Privacy Policy of Haus Breithorn Zermatt AG

1. What is this Privacy Policy about?

Haus Breithorn Zermatt AG (hereinafter also referred to as "we", "us") obtains and processes personal data relating to you or also other persons (so-called "third parties"). We use the term "data" here synonymously with "personal data" or "personal data".

Personal data" refers to data relating to specific or identifiable persons, i.e. conclusions about their identity are possible on the basis of the data itself or with corresponding additional data. "Personal data requiring special protection" is a category of personal data that is specially protected by the applicable data protection law. Personal data requiring special protection includes, for example, data revealing racial and ethnic origin, health data, information on religious or philosophical beliefs, biometric data for identification purposes and information on trade union membership. In para. 3 you will find details of the data we process under this Privacy Policy. "Processing" means any handling of personal data, e.g. obtaining, storing, using, adapting, disclosing and deleting.

In this Privacy Policy, we describe what we do with your information when you use (the "Website"), use our rental services or otherwise obtain services or products, or otherwise interact, communicate or deal with us under a contract. Where appropriate, we will provide you with timely written notice of additional processing activities not mentioned in this Privacy Policy.

If you transmit or disclose data about other persons such as family members, work colleagues, etc., we assume that you are authorised to do so and that this data is correct. By submitting data about third parties, you confirm this. Please also ensure that these third parties have been informed about this Privacy Policy.

This privacy statement is designed to meet the requirements of the EU General Data Protection Regulation ("GDPR"), the Swiss Data Protection Act ( "DSG" ). However, whether and to what extent these laws are applicable depends on the individual case.

2. Who is responsible for processing your data?

Haus Breithorn Zermatt AG, Zermatt is responsible for the data processing described in this Privacy Policy, unless otherwise stated in individual cases, e.g. in other Privacy Policies, on forms or in contracts. This Privacy Policy applies unless otherwise communicated.

For each data processing operation, there are one or more offices which are responsible for ensuring that the processing complies with the requirements of data protection law. This office is called the data controller. It is responsible, for example, for responding to requests for information (section 11). 11) or to ensure that personal data is secured and not used in an unauthorized manner.

Other bodies may also be jointly responsible for the data processing described in this Privacy Policy if they have a say in the purpose or design. All group companies are eligible. If you would like information on the individual persons responsible for a specific data processing, you are welcome to contact us within the framework of the right to information (para. 11) to request information. Haus Breithorn Zermatt AG remains your primary contact, even if other co-responsible parties exist.

In para. 3, in para. 7 and in para. 12 you will find further information on third parties with whom we cooperate and who are responsible for their processing. If you have any questions or wish to exercise your rights vis-à-vis these third parties, please contact them directly.

You can contact us for your data protection concerns and to exercise your rights in accordance with para. 11 you can reach us as follows:

Haus Breithorn Zermatt AG
c/o Miriam Julen
Weisbrod-Areal 6
CH-8915 Hausen am Albis

3. What data do we process?

We process different categories of data about you. The main categories are as follows:

Technical data: When you use our website or other electronic offerings (e.g. WLAN), we collect the IP address of your end device and other technical data to ensure the functionality and security of these offerings. This data also includes logs in which the use of our systems is recorded. We generally retain technical data for 6 months. In order to ensure the functionality of these offers, we can also assign an individual code to you or your end device (e.g. in the form of a cookie, cf. 12). The technical data in itself does not allow any conclusions to be drawn about your identity. However, in the context of user accounts, registrations, access controls or the processing of contracts, they can be linked to other data categories (and thus possibly to your person).

Technical data includes, among other things, the IP address and information about the operating system of your terminal device, the date, region and time of use and the type of browser you use to access our electronic offerings. This can help us to communicate the correct formatting of the website. Based on the IP address, we know which provider you use to access our offers (and therefore also the region), but we cannot usually deduce who you are from this. This changes when you create a user account, for example, because personal data can then be linked to technical data (e.g. we can see which browser you use to access an account via our website). Examples of technical data also include logs that occur in our systems (e.g. the log of user logins on our website).

Registration data: Certain offers and services (e.g. newsletter dispatch, WLAN access, etc.) can only be used with a user account or registration, which can take place directly with us or via our external login service providers. In doing so, you must provide us with certain data and we collect data about the use of the offer or service. We generally retain registration data for 12 months after the end of the use of the service or the termination of the user account.

Communication data: If you are in contact with us via the contact form, e-mail, telephone, letter or other means of communication, we collect the data exchanged between you and us, including your contact details and the marginal data of the communication. If we want or need to establish your identity, e.g. in the case of a request for information made by you, we collect data to identify you (e.g. a copy of an identity document). We usually keep this data for 12 months from the last exchange with you. This period may be longer where this is necessary for reasons of proof or to comply with legal or contractual requirements, or for technical reasons. E-mails in personal mailboxes and written correspondence are generally kept for at least 10 years.

Communication data is your name and contact details, the manner and place and time of communication and usually also its content (i.e. the content of emails, letters, chats, etc.). This data may also include details of third parties. For identification purposes, we may also process your ID number, or a password set by you or your press card. For secure identification, the following mandatory information must be provided for media enquiries: Publisher, name of publication, title, first name, surname, postal address, e-mail address and telephone number of the reporting person.

