PRIVACY POLICY - cretberard

PRIVACY POLICY

New Data Protection Law – September 1, 2023

Crêt-Bérard, House of the Church and the Country, Ch. De la Chapelle 19a, 1070 Puidoux, Switzerland, is responsible for the collection, processing, and use of your personal data.

Your trust is important to us, which is why we take data protection seriously and ensure appropriate security in compliance with Swiss law.

This statement (the “Statement”) describes the methods we use to collect, store, process, use, archive, and delete your personal data.

When you provide us with data about yourself and/or use our Services, we collect, store, use, process, archive, and delete personal data in accordance with applicable law and the terms and conditions of the Statement.

If you disagree with the Statement, you can choose not to authorize us to use or store your personal data, or specifically choose which data you agree to provide and what use you accept. Please note, however, that some data is essential to the activities of Maison Crêt-Bérard and, as such, we may not be able to process your request.

If you have any questions or comments regarding this Statement, or suggestions to improve its quality, please write to us at info@cret-berard.ch.

On what legal basis is the processing of your data based?

We collect and process personal data about you only when you have given us your consent by validating the Statement or when the processing of this data is necessary for the performance of a contract between you and us.

Data Processing

Crêt-Bérard is the operator of the website www.cret-berard.ch and other sites and sub-sites (together our websites). When you visit our websites, our servers temporarily record each access in a log file. The following technical data is recorded and stored until automatically deleted at the latest after 180 days, as is the case for each connection to a web server:

  • The IP address of the requesting computer
  • The name of your Internet service provider (usually your Internet service provider)
  • The date and time of access
  • The website from which access was made (referring URL), if applicable with the search term used
  • The name of the URL of the requested data
  • The status code (e.g., error message)
  • The operating system of your computer
  • The browser you are using (type, version, and language)
  • The transmission protocol used (e.g., HTTP/1.1)
  • If applicable, your username from a registration or authentication

This data is collected and processed for the purpose of enabling the use of our websites and applications (establishing the connection and exchanging data), ensuring the security and stability of the system at all times, and enabling the optimization of our Internet offering. The data is also collected for internal statistical purposes.

In addition, the IP address is evaluated with other data in the event of attacks against the network infrastructure or other unauthorized or abusive uses of the website for clarification and defense purposes, and if necessary, used in criminal proceedings for identification and for civil and criminal proceedings against the users concerned.

The legal basis for such data processing is in our legitimate interest in processing within the meaning of Art. 13 para. 1 LPD/31 para. 1 nLPD and Art. 6 para. 1 lit. F GDPR.

Contact via the Usual Phone Number

You have the option to contact us by phone. You are responsible for the messages or content you send us by phone (for example: reservations, general inquiries, etc.).

In order to answer your questions, we may ask you to provide us with additional information, such as your full name, postal address, email address, etc. We will only collect from you the personal data that is necessary to identify you (including your phone number) and to respond to your questions in the best possible way or to provide the services you have requested.

The processing of this data is therefore necessary for the implementation of pre-contractual or contractual measures in accordance with Art. 13 para. 2 lit. a LPD/31 para. 2 let. a nLPD or Art. 6 para. 1 lit. b GDPR or is in our legitimate interest in accordance with Art. 13 para. 1 LPD/31 para. 1 nLPD or Art. 6 para. 1 lit. f GDPR.

Contact via Email or Mail

You have the option to contact us by email or by mail. You are solely responsible for the messages and content you send us in this manner. We recommend that you do not transmit sensitive information. Only the personal data that you voluntarily provide to us will be collected. You decide the information you send us.

In order to respond to your email request, we may ask you to provide us with additional information, such as your full name, postal address, phone number, etc. We will only collect personal data that is necessary to identify you (including your email address) and to respond to your request in the best possible way.

The processing of this data is therefore necessary for the implementation of pre-contractual or contractual measures in accordance with Art. 13 para. 2 lit. a LPD/31 para. 2 let. a nLPD or Art. 6 para. 1 lit. b GDPR or is in our legitimate interest in accordance with Art. 13 para. 1 LPD/31 para. 1 nLPD or Art. 6 para. 1 lit. f GDPR.

Registration for an Activity

To register for an activity offered by Crêt-Bérard, you must provide us with certain information:

  • Chosen activity
  • First and last name
  • Phone number
  • Email address

If the activity spans multiple days or if you wish to book an overnight stay, you must also provide us with the following information:

  • Room category
  • Person(s) with whom you share your room (first and last name)
  • Any specific remarks
  • Indicate if you are a member of the Friends of Crêt-Bérard Association

We use this data solely to respond to your registration request for an activity in the best possible and personalized way. The processing of this data is therefore necessary for the implementation of pre-contractual or contractual measures in accordance with Art. 13 para. 2 lit. a LPD/31 para. 2 let. a nLPD or Art. 6 para. 1 lit. b GDPR or is in our legitimate interest in accordance with Art. 13 para. 1 LPD/31 para. 1 nLPD or Art. 6 para. 1 lit. f GDPR.

