2. Who we are and how to contact us
Every website (including online-shops and mini sites for special offers), every presence on social media, multimedia portals, chatbots and every app of Mövenpick group entities (each a website) has a controller within the Mövenpick group with respect to collecting personal data according to the EU General Data Protection Regulation (GDPR) (or comparable provisions according to applicable data protection laws).
Should a Mövenpick entity or affiliate disclose personal data to another Mövenpick entity or affiliate for certain purposes of the receiving entity or affiliate, such entity or affiliate is the controller according to article 4 (7) GDPR.
The data protection officer can be contacted at: firstname.lastname@example.org
Furthermore, any inquiry, claim or concern regarding data protection at the Mövenpick group (all companies and affiliates) can be addressed to email@example.com
3. Personal data we collect about you, how and why we process it and the legal basis for our processing
Visitors to Mövenpick's websites do not have to disclose any personal data such as their names, addresses, telephone numbers or e-mail addresses.
Please note that the information we collect about you may include data relating to your health or religion (for example information about a religious diet or health conditions in relation to the performance of our hotel or restaurant services). Such data processing will always be based either on your consent or on the performance of our contractual duties.
We may combine the personal data we collect about you through the different channels you use to interact with us (for example, browsing one of our websites, using our Wi-Fi login, signing up for a newsletter or loyalty programme, contacting us or applying to us). In addition, we may combine the information we hold about you with information about you from third parties, in particular from our selected retail partners, and from public sources. It is in our legitimate interests to do this so that we can form a clearer picture about our customer base and as a result improve our services and marketing activities. We do however not combine any personal data we collect through our surveillance systems such as operation of security cameras at our premises.
For the loyalty programme, in order for you to register and continue using this service, we need to collect your Titel, Company name, Physical address, Telephone number (mobile and business), Nationality, Credit Card information, Position in company and Nature of business. However, if you provide us with more personal data, you do so voluntarily.
You have the right to object to certain types of processing, including processing for direct marketing. If you have given your consent for certain processing activities, you have the right to withdraw your consent at any time.As a consequence, we may however not be able to provide you with all of our benefits (for more information, please see the section “Your rights”).
4. Marketing communications and automated decision-making (including profiling)
In order to provide you with all of the benefits of our products and services, and if you are not yet a customer of ours, we ask for your permission to send you information about the latest news, special events, offers, promotions and other benefits on our offers and services. We also ask for your permission to send you newsletters using your e-mail address.
You can choose to withdraw your permission at any time by clicking on the opt-out link in a newsletter marketing e-mail you receive from us or by sending an e-mail to us firstname.lastname@example.org.
In respect of the loyalty programmes, we also use technology that tracks your purchasing behaviour in our (online-)shops, hotels, restaurants, etc. This helps us to build a profile of your preferred services and products so that we can provide you with offers that are tailored to your specific preferences, based on your previous transaction activity.
If you do not agree with an automated decision that our technology has made in relation to you, you can contact us and we may decide to look into it for you (see the section 2“Who we are and how to contact us”).
5. Third party disclosure
We may also disclose your personal data to third party service providers who perform certain business operations on our behalf, in particular:
- business management services (e.g. accounting or asset management);
- consulting services, e.g. services of tax consultants, lawyers, management consultants, consultants in the field of personnel recruitment and placement;
- IT services, e.g. services in the areas of data storage (hosting), cloud services, sending e-mail newsletters, data analysis and refinement etc.;
- credit check, e.g. if you want to make a purchase on account or credit;
- haulage and logistics services, e.g. for the dispatch of ordered goods;
- administration services, e.g. real estate management;
- business information and debt collection, e.g. if you want to make a purchase on account or if due receivables are not paid;
In some cases, the personal data we collect from you may also be accessed or processed outside of Switzerland or the EEA. Such destinations may not have laws which protect your information to the same extent as in Switzerland or the EEA. We take the necessary measures to put appropriate safeguards in place to protect your personal data. For example, the appropriate safeguards may be provided by standard data protection clauses adopted by the European Commission and accepted by the Federal Data Protection and Information Commissioner (known as “model clauses”). Please ask us if you would like to obtain a copy of or more information about the safeguards that are used to protect your personal data when it is processed outside of Switzerland and the EEA (see section 2 “Who we are and how to contact us”).
