This website www.hotelkiplinggeneva.com (hereinafter the "Website") is made available to you by Chantilly Manotel SA, Hôtel Kipling, c/o Manotel SA, rue Jean-Dassier 8, 1201 Geneva, Switzerland (hereinafter "Kipling Manotel" or "we" ). We comply, to the fullest extent applicable, with data protection legislation, in particular the Swiss Federal Data Protection Act and the Swiss Federal Ordinance on the Federal Data Protection Act, as well as other applicable provisions relating to data protection from Swiss or European legislation, in particular the General Data Protection Regulation (hereinafter the "GDPR"), which governs the processing of personal data and gives you various rights in relation to it. Kipling Manotel will be responsible for processing all your personal data obtained through the Website or by direct contact with us.
1. WHAT IS PERSONAL DATA PROCESSING?
The processing consists of each operation of manipulation of your personal data. This includes, among other things, the entry, collection, anonymisation, recording, management, use, transmission, communication and deletion of your personal data.
2. HOW DO WE PROCESS YOUR PERSONAL DATA?
2.1. GENERAL INFORMATION
When you visit the Website, different types of information are collected including the IP address from which you access the Website, the version and type of browser used to access the Website, the operating system used, the domains and the time of the request. This information does not allow us to identify the user’s identity and this is not our objective. We use the information collected for statistical purposes only, which mainly allows us to improve the content and presentation of the Website.
Please note that we may collect additional data, such as name, postal address, e-mail, telephone number, which you provide to us voluntarily while browsing the Website. You can also pay and use our services using a pseudonym or anonymised data, without providing us with the aforementioned personal data.
The data is collected by cookies that we use on the Website. For more information on this, refer to section 2.7 below concerning cookies.
2.2. CONNECTION TO THIRD PARTY SITES
The Website contains links to third party sites, in particular the sites of our partners. By clicking on these links, you leave the Website. Kipling Manotel has no control over the operation of third-party websites and therefore cannot be held responsible for their operation and their compliance with data protection legislation. We draw our users’ attention to the risk that the connection and consultation of third party sites may entail.
2.3. SUBSCRIPTION TO OUR NEWSLETTER
You will only receive advertising information via our newsletter if you give us permission to use your e-mail address for this purpose. The Website will never send you advertising newsletters or e-mails if you have not subscribed to them.
You have the possibility to subscribe to our newsletter by registering and providing us with the following data: e-mail address, first name and last name. By subscribing to our newsletter, you can choose your areas of interest in order to receive related e-mails.
By registering, you consent to the processing of the data you have provided in this context. We use this data to send you information of interest to you. If you wish, you can unsubscribe from our newsletter or our advertising e-mails at any time by clicking on the unsubscribe link at the bottom of our e-mails. Your personal data is deleted following your unsubscription.
2.4. CREATION OF A CLIENT ACCOUNT
You can create a client account to make reservations on the Website. When registering for a client account, we collect the following data: first name, last name, address, telephone number, e-mail address and password.
This data is collected for the purpose of providing you with access to your basic data, which we store in our system. You can consult your reservations, past and future, and modify your personal data.
Your consent constitutes the legal basis for the processing of your data. You can deactivate your account at any time by contacting firstname.lastname@example.org (see section 5.4).
2.5. USE OF OUR CONTACT FORM
You can request a callback by clicking on "to be contacted". You are then required to provide us with the following information: your name, your telephone number, the date and the time slot during which you wish to be contacted. You can also provide us with your e-mail address, if you wish.
By providing us with this information, you give your consent to us contacting you. We will only use your information for the purpose of responding to your request.
2.6. RESERVATION ON THE WEBSITE, BY E-MAIL OR BY TELEPHONE
When you book a hotel room, we collect the following personal data:
- your first and last name;
- your reservation dates;
- your address;
- your e-mail address; and
- your telephone number.
