Data protection guidelines of SEGHOR SA, MONA Montreux
Table of contents
1. Data controller and content of this data protection declaration
2. Contact person for data protection
3. Scope and purpose of the collection, processing, and use of personal data
3.1. Data processing when contacting us
3.2. Data processing for orders via our online shop
3.3. Data processing for room reservations
3.4. Data processing for table reservations
3.5. Data processing during payment processing
3.6. Data processing when recording and billing purchased services
3.7. Data processing as part of email marketing
3.8. Data processing as part of video recording
3.9. Data processing when using our WIFI
3.10. Data processing to fulfill the statutory reporting obligation
3.11. Data processing during your application
4. Centralized data storage and analysis in customer care (CRM)
5. Transmission of your data abroad
5.1. Disclosure of your data and to third parties and their access
5.2. Transfer of personal data abroad
5.3. Notes on data transfers to the USA
6. Data processing on our website
7. Data security
8. Your rights
1. Data controller and content of this data protection declaration
We, SEGHOR SA, operate the Hotel Mona Montreux and the website www.mona-montreux.ch. Unless otherwise stated, we are responsible for the data processing mentioned in this privacy policy.
This privacy policy will help you to know what personal data we collect from you and for what purposes it is used. When it comes to data protection, we rely primarily on the legal provisions of Swiss data protection law, in particular the Federal Data Protection Act (DSG), and the GDPR.
Please note that the information below may be revised and changed from time to time. We therefore recommend that you view this data protection declaration regularly. In addition, other companies are jointly or themselves responsible under data protection law for certain data processing operations listed below. In these cases, you will find further information about these companies separately.
2. Contact person for data protection
If you have any questions about data protection or would like to assert your rights, please contact our data protection officer at the email address: frontofficemanager@mona-montreux.ch.
3. Scope and purpose of the collection, processing, and use of personal data
3.1. Data processing when contacting us
When you contact us (e.g. by email, telephone or via the contact form), your personal data will be processed. The data processed is data that you have provided to us, such as your name, email address and/or telephone number and the details of your request. The time at which the request was received is also documented. Mandatory data is marked with an asterisk (*) or highlighted during the process. We need and process your data to be able to answer your request (e.g. to provide information about our hotel, to complete your reservation, or to be able to respond to your questions and comments).
The legal basis for data processing is our legitimate interest in accordance with Article 6 Paragraph 1 Letter. f GDPR to be able to answer your request or the need to process your data for the execution of a contract.
3.2. Data processing for orders via our online shop
On our website you can order products, services and vouchers. For this purpose, we collect the following data, whereby the mandatory data is marked with an asterisk (*) or is particularly highlighted in the ordering process:
We use this data to determine your identity, which is necessary for us to conclude a contract. Your email address is required to confirm your order and for communication until the contract is fulfilled. To ensure order processing, your data will be stored in our CRM database (see Article 0) with order data (e.g. name, price and characteristics of the ordered products), as well as payment data (e.g. B. the selected payment method, time of payment).
The legal basis for this data processing is the fulfillment of a contract with you in accordance with Article 6 (1) (b) GDPR.
Providing data that is not marked as mandatory fields is voluntary. We process your data in order to tailor our offer to your personal needs as best as possible, to enable the processing of contracts and, if necessary, to communicate with you. To get in touch via another communication channel with a view to processing the contract or to collect and evaluate statistics in order to optimize our offers.
The legal basis for this data processing is your consent within the meaning of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time by sending us a message.
To provide our online shop, we use the “E-Guma online shop” – a service from Idea Creation GmbH, Walchestrasse 15, 8006 Zurich. When you purchase a voucher, your data will be stored in an Idea Creation GmbH database, which means Idea Creation GmbH can also access it. Information on data processing by third parties and possible transfer abroad can be found in Article 5 of this data protection declaration.
The legal basis for this data processing is the fulfillment of a contract with you in accordance with Article 6 (1) (b) GDPR.
Idea Creation GmbH may use some of this data for its own purposes (e.g. to send marketing emails or for statistical analyses). Idea Creation GmbH is responsible for this data processing and must itself ensure compliance with data protection laws in this context. Further information on data processing by Idea Creation GmbH can be found at https://www.e-guma.ch/en/data-privacy/
3.3. Data processing for room reservations
3.3.1. Reservation through our website
You can make a room reservation via our website. For this purpose, we collect the following data, whereby the mandatory data is marked with an asterisk (*) or highlighted in the booking process:
We use this data to determine your identity before concluding the contract. We need your email address to confirm your order and for the communication necessary to fulfill the contract. In order to ensure proper order processing, your data will be stored in our CRM database (see Article 4) together with the secondary data of the reservation (e.g. room category, duration of stay as well as description, price and features of the services). Payment data (e.g. the selected payment method, time of payment) is recorded.
