Data protection

Your trust is very important to us, which is why we take data protection very seriously and ensure appropriate security. It goes without saying that we comply with the legal provisions of the Federal Data Protection Act (DPA), the Ordinance on the Federal Data Protection Act (FDPA), the Federal Telecommunications Act (TCA) and any other data protection provisions from Swiss or EU legislation that may be applicable, in particular the General Data Protection Regulation (GDPR).

Please read the following information carefully so that you know what personal data we collect from you and how we use it.

Beau-Rivage Neuchâtel SA runs the Beau-Rivage Hotel and is the operator of the www.beau-rivage-hotel.ch website. It is therefore responsible for collecting, processing and using your personal data and for ensuring that data processing complies with applicable data protection legislation.

A. Data processing in connection with our website

1. Visit our website

When you visit our site, our server temporarily records each access in a log file. As with any connection to a web server, the following technical data is recorded without any intervention on your part and stored by us to the extent required by law:

• the IP address of the computer accessing the site,
• the name of the IP space owner (usually your ISP),
• date and time of access,
• the Internet site from which you accessed our site (original URL) and any search keywords used,
• the name and URL of the file consulted,
• status code (e.g. error message),
• your computer's operating system,
• the browser you are using (type, version and language),
• the communication protocol used (e.g. HTTP/1.1) and
• possibly your username from a registration/authentication.

The purpose of collecting and processing this data is to enable the use of our website (establishment of a connection), to guarantee the long-term security and stability of the system and to enable the optimization of our online offering, as well as for internal statistical purposes. These processing operations are based on our legitimate interests pursuant to art. 6 para. 1 let. f RGPD.

In addition, the IP address is analyzed together with other data for the purposes of recognition and defense in the event of attacks on the network infrastructure or other unauthorized or abusive use of the website, and possibly used in criminal proceedings for the purposes of identification and civil and criminal action against the user in question. Such processing is based on our legitimate interest pursuant to art. 6 para. 1 let. f RGPD.

2. Use of our contact form

You can use our contact form to get in touch with us. To do this, we require the following information:

• first and last name
• email address
• message

We only use this data, together with your optional telephone number, to be able to respond to your contact request in the best and most personalized way. The processing of this data is therefore necessary for the performance of pre-contractual measures in accordance with Art. 6 para. 1 let. b RGPD or is based on our legitimate interest in accordance with Art. 6 para. 1 let. f RGPD, respectively.

3. Subscribe to our newsletter

You can subscribe to our newsletter on our website. To do so, you must register and provide the following information:

• first and last name
• e-mail address

The above data is essential for data processing.

By registering, you consent to the processing of the data you have provided in this context, with a view to the regular sending of the newsletter to the address you have provided, but also with a view to the statistical analysis of your user behavior and the optimization of the newsletter. This consent represents our legal basis for processing your email address pursuant to art. 6 al. 1 let. a RGPD. We are entitled to use third parties for the technical implementation of advertising campaigns and are entitled to pass on your data for this purpose (see section 13 below).

At the end of each newsletter, you'll find a link to unsubscribe at any time.

4. Reservations on the website, by mail order or by telephone

If you make reservations via our website, by correspondence (email or post) or by telephone, we require the following data for the execution of the contract:

• title
• first and last name
• postal address
• date of birth
• phone number
• language
• credit card information
• email address

We use this data, together with other optional information you provide (e.g. estimated time of arrival, motor vehicle license plate, preferences, remarks), solely for the performance of the contract, unless otherwise provided in this privacy policy or unless you have given separate consent. We will process this data in particular in order to enter your booking in accordance with your request, to provide the services booked, to contact you in the event of uncertainties or problems, and to ensure that payment is made correctly.

The performance of a contract in accordance with Art. 6 para. 1 let. b RGPD constitutes the legal basis for processing data for this purpose.

5. Cookies

In many ways, cookies make your visit to our site easier, more pleasant and more useful. Cookies are files containing information that your web browser automatically saves on your computer's hard disk when you visit our site.

For example, we use cookies to temporarily store your selected services and information entered when you fill in a form on our site, so that you don't have to re-enter it when you visit a sub-page. Cookies can also be used to identify you as a registered user when you register on our site. This saves you having to log in again when you visit another sub-page.

