Last updated July 2019
1. Who is the controller of your data?
2. What categories of your data do we collect and use?
3. Why and how do we collect your data?
4. Who sees, receives and uses your data and where?
5. How long do we retain your data?
6. What are your data protection rights and how can you exercise them?
7. Contact details of the data controller
8. Contact details of our data protection officer
9. Information about cookies
10. Privacy notice for Facebook
We, being an entity located in Switzerland, are subject to Swiss law regarding the protection of personal data. For that reason, we undertake to comply with the obligations imposed by the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Swiss Federal Act on Data Protection of 19 June 1992 (FADP). In the same vein, we inform our Users and/or Customers that the Decision of the Commission of 26 July 2000 in accordance with Directive 95/46/CE of the European Parliament and the Council relating to the adequate level of protection for personal data in Switzerland declared that, in Switzerland, the laws guarantee an adequate level of protection in accordance with Directive 95/46/CE. In accordance with Swiss Federal Act on Data Protection of 19 June 1992 and with Article 45 of the Swiss Federal Act on the Supervision of Insurance Companies of 17 December 2004 (FASIC) we inform our Users and/or Customers that their personal data is processed and kept by the Company in the manner and for the means as follows, in accordance with the LPD and LSA.
When you visit the Website and use our Comparison Service (you as a "User") or then purchase or register to our services (you as a "Customer") we collect the categories of personal data as follows:
2.1. Personal data provided by you
The provision of the above personal data, where requested, is necessary for the adequate performance of the requested service and to allow us to comply with our legal obligations except when we rely on consent as legitimate basis for processing and or our legitimate interest. Without it, we may not be able to provide you with all the requested services. It is important that all the personal data you give us is correct and accurate. This includes, by way of example only, ensuring that we have your correct contact (including email) details at all times.
2.2. Personal data collected automatically from our Website, from communication we send, and/or from third parties
In general terms, we use your personal data to provide you with the services you request, send you marketing and promotional communications, notify you about important changes to our Website and to deliver our content and ads which we think may be of interest to you. More specifically:
On which legal basis? To comply with the law (i.e. to share personal data with regulatory authorities)
On which legal basis? To pursue our legitimate interest (i.e. improving our Website, its features and our products and services)
On which legal basis? Where you give your consent
On which legal basis? To pursue our legitimate interest (i.e. ensuring the security of our Website)
On which legal basis? To pursue our legitimate interest (i.e. compliance with our terms and conditions, protection of our rights in the event of any dispute or claim)
On which legal basis? Where you give your consent (i.e. through the cookie banner or by your browser's settings)
Where we rely on legitimate interest as a basis for processing your personal information, we carry out an assessment to ensure that our interest in the use of your data is legitimate and that your fundamental rights of privacy are not outweighed by our legitimate interests (‘balancing test’). You can find out more information about the balancing test by contacting our Data Protection Officer at to [email protected] .
4.1. Categories of recipients of your data
The complete list of parties to which your personal data may be disclosed is available at our registered office and may be requested by writing to [email protected]
4.2. International transfer of your data
Users’ and/or Customers’ personal data is processed in at the Data Controller’s registered office (see point 1), on the lm group servers, and at the offices of other entities to which data may be provided in order to provide the services requested of the Data Controller.
Given the fact that we are an international travel company, we also transfer your personal data to:
Should you want to obtain further details about the safeguards put in place, you can contact us by writing to [email protected]
DATA USED FOR MARKETING PURPOSES (CRM)
Data used for marketing activities to customers/users subject to the consent.
Retention period: 5 years from the consent or the renewal of the consent via interaction with marketing communications
DATA COLLECTED VIA TAG
Retention period: Max 3 years from the date of browsing on our websites
Retention period: Max 1 year from the date of consent
You can exercise the rights provided by the Regulation EU 2016/679 (Articles 15-22), including the right to:
Right of access - To receive confirmation of the existence of your personal data, access its content and obtain a copy.
Right of rectification - To update, rectify and/or correct your personal data.
Right to erasure/right to be forgotten and right to restriction - To request the erasure of your data or restriction of your data which has been processed in violation of the law, including whose storage is not necessary in relation to the purposes for which the data was collected or otherwise processed; where we have made your personal data public, you have also the right to request the erasure of your personal data and to take reasonable steps, including technical measures, to inform other data controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Right to data portability - o receive a copy of your personal data you provided to us for a contract or with your consent in a structured, commonly used and machine-readable format (e.g. data relating to your purchases) and to ask us to transfer that personal data to another data controller.