We only use this personal data, as well as any other optional information you provide to us (e.g. arrival time, preferences, remarks, etc.), to manage your booking and to enter into and perform our contract with you. We will process this data in particular in order to enter your reservation, verify your identity, provide the reserved services, send you communications relating to your stay, contact you in the event of a problem and ensure that the payment is correctly made.
You are offered the option of registering your credit card, in order to facilitate any future reservations. In the event of voluntary registration of your credit card, the data relating to it is saved. However, no data relating to your credit card will be stored if you do not register it.
3. WHO IS YOUR PERSONAL DATA SHARED WITH?
3.1. NON-DISCLOSURE OF PERSONAL DATA
We occasionally use subcontractors that we carefully select to carry out processing activities on our behalf, insofar as this is necessary for the performance of the contract or for the use of the Website. Third-party companies, including online payment companies, will only have access to this data when this is necessary to process your order or contract. The data is therefore transmitted for a specific purpose, in accordance with the purposes for which it was initially collected, namely the execution of the contract. In these cases, we will ensure that the framework for data transmission is kept to the agreed essential minimum. Hosting providers and website traffic monitoring services are also part of our subcontractors. They may need to access your personal data, but they are not entitled to use it for purposes other than those for which it was collected.
We impose on ourselves and also on our subcontractors a strict data protection policy concerning the personal data that you provide to us or that we find. By following this course of action, we comply with the provisions of data protection legislation.
3.2. TRANSMISSION OF PERSONAL DATA ABROAD
We are also entitled to transmit your personal data to third parties (in particular the subcontractors that we appoint) located abroad, for the data processing and the purposes specified therein. If the level of data protection in the country concerned does not meet Swiss and European requirements, we will make sure this is clearly reported to you.
In this regard, please note that the United States, where some data recipients are headquartered (e.g. Google and Facebook, see Sections 3.4, 3.5 and 3.6), do not have a level of data protection equivalent to that from Switzerland or the European Union.
3.3. BOOKING PLATFORMS
If you make reservations via a third-party platform, the platform operator sends us personal information so that we can enter your reservation and provide the reserved services. The execution of a contract is therefore the basis for the processing of your data.
3.4. GOOGLE ANALYTICS
3.5. GOOGLE ADWORDS REMARKETING
We use Google AdWords Remarketing for internet advertising purposes. The Google AdWords remarketing program allows you to display relevant advertisements depending on the pages of the Website you visit. This information is collected by a cookie stored on your computer hard drive. This cookie will not identify any personal data nor will allow access to your computer. Thanks to the Google AdWords Remarketing program, we are able to personalise our marketing actions to meet your needs and to display only the advertisements that are likely to appeal to you.
3.6. FACEBOOK: CUSTOM AUDIENCE PIXEL
Facebook's data policy is available on its website and provides information on the collection, processing and use of data. Information is also available on the settings options available to protect the privacy of the data subject.
4. WHAT ARE YOUR RIGHTS?
4.1. RIGHT OF INFORMATION AND ACCESS
If you wish, you have the right, upon request, to obtain access to your personal data as well as information about the personal data that we have stored about you. In particular, you can request information on:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the data has been or will be communicated;
- the planned retention period of the data, whenever possible, or the criteria used to determine this period;
- the existence of your right to request the rectification or erasure of data, restriction of processing or the right to object to processing;
- the right to lodge a complaint with the supervisory authority; and
- when personal data has not been collected by us, all information available to us as to its source.
4.2. RIGHT OF RECTIFICATION
You have the right to rectify your personal data if deemed inaccurate. In this case, please tell us which data you want us to correct or update. We will process your request as soon as possible.
4.3. RIGHT OF DELETION
You have the right to request the erasure of your personal data. We will respond to your request, provided that no obligation or legal basis, in particular as regards the declaration, conservation and archiving of documents, opposes it.
