Personal data protection charter

Because your privacy is important to Aquaparc, we have created a privacy policy that governs how your personal information is collected, used, disclosed, transferred and stored.

 

I. Name and address of the Data Controller

The Controller within the meaning of the EU General Regulation 2016/679 on the protection of personal data and the national laws on the protection of personal data in force within the Member States, is :

Aquaparc Le Bouveret
Tel. : 0041.24.482.00.00
E-Mail : contact@aquaparc.ch
Website : https://www.aquaparc.ch

II.  Personal Data Protection Officer

The Data Protection Officer appointed by the Manager is :
Sonia VANDENABEELE Tel. : 0041.24.482.00.00
E-Mail : contact@aquaparc.ch
Website : https://www.aquaparc.ch

III. General information on the processing of personal data

1. Scope of processing of personal data

We process the personal data of our users only to the extent necessary to provide them with access to our website and functional content and services. The processing of our users' personal data is in principle only carried out with their consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and where the processing of the data meets a legal obligation.

2. Legal basis for processing personal data

Insofar as we obtain the consent of users for the processing of their personal data, Article 6(1)(a) of the General Data Protection Regulation (GDPR) serves as the legal basis.

For the processing of personal data necessary for the performance of a contract to which the user is a party, Article 6(1)(b) of the General Data Protection Regulation (GDPR) serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Article 6(1)(c) of the General Data Protection Regulation (GDPR) serves as the legal basis.

In the event that vital interests of the user or another natural person require the processing of personal data, Article 6, paragraph 1, point d of the General Data Protection Regulation (GDPR) serves as the legal basis.

If the processing is necessary to safeguard the legitimate interests of our company or of a third party, and if the interests, fundamental rights and freedoms of the user do not override this legitimate interest, Article 6(1)(f) of the General Data Protection Regulation (GDPR) serves as the legal basis for the processing.

3. Data erasure and retention period. Users' personal data are kept for no longer than is necessary for the purpose for which they were collected. Beyond that time, it will be deleted, anonymised or access to it will be blocked.  In addition, the retention of data may be provided for by the European or national legislator in EU regulations, laws or other rules to which the controller is subject. The blocking of access to the data, the deletion of the data or the anonymisation of the data also takes place after the expiry of the retention period prescribed by the aforementioned regulations, unless it is necessary to retain the data for the conclusion or performance of a contract.

IV Provision of the website and creation of log files

1. Description and scope of the processing of personal data

Whenever our website is accessed, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

  • Information on the type of browser and version used
  • User's operating system
  • User's Internet Service Provider
  • Date and time of access
  • Websites from which the user's system accesses our website
  • Websites accessed by the user's system via our website

The data is also stored in our system log files. This does not include the user's IP address or other data that allows the data to be assigned to a specific user. Furthermore, we do not store this data together with other personal data of the user.

2. Legal basis for processing personal data

The legal basis for the temporary storage of data is the legitimate interest under Article 6(1)(f) of the GDPR.

3. Purpose of the processing of personal data

The temporary storage of the IP address by the system is necessary to enable access to the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.

This purpose is also justified by our legitimate interest within the meaning of Article 6(1)(f) of the GDPR.

4. Duration of storage

Personal data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of personal data enabling access to our website, this is the case when the session is terminated.

5. Right of objection and deletion

The collection of the user's personal data for access to our website and the storage of your data in log files are essential for the operation of the website.

If the user requests the deletion of such data or objects to their processing, we will no longer be able to provide access to our website.

V. Use of cookies

1.  Description and scope of the processing of personal data

Our website uses cookies. Cookies are text files that are stored in the user's Internet browser or Internet browser system. When a user visits a website, a cookie may be stored on his or her operating system. This cookie contains a string of characters that can be used to clearly identify the user if they visit the website again.

We use cookies to make our website more user-friendly. Some elements of our website require the calling user to be identified even after changing pages.

The following data is stored and transmitted in cookies:

  • Language settings
  • Items in the shopping cart
  • Login information

In addition, we use cookies on our website to analyse the browsing behaviour of users.

The following data may therefore also be transmitted

  • Search criteria entered
  • Frequency of page opening
  • Use of the website's features

The user data collected in this way is pseudonymised by technical measures. Therefore, an identification of the calling user is no longer possible. The data will not be stored together with other personal data of the users.