Donation and Membership Application

To make a donation or apply for membership, you must provide us with certain information:

  • Type of membership
  • First and last name
  • Postal address
  • Email address
  • Phone number

If necessary, please also provide the name of the company you are affiliated with.

We use this data solely to respond to your donation or membership request in the best possible and personalized way. The processing of this data is therefore necessary for the implementation of pre-contractual or contractual measures in accordance with Art. 13 para. 2 lit. a LPD/31 para. 2 let. a nLPD or Art. 6 para. 1 lit. b GDPR or is in our legitimate interest in accordance with Art. 13 para. 1 LPD/31 para. 1 nLPD or Art. 6 para. 1 lit. f GDPR.

Application for an Open Position

No online application from our website.

Application via platforms provided for this purpose: jobUp / ORP

In the course of this online application, the following data will be processed:

  • Personal data (*mandatory information)
    • Open position*
    • First and last name*
    • Place of residence and country*
    • Postal code*
    • Location*
    • Email*
    • Phone number*
    • Date of birth*
    • Current job title and employer*
    • Type of application source*
  • Documents (*mandatory information)
    • Curriculum vitae*
    • Cover letter*
    • Certificates and diplomas*

We need this information to review your application and for the possible implementation of the application procedure. The legal basis for the processing of your personal data is constituted by pre-contractual or contractual measures in accordance with Art. 13 para. 2 lit. a LPD/31 para. 2 let. a nLPD or Art. 6 para. 1 lit. b GDPR or is in our legitimate interest in accordance with Art. 13 para. 1 LPD/31 para. 1 nLPD or Art. 6 para. 1 lit. f GDPR.

Subscription to Our Newsletter and Email Marketing

On our website, you have the option to subscribe to our newsletter. Registration is necessary for this purpose. The following data must be submitted during registration (*mandatory information):

  • Title
  • First and last name
  • Email address*

For your registration, you simply need to provide us with your email address. Once entered the designated field on our site, you will be redirected to a “MailChimp” page informing you of your subscription to our newsletter. You have the choice to confirm and return to the site or to modify the registration details (where you can provide more information).

We will use your data for sending the newsletter until you revoke your consent. You can revoke your consent at any time with immediate effect by clicking on the unsubscribe link in the newsletter emails. Alternatively, you can also contact us directly at communication@cret-berard.ch.

Our newsletter contains web beacons or a similar technical means (pixel tags). Web beacons are invisible 1×1 pixel graphics that are associated with the subscriber’s user ID for the newsletter. Web beacons provide us with the following information about the newsletter dispatch:

  • Address file used
  • Subject and number of newsletters sent
  • Information about addresses that have or have not received the newsletter and about addresses where delivery failed
  • Information about addresses from which the newsletter was opened
  • Information about addresses that were deleted
  • Technical information (e.g., time of retrieval, IP address, browser type, and operating system)

This information is used for statistical analysis of the newsletter dispatch. The results of these analyses can be used to better tailor future newsletters to the interests of recipients. Web beacons are deleted when you delete the newsletter.

To prevent the use of web beacons, you can set up your email program so that no HTML is displayed in messages, if this is not already the case by default.

By subscribing to the newsletter, you give us your consent to process the data provided for the regular dispatch of the newsletter to the address you have provided, as well as for the statistical evaluation of usage behavior and optimization of the newsletter. This consent constitutes our legal basis for data processing in accordance with Art. 13 para. 1 LPD/31 para. 1 nLPD and Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with immediate effect and for the future.

cookies

Cookies contribute in many ways to make your visit to our website easier, more enjoyable, and more meaningful. Cookies are information files that your web browser automatically stores on your computer’s hard drive when you visit our website.

We use cookies, for example, to temporarily store the services and entries you have selected when filling out a form on our web pages, so that you do not have to repeat the entry when you call up another sub-page.

Most internet browsers automatically accept cookies. However, you can configure your browser so that no cookie is stored on your computer, or a message appears every time you receive a new cookie. You will find explanations on how to configure cookie processing with the most common browsers on the following pages:

  • Microsoft Windows Internet Explorer
  • Microsoft Windows Internet Explorer for mobile devices
  • Mozilla Firefox
  • Google Chrome desktop
  • Google Chrome for mobile devices
  • Apple Safari desktop
  • Apple Safari for mobile devices

Disabling cookies may mean that you cannot use all the features of our websites.

