- What is all this data protection declaration about?
- Who are we?
- What does it mean “personal data” and their “processing”?
- To whom does this data protection declaration address to and what is it for?
- What personal data are we processing and for what purposes?
- Who do we send your personal data to?
- When do we transfer your personal data abroad?
- Do we use profiling and automated individual decisions?
- In which moment do we collect your personal data?
- How long do we keep your personal data?
- What are your rights concerning le treatment of your personal data?
- What else needs to be taken into account?
- Updates to this privacy statement
Data protection is a question of confidence, and we particularly value your trust. We have thus decided to publish this data protection declaration. It presents new European general data protection regulation (GDPR) and explains how and to which ends different personal data is being treated. Even though the GDPR is a regulation of the European Union, it is important for us. The Swiss Federal Act on Data Protection (FADP) is very influenced by the European law, and a future revision of the FADP will adopt many of the GDPR’s regulations. In addition, the companies situated outside of the European Union need to comply in certain cases with the GDPR. However, we would like to guarantee a high protection level of the GDPR to all the persons whose personal data do we process. We have therefore decided to align this data protection declaration on the GDPR. It is important to us that you are fully informed of your personal data processing. By this data protection declaration, we inform you how and why do we collect process and use your personal data. We estimate that it is fundamental that you understand the following points:
Personal data that we collect and process about you;
The moment in which we collect your personal data;
The purpose for which we use your personal data;
The retention period of your personal data;
Who has access to your personal data; and
The rights that you dispose concerning your personal data.
Down below you will find all the indications and the corresponding explications. We invite you to contact us if you have any questions. You will find our contact information under section 2.
According to the legal provisions of data protection, a specific company is responsible for each data processing. This company determines if a specific processing is necessary, e.g. within a service, during a usage of an internet site etc. and the purpose of its usage as well as principles that need to be applied (if these decisions are taken jointly by many companies, they can also be jointly responsible). The following company is generally responsible for data processing according to the present data protection declaration:
Rapsody Travel & Events, Jelena Markovic, service clientèle, Chemin des Plateires 10
+41 21 711 14 84 firstname.lastname@example.org
In certain cases, another company is responsible for your data:
If you contact another firm of Rapsody Travel & Events group a customer service, this firm is responsible for data processing, unless this data declaration says otherwise.
We also transmit your personal data to other firms of Rapsody Travel & Events group and to other third parties so that these recipients can process your personal data for their own purposes (but not in our name). This can equally include authorities. In this case, the person liable is the recipient in question.
You will find more additional information in this data protection declaration under section 6.
The data protection law regulates the processing of personal data. Personal data is any information that can be associated with a specific physical person, which means a living bean.
This can for example contain following information:
Contact information, e.g. name, postal address, e-mail, phone number;
Other personal data; e.g. sex, age and birthday, civil status, nationality, passport details etc.
Travel data such as travel dates, itinerary/destination, Airline Company, hotel, price, client demands, and information about you travel companions or data about your travel companions.
Medical data; e.g. information on the particular needs concerning your health or illnesses and accidents during a trip.
Financial data; e.g. payment information, credit card number, account details, solvency, assets and income.
Recordings of your web-site visits.
Data provided while communicating with you
In addition, information relative to a morally identifiable person, e.g. some contract information with a company can also be considered as personal data. We collect your personal data directly from you, e.g. when you communicate with us in a travel agency, when you use an online offer or application or when you visit an Internet Site. They can also be collected indirectly, e.g. by independent travel agencies while a passenger gives information about his travel companions or while other persons are mentioned in communication with us or also by collecting additional information from third-party data sources (for example from social medias or address traders). We do not process necessarily all the personal categories that in this section. You will find specific information about personal data that we process in section 5.