Master data: Master data is the basic data we need, in addition to contractual data (see below), to process our contractual and other business relationships or for marketing and promotional purposes, such as name, contact details and information about, for example, your role and function, your bank account(s), date of birth, customer history, powers of attorney, signature authorization and consent forms. We process your master data if you are a customer or other business contact or work for one (e.g. as a contact person of the business partner), or because we want to address you for our own purposes or the purposes of a contractual partner (e.g. as part of marketing and advertising, with invitations to events, with vouchers, with newsletters etc.). We receive master data from you yourself (e.g. when making a purchase or as part of a registration), from bodies for which you work or from third parties such as our contractual partners, associations and address dealers and from publicly accessible sources such as public registers or the Internet (websites, social media etc.). We may also process health data and information about third parties as part of master data. We may also collect master data from our shareholders and investors. We generally keep this data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons . For pure marketing and advertising contacts, the period is usually much shorter, usually no more than 2 years since the last contact.

Master Data includes, for example, data such as name, address, email address, telephone number and other contact details, gender, date of birth, nationality, details of associated persons, websites, social media profiles, photographs and videos, copies of identification documents; also details of your relationship with us (customer, supplier, visitor, service recipient etc.), details of your status with us, allocations, classifications and distributions, details of our interactions with you (if any, a history of these with relevant entries), reports (e.g. from the media), information about your relationship with us (e.g. from the media).), details of your status with us, allocations, classifications and distribution lists, details of our interactions with you (if applicable, a history of these with corresponding entries), reports (e.g. from the media) or official documents (e.g. excerpts from the commercial register, authorisations etc.) which concern you. As payment information, we collect e.g. your bank details, account number and credit card data. Consent or blocking notices are also part of the master data, as are details about third parties, e.g. contact persons, recipients of services, advertising recipients or representatives.

In the case of contact persons and representatives of our customers, suppliers and partners, we process as master data e.g. name and address, details of role, function in the company, qualifications and, where applicable, details of superiors, employees and subordinates and details of interactions with these persons.

Master data is not collected comprehensively for all contacts. Which data we collect in detail depends in particular on the purpose of the processing.

Contract data: This is data that arises in connection with the conclusion or processing of a contract, e.g. information about contracts and the services to be provided or provided, as well as data from the run-up to the conclusion of a contract, the information required or used for processing and information about reactions (e.g. complaints or information about satisfaction, etc.). This also includes health data and information about third parties. We generally collect this data from you, from contractual partners and from third parties involved in the processing of the contract, but also from third party sources (e.g. providers of creditworthiness data) and from publicly accessible sources. We generally keep this data for 10 years from the last contractual activity, but at least from the end of the contract. This period may be longer if this is necessary for reasons of evidence or to comply with legal or contractual requirements or for technical reasons.

Contract data includes information about the conclusion of the contract, about your contracts, e.g. type and date of conclusion of the contract, information from the application process (such as an application for our products or services) and information about the contract in question (e.g. its duration) and the processing and administration of the contracts (e.g. information in connection with invoicing, customer service, assistance with technical matters and the enforcement of contractual claims). Contract data also includes information about defects, complaints and adjustments to a contract, as well as information about customer satisfaction that we may collect, for example, through surveys. Contractual data also includes financial data such as information about creditworthiness (i.e. information that allows conclusions to be drawn about the likelihood that debts will be paid), about reminders and about debt collection. We receive this data partly from you (e.g. when you make payments), but also from credit agencies and debt collection companies and from publicly accessible sources (e.g. a commercial register).

Behavioural and preference data: Depending on our relationship with you, we try to get to know you and better tailor our products, services and offers to you. To do this, we collect and use data about your behaviour and preferences. We do this by evaluating information about your behaviour in our area, and we may also supplement this information with information from third parties, including publicly available sources. Based on this, we can calculate, for example, the probability that you will use certain services or behave in a certain way. Some of the data processed for this purpose is already known to us (e.g. when you use our services), or we obtain this data by recording your behaviour (e.g. how you navigate on our website). We anonymise or delete this data when it is no longer meaningful for the purposes pursued, which may be between 2-3 weeks and 24 months (for product and service preferences) depending on the nature of the data. This period may be longer where necessary for evidential purposes or to comply with legal or contractual requirements, or for technical reasons. We describe how tracking works on our website in para. 12.

Other data: We also collect data from you in other situations. In connection with official or judicial proceedings, for example, data is collected (such as files, evidence, etc.) which may also relate to you. We may also collect data for health protection reasons (e.g. in the context of protection concepts). We may obtain or make photographs, videos and sound recordings in which you may be identifiable (e.g. at events, through security cameras etc.). We may also collect data on who enters certain buildings and when, or has corresponding access rights (incl. in the case of access controls, based on registration data or visitor lists etc.), who participates in events or campaigns and when, or who uses our infrastructure and systems and when. Finally, we collect and process data about our shareholders and other investors; in addition to master data, this includes information for the relevant registers, regarding the exercise of their rights and the holding of events (e.g. general meetings). The retention period for this data depends on the purpose and is limited to what is necessary. This ranges from a few days for many of the security cameras and usually a few weeks for contact tracing data, to visitor data that is usually kept for [3] months, to reports on events with pictures that can be kept for a few years or longer. Data about you as a shareholder or other investor is kept in accordance with company law, but in any case for as long as you are invested .

Many of the measures described in this para. 3 you disclose to us yourself (e.g. via forms, in the course of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, subject to individual cases, e.g. within the framework of binding protection concepts (legal obligations ). If you wish to conclude contracts with us or claim services, you must also provide us with data, in particular master data, contract data and registration data, as part of your contractual obligation under the relevant contract. When using our website, the processing of technical data is unavoidable. If you wish to gain access to certain systems or buildings, you must provide us with registration data.

