Zermatt Tourism Data Protection Statement

Zermatt Tourism collects personal data from Users and visitors. Protection of personal data is very important to us. Every User or visitor can contact the Owner at any time using the contact details provided below, and every enquiry will be answered as quickly as possible.

Reference will be made to the appropriate legal principles if and insofar as the provisions of the European General Data Protection Regulation (GDPR) apply.

 

1. Owner and Controller

Owner:

Zermatt Tourism 
Bahnhofplatz 5 
3920 Zermatt, Switzerland

Represented by: Daniel Luggen

Owner’s e-mail address: datenschutz@zermatt.ch

 

2. Overview

Zermatt Tourism collects personal data in various ways. General data is collected, for example, if a visitor uses the www.zermatt.ch Website. Other, specific data is collected if a visitor makes a booking, or if the visitor subscribes to a newsletter. Below we explain in detail which types of data are collected, how and for what purposes.

 

3. Use of the www.zermatt.ch Website in general

 

3.1 Types of data collected: Overview and general information

 

The personal data processed independently by the www.zermatt.ch Website (the “Website”), or by third parties, includes: Cookies, usage data, e-mail, first name, surname, telephone number, province/canton/state, country, postcode, sex, date of birth, town/city, address and company name.

Specific sections of this Data Protection Statement provide complete details about every type of personal data processed. The User may provide personal data voluntarily or, in the case of usage data, this is collected automatically when this Website is used.

Unless otherwise stated, it is compulsory to provide all the data requested by this Website. If the User does not agree to this data processing, this may cause this Website to be unable to provide the User with its services, or with some services only. In cases where this Website expressly designates the provision of personal data as voluntary, Users must decide whether or not to provide this data, without any consequences in terms of the service’s availability or functionality. Users who are unsure which personal data is obligatory can contact the Owner at any time.

Users are responsible for any third-party personal data procured, published or transmitted by this Website and confirm that they have obtained consent to transmission of any third party’s personal data to this Website.

 

3.2 Type and place of data processing

 

The Owner processes user data in a due and proper manner and takes appropriate security measures to avoid unauthorised access and unauthorised forwarding, amendment or destruction of data.

Data processing is carried out by computer or other IT-based systems according to organisational methods and processes that intentionally take into account the stated purposes. Other persons internally (HR, sales, marketing, legal department, system administrators) or externally (such as providers of technical services, delivery companies, hosting providers, IT companies and communications agencies) in addition to the Controller might operate this Website and therefore have access to the data and, insofar as necessary in this case, will be appointed as Processor by the Controller. A current list of these parties may be requested from the Owner at any time.

The www.zermatt.ch website is hosted by Maxcluster, whose servers are located in Frankfurt am Main, Germany.

 

3.3 Purposes and legal basis for processing

 

The User’s personal data is primarily collected so that the Owner can provide the services offered via the Website. In such a case the legal basis for this processing of data lies in fulfilment of a contract (Art. 6 (1b) GDPR).

Data is furthermore processed for the following purposes: analytics, interaction with live chat platforms, remarketing and behavioural targeting, tag management, User contact, heat mapping, session recording, and newsletter subscription and dispatch. In these cases the Owner’s legitimate interests (Art. 6 (1f) GDPR) form the legal basis for this data processing.

Users can find more detailed information about these processing purposes and the personal data used for the respective purpose in the corresponding sections of this document. In any case, the Owner is happy to provide information about the specific legal basis underlying processing, and in particular concerning whether the provision of personal data is a legal or contractual obligation, or a requirement for conclusion of a contract.

 

3.4 Transmission abroad

 

Depending on the User’s location, data processing may include transmission of the User’s data to a country other than that of the User. Users can consult the section containing detailed information about processing of personal data to find out more about where the transmitted data is processed.

In general we would like to point out that personal data is transmitted abroad only if the applicable legal requirements are met. Third parties abroad are or will be subject to the same data protection requirements as the Owner. If a country’s level of data protection does not correspond to that of Switzerland or Europe, the Owner ensures contractually that protection of personal data corresponds to that in Switzerland or the EU at all times.