If necessary for the execution of the contract and depending on the specificity of your request, we might disclose necessary information if to third-party service providers (e.g. event organizers or transport companies).
The legal basis for this data processing is the fulfillment of a contract with you in accordance with Article 6 (1) (b) GDPR.
Providing data that is not marked as mandatory fields is voluntary. We process this data to tailor our offer to your personal needs, to enable the processing of contracts or to communicate with you if necessary. Statistics are also recorded and evaluated to optimize our offering.
The legal basis for this data processing is your consent within the meaning of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time by sending us a message.
To process reservations via our website, we use software from D-Edge, 64-66 Rue des Archives, 75003 Paris, France. Therefore, your data may be stored in a D-Edge database, which may enable D-Edge to access your data as necessary to provide the Software and to support the use of the Software. Information on data processing by third parties and their possible transfer abroad can be found in Article 5 of this data protection declaration.
The legal basis for this data processing is the fulfillment of a contract with you in accordance with Article 6 (1) (b) GDPR. D-Edge may use some of this data for its own purposes (e.g. to send marketing emails or for statistical analysis). D-Edge is responsible for these data processing operations and must ensure compliance with data protection laws in relation to this data processing. Further information on data processing by D-Edge can be found on https://www.d-edge.com/privacy-policy/
3.3.2. Reservations through other platforms
When you make reservations through a third-party platform (e.g. through Booking.com, Ho-tels.com, Expedia, HRS, Kayak, Tripadvisor, Trivago, etc.), we receive various personal data from this platform. In addition, inquiries about your reservation can be directed to us. We use this data to process your reservation and to be able to provide you with the reserved services.
The legal basis for data processing for this purpose is the implementation of pre-contractual measures and the execution of a contract in accordance with Article 6 (1) (b) GDPR.
In the event of a dispute or complaint related to your reservation, we may exchange personal data with the platform operators to a certain extent. This is necessary to protect our legitimate interests. This may include data related to your booking on the platform. We process this data to protect our legitimate rights and interests in the implementation and management of our contractual relationships with the operators of the platform through which you made the reservation or reservation request. Further information on data processing in connection with these platforms can be found in the data processing policy of the respective platform.
Your data is stored in the databases of the platform operators and enables them to access your data. You can also find details on this topic in the data processing guidelines of the respective platform. The legal basis for data processing for this purpose is our legitimate interest within the meaning of Article 6 (1) (f) GDPR.
3.4. Data processing for table reservations
You have the possibility of making a table reservation in our restaurant via our website, by telephone or by email. In order to make this reservation, the following data is necessary or voluntary. Mandatory data is usually marked as such or with an asterisk (*).
We collect and process the data to process the reservation and additional requests according and to be able to contact you if there are any uncertainties or problems. We store your data together with the secondary data of the reservation (e.g. Date and time of receipt, etc.), the data for the reservation (e.g. assigned table) as well as the data for processing and executing the reservation in our CRM database (see Article 4) in order to ensure that reservations and contracts are processed correctly.
To process table reservations, we use a software application from La Fourchette SAS (70 Rue Saint Lazare, 75009 Paris). Consequently, your data may be stored in a La Fourchette SAS database, which may enable La Fourchette SAS to access your data as necessary to provide and use the Software. Information on data processing by third parties and their possible transfer abroad can be found in Article 5 of this data protection declaration.
The legal basis for this data processing is the fulfillment of a contract with you in accordance with Article 6 (1) (b) GDPR.
La Fourchette SAS may use this data for its own purposes (e.g. to send marketing emails or for statistical analysis). La Fourchette SAS is responsible for these data processing operations in compliance with applicable laws. The data protection declaration of La Fourchette SAS can be found at: https://www.thefork.ch/legal#PolitiqueDeConfidentialite
3.5. Data processing during payment processing
3.5.1. Processing of payments at the hotel
To pay for services using electronic payment methods, the processing of personal data is required. By using payment terminals, you transmit the information contained in your payment method, such as the cardholder’s name and card number, to the payment service providers involved (e.g. payment providers, credit card issuers). They receive information about the payment method in our hotel, the amount paid and the time of transaction. We will receive a credit for the payment amount made at the time, or a note that the transaction was not possible or was canceled. Please take note of the information provided by the respective payment service provider, in particular the data protection declaration and the general terms and conditions of sale.
