account Privacy Policy of B&B HOTELS in Switzerland
Updated on 20 June 2024
Recitals
1. In the context of its business activity, B&B HOTELS is led to collect and process personal data concerning its contacts, prospects, customers, suppliers and partners.
2. The main aim of this document is to allow you to understand the conditions for the processing of your data.
3. This privacy policy is intended for web users, customers and prospective customers (hereinafter “you”) in the scope of (i) the use of the website https://www.hotel-bb.com/ (hereinafter the “Site”) and the B&B HOTELS mobile application (hereinafter the ”App”) presenting the platform for the online reservation of B&B hotel rooms (hereinafter the “Platform”), (ii) the supply of our loyalty programmes in Switzerland and (iii) stays in hotels operated by B&B HOTELS in Switzerland.
Its aim is to inform you, in accordance with Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “Regulation” or the “GDPR”) and the Federal Act on Data Protection (RS 235.1) (hereinafter the “FADP”), as to the manner in which your personal data may be collected and processed in the context of (i) reserving your stay (whether via the Platform or not), (ii) managing your stay in one of our hotels in Switzerland, (iii) managing the loyalty programmes, and (iv) evaluating and improving our services.
The precise purposes are listed and specified in detail in Article 6 of this policy.
4. When your personal data are collected, you will be informed if certain data items are required or if they are optional. The possible consequences of failing to provide information is indicated at the time the data is collected, on the associated forms.
5. The protection of your personal data is a priority for B&B HOTELS, and that is why it undertakes to process them in the strictest compliance with the Regulation and applicable domestic laws.
1. Definitions
6. App: means the B&B HOTELS mobile App, available in IOS and Android versions.
7. Platform: means the central online reservation system operated by the B&B HOTELS Group on the Site and via the App.
8. Controller: means the companies B&B HOTELS, B&B TAKEOVER, B&B DREAMLAND HOTEL and TANDEM acting in their capacity as data processing controllers.
9. Services: means the services offered by B&B HOTELS via the Platform. The Services are specified in detail in the general terms of use (“ToU”) accessible here.
10. Site: means the website accessible at the URL address: https://www.hotel-bb.com/
11. User: means any person who accesses or browses the Site and the App, whether a customer, operator or mere web user, with or without an account.
2. Identity of the controllers
1. The controller, within the meaning of the GDPR, is the person who determines the purposes and means of the processing of personal data. If more than one person jointly determine the purposes and means of processing, they are joint controllers for the processing (or co-controllers). For some purposes, the Swiss operating company of the B&B HOTELS group, cited below, will be the controller for a single act of processing. For others, the Swiss operating company of the B&B HOTELS group is a joint controller, acting jointly with other companies.
Single controller
- B&B HOTELS SWITZERLAND GMBH, a Swiss limited liability company, having its registered offices at rue Bovy-Lysberg 2 - c/o CMS von Erlach Poncet SA, Geneva Branch, 1204 Geneva (Switzerland), registered in the Trade Register of Geneva under the number CHE-422.607.448.
hereinafter referred to as “B&B HOTELS”, is the sole controller for the following purposes:
(1) Processing reservations not made via the Platform;
(2) Managing accommodation contracts;
(3) The exercise of the rights of data subjects under the GDPR;
(4) Managing insurance-related events;
(5) Managing individual police forms and entry bans ; and
(6) Putting a CCTV/videoprotection system in place.
Joint controllers
B&B SERVICES WESTERN EUROPE, a société par actions simplifiée (simplified form limited company) of the B&B HOTELS Group, having its registered offices at 271 rue du Général Paulet, 29200, Brest, France, registered in the Trade and Companies Register of Brest under the number 904 630 902, intervenes alongside the company cited above as joint controller for the following purposes:
(1) Managing the wifi;
(2) Managing customer complaints and claims;
(3) Managing the collection of unpaid sums outstanding.
B&B HOTELS operates the Platform which constitutes the central reservation system, common to the hotels.
