Privacy Policy Matterhorn App

This privacy policy applies to the processing of your data when you use the Matterhorn app (hereinafter the "App").

The App is operated by Zermatt Tourism, Bahnhofplatz 5, 3920 Zermatt (“we”, "us”, “our”). Zermatt Tourism is therefore also responsible for ensuring that data processing always complies with the applicable laws. You can contact us with your questions about the processing of your data at any time:

Zermatt Tourism
Bahnhofplatz 5
CH - 3920 Zermatt

Email: datenschutz@zermatt.swiss

Zermatt Tourism has also appointed a representative in the European Union pursuant to Article 27 of the GDPR and a United Kingdom representative pursuant to Article 27 of the UK GDPR, to whom you can send queries via email or by writing to the following address:

EU representative: Swiss Infosec (Deutschland) GmbH
Unter den Linden 24
10117 Berlin
Deutschland

E-Mail-Adresse: zermatt-tourismus.dataprivacy@swissinfosec.de

UK representative:
Swiss GRC UK Limited
The Nova Centre
1 Purser Road
Northampton
NN1 4PG
England

E-Mail-Adresse: zermatt-tourismus.dataprivacy@swissgrc.uk.com

Protection of your personal data is extremely important to us. We take data protection seriously and are careful about keeping your data secure. We follow all of the applicable legal rules, especially those of the Swiss Federal Act on Data Protection (FADP) and the associated ordinance, as well as provisions of the Telecommunications Act (TCA). Where applicable, we also observe the provisions of the European Union's General Data Protection Regulation (GDPR).

It is important to us that you know what personal data we collect, how we do this, how we process this data and for what purposes this is done. Therefore, we ask that you read the following information carefully.

The interactive Matterhorn app is your mobile, personalised travel companion, helping you to have a perfect holiday in Zermatt, whether in summer or winter.

When you use the App, the following data that you provide can be processed: Name, customer address data, contact information, language, means of payment, travel information, transaction data and transaction history, booking details when purchasing tickets, information about reservations (restaurant, date, time, changes and cancellations) and location data. Your data is linked to a profile which we create for you and is stored in our central database. Your data is also stored in the App database, which is hosted by a third-party provider, and will be deleted on deletion of your profile, which you can initiate yourself at any time in the settings.

If you do not want to send location data, please disable the GPS function on your device by refusing permission for use of the function when you first install the App or by subsequently adjusting your device and App settings. Please note that the GPS function must be enabled if you wish to use the SOS function built into the App.

When using the App, additional information is collected every time you open it. This consists of data about the App version, your device, network, operating system, screen information, location (provided that the GPS function is enabled) and IP address.

We only collect and process the data that is needed to use, operate and support the app, make reservations, buy e-tickets using the app or to forward data if the App's SOS function is used in an emergency.

3.1 Usage, operation and support for the App

When using the App, you can decide whether or not to create a profile. Creating a profile means that you can make reservations and book tickets, etc., more easily and quickly.

Furthermore, personal data and travel data are processed by us and our partners in anonymised form and in the form of statistics (e.g. sales revenues, number of journeys undertaken) for the purpose of further development to improve the app.

Anonymous tracking information is collected when the app is used and sent to third-party providers for the purpose of analysis and evaluation in order to optimise the app.

In addition, anonymised crash reports are collected regarding technical errors and sent to a third-party provider for evaluation and troubleshooting in order to make technical improvements to the app.

This information is used to help us to improve the user experience of our offer, making it more effective and secure. Any processing of your personal data for this purpose is based on upholding our overriding legitimate interests (Article 6 (1) f) GDPR).

3.2 Reservations

If you want to make a hotel, event, restaurant or other kind of booking through the App, we need your personal data in order to manage the reservation and process it in compliance with the law, thus providing you with our service (Article 6 (1) b) GDPR) and in our legitimate interests (Article 6 (1) f) GDPR).

