Privacy statement

The Boas Group (Boas-Yakhin Holding SA and its subsidiaries) is a website operator and therefore responsible for collecting, processing and using your personal data. Consequently it is responsible for the compliance of data processing with the applicable data protection legislation.

Your trust is really important to us, this is why we take data protection very seriously and ensure adapted security. We of course respect the legal provisions of the federal law on data protection (LPD/FADP), the order relating to the federal law on data protection (OLPD/DPO), the federal law on telecommunications (LTC) and other potentially applicable provisions relating to data protection from Swiss or EU legislation, in particular the general data protection regulation (GDPR).

If you wish to familiarise yourself with the nature of the personal data (concerning you) that we collect and for what purposes we use it, please carefully read the information below.

Our data protection department can be reached at the following address: privacy@boas.ch

 

I. DATA PROCESSING IN RELATION TO OUR WEBSITES

1. Consulting our websites

When you visit our websites, our servers temporarily save each access in a log file. The following technical data is therefore saved, in principle like for any connection to a web server, with no intervention from you and stored by us until it is automatically deleted after 12 months at the latest:

  • The IP address of the computer that accesses the website,
  • The date and time of access,
  • The website from which you have accessed our website (original URL) and possibly the search keywords used,
  • The name and URL of the consulted file,
  • The status code (e.g. error message),
  • The name of the country,
  • The browser you use (type, version and language),
  • The communication protocol used (e.g. HTTP/1.1)

The aim of the collection and processing of this data is to allow the use of our websites (establishment of a connection), to guarantee the security and stability of the system in the long-term and to optimise our online offer, as well as for the purposes of internal statistics. This processing is based on our legitimate interest in virtue of Art. 6 para. 1 let. f GDPR.

The IP address is furthermore analysed with other data for the purposes of recognition and defence in the event of attacks on the network infrastructure or other non-authorised or abusive uses of the website and potentially used in the framework of legal proceedings for the purposes of identification and civil and criminal action against the user in question. This processing is based on our legitimate interest in virtue of Art. 6 para. 1 let. f GDPR.

2. Logging onto third party websites

Our websites contain links to third party websites that may interest you. By activating these links, you potentially leave our websites. The Boas Group has no control over third party websites and can, on no account, be held responsible for the content or the operation of these websites. The risk or danger that may result from logging onto third party websites or consulting them is exclusively the concern of the user.

3. Use of our contact form

You have the chance to use a form to contact us. For this, the following information is compulsory:

  • First name and surname
  • Postal address
  • Email address
  • Message

We only use this data, as well as your telephone number (optional field) to be able to reply to your contact request to the best of our ability and in a personalised way. The processing of this data is therefore necessary for the performance of pre-contractual measures in accordance with Art. 6 para. 1 let. b GDPR or is based on our legitimate interest in accordance with Art. 6 para. 1 let. f GDPR.

4. Signing up for our newsletter

You have the chance to sign up for our newsletter on our websites. For this, you must register and supply the following data:

  • Title
  • First name and surname
  • Email address
  • Language
  • Company

The above data is essential for processing data, but only the email address is compulsory (the other fields are optional). We process this data exclusively with the aim of personalising the information and offers we send you to best adapt them to your interests.

On signing up, you agree to the data you supplied in this framework being processed, in view of the regular sending of the newsletter to the address you have given, but also in view of the statistical analysis of your user habits and the optimisation of the newsletter. This agreement represents our legal basis for the processing of your email address in virtue of Art. 6 para. 1 let. a GDPR. We are justified in calling on third parties for the technical realisation of advertising campaigns and are justified in transmitting your data to this end (Chapter III Section 5 below).

At the end of each newsletter, you will find a link to unsubscribe at any time. In the framework of your subscription cancellation, you have the option of indicating to us the reason. Your personal data is deleted following your subscription cancellation.