Other companies in the B&B Hôtels group intervene as joint controllers for the following purposes:
(1) Managing the Platform and processing reservations made through it;
(2) Managing direct marketing;
(3) Managing the centralisation of reservations;
(4) Managing the loyalty programmes.
The companies in the list accessible by clicking here intervene as joint controllers for (i) managing the Platform and the processing of reservations made through it, (ii) managing direct marketing and (iii) managing the centralisation of reservations.
The companies in the list accessible by clicking here intervene as joint controllers for managing the paying B&B HOTELS loyalty programme.
The companies in the list accessible by clicking here intervene as joint controllers for managing the free B&B HOTELS loyalty programme.
B&B HOTELS has entered into co-responsibility agreements with its joint controllers, determining their respective obligations, the broad outlines of which are available on request made to B&B HOTELS at the following address: privacy.switzerland@hotelbb.com.
Information concerning the processing undertaken in this framework is provided in detail below.
3. Fair and transparent collection of your data
2. Out of concern for fairness and transparency, B&B HOTELS takes care to inform data subjects about the processing that it carries out by providing information at the time the personal data is collected.
3. These data are collected fairly. No collection is made without the knowledge of data subjects and without them being informed.
4. Legitimate and proportionate use of your data
4. When B&B HOTELS is induced to process personal data, it does so for specific purposes: each act of data processing is therefore for a legitimate, determined and explicit purpose, as specified in Article 6 of this policy.
5. For each act of processing carried out, B&B HOTELS undertakes to collect and exploit only data that are adequate, relevant and limited to what is necessary for the purposes for which they are processed. B&B HOTELS ensures that the data are updated and that processes are implemented to allow for the erasure or rectification of inaccurate data.
5. The processed data
6. In the framework of personal data processing for the purposes presented to you below in Article 6, B&B HOTELS collects and processes the following categories of data:
• Data concerning your identity and private life: title, surname, forename, telephone number, e-mail address, date and place of birth, sex, age, city, country, nationality, spoken language, postal address, post code, user name or pseudonym, video images from the videoprotection systems, photograph and signature (for releases that you have signed authorising the use of your likeness);
• Data concerning your professional life: company, work e-mail address, work telephone number, work postal address, job title, status in the company, partner code,
• Data concerning browsing: logs and connection data (connection URL, date and time), data identifying computer hardware, language settings, geographical location data via your IP address when you connect to the Platform to adapt your browsing and use our Services), data concerning your use of the Platform and the Services, including the IP address, data communicated to our teams when calling upon them (preferred language, etc.), data collected via cookies and other trackers.
• Data concerning your reservation and your customer account: customer identifier, loyalty number, contract number (for BtoB partner contracts), hotel in question, dates of stay, room number, room access code, data concerning other occupants of the reserved rooms such as names and ages, features of the stay with any options (car parking, animal, preferred floor, etc.), reason for the stay (leisure, professional), if a request for invoicing at a different address: name of the company, address, VAT number, disability in the event of choosing the option of an adapted room, data concerning the grant and use of invitations and other vouchers;
• Data concerning transactions: transaction number, data concerning means of payment, bank concerned, details of the purchase, subscription, or service subscribed, date of the cheque, invoices, data concerning the payment of invoices such as method of payment, rebates granted, receipts, outstanding balances and unpaid amounts. The bank card number, expiry date and security code are processed exclusively by our service provider, Adyen, who only provides us with a token to proceed with warranties and reservation payments;
• Data concerning the history of reservations in B&B HOTELS hotels.
• Data concerning the management of social media and customer reviews: public data published on partner platforms (Facebook, Instagram, LinkedIn), interactions with a post or a page (reactions, shares), content of messages and comments made by web users, content of reviews,
• Data concerning the management of complaints and insurance-related events: complaint form, details of the complaint or harmful event (circumstances, date, place), exchanged with our departments, any substantiating documents and bank details to obtain a refund or compensation.
6. Purposes, legal bases and periods of storage of processing and data
7. Each act of processing carried out by B&B HOTELS corresponds to an explicit, legitimate and determined purpose, which is based on the performance of a contract, compliance with a statutory or regulatory obligation, your consent or legitimate interest. In addition, we store your personal data only for the time required for the stated purposes.
