Introduction
We take your data protection and privacy seriously. That’s why we have put together this privacy policy, which explains how we process your data when you browse our website (www.chillon.ch) and use its features (e.g. our online ticket service or when you make a donation).
Cette déclaration de protection des données couvre uniquement les traitements de données relatifs à notre site web et à ses fonctionnalités. Des déclarations de protection des données spécifiques peuvent s’appliquer à d’autres services, prestations ou produits que nous pouvons proposer.
This privacy policy only pertains to data processing relating to our website and its functionalities. Specific data protection clauses may apply to other services or products that we offer.
In Switzerland, data protection pertains to the Swiss Federal Act on Data Protection of September 25 2020 (FADP), as well as on the Swiss Federal Data Protection Ordinance of 31 August 2022 (DPO). Our privacy policy and data protection practices comply with the legal provisions contained within the aforementioned legislation.
While we have made every effort to simplify our privacy policy, some of the language used is specific to this legislative framework and hence may be more difficult to understand. To help with this, we have decided to summarise the main FADP definitions used in this document below:
- Data subject: the natural person whose personal data is being processed.
- Personal data: all information concerning an identified or identifiable natural person.
- Sensitive personal data: data on political opinions, religious or ideological convictions or trade union membership; data on health, the intimate sphere or racial or ethnic origin; genetic data; biometric data that could uniquely identify a natural person; data on criminal or administrative sanctions or proceedings; data on social security measures.
- Processing: any operation relating to personal data, irrespective of the means and processes applied, namely the collection, storage, preservation, use, modification, disclosure, archiving, deletion or destruction of data.
- Data controller: the natural person or federal body that determines (alone or jointly with others) the purposes and means of the processing of personal data.
- Data processor: the natural person or federal body that processes personal data on behalf of the data controller.
- Federal Data Protection and Information Commissioner (FDPIC): the authority responsible for monitoring the proper application of the federal data protection provisions, in particular the FADP.
Finally, we use the term ‘data’ interchangeably with ‘personal data’.
Who are we and how can you contact us?
Chillon Castle is managed by the Chillon Castle Foundation You can contact us by post at the following address: Chillon Castle Foundation, Avenue de Chillon 21, 1820 Veytaux. You can also email us at info@chillon.ch.
What is our role in data protection?
When you browse our website and use its features, we may need to process some of your personal data. In accordance with the FADP, we are the data controller.
Our role
As data controller, we are mainly responsible for determining the reasons why we need to process your personal data, how it is processed, as well as for any security measures. When we collaborate with external service providers in the context of our operations, we ensure that they share our commitment to protecting your data and that they uphold the same standards.
Your role
Data protection is everyone’s business. We therefore encourage you to read our data protection policy carefully.
If you are a visitor or partner, we also encourage you to consult any terms and conditions or contracts we have shared with you, which may contain additional details on how we process your data.
Finally, if you provide us with someone else’s personal data, such as that of a member of your family, we assume that you have their consent to do so, and that the data is accurate.
When and how do we collect your data?
We collect data from the moment you first interact with our website (e.g. to find out whether or not you consent to the use of cookies). You also provide us with your data when you fill out our contact form or contact us in any other way.
What type of data do we process?
Depending on how your browse our website and use its functionalities, we may process the following types of data:
When you contact us or use features on our website, such as our newsletter subscription form, we process your contact data, such as your last name, first name, address, telephone number or email address.
When you use our payment services (e.g. when purchasing a ticket or making a donation online), we process the financial data necessary to process the payment, such as your last name, first name, billing details, billing address, telephone number, reference number and order date. If you pay by credit card or Twint, payment is made via our online payment service providers Smeetz and Stripe Payments Europe Limited. We do not process credit card numbers or CVC numbers.
Every time you use our website, it generates certain data for technical purposes and to help improve our service, namely your IP address, information about your internet service provider and your device’s operating system, referring URL, browser, the date and time of access and the content you viewed while visiting the website.
Our website also contains other features that may collect various data.
For example, we allow job applicants to submit their applications, either speculatively or in response to one of our job ads, via an email address provided for this purpose. When an application is submitted, we mainly process professional information that allows us to assess your profile, such as your qualifications, work experience and education.
We also use an interactive chatbot (an avatar of Bonne of Bourbon or Lord Byron) designed to streamline your experience by answering your questions and providing information. When you interact with our chatbot, we process any data that you voluntarily provide to us.
Sensitive data
We do not collect or process any sensitive personal data, with the exception of any food intolerances or allergies you make us aware of when making a reservation.
Data relating to minors
Although our website is open to all, its use is exclusively intended for adults. We do not target our services at minors and we do not deliberately collect any personal data about them. However, we may sometimes need to collect personal data on minors in the context of specific activities held at Chillon Castle. In these cases, we rely on parents or legal guardians to provide us with the necessary data. We strive to treat this information with the utmost care and to use it only in the context of the specific activities for which it was provided.
Why do we process your data?
We process your data for the purpose of communicating with you, in particular to respond to your requests and for the exercising of your rights, to let you know about our services, in particular via our newsletter, to advertise or to allow you to purchase tickets or start a recruitment process. We also process your personal data to generate useful web traffic statistics to help improve our website. Finally, we process your personal data to comply with the laws, directives and recommendations of the Swiss authorities.
What are your rights?