In addition, we may share your personal data in the following circumstances:
- if we are required by applicable law or a public authority to share information about you;
- if we need to share information about you in order to establish, exercise, defend or protect the rights, property or safety of our business, our customers or others. This includes, in specific cases, exchanging information with other organisations for the purposes of fraud protection; and
- to successors in title or replacement operators of all or part of our respective businesses.
6. How long we retain your data
We retain your personal data for no longer than this is necessary for the purposes for which the information is collected. Upon the completed processing of the contract or the deletion of a user account you may have registered to on one of our websites, your data are blocked for further use and are deleted upon expiry of the safekeeping periods prescribed by applicable laws such as tax and commercial law, unless you have explicitly consented to the continued use of your data or we have reserved the right to further use your data in a manner permitted by law as set out below. Your user accounts can be deleted at any time, by sending a message to email@example.com.
When determining the relevant retention periods, we will take into account factors including:
- legal obligation(s) under applicable law to retain data for a certain period of time;
- statute of limitations under applicable law;
- (potential) disputes; and
- guidelines issued by relevant national data protection regulators.
To make visits to our websites more attractive and to allow the use of specific functions, we use what is termed cookies on various pages. Cookies are small text files that are saved on your end device. Some of the cookies used by us are erased again at the end of a browser session, i.e. when you close your browser (session cookies). Other cookies remain stored on your end device to allow us to identify your browser when you visit us again. You can change the settings on your browser to notify you when a cookie is set, which will allow you to approve or reject cookies on an ad hoc basis or to generally block all cookies. Failure to accept cookies can mean that the functionality of our websites is restricted.
Our websites may use Google Analytics or similar services. These applications are third party services which allow us to measure and analyse the use of our website. The provider of these services may be located in any country worldwide (in the case of Google Analytics which is operated by Google Inc. it is the U.S., www.google.com). The service provider uses permanent cookies for these applications. We will not disclose any personal data to the service provider (who will also not save any IP addresses). The service provider may, however, monitor the use of the website by the user and combine this data with data from other websites monitored by the same service provider which the user has visited and the servicer may use these findings for its own benefits (e.g. control of advertisement). The service provider knows the identity of the user who has registered with the service provider. In this case the processing of personal data will be the service provider's responsibility and data shall be processed according to the data protection policies of the service provider. The service provider will provide data on the use of the website to us.
8. Our policy on children’s personal data
We do not knowingly collect the personal data of children under 16 years of age, without the prior consent or authorisation of the holder of parental responsibility over the child.
9. Protection of your personal data
We have taken appropriate technical and organizational security measures to protect your personal data against unauthorized and/or unlawful processing as well as against unintentional loss, alteration, disclosure or unauthorized access. However, the electronic transmission of information via various communication channels bears security risk that cannot be completely eliminated. Therefore, we cannot assume any guarantee for information that you transmit in this way.
10. Your rights
You may at any time exercise the following rights. To find out how to submit a request, please see section 2 “Who we are and how to contact us”.
- 1. Right to be informed
- 2. Right of access
- 3. Right to rectification
- You are entitled to have your personal data corrected if it is inaccurate or incomplete.
- 4. Right to erasure
- This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
- 5. Right to restrict processing
- You have rights to ‘block’ or suppress further use of your personal data. When processing is restricted, we can still store your personal data, but may not use it further. We keep lists of people who have asked for further use of their personal data to be ‘blocked’ to make sure the restriction is respected in future.
- 6. Right to data portability
- You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your personal data between our IT systems and theirs safely and securely, without affecting its usability.
- 7. Right to object to processing
- You have the right to object to certain types of processing pursuant to Article 21 GDPR, including processing for direct marketing (which we do only with your consent).
- 8. Right to withdraw consent
- If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for direct marketing. As noted above, if you withdraw consent then we may not be able to provide you with all of our benefits.
- 9. Right to lodge a complaint
- You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.
The information is free of charge, except where your requests are manifestly unfounded or excessive (in particular because of their repetitive nature) in which case we may charge a reasonable fee (taking into account the administrative costs of providing the information or communication or taking the action requested) or refuse to act on the request.
In general, we will respond within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.