We only provide certain services to you if you provide us with registration data because we or our contractual partners want to know who is using our services or has accepted an invitation to an event, because it is technically necessary or because we want to communicate with you. If you or a person you represent (e.g. your employer) want to conclude or fulfil a contract with us, we must collect corresponding master, contract and communication data from you, and we process technical data if you want to use our website or other electronic offers for this purpose. If you do not provide us with the data required for the conclusion and performance of the contract, you must expect that we will refuse to conclude the contract, that you will commit a breach of contract or that we will not perform the contract. Similarly, we can only send you a response to an enquiry from you if we process the relevant communication data and, if you communicate with us online, technical data where applicable. It is also not possible to use our website without us receiving technical data.

Insofar as this is not inadmissible, we also take data from publicly accessible sources (e.g. debt enforcement registers, land registers, commercial registers, the media or the Internet incl. social media) or receive data from authorities and other third parties.

4. For what purposes do we process your data?

We process your data for the purposes we explain below. Further information for the online area can be found in para. 12 and 13. These purposes or the underlying objectives represent legitimate interests of us and, if applicable, of third parties. You will find further information on the legal basis for our processing in section 5. 5.

We process your data for purposes related to communication with you, in particular to respond to enquiries and to assert your rights (para. 11) and to contact you in the event of queries. For this purpose, we use in particular communication data and master data and, in connection with offers and services used by you, also registration data. We retain this data to document our communication with you, for training purposes, for quality assurance and for follow-up enquiries.

This is for all purposes in relation to which you and we communicate, whether in customer service or consultation, authentication in the event of use of the website or for training and quality assurance (e.g. in the area of customer service). We further process communication data so that we can communicate with you by email and telephone, as well as messenger services, chat, social media and letter. Communication with you is usually in connection with other processing purposes, e.g. so that we can provide services or respond to a request for information. Our data processing also serves to provide evidence of the communication and its content.

We process data for the purpose of establishing, managing and processing contractual relationships.

We process data for marketing purposes and to maintain relationships, e.g. to send our customers and other contractual partners personalised advertising on products and services from us and from third parties (e.g. from advertising contractual partners). This may take the form of e.g. newsletters and other regular contacts (electronically, by post, by telephone), via other channels for which we have contact information from you, but also as part of individual marketing campaigns (e.g. events, competitions etc.) and may also include free benefits (e.g. invitations, vouchers etc.). You can refuse such contacts at any time (see at the end of this section). 4) or refuse or revoke your consent to be contacted for advertising purposes. With your consent, we can target our online advertising on the internet more specifically to you (see section 12). 12). Finally, we also want to enable our contractual partners to contact our customers and other contractual partners for advertising purposes (see section 7). 7) .

For example, with your consent, we send you information, advertising and product offers from us and from third parties within and outside the group (e.g. advertising contract partners), as printed matter, electronically or by telephone. For this purpose, we mainly process communication and registration data. Like most companies, we personalise communications so that we can provide you with individualized information and offers

that meet your needs and interests. To do this, we combine data we process about you with preference data and use this data as the basis for personalisation (see section 3). We also process data in connection with competitions, prize draws and similar events.

Relationship management also includes addressing existing customers and their contacts - possibly personalised on the basis of behavioural and preference data. In the context of relationship management, we may also operate a customer relationship management system ("CRM") in which we store the data on customers, suppliers and other business partners necessary for the relationship management, e.g. on contact persons, on the relationship history (e.g. on products and services purchased or supplied, interactions, etc.), interests, wishes, marketing measures (newsletters, invitations to events, etc.) and other information.

All of these edits are important for us not only to promote our offers as effectively as possible, but also to make our relationships with clients and other third parties more personal and positive, to focus on the most important relationships and to use our resources as efficiently as possible.

We further process your data for market research, to improve our services and operations and for product development.

We strive to continuously improve our products and services (including our website) and to be able to react quickly to changing needs. We therefore analyse, for example, how you navigate through our website or which products are used by which groups of people in which way and how new products and services can be designed (for further details, see section 12). 12). This gives us information about the market acceptance of existing products and services and the market potential of new products and services. To this end, we process in particular master data, behavioural data and preference data, but also communication data and information from customer surveys, polls and studies and other information, e.g. from the media, from social media, from the Internet and from other public sources. Where possible, we use pseudonymised or anonymised information for these purposes. We may also use media monitoring services or conduct media monitoring ourselves and process personal data in the process in order to conduct media work or to understand and respond to current developments and trends.

We may also process your data for security and access control purposes.
We process personal data to comply with laws, directives and recommendations from

authorities and internal regulations ("Compliance").
We also process data for the purposes of our risk management and as part of prudent

corporate governance, including operational organisation and corporate development .

We may process your data for other purposes, e.g. as part of our internal processes and administration.

