Davos (CH), 25 May 2018
Object: Privacy Notice – EU General Data Protection Regulation 2016/679 (the “GDPR”)
Effective as of: 25.05.2018
Please read the following Privacy Notice carefully before proceeding. On May 25th, 2018 the European Regulation mentioned here above and known as the « GDPR » has entered into force.
Notwithstanding we operate as a Swiss company, we have decided to offer you the same rights you benefit from such regulation.
Therefore this Privacy Notice explains how INTERNATIONAL HOSPITALITY SERVICES AG collects, stores, uses and discloses your personal data for lawful purposes disclosed below as well as defines your new rights in relation to the personal data it holds.
INTERNATIONAL HOSPITALITY SERVICES AG is the operator of the website http://residencesathrhdavos.com and thus responsible for the collection, processing and use of your personal data.
INTERNATIONAL HOSPITALITY SERVICES AG (“we” and “our”) is the data controller of your personal data and is subject to the EU General Data Protection Regulation 2016/679 (the “GDPR”) and any data protection law applicable in Switzerland.
Our Privacy and Data Compliance Officer is Mr. Alessandro Lardi.
His contact details are -Lardi@swisspath.com and telephone +41 44 454 2626
As per EU regulation, we have also nominated a « Privacy representative » based in the European Union you may contact at any time. His contact details are infra.
Please also take into consideration that this Privacy Notice supersedes any previous Privacy Notice or equivalent which you may have been provided with or seen prior to the Effective Date stated above.
This notice might be subject to changes. Any updates will be posted on our website. We recommend you regularly consult review it to ensure that you are always aware of our privacy practices. Our privacy commitments to you:
Under the GDPR you have the following rights:
• To obtain access to, and copies of, the personal data that we hold about you;
• To require that we cease processing your personal data if the processing is causing you damage or distress;
• To require us not to send you marketing communications;
• To require us to erase your personal data;
• To require us to restrict our data processing activities;
• To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller, if we act as processor.
• To require us to correct the personal data we hold about you if it is incorrect.
• To withdraw the consent for data processing (if the consent was required for lawful processing).
• To lodge a complaint with a supervisory authority.
Please note that the above rights are not absolute, and we may be entitled to refuse requests where legal exceptions apply.
You can find out more about your rights on the website of your local European authorities for Data Protection. If you have any questions about how we use your personal data, or you wish to exercise any of the rights set out above, please contact us using the following:
INTERNATIONAL HOSPITALITY SERVICES AG
Tobelmühlestrasse 2, 7270, Davos Platz, Davos, Switzerland
Contact: Alessandro Lardi, Data Compliance Officer
By email: Lardi@swisspath.com
By telephone: +41 44 454 2626
Or by post our EU Representative
INTERNATIONAL TAX SERVICES S.A.
3, Rue Belle-Vue, L-1227 Luxembourg
Contact: Lorenzo Stipulante, Data Compliance Officer
By email: firstname.lastname@example.org
By telephone: +352 26 37 83 98
If you are not satisfied with how we are processing your personal data, you may also forward a claim to https://ico.org.uk/make-a-complaint/ or contact
Commission nationale pour la protection des données 1, avenue du Rock’n’Roll I LU-4361 Esch-sur-Alzette Tel. : (+352) 26 10 60 26 I Fax : (+352) 26 10 60 2 www.cnpd.lu
How we collect your data
We collect your personal data in a number of ways, for example:
• From the information you provide to us when you meet us or you are active on the website;
• From information about you provided to us by your company;
• When you communicate with us by telephone, fax, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication for 12 months;
• When you complete (or we complete on your behalf) application or other forms;
• When you sign up for our newsletter or other marketing;
• From Spenglers’ Management AG if you have given them the authorisation for such transmission;
• From your travel agencies or intermediaries;
• From publicly available sources or from third parties, most commonly where we need to conduct background checks about you.
The categories of personal data we collect
We collect the following categories of personal data about you:
• Your name, company name, and contact information such as your home or business address, email address and telephone number;
• Biographical information which may confirm your identity including your date of birth, your passport number or national identity card details, country of domicile and/or your nationality;
• Information relating to your payment modalities such as credit cards number(s) or bank account details, billing adress;
• Information about your employment, education, family or personal circumstances, and interests, where relevant; and
• Information to assess whether you may represent a politically exposed person or terrorism risk.
When visiting our website http://residencesathrhdavos.com our servers temporarily store every access in a log file. The following user and device data, as well as personal data, are collected without your intervention and stored by our host:
The basis for processing your personal data (other than with your consent), how we use that personal data and whom we share it with
(i) Performance of a contract with you and in commection with customer communication
We process your personal data because it is necessary for the performance of a contract(s) to which you are a party or in order to take steps at your request prior to entering into a contract.