8. The purposes for which your data is processed, their legal basis and their period of storage are specified below:
| PURPOSE | LEGAL BASIS | PERIOD OF STORAGE |
|---|---|---|
Managing reservations made on the Platform, with the Reservations Call Centre or directly with the hotels, and managing your stay (including for stays reserved on third party partner sites (such as Booking.com, Expedia etc.)) and following up on commercial relations with customers in the context of their reservation This processing includes managing requests for information about the hotels (via the contact form available on the Site), managing online check-in
| Performance of the contract entered into between customers and B&B HOTELS and the legitimate interest of B&B HOTELS in providing a commercial follow-up with respect to our customers. Your consent for the management of requests for information and the processing of data for the personalisation of services during your stay (request for a room adapted for disabled persons).
| In an active database: The data used in the context of managing relations with the customer are stored throughout the entire period required for performance of the contract. The data concerning payments by bank card are stored until the effective payment of all sums due under the contract from reservation until the first day of the stay (in order to cover a possible "no show") or under the accommodation contract (including consumption, smoking damage charges). In intermediate archives: For litigious or pre-litigious purposes, until the expiry of the statute of limitations period of ten years and for the duration of proceeding until all ordinary and extraordinary means of appeal have been exhausted Data concerning payments by debit/credit card are kept for the sole purpose of management and the disputing of a transaction for a period of 13 months following the debit date, with this period being extended to 15 months for payment cards with deferred debit. |
Managing customer complaints In particular:
| Performance of the contract entered into between customers and B&B HOTELS as well as the legitimate interest of B&B HOTELS in defending its rights concerning the management of litigation.
| In an active database: The data used in the context of managing customer relations are kept throughout the period required for processing the complaint. In intermediate archives: For litigious or pre-litigious purposes, until the expiry of the statute of limitations period of ten years and for the duration of proceedings until all ordinary and extraordinary means of appeal have been exhausted |
| The supply and management of WIFI in the hotels, including the storage of connection data for the purposes of criminal proceedings, the prevention of threats to public safety and national security | Your consent to use the WIFI provided in the hotel to allow you to connect to the internet Compliance with a legal obligation | In an active database: For the purposes of systems administration, supply of the WIFI service and to remedy any dysfunction of the used information systems: for a period of one year following the date the data are recorded. To optimise the use of the WIFI service and to maintain the User’s connection from one use to the next without having to log back in, the terminal identification number: for a period of 24 hours. |
| Improving the services of B&B HOTELS, in particular, • carrying out customer satisfaction surveys • managing reviews of the provided services • managing requests for assistance at the terminal located next to our reception desks | Legitimate interest of B&B HOTELS
| Period required to carry out and process the customer satisfaction survey or customer review and two years following publication of the review. Recordings of conversations held via the assistance terminal shall be kept for a period of one month following their recording for the purposes of improving the quality of this service. |
| Producing commercial statistics | Legitimate interest of B&B HOTELS | Period required to attain the purpose sought by the statistics or until exercise of the right to object |
| Keeping customer accounts and storing accounting documents (accounting and tax obligations) including the management of debt collection for unpaid amounts outstanding | Compliance with legal obligation and the legitimate interest of B&B HOTELS | In an active database: The data required for the management and debt collection of unpaid amounts outstanding shall be kept until the amounts are collected and shall be erased at the latest 48 hours after the time were the unpaid amount was effectively paid off. In intermediate archives: For the legal duration of storage i.e. ten years following the close of the reference accounting year. |
Carrying out direct marketing. In particular: | Your consent: for carrying out operations via electronic means: e-mails, SMS (LCD Article 3(1)(o) Unfair Competition Act) Legitimate interest of B&B HOTELS to be able to propose its offers to its customers concerning analogous goods or services | Until consent is withdrawn or 3 years following the last contact of the persons with B&B HOTELS or following the last reservation.