For reasons of completeness, we further point out that the US authorities carry out monitoring that generally facilitates the storage of personal data from all people whose data is transmitted from Switzerland to the USA. This occurs without differentiation, limitation or exception, according to the objective pursued and without an objective criterion that would make it possible to restrict the US authorities’ access to the data and to limit its subsequent use to quite specific, strictly limited purposes that would justify the intervention associated with both access to this data and its use. It is also drawn to your attention that there are no legal remedies available in the USA that make it possible to obtain access to data and to cause its rectification or erasure, and no effective legal protection against US authorities’ general rights of access.

It is important that we draw your attention to this legal and factual situation, so that every User can take an appropriately informed decision regarding consent to the use of his or her data.

It is also drawn to the attention of Users domiciled in an EU Member State that from the European Union’s point of view the USA does not have an adequate level of data protection due, inter alia, to the concerns addressed in this section.

 

3.5 Storage period

 

Personal data is processed and stored only for as long as required by the purpose for which it was collected.

It therefore applies that:

  • Personal data collected for the purpose of fulfilling a contract concluded by the Owner and the User is stored until complete performance of this contract.
  • Personal data collected to preserve the Owner’s legitimate interest is stored for as long as is necessary to fulfil this purpose. Users can obtain further information about the Owner’s legitimate interest from the appropriate sections of this document or by contacting the Owner.

The Owner is furthermore permitted to store personal data for an extended period if the User has consented to such processing, as long as the consent is not withdrawn. The Owner may moreover be obliged to retain personal data for an extended period, if this is necessary to fulfil a statutory obligation (accounting regulations, or tax law, for example), or by order of an authority.

Personal data will be erased after the retention period has expired.

 

3.6 Processing procedures in detail

 

The section below provides the opportunity to download detailed information about the services used by the Owner. Please note that the respective providers’ data privacy policies may also be relevant. The data privacy policies can be downloaded direct and it is important to also study these carefully. If there is the possibility to opt out of data processing, there is a corresponding direct link where this is possible.

 

3.6.1 Analysis services

The following services allow the Owner to monitor and analyse data traffic and track users’ behaviour.

 

  • Facebook Ads conversion tracking (Facebook, Inc.)

Conversion tracking from Facebook Ads is an analysis service provided by Facebook, Inc. that links data from the Facebook advertising network to the campaigns conducted by this Website.

Personal data collected: cookies and usage data

Processing location: USA – Data privacy policy

Data protection level: Privacy Shield

Legal basis: Art. 6 (1f) GDPR.

 

  • Google Analytics (Google Inc.)

Goggle Analytics is a web analysis service provided by Google Inc. (“Google”). Google uses the data collected to track and investigate how this Website is used, to write reports about Website activity and to use this jointly with other Google services.

Google can use the data to contextualize and personalise the advertisements from its own advertising network. The party responsible for data processing is Google Ireland Limited.

Personal data collected: cookies and usage data

Processing location: Ireland– Data privacy policy- opt out

Data protection level: Europe / in case of transfer to the USA: Privacy Shield

Legal basis: Art. 6 (1f) GDPR.

 

  • Google Analytics with extension for display advertising (Google Inc.)

The display advertising extension for Google Analytics means this Website can access third-party visitor data and information from the DoubleClick cookie and use data obtained from Google via interest-based advertising. Inclusion of this data extends the analysis service by demographic features and interest, as well as by interaction with ad impressions.

Personal data collected: cookies and usage data

Processing location: Ireland– Data privacy policy- opt out

Data protection level: Europe / in case of transfer to the USA: Privacy Shield

Legal basis: Art. 6 (1f) GDPR.

 

  • Hotjar heat maps & recordings (Hotjar Ltd.)

Hotjar is a session recording and heat map service provided by Hotjar Ltd.

Hotjar takes account of generic “do not track” headers. This means that the browser can prohibit the Hotjar script from collecting the User’s data. This setting is available in all major browsers. Hotjar’s opt-out information can be found here.

Personal data collected: cookies, usage data and various types of data as described in this service’s data privacy policy.

Processing location: Malta – Data privacy policy- opt out

Legal basis: Art. 6 (1f) GDPR.

 

3.6.2 Chat platforms

The following live chat platforms let the User interact direct with third-party live chat platforms via this Website, in order to contact, or be contacted by, the support team responsible for this Website.