In this respect, we use your personal data for the following:
• To prepare a proposal for you regarding the services or products we offer;
• To deal with any complaints or feedback you may have;
• For any other purpose for which you provide us with your personal data.
In this respect, we may share your personal data with or transfer it to the following:
• Your (travel) agents, advisers, intermediaries whom you tell us about;
• Third parties whom we engage to assist in delivering the services to you, including other companies such as Spenglers’ Management AG and authorized real estate brokers indicated at our website;
• Our professional advisers where it is necessary for us to obtain their advice or assistance, including lawyers, accountants, IT or public relations advisers;
• Other third parties such as intermediaries whom we introduce to you. We will wherever possible tell you who they are before we introduce you;
(ii) Legitimate interests
We also process your personal data because it is necessary for our legitimate interests, or sometimes where it is necessary for the legitimate interests of another person.
In this respect, we use your personal data for the following:
• For marketing to you. In this respect, see the separate section on Marketing below;
• For the administration and management of our business, including recovering money you owe to us, and archiving or statistical analysis;
• Seeking advice on our rights and obligations, such as where we require our own legal advice;
In this respect we will share your personal data with the following:
• Our advisers, travel agencies where it is necessary for us to obtain their advice or assistance and authorized real estate brokers indicated at our website;
• With third parties and their advisers where those third parties are acquiring, or considering
acquiring, all or part of our business.
(iii) Legal obligations
We also process your personal data for our compliance with a legal obligation which we are under.
In this respect, we will use your personal data for the following:
• To meet our compliance and regulatory obligations, such as compliance with anti-terrorism laws and/or anti-money laundering and know-your-customer obligations;
In this respect, we will share your personal data with the following:
• Our advisers where it is necessary for us to obtain their advice or assistance;
• Our auditors where it is necessary as part of their auditing functions;
• With third parties who assist us in conducting background checks;
• With relevant regulators or law enforcement agencies where we are required to do so.
We intend to send you newsletter and marketing about the services we provide in accordance with the preferences stated by you, we intend to send you other information in the form of alerts, newsletters and invitations to events or functions which we believe might be of interest to you. We will communicate this to you in a number of ways including by post, telephone, email, SMS or other digital channels.
If you wish to receive the e-mail newsletter and marketing, alerts, we will need a valid email address for you. For those registering for our newsletter, we use what is known as the double-opt-in procedure. That means that after your registration we send you an e-mail to the e-mail address specified in which we ask you to confirm that you wish to be sent the newsletter. If you do not confirm your registration within 2 weeks, your information is blocked and after one month automatically deleted. Moreover, we store in each case your IP addresses used and times of log-on and confirmation. The purpose of the procedure is to be able to prove your registration and where necessary to clarify any potential misuse of your personal data.
As a subscriber to the e-mail newsletter, you may at any time revoke your consent to the processing of your e-mail address for sending the newsletter. Consent may be revoked via the link provided for this purpose in each e-mail newsletter or by sending an e-mail with the subject “unsubscribe” to Data Compliance Officer.
Disclose Data to third parties or data processing companies
For the purposes of service provision, it can be necessary to involve external companies. In such cases, data may be provided by us to external companies and|or saved by these companies. We only disclose data that are necessary for provision of the services.
Transfer and processing of your personal data outside the European Union
When sharing your personal data with third parties as set out in this Privacy Notice, it may be transferred outside the European Union to the above listed recipients. In these circumstances, your personal data will only be transferred on one of the following bases:
• the country that we send the personal data to is approved by the European Commission as providing an adequate level of protection for personal data;
• the transfer is to a recipient in the United States of America who has registered under the
EU/US Privacy Shield;
• the recipient has entered into European Commission standard contractual clauses with us; or • you have explicitly consented to the same with us or any data controller we process information for.
To find out more about transfers by us of your personal data outside the European Union and the countries concerned please contact us at the above details.
Retention of your data
We will not retain your personal data for periods longer than those required for the purpose of their processing under this Privacy Notice, subject to any limitation periods imposed by law. In particular:
• where we have collected your personal data as required by anti-terrorism legislation, including for identification, screening and reporting, we will retain that personal data for seven years after the termination of our relationship, unless we are required to retain this information by another law or for the purposes of court proceedings; or
• otherwise, we will in most cases retain your personal data for a period of five years after the termination of our contractual or other relationship with you in case any claims arise out of the provision of our services to you.
CONFIDENTIALITY AND SECURITY
We are subject to confidentiality and secrecy obligations, e.g., arising under data protection, other legal obligation, contract, professional secrecy, as the case may be. The Personal data we process are also subject to said obligations. Our employees are required to follow specific procedures with respect to maintaining the confidentiality. We and our duly authorised delegates apply appropriate information security measures designed to protect data in our possession and/or our delegates’ and/or affiliates’ possession from unauthorised access by third parties or any form of computer corruption. We continuously improve our security measures in line with the technological developments.
We stay at your entire disposal for further information you may have.