5. On what basis do we process your data?

Insofar as we ask for your consent for certain processing (e.g. for the processing of particularly sensitive personal data, for marketing mailings, for the creation of personalised movement profiles and for advertising control and behavioural analysis on the website), we will inform you separately about the corresponding purposes of the processing. You can withdraw your consent at any time with future effect by written notification (by post) or, where not otherwise stated or agreed, by e-mail to us; you will find our contact details in para. 2. For the revocation of your consent for online tracking, see para. 12. Where you have a user account, revocation or contacting us may also be possible via the relevant website or other service. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purposes to which you originally consented unless we have another legal basis for doing so. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Where we do not ask for your consent to process your personal data, we base the processing of your personal data on the fact that the processing is necessary for the initiation or performance of a contract with you (or the entity you represent) or that we or third parties have a legitimate interest in doing so, in particular in order to fulfil the obligations set out in section 4 above. 4 and related objectives described above and to be able to take appropriate action. Our legitimate interests also include compliance with legal regulations, insofar as this is not already recognised as a legal basis by the respective applicable data protection law (e.g. in the case of the GDPR, the law in the EEA and in Switzerland). However, this also includes the marketing of our products and services, the interest in better understanding our markets and in managing and further developing our company, including operations, safely and efficiently.

If we receive sensitive data (e.g. health data, information on political, religious or ideological views or biometric data for identification purposes), we may also process your data on the basis of other legal grounds, e.g. in the event of disputes due to the necessity of the processing for a possible lawsuit or the enforcement or defence of legal claims. In individual cases, other legal grounds may come into play, which we will communicate to you separately where necessary.

6. What applies to profiling and automated individual decisions?

We or our partners may use certain of your personal attributes for the purposes set out in clause 4. 4 using your data for the purposes set out in section 4. 3) ("profiling"), if we want to determine preference data , but also to determine abuse and security risks, to carry out statistical evaluations or for operational planning purposes. For the same purposes, we can also create profiles, i.e. we can combine behavioural and preference data, but also master and contract data and technical data assigned to you, in order to better understand you as a person with your different interests and other characteristics.

In both cases, we pay attention to the proportionality and reliability of the results and take measures against misuse of these profiles or profiling. If these can have legal effects or significant disadvantages for you, we generally provide for a manual review.

7. Who do we disclose your data to?

In connection with our contracts, the website, our services and products, our legal obligations or otherwise in order to protect our legitimate interests and the other interests set out in section 4. 4 we also transfer your personal data to third parties, in particular to the following categories of recipients:

Service providers: We work with service providers in Germany and abroad who process data about you on our behalf or in joint responsibility with us or receive data about you from us in their own responsibility (e.g. IT providers, marketing companies, advertising service providers, cleaning companies, banks, insurance companies, debt collection companies. This may also include health data. For information on the service providers used for the website, see para. 12. Central service providers in the marketing area are

Bonfire AG and Zermatt Tourism: Your booking data (e.g. title, first name, surname, date of birth, nationality, language, e-mail address, mobile telephone number, postal address, number of persons, date of arrival, date of departure, overnight stays and any exemption from visitor's tax) are forwarded to Bonfire AG and Zermatt Tourism (either by us or via our electronic booking system). Your booking data is recorded in a central database by Bonfire AG and/or Zermatt Tourism. Your booking data is processed exclusively in Switzerland and the EU. Based on your data, Zermatt Tourism carries out the billing of the visitor's tax owed and the corresponding collection from the service partners. Zermatt Tourism also reports to the Federal Statistical Office. Bonfire AG and Zermatt Tourism grant the police access to the database with booking data so that the police can, for example, call up the relevant booking data in the case of missing persons. Zermatt Tourism also uses the booking data to collect statistics (in particular regarding occupancy, length of stay, number of arrivals, etc.). The legal basis for this data processing lies in the fulfilment of a legal obligation within the meaning of Art. 6 para. 1 lit. c DSGVO (billing and collection of visitor's tax / reporting to the Federal Statistical Office) or in the protection of a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO (granting access to the police / collection of statistics). Further information on the processing of your data by Zermatt Tourism or Bonfire AG can be found in the Zermatt Tourism Privacy Policy:

  • Seekda Hospitality Solutions GmbH, Neubaugasse 10/15, 1070 Vienna Austria. The data protection guidelines of this service provider can be found on the following website: .
  • Valais/Wallis Promotion, Avenue de Tourbillon 11, Case Postale 607, CH-1951 Sion whose Privacy Policy can be found on the following page :

In order to provide our products and services efficiently and to be able to concentrate on our core competences, we procure services from third parties in numerous areas. These services concern, for example, IT services, the dispatch of information, marketing, sales, communication or printing services, facility management,- security and cleaning, the organisation and holding of events and receptions, debt collection, credit agencies, address checkers (e.g. for updating address lists in the event of relocations), anti-fraud measures and services from consulting firms, lawyers, banks, insurers and telecom companies. We disclose to these service providers in each case the data required for their services, which may also concern you. These service providers may also use such data for their own purposes, e.g. information on outstanding debts and your payment history in the case of credit agencies or anonymised data to improve services. In addition, we enter into contracts with these service providers that include provisions for the protection of data where such protection does not arise from the law. Our service providers may also process data on how their services are used and other data that arise in the course of using their services as independent data controllers for their own legitimate interests (e.g. for statistical evaluations or billing). Service providers inform about their independent data processing in their own data protection statements.

• ​​​​​​​Contractual partners including customers: First of all, this refers to our customers (especially our guests and tenants) and other contractual partners of ours, because this data transfer results from these contracts. For example, they receive registration data on issued and redeemed vouchers, invitations, etc. If you work for such a contractual partner yourself, we may also transfer data about you to them in this context. This may also include health data. The recipients also include contractual partners with whom we cooperate or who advertise on our behalf and to whom we therefore transfer data about you for analysis and marketing purposes (these may again be service recipients, but also e.g. sponsors and providers of online advertising). We require these partners to send you advertising or to play it out based on your data only if you have consented to this (for the online area, cf. para. 12). Our central cooperation partners are listed above; our online advertising contract partners are listed in para. 12 listed.