If a corresponding service has been installed, it can potentially also collect navigation and usage data on the sites on which it has been installed, if users do not actively use the service. Live chat conversations may also be recorded.

 

  • Zendesk live chat system

The Zendesk widget is a service for interacting with Zendesk International Ltd’s Zendesk chat live chat platform.

Personal data collected: cookies and usage data, device used, IP address.

Processing location: Singapore – Data privacy policy

Data protection level: Privacy Shield

Legal basis: Art. 6 (1f) GDPR.

Remarketing and behavioural targeting

With remarketing and behavioural targeting services, this Website and its partners can analyse how the User used this Website in previous sessions, in order to disseminate, optimise and use targeted advertising.

This activity takes place by tracking usage data and use of cookies - information that is sent to the partners responsible for remarketing and behavioural targeting campaigns.

In addition to the opt-out options offered by the services listed below, the User can also preclude the use of cookies by third-party services, by visiting the Network Advertising Initiative’s opt-out page.

 

  • Facebook remarketing (Facebook, Inc.)

Facebook remarketing is a remarketing and behavioural targeting service provided by Facebook, Inc. that links activity taking place via this Website with the Facebook advertising network.

Personal data collected: cookies and usage data

Processing location: USA – Data privacy policy- opt out

Data protection level: Privacy Shield

Legal basis: Art. 6 (1f) GDPR.

 

  • Remarketing by Google Analytics for display advertising (Google Inc.)

Google Analytics for providers of display advertising is a remarketing and behavioural targeting service provided by Google, Inc. that links the tracking activities of Google Analytics and its cookies to the AdWords advertising network and the DoubleClick cookie.

Personal data collected: cookies and usage data

Processing location: Ireland– Data privacy policy- opt out

Data protection level: Europe / in case of transfer to the Usa: Privacy Shield

Legal basis: Art. 6 (1f) GDPR.

 

  • Ve Global UK Limited

Our product uses services from Ve Global UK Limited (“Ve”). Ve is a technology company whose head office is in the United Kingdom, that offers advertising and marketing solutions for customers with online activities. Ve and we are jointly responsible according to Art. 26 GDPR for collection of personal data. Amongst others, Ve collects and processes personal data (such as contact details, behavioural data, profile data) about end users who visit our Website. Ve uses this information to optimise the online experience for our Website’s Users and to find out more about our Users, in order to also advertise and/or promote our products/services to our Users. Ve can rely on a legitimate interest according to Art 6 (1f) GDPR when handling personal data. Please use the opt-out option if you wish to object to Ve’s processing of data.

Please read Ve’s data privacy policy and cookie policy to obtain thorough information about data processing by Ve.

Opt-out - Data privacy policy Cookie policy

 

3.6.3 Tag management

What are known as tag management services are used for central management of tags or scripts required by this Website. This means that the User’s data passes through these services and may be stored.

 

  • Google Tag Manager (Google LLC)

Google Tag Manager is a service provided by Google LLC to manage tags.

Personal data collected: cookies and usage data

Processing location: Ireland– Data privacy policy

Data protection level: Europe / in case of transfer to the USA: Privacy Shield

Legal basis: Art. 6 (1f) GDPR.

 

4. Other processing procedures

The section below provides the opportunity to download detailed information about other data processing procedures and the respective legal basis. These processing procedures can also occur on the www.zermatt.ch Website or in another way.

 

4.1 What type of personal information does Zermatt Tourism collect?

 

  • Personal information that you provide to us

Zermatt Tourism collects and processes the information that you provide to us. If you contact our team, we also collect information about you via these processes. After your stay, you may be asked to complete a survey, or to give a visitor rating, in order to help future visitors. You also make other information available to us. If, for example, you use your mobile device to browse, Zermatt Tourism can access your current location or your contact details. This helps us to offer you the best possible service (e.g. city guides, restaurants, local attractions, or other recommendations).

 

  • Personal information that we obtain from you about other people

Perhaps you might have booked not only for yourself, but might be travelling with others, whose details you provide when booking, or you might be booking on behalf of someone else. We process all this data exactly as provided by you. We must point out, however, that it is your responsibility to make the people whose personal details you are providing aware of this process and to ensure that they agree to how Zermatt Tourism will use their information.