You can only book a hotel or restaurant reservation if you do not already hold an overlapping reservation elsewhere on the same date. The processing of your personal data for this purpose therefore also relates to the provision of our services and the overriding legitimate interests of our delivery partners, such as hotels and restaurants (Article 6 (1) b) and f) GDPR).

When you reserve a table in a restaurant using the Matterhorn App and provide your credit card details as requested, we do not save this data. It is forwarded directly to the restaurant at which the reservation is made.

This data can also be used for statistical purposes or to serve targeted advertising to you (through Zermatt Tourism or via social medial platforms such as Facebook). Processing of your data for the purpose of analysis and to serve advertising is based on our legitimate interests pursuant to Article 6 (1) f) GDPR.

3.3 Buying e-tickets

If you want to purchase a train ticket through the App, we need your personal data in order to manage the reservation and process it in compliance with the law, thus providing you with our service (Article 6 (1) b) GDPR) and in our legitimate interests (Article 6 (1) f) GDPR). ZBAG and MGBahn/GGB also have access to this data and process it in accordance with their own privacy policies.

The legal basis for this data processing is to fulfil the contract with you (Article 6 (1) b) GDPR).

3.4 SOS function

The App also provides users with an SOS function that you can use in emergencies, if you wish. When you use the SOS function, you can select whether your emergency is in the mountains or in a village. Once you have selected from these options, you are asked to confirm that you are definitely in an emergency and want to request assistance. When you confirm, you can contact the emergency services directly on 144; two emails are also sent automatically. One email is sent to Zermatt Tourism and another email is sent directly to the central SOS switchboard. The email contains the following information: Date, time, surname, first name, email, language, telephone number and location of the incident, provided you are logged into the Matterhorn App with your account. If you are not logged in, only your location and time at which the emergency was triggered are sent in the email.

In confirming the emergency you declare that you consent to certain data about you being sent to Zermatt Tourism and to the responsible SOS switchboard.

The legal basis for this data processing is therefore primarily your consent (Article 6 (1) b) GDPR) and also to protect vital interests (Article 6 (1) d) GDPR).

We work with various external service providers for specific purposes, such as analysis, customer contact, registration and authentication, payments handling, infrastructure monitoring, creation and management of back-ups, hosting and back-end infrastructure, tag management, location-based interactions, management of user databases, and testing the performance of content and functionality. You can find an overview of these service providers below.

Evaluation, analysis and monitoring of the App

When it comes to evaluating, analysing and monitoring the App, we work with third parties who can process your personal data on our behalf in data centres within or outside of Switzerland, the European Economic Area and the United Kingdom, in particular the United States. These third parties provide us as the App operator with statistics via the app stores run by Apple and Google, etc., allowing us to better evaluate the performance of our App. We are not responsible to the extent that these third parties also process your personal data for their own purposes. These processing activities are described their privacy policies.

We process this data to uphold our interests in improving and developing the App and will only do so where you have given your consent for this unless the processing is essential for the app to work correctly.

Advertising and campaigns

We use analysis tools that process personal data and evaluate user activity in order to analyse our advertising and campaigns so that we can provide you with individualised advertising and campaign information. We obtain the analysis tools from third parties, which can process your personal data on our behalf. This data processing can take place within and outside of Switzerland, the European Economic Area and the United Kingdom, in particular in the United States. We are not responsible to the extent that these third parties also process your personal data for their own purposes. These processing activities are described their privacy policies.

Such data processing activities are only undertaken on the basis of your consent (Article 6 (1) a) GDPR).

Right to object: If you do not wish to receive push notifications in the App on the Android or iOS operating systems, you can prevent these from being sent in the system settings for your device.

Monitoring of infrastructure

The App makes use of error diagnostic services provided by third parties. If the App crashes while being used, or an unexpected error occurs, specific information (device type, operating system version, date and time of the error, country in which the request was created and language configuration of the operating system) can be sent to this third party. This data processing can take place within and outside of Switzerland, the European Economic Area and the United Kingdom, in particular in the United States.We are not responsible to the extent that these third parties also process your personal data for their own purposes. These processing activities are described their privacy policies.