12. Details of the personal data we collect about you, how it is used and why, including the legal basis for our processing
|Type of interaction with us||Types of personal data we collect||Purpose of processing (how and why we use your personal data)||Legal basis for processing||Controller(s) of your personal data|
|᛫ improve the way our websites works by providing you with personalised access and an enhanced websites;|
|᛫ monitor and analyze usage of our websites to improve their performance;|
|᛫ deliver online advertising that we believe is most relevant to you; and|
|᛫ measure the effectiveness of our marketing communications.|
|Loyalty or customer programme||We collect the information you provide to us when you register for our loyalty or customer programme and any further information you provide to update your registration details from time to time. This information includes your e-mail address.||We process your personal data to be able to provide you with membership of and participation in the loyalty or customer programme, including access to its various benefits. These benefits include our newsletter, the opportunity to participate in events and competitions, vouchers, coupons and special offers.||We process your personal data after obtaining your consent pursuant to Art. 6 para. 1 lit. a GDPR to do so for the purposes of sending you information about the latest news, special events, offers, promotions and other benefits of the loyalty or customer programme. As this information is an integral part of the loyalty programme, if you do not permit us to do this, you will not be able to join the loyalty or customer programme. Please see the section 4 “Marketing communications and automated decision-making (including profiling)” to find out more about your choices when it comes to marketing.||Mövenpick Hotels & Resorts Management AG|
|We also gather information about the purchases you make, (including in our stores, online shops, hotels, resorts, restaurants, etc.) and transaction details (including the date, time and value of the transaction). We gather this information when you scan your unique loyalty or customer number when making a purchase (we must gather this information in order to offer you all the benefits of the loyalty or customer programme).||In particular, we process your personal data to:||In addition, it is in our legitimate interests pursuant to Art. 6 para. 1 lit f GDPR to collect and use the personal data referred to in the column to the left so that we can:|
|>In order to successfully register as a member of the loyalty or customer programme, you must agree to the loyalty or customer programme Terms & Conditions available at https://advantagem.movenpick.com/terms-conditions||᛫ understand your needs and provide you with any benefits which you may request as part of your loyalty or customer programme membership: We use your personal data so that we can manage the benefits of the loyalty or customer programme which you choose to take up or participate in;||᛫ provide you with a service that is as useful, enjoyable and beneficial to you as possible, including by personalising our contact with you and tailoring offers to your preferences; and|
|᛫ manage and improve the loyalty or customer programme: We rely on the use of personal data to build a clearer picture of our members both as a group and as individuals, including by analyzing your shopping behavior, the benefits of the loyalty or customer programme which you choose to take up or participate in, and the different ways in which you choose to interact with us. This helps us to provide you with a seamless, relevant and consistent service and also to work out how we can improve the loyalty or customer programme and the information technology systems (including security) that are used to operate it;||᛫ better understand our member base so that we can improve our services and marketing activities (which could also benefit you).|
|and||᛫ tailor the benefits of the loyalty or customer programme to your preferences and send you relevant marketing communications: We gather information about the purchases you make so that we can give you all the benefits of the loyalty or customer programme. When we have information about your purchases, we can also tell when you will be eligible for benefits that are based on your purchasing activities so that we can make sure you are sent the kinds of offers that you will be most interested in. We also use your personal data to analyse the effectiveness of our marketing communications so that we can improve the relevance of the marketing communications we provide to you and other members over time;||In other cases, it is necessary for us to process your personal data for performance of the contract pursuant to Art. 6 para. 1 lit. b GDPR between us and you in relation to the loyalty or customer programme (which is governed by the loyalty or customer programme Terms & Conditions) https://advantagem.movenpick.com/terms-conditions|
|᛫ provide you with information about events, special offers, promotions and the like;|
|https://circlem.movenpick.com/TermsAndConditions||᛫ for research and analysis, including inviting you to take part in surveys or focus groups carried out by us or by third parties on our behalf (if you have given your consent for us to do so, where this is required by law): We carry out research and analysis to improve the loyalty or customer programme. However, if you tell us that you do not want us to contact you about surveys or focus groups, we will respect this choice. This will not affect your membership of the loyalty or customer programme; and||and|
|᛫ administer your loyalty or customer programme membership: We use your personal data so that we can notify you about changes to the loyalty or customer programme. We also process your personal data to ensure that the information we hold about you is kept up to date and accurate.|
|If we process sensitive personal data, we will rely on your express consent (Article 9 paragraph 2 letter a DSGVO).|