The legal basis for our data processing is the fulfillment of the contract in accordance with Article 6 (1) (b) GDPR.
3.5.2 Online-payments
If you make a paid reservation on our website, depending on the product or service and the desired payment method, additional information may be necessary in addition to the information mentioned in Section 3.5.1. This payment information is passed on to the respective payment service providers (e.g. payment solution providers, credit card issuers). Please always pay attention to the information provided by the respective company, in particular the data protection declaration and the general terms and conditions.
The legal basis for our data processing is the fulfillment of the contract in accordance with Article 6 (1) (b) GDPR.
3.6. Data processing when recording and billing purchased services
If you use services as part of your stay (e.g. book additional nights or visit the restaurant), we collect and process – in addition to your contract data – the reservation data (e.g. date and comments) as well as the data in connection with the booked and purchased service ( e.g. purpose of the service, price and date of use of the service) for the processing of the service, as described in points 3.5 and 3.6.
The legal basis for our data processing is the fulfillment of a contract in accordance with Article 6 (1) (b) GDPR.
3.7. Data processing as part of email marketing
If you register to receive our marketing emails (e.g. when opening, as part of your customer account or when completing your room reservation), the following data will be collected from you. Mandatory information is marked with an asterisk (*) or is expressly requested during registration:
To prevent misuse and to ensure that the owner of an email address has given their consent to receive marketing emails, we use the so-called double opt-in procedure when registering. After submitting your registration, you will receive an email with a confirmation link. To permanently opt-in to receive marketing emails, you must click on this link. If you do not confirm your email address via the confirmation link within the specified period, your data will be deleted, and we will not send you any further marketing emails to this address.
By registering, you agree to the processing of your data to receive marketing emails about our hotel and services. These marketing emails may also contain invitations to participate in competitions, provide feedback or rate our services. By providing your first name and last name, we can process the registration if necessary. to assign it to an existing customer account and thus personalize the content of the marketing emails. By linking to a customer account, we can make offers and marketing email content more relevant to you and better tailored to your potential needs.
We may use your data to send you marketing emails until you revoke your consent. You can unsubscribe at any time, by clicking on the unsubscribe link included in every marketing email.
Our marketing emails may contain a so-called web beacon (1×1 pixel or tracking pixel) or a similar technical tool. A web beacon is an invisible graphic associated with the customer ID. For each marketing email sent, we receive information about which email addresses the forwarding was successful, which email addresses have not yet received the marketing email and which email addresses have failed received the marketing email. Clicking on links is recorded and we know which recipients opened the marketing email and for how long. If you click on a link to unsubscribe, this will be recorded. We use this data for statistical purposes and to optimize marketing emails regarding the frequency and timing of sending as well as the structure and content of the marketing emails. This allows us to better tailor the information and offers contained in our marketing emails to the individual interests of the recipients.
The web beacon will be deleted if you delete the marketing email. You can prevent the use of web beacons in our marketing emails by configuring your email software settings so that HTML is not displayed in messages. You can find out how to configure this setting in the help of your email software, for example here for Microsoft Outlook.
By subscribing to marketing emails, you also agree to the statistical analysis of user behavior for the purpose of optimizing and adapting the marketing emails.
For our marketing emails we use the CDM D-Edge software from Dailypoint by Toedt, Dr. Selk Á Coll. GmbH (Augustenstrasse 79, 81379 Munich). Your data will therefore be stored in a database owned by D-Edge, which enables them to access your data if this is necessary for the provision of the software and the assistance provided in the context of its use. The legal basis for this processing is our legitimate interest within the meaning of Article 6 Paragraph 1 Letter f of the EU GDPR, for which we use the services of third-party providers.
D-Edge may use some of this data for its own purposes (e.g. to send marketing emails or for statistical analysis). For these data processing operations, D-Edge is the data controller and must ensure compliance with data protection laws in relation to this data processing. Information on data processing by D-Edge can be found at https://www.d-edge.com/privacy-policy/
3.8. Data processing as part of video recording
To protect our guests and employees and to prevent and prosecute unlawful behavior (particularly theft and damage of property), the entrance and public areas of our hotel are under video surveillance. The video recordings are automatically deleted after 6 days or 144 hours. Recordings will only be stored longer if this is necessary for taking evidence and/or criminal prosecution.