When accessing our website, a banner informs the user of the use of cookies for analysis purposes and his/her consent to the processing of his/her data is expressly obtained by means of an I AGREE checkbox. It is also indicated how the browser can be configured not to allow the storage of cookies.

In addition, a link is provided to this data protection policy.

https://www.aquaparc.ch/mentions-legales

2. Legal basis for processing personal data

The legal basis for the processing of personal data with the help of cookies is the user's consent pursuant to Article 6 paragraph 1 point a of the GDPR.

3. Purpose of the processing of personal data

The use of technically necessary cookies is intended to facilitate the use of the websites by users. Some features of our website cannot be offered without the use of cookies. To be able to use them, it is necessary that the browser is recognised even after a page change.

We need cookies for the following applications:

  • Shopping cart
  • Transfer of language settings
  • Storage of search criteria

The user data collected via technically necessary cookies is not used to create user profiles.

The purpose of using analysis cookies is to improve the quality of our website and its content. Through the use of analysis cookies, we learn how our website is used and enable us to continuously optimise our offer.

4.  Duration of storage, right of objection and deletion

Cookies are stored for a maximum period of 13 months.

The cookies are stored on the user's computer, from where they are transmitted to us. Therefore, as a user, you have full control over the use of cookies. By changing the settings of your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically.

However, if cookies are deactivated for our website, it may not be possible to use all the functions of the website to their full extent.

VI. Newsletter

1. Description and scope of processing of personal data

On our website, you have the opportunity to subscribe to our free newsletter. The data in the input mask is transferred to us when you register for the newsletter:

  • Address data
  • E-mail address
  • Date of birth

In addition, the following data is collected during registration:

  • IP address of the calling computer
  • Date and time of registration

Data processing is permitted with your consent obtained during the registration process, with a link to this data protection policy.

In the context of data processing for the sending of newsletters, no data is passed on to third parties. The data will be used exclusively for sending the newsletter.

2. Legal basis for processing personal data

The legal basis for the processing of data after the user has registered for the newsletter is the user's consent in accordance with Article 6 paragraph 1 point a of the GDPR.

3. Purpose of the processing of personal data

The e-mail address and other personal data collected as part of the registration process are used to distribute the newsletter.

4. Duration of storage

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected and in any case for a period of 3 years without any contact being made and in the absence of a request for deletion within this period. The e-mail address and other personal data of the user are therefore stored as long as the subscription to the newsletter is active

5. Right of objection and deletion

The subscription to the newsletter can be cancelled at any time by the user concerned. A link is placed in each newsletter to this effect allowing for unsubscription.

The user may also withdraw his consent and request the deletion of his personal data collected during the registration process.

VII. Registration - Creation of a User Account

1. Description and scope of processing of personal data

On our website, when purchasing online, we ask users to register and create a user account by providing personal data. The data is entered into an input mask and then transmitted to us and stored by our partner Secutix: https://www.secutix.com/fr/donnees-personnelles-rgdp/

 No data is transferred to third parties.

 The following data is collected during the registration process:

  • Address data
  • Name and first name
  • E-mail address
  • Date of birth

At the time of registration, the following data are also stored:

  • User's IP address
  • Date and time of registration

The user's consent to the processing of his/her personal data is expressly obtained as part of the registration process.

2. Legal basis for processing personal data

The legal basis for the processing of data is the user's consent, as provided for in Article 6 paragraph 1 point a of the GDPR.

If the registration and the creation of the user account serve the performance of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of data is the performance of the contract provided for in Article 6 (1) (b) of the GDPR.

3. Purpose of the processing of personal data

User registration is required for the provision of certain content and services on our website:

  • Information retrieval
  • Requesting a credit note
  • Reservation/invoice request.
  • Contact request
  • Buy online

A registration of the user is necessary to regularise a contract with him or to implement pre-contractual measures:

  • Ordering products and services
  • Reservations of any kind.

4. Duration of storage

The personal data stored are deleted as soon as they are no longer necessary for the purpose for which they were collected:

  • This is the case for data collected during the registration process and creation of a user account when registration on our site is cancelled or modified.
  • This is the case for the regularisation of a contract with the user or to implement pre-contractual measures if the data is no longer necessary for the execution of the said contract or the implementation of the said pre-contractual measures.