4.4. RIGHT TO RESTRICTION OF PROCESSING
Under certain conditions, you have the right to request that the processing of your personal data be limited, in particular in the following cases:
- when you dispute the accuracy of personal data, its processing may be limited for a period of time allowing us to verify its accuracy;
- when your data has been processed unlawfully, you can object to its erasure and demand restriction of processing;
- when we no longer need to process your data but you still need it for the establishment, exercise or defence of legal claims; and
- when you object to the processing, during the phase of verifying the legitimate reasons (see section 4.5 on this subject).
When the processing of your data is limited, the latter may, with the exception of conservation, be processed only with your consent, for the exercise or defence of legal claims, for the protection of the rights of a natural or legal person or for important reasons of public interest.
4.5. RIGHT TO DATA PORTABILITY
When your data is processed using automated processes on the basis of your consent or for the performance of a contract, you have the right to demand to receive the data you have transmitted to us (right to data portability). The data will be provided to you in a standard format.
On your request, we can also transmit the data to a third party of your choice.
4.6. RIGHT OF OBJECTION
You have the right to object to the processing of your data. We will then examine whether the processing of your personal data is carried out in accordance with the law, in particular whether such processing of your personal data pursues a legitimate interest and whether your interests or fundamental rights which require data protection prevail. During this verification phase, a limitation of the processing of your data may be required (see section 4.4).
4.7. RIGHT TO LODGE A COMPLAINT
If you believe that the GDPR has been violated, you have the right to lodge a complaint with a supervisory authority. This supervisory authority is the Federal Data Protection Officer if you reside in Switzerland. If you live in the European Union, this is the supervisory authority in your country of residence.
We have the obligation to notify you of any rectification, erasure and limitation of the personal data processing. Likewise, we have the obligation to communicate to you, as soon as possible, any violation of your personal data likely to create a high risk for your rights and freedoms.
Please note that some of these rights may not apply due to their specific requirements and exemptions or because they are not applicable to the data processing method we use. However, most of these rights are unconditional, in particular your right to withdraw your consent at any time.
4.10. EXERCISE OF YOUR RIGHTS
If you wish to obtain more information about your rights or if you wish to exercise any of your rights, please contact us at one of the addresses mentioned in the "Contact" section. Please note that, in order to protect your information, we reserve the right to require supporting documentation to prove your identity at the time of your request.
5. ADDITIONAL INFORMATION
5.1. LEGAL BASIS FOR PROCESSING
We process your data only when we are permitted to do so by law. The legal basis for processing varies depending on the purposes for collecting and using your personal data. In the majority of cases, we will process your personal data on one of the following bases:
- compliance with our legal obligations, in particular when data processing is required to fulfil tax or financial obligations;
- a legitimate interest, insofar as the processing is necessary to safeguard a legitimate interest of our company and your interests, fundamental rights and freedoms do not prevail;
- the consent you give us for a specific purpose and that you have the right to withdraw at any time to prevent future processing of your data; and
- the necessity of processing personal data for the performance of a contract.
5.2. DURATION OF DATA STORAGE
We only keep your personal data for a limited period, which is necessary for the aforementioned processing purposes, in particular:
- for personal data collected on the basis of your consent, we keep your personal data for a limited period necessary to fulfil the purposes of the processing; you can ask us at any time to stop processing your data and we will erase your data as soon as possible; however, we will keep a record of whether you have asked us to stop sending you direct advertising or not to process your data, so that we can comply with your request in the future; and
- for data collected on the basis of the performance of a contract, we keep your information for the duration of the contractual relationship.
In general, we keep your data for the period necessary to fulfil the processing purposes for which it was collected. At the end of this period, we will delete your personal data. However, a specific retention period may also be required by law. Swiss accounting law requires in particular that contracts be kept in our archives for a period of 10 years.
We may also retain your data if we are required to do so in the context of legal action or investigation involving [Kipling Manotel].
5.3. SECURITY AND CONFIDENTIALITY
In order to ensure the security and confidentiality of the personal data we collect, we operate secure data networks that meet the technical standards in force in our sector. We take appropriate technical and organisational measures to protect your data against loss, falsification, manipulation, abuse, unauthorised access, disclosure, modification and deletion.