|
Managing communication In particular: • invitations to events; | Your consent
| In an active database: For external communication: throughout the duration of commercial relations with B&B Hôtels or until unsubscribed. Throughout the duration of prize draws and competitions. In intermediate archives: For litigious or pre-litigious purposes, the data shall be stored until the expiry of the statute of limitations period of ten years and for the duration of proceedings until all ordinary and extraordinary means of appeal have been exhausted. |
| Managing the loyalty programmes (managing membership of the free programme and subscription to the paying loyalty programme) | Performance of the loyalty contract (FADP Article 31(2)(b)) | In an active database: For the entire duration of the contractual relationship In intermediate archives: For litigious or pre-litigious purposes, until the expiry of the statute of limitations period of ten years and for the duration of proceedings until all ordinary and extraordinary means of appeal have been exhausted |
Managing requests to exercise a right by data subjects concerned by the processing of personal data
| Compliance with legal obligation (FADP Article 31(1) and GDPR Articles 15 et seq.)
| In an active database: For the entire duration required to process the request. In intermediate archives: Claims shall be archived for a period of 5 years (6 years in the event of exercise of the right to object) after the processing of the request for evidentiary purposes. |
The proper working, improvement and securing of our Platform and its functionalities, including Site audience measurement, support, maintenance and adaptation of your browsing
| The legitimate interest of B&B HOTELS to provide for the working and security of the Site and Platform. Consent of the user given on the deposit of non-necessary cookies. | Lifetime of trackers limited to 6 months Period of storage of data collected via trackers: 25 months as a maximum Period of storage of browsing data via your IP address, when you connect to the Platform: throughout the duration of connection to the Platform and for a maximum of three (3) months |
Recording of images via the videoprotection system
| The legitimate interest of B&B HOTELS to provide for the safety of property and persons
| If no incident is observed, the images will be kept only for a few days and in any event for a period which will never be longer than 1 month. In the event of incident relating to the safety and security of persons and property, CCTV images may nevertheless be extracted from the system. They shall then be kept on separate storage media for the time needed to settle proceedings pertaining to the incident and shall be accessible only to persons authorised in this context. |
Producing and conserving individual police forms, responses to requisitions from the Police services, requests for information by the Customs authorities and management of entry bans
| Compliance with a legal obligation (Art. 16 of the Foreign Nationals and Integration Act (FNIA) and depending on the relevant Cantonal provisions of the Canton in which the hotel is located)
| The police forms completed by any foreign citizen staying in one of our Hotels shall be kept for 6 months following completion of the individual police form. For the duration of the entry ban and for contentious or pre-litigation purposes, until the expiry of the ten-year statutory limitation period and for the duration of the proceedings until all ordinary and extraordinary remedies have been exhausted. |
Managing criminal proceedings (where B&B HOTELS is a victim) In particular: | The legitimate interest of B&B HOTELS to provide for its defence in pre-litigious and litigious cases
| In an active database: The data used in the context of managing criminal litigation shall be kept for the entire duration required to process the litigation. In intermediate archives: For litigious or pre-litigious purposes, until the expiry of the statute of limitations period of ten years and for the duration of proceedings until all ordinary and extraordinary means of appeal have been exhausted.
|
Managing third party claims for compensation connected with a harmful event In particular:
| The legitimate interest of B&B HOTELS to provide for its defence in pre-litigious and litigious cases
| In an active database: The data used in the context of managing criminal litigation shall be kept for the entire duration required to process the litigation. In intermediate archives: For litigious or pre-litigious purposes, until the expiry of the statute of limitations period of ten years and for the duration of proceedings until all ordinary and extraordinary means of appeal have been exhausted. |
7. Recipients of the data
9. Within the limit of their respective remits and for the purposes recalled in Article 6, the main persons who may have access to your data are as follows:
• the authorised personnel of our hotel reservation, marketing, sales, administrative, logistics and I.T. departments, responsible for improving our services, customer relations and direct marketing and quality control; the representatives and employees of the hotels in the B&B HOTELS network where you will stay, including franchisee companies and hotel management companies;
• the authorised personnel of our subcontractors and service providers such as, inter alia, accommodation suppliers and cloud storage, suppliers of payment services, suppliers of mailing services, suppliers of IT maintenance services, suppliers of marketing studies;
• the authorised personnel of the joint controllers;
• where relevant, the competent authorities on request and in particular public bodies, the relevant courts, as well as mediators, chartered accountants, statutory auditors, lawyers, bailiffs, law officials, police officers, organisations responsible for collecting debts, exclusively in order to comply with legal obligations, as well as for cases of seeking the perpetrators of offences committed over the internet;
• third parties who may place cookies on your terminals where you have consented to this. For more details, consult our Cookie management policy.
