Privacy policy

Effective date: 30 October 2023

Introduction

Portes des Iris sàrl (hereinafter “PDI” or “we”) operates, under its business name, the entities Portes des Iris and the Château de Vullierens.

PDI respects your privacy and is committed to full transparency about how we collect, use, and share your personal data. This Privacy Policy explains how PDI processes the personal data we collect from you, that you provide to us, or that we may obtain from other sources.

For the purposes of this Privacy Policy, “personal data” means any information, in any format and on any medium, relating to an identified or identifiable natural person, in particular by reference to a name, an identification number, location data, or an online identifier.

In this context, we, PDI, process personal data about our customers to honor our commitment to provide a high level of service across all interactions with PDI. Personal data collected by PDI is shared among all the above-mentioned companies and sites, and is governed by this Privacy Policy.

This Privacy Policy forms an integral part of the terms and conditions governing our services. As a customer and user of our platforms, you acknowledge and agree that we process, collect, store, use, and transfer your personal data in accordance with this Privacy Policy. By interacting with us or providing us with your personal data, you accept the rules described herein. If you do not agree with these rules, please do not use or visit our website and do not provide us with your personal data.

PDI reserves the right to amend this Privacy Policy. Changes take effect upon publication on our website. Please check our website regularly for updates.

This Policy applies to the processing of personal data relating to past, current, and future customers who interact with PDI, regardless of how the information was obtained (orally, in writing, or electronically).

Types of personal data we collect

1. Contact and identification details such as title, first and last name, postal and/or email address, and phone number;
2. Information, comments, or content you provide regarding your marketing preferences, in satisfaction questionnaires, surveys, participation in promotional offers, or on our websites as well as third-party sites;
3. Data collected when you access our websites, exchange emails with us, or subscribe to newsletters, as well as information about your preferences and interests;
4. Information from your social media accounts when you authorize a third-party social network to share your personal data with us or when you use a social feature integrated into our website;
5. Professional information if you apply for a job (we keep your CV and application file).

When do we collect your personal data?

Most of the personal data we process is information that you, or someone acting on your behalf, voluntarily provide when interacting with us—via our website, by phone or mail, through social media, or otherwise.

In certain circumstances, we also process personal data that we infer from other information you have provided or from our exchanges with you.

We may also receive personal data about you from third parties, including third-party data aggregators (e.g., Google), promotional partners, public sources, and social media platforms. This may include personal data from your social media profile that you authorize the platform to share with us in accordance with their rules.

This Policy applies regardless of how we obtained your personal data.

Information collected when you visit our websites

When you visit our websites, we collect information about how you use them. This may include the IP address automatically assigned to your computer when browsing the internet, the date and time of your visit, the pages you view and the time spent on each page, your browser type, your device’s operating system, and the URLs of other websites you visited before and after ours. This information is not linked to you as an individual unless you create a user profile, though we may keep a record of the device used. Collecting this technical data is based on our legitimate interests in offering you the best possible experience on our site and developing new services.

What is our cookies policy?

Please refer to our Cookies Policy here: direct link.

Why and how do we use your personal data?

In compliance with applicable law, we process, collect, use, and disclose relevant elements of your personal data for the following purposes:

1. To provide and manage our services: to deliver the services you request and manage your account.
2. Communication: as part of our marketing efforts, to send information relevant to our services, updates, or special offers—keeping you informed about opportunities and news that may be of interest.
3. Service improvement: your feedback helps us enhance our services.
4. Legal compliance: to respond to legal requests or comply with regulatory obligations.
5. To send newsletters, marketing materials, and promotional offers related to our services.
6. To conduct market research, customer satisfaction surveys, and quality assurance.
7. To protect our staff, customers, other visitors, and our property against inappropriate or harmful behavior (e.g., property damage, aggressive conduct, theft, vandalism, non-payment).
8. To meet legal, financial, and regulatory requirements, especially regarding record-keeping and data retention.
9. To test and evaluate new products and services.

In all cases, we use your data only to the extent necessary to achieve the above purposes.

Legal basis for processing your personal data

We process your personal data only where permitted by law. Most often, we use your data to:

1. Provide our services;
2. Carry out business transactions with you;
3. Offer marketing and communications relevant to your needs, preferences, and interests;
4. Respond to your inquiries and/or manage your participation in a competition or event we organize;
5. Optimize your user experience on our website;
6. Respond to unsolicited or other job applications;
7. Ensure the security and maintenance of our website and the safety of our staff and customers;
8. Keep records to comply with our financial or legal obligations.

Retention period

We retain your personal data only for as long as necessary:

1. to perform the services you requested;
2. to operate the tracking, advertising, and analytics services mentioned above as part of our legitimate interests;
3. to fulfill our legal obligations.

Retention depends on factors such as the nature of the data, the reason for its collection and processing, and any legal or operational retention needs.