The legal basis for the processing of personal data for the aforementioned purposes is in our legitimate interest, in accordance with Art. 13 para. 1 LPD/31 para. 1 nLPD and Art. 6 para. 1 lit. f GDPR, to ensure the functionality and optimization of our web pages. In the case of purely analytical cookies, we base the processing of your personal data on your consent, which you give via the cookie banner.

Tracking-tool

google analytics

The websites use Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google Analytics uses methods to analyze the use of our websites, such as cookies (see cookie section). The following information is generated by the cookie regarding your use of our sites:

Visitor’s navigation path on our sites:

  • Duration of stay on the page or sub-page
  • Sub-page from which the website is exited
  • Country, region, or city from which the site is accessed
  • Device (type, version, resolution, width, and height of the browser window)
  • Recurring or new visitor
  • Browser type and version
  • Operating system used
  • Referral URL (the previously visited page)
  • Hostname of the accessing computer (IP address)
  • Time of server query

This information is transmitted to a Google server, a holding company of Alphabet Inc., in the United States and stored there. Due to the activation of IP anonymization on this website, the IP address is shortened before transmission to the United States (anonymizeIP). The anonymized IP address transmitted by your browser as part of Google Analytics is not combined with other Google data. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and shortened there.

The information is used to evaluate the use of our web pages, to compile reports on activities conducted on our web pages, and to provide other services related to the use of our web pages and Internet usage for market research purposes and to organize our website according to needs. This information may also be transferred to third parties when required by law or when third parties process this data on behalf of Google. According to Google, the IP address is never associated with other user information.

Users can prevent the collection of data generated by cookies related to the use of the website (including IP address). Further information on the web analytics service used can be found on the Google Analytics website.

This processing is based on our legitimate interest pursuant to Article 6 para. 1 lit. f GDPR.

google maps

We use the Google Maps API (Application Programming Interface, Google Maps) from Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, on our websites for the visual presentation of geographic information. By using Google Maps, information regarding the use of our website, including your IP address, is transmitted to a Google server in the United States and stored there.

The legal basis for processing data for this purpose lies in our legitimate interest in accordance with Article 6 para. 1 lit. f GDPR.

Social Media and Partners

Our websites may contain links to social networks or partners. These links do not lead to the transmission of data to the providers without the user’s influence when loading our web pages (no “plugins”). The social media or partner buttons demonstrate a link to our presence on the respective network or partner. No user data is transmitted from our website.

Our website may include the following links:

  • Facebook by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Harbour, Dublin 2, Ireland, or Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA
  • Instagram by Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA
  • LinkedIn by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 95043, USA
  • Booking: GHIX (Route de Champ-Colin 18, CH-1260 Nyon, Switzerland)
  • Partners: Swisstainable (Switzerland Tourism, Morgartenstrasse 5a, CH-8004 Zurich, Switzerland) / KAYAK (KAYAK Attn, Data Protection Officer 7 Market Street Stamford, CT 06902, USA)

When you click on a link, a direct connection is established between your browser and the server of the respective link. The network is thus informed that you have used your IP address to visit our websites and clicked on the link. If you log into a network while you are logged into your account on that network, the content of our site may be linked to your profile on the network, meaning that the network can directly associate your visit to our websites with your account.

The legal basis for processing data for this purpose is our legitimate interest according to Article 13 para. 1 LPD/31 para. 1 nLPD and Article 6 para. 1 lit. f GDPR.

Retention Period

We retain personal data for as long as necessary for the provision of the aforementioned services and for further processing within the scope of our legitimate interests in accordance with Article 13 para. 1 and para. 2 lit. a LPD/31 para. A and para. 2 lit. a nLPD and Article 6 para. 1, lit. b and f GDPR.

Contractual data will be retained by us for a longer period if required by legal retention obligations or if we have another legitimate interest to do so. Storage obligations that require us to retain data arise, in particular, from accounting and tax law regulations. According to these regulations, commercial communications, concluded contracts, and accounting documents must be retained for ten years after the end of the current year in which they were last processed. If we no longer need this data for the provision of services to you or for other legitimate interests, the data will be blocked. This means that the data can then only be used for accounting and tax purposes.

Data Transfer to Third Parties

We only transfer your personal data if you have expressly consented to it, if there is a legal obligation to do so, or if it is necessary to fulfill our contractual obligations or to assert our rights, especially to assert claims arising from the contractual relationship. Additionally, we transmit your data to third parties to the extent necessary for the use of our websites or application and for the performance of the contract (also outside of our websites).