 

  • Matterhorn App

The interactive Matterhorn App lets you decide whether you want to set up a profile with your personal details. The following data supplied by you may be processed when using this App: Customer address details, contact information, payment method, transaction data and transaction history when purchasing tickets and items, or making reservations, as well as location data and other technical data about your use of the App. We would therefore be grateful if you would consult the Matterhorn App Data Protection Statement in this regard, which you can access any time via the Matterhorn App. This describes in detail all data processing that takes place, the purposes and legal basis for this data processing.

 

  • Personal information that we obtain from other sources

We don’t just obtain the data you provide, we may possibly obtain information about you from other sources. These include business partners and other, independent third parties. This information may be added to that which you provide. We also include third-party service providers that handle payment processing between customer and service partner. These service providers share payment information with us, so that we can process and manage your booking. We also obtain information about you so that we can design advertising relevant to you. For example, social media partners provide Zermatt Tourism with additional cookie data. Service partners may also share information about you with Zermatt Tourism. This occurs, for example, if you have questions about a booking.

 

4.2 Why does Zermatt Tourism collect and use your personal data?

We use the information collected about you for various purposes. Your personal details can be used in the following ways:

 

  • Bookings

We use your personal data to manage and complete your online booking and to process your booking in a manner that complies with the law.

 

  • Customer service

If you share your details with our employees, this gives us the opportunity to respond to you when necessary. This includes answering any questions you may have regarding your booking and Zermatt – Matterhorn as a destination, or other questions.

 

  • Marketing

We also use your information for marketing purposes. These activities include:

  • Using your contact information to send out travel-related products and services if you book through us. It is quick and easy to unsubscribe from these marketing messages at any time - simply click on the “Unsubscribe” link in each newsletter.
  • Based on the information you share with us, you will see offers on our Website or on third-party websites/apps that are tailored to you and the content on the pages you see may be customized too. These may be offers that can be booked direct on the Zermatt Tourism Website, or third-party provider offers and products that we assume might be of interest to you.
  • If you take part in other advertising activities (e.g. prize draws or competitions) we will use the information we need for these to run them.

 

  • Other communications

We may contact you by e-mail, post, telephone or SMS depending on the contact information you have shared with us. We process the communication that you share with us.

 

  • Market research

Occasionally we ask our visitors to take part in surveys. If you are asked to take part in a survey, please read the information provided to find out how your personal details will be collected and used.

 

  • Guaranteeing a secure and reliable service

We use personal details, as necessary, to uncover and prevent fraud and other illegal or undesirable activities, in order to create a trustworthy environment for you, other travellers, Zermatt Tourism’s business partners and our service partners.

 

  • Improvement of our services

We also use personal details for analytical purposes. These not only serve to improve our services and to optimise the user experience, but can also be used for testing, to rectify problems and to improve our Website’s functionality. Our primary aim is to optimise our online platform and tailor it to your needs and in this way to make our Website more user friendly and appealing. We aim to use only pseudonymized data for these analytical purposes.

If you telephone Customer Services, your telephone call may be recorded for training or quality management purposes. 

 

  • Legal purposes

In certain cases we may use your data to process and resolve legal conflicts. We can also use it to enforce Zermatt Tourism’s online booking service’s terms of use to a reasonable extent, or to comply with enquiries from criminal prosecution authorities.

 

4.3 How does Zermatt Tourism share your data with third parties?

In certain circumstances we share your personal data with third parties.

 

  • The service provider you have booked

This is essential for our work. We transmit the relevant booking details to the service provider you have booked in order to complete your booking. If you have a question about your trip, we contact the travel provider as necessary and ask them to respond. If you do not make a payment via our Website during the booking process, we will forward your credit card details to the booked travel provider for further processing (provided that you have given us these details during the booking process). 

 

  • Third-party service provider

We use service providers to process your personal data on our behalf. This may be for various purposes, such as sending advertising content, or verifying an e-mail address that you provided during the booking process. All third-party service providers are subject to confidentiality and data processing agreements; they are not authorised to process your personal data for purposes other than those specified by Zermatt Tourism.