• ​​​​​​​Authorities: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. This may also include health data. The authorities process data about you that they receive from us on their own responsibility.

Cases of application are, for example, criminal investigations, police measures (e.g. health protection concepts, combating violence, etc.), regulatory requirements and investigations, court proceedings, reporting obligations and pre- and extra- judicial proceedings as well as legal obligations to provide information and to cooperate. Data may also be disclosed if we wish to obtain information from public bodies, e.g. to justify an interest in information or because we need to say about whom we require information (e.g. from a register).

Other persons: This refers to other cases where the inclusion of third parties arises from the purposes set out in para. 4 e.g. service recipients, media and associations.

All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).

We reserve the right to make these disclosures even if they concern secret data (unless we have expressly agreed with you that we will not disclose this data to certain third parties, unless we would be legally obliged to do so). Notwithstanding the above, your data will continue to be subject to adequate data protection even after disclosure in Switzerland and the rest of Europe. For disclosure in other countries, the provisions of para. 8. If you do not wish certain data to be disclosed, please let us know so that we can check whether and to what extent we can accommodate you (section 2). 2).

We also allow certain third parties to collect personal data from you on our website and at events organised by us (e.g. providers of tools that we have embedded on our website, etc.). Insofar as we are not decisively involved in these data collections, these third parties are solely responsible for them. If you have any concerns or wish to assert your data protection rights, please contact these third parties directly. Cf. para. 12 for the website.

8. Does your personal data also end up abroad?

As described in para. 7 we also disclose data to other bodies. These are not only located in Switzerland. Your data may therefore be processed in Europe as well as in the USA; in exceptional cases, however, in any country in the world.

If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection (for this purpose, we use the revised standard contractual clauses of the European Commission, which can be accessed here content/EN/TXT/?uri=CELEX:32021D0914 ), insofar as it is not already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption provision. An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the performance of a contract requires such disclosure, if you have consented or if it is a matter of data that you have made generally accessible and you have not objected to its processing.

Many countries outside of Switzerland or the EU and EEA do not currently have laws that guarantee an adequate level of data protection from the perspective of the DPA or the GDPR. The aforementioned contractual arrangements can partially compensate for this weaker or missing legal protection. However, contractual precautions cannot eliminate all

risks (namely of state access abroad). You should be aware of these residual risks, even if the risk may be low in individual cases and we take further measures (e.g. pseudonymisation or anonymisation) to minimise it.

Please also note that data exchanged via the internet is often routed via third countries. Your data can therefore end up abroad even if the sender and recipient are in the same country.

9. How long do we process your data?

We process your data for as long as our processing purposes, the statutory retention periods and our legitimate interests in processing for documentation and evidence purposes require or storage is technically necessary. Further information on the respective storage and processing periods can be found under the individual data categories in section 3. 3 or for the cookie categories in para. 12. If there are no legal or contractual obligations to the contrary, we will delete or anonymise your data after the storage or processing period has expired as part of our normal processes.

Documentation and evidence purposes include our interest in documenting processes, interactions and other facts in case of legal claims, discrepancies, IT and infrastructure security purposes and evidence of good corporate governance and compliance. Retention may be technically necessary if certain data cannot be separated from other data and we therefore need to retain it with them (e.g. in the case of backups or document management systems).

10. How do we protect your data?

We take reasonable security measures to maintain the confidentiality, integrity and availability of your personal data, to protect it against unauthorised or unlawful processing and to protect against the risks of loss, accidental alteration, unauthorised disclosure or access.

11. What rights do you have?

Applicable data protection law grants you the right to object to the processing of your data in certain circumstances, in particular for direct marketing, direct marketing profiling and other legitimate processing interests.

To help you control the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection law:

  • The right to request information from us as to whether and which of your data we are processing;
  • the right to have us correct data if it is inaccurate;
  • the right to request the deletion of data;
  • the right to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller;
  • the right to withdraw consent insofar as our processing is based on your consent;
  • the right to obtain, on request, further information necessary for the exercise of these rights.

If you wish to exercise any of the above rights against us, please contact us in writing or, unless otherwise stated or agreed, by email; you will find our contact details in section 2. 2. In order for us to be able to exclude misuse, we must identify you (e.g. with a copy of your identity card, if this is not otherwise possible).

Please note that conditions, exceptions or restrictions apply to these rights under applicable data protection law (e.g. to protect third parties or trade secrets). We will inform you accordingly if necessary.

In particular, we may need to process and store your personal data in order to fulfil a contract with you, to protect our own legitimate interests, such as the assertion, exercise or defence of legal claims, or to comply with legal obligations. To the extent legally permissible, in particular to protect the rights and freedoms of other data subjects and to safeguard interests worthy of protection, we may therefore also reject a data subject request in whole or in part (e.g. by blacking out certain content that concerns third parties or our trade secrets).

If you do not agree with our handling of your rights or data protection, please let us know (para. 2). In particular, if you are in the EEA, the UK or Switzerland, you also have the right to complain to the data protection supervisory authority in your country. A list of authorities in the EEA can be found here: edpb/members_en. You can reach the UK supervisory authority here: You can reach the Swiss supervisory authority here:

12. Do we use online tracking and online advertising techniques?

We use various techniques on our website which enable us and third parties engaged by us to recognise you when you use our website and, in some circumstances, to track you across multiple visits. We inform you about this in this section.