“Processing” however means any manipulation of your personal data. These are, for example, following actions:
Collect and conservation
Usage and exploitation
Transmission and disclosure
Suppression and destruction
This data protection declaration is applied to our personal data processing in all of our activity sectors. You will find additional information in our general contract and travel terms (GCTT). It can be applied to processing of existing and future personal data. Additional confidentiality policies can be applied to certain services. Out data processing can particularly concern the following persons (known as “concerned people”):
- People who write to us or contact us in any other way or persons who are mentioned during a communication with us;
- People who book trips or events with us;
- Travel companions;
- People who benefit of our services or who are concerned by some of our services;
- Visitors of our Internet Site and our social media channels;
- Recipients of marketing information and communication;
- Interlocutors of our suppliers, customers and other business partners
- Job applicants
We process very different personal data depending on the occasion and the purpose. You will find more information about this in our section and within our general contract and travel terms (GCTT). Among other things we process personal data, eventually sensitive personal data too, depending from the situation and for the following purposes
We process personal data when you enter in contact with us and vice versa, for example when you contact our customer service in writing or by phone. Generally, information such as name and contact as well as the content and time of the messages suffice. We use this data to provide you with information and news releases, to process your request and to communicate with you as well as for quality insurance and training. We also transmit the communications within the Rapsody Travel & Events group to the relevant departments, for example if your request concerns other company.
5.2 Booking of trips and events
Your personal data are processed when you use our services, for example during a trip booking directly with us or in an independent travel agency, Personal data, notably the trip information mentioned in the section 2 are processed within the booking procedure or billing. During a reservation in online shops, we collect and process also personal data concerning your solvency and your buying and paying behavior. For example, we use your credit data in order to accept or refuse an invoice purchase. We process purchase information that you effectuate, for example when, how often and in which online stores in order to obtain information about preferences and affinities for certain products or services. This information helps us to inform you specifically about other offers and to better adapt our offer to the demand.
5.3 Internet site visits
5.4 Analysis services
5.5 Functions of other providers
We can also manage functions of other providers, such as Facebook and this provider can therefore gain access to your data. In most of these cases, however, we do not know the names of visitors to the website.
5.6 Information and direct marketing
We process personal data, especially your name and your email address in order to send information and advertisements. In the case of emails, we process equally information relative to your usage of news releases (for example, if you opened an email and downloaded images integrated) in order to better adapt and generally improve our offers . You can block usage data processing in your e-mail program if you disagree. If you do not wish to receive promotional messages from us, please contact us at email@example.com or at Rapsody Travel & Events, Jelena Markovic, Chemin des Plateires 1009, Pully. You will also find a link in each information and promotion mail with which you can unsubscribe.
5.7 Contests, games and other events
From time to time, we organize contests, games and other similar events. We process your contact and information relative to your participation to the contests and games, eventually for communicate with in this context and for advertising purposes. You will find further details in the Participation conditions.
5.8 Commercial partners
We cooperate with different companies and commercial partners such as transport companies, hotels, travel agencies, car and motor home rental services, cooperation partners and service providers (informatics service providers etc.). We process personal data of contact persons in these companies, for example their name, function, title and their communication with us, for the initiation and execution of the contract, planning, accounting, management of client/service provider relation and other purposes related to the contract. Depending on the area of activity, we are also required to take a closer look at the company in question and its employees for example by means of a security inspection. In that case we collect and process more information. We can also process personal data in order to improve customer orientation, satisfaction and loyalty.
We process personal data for our own administration and for internal administration of the group. We also process personal data for the purpose of accountancy and archiving in order to generally verify and improve internal processes.
5.10 Companies transactions
We can also process personal data for preparation and elaboration of buybacks/sales of companies or for the purchase or sale of assets. The purpose or extent of the collected data depends on the stage and purpose of the transaction.
5.11 Job Applications
We also process personal data when you submit us your candidacy in order to verify your suitability for the position in question, to propose a possible job and, if necessary, for preparation or conclusion of a contract. To do so, we generally need usual information and documents such as those mentioned in a job advertisement, for example: application, marital status, children, residency status, CV, knowledge and skills, interests, references, qualifications, certificates etc. This can also include particularly sensitive personal data, for example health data or syndicate membership information.
5.12 Compliance with legal requirements
We process personal data in order to comply ourselves with legal demands, for example, to ensure respect of legal obligations, including court or governmental orders, to ensure compliance and to detect and clarify abuses. This happens, for example, if we receive or process complaints and grievance reports, if an authority demands documents containing your name and personal contacts or if we are conducting an investigation. We can also conduct internal investigation in which your personal data can also be processed.
