Menu

Data protection

With this Privacy Policy, we inform you about the processing of personal data in connection with our activities and operations, including our website under the domain name hotelmasson.ch. In particular, we explain for what purposes, how, and where we process which personal data. We also inform you about the rights of individuals whose data we process.

For specific or additional activities and operations, we may publish further privacy policies or other data protection notices.

1. Contact Addresses

The party responsible under data protection law is:

Hôtel Masson
Rue Bonivard 5
1820 Veytaux Montreux
info@hotelmasson.ch

In individual cases, third parties may be responsible for processing personal data, or joint responsibility with third parties may exist. We are happy to provide affected individuals with information about the respective responsibility upon request.

2. Terms and Legal Bases

2.1 Terms

Data subject: A natural person whose personal data we process.

Personal data: All information relating to an identified or identifiable natural person.

Particularly sensitive personal data: Data relating to trade union, political, religious, or ideological views and activities; data concerning health, privacy, or racial or ethnic origin; genetic data; biometric data uniquely identifying a natural person; data concerning administrative or criminal sanctions or prosecutions; and data regarding social welfare measures.

Processing: Any handling of personal data, regardless of the means and procedures used, such as collecting, recording, storing, organizing, using, disclosing, transmitting, archiving, deleting, or destroying personal data.

2.2 Legal Bases

We process personal data in accordance with Swiss law, in particular the Federal Act on Data Protection (FADP) and the Ordinance to the Federal Act on Data Protection (DPO).

3. Type, Scope, and Purpose of Processing Personal Data

We process the personal data that is necessary to carry out our activities and operations on a continuous, user-friendly, secure, and reliable basis. The personal data processed may fall particularly into the categories of browser and device data, content data, communication data, metadata, usage data, master data (including inventory and contact data), location data, transaction data, contract data, and payment data. Personal data may also include particularly sensitive personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect while carrying out our activities and operations, insofar as such processing is permitted.

We process personal data when necessary, with the consent of the affected persons. In many cases, we may process personal data without consent — for example, to fulfill legal obligations or to protect overriding interests. We may also request consent even when it is not legally required.

We process personal data for the period necessary to achieve the respective purpose. We anonymize or delete personal data particularly in accordance with legal retention and limitation periods.

4. Disclosure of Personal Data

We may disclose personal data to third parties, have it processed by third parties, or process it jointly with third parties. Such third parties may include specialized service providers whose services we use.

In particular, we may disclose personal data in connection with our activities and operations to banks and other financial service providers, authorities, educational and research institutions, consultants and lawyers, associations, IT service providers, cooperation partners, credit and business information agencies, logistics and shipping companies, marketing and advertising agencies, media organizations, parent, sister, and subsidiary companies, organizations and associations, social institutions, telecommunications companies, insurance providers, and payment service providers.

5. Communication

We process personal data to communicate with individuals as well as with authorities, organizations, and companies. We process, in particular, data that an affected person provides to us when contacting us — for example, by post or email. Such data may be stored in an address book or similar tools.

Third parties who transmit data about other individuals to us are obliged to ensure data protection for those affected individuals independently. In particular, they must ensure that such data is accurate and may be transmitted lawfully.

6. Data Security

We take appropriate technical and organizational measures to ensure data security appropriate to the respective risk. Our measures ensure, in particular, the confidentiality, availability, traceability, and integrity of the personal data processed — while acknowledging that absolute data security cannot be guaranteed.

Access to our website and other digital presence is protected by transport encryption (SSL / TLS, especially through HTTPS – Hypertext Transfer Protocol Secure). Most browsers warn users when visiting websites without transport encryption.

Our digital communication — like all digital communication — is subject to mass surveillance by security authorities in Switzerland, Europe, the United States, and other countries, even without cause or suspicion. We cannot directly influence how intelligence, police, or other authorities process such personal data, nor can we exclude the possibility of targeted surveillance.

7. Personal Data Abroad

We generally process personal data in Switzerland. However, we may also disclose or export personal data to other countries, particularly for processing or having it processed there.

We may disclose personal data to countries worldwide and elsewhere in the universe, provided that the local law ensures adequate data protection according to a decision by the Swiss Federal Council.

We may also disclose personal data to countries whose laws do not guarantee adequate data protection, provided that appropriate safeguards are in place, such as standard data protection clauses or other appropriate guarantees. In exceptional cases, we may export personal data to countries without adequate protection if specific legal conditions are met, for example with the explicit consent of the affected persons or in direct connection with the conclusion or performance of a contract. We are happy to provide information about applicable safeguards or copies of such guarantees upon request.

8. Rights of Data Subjects

8.1 Data Protection Rights

We grant affected individuals all rights in accordance with applicable law. In particular, data subjects have the following rights:

  • Access: Individuals may request information on whether we process personal data about them and, if so, which data. They also receive all information necessary to assert their data protection rights and ensure transparency — including the processed data itself, the purpose of processing, retention periods, any disclosure or export to other countries, and the origin of the data.
  • Correction and Restriction: Individuals may request the correction of inaccurate personal data, completion of incomplete data, and restriction of data processing.
  • Right to Express a View and Request Human Review: In cases of decisions based solely on automated processing that have legal effects or significantly affect them (“automated individual decisions”), individuals may express their point of view and request a human review.
  • Deletion and Objection: Individuals may request deletion of personal data (“right to be forgotten”) and object to future data processing.
  • Data Portability: Individuals may request the release of their personal data or its transfer to another controller.