In essence, this is so that we can distinguish access by you (via your system) from access by other users, so that we can ensure the functionality of the website and carry out evaluations and personalisations. In doing so, we do not want to infer your identity, even if we can do so insofar as we or third parties engaged by us can identify you through a combination with registration data. Even without registration data, however, the technologies used are designed in such a way that you are recognised as an individual visitor each time you access the site, for example by our server (or the servers of the third parties) assigning you or your browser a specific identification number (so-called "cookie").

Cookies are individual codes (e.g. a serial number) that our server or a server of our service providers or advertising contract partners transmits to your system when you connect to our website and that your system (browser, mobile) accepts and stores until the programmed expiry time. With each subsequent access, your system transmits these codes to our server or the server of the third party. In this way, you are recognised even if your identity is unknown.

Other techniques may also be used to make you more or less likely to be recognised (i.e. distinguished from other users), e.g. "fingerprinting". Fingerprinting combines your IP address, the browser you use, the screen resolution, the language choice and other information that your system communicates to each server), resulting in a more or less unique fingerprint. In this way, cookies can be dispensed with.

Whenever you access a server (e.g. when using a website or an app or because an image is visibly or invisibly integrated in an email), your visits can therefore be "tracked" (traced). If we integrate offers from an advertising contractor or provider of an analysis tool on our website, they may track you in the same way, even if you cannot be identified in individual cases.

We use such techniques on our website and allow certain third parties to do so as well. However, depending on the purpose of these techniques, we may ask for your consent before they are used. You can program your browser to block or deceive certain cookies or alternative techniques, or to delete existing cookies. You can also enhance your browser with software that blocks tracking by certain third parties. You can find more information about this on the help pages of your browser (usually under the keyword "data protection") or on the websites of the third parties that we list below.

A distinction is made between the following cookies (techniques with comparable functions such as fingerprinting are included here):

Necessary cookies: Some cookies are necessary for the website to function as such or for certain functions. For example, they ensure that you can switch between pages without losing information entered in a form. They also ensure that you remain logged in. These cookies are only temporary ("session cookies"). If you block them, the website may not work. Other cookies are necessary so that the server can save decisions or entries made by you beyond one session (i.e. one visit to the website) if you use this function (e.g. language selected, consent given, the function for automatic login etc.). These cookies have an expiry date of up to 24 months.

Performance cookies: In order to optimise our website and corresponding offers and to better adapt them to the needs of users, we use cookies to record and analyse the use of our website, possibly even beyond the session. We do this through the use of third-party analytics services. We have listed these below. Performance cookies also have an expiry date of up to 24 months. Details can be found on the websites of the third-party providers.

Marketing cookies: We and our advertising partners have an interest in targeting advertising, i.e. displaying it only to those we want to target. We have listed our advertising partners below. For this purpose, we and our advertising partners also use cookies - if you consent - which can be used to record the content accessed or contracts concluded. This allows us and our advertising partners to display advertisements that we think you may be interested in on our website, but also on other websites that display advertisements from us or our advertising partners. These cookies have an expiry date of between a few days and 12 months depending on the situation. If you consent to the use of these cookies, you will be shown appropriate advertising. If you do not consent to these cookies, you will not see less advertising, but simply any other advertising.

In addition to marketing cookies, we use other techniques to control online advertising on other websites and thereby reduce wastage. For example, we may transmit the email addresses of our users, customers and other persons to whom we want to display advertising to the operators of advertising platforms (e.g. social media). If these persons are registered there with the same e-mail address (which the advertising platforms determine through a comparison), the operators show the advertising placed by us to these persons in a targeted manner. The operators do not receive personal e-mail addresses of persons who are not already known. In the case of known e-mail addresses, however, they learn that these persons are in contact with us and which content they have accessed.

We may also integrate further offers from third parties on our website, in particular from social media providers. These offers are deactivated by default. As soon as you activate them (e.g. by clicking a button), the corresponding providers can determine that you are on our website. If you have an account with the social media provider, they can assign this information to you and thus track your use of online offers. These social media providers process this data on their own responsibility.

We currently use offers from the following service providers and advertising contract partners (insofar as they use data from you or cookies set on your computer for advertising purposes):

Google Analytics and Google Ads: Google Ireland (based in Ireland) is the provider of the "Google Analytics" service and acts as our order processor. Google Ireland relies on Google LLC (based in the USA) as its order processor (both "Google"). Google uses performance cookies (see above) to track the behaviour of visitors to our website (duration, frequency of pages viewed, geographical origin of access, etc.) and compiles reports for us on the use of our website on this basis. We have configured the service in such a way that the IP addresses of visitors are shortened by Google in Europe before being forwarded to the USA and thus cannot be traced. We have switched off the "Data sharing" and "Signals" settings. Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google can draw conclusions about the identity of visitors from this data for its own purposes, create personal profiles and link this data to the Google accounts of these individuals. If you consent to the use of Google Analytics, you explicitly agree to such processing, which also includes the transfer of personal data (in particular usage data for the website and app, device information and individual IDs) to the USA and other countries. Information on the data protection of Google Analytics can be found here:

13. What data do we process on our social network pages?

We may operate pages and other online presences ("fan pages", "channels", "profiles", etc.) on social networks and other platforms operated by third parties and use the services described in section 3. 3 and hereinafter described data about you. We receive this data from you and the platforms when you come into contact with us via our online presence (e.g. when you communicate with us, comment on our content or visit our presence). At the same time, the platforms evaluate your use of our online presences and link this data with other data about you known to the platforms (e.g. on your behaviour and preferences). They also process this data for their own purposes under their own responsibility, in particular for marketing and market research purposes (e.g. to personalise advertising) and to control their platforms (e.g. which content they show you).