Right to withdraw your consent -Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes.
Right to object, at any time - You have the right to object at any time to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement , or where we are using your data for direct marketing.
Right not to be subject to a decision based solely on automated processing, including profiling -You can always request a manual decision- making process instead, express your opinion or contest decision based solely on automated processing, including profiling, if such a decision would produce legal effects or otherwise similarly significantly affect you.
You can exercise the above rights at any time by:
In case you exercise any of the above rights provided by GDPR, please note that we will attend your request considering the personal information held by all the companies within the lm group where BravoNext, S.A. holds, directly or indirectly, 100% of the shares.
Your rights in relation to your personal data might be limited in some situations. For example, if fulfilling your request would reveal personal data about another person or if we have a legal requirement or a compelling legitimate ground we may continue to process your personal data which you have asked us to delete.
You also may have the right to make a complaint if you feel your personal information has been mishandled. We encourage you to come to us in the first instance but, to the extent that this right applies to you, you are entitled to complain directly to the relevant Data Protection Supervisory Authority.
The contact details of the Data Controller of the data processing described hereinabove are:
BravoNext, S.A., a Swiss company belonging to the lm group, listed in the Ticino business register under no. CHE - 115.704.228 and with registered office at Vicolo de’ Calvi 2 - 6830 Chiasso, Switzerland.
Our Data Protection Officer (or "DPO") is available at:
What follows is a description of the type of cookies used in the website:
9.1 Types of cookies according to the managing entity
Depending on what entity manages the computer or domain from which the cookies are sent and processed, there exist the following types of cookies:
Depending on the amount of time you remain active on your Device, these are the following types of cookies:
Cookies can be grouped as follows:
a) Technical cookies: these cookies are strictly necessary for the operation of our Website and are essential for browsing and allow the use of various features. Without them, you cannot use the search function, compare tool or book other available services on our Website.
b) Personalisation cookies: these are cookies used to make navigating our Website easier, as well as to remember your selections and offer more personalised services. When you select the use of this we may allow advertisers or other third parties to place cookies on our Website to provide personalised content and services. If cookies are blocked, we cannot guarantee the functioning of such services.
c) Analytical cookies for statistical purposes and measuring traffic: these cookies gather information about your use of our Website, the pages you visit and any errors that may occur during navigation. We also use these cookies to recognise the place of origin for visits to our Website. These cookies do not gather information that may personally identify you. All information is collected in an anonymous manner and is used to improve the functioning of our Website through statistical information. Therefore, these cookies do not contain personal data. In some cases, some of these cookies are managed on our behalf by third parties, but may not be used by them for purposes other than those mentioned above.
To see the list of cookies used on this Website, click here.
The information contained in the above list of cookies has been provided by the other companies which generate them.
These companies have their own privacy policies in which they set forth both their own declarations as well as applicable disabling systems.
There are a number of ways to manage cookies. By modifying your browser settings, you can opt to disable cookies or receive a notification before accepting them. You can also erase all cookies installed in your browser’s cookie folder. Keep in mind that each browser has a different procedure for managing and configuring cookies. Here’s how you manage cookies in the various major browsers:
If you use another browser, please read its help menu for more information.
10.1. Facebook Custom Audiences - Facebook pixel
We use the remarketing function “Custom Audiences” of Facebook Inc. (1601 Willow Road, Menlo Park, California 94025) or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This function allows us to show our Users and/or Customers of our website interest-based ads when they visit Facebook (“Facebook ads”), and to analyze such Facebook ads for statistical and market research purposes, which helps us optimize future advertising. This allows us to serve more relevant advertising.
For this purpose we use the so-called Facebook pixel for our website.
When a User or a Customer visits our website and takes an action (for example, buying something), the Facebook pixel is triggered and reports this action. This way, we will know when a customer took an action after seeing our Facebook ad. We will also be able to reach this customer again by using a Custom Audience. Therefore, this pixel allows user behavior to be tracked after they have been redirected to our Website by clicking on a Facebook ad. This way, we will know when a customer took an action after seeing our Facebook ad. We will also be able to reach this customer again by using a Custom Audience.
Therefore, this enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy. Such data may allow Facebook and its partners to show ads on or off Facebook. A cookie may also be stored on your computer for these purposes.