8. Transfer of data outside Switzerland and the European Union
10. B&B HOTELS is a company belonging to the B&B HOTELS group, which provides its Services in numerous countries.
11. In this respect, and in the framework of the purposes described in Article 6 of this policy, we may transfer your data to recipients within and without the group, located outside Switzerland and the European Union, the list of which is accessible by clicking here.
12. In the absence of an adequacy decision, B&B HOTELS shall not make transfers outside Switzerland and the European Union unless appropriate safeguards are obtained, in this case standard contractual clauses defined by the European Commission, and in strict compliance with regulations in force.
13. You may obtain access to all of the safeguards and documents concerning transfers of your personal data outside Switzerland and the European Union by contacting us at the following e-mail address: privacy.switzerland@hotelbb.com
9. The security of personal data
14. B&B HOTELS attaches particular importance to the security of personal data. It puts appropriate technical and organisational measures according to the level of sensitivity of the personal data, in order to ensure the integrity and confidentiality of the data and to protect them against malicious intrusion, or any loss, alteration or unauthorised disclosure to third parties.
15. Nevertheless, the security and confidentiality of the data depend on each person applying good practices, and the data subject is advised to remain attentive to the matter.
10. Subcontracting
16. If B&B HOTELS uses a subcontractor, it will only transmit personal data after having received a commitment and safeguards from it concerning its ability to meet these requirements of security and confidentiality.
17. B&B HOTELS enters into contract with its subcontractors, in compliance with its statutory and regulatory obligations, which precisely define the terms and conditions for processing data by these subcontractors, in compliance with data protection regulations.
11. Cookies
18. If you use our Site or partner websites or reservation tools provided by B&B HOTELS for your reservation, cookies may be used which may also involve the processing of personal data.
19. In this respect, we refer you to our Cookie Management Policy.
12. Social media
20. When you browse our Site or our App, you may click on the icons dedicated to the Twitter, Facebook, Instagram, TikTok and YouTube social media.
21. Social media make it possible to improve the conviviality of the Site and our App, and assist with their promotion via shares.
22. When you use these buttons, you may access the personal information that you have indicated as being public and accessible from your Twitter, Facebook Instagram, TikTok and YouTube profiles. However, we do not create or use any database independent of Twitter, Facebook Instagram, TikTok and YouTube and do not exploit any data pertaining to your private life via this method. B&B HOTELS is not the controller of processing for these various social media, and privacy policies that are independent of B&B HOTELS will apply to these services.
23. In order to limit third party access to your personal information on Facebook, Twitter, Instagram, TikTok or YouTube, you should configure the settings of your profiles and/or the nature of your publications via the dedicated spaces on the various social media in order to limit their audience.
13. Exercise of the rights of data subjects
24. B&B HOTELS is particularly attentive to respect for the rights that you are granted in the context of its data processing, to ensure that you benefit from fair and transparent processing considering the particular circumstances and the context in which your personal data are processed.
