Skip to main content
Le Grand Chalet
Book
Accueil>Privacy

Privacy policy

Last updated : 27 April 2026

The Le Grand Chaletattaches particular importance to the protection of the privacy and personal data of its clients, prospects and website visitors. This privacy policy is drawn up in accordance with the Swiss Federal Act on Data Protection (revFADP), which entered into force on 1 September 2023, as well as the EU General Data Protection Regulation (GDPR) where applicable.

1. Data controller

Within the meaning of Art. 5 lit. j revFADP, the data controller is :

Le Grand Chalet
Chem. de la Source 2
1854 Leysin, Switzerland
Phone : 024 493 01 01
Email : hotel@grand-chalet.ch

For any question relating to this policy or to the exercise of your rights, you may write to us at the address above or by email.

2. Personal data collected

We collect only the data strictly necessary for the purposes described below. Depending on the context, the categories of data processed are :

  • Identification data : title, surname, first name, date of birth when required.
  • Contact details : postal address, email address, telephone number, country of residence.
  • Booking and stay data : dates, room, number of occupants, services booked, preferences, special remarks, identity document required for registration (cantonal guest card).
  • Payment data : card type, masked number and expiry date, processed exclusively by PCI-DSS certified providers.
  • Communication data : messages exchanged via the contact form, emails, telephone conversations.
  • Technical and browsing data : IP address, browser type, operating system, pages viewed, timestamps, session identifiers, cookie data (see cookie policy).

3. Purposes and legal bases

Your data is processed for the following purposes :

  • Performance of the contract : management of the booking, the stay, invoicing, and ancillary services (catering, wellness, seminar, gift vouchers).
  • Compliance with legal obligations : keeping the guest register, collection of the tourist tax, retention of accounting documents (Art. 958f CO), anti-money laundering obligations.
  • Legitimate interests : security of the website and the premises, fraud prevention, improvement of our services, dispute management, anonymised statistics.
  • Consent : sending of the newsletter, commercial offers, placement of non-essential cookies, taking of photographs during events.

4. Recipients and data processors

Your data is never sold. It may be transmitted, strictly to the extent necessary for the performance of the services, to the following categories of recipients :

  • Authorised staff of the Le Grand Chalet (front desk, reservations, accounting, management).
  • Booking engine and PMS : Mews Systems s.r.o. (Czech Republic) for the management of bookings and stays.
  • Partner platforms : Booking.com, Expedia, Freedreams and other distributors when the booking is made through them.
  • Payment providers : banking institutions and PCI-DSS certified payment processors.
  • Hosting and infrastructure : Vercel Inc. (United States) for the hosting of the website.
  • Audience measurement and communication tools : privacy-friendly analytics providers and email-sending platforms, when enabled.
  • Authorities : where required by law (tax authority, police, justice).

Each data processor is bound by contract and required to comply with the confidentiality, security and purposes defined by the Le Grand Chalet.

5. Cross-border data transfers

Some of our data processors (in particular Vercel Inc. in the United States and Mews Systems s.r.o. in the European Union) process data outside Switzerland. In accordance with Articles 16 and 17 revFADP, these transfers are carried out :

  • to countries offering an adequate level of protection recognised by the Swiss Federal Council (in particular the European Economic Area), or
  • under appropriate contractual safeguards, in particular the Standard Contractual Clauses (SCCs) recognised by the Federal Data Protection and Information Commissioner (FDPIC).

6. Retention period

Data is kept only for the time strictly necessary for the purposes of the processing :

  • Client file : for the duration of the contractual relationship and then archived for up to 10 years after the last stay for the purposes of dispute management and accounting obligations.
  • Accounting and tax documents : 10 years, pursuant to Art. 958f CO.
  • Payment card data : no later than 30 days after departure, save in the event of an ongoing dispute or refund.
  • Prospect and newsletter subscriber data : until consent is withdrawn and at most 3 years after the last contact.
  • Technical logs : at most 12 months.
  • Any video surveillance : 7 days, except in the event of an incident.

7. Data security

In accordance with Article 8 revFADP, the Le Grand Chaletimplements appropriate technical and organisational measures to guarantee the confidentiality, integrity and availability of your data : encryption of communications (HTTPS/TLS), access control, regular backups, staff awareness, rigorous selection of compliant providers (PCI-DSS for payments).

8. Profiling and automated decision-making

The Le Grand Chalet does not carry out any automated individual decision-making producing legal effects within the meaning of Article 21 revFADP. Any processing for statistical or personalisation purposes is carried out on the basis of aggregated or anonymised data.

9. Your rights

In accordance with the revFADP (Art. 25 et seq.) and, where applicable, the GDPR, you have the following rights :

  • right of access and to information ;
  • right to rectification ;
  • right to erasure (« right to be forgotten ») ;
  • right to object to processing ;
  • right to restriction of processing ;
  • right to data portability ;
  • right to withdraw at any time a previously given consent, without affecting the lawfulness of prior processing ;
  • right to request the delivery or transmission of data to a third party (Art. 28 revFADP).

To exercise these rights, please send us a request together with proof of identity by email to hotel@grand-chalet.ch or by post to the address indicated in section 1. A response will be provided as soon as possible and at the latest within 30 days.

10. Right to lodge a complaint with the FDPIC

If you consider that the processing of your data does not comply with the applicable legislation, you may lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Berne, www.edoeb.admin.ch.

11. Amendments

This policy may be updated to reflect legal, jurisprudential or technical developments. Any new version will be published on this page with its update date. We invite you to consult it regularly.