After the conclusion of the contract, it may be necessary to retain the user's personal data in order to comply with contractual or legal obligations:

  • Successive performance contracts
  • Warranty periods
  • Tax retention periods

In any case, the data is not kept beyond a period of 3 years from our last unanswered contact, and in the absence of opposition or request for deletion from you in the meantime.

5. Right of objection and deletion

As a user, you have the right to cancel and delete your registration and your user account at any time. You can change your stored data at any time.

The deletion of data can be carried out at any time by logging into your user profile or by sending an email to contact@aquaparc.ch

If the data is necessary for the performance of a contract or for the implementation of pre-contractual measures, early deletion of data is only possible if no contractual or legal obligation prohibits it.

The deletion of the user's personal data will prevent the user from receiving products and services that require the processing of such data.

VIII. Contact form and contact by e-mail

1. Description and scope of processing of personal data

A contact form is available on our website which can be used for electronic contact. If a user uses this option, the data entered in the input mask will be transmitted to us and stored. These data are :

  • First name and surname
  • Address data
  • E-mail address
  • Telephone number
  • Date of birth

When the message is sent, the following data is also stored:

  • User's IP address
  • Date and time of registration

Your consent to the processing of data is obtained during the process of sending your contact request, with a link to this data protection policy.

It is also possible to make contact via the e-mail address. In this case, the user's personal data transmitted by e-mail will be stored.

The data will not be transferred to third parties. The data is used exclusively for the processing of the communication.

2. Legal basis for processing personal data

The legal basis for the processing of the data is the user's consent pursuant to Article 6 paragraph 1 point a of the GDPR.

The legal basis for the processing of data transmitted when sending an e-mail is also the consent provided for in Article 6 paragraph 1 point a of the GDPR.

If the e-mail contact is for the purpose of concluding a contract, the additional legal basis for processing is the performance of the contract pursuant to Article 6 (1) (b) GDPR.

3. Purpose of the processing of personal data

The processing of personal data from the input mask serves only to respond to your contact request. In the case of contact by e-mail, this also includes the legitimate interest required for data processing.

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of storage

Data is deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data entered in the input mask of the contact form and data sent by e-mail, this is the case when the communication with the user has been completed. The communication is terminated when it can be deduced from the circumstances that a detailed answer has been given to the request made or that the facts have been finally clarified.

5. Right of objection and deletion

The user has the possibility to revoke his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, however, the communication cannot be continued.

The deletion of data can be implemented at any time by sending an email to contact@aquaparc.ch

In this case, all personal data stored during the contact will be deleted.

IX. Website Analysis

For the purpose of statistical analysis of our website activity, we use analysis tools, which allow us to improve the quality of our website, its content and to optimise our services.

1. Website analysis via Google Analytics with anonymisation function

We use Google Analytics, a web analysis service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as "Google". Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site.

The information generated by the cookie, such as the time, place and frequency of your visit to the website, including your IP address, is transmitted to and stored by Google in the United States.

We use Google Analytics on our website with the extension "_gat.anonymizeIp". In this way, your IP address is processed in an abbreviated form and thus anonymised, excluding any direct identification of the user, in the Member States of the European Union and in the other Contracting States of the Agreement on the European Economic Area.

Google will use this information to evaluate your use of our website, to compile reports on website activity and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

Google declares that it will not associate your IP address with any other data it may have collected.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

In addition, Google offers an opt-out module for the most common browsers to better control the data that Google collects on the sites you visit. The add-on informs the Google Analytics JavaScript (ga.js) that no website visit information should be transmitted to Google Analytics. However, the Google Analytics Disable add-on does not prevent information from being transferred to us or to any other web analytics service we may use. For more information on installing the browser disable add-on, see Link.

Alternatively, future analysis of your visit to the site by Google Analytics can be disabled by clicking on the link below. By clicking on the link, an opt-out cookie is created, preventing any analysis of your navigation on our website. :

Click here to disable Google Analytics cookies.

Please note that if you delete cookies in your browser settings, the deactivation cookie may also be deleted.