5. Creation of a client account

To proceed with bookings on our websites, you can place an order as a visitor or open a client account. When registering for a client account, we inevitably collect the following data:

  • Title
  • First name and surname
  • Postal address
  • Date of birth
  • Telephone number
  • Email address
  • Password of the client account.

This data, as well as other optional information (e.g. company name), is collected with the aim of giving you direct, protected access by password to your base data saved in our system. You can consult your previous and current bookings there or even manage or modify your personal data.

Your agreement according to Art. 6 para. 1 let. a GDPR constitutes the legal basis of data processing to this end.

6. Booking on websites, by mail or by telephone

If you make bookings via our websites, by mail (email or letter) or by telephone, you will be asked for the following data for performing the contract:

  • Title
  • First name and surname
  • Postal address
  • Date of birth
  • Telephone number
  • Language
  • Information relating to your credit card
  • Email address
  • Date of stay
  • Number of people

We use this data as well as other optional information you supply (e.g. expected time of arrival, motor vehicle registration number, preferences, remarks) for performing the contract only, unless stated otherwise in this privacy policy or if you have distinctly agreed. We will process this data notably in order to enter your booking in accordance with your request, to supply the booked services, to contact you in case of uncertainties or problems, and to guarantee that the payment has been correctly made.

The performance of a contract according to Art. 6 para. 1 let. b GDPR constitutes the legal basis of data processing to this end.

7. Cookies

In many respects cookies make your visit to our websites easier, more pleasant and more useful. Cookies are files containing information that your web browser automatically saves on your computer’s hard drive when you visit our websites. During your first visit to our websites, you will be called on to express yourself by authorising cookies or not, via the cookie banner.

We use cookies for example to temporarily store your chosen services and information entered when you fill out a form on our websites so you no longer have to enter it a second time when you consult a subpage. Furthermore, cookies can also be used to identify yourself as a registered user following your registration on our websites. This will prevent you having to therefore log on again when you visit another subpage.

More rarely, we can be called on to use cookies for test purposes via Google’s Optimize service.

Most web browsers automatically accept cookies. You can however set up your browser so it stores no cookie on your computer or that a message appears every time you receive a new cookie. You will find explanations about the configuration of the processing of cookies for the most commonly used browsers on the following pages:

The deactivation of cookies may prevent you from using all functionalities of our websites.

II. DATA PROCESSING IN RELATION TO YOUR STAY

1. Data processing to meet legal disclosure requirements

Concerning the Hotel universe, on your arrival we need the following information concerning you as well as for the people accompanying you:

  • First name and surname
  • Postal address and canton
  • Date of birth
  • Place of birth
  • Nationality
  • Official identity document and number
  • Day of arrival and departure
  • Room number

We collect this information to meet the legal disclosure requirements resulting in particular from law-enforcement legislation and regarding the hotel industry. Insofar as we are obliged to do so according to applicable provisions, we transmit this information to the competent police authority.

We have a legitimate interest in virtue of Art. 6 para. 1 let. f GDPR to fulfil the legal provisions.

Concerning services in connection with spas, fitness centres and the world of aquariums-vivariums, we may to need the following information notably when establishing the subscription:

  • First name and surname
  • Postal address and canton
  • Date of birth
  • Place of birth
  • Nationality
  • Official identity document and number
  • Photo

We collect this information to meet the legal obligations resulting from the contract drawn up on creating the subscription. This information also allows us to modify or block the subscription in the event of loss or theft of the subscriber’s card as well as to formally identify the owner of the subscription in question.

We have a legitimate interest in virtue of Art. 6 para. 1 let. b GDPR to fulfil the legal provisions.

2. Inputting supplied services

Insofar as you receive additional services in the framework of your stay (e.g. use of the mini bar…), for invoicing purposes, we input the subject of the service as well as the date on which you received it. The processing of this data is necessary for the performance of your contract with us in virtue of Art. 6 para. 1 let. b GDPR.