We may postpone, restrict, or deny the exercise of data subject rights within the limits of the law. We may inform individuals about conditions they must meet to exercise their rights — for example, if secrecy obligations, overriding interests, or the protection of others prevent full disclosure or deletion. We may also deny deletion requests if legal retention obligations apply.

In exceptional cases, we may charge fees for exercising data subject rights. Individuals will be informed of any costs in advance.

We are required to verify the identity of individuals exercising their rights through appropriate measures. Affected individuals must cooperate in this process.

8.2 Legal Remedies

Data subjects have the right to enforce their data protection claims through legal proceedings or to file a complaint with a data protection supervisory authority.

The supervisory authority for private controllers and federal bodies in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

9. Use of the Website

9.1 Cookies

We may use cookies — both our own (“first-party cookies”) and those of third parties (“third-party cookies”) whose services we use. Cookies are data stored in the browser and need not be limited to traditional text-based cookies.

Cookies may be stored temporarily as “session cookies” or for a defined period as “persistent cookies.” Session cookies are automatically deleted when the browser is closed. Persistent cookies have a set expiration period. Cookies enable us, for example, to recognize a browser upon a future visit and measure our website’s reach. Persistent cookies may also be used for online marketing.

Cookies can be deactivated, restricted, or deleted at any time via browser settings, which often also allow automated cookie management. Without cookies, our website may no longer function fully. Where required by law, we actively seek explicit consent to use cookies.

For cookies used in analytics or advertising, general opt-out options are available via AdChoices (Digital Advertising Alliance of Canada), the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance), or Your Online Choices (EDAA).

9.2 Logging

We may log, for each access to our website or other digital presence, at least the following data (as typically transmitted automatically to our infrastructure): date and time (including time zone), IP address, access status (HTTP status code), operating system (including interface and version), browser (including language and version), accessed pages (including data volume), and the last page visited (referrer).

We record such data — which may include personal data — in log files. These records are necessary to ensure our digital presence remains secure, reliable, and user-friendly, including through third parties if needed.

9.3 Tracking Pixels

We may integrate tracking pixels (also called web beacons) into our digital presence. Tracking pixels — including those from third parties whose services we use — are typically tiny, invisible images or JavaScript scripts automatically loaded when accessing our digital content. They can collect similar data as described in the logging section.

10. Social Media

We maintain presences on social media and other online platforms to communicate with interested persons and inform them about our activities and operations. In connection with such platforms, personal data may also be processed outside Switzerland.

The terms of service, usage conditions, privacy policies, and other provisions of each platform operator apply. These documents explain, in particular, the rights of individuals directly vis-à-vis the respective platform, such as the right to access information.

11. Third-Party Services

We use third-party services to operate our activities and website securely, efficiently, and reliably. These services may allow us to embed functions and content (e.g., videos, maps, or fonts). For technical reasons, such providers may temporarily collect users’ IP addresses.

For necessary security, statistical, and technical purposes, these third parties may process aggregated, anonymized, or pseudonymized data related to our operations — for example, performance or usage metrics.

We particularly use the following:

11.1 Digital Infrastructure

We use specialized third-party services to provide the necessary digital infrastructure for our operations, such as hosting and storage services.

We particularly use:

11.2 Audio and Video Conferences

We use specialized services for audio and video conferencing to communicate online — for example, for virtual meetings, online courses, or webinars. The respective providers’ privacy policies and terms of use also apply.

Depending on your situation, we recommend muting your microphone by default and using a blurred or virtual background during participation.

11.3 Maps

We use third-party services to embed maps on our website.

11.4 Digital Content

We use services from specialized third parties to embed digital content into our website. Digital content includes, in particular, images and video material, music, and podcasts.

We particularly use:

11.5 Fonts

We use third-party services to embed selected fonts as well as icons, logos, and symbols into our website.

We particularly use:

12. Website Extensions

We use extensions for our website in order to enable additional functions. We may use selected services from suitable providers or run such extensions on our own digital infrastructure.

We particularly use:

13. Success and Reach Measurement

We seek to measure the success and reach of our activities and operations. In this context, we may also measure the impact of third-party references or test how different parts or versions of our digital presence are used (the “A/B testing” method). Based on the results, we can in particular fix errors, strengthen popular content, or make improvements.

For success and reach measurement, the IP addresses of individual users are recorded in most cases. In such cases, IP addresses are generally truncated (“IP masking”) in order to follow the principle of data minimization through pseudonymization.

Cookies may be used for success and reach measurement, and user profiles may be created. Any user profiles that may be created can include, for example, the individual pages visited or content viewed on our digital presence, information on the size of the screen or browser window, and the — at least approximate — location. As a rule, any such user profiles are created exclusively in pseudonymized form and are not used to identify individual users. Certain third-party services where users are logged in may associate the use of our online offering with the user account or profile at the respective service.

We particularly use:

  • Google Tag Manager: integration and management of Google and third-party services, particularly for success and reach measurement; provider: Google; Google Tag Manager–specific information: Privacy Policy for Google Tag Manager; further privacy information can be found in the individual integrated and managed services.

14. Final Notes on this Privacy Policy

We created this privacy policy using the privacy policy generator from Datenschutzpartner.

We may update this privacy policy at any time. We will provide information about updates in an appropriate form, in particular by publishing the current privacy policy on our website.

Voucher
You will receive the voucher directly as a PDF file and can print it out immediately. Order Voucher
Social Media
Share your most memorable moments with us and inspire others.