Some third parties have already been mentioned (Google Inc). Our websites are hosted on servers in Switzerland. Data is transmitted for the purpose of fulfilling our pre-contractual and contractual obligations and providing and maintaining the functionalities of our websites. This is our legitimate interest according to Article 13 para. 1 and para. 2 lit. a LPD/31 para. 1 and para. 2 lit. a nLPD and Article 6 para. 1 lit. b and f GDPR.

Transfer of Personal Data Abroad

We may also transfer your personal data to third-party companies (contracted service providers) abroad for the purposes of data processing described in this privacy policy. These companies are required, to the same extent as us, to protect your data. If the level of data protection in the country does not correspond to that of Switzerland or the EU, we will ensure by contract, communicated to the FDPIC in advance, that the protection of your personal data corresponds at all times to that of Switzerland or the EU.

For completeness, we note that under US law, US authorities may take surveillance measures and access data, which may also include data transferred from Switzerland or the EU to the United States. This is done without distinction, restriction, or exception based on the pursued objective and without objective criteria that would limit US authorities’ access to personal data and their subsequent use for strictly limited purposes that would justify access to such data.

Furthermore, in the United States, there is no legal recourse for data subjects from EU member states or Switzerland to access, rectify, or delete data concerning them that is subject to government action, and there is no effective legal protection against the general access rights of US authorities.

We would like to inform users residing in Switzerland or in an EU member state that, in the opinion of the competent authorities in Switzerland and the EU – partly due to the issues mentioned in this section – the United States does not provide an adequate level of data protection. If data recipients (for example, Google) are based in the United States or are expected to carry out processing of the relevant data in the United States, we will take all reasonable measures to ensure that your data is protected at an appropriate level with our partners to protect the rights of individuals whose personal data is transferred to a third country.

We expressly draw your attention to this legal and factual situation so that you can make an informed decision regarding your consent to the disclosure of your data to persons domiciled in the United States or who may carry out processing of the relevant data in the United States.

Additional Information

Rights to Information, Rectification, Cancellation, and Limitation of Processing; Right to Data Portability

You can object at any time to the processing of data, especially to the processing of data related to direct advertising (e.g., against advertising emails). You also have the following rights:

  • Right to Information
    • You have the right to demand access to the personal data concerning you stored by us at any time if we process them. This gives you the opportunity to check which personal data we process about you and that we use them in accordance with the applicable data protection regulations.
  • Right of Rectification
    • You have the right to have incorrect or incomplete personal data corrected and to be informed about the correction. In this case, we will inform the recipients of the affected data about the adjustments made unless this is impossible or involves disproportionate effort.
  • Right to Cancellation
    • You have the right to request the deletion of your personal data under certain circumstances. In individual cases, the right to deletion may be excluded.
  • Right to Restriction of Processing
    • Under certain conditions, you have the right to request that the processing of your personal data be restricted.
  • Right to Appeal
    • You have the right to appeal to a competent supervisory authority against the way your personal data is processed.
  • Right to Data Portability
    • If you are domiciled outside of Switzerland and reside in an EU/EEA member state, you have the right under certain circumstances to receive from us the personal data you have provided to us free of charge and in a readable format.
  • Right to Lodge a Complaint with a Supervisory Authority
    • You have the right to lodge a complaint with a competent supervisory authority if you believe that the processing of personal data concerning you violates applicable data protection regulations.
  • Right of Revocation
    • In principle, you have the right to revoke consent given at any time. Processing activities based on your past consent do not become illegal due to your revocation.

Data Security

We employ appropriate technical and organizational security measures to protect your personal data stored with us against manipulation, partial or total loss, and unauthorized access by third parties. Our security measures are continually enhanced in line with technological advancements.

We also take internal data protection very seriously. Our employees and the service companies we engage have been obligated by us to maintain confidentiality and comply with data protection regulations.

Contact Information

Please address any requests via postal mail ensuring your identification is clear and unambiguous:

Crêt-Bérard – Maison de l’Église et du Pays

Ch. de la Chapelle 19A

1070 Puidoux

 

You may also, at any time, contact the competent data protection authority in your jurisdiction.

Please note that you are not obligated to provide us with the personal data indicated in this Statement. Furthermore, the provision of personal data is not a condition for any contractual relationships we may establish. However, if you refuse to provide certain personal data, we may be unable to offer all or part of our services.

Misuse of Our Services

In the event of misuse of our services, particularly in cases of suspected criminal activity, data may be analyzed to clarify the situation and, upon a duly justified request from us, may be transmitted to the competent official authorities or to the third party concerned by the misuse.

The Statement is available in French, English, and German. In case of contradictions, the French version shall prevail.

We reserve the right to modify the Statement at any time.

last update

May 2024

 

All rights to the Statement belong to its author. Any reproduction without prior license is strictly prohibited.

back to top