|The relevant forms make it clear what data are collected.||If we process sensitive personal data, we will rely on your express consent (Article 9 paragraph 2 letter a DSGVO).|
|Newsletter||We collect the information you provide to us when you sign up to receive our newsletter and any further information you provide to update your registration details from time to time. This information includes your e-mail address.||We process your personal data to:||We process your personal data after obtaining your consent pursuant to Art. 6 para. 1 lit. a GDPR to do so for the purposes of sending you information about the latest news. Please see the section 4 “Marketing communications and automated decision-making (including profiling)” to find out more about your choices when it comes to marketing.||Mövenpick Hotels & Resorts Management AG|
|᛫ provide you with our newsletter; and||In addition, it is in our legitimate interests pursuant to Art. 6 para. 1 lit f GDPR to collect and use the personal data referred to in the column to the left so that we can:|
|᛫ administer our database of customers who have signed up to receive our newsletter: We use your personal data so that we can notify you about changes to our newsletter service. We also process your personal data to ensure that the information we hold about you is kept up to date and accurate.||᛫ provide you with a service that is as useful and beneficial to you as possible; and|
|᛫ better understand our customer base so that we can improve our services and marketing activities (which could also benefit you).|
|CRM||If you purchase our services or work for a company that purchases services from us, we process personal data about you, such as, for example your name and other contact details and your interactions with us.||We will register you in the Mövenpick Hotels & Resorts marketing database to tailor our services based on your personal information, preferences and details of your transactions.||The processing described in the column to the left is in our legitimate interest (Article 6(1)(f) DSGVO) because it enables us to use and sell goods and services. Customer care is also in our justified interest.||Mövenpick Hotels & Resorts Management AG|
|We will carry out assessment and analysis (for example customer and transactional analysis) to enable us to personalise your experience when you stay in one of our hotels and with respect to presenting online products and offers tailored to you.||If we have a contract with you directly or if you want to conclude a contract with us directly, we will process your personal data to conclude and process the contract (Article 6 paragraph 1 letter b DSGVO).|
|Finally, in preparation for your stay, we may collect your photograph from publicly available sources so that we can recognize you in order to provide you with superior customer service.||If we process sensitive personal data for the purposes mentioned, we usually do so in order to assert, exercise or defend legal claims or with your express consent (Article 9 paragraph 1 letters a and f).|
|Please note that in relation to our marketing database, you can ask a team member in any one of our hotels to update your preferences. However, should you wish for your details to be removed from our database completely or you do not wish to receive information from us then there are a number of ways you can unsubscribe. These are as follows:|
|1. You can click onto the "unsubscribe" link in any communication that we send to you by email, which will automatically unsubscribe you from that type of communication.|
|2. Alternatively, you can request access to, rectification or deletion of your personal data held by us at any time by contacting us at firstname.lastname@example.org.|
|Participation in customer events||When we invite you to customer events, we process your personal data such as your name, your contact details and other data relating to the event.||We process your personal data:||We process your personal data after you have given us your consent in accordance with Art. 6 para. 1 lit. a GDPR to inform you about the corresponding events and/or to register you for one of our events.||The Mövenpick entity who invites you to the event|
|᛫ So that we can invite you to our events;||Furthermore, we base our processing on our legitimate interests according to art. 6 par. 1 lit. f GDPR on our part, since we learn more about our customers during the execution of such events; it is in particular a possibility to get in contact with our customers personally and individually and to learn more about their individual needs.|
|᛫ In order to find out which events you are interested in at all, we can draw your attention to specific events that are of interest to you.|
|Using the Wi-Fi facilities when you visit our premises||We collect your personal information as soon as you log in to our Wi-Fi infrastructure using your device. Personal data, which we collect about you at this moment, are device-specific data of your end device.||We process your information so that we can offer you our Wi-Fi facilities and at the same time ensure the protection of both our and your online environment.||Logging in to our Wi-Fi tells us that you want to use our Wi-Fi facilities and that you consent pursuant to Art. 6 para. 1 lit. a GDPR.||Mövenpick Hotels & Resorts Management AG|
|If necessary, you may first have to register and receive a code via your e-mail address or an SMS function that you need to use for our services.||We will only process your personal data if you provide us with your data as part of your registration.|
|Furthermore, it is possible to log in via a social network, whereby the corresponding data is transferred.||If you wish to use the data via a social network, we will only process personal data that you provide in connection with the data protection regulations of this social network provider.|
|We may ask you for further consent, e.g. to use your contact details for advertising purposes.|