III. DATA STORAGE AND EXCHANGE WITH THIRD PARTIES

1. Monitoring tools

Google Analytics

In view of the adapted presentation and the ongoing optimisation of our websites, we use the audience analysis service Google Analytics. We create pseudonymised user profiles and use small text files stored on your computer (“cookies”). The information generated by the cookie concerning your use of these websites is transmitted to the servers of the suppliers of these services, then stored and processed for us. The details of the data collected by the Google Analytics service can be consulted at https://support.google.com/analytics#topic.

The information is used to analyse the use of the websites, to collect reports on website activities and provide other services in connection with the use of the websites and the use of Internet for the purposes of market research and an adapted presentation of these websites. This information can also be transmitted to third parties insofar as this is prescribed by law or insofar as third parties are mandated to process this data.

The supplier of Google Analytics is Google Inc., a company of the holding Alphabet Inc., whose registered office is in the United States of America. Before the transmission of data to the supplier, the IP address is shortened via the activation of IP anonymization (“anonymizeIP”) on this website within member States of the European Union or in other States that have signed the European Economic Area Agreement. Google does not group the anonymized IP address with other data (transmitted by your browser) in the framework of Google Analytics. Exceptionally, the full IP address is transmitted to a Google server in the United States of America before being shortened there. In this case, we ensure via contractual guarantees that Google Inc. respects a sufficient level of data protection. According to Google Inc., the IP address will on no account be associated with other data concerning the user.

You will find additional information on the audience analysis service used on the Google Analytics website. To know how to prevent the processing of your data by the audience analysis service, please consult the following address:

http://tools.google.com/dlpage/gaoptout?hl=en

Assessment of the use of the newsletter

We use marketing services by third party email for sending our newsletter. For this reason, our newsletter may include a Web tag (invisible GIF) or similar technical means. A Web tag is an invisible image called mono pixel (1x1) that is linked to the user ID of the newsletter subscriber.

Turning to this type of service allows us to assess whether emails containing our newsletter have been opened. Furthermore, this also allows the clicks made by the newsletter recipient to be detected and assessed. We use this data for statistical purposes and to optimise the newsletter in terms of content and structure. This allows us to better direct the information and offers featuring in our newsletter depending on the centres of interest of the recipient concerned. The invisible GIF is deleted when you delete the newsletter.

For further information, you can consult the following address https://mailchimp.com/legal/cookies.

To prevent the presence of monitoring pixels in our newsletter, please configure your mailbox so that your messages are not displayed in HTML.

Social Media Plug-Ins

Social Media Plug-Ins described below are used on our websites. Plug-ins are deactivated by default on our websites and do not consequently transmit any data. You can activate plug-ins by clicking on the button of the social network concerned.

When these plug-ins are activated, you browser establishes a direct connection with the servers of the social network concerned, once you open one of the pages of our websites. The contents of the plug-in is directly transmitted by the social network to your browser and integrated by the latter into the web page. A simple click allows you to deactivate the plug-ins again.

Other information is available in the respective data protection policies of Facebook, Twitter and Instagram.

Facebook/Instagram Social Plug-Ins

Facebook Social Plug-Ins can be used on our websites to personalise the input page. To do this we use the “LIKE” or “SHARE” button. In this respect this involves an offer from the American company Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.

Thanks to this integration of plug-ins, Facebook receives the information according to which your browser accessed the corresponding page of our websites, even when you do not have a Facebook account or you are not logged into Facebook at that time. This information (including your IP address) is directly transmitted by your browser to a Facebook server in the USA to be saved there.

If you’re logged into Facebook, Facebook can directly link your visit to our websites to your Facebook account. When you interact with the plug-ins, for example by using the “LIKE” or “SHARE” button, the corresponding information is directly transmitted to a Facebook server to be saved there. The information is furthermore published on Facebook and visible to your Facebook friends.

Facebook can use this information for the purposes of advertising, market research and the creation of adapted Facebook pages. To this end, use, interest and relationship profiles are created from Facebook, for example to assess the use you make of our websites in relation to Facebook adverts, to inform other Facebook users of your activities on our websites and to supply other services linked to the use of Facebook.

