Swiss Youth Hostels Data Protection Policy
Protection of your privacy is an absolute priority for Swiss Youth Hostels. We strive to guarantee the highest possible data protection and security.
Of course, we follow the legal requirements of the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (DPO), the Telecommunications Act (TCA) and other data protection provisions that may apply under Swiss or EU law, and in particular the European General Data Protection Regulation (GDPR).
Please note the information below so that you know what personal data we collect about you and for which purposes we use it.
We have appointed a data protection officer for our organisation. Please contact them via email at firstname.lastname@example.org for any questions about data privacy in general or issues about your personal data.
The address of our data protection representative in the EU is:
VGS Datenschutzpartner UG, Am Kaiserkai 69, 20457 Hamburg, Germany. It can be contacted at email@example.com.
A) Data processing related to our website
1) Access our site
When you visit our website, our server temporarily stores every access in a log file. The following technical data is collected, without any action on your part, on every connection with a web server and saved by us until it is deleted automatically after a month at the latest:
- browser types and versions
- operating system used by the accessing system
- internet site from which an accessing system reaches our site (referrer)
- sub-websites visited by a system accessing our website
- fonts and maps integrated in Google Fonts and Google Maps
- date and time of access to the internet site
- internet protocol (IP) address
- internet service provider of the accessing system
- other similar data and information that serve as hazard prevention in case of an attack on our IT systems
This data is collected and processed to enable use of our website (connection set-up), ensure permanent system security and stability, help us enhance our internet offer and for internal statistical purposes.
In the event of attacks on the network infrastructure or other unauthorised or improper website use, the IP address and other data are also evaluated for information and defence, and could be used in criminal proceedings for identification or for civil or criminal action against the user in question.
Cookies help us to make your visit to our website simpler, more pleasant and more meaningful. Cookies are information files that your web browser saves automatically on the hard drive of your computer when you visit our internet site.
Most internet browsers accept cookies automatically. However, you can configure your browser so that no cookies are saved on your computer or a pop-up message appears when you receive a new cookie. Disabling cookies may mean that you are not able to use all the functions of our website.
a) General information
We use various tracking tools on our website. Your behaviour on our website is monitored using these tracking tools. This monitoring is for the purposes of needs-based design and ongoing optimisation of our website. In this context, pseudonymised user profiles are created and small text files that are saved on your computer (‘cookies’) are used. The information generated by the cookies about your use of this site is transferred to the service provider’s server, saved and prepared for us.
b) Google Analytics
Google Analytics sets a cookie on the IT system of the person in question. Section 4 explains what cookies are. Cookies enable Google to analyse use of our website. For every page view of this website, which is operated by the controller and has a Google Analytics plug-in, the Google Analytics plug-in automatically prompts the internet browser on the relevant person’s IT system to transfer data for online analysis to Google.
As part of this technical procedure, Google receives personal data information, such as the IP address of the person in question, which among other things helps Google understand the origin of visitors and clicks.
Personal information is saved via the cookie, such as the time and location of access and the frequency of visits to our website by the person in question. This personal data, including the IP address of the internet connection used by the relevant person, is transferred to Google in the US on each visit to our internet sites. Google saves this personal data in the US. In some circumstances, Google shares this personal data collected through the technical procedure with third parties.
The person concerned can prevent the setting of cookies by our internet site, as outlined above, at any time through an adjustment of the internet browser and thus disable cookies permanently. This browser configuration will also prevent Google from setting a cookie on the person’s IT system. Additionally, a cookie set by Google Analytics can be deleted at any time via the internet browser or other software.
Further information about Google’s current data protection provisions can be found at https://policies.google.com/privacy?hl=en&gl=en and https://www.google.com/analytics/terms/gb.html. Google Analytics is explained in more detail at https://www.google.com/analytics/.
B) Data processing related to social media
4) Social Media
We maintain an online presence within social networks and platforms (Facebook, Instagram, Twitter) to communicate with visitors, interested parties and users, and to be able to inform them about our services. On access to the respective networks and platforms, the business conditions and data protection policies of the operator in question apply.
Unless otherwise stated in this data protection policy or where you have not specifically given your consent, user data is processed if users communicate with us within the social networks.
C) Data retention and exchange with third parties
5) Data retention and linkage
We store personal data in the data processing systems provided for this. Your data is thus systematically recorded and if necessary linked to the processing of your booking and performance of the contractual services. Processing of this data takes place exclusively in the context of customer-friendly and efficient client data management.
6) Retention period
We store personal data only for as long as is necessary to use the above tracking services and for further processing in our legitimate interests.
7) Disclosure of information to third parties
a) General information
We share your personal data only with your express consent, if there is a legal obligation to do so, or if it is required in order to exercise our rights, in particular to enforce claims resulting from the contractual relationship. We also share your data with third parties if it is required as part of website use and contract execution (including outside the website.
In addition to the specific points below, please also see the notes on data disclosure to third parties in sections 5, 7, 9).
b) Web hosting
Our web host, RTP GmbH, Josefstrasse 92, 8005 Zurich, is a service provider with which personal data collected via the website may be shared or which may have access to it. The website is hosted on servers in Switzerland. Data disclosure is for the purposes of providing and maintaining functionalities of our website.
8) Disclosure of personal data abroad
We are entitled to transfer your personal data to third-party companies (contracted service providers) abroad for the purposes of data processing as described in this data protection policy. They are required to observe data protection to the same extent. If the level of data protection in a country is not the equivalent of that in Switzerland or Europe, we ensure contractually that protection of your personal data always corresponds to that in Switzerland or the EU.
D) Further information
9) Rights to information, correction, deletion and limitation of processing; right to data portability
You have the right to receive information on request about the personal data that we hold about you. You are also entitled to correct inaccurate data and have your personal data deleted, provided there is no legal retention obligation or statutory permission for us to process the data.
You also have the right to ask for the data you have shared with us to be returned (right to data portability). On request, we also disclose the data to a third party of your choice. You are entitled to receive the data in a standard file format.
For such matters, you can contact us at the email address firstname.lastname@example.org. To process your application, we may ask for proof of identity, at our discretion.
10) Data security
We take suitable technical and organisational safety measures to protect your data from manipulation, partial or complete loss, and unauthorised third-party access. Our security measures are continuously updated in line with technological advances.
You should close your browser window after communication with us, particularly if using a shared computer.
11) Note on data transfer to the US
For reasons of completeness, we point out to users who are resident or based in Switzerland that monitoring measures by the US authorities generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the US. This happens with no differentiation, limitation or exemption on the basis of the aim pursued and without an objective criterion that enables the US authorities’ access to the data and its subsequent use to be limited to highly specific, strictly defined purposes, which may justify access to this data and intervention linked to its use. Moreover, we note that in the US no legal remedy exists for persons from Switzerland that permits them to access their data and obtain correction or deletion, and no legal protection against the US authorities’ general access rights. We point out this legal and general situation specifically to those concerned, in order that they may make an appropriate informed decision on consent to use of their data.
We point out to users resident in an EU member state that from the EU’s viewpoint, the US does not have a sufficient level of data protection due, inter alia, to the issues mentioned in this section. To the extent explained in this data protection policy that data recipients (e.g. Google) are based in the US, we shall ensure either through contractual provisions with these companies or certification of these companies within the EU or Swiss-US Privacy Shield that your data is protected at an appropriate level by our partners.
12) Right of complaint to a data protection supervisory authority
You have the right to make a complaint to a data protection supervisory authority at any time.
Zurich, 23 May 2018