In some cases, we may anonymize your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once our relationship ends, we will retain and securely delete your personal data in accordance with applicable laws and regulations.

We retain data for longer where required by statutory archiving obligations (e.g., accounting and tax law). Under these rules, business correspondence, concluded contracts, and accounting records must be retained for up to 10 years.

When personal data we collect is no longer required for a given purpose or due to a legal requirement, we delete or anonymize it.

Disclosure and transfer of your personal data to third parties and abroad

We do not sell your personal data. Most of the data we collect is stored on our own systems. In some cases, hosting location is imposed by the application provider using the data.

We may make certain personal data available to partners in the following cases:

To our partners

We may share your personal data with our partners to better address your needs and requests.

To our processors

We may disclose your personal data to service providers acting as processors—e.g., providers of ancillary services (online booking and ticketing, tourist information and recommendation, newsletter publishing and distribution, marketing analytics, advertising, IT hosting, maintenance, and payment services such as credit card or Twint).

Our processors are bound by confidentiality and may only use your personal data in line with our instructions and this Policy.

To third parties

Your personal data may be disclosed to governmental, judicial, or administrative authorities if required by law, to protect our rights or legitimate interests. It may also be disclosed to other third parties where necessary to defend our or third-party legitimate interests.

International transfers

Your personal data will mainly be processed in Switzerland, but may also be processed in other countries where appropriate. Third-party companies to whom we transfer your personal data to pursue the purposes described in this Policy may be located abroad or store their data abroad, in countries that do not ensure the same level of protection as Switzerland and the European Union. Where applicable, we take appropriate and reasonable measures to ensure your personal data is always protected to a level equivalent to that applicable in Switzerland and the EU.

We also reserve the right to disclose any personal data we hold about you if required by court order or if a government body legally requests it, or if we determine that such action is necessary or desirable to comply with the law or to protect or defend our rights or property, in accordance with applicable law. We also reserve the right to retain and process collected personal data to comply with accounting and tax regulations and applicable data-retention laws.

Our websites may also contain plugins and features integrating third-party social media platforms. You will have the option to activate them manually. If you do, those third parties may identify you, determine how you use this website, and associate and store this information with your social media profile. Please consult the privacy policies of these platforms to understand how your personal data will be used.

Security

We implement appropriate technical and organizational security measures to protect your personal data against manipulation, partial or total loss, destruction, and unauthorized access by third parties. Our security measures are continually improved as technology evolves. Please handle your payment information confidentially and close your browser window when you finish communicating with us, especially when using a shared computer. We also take data protection seriously within our company. Our employees and service providers are bound by confidentiality and must comply with legal data-protection requirements.

However, please note that we cannot guarantee absolute security of your personal data, as storing and transmitting personal data electronically involves certain risks.

Your rights

1. Right of access
2. Right to rectification
3. Right to erasure
4. Right to restriction of processing
5. Right to data portability
6. Right to object/complain
7. Right to lodge a complaint with a supervisory authority

You can choose which personal data to provide to us—or object to processing where it is based on a task carried out in the public interest or on our legitimate interests. However, if you choose not to provide certain details, your customer experience may be affected (for example, we cannot process a booking without a name). Deleting or restricting processing of some or all of your personal data may limit our ability to serve you.

You have the right, upon request and free of charge, to obtain information about personal data processed about you. You also have the right to have inaccurate data corrected and to have your personal data erased, provided there is no legal retention obligation or other legal basis for processing. You may also request restriction of processing or object to processing where it is based on a public-interest task or our legitimate interests. You also have the right to receive the data you have provided to us in a structured, commonly used, machine-readable format (data portability). Upon request, we can also transmit the data to a third party of your choice. You may also limit the use of tracking technologies such as cookies by configuring your browser to alert you before accepting them, or to refuse them outright. If you believe we are not respecting your rights or our obligations, you may file a complaint with the data-protection authorities in Switzerland.

For any questions regarding your personal data, you can contact us at any time at info@portesdesiris.ch or by mail at Portes des Iris sàrl, Route de Cottens 1, 1115 Vullierens, Switzerland.

If we have doubts about the identity of the person making a request, we may require additional information, including an ID document, to confirm the requester’s identity before processing. We will honor your request within one month of receipt or, where applicable, from identity confirmation. This period may be extended by two months in case of complexity or numerous requests. If so, we will inform you of the extension and reasons within one month of receiving your request.

This Privacy Policy and any questions arising from or related to it are governed by Swiss law. You agree to the exclusive jurisdiction of the courts at PDI’s registered office.

Controller and updates to this Privacy Policy

Portes des Iris sàrl, Route de Cottens 1, 1115 Vullierens (Vaud, Switzerland) is the controller for personal data collected under this Privacy Policy.

The last update to this Privacy Policy was on 6 November 2023. We reserve the right to amend it periodically without prior notice. We therefore recommend reviewing it regularly.