Stored video recordings resulting from illegal behavior (e.g. theft, damage to property) can be passed on to authorities and authorized external companies to assert rights.
The legal basis is our legitimate interest within the meaning of Article 6 Paragraph 1 Letter f of the GDPR, the protection of our guests, our employees and our property.
3.9. Data processing when using our WIFI
As a guest in our hotel, you have the possibility to connect to the Internet free of charge via our WiFi network. The connection takes place via a common password for all our guests. Through the connection you transmit the MAC address of the device used. Navigation on the Internet is the sole responsibility of the user. The WiFi network is equipped with a firewall to comply with applicable legal obligations.
If illegal activity over the Internet is suspected, the hotel or its network provider is legally responsible and obliged to disclose the data stored about users to the authorities. The WLAN network operator may also be obliged to pass on the customer’s contact, usage, and additional data. Details about user usage and additional data are stored for 6 months and then deleted.
The legal basis for this processing is our legitimate interest in providing a WiFi network that complies with the applicable legal regulations within the meaning of Article 6 Paragraph 1 Letter f of the EU GDPR.
3.10. Data processing to fulfill the statutory reporting obligation
To comply with legal requirements, the following information will be required from you and your accompanying persons upon your arrival at the hotel.
We collect this data to fulfill legal reporting obligations, including those arising from hotel and restaurant legislation or police legislation. Due to the applicable regulations, we are obliged to pass on this information to the responsible authorities.
The legal basis for processing this data is our legitimate interest within the meaning of Article 6 (1) (c) GDPR to comply with our legal obligations.
3.11. Data processing during your application
If you submit your application to us, the personal data you provide to us will be processed in this context.
The data you provide will be stored as part of the application process and kept for as long as necessary. Your data will then be deleted unless you have expressly agreed to a longer retention period.
The legal basis for processing your data for this purpose is the execution of a contract (pre-contractual phase) in accordance with Article 6 (1) (b) GDPR.
4. Centralized data storage and analysis in customer care (CRM)
If a clear assignment to you is possible, your data described in this data protection declaration will be stored centrally and linked. This enables us to manage your customer data effectively, deal with your requests appropriately and provide you with the services you request.
The legal basis for this data processing is our legitimate interest in the efficient management of user data within the meaning of Article 6 (1) (f) GDPR.
We also use this data to further develop our offerings in line with your needs and to provide you with the most relevant information and offers possible. We also use methods that predict potential interest and future orders based on your use of our website.
For central data storage and analysis in the CRM system, we use software from Dailypoint by Toedt, Dr. Selk Á Coll. GmbH (Augustenstrasse 79, 81379 Munich). Consequently, your data may be stored in a Dailypoint by Toedt database, which may enable Dailypoint by Toedt to access your data through their Software. Information on data processing by third parties and their possible transfer abroad can be found in Article 5 of this data protection declaration. Further information on data processing in connection with Dailypoint by Toedt can be found at https://www.dailypoint.com/privacypolicy/
The legal basis for this data processing is our legitimate interest in carrying out marketing activities within the meaning of Article 6 (1) (f) GDPR.
5. Transmission of your data abroad
5.1. Disclosure of your data and to third parties and their access
Without the support of other companies, we would not be able to provide our services optimally. For us to be able to use the services of these companies, it is also necessary to a certain extent that your personal data be transmitted to them. This transfer is made to selected third-party service providers and only to the extent necessary for the optimal provision of our services.
Various third-party providers are already explicitly mentioned in this data protection declaration.
The legal basis for these transfers is the necessity to fulfill the contract within the meaning of Article 6 Paragraph 1 Letter b GDPR.
Your data will also be transmitted to the extent that this is necessary to provide the services you have requested, for example to restaurants or providers of other services for which you have made a reservation through us. The legal basis for these transfers is the necessity to fulfill the contract within the meaning of Article 6 Paragraph 1 Letter b GDPR. Third-party service providers are themselves responsible for data processing within the meaning of data protection law. These third-party service providers are responsible for informing you about their own data processing operations – which go beyond the transmission of data for the provision of services – and for complying with data protection laws.
In addition, your data may be passed on to authorities, legal advisors or debt collection companies if we are legally obliged to do so or if this is necessary to protect our rights, in particular to enforce rights arising from our business relationship. Data transfer may also occur if another company intends to acquire our company or parts of it and such transfer is necessary to carry out due diligence or to complete the transaction. The legal basis for this data processing is our legitimate interest within the meaning of Article 6 Paragraph 1 Letter f of the GDPR, namely the protection of our rights and the fulfillment of our obligations or the sale of our company or parts of it.