5.13. Defense of legal interests
We process personal data in diverse combinations in order to protect our rights. For example, to process reclamations from our part, our affiliates, our employees or our contractual or commercial partners and, if necessary, to assert them in or outside the framework of judicial way in front of national and foreign authorities or to defend our reclamations. Per instance, we can make an assessment of the chances on a trial or submit the documents to an authority. We can process your personal data or to pass them to third parties in Switzerland or abroad, as far as necessary and authorize.
Our collaborators have access to your personal data as far as necessary for the purposes described and their activities. They act according to our instructions and are bound by confidentiality and secrecy during the processing of your personal data.
We can pass your personal data to other firms of Rapsody Travel & Events group for their internal administration and for other processing purposes. In this matter, your personal data can also be associated to personal data of other Rapsody Travel & Events group firms.
We can pass your personal data to third parties if we wish to call upon their services (“data controllers”). It can notably include services in following areas:
- Informatics services, for example in the fields of data storage, cloud services, sending email newsletters, analysis or data enrichment etc.
- Company management services (p.eg. accounting or assets management)
Thanks to the responsible choice of data management and the appropriate contractual arrangement, we ensure that data protection is also provided by third parties during the entire processing period. Our control data managers are obliged to process personal data exclusively for our behalf and only to our instructions.
However, it is also possible to transfer personal data to other companies for their own needs. In this case, the data recipient is responsible for their protection. This can happen in the following cases:
- When you book trips with us, depending on the booking subject, we transfer personal data to transport companies (railway companies, ships, airlines etc.), to accommodation companies (hotels, guesthouses etc.), to local organizers (concert rooms, city guides etc.) and to other service providers (e.g. car and motor home rental providers)
- Air travel notes: on request from the authorities of some countries, it is possible that certain data concerning your travel to or from your destination country need to be transferred to the competent authorities for safety reasons or entrance formalities. You give authorization to us or to the airline company to transfer for these purposes the mentioned data also called “Passenger name record” (PNR) to these authorities to the extent of their availability. They contain information such as full name, date of birth, full address, phone numbers, information concerning your travel companions, ticket booking/emission date and expected travel date, payment information, travel and itinerary status, Frequent Flyer number, information related to baggage, all previous PNR changes etc. Please note that these changes can be transferred to a country whose protection level is not comparable to the Swiss legislation. (see section 7)
- When we organize a trip, we transfer personal data to individual tour operators.
- When we review or execute transactions such as business combination or the acquisition or sale of company’s individual parts or assets, we must then transfer personal data to another company. In this case, we will inform you about as soon as possible and try to process as little personal data as possible.
- If the law demands it, we can transfer your personal data to third parties (e.g. Swiss or foreign authorities). We reserve as well the right to process your personal data in order to comply with a court order, to assert or defend legal rights or even when we considerate it necessary for other legal reasons.
- We can transfer your personal data to your former employers when you apply for a job (references) or to your future employers when you apply for a new position.
When we transfer claims against you to other companies such as collection companies
The recipients of your personal data (see section 6) can also find themselves abroad. The countries concerned may not have laws that protect your personal data in the same measure as in Switzerland, the EU or the EEA. If we transfer your personal data in such a state, we are obliged to assure their protection in an appropriate manner. One way to do this is to conclude data transfer agreements with your data’s third country recipients which will guarantee the necessary protection. These include notably contracts that are approved, issued or recognized by the competent authorities, referred to as standard contractual clauses. Transmission to the recipient subject to the “US Privacy Shield Program” is also authorized. Do not hesitate to contact us if you require more information. In exceptional cases, transmission into countries without adequate protection is also allowed.
By the term “profiling” we mean the process by which personalized character data is being treated automatically to evaluate, analyze or predict personal aspects, for example: work performance, economic situation, health, personal preferences, interests, reliability, behavior, place or change of residency., We use profiling, for example in purchasing behavior analysis, selection of candidates, examination of contractual partners etc. Individual automated decisions are decisions taken automatically, which means without relevant human influence and who have negative legal or other similar effects. We will inform you separately if we were to use individual automated decisions and if the law demands it.