 2. Website analysis by YouTube

Our website contains at least one plugin from YouTube, which is owned by Google Inc. located in San Bruno, California, USA. As soon as you visit our website with a YouTube plug-in, you are connected to the YouTube servers. At the same time, the YouTube server will be informed of the particular page of our website that you have visited. If you are also logged into your YouTube account, YouTube allows you to associate your browsing experience directly with your personal profile. You can opt out of this assignment if you first log out of your account. For more information on the collection and use of your data via YouTube, see their privacy policy at www.youtube.com.

3. Website analysis by Facebook Pixe

Our website uses the remarketing feature "Custom Audiences" of Facebook Inc. ("Facebook"). This function serves to present ("Facebook ads") to visitors of this website in the context of their visit to the social network Facebook interest-based advertisements. For this purpose, the Facebook remarketing tag has been installed on our website. This tag establishes a direct connection to the Facebook servers when you visit the site. The information that you have visited our website is transmitted to the Facebook server and Facebook assigns this information to your personal Facebook user account. For more information on the collection and use of data by Facebook, your rights in this regard and how you can protect your privacy, see the Facebook privacy policy at www.facebook.com/about/privacy/. You can also deactivate the remarketing function "Custom Audiences" at www.facebook.com/settings/. To do so, you must be logged in to Facebook.

4. Use of web fonts

A JavaScript code is loaded on our website. If you have activated JavaScript in your browser but have not installed a JavaScript blocker, your browser may transmit personal data. We do not know which data is linked with the received data and for what purpose this data is used. To prevent the execution of JavaScript code in general, you can install a JavaScript blocker (e.g. www.noscript.net).

The following fonts are used on our website: Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043 USA (further information in the Google privacy statement).

X. Recipients of users' personal data

1.  The personal data of users is processed primarily by our internal departments and employees.

2. However, your personal data may be transferred to other recipients who provide us with services in connection with our website, such as our IT service providers in connection with the administration and hosting of our website, our external service providers in charge of processing applications or organising competitions, our logistics service providers, our insurance companies in case of claims.

In this case, we limit the transfer of your data to what is strictly necessary.

Our service providers receive your data as subcontractors and are strictly bound by our instructions regarding the processing of your data.

We also ensure that they implement all appropriate confidentiality and security measures to protect the data transmitted to the best of their ability.

3. In the context of the use of statistical analysis tools of the activity of our website, personal data of the user limited to the IP address, are transferred to the USA to entities that have adhered to the Privacy shield, an agreement regularised with the EU Commission considering the level of protection granted as adequate (implementing decision 2016/1250 of 12 July 2016).

XI. Rights of the data subject

As a data subject, you have the following rights, which can be exercised at the following e-mail address: contact@aquaparc.ch

1. Right of access

You may, at any time, request confirmation as to whether or not your personal data are being processed.

You are also entitled to request the following information:

  • the purposes for which personal data are processed;
  • the categories of personal data processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed;
  • the period for which the personal data are to be kept or, where this is not possible, the criteria used to determine that period;
  • where personal data are not obtained from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR, and at least in such cases, relevant information about the underlying logic and the significance and intended consequences of such processing for the data subject.

The possible transfer of personal data to a third country or an international organisation. In this context, you can ask to be informed of the appropriate safeguards, in accordance with Article 46 of the GDPR. We will reply within 1 month.

This right of access may be restricted if it would prevent or seriously hamper the performance of research or statistics and if such restriction is necessary for their proper performance.

2. Right of rectification

You are entitled to request that your personal data be corrected or completed if they are incomplete or inaccurate.

This right of rectification may be restricted if it would prevent or seriously hamper the performance of research or statistics and if this restriction is necessary for their proper performance.

3. Right to limit processing

You may obtain the restriction of the processing of your personal data under the following conditions:

  • you contest the accuracy of the personal data and request the restriction for a period of time allowing the controller to verify their accuracy;
  • the processing is unlawful and you refuse the erasure of your personal data and demand instead the restriction of their use;
  • the Controller no longer needs the personal data for the purposes of the processing, but they are still necessary for the establishment, exercise or defence of legal claims,
  • you have objected to the processing in accordance with Article 21(1) of the GDPR, but it has not yet been established whether the legitimate interests of the Controller prevail over yours.

Where the processing of your personal data has been restricted, such data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or on important Union or Member State public interest grounds.

If the processing of personal data has been restricted in accordance with the above conditions, you will be informed by the Controller before the restriction of processing is lifted.