5.1. Transfer of personal data abroad
We are also entitled to transfer your personal data to third parties abroad to the extent that this is necessary to carry out the data processing operations mentioned in this data protection declaration. The individual data transfers are listed in Article 3 above. The legal regulations regarding the transfer of personal data to third parties are of course observed. The countries to which the data is transferred are those that, according to the decision of the Federal Council and the European Commission, have an adequate level of data protection (e.g. the EEA member states or, from the EU perspective, Switzerland) , but also countries (such as the USA) whose level of data protection is not considered adequate (see Annex 1 of the General Data Protection Regulation (GDPR) and the website of the European Commission). If the country concerned does not have an adequate level of data protection, we will ensure that your data is protected with appropriate guarantees, unless the individual case requires otherwise for the processing of individual data (see Art. 49 GDPR). Unless otherwise stated, these are standard contractual clauses within the meaning of Article 46 (2) (c) GDPR, which can be viewed on the websites of the Federal Data Protection Commissioner (PFPDT) and the European Commission. If you have any questions about the measures taken, please contact our data protection contact (see Article 2).
These are our service providers:
5.3. Notes on data transfers to the USA
Some of the third parties mentioned in this privacy policy are based in the United States. For the sake of completeness, we would like to point out to users residing in or within the EU that there is currently no comprehensive data protection law in the USA. In principle, it is possible for all personal that has been transmitted to remain stored. This happens without differentiation or restrictions and without objective criteria. American authorities may be able to access your data and use it for certain purposes. We would also like to draw your attention to the fact that data subjects from Switzerland or the EU have no real protection from the access rights of the American authorities. Accessing or deleting your data may also be difficult or impossible. We expressly inform you about this legal and factual situation in order to enable you to make an informed decision about consent to the use of your data.
We would also like to point out to users residing in Switzerland or an EU member state, that from the perspective of the European Union and Switzerland, there is not an adequate level of data protection in the USA. To the extent that we have stated in this data protection declaration that the recipients of the data (e.g. Google) are based in the United States, we will have contractual agreements with these companies and, if necessary. appropriate additional safeguards to ensure that your data is adequately protected by our third-party service providers.
6. Data processing on our website
Our website is hosted by the company INFOMANIAK NETWORK SA, Rue Eugène-Marziano 25, 1227 Acacias, SWITZERLAND.
For all information on data processing on this subject, we invite you to consult the existing agreement, available on our website in the “Terms of Use” tab.
7. Data security
We take appropriate technical and organizational security measures to protect your personal data stored by us from loss and unlawful processing, in particular from unauthorized access by third parties. Our employees and the service providers we use are subject to confidentiality and respect for data protection. In addition, these people only have access to personal data to the extent that this is necessary to fulfill their tasks.
Our security measures are continually adapted to technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks and we cannot therefore guarantee the absolute security of the information transmitted in this way.
8. Your rights
As a person affected by data processing, you have the following rights:
Right to Information: You have the right to request information about your personal data at any time and free of charge. This gives you the opportunity to check which personal data we process about you and whether we process it in accordance with the applicable data protection regulations.
Right to rectification: You have the right to have incorrect or incomplete personal data corrected and to be informed of the correction. In this case, we will also inform the recipients of the data concerned about the corrections we have made, unless this is impossible or involves disproportionate effort.
Right to deletion: You have the right to request the deletion of your personal data. In certain cases, particularly in the case of a legal retention obligation, the right to deletion may be excluded. In this case, your data can be blocked instead of deleted.
Right to restriction of processing: You have the right to request that the processing of your personal data be restricted.
Right to data transfer: You have the right to receive from us, free of charge, the personal data you have provided to us in a readable format.
Right to object: You can object to data processing at any time, especially data processing in connection with direct marketing (e.g. marketing emails).
Right of withdrawal: You generally have the right to withdraw your consent at any time. However, processing operations that were based on your consent in the past will not become unlawful if you revoke it.
To assert your rights, please send us an email to the following address: frontofficemanager@mona-montreux.ch
Right to complain: You have the right to lodge a complaint with a competent supervisory authority, for example about the way your personal data is processed.
This text was translated from French. In case of doubt, the French version applies.
NEW NAME, OLD TRADITIONS
Hold on to your hats, because we’re setting sail for a new era! ⚓
Say bon voyage to Eurotel Montreux and give a warm welcome to Mona – where every day is smooth sailing! 🌊