13.1 Right of access
25. In this respect, you have the right to obtain confirmation that your data are or are not processed and, if they are, you have the right to request a copy of your data and various other information concerning the processing of your personal data, and in particular:
• the purposes of the processing;
• the categories of data concerned;
• the recipients or categories of recipients and, where relevant if such communication is to be carried out, the international organisations to which the data have been or will be communicated, in particular the recipients who are located in third countries;
• where this is possible, the planned duration of storage of the personal data or, if this is not possible, the criteria used to determine this duration;
• the existence of the right to ask the controller to proceed with the rectification or erasure of your personal data, the right to require a restriction on the processing of your data, the right to object to such processing;
• the right to lodge a complaint with a supervisory authority;
• information concerning the source of the data if they are not directly collected from data subjects;
• the existence of automated decision-making, including profiling, and in this last case, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subjects.
13.2 Right to the rectification of your data
26. You may request of B&B HOTELS that your data be, as relevant, rectified, completed if inaccurate or incomplete.
13.3 Right to the erasure of your data
27. You may request of B&B HOTELS the erasure of your personal data in the cases laid down by laws and regulations, and specifically where (a) data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, (b) you withdraw the consent on which the processing is based, (c) you object to the processing, on grounds relating to your particular situation, to processing which is based on Article 6.1 (e) (necessary for the performance of a task carried out in the public interest) or 6.1 (f) (legitimate interests), including profiling based on those provisions, and there are no compelling legitimate grounds for the processing, or you object to processing for marketing purposes.
28. Your attention is drawn to the fact that the right to erasure of the data is not a general right and your request may only be upheld in the presence of one of the grounds set out in applicable regulations.
13.4 Right to the restriction of data processing
29. You may request the restriction of processing of your data in the cases laid down by laws and regulations, specifically where (a) you dispute the accuracy of the data, for a period enabling the Controller to verify the accuracy of the personal data, (b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead, (c) the Controller no longer needs the personal data for the purposes of the processing, but you still require them for the establishment, exercise or defence of legal claims, (d) you have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override yours.
13.5 Right to object to data processing
30. You have the right at any time to object, on grounds relating to your particular situation, to processing of your personal data which is based on Article 6.1 (e) (necessary for the performance of a task carried out in the public interest) or 6.1 (f) (legitimate interests), including profiling based on those provisions, if there are no compelling legitimate grounds for the processing, or you object to processing for marketing purposes.
31. In the event that this right to object is exercised, B&B HOTELS will ensure that it no longer processes your personal data in the context of the processing in question unless B&B HOTELS can show that it has compelling legitimate grounds to continue with the processing. These grounds must override your interests, rights and freedoms, or the processing must be justified for the establishment, exercise or defence of legal claims.
13.6 Right to the portability of your data
32. You have the right to portability of your personal data. This is not a general right. Indeed, not all data from all processing are portable and this right only concerns automated processing, to the exclusion of manual or paper-based processing.
33. This right is limited to processing on the legal basis of your consent or the performance of steps prior to entering into a contract or the performance of a contract.
34. This right includes neither derivative data nor inferred data, which are personal data created by B&B HOTELS.
13.7 Right to withdraw your consent
35. Where the data processing implemented by B&B HOTELS is based on your consent, you may withdraw consent at any time. B&B HOTELS will then stop processing your personal data, without this undermining any prior operations to which you had given your consent.
13.8 Right not to be the subject of a data based exclusively on automated processing
No decision-making of this type is currently applied by B&B Hôtels.
13.9 Right to lodge a complaint
36. You have the right to lodge a complaint with the supervisory authority (by post: Federal Data Protection and Information Commissioner, Feldeggweg 1, CH - 3003 Bern) without prejudice to any other administrative or judicial remedy.
37. You may lodge a complaint using this dedicated form: https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt.html
13.10 Right to define instructions in the event of your death
38. You have the possibility of setting out instructions concerning the conservation, erasure and communication of your personal data after your death and to designate a person to execute these instructions. That person will then be authorised to examine the instructions and demand their implementation by the controller.
39. You may inform us of your instructions for the fate of your personal data processed by B&B HOTELS using the methods set out below. You may change or revoke these instructions at any time.
13.11 Methods for exercising your rights
40. All of the rights enumerated above may be exercised:
• by message to the following e-mail address: privacy.switzerland@hotelbb.com
• while providing proof of your identity by any means, and legitimate grounds if this is required by law.