We take appropriate technical security measures (encryption, pseudonymisation, registration, access restrictions, data conservation etc.) and organizational measures (instructions to our employees, confidentiality agreements, controls etc.) in order to assure the security of our personal data against an unauthorized or illegal processing and to counter the risk of loss, involuntary modification, involuntary disclosure or unauthorized access. However, security risks cannot be totally excluded, some of them are often inevitable.
We store your personal data in an identifiable format as long as necessary for the specific purpose for which we have collected, in contractual cases, at least for the duration of the contractual relation. We also store your personal data if we have a legitimate interest to store them. This could be the case if we need personal data to assert or defend rights, for archiving in order to guarantee informatics security or if limitation periods for contractual or non-contractual rights are taking place. Limitation period of ten years is often applied but in some cases it is only five years or a year. We also store your personal data as long as they are subject to a legal obligation to preserve. For certain data, for example, a ten-year retention period applies. For others short storage periods are being applied, for example, for video surveillance recordings or for recording certain Internet processes (connection data). After expiration of the mentioned deadlines, we delete or anonymize your personal data.
In every moment you can oppose to the processing of your data, especially in the context of direct advertising (e.g. against advertising e-mails).
You have the following rights:
Right of access: at every time you have the right to request free access to you personal data while we process them.
You also have the possibility to verify which is the personal data that we process and use on you matter, in accordance with the applicable data protection regulation.
Right of rectification: you have the right to rectify incorrect or incomplete your incorrect or incomplete personal data and to be informed of their correction. In this case, we will inform the recipient of the data concerned about the adjustments made, unless this is impossible or involves disproportionate means.
Right of cancellation: you have the right to have your personal data erased in certain circumstances. This right can be eluded in certain cases.
Right of restriction: you have the right, under certain conditions, to request that your personal data processing be restricted.
Right of portability: you have the right, under certain conditions, to obtain a copy of some data that you have already transferred to us in a structured and current format.
Right of appeal: You have the right to the control competent authority against the way you personal data is processed.
Right of withdrawal: I principle, you have the right to revoke your consent at any time. However, processing activities based upon your previous consent will not become illegal after your withdrawal.
During the processing of your personal data, we particularly rely on the following principles:
- Implementation of a contract with the person concerned or the pre-contract measures at his demand.
- Legitimate interests. This includes our own and third-party interests. These are rather diverse and include interests in customer service, maintaining contacts and other communications with the clients made even outside of the contract; advertising and marketing activities in order to better get to know our clients and other people, to improve our products and service and to develop new ones, for internal administration and traffic of the group, which is necessary in a group with a cooperation based upon a division of labor; in order to fight against fraud, in online shops for example, prevention and search of infractions; for protection of clients, employees and other persons and secret data of Migros group; for the guarantee of computer safety particularly with regard in the use of website, applications and other informatics infrastructures; for guarantee of the organization and commercial operation including the operation and development of websites and other systems; for management and business development, for sale or purchase of businesses, their parts and other assets, for execution and or defense of legal claims and in compliance with Swiss law and international rules.
- To a consent if we ask for it separately
- A requirement of legal compliance
In addition, there is no general obligation to transfer us personal data unless you have a contractual relation with us which that establishes such an obligation. However, we will have to collect and process the personal data necessary for the establishment and treatment of a contractual relation and execution of obligations arising from it or which are described by law. Processing of certain data is also obligatory while using websites. In this case, you can prevent cookies (you will find more information of this matter in this data protection declaration). However, due to technical reasons, recording of certain data generally non-personal such as your IP address cannot be prevented. When you communicate with us, we must also treat at least the data that you provide us or data that we provide you. If you provide us with your personal data, you must be sure that the given data is correct. Depending on the matter, you can or must provide us with personal data of third parties, for example travel companions. We draw your attention to the fact that, in this case, you are required to inform the persons concerned of this data and of this data protection declaration and to assure the accuracy the data in question.
This data protection declaration can change over time, particularly if we change our data processing or if a new legislation becomes applicable. We inform actively persons whose contact information is registered with us in the event of significant changes, if this is possible and do not require disproportionate means. In general, however, the data protection declaration in its actual version at the beginning of the respective processing is being applied for data processing.