a contract (Art. 6 (1a) GDPR).

   

5. Is data passed to other third parties?

We only share your personal data with other third parties if this is necessary to fulfil our contractual obligations to you (e.g. when you purchase an e-ticket, we share your data such as email address, surname and first name, date of birth, transaction data, transaction history or means of payment with the relevant transport company), if you have given us your express consent, if we are under a legal obligation, or if this is necessary for us to assert our rights, in particular to enforce claims arising from a contractual relationship. Furthermore, we pass your data on to third parties if necessary, within the scope of use of the App, to provide the services you require, and to analyse your user behaviour as described above.

In this regard we would like to draw it to your attention that we use software solutions from "Salesforce" (see www.salesforce.com) within the scope of data processing. Salesforce provides online tools which its customers use to operate certain areas of their businesses. These include customer relationship management tools, customer service, participation in social networks, development of communities, data analysis, management of employees and platforms for creation of online applications. By providing these tools, Salesforce processes data transmitted to its services and/or processes this data on its customers’ instructions and in their name. We use Salesforce’s services, for example, to combine data collected by the App with other data collected by Zermatt Tourism and/or Zermatt Bergbahnen AG and to store them in a standardised database. This serves the purpose of providing the client with support. Detailed information about Salesforce’s data privacy can be found under the following link: https://www.salesforce.com/company/privacy/.

 

6. Do we transfer your data abroad?

Some of the services we use are purchased from other countries, and as a result your personal data can also be sent to these countries. Personal data is only transferred abroad when the applicable legal requirements are satisfied. Third parties located in foreign countries are required to uphold data protection requirements to the same extent as we are. If the level of data protection in a foreign country is not equivalent to Swiss or European standards, we enforce contractual conditions requiring an equivalent level of protection for personal data to that which applies in Switzerland or the EU at all times, for example by signing EU standard contractual clauses.

 

7. www.matterhornparadise.ch and www.zermatt.ch websites

For the sake of completeness we would like to remind you that when you are forwarded from the app to the web pages of www.matterhornparadise.ch and www.zermatt.ch or if you visit these web pages from within the app, your personal data can also be processed. The privacy policies that can be found on these web pages apply to the data processing in such an instance.

 

8. For how long do we store data?

If you register on the Matterhorn App, we store your data for as long as your account exists and in accordance with our legal obligations. In principle, we do not permanently store purely technical data on App use. It is only stored for longer if we detect attacks on our website and/or the App and have to take appropriate action.

In the process, generally we store personal data only for as long as is necessary

  • to use the stated tracking and analysis services within the scope of our legitimate interests,
  • in order to implement services that you require, or to which you have given your consent, to the abovementioned extent;
  • in order to fulfil our statutory obligations.

We store data in connection with conclusion or fulfilment of a contract for longer, as prescribed by the statutory duties of retention, for example in invoicing and tax law regulations.  According to these regulations, commercial communications, completed contracts and journal vouchers must be retained for up to 10 years. Fundamentally this data is blocked if we no longer need it to provide you with the services. This means that the data must then be used only for accounting and tax purposes.

 

9. Data security and confidentiality

We make use of appropriate technical and organisation security measures to protect your personal data that we store against manipulation, partial or complete loss, and against unauthorised third-party access. Our security measures are continually upgraded to the latest standards.

It is important that you always treat your payment information (especially credit card details) as confidential. We recommend closing your browser window if you have finished communicating with us, especially if use of a computer is shared with other people.

We also take internal company data protection very seriously. We oblige our employees and the service companies that we instruct to maintain confidentiality and comply with data protection law.

 

10. What are your rights?

You can assert various rights in respect of your data :

  • To revokeconsent at any time. If you have consented to the processing of your personal data, you can revoke that consent at any time.
  • To object to the processing of your data. You have the right to object to the processing of your data if the legal basis for that processing is something other than consent.
  • To receive information about the processed data. You have the right to be informed about Zermatt Tourism’s data processing, to obtain information about individual aspects of the processing and to obtain a copy of the data.
  • To verify and correct. You have the right to verify the accuracy of your data and to require it to be updated or corrected.
  • To limit data processing. You have the right to restrict the processing of your data in certain circumstances.
  • To request the deletion or erasure by other means of your personal data. You have the right in certain circumstances to demand that your data be erased.
  • To obtain data in a portable format for migration to another data controller. You have the right to obtain your data in a common, structured and machine-readable format and where technically possible to have this migrated to another data controller without obstruction.
  • To complain. You have the right to make a complaint to a responsible regulator or supervisory authority. In Switzerland this is the Federal Data Protection and Information Commissioner.

You can contact us for the aforementioned reasons by emailing datenschutz@zermatt.swiss. We may ask for proof of identity in order to handle your request. When you contact us we will try to respond as quickly as possible and undertake the requested action. Please note that sometimes we will have to decline to uphold all or some of these rights either for legal reasons or on the basis of the data protection laws. In such cases we will inform you accordingly.

  

11. Changes to this privacy policy

We reserve the right to make changes to this privacy policy at any time. The current version of this privacy policy can always be accessed through the app. We recommend that you access it on a regular basis and check the date it was last changed at the bottom of the page. If changes affect the use of data based on your consent, Zermatt Tourism will seek your renewed consent where this is required.

Last updated: 19/09/2022