Most web browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer, or so that a message appears each time you receive a new cookie. The following pages explain how to configure cookie handling for the most commonly used browsers:

• Microsoft Windows Internet Explorer
• Microsoft Windows Internet Explorer Mobile
• Mozilla Firefox
• Google Chrome
• Google Chrome mobile version
• Apple Safari
• Apple Safari mobile version

Disabling cookies may prevent you from using the full functionality of our site.

6. Tracking tools

a. General

We use the Google Analytics audience analysis service to help us present our website in the best possible way and optimize it on an ongoing basis. In doing so, we create pseudonymized usage profiles and use small text files stored on your computer ("cookies"). The information generated by the cookie about your use of this site is transmitted to the servers of the providers of these ser-vices, then stored and processed for us. In addition to the data specified in section 1 below, we may receive the following information:

• navigation path taken by a visitor on the site,
• duration of visit to the site or page,
• the page from which the visitor leaves the site,
• the country, region or city from which access is made,
• device (type, version, color depth, resolution, width and height of navigation window) and
• repeat or new visitor.

The information is used to analyze the use of the website, to compile reports on website activities and to provide other services in connection with the use of the website and the Internet for the purposes of market research and the appropriate presentation of this website. This information may also be passed on to third parties insofar as this is required by law or insofar as third parties are commissioned to process this data.

b. Google Analytics

The provider of Google Analytics is Google Inc, an Alphabet Inc. holding company based in the USA. Before the data is transmitted to the provider, the IP address is abbreviated by activating IP anonymization ("anonymizeIP") on this website within the member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Google does not combine the anonymized IP address transmitted by your browser within the framework of Google Analytics with other data. In exceptional cases, the full IP address is transmitted to a Google server in the USA and then abbreviated. In this case, we provide contractual guarantees that Google Inc. complies with an adequate level of data protection. Google Inc. does not associate the IP address with any other user data.

Further information on the web analytics service used can be found on the Google Analytics website. To find out how to prevent your data being processed by the web analytics service, please visit the following address https://tools.google.com/dlpage/gaoptout?hl=fr.

B. Processing of data relating to your stay

7. Data processing to meet legal obligations to provide information

When you arrive at our hotel, we need the following information about you and any accompanying persons:

• first and last name
• postal address and canton
• date of birth
• place of birth
• nationality
• official identity document and number
• day of arrival and departure
• room number

We collect this information in order to meet our legal obligations to provide information, in particular under police and hotel legislation. Insofar as we are obliged to do so under the applicable provisions, we pass on this information to the competent police authority.

We have a legitimate interest under Art. 6 para. 1 let. f RGPD in fulfilling the legal requirements.

8. Entering services provided

Insofar as you receive additional services as part of your stay (e.g. use of the mini bar or our pay TV offer), we record the purpose of the service and the date on which you received it for billing purposes. The processing of this data is necessary for the performance of your contract with us pursuant to art. 6 al. 1 let. b RGPD.

C. Data storage and exchange with third parties

9. Booking platforms

If you make reservations via a third-party platform, the operator of the platform in question will send us various items of personal information. In principle, this includes the data listed in section 5 of this privacy policy. We may also receive inquiries about your booking. We use this data in particular to process your booking in accordance with your request and to provide the services you have booked. The legal basis for processing data for this purpose is the performance of a contract in accordance with Art. 6 para. 1 let. b RGPD.

Finally, platform operators may inform us of any disputes arising in connection with a booking. In this case, they also send us data concerning the booking process, for which a copy of the booking confirmation may serve as proof of the actual completion of the booking. We process this data to protect and enforce our rights. We base this processing on our legitimate interest pursuant to Art. 6 para. 1 let. f RGPD.

Please also read the privacy policies of the respective suppliers.

10. Centralized data storage and linking

We store the data specified in sections 2-5 and 8-10 in a central electronic data processing system. Your data is systematically recorded and combined for the purpose of processing your bookings and fulfilling your contractual obligations. We use software from Oracle Switzerland, Rainstrasse 1, 8143 Stallikon, Switzerland. The processing of this data by the software is based on our legitimate interest under Art. 6 para. 1 let. f RGPD in customer-friendly and efficient management of customer data.