Your rights vary depending on the specific circumstances and there may be exceptions. In general, the FADP provides for the following:
- You have the right to access your data.
- You have the right to request your data be provided in a commonly used electronic format.
- You have the right to have your data rectified if it is inaccurate.
- You have the right to object to the processing of your data.
- You have the right to request the erasure or destruction of your data.
- You have the right to request that an automated individual decision be reviewed by a natural person.
If you wish to exercise the aforementioned rights, you can contact us. To prevent any abuse of these rights, we must first identify you (e.g. through a copy of your ID, if no other form of identification is available). Please note that conditions, exceptions and restrictions may apply when exercising these rights in accordance with the FADP (e.g. to protect third parties or trade secrets). We will inform you of this where applicable.
If you consider our processing of your data to be contrary to data protection regulations, you also have the option to report us to the FDPIC. We encourage you to contact us first, so that we have the opportunity to address your concerns. If we are unable to do so, you can contact the FDPIC following the instructions on their website.
How do we secure your data?
We take appropriate security measures, such as encryption, to keep your personal data secure and guarantee confidentiality, integrity, availability and traceability. Unfortunately, we cannot guarantee 100% data security. If you believe that the terms for processing your personal data have been violated, please contact us immediately.
Where do we store your data?
Any personal data that we collect is stored both in our offices and in the processing centres operated by our service providers.
How long do we keep your data?
We process your personal data for as long as is required for processing purposes, which is as long as we have a legitimate interest in storing it (e.g. to assert our rights, for archiving purposes or to ensure IT security) and for as long as the data is subject to a legal storage obligation. For example, the retention period for some data is ten years. Beyond this period, we destroy or anonymise your personal data.
How do we share your personal data?
Our website is managed in collaboration with specialist third-party service providers, in particular for its design, maintenance and hosting. To ensure our website works properly and, more generally, to guarantee a quality service, we partner with service providers who are recognised in their field of expertise. It may be necessary to share your data with our service providers as part of these partnerships. Rest assured that we only share what is strictly necessary and always in accordance with the legal framework.
When personal data is transferred to a service provider located outside Switzerland or the European Economic Area (EEA) and we do not deem their level of protection to be adequate, we require service providers to comply with the applicable data protection legislation (for this purpose, we use the European Commission’s revised standard contractual clauses, available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj). This is unless the provider is already subject to a set of legally accepted rules designed to guarantee the protection of data, or where we cannot invoke an exception.
Our service providers
| Service provider |
Purpose |
Processing site |
| AskMona |
AskMona is a specialist service, developing advanced chat solutions that we use for our chatbot. |
European Economic Area (EEA) |
| Google (Google Analytics) |
Google Analytics is an analytical service that we use to track the use of our website and prepare reports on user activity. |
EEA, United States of America (USA) |
| Google (Google Maps) |
Google Maps is an online mapping service that we use to allow our users to find us. |
EEA, USA |
| Google (reCAPTCHA) |
Google reCAPTCHA is an online security service that we use to verify user identity and protect our website from malicious activity. |
EEA, USA |
| MailChimp |
MailChimp is a marketing service that we use to create and send personalised campaigns, manage our subscriber lists and analyse campaign performance. |
EEA, USA |
| MAXR |
MAXR is an IT services company which hosts our computer servers. |
Switzerland |
| Onix Informatique |
Onix Informatique is an IT services company which manages our IT environment. |
Switzerland |
| Smeetz |
Smeetz is an online ticketing and payment service that we use for online ticket sales. |
Switzerland, EEA |
| Stripe Payments Europe |
Stripe is an online payment service that we use for financial transactions related to donations. |
EEA, USA |
| Tipee |
Tipee is a planning service that we use, mainly to streamline bookings for our guided tours. |
Switzerland, EEA |
| Facebook (Facebook Pixel) |
Facebook Pixel is a service that we use to create online advertising campaigns. |
EEA, USA |
Our use of cookies
Our website uses cookies. You can click ‘Learn more’ in our cookies banner to see the relevant list of cookies for each service.
You can block cookies by changing the settings in your browser. You can also use our cookie banner to manage your preferences or delete cookies through your browser settings. If you use your browser settings to disable, reject or block cookies, some parts of our website will not work as intended. In some cases, our website may not be accessible at all. Please note that we have no control over how third parties use cookies.
| Service provider |
Cookies |
Service |
| Google |
_ga
_gat
_gid
_gcl_au
_gd
_ga_2V6Z1FPX2F |
Google Analytics |
| Google |
NID
_Grecaptcha |
Google reCAPTCHA |
| Google |
_gat_gtag_UA_9820202_22 |
Google Tag Manager |
| Smeetz |
_smtz_id |
Smeetz (online ticketing) |
| YouTube |
YSC
Visitor_Info1_Live |
YouTube |
| Facebook |
_fbp |
Facebook |
| AskMona |
Askmona-ws |
AskMona (chatbot) |
Social media
We have an online presence on social media and other platforms (e.g. Facebook, Instagram, X, YouTube, LinkedIn and TikTok). When you communicate with us on these sites, or when you comment or post content on them, we collect data that we use primarily to communicate with you. For more information on how these platforms process data, you can consult the relevant data protection policies. There, you will also find information about the countries in which they process your data, your rights of access and erasure of data and any other rights as a data subject, as well as how you can exercise these rights or obtain additional information.
Final provisions
Updated on March 11, 2024