The purpose of this processing is to capture and evaluate errors. The information provided is used to maintain and improve our App. These data processing activities uphold our overriding legitimate interests, specifically the security of our App (Article 6 (1) f) GDPR).

You can object to this third-party processing by disabling the gathering and transmission of usage data and diagnostic information in the App settings. This option is enabled by default when the App is installed.

Registration and authentication

We use authentication services provided by third parties. These services receive image, cookie, email, surname, password and IP address data. The information is used to ensure that the correct person is accessing your account. This data processing can take place within and outside of Switzerland, the European Economic Area and the United Kingdom, in particular in the United States. We are not responsible to the extent that these third parties also process your personal data for their own purposes. These processing activities are described their privacy policies.

These data processing activities uphold our overriding legitimate interests, specifically the functionality of our App and security of your account (Article 6 (1) f) GDPR).

Hosting and backend infrastructure

We work with third parties for hosting and to provide a back-end infrastructure. These services ensure a secure platform for cloud services and offer computing, database storage, content delivery and other functions. This data processing can take place within and outside of Switzerland, the European Economic Area and the United Kingdom, in particular in the United States. We are not responsible to the extent that these third parties also process your personal data for their own purposes. These processing activities are described their privacy policies.

These data processing activities uphold our overriding legitimate interests, specifically the functionality of our App (Article 6 (1) f) GDPR).

Creation and management of backup copies

We work with third parties to create and manage back-up copies. These third parties provide cloud storage for the long-term back-up and archiving of data. This data processing can take place within and outside of Switzerland, the European Economic Area and the United Kingdom, in particular in the United States. We are not responsible to the extent that these third parties also process your personal data for their own purposes. These processing activities are described their privacy policies. We are not responsible to the extent that these third parties also process your personal data for their own purposes. These processing activities are described their privacy policies.

Any processing of your personal data for this purpose is based on upholding our overriding legitimate interests (Article 6 (1) f) GDPR).

Handling and processing payments

Our App provides you with the option of making bookings and purchases. Your data can be transferred to our payment providers for this purpose, or may be sent directly to the delivery partners where you have booked a table or reserved a room, for example. When you choose to pay directly through the Matterhorn App, the payment can only be made using our online payment process provided. Our credit card payment process is handled by a provider in Switzerland. We are not responsible to the extent that these third parties also process your personal data for their own purposes. These processing activities are described their privacy policies.

The lawful basis for this processing is the performance of a contract (Article 6 (1) b) GDPR).

We only share your personal data with other third parties (i) if this is necessary to fulfil our contractual obligations to you (e.g. when you purchase an e-ticket, we share your data such as email address, surname and first name, date of birth, transaction data, transaction history or means of payment with the relevant transport company, or when you reserve a table in a restaurant or room in a hotel we send the necessary data (booking information) to the restaurant or hotel), (ii) if you have given us your express consent (for example transfer to the SOS switchboard when you use the SOS function), (iii) if we are under a legal obligation, or (iv) if this is necessary for us to assert our rights, in particular to enforce claims arising from a contractual relationship. We also transfer your data to third parties to the extent that this is necessary in order to provide you with the services you request when using the App and to analyse your usage as described in section 4 above.