11. Shelf life

We store personal data only for as long as is necessary for the use of the above-mentioned tracking services and for further processing based on our legitimate interest. We store contractual data for a longer period if this is required by legal retention obligations. The retention obligations that require us to store data arise from provisions relating to the right to notify the authorities, financial accounting and tax law. In accordance with these provisions, business communications, contracts concluded and accounting records must be kept for up to 10 years. Insofar as we no longer require this data for the performance of our services, it will be blocked. This means that the data can only be used for accounting and tax purposes.

12. Transfer of data to third parties

We will only pass on your personal data if you have given your express consent, if we are under a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce our rights arising from the contractual relationship. We also pass on your data to third parties insofar as this is necessary for the use of the website and the execution of the contract (including outside the website), in particular for processing your bookings.

Our web host Infomaniak in Geneva is a service provider to whom we transmit personal data collected via the website, or who has access or may have access to such data. The website is hosted on servers in Switzerland. The purpose of transmitting data is to provide and maintain the functionality of our website. This processing is based on our legitimate interest pursuant to art. 6 para. 1 let. f RGPD.

Finally, we transmit your credit card information to the issuer and acquirer of your credit card when you pay by credit card on our site. If you choose to pay by credit card, you must enter all the necessary information. The legal basis for the transfer of data is the performance of a contract in accordance with Art. 6 para. 1 let. b RGPD. Regarding the processing of your credit card information by these third parties, please also read the general terms and conditions as well as the privacy policy of your credit card issuer.

Please also note the information in ch. 7-8 and 10-11 concerning the transfer of data to third parties.

13. Transmission of personal data abroad

We may also transfer your personal data to third-party companies (contracted service providers) abroad for the data processing purposes specified in this privacy policy. These companies are subject to the same level of data protection as we are. If the level of data protection in a given country does not correspond to the Swiss or European level, we will contractually ensure that the protection of your personal data corresponds to that of Switzerland or the EU.

D. Other information

14. Right to information, rectification, deletion and restriction of processing; right to data portability

Upon request, you have the right to obtain information about the personal data we store about you. In addition, you have the right to have incorrect data corrected and your personal data deleted, provided there is no legal obligation to store the data or any legal basis for processing the data.

You also have the right to request the return of the data you have transmitted to us (right to data portability). On request, we will also forward your data to a third party of your choice. You have the right to obtain your data in a standard format.

You can contact us for the above purposes at the following email address dpo@beau-rivage-hotel.ch. At our discretion, we may ask you for proof of identity to process your requests.

15. Data security

We use appropriate technical and organizational security measures to protect your personal data stored by us against manipulation, partial or total loss and against unauthorized access by third parties. Our security measures are constantly being improved in line with technological advances.

You should always keep your access data confidential and close the browser window when you have finished communicating with us, especially if you are not the only person using the computer.

We also take data protection within our company very seriously. Our employees and the service providers we commission are bound by confidentiality and data protection legislation.

16. Note on data transmissions to the United States

For the sake of completeness, we would like to inform users domiciled or headquartered in Switzerland that the USA is subject to surveillance measures by the US authorities. These measures generally allow the recording of all personal data of persons whose data has been transferred from Switzerland to the USA. This is done without any differentiation, limitation or exception based on purpose, and without any objective criterion for limiting the US authorities' access to and subsequent use of the data to very specific and strictly limited purposes that justify the harm involved in accessing and using the data. Furthermore, we would like to inform you that in the USA, there is no legal remedy available to data subjects from Switzerland for accessing, correcting or deleting their personal data, nor is there any effective legal protection against general access rights by the US authorities. We explicitly draw the attention of the data subject to this legal and factual situation, so that he or she can make an informed decision about consenting to the use of his or her data.

We inform users domiciled in an EU member state that, according to the EU, the USA - in particular because of the issues raised in this section - does not have a sufficient level of data protection. Insofar as we have explained in this privacy policy that certain data recipients (e.g. Google) are based in the USA, we will ensure either through contractual arrangements with these companies, or through their certification under the EU-US or Swiss-US Data Protection Shield, that your data receives a reasonable level of protection from our partners.

17. Right to lodge a complaint with a data protection supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority.

Version: 24.05.2018