|Competitions and contests||We collect the information you provide to us when you participate in a competition or contest that we run. This may differ depending on the type of competition or contest we are running but is likely to include your name, e-mail address, mobile number and postal address.||We need your personal data in order to operate the competition or contest that you have entered and to inform you of its outcome.||It is in our legitimate interests pursuant to Art. 6 para. 1 lit f GDPR to collect and use the personal data referred to in the column to the left so that we can operate the competition or contest you have entered and inform you of its outcome.||Mövenpick Hotels & Resorts Management AG|
|We may ask you for further consent, e.g. to use your contact details for advertising purposes.|
|Entering an area in which we operate security cameras||We operate security cameras in limited areas where we have identified a need and where other solutions are ineffective to achieve the purposes described in the column to the right. This means that if you visit or premises you may be captured on security camera.||Security cameras are used for:||It is in our legitimate interests pursuant to Art. 6 para. 1 lit f GDPR to collect and use the personal data collected by our security cameras so that we can provide a safer, more secure environment for visitors and staff at our premises, and to protect our property.||Mövenpick Hotels & Resorts Management AG|
|There are prominent signs in the areas where the security cameras are operated.||᛫ monitoring the security within our premises;||Please note that access to the security camera footage is restricted to authorised personnel of the Mövenpick Group and our security service provider that need to have access in order to achieve the purposes described in the column to the left. In addition, access to the footage may be granted to law enforcement agencies in certain circumstances in order to prevent and detect crime.|
|᛫ safeguarding the safety of visitors and staff; and|
|᛫ preventing and detecting crime.|
|We will also collect information when you contact us through our customer support centers. This can be done in writing or by telephone. In this context, your name, your contact details and your location/region are enough for us.||Furthermore, we consider the processing to be justified by legitimate interests on our part pursuant to Art. 6 para 1 lit. f GDPR, because we can thus improve the quality of our services, avoid errors in our processes in the future and thus achieve higher customer satisfaction.|
|If necessary, we will record your conversation with us, about which you will be informed in advance.||We process your data in this regard, in order to:|
|᛫ Customer care: it is important to us that you can contact us with questions or dissatisfaction and inform us of your concerns and suggestions for improvement.|
|᛫ Training purposes: It is important for us to take your concerns seriously and to be able to avoid them in the future. The possible recording of conversations should help us to identify and analyse difficulties in our processes in depth and to develop solutions for their rectification.|
|᛫ Quality optimization: We deal with your concerns and develop appropriate solutions|
|Online booking on website||We collect data at the time at which you open a user account on our website. These include your name, address, e-mail address, telephone number and customer information if you participate in other programmes we offer.||We process your data for the purpose of:||By opening your account you agree to this processing in accordance with Art. 6 para. 1 lit. a GDPR.||If you use one of our online shops, the data controllers of any personal data you provide are the Mövenpick entities running the respective online shop.|
|We also collect your information when you book online, in particular your payment information.||᛫ Processing: we process your data so that we can carry out your booking;||Furthermore, we use the data provided by you for the processing and performance of contracts pursuant to Art. 6 para. 1 lit. b GDPR between us and you.|
|᛫ Information about your purchasing and booking behavior: we analyse the purchasing and booking behavior of our customers and gain information based on this, which we can take into account when managing our services (room classification, choice of location, etc.).||In addition, we have a legitimate interest in the processing within the meaning of Art. 6 para. 1 lit. f GDPR, because|
|᛫ Alignment of our offers to your needs: due to the numerous advantages/offers (promotions concerning services; receipts, points) we get to know the behavior of our customers better. This enables us to tailor our offers to the needs of our customers (overall and individually) and to respond optimally to their demand. Based on this, we can adapt our special offers to your demand and let you benefit from our offers even more advantageously.||᛫ we can get to know our customers better and make our contact with them more personal. This contributes to a long-term customer relationship.|
|᛫ By analysing our customers, who make use of this possibility, we can adapt and expand our offers more to their needs and optimize our processes accordingly.|
|If we process sensitive personal data for the purposes mentioned, we usually do so in order to assert, exercise or defend legal claims or with your express consent (Article 9 paragraph 1 letters a and f).|
|Job applications||If you apply to us, we collect any personal data that you provide, such as your name and e-mail address and information from your CV.||We use your data to assess and respond to your application and to perform the application process, including the assessment of your documents, responding to you, the invitation to and the performance of the interview, the collection of references, assessment tests, and connected activities.||By applying to us you agree to this processing in accordance with Art. 6 para. 1 lit. a GDPR.||If you apply to us, the data controllers of any personal data you provide are the companies you have applied to.|
|We will return all the data to you and delete all the information we hold about you in relation to your application if you withdraw your application or if we turn your application down.|