We process this data for the purposes described in para. 4 in particular for communication, for marketing purposes (including advertising on these platforms, cf. 12) and for market research. You will find information on the corresponding legal basis in section 5. 5. Content published by you (e.g. comments on an announcement) may be disseminated by us (e.g. in our advertising on the platform or elsewhere). We or the platform operators may also delete or restrict content from or about you in accordance with the usage guidelines (e.g. inappropriate comments).

For further information on the processing of the platform operators, please refer to the data protection notices of the platforms. There you will also find out in which countries they process your data, what rights of access, deletion and other data subjects you have and how you can exercise these or obtain further information. We currently use the following platforms:

  • Facebook and Instagram: We operate pages here. The responsible body for the operation of the platforms for users from Europe is Meta Platforms Ireland Ltd, Dublin, Ireland. Their data protection information can be found at Some of your data will be transferred to the USA. You can object to advertising here: With regard to the data collected and processed when visiting our site for the creation of "Page Insights", we are jointly responsible with Facebook Ireland Ltd, Dublin, Ireland. As part of Page Insights, statistics are compiled about what visitors do on our site (comment on posts, share content, etc.). This is described at It helps us understand how our site is used and how we can improve it. We only receive anonymous, aggregated data. We have regulated our responsibilities regarding data protection in accordance with the information on

14. Can this Privacy Policy be changed?

This Privacy Policy does not form part of any contract with you. We may amend this Privacy Policy at any time. The version published on this website is the current version.

Last updated: 2 October 2023


Your booking data is also processed as follows:

  • Your booking data (e.g. title, first name, last name, nationality, language, e-mail address, mobile telephone number, postal address, number of persons, arrival date, departure date, number of nights of stay and any visitor’s tax exemption) are forwarded to Bonfire AG and Zermatt Tourism (either by us or via our electronic booking system).
  • Your booking data is recorded in a central database by Bonfire AG and/or Zermatt Tourism. If accommodation providers take part in Zermatt Tourism e-mail marketing, the guest data is likewise stored with the third-party provider «Salesforce» and used as part of the business relationship between the accommodation provider and the guest.
  • Your booking data is processed exclusively in Switzerland and the EU.
  • Based on this, Zermatt Tourism settles the visitor's tax owed and collects the corresponding amount from the service partners.
  • Zermatt Tourism also reports information to the Federal Statistical Office.
  • Bonfire AG and Zermatt Tourism grant the police access to the database with booking data so that the police can access relevant booking data for missing persons, for example.
  • Zermatt Tourism uses the booking data to collect statistics (in particular regarding occupancy, length of stay, number of arrivals, etc.).
  • The legal basis for this data processing is the fulfilment of a legal obligation within the meaning of Art. 6 para. 1 (c) GDPR (billing and collection of visitor's tax/reporting to the Federal Statistical Office) and in the sense of Art. 6 para. 1 (f) GDPR (granting access to the police/collection of statistics). 

Your booking data is only used for direct marketing purposes (e.g. newsletter distribution) if you have given us your consent for this.

More information on the processing of your data by Zermatt Tourism or Bonfire AG can be found in the Zermatt Tourism privacy policy:


Haus Breithorn Zermatt AG General Terms and Conditions


  • The rental contract relates exclusively to the fixed-term lease of a vacation apartment or house (“rental property”). It includes the shared use of the communal areas of the property in accordance with the lease. Subletting is not permitted.
  • Additional services e.g. arranging transport and transfers, ski schools, excursions or such like are not included in the rental contract.
  • The rental contract between the tenant and landlord comes into effect once the landlord confirms the booking by letter or e-mail.
  • These general terms and conditions are part of the rental contract. The terms of the rental contract take precedence over the general terms and conditions. Changes to the rental contract must be agreed by letter or email.

Terms of Payment

  • Once the contract comes into effect, the stipulated price of the rental is fixed. No concessions can be made in the event of currency fluctuations or booking platforms offering different prices.
  • Additional costs such as electricity, gas and heating are included in the rental price, unless explicitly stated in the contract. Government taxes e.g. visitor's tax are not included in the rental price and are detailed separately on the invoice.
  • A deposit of 30% must be paid within ten working days of receiving confirmation of the rental contract. The remaining 70% of the booking fee must be paid no later than 45 days before the agreed arrival date of the tenant.
  • For bookings made less than 45 days before the agreed arrival date, payment must be paid in full within 3 working days of receiving the booking confirmation. In all cases, payment should be made in full before the agreed arrival date.
  • The cost of any additional services (such as ski passes, transport etc.) incurred by the tenants must be settled in full before departure.
  • Any additional payments due to the landlord must be settled on the day of departure.