 

  • Payment service providers and (other) financial institutions

If you or the holder of the credit card used to make the booking (or the payment method in question) submit a request to cancel your booking, we have to share certain booking details with the payment service provider and the respective financial institution in order to process the cancellation. These details may include a copy of your booking confirmation, or the IP address that was used to book your travel. We can share information with the respective financial institutions if, in our opinion, this is vital to revealing or preventing fraudulent activities.

 

  • Competent authorities

We disclose personal data for law enforcement if required by law, or if it is urgently required to prevent, reveal or prosecute criminal actions or fraud, or we are obliged by law to do so for other reasons. Furthermore, we may share personal data with the competent authorities, as the occasion arises, to protect our rights and those of our service or business partners.

 

  • Business partners

We cooperate with business partners from all over the world. These business partners market or promote Zermatt – Matterhorn as a destination.

 

  • Sales force

We would like to draw it to your attention that we use software solutions from "Salesforce" (see www.salesforce.com).) within the scope of data processing. Salesforce provides online tools which its customers use to operate certain areas of their businesses. These include customer relationship management tools, customer service, participation in social networks, development of communities, data analysis, employee management and management of platforms for creation of online applications. By providing these tools, Salesforce processes data transmitted to its services and/or processes this data on its customers’ instructions and in their names. We use Salesforce’s services, for example, to combine data collected by Zermatt Tourism with other data collected by Zermatt Bergbahnen AG, Bonfire AG and/or by mobile apps, and to store them in a standardised database (Cloud). Detailed information about Salesforce’s data privacy can be found under the following link: https://www.salesforce.com/company/privacy/

 

  • Matterhorn App

The interactive Matterhorn App lets you decide whether you want to set up a profile with your personal details. The following data supplied by you may be processed when using this App: Customer address details, contact information, payment method, transaction data and transaction history when purchasing tickets and items, or making reservations, as well as location data and other technical data about your use of the App. We would therefore be grateful if you would consult the Matterhorn App Data Protection Statement in this regard. This describes in detail all data processing that takes place, the purposes and legal basis for this data processing. The Matterhorn App Data Protection Statement can be found here: https://www.zermatt.ch/en/Media/Privacy-Policy-Matterhorn-App

 

4.4 How can you check which personal data you have provided to Zermatt Tourism?

You have the right to examine your personal data that we have stored at any time. Please send an e-mail to the above address to receive a summary of your personal data. 

You can also contact us if you believe that the personal data we have stored about you is erroneous, or if you believe that we are no longer entitled to use your personal data, or if you have additional questions about how your personal information is processed, or about these data protection provisions. Please send us an e-mail or a message to the addresses given above.

 

4.5 Which data is processed when sending newsletters?

Every User can subscribe to a newsletter. This requires registration. The following data has to be provided as part of the registration process:

 

  • Title (mandatory)
  • First name and surname (mandatory)
  • E-mail address (mandatory)

 

This information is required for data processing. Other data may also be provided voluntarily. This data is processed exclusively to customize information and offers sent to a User and to tailor them better to the User’s interests.

Salesforce’s Marketing Cloud is used to dispatch the newsletters. Salesforce’s data privacy policy can be downloaded here https://www.salesforce.com/de/company/privacy/. It is important that you also read these data protection provisions carefully. A newsletter can also contain what is known as a “web beacon” (tracking pixel), or similar technical resources. A web beacon is a 1x1 pixel, an invisible graphic linked to the respective newsletter subscriber’s user ID.

Recourse to corresponding services makes it possible to analyse whether newsletter e-mails have been opened. It is also possible to record and analyse the newsletter recipient’s click behaviour.  This data is analysed for statistical purposes and to optimise the newsletter with regard to content and structure. This makes it possible to tailor the information and offers in the newsletter better to the respective recipient’s personal interests. The tracking pixel is deleted when the newsletter is deleted. An e-mail programme must be set so that messages do not display HTML in order to prevent tracking pixels in newsletters.

By registering, Users consent to the data provided being processed for regular dispatch of the newsletter to the stated address and for statistical analysis of usage behaviour in order to optimise the newsletter. This consent represents the legal basis for processing of the stated personal data within the terms of Art. 6 (1a) GDPR. The analysis purposes also represent a legitimate interest within the terms of Art. 6 (1f) GDPR.

There is a link by means of which the recipient can unsubscribe from the newsletter at any time at the end of the newsletter. If a User unsubscribes from the newsletter, all the data in this regard is erased from our system.