This right to restrict processing may be restricted if it would prevent or seriously hamper the performance of research or statistics and if such restriction is necessary for their proper performance.

4. Right to erasure

a) Obligation to erase

You have the right to have your personal data deleted as soon as possible. The data controller is also obliged to erase such data if one of the following reasons applies

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • you withdraw your consent on which the processing is based pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR and there is no other legal basis for the processing;
  • you object to the processing pursuant to Article 21(1) of the GDPR and there is no compelling legitimate reason for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR;
  • the personal data have been processed unlawfully;
  • the personal data must be erased in order to comply with a legal obligation laid down by Union law or by the law of the Member State to which the controller is subject;
  • your personal data have been collected in connection with the services offered by an information society in accordance with Article 8(1) of the GDPR.

b) Information to third parties

Where the Processor has made your personal data public and is required to erase it under Article 17(1) of the GDPR, the Processor must take reasonable steps, taking into account available technology and the costs of implementation, including technical measures, to inform those processing the personal data that you, as a data subject, have requested the erasure of all links to, or copies or reproductions of, that data.

c) Exceptions

The right to erasure does not exist where processing is necessary:

  • to exercise the right to freedom of opinion and information ;
  • to comply with a legal obligation or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller and requiring processing under Member State or Union law;
  • for public interest purposes in the field of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
  • for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) of the GDPR, insofar as the law referred to in subparagraph a) is likely to make it impossible or seriously affect the achievement of the purposes of such processing;
  • for the establishment, exercise or defence of legal claims.

5. Right to information

If you have exercised your right to rectification, erasure or restriction of processing with the Data Controller, the Data Controller is obliged to inform all recipients to whom your personal data have been disclosed of such rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to request information about these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the Controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another Controller without the Controller to whom the personal data has been communicated having any objection, when :

  • the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR, or on a contract pursuant to Article 6(1)(b) of the GDPR, and
  • the processing is carried out using automated processes.

When you exercise your right to data portability, you also have the right to have your personal data transferred directly from one Controller to another, where technically possible. This must not, however, affect the rights and freedoms of other persons.

The exercise of the right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority vested in the Data Controller.

7. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on the legitimate interest or a task in the public interest in accordance with Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.

We must then cease processing your personal data, unless there are compelling legitimate grounds for the processing which override your interests and rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.

Where personal data are processed for the purpose of canvassing, you have the right to object at any time to the processing of your personal data for such canvassing purposes, including profiling insofar as it is related to such canvassing.

If you object to the processing for canvassing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the possibility to exercise your right to object by means of automated processes using technical specifications.

Where personal data are processed for scientific or historical research or statistical purposes pursuant to Article 89(1) of the GDPR, you have the right to object, on grounds relating to your particular situation, to the processing of such data.

This right of objection may be restricted if it would prevent or seriously hamper the performance of research or statistics and if such restriction is necessary for their proper performance.

8. Right to revoke the declaration of consent

You have the right to revoke your declaration of consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9. Automated individual decision making, including profiling

You have the right not to be subject to a decision based exclusively on automated processing, including profiling, which produces legal effects concerning you or which significantly affects you in a similar way.

This does not apply if the decision:

(1) is necessary for the conclusion or performance of a contract between the data subject and the Controller,

(2) is authorised by Union law or the law of the Member State to which the Controller is subject and which also provides for appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject

(3) is based on your explicit consent.

However, such decisions shall not be based on special categories of personal data under Article 9 (1) of the GDPR, unless Article 9 (2) of the GDPR applies and reasonable steps have been taken to safeguard the rights and freedoms and your legitimate interests.

With regard to the cases referred to in points (1) and (3), the Responsible Entity shall take appropriate measures to uphold your rights and freedoms as well as your legitimate interests, including at least allowing you to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are normally resident, work or where the breach has occurred, if you consider that the processing of your personal data constitutes a breach of the GDPR.

However, you always have the possibility to lodge your complaint with the Data Controller at contact@aquaparc.ch, who will reply within two months.

The supervisory authority to which the complaint has been submitted will inform you of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

In Switzerland, the supervisory authority is the FDPIC, Federal Data Protection and Information Commissioner, Feldeggweg 1, 3003 Bern, SWITZERLAND. http://www.leprepose.ch .