Cancellation by the Tenant

  • If the tenant is unable to take up his booking, he must inform the landlord as soon as possible. Once the cancellation notice has been received in writing, the cancellation of the contract becomes legally binding. Whilst under no obligation to do so, the landlord attempts to find a replacement tenant.
  • The following cancellation conditions apply in all cases (including those with cancellation insurance cover)

Notice of cancellation before arrival date:

  • up to 45 days: administration fee of CHF 100.00
  • 44-30 days: 50% of the rental cost plus administration fee
  • 29-0 days / “no show”: total cost of the booking
  • An administration fee of CHF 100.00 per reservation is charged for all cancelled bookings.
  • The tenant remains liable for the rental costs in the event of cancellation, unless a replacement tenant has been found to cover the rental period. Should the replacement tenant not cover the entire rental period, the outstanding costs must be paid in full by the initial tenant.
  • We recommend that the tenant take out travel cancellation and liability insurance to cover damage to the rental property and its furnishings.

Cancellation by the Landlord

  • The landlord reserves the right to cancel the booking by letter or email within 5 working days of sending out the booking confirmation or, in the case of late bookings, before receipt of the initial payment.
  • Should the tenant fail to pay the deposit and/or the balance as well as the costs of any additional services in accordance with the payment schedule, the landlord reserves the right to cancel the booking without written notice. The landlord is under no obligation to pay a refund or compensation nor find a replacement tenant. Please note that the landlord can also insist that the contract is honoured.

Check - in / check – out

  • Unless otherwise agreed:
  • Check-in: after 3 pm
  • Check-out: no later than 9 am on the day of departure

Your Responsibilities 

  • The tenant should check the rental property and its contents on arrival and must report any complaints to the landlord immediately. It will be assumed that the tenant considers the rental property satisfactory in the absence of any such complaint.
  • The tenant agrees to treat the rental property with care, comply with house rules and show consideration to fellow guests and neighbours. House furnishings and facilities e.g. ski and fitness room, wellness and spa must be used with care and kept tidy. Use of the facilities is at the tenant’s own risk. Children must be supervised at all times and particular vigilance is requested when using the wellness and spa facilities.
  • Should the tenant or any member of his party/guests blatantly violate his obligations as detailed in section 20 the landlord reserves the right to terminate the contract without notice or compensation.
  • Pets are only be allowed with the landlord’s agreement. Should guests arrive with pets without prior consent, the landlord reserves the right to refuse entry to the property for the rental period.
  • Whilst smoking is prohibited inside the property, it is permitted on the balcony.
  • The rental agreement specifies the maximum number of occupants of the property. If the maximum number of occupants (adults and children) is exceeded, the landlord has the right to evict the additional guests or levy a surcharge of CHF 120.00 per person and day.


  • The tenant agrees to leave the property in the same condition that it was originally presented. He must return all keys, ensure that all household items are in place and furnishings intact. The property should be swept, the fridge and cupboards emptied, dishes and kitchen utensils cleaned and waste disposed of appropriately. The dishwasher should be set to run before departure. If the property is not returned in an acceptable condition, the client can be charged with additional cleaning expenses.
  • In the event of loss or damage to a key, a fee of CHF 100.00 per key will be charged.

Liability for Damage and Loss

  • The tenant is liable for all damage to the property and its furnishings and/or loss of items caused by himself or any member of his party, including guests. In the event that damage has occurred, the tenant is responsible for proving no fault. Where the damage is discovered after the tenant’s departure, he remains liable, provided that the landlord can prove that the tenant (or any member of his party/guests) caused the damage.
  • Damaged or stolen household items can be replaced or repaired by the landlord at the expense of the tenant.
  • The landlord is entitled to invoice the costs for damage caused by the tenant (or any member of his party/guests ) on the day of departure or after the damage has been discovered, as appropriate.

The Landlord’s Responsibility

  • The landlord ensures that the reservation is made in a professional manner and agrees to fulfil the terms of the contract.
  • The landlord is not liable for damage to or loss of objects belonging to the tenant or any member of his party. He accepts no responsibility for accidents or injuries resulting from the use of facilities (including the ski room, spa and wellness area) as well as those that may occur at the entrance to the property (even in wintry conditions).
  • The landlord himself cannot legally be held individually liable.

Zermatt Tourism and Bonfire AG Data Handling

Your bookings details are also processed as follows:

  • Your booking details are forwarded to Bonfire AG and Zermatt Tourism (either by us or via our electronic booking system).
  • Bonfire AG and/or Zermatt Tourism stores your booking details on a central database.
  • Zermatt Tourism uses this to calculate the visitor’s taxes payable and to collect payment from service partners.
  • Zermatt Tourism also reports to the Swiss Federal Statistical Office.
  • Bonfire AG and Zermatt Tourism grant police access to the booking database, so that the police can download the appropriate booking data in the event of missing persons, for example.
  • Zermatt Tourism uses the booking data to collect statistics (specifically regarding capacity, length of stay, number of arrivals, etc.).

The legal basis for this data processing relates to the fulfilment of a legal obligation within the terms of Art. 6 (1) c GDPR (charging and collection of visitor’s tax/reporting to the Swiss Federal Statistical Office), or in preservation of a legitimate interest within the terms of Art. 6 (1) f GDPR (Grant of access to the police/Collation of statistics). 

We will only use your booking details for direct marketing purposes (e.g. newsletter mailings) if you have given your consent.

Applicable Law and Jurisdiction

  • The General Terms and Conditions and contractual relationship are governed by Swiss law(Articles 253 to 274 of the Swiss Code of Obligations)
  • The place of jurisdiction for any disputes arising from the contractual relationship and the General Terms and Conditions is Zermatt (location of the rental property).

Zermatt, February 2021