In this respect we would also like to draw your attention to the fact that as part of our data processing we use software solutions provided by Salesforce (see www.salesforce.com). Salesforce provides online tools that allow its clients to run specific parts of their business. These include Customer Relationship Management, Customer Care, Social Media, Community Management, Data Analysis, HR, and platforms for creation of web applications. When providing these tools, Salesforce processes the data that has been sent to its services or processes this data according to its clients' instructions. We use Salesforce, for example, to combine data that is captured through the App with other data that Zermatt Tourism and/or Zermatt Bergbahnen AG collects about you and to store this in a single (cloud) database. The purpose of doing this is to provide our customers with support and to manage our customers and their preferences. Detailed information about data protection at Salesforce can be found at the following link: https://www.salesforce.com/company/privacy/

Some of the services we use are purchased from other countries, and as a result your personal data can also be sent to these countries. Personal data is only transferred abroad when the applicable legal requirements are satisfied. Third parties located in foreign countries are required to uphold data protection requirements to the same extent as we are. If the level of data protection in a foreign country is not equivalent to Swiss or European standards, we enforce contractual conditions requiring an equivalent level of protection for personal data to that which applies in Switzerland or the EU at all times, for example by signing EU standard contractual clauses.

For the sake of completeness we would like to remind you that when you are forwarded from the app to the web pages of www.matterhornparadise.ch and www.zermatt.swiss or if you visit these web pages from within the app, your personal data can also be processed. The privacy policies that can be found on these web pages apply to the data processing in such an instance.

When you register with the Matterhorn App, we store your data for as long as your accounts exists and in accordance with our legal obligations. We do not store purely technical data about App usage permanently. We will only store data for a longer period if we detect attacks on our website and/or App and need to take appropriate measures.

We generally only store personal data for as long as we need to:

• to use the aforementioned tracking and analysis services in the scope of our legitimate interests;
• to deliver the aforementioned scope of services that you have requested or for which you have given consent;
• to meet our legal obligations.

We will store data that is collected when concluding or performing a contract for a longer period as this is required of us by statutory retention requirements, for example rules governing accounting and tax law. These rules require business correspondence, concluded contracts and accounting documents to be retained for up to 10 years. Once this data is no longer needed in order to carry out the services for you, the data will be blocked. This means that it can then only be used for accounting and tax purposes.

We have put in place suitable technical and organisational security measures to protect the data we store against manipulation, partial or complete loss and unauthorised access by third parties. Our security measures are updated continuously according to the latest standards.

We also take the protection of our own internal data very seriously. Our employees and the service providers that we use have been required to sign a declaration that they will maintain confidentiality and uphold the data protection law provisions.

You can assert the following rights in relation to your personal data:

• Revoke consent at any time. If you have given consent to the processing of your personal data, you can revoke this consent at any time.
• Object to the processing of your data. You have the right to object to the processing of your data when it is being processed on any lawful basis other than your consent.
• Obtain information about the data being processed. You have the right to obtain information about whether data is processed by Zermatt Tourism, about certain aspects of the processing, and in certain circumstances to obtain a copy of the data.
• Verify and rectify. You have the right to verify that your data is accurate and to require it be updated or corrected.
• Require restriction of processing. You have the right to require the restriction of processing of your data in certain circumstances.
• Require erasure and other removal of your personal data. In certain circumstances you have the right to require we erase or delete your data.
• Obtain data and have it transferred to another controller. In certain circumstances you have the right to obtain your data in a structured, common and machine-readable format and, where technically feasible, have this transferred to another data controller.
• Lodge a complaint. You have the right to complain to the responsible supervisory authority or regulator. In Switzerland this is the Federal Data Protection and Information Commissioner.

You can contact us for the aforementioned reasons by emailing datenschutz@zermatt.swiss. We may ask for proof of identity in order to handle your request. When you contact us we will try to respond as quickly as possible and undertake the requested action. Please note that sometimes we will have to decline to uphold all or some of these rights either for legal reasons or on the basis of the data protection laws. In such cases we will inform you accordingly.

We reserve the right to make changes to this privacy policy at any time. The current version of this privacy policy can always be accessed through the app. We recommend that you access it on a regular basis and check the date it was last changed at the bottom of the page. If changes affect the use of data based on your consent, Zermatt Tourism will seek your renewed consent where this is required.

Last updated: 27/06/2023