Privacy policy for the attention of TO/journalists
Valais/Wallis Promotion and all of its subsidiaries – such as Matterhorn Region SA – (subsequently referred to as ‘we’) are committed to protecting personal data and the privacy of BtoB contacts, in particular tour operator employees and journalists. In accordance with the General Data Protection Regulation (GDPR) and/or the Swiss Data Protection Act (DPA), we have set out below the conditions under which we process your personal data.This policy charter is updated on an ongoing basis and should be viewed regularly.It can also be requested from the data protection officer (DPO). See details below.
Details of person/entity responsible
Valais/Wallis Promotion Avenue de Tourbillon 11 CH-1950 Sion Switzerland Tel.: +41 27 327 36 00
Details of the DPO dataprotection@valais.ch
What is your personal data used for?
We process your personal data for lawful, legitimate and explicit reasons. All use of personal data is carried out on a lawful basis recognised by the GDPR and/or the Swiss DPA. We only process the personal data required to achieve the relevant objectives. We will only keep your personal data for the time required to achieve the objectives justifying its collection.
See annex 1 for more details (‘Objectives’, ‘Type of personal data and its origin’, ‘Personal data retention period’)
Who accesses your personal data?
For the purposes of each processing requirement, we allow the processing of your personal data: - by internal services ‘which need to know’ due to their function; - by sub-contracting service providers selected to carry out part or all of the processing indicated. In exceptional circumstances, some of the entities mentioned above that access the data may be located outside of the European Union/Switzerland. Where necessary, we ensure the transfer of personal data outside of the European Union/Switzerland is subject to the protection guarantees provided for by the GDPR and the Swiss DPA. See annex 1 for more detail (‘Sub-contractors’, ‘Internal recipients’)
How do we keep your personal data secure?
We implement all of the organisational and technical measures required to ensure an appropriate level of security for your personal data and, in particular, to prevent any loss of privacy, integrity or accessibility.
What are your rights to your personal data?
You can exercise the following rights to your personal data: • Right of access: you can find out if our company holds your personal data, what the processing conditions are and obtain a copy of your personal data that has been processed by us.
Right of rectification: you have the right to request rectification of inaccurate data held about you. You also have the right to add missing data concerning you by providing an additional declaration. In the event of this right being exercised, we will endeavour to communicate any rectification to all recipients of your data as far as possible.
Right of deletion: in some circumstances you have the right to request deletion of your data. However, this is not an absolute right and we may retain this data for an additional limited period for legal or legitimate reasons.
Right to the portability of your personal data: you have the right to request receipt of the personal data you provided us with in a structured, currently used and machine-readable format for your personal usage or for transfer to a third party of your choice. This right only applies if the processing of your personal data is based on your consent, a contract or if this processing is carried out on an automated basis. However, we may refuse the exercising of this right if it requires technical resources deemed excessive.
Right to limitation of processing: in some circumstances you have the right to request the limitation of the processing of your data.
Right of objection to processing: you have the right to object to the processing of your personal data at any time in cases of processing based on our legitimate interest. Your request must be based on a reason related to your personal situation. We may reject it on legitimate and compelling grounds that prevail over the reason indicated.
The right to give instructions about what happens to your data after your death.
The right to obtain information and, if necessary, a copy of the guarantees agreed concerning the transfer of your personal data outside of the European Union.
To exercise your rights you can contact us using the details indicated in the preamble. We will reply to any rights exercised as quickly as possible and always within 30 days from receipt of the request. We reserve the right:
To ask for proof of identity of the requesting party in the event of reasonable doubt about the latter and to comply with confidentiality obligations,
To extend the reply deadline by two months, informing the requesting party of this extension and reasons for the postponement within a month from receipt of the request,
To refuse to reply to a right exercised if this were deemed unreasonable (in view of the number/repetitive or systematic character).
-------------
Annex 1 Processing
Sub-annex A: BtoB commercial management
Persons/Entities responsible for joint processing Aktiengesellschaft Matterhorn Gotthard Bahn («MGB») Bahnhofplatz 7 CH-3900 Brig Switzerland
Matterhorn Region AG («MRAG») Avenue de Tourbillon 11 CH-1950 Sion Switzerland
Persons concerned | Employees of prospective tours operator or clients |
Processing objectives | Usage related to the legitimate interest of the organisation; - Making contact with tour operators; - Follow-up of commercial pipeline; Usage related to compliance with contractual obligations; - Negotiations with tour operators and issuing offers; - Administration of agreements with tour operators (establishment, billing, follow-up). |
Type of personal data processed and its origin | Non-sensitive personal data - Identification (e.g.: first name, surname, e-mail, work postal address) - Related to people’s working lives (e.g.: profession, employer) - History of exchanges (collected via Hubspot). Data collected from the persons concerned (request for information) and from professional platforms, such as Linkedin. |
Sub-contractors | - Service provider/publisher of our CRM online (Hubspot, a company domiciled in the USA subject to contractual clauses: https://legal.hubspot.com/dpa) - Service provider/publisher of a software tool for packaging tourism deals, booking (Swiss company, a country with adequate legislation in relation to the GDPR and the Swiss DPA) |
Internal recipients of personal data | - MRAG employees - MGB sales representatives responsible for developing business for MRAG |
Personal data retention period | - Deletion of CRM entry in the event of the departure of a contact from their company; - Deletion of CRM entry if requested by the contact concerned; - Deletion of CRM entry if the contact has not been active for three years (e.g.: has not opened e-mail). - Deletion of all personal data relating to orders placed over 10 years ago from software for packaging tourism deals and booking. |
Use of profiling or automated individual decision-making | No |
Sub-annex B: Organisation of Fam trips and press trips
Persons concerned | Employees of prospective tours operator or clients Journalists |
Objectives | Usage related to compliance with contractual obligations - The personal data of participants in Fam trips and press trips are required to ensure the availability of the information required for the smooth organisation of the trip |
Type of personal data and its origin | Non-sensitive personal data - Identification (e.g.: first name, surname, e-mail, etc.) - Related to people’s working lives (e.g.: profession, employer) - Related to personal life (e.g.: language, resource requirements, physical condition) - Information on food not to be served during the trip - Participation in a press or Fam trips (e.g.: date, type of trip) Data collected from the persons concerned (completion of forms) |
Sub-contractors | - Service provider/publisher of our online office solution (Microsoft, company domiciled in the USA subject to contractual clauses: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA?year=2021) |
Internal recipients | - VWP employees responsible for organising the trip - MRAG employees |
External recipients of personal data
| - Service providers involved in the trip which require the personal data to provide their services (e.g.: hotels, restaurants, equipment hire firms, guides, etc.) |
Personal data retention period
| - Deletion of specific data of the registration form for Fam Trips and Media Trips 1 month after the stay (food restrictions, fitness level, etc.). - Retention of contact details and information concerning participation in Fam Trips or Media Trips: See retention period indicated in annex A |
Use of profiling or automated individual decision-making | No |