If you do not want Facebook to attribute data collected via our websites to your Facebook account, you must log out of Facebook before visiting our websites.

For more information on the objective and scope of this data collection, its subsequent processing and the use of this data by Facebook, as well as on your related rights and setting options regarding privacy control, refer to the statement regarding Facebook data protection.

Twitter Social Plug-Ins

Our websites can integrate plug-ins of the SMS network Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.

Twitter plug-ins (Tweet button) are recognisable by the Twitter logo on our pages. Insofar as you have activated the Social Plug-Ins, a direct connection is established between your browser and the Twitter server. In this way Twitter receives the information according to which you have visited our websites with your IP address. If you click on the “Tweet button” of Twitter by being logged into your Twitter account, you can connect the contents of our pages to your Twitter profile. In this way, Twitter can link the visit on our pages to your user account. We draw your attention to the fact that our company, as supplier of the pages concerned, receives no information as to the contents of the data transmitted and its use by Twitter. You will find more information on this subject in the Twitter data protection statement.

If you do not want Twitter to link the visit to our pages to your account, please log out of your Twitter user account.

Re-Targeting

We potentially use Re-Targeting technologies for our websites. In this respect, your user habits are analysed to also be able to propose personalised adverts on the websites of our partners. Your user habits are entered in a pseudonymised way.

The main technologies of Re-Targeting use cookies.

Our websites can use Google AdWords Remarketing, services from the company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (“Google”) to insert adverts depending on the previously visited websites.

Google will exploit this information to analyse your user habits on the website and best choose the adverts to insert, to compile reports on the activity and the adverts of the website intended for the website owner, and to supply services in relation with the use that you make of the website and your browsing habits. If applicable, Google will also transmit this information to third parties, insofar as the law demands it, or if third parties process this data on behalf of Google. However, Google will on no account link your IP address to other Google data.

Furthermore we use Google Tag Manager to manage services associated with setting up advertising based on user habits. The Tag Manager tool itself is a domain exempt from cookies and collects no personal data. The tool rather carries out the activation of other tags that for their part collect data in certain circumstances. When you have deactivated a domain or cookies, the latter remains valid for all traceability markers implemented with Google Tag Manager. You can at any time prevent the Re-Targeting by refusing or deactivating the cookies concerned in the menu bar of your Web browser.

2. Booking platforms

If you make bookings via a third party platform, the platform operator in question sends us different information of a personal nature. In principle, this involves data indicated in chapter I section 6 of this privacy statement. Furthermore, requests concerning your booking are potentially transmitted to us. We notably process this data to enter your booking in accordance with your request and supply the booked services. The performance of a contract according to Art. 6 para. 1 let. b GDPR constitutes the legal basis of data processing to this end.

Finally, platform operators potentially inform us of disputes connected to a booking. They also transmit data to us concerning the booking process, for which a copy of the booking confirmation may be used as justification for its effective closing. We process this data for the protection and respect of our rights. For this processing, we use our legitimate interest in virtue of Art. 6 para. 1 let. f GDPR as a basis.

Please also familiarise yourself with the privacy statements of the respective suppliers.

3. Data storage and linkage

We save the data indicated in Chapter I sections 3-6, Chapter II sections 1-2 and Chapter III section 2 in an electronic data processing system. The data concerning you is therefore systematically entered and grouped together in view of processing your bookings and performing the contractual services. The processing of this data is based on our legitimate interest in virtue of Art. 6 para. 1 let. f GDPR.

4. Retention period

We only store personal data as long as it is necessary for the use of the aforementioned monitoring services as well as for subsequent processing based on our legitimate interest. We retain contractual data for a longer period once this is prescribed by legal retention obligations. The obligations to retain data that force us to retain data result from provisions relating to the right to inform authorities, to financial accounting and fiscal law. In accordance with these provisions, marketing communication, concluded contracts and accounting documents must be retained for up to 10 years. Insofar as we no longer have need of this data for performing services, it will be blocked. This means that this data can only be used for accounting and tax purposes.