 

4.6 Which data is processed if you use our contact form?

Every User has the option of using a contact form on our Website in order to contact the Owner. Provision of some data is mandatory, other data is provided voluntarily:

 

  • Title (mandatory)
  • First name and surname (mandatory)
  • Address (street, building number, place, postcode) (voluntary)
  • Telephone number (voluntary)
  • E-mail address (mandatory)

 

The data that is mandatory is identified as such. It may not be possible for us to provide services if this information is not provided. The provision of other information is voluntary and does not affect use of the Website. This data is used only to provide the best possible, customised response to a contact form enquiry.  This reflects the Owner’s legitimate interest (Art. 6 (1f) GDPR).

 

4.7 Which data is processed if you book with third-party providers?

There are various ways on the www.zermatt.ch Website to make bookings or reservations, to request information material or other services. As a rule the corresponding services are rendered by third parties. The data collected is forwarded to these third parties if necessary for this. This concerns the following data in particular:

 

  • Title and/or company name
  • First name and surname
  • Address (street, building number, postcode, place, country)
  • Other contact details (e-mail address, telephone number)
  • Credit card or other payment details

 

Mandatory information is always identified as such. This is information that is necessary in order to provide the booking services. The provision of other information is voluntary and does not affect use of the Website or the booking services. We would like to draw it to your attention that as a rule, a booking service provider collects and stores data entered by a User direct and/or we forward it to them. If a booking service provider then independently processes data collected, the respective provider’s data protection provisions apply and it is important that you consult these also. The legal basis for this processing of data lies in fulfilment of a contract within the terms of Art. 6 (1b) GDPR.

 

4.8 How is my data protected?

When you visit our Website, it uses the widespread SSL procedure (Secure Socket Layer) combined with the maximum level of encryption supported by the User’s browser. This is generally 256-bit encryption. If the browser does not support 256-bit encryption, 128-bit v3 technology is used instead. It is possible to identify whether an individual page on a website is encrypted from the closed padlock icon displayed in the browser’s bottom status bar.

Appropriate technical and organisational security measures are also implemented to protect the User’s data against random or intentional manipulation, partial or complete loss, destruction, or against unauthorised third-party access. The security measures are continually upgraded in accordance with technological developments.

 

5. Cookie policy

This Website uses cookies. The User can read a specific document to obtain more accurate information about cookies by clicking here: Cookie policy.

 

6. User’s rights

Users can exercise various rights in respect of their data processed by the Owner.

In particular, Users have the right to do the following:

  • Withdraw consent at any time (Art. 7 (3) GDPR). If the User has previously consented to processing of personal data, he or she can withdraw their consent at any time.
  • Object to processing of their data (Art. 21 GDPR). The User has the right to object to processing of his or her data if processing takes place on a legal basis other than consent.
  • Obtain information regarding the data processed (Art. 15 GDPR). The User has the right to learn whether the Owner processes the data, to obtain information about individual aspects of the processing and to receive a copy of the data.
  • Inspection and rectification (Art. 16 GDPR). The User has the right to verify the accuracy of his or her data and to demand that it be updated or rectified.
  • Restriction of processing (Art. 18 GDPR). The User has the right to restrict processing of his or her data under certain circumstances.
  • Request erasure or other removal of the personal data (Art. 17 GDPR). Users have the right to ask the Owner to erase their data under certain circumstances.
  • Obtain data and have it transferred to a different Controller (Art. 20 GDPR).  The User has the right to receive his or her data in a structured, commonly used and machine-readable format and, if technically possible, to have the data transmitted to another Controller without hindrance.
  • Lodge a complaint (Art. 77 GDPR). The User has the right to lodge a complaint with the competent supervisory authority.

Any enquiries regarding exercise of user rights can be directed to the Owner using the contact details provided.

 

7. Amendments to this Data Protection Statement

The Owner reserves the right to amend this Data Protection Statement at any time. Amendments to or updated versions of this Data Protection Statement will be published on www.zermatt.ch. Users are therefore advised to download this page regularly and check the date of the last amendment given at the bottom of the page. If necessary the Owner will obtain fresh consent if amendments concern use of data based on the User’s consent.

  

Status: 11.04.2019