5. Data transmission to third parties

We only transmit your personal data if you have expressly agreed to it, if we are subject to a legal obligation to do so or if this is necessary to assert our rights, notably to assert our rights from the contractual relationship. Furthermore, we transmit your data to third parties insofar as this is necessary for the use of websites and the performance of the contract (including outside of websites), notably for the processing of your bookings.

Our web host, Infomaniak, is a service provider that has access or can have access to personal data collected via websites. The websites are hosted on servers in Switzerland. The purpose of the data transmission is to supply and maintain the functionalities of our websites. The processing is based on our legitimate interest in virtue of Art. 6 para. 1 let. f GDPR.

Finally we transmit to your credit card issuer and acquirer information relating to this during payment by credit card on our websites. If you choose to pay by credit card, you must enter all necessary information. The performance of a contract according to Art. 6 para. 1 let. b GDPR constitutes the legal grounds of data transmission. Concerning the processing of information relating to your credit card by these third parties, please also read the general terms as well as the privacy policy of your credit card issuer.

Furthermore, please familiarise yourself with the indications in Chapter II section 1 and Chapter III sections 1-3 concerning data transmission to third parties.

6. Personal data transmission overseas

We are also entitled to transmit your personal data to third party companies (appointed service providers) overseas for the processing of data specified in this privacy statement. These companies are subject to the same level of data protection as us. If the level of data protection in a given country does not correspond to the Swiss or European level, we ensure contractually that the protection of your personal data corresponds to that of Switzerland or the EU.

IV. OTHER INFORMATION

1. Right to information, rectification, erasure and limitation of the processing; right to data portability

You are entitled to obtain, upon request, information relating to the personal data concerning you that we register. Furthermore, you are entitled to rectify false data and delete your personal data as long as no legal retention obligation or no legal grounds allowing us to process the data forbids it.

You also have the right to demand the return of data that you have transmitted to us (right to data portability). On request, we also transmit data to a third party of your choice. You are entitled to obtain the data in a standard format.

You can contact us for the abovementioned purposes at the following email address privacy@boas.ch. We may ask you for proof of identity for the processing of your requests.

2. Data security

We use suitable technical and organisational security measures to protect the personal data concerning you that we save against any handling, partial or total loss and against any non-authorised third party access. Our security measures are constantly being improved depending on technological progress.

You must always keep your access data confidential and close the window of your browser when you have finished your communication with us, in particular if you are not the only person to use the computer.

We also take data protection very seriously within our company. Our employees and service provider companies that we mandate are subject to secrecy and compliance with legal provisions regarding data protection.

3. Note on data transmission to the United States of Americ

In the interests of exhaustiveness, we inform users whose domicile or registered office is located in Switzerland that the United States of America are subject to surveillance measures by American authorities. These generally allow all personal data of persons whose data has been transmitted from Switzerland to the United States of America to be saved. This is carried out without differentiation, limitation or exception based on the pursued goal and without objective criterion limiting the access of American authorities to data and its subsequent use. Moreover, we inform you that in the United States of America, for concerned persons coming from Switzerland there is no possibility of appeal allowing you to have access to data concerning you or to obtain their rectification or erasure, or effective jurisdictional protection against the general access rights of American authorities. We explicitly draw the attention of the person concerned to this legal and factual situation so he/she can take an informed decision regarding consent relating to the use of this data.

We inform users domiciled in a member State of the EU that according to the EU, the United States of America – notably due to the subjects evoked in this section – do not have a sufficient level of data protection. Insofar as we have explained in this privacy statement that certain data recipients (e.g. Google) have their registered office in the United States of America, we make sure that either via contractual provisions with these companies or through their certification according to the EU- United States of America or Swiss-United States of America data privacy shield, that your data benefit from a reasonable level of protection among our partners.

Last update: 23.05.2018