Geneva Hostel Data Protection Policy
Version of May 2018

Geneva Youth Hostel Association is the operator of the website www.genevahostel.ch and thus responsible for the collection, processing and use of your personal data as well as for the compliance of data processing with the applicable legislation in data protection matters.

Safeguarding your privacy has absolute priority for our Hostel. It is our endeavor to guarantee you a maximum of data protection and security. Of course, we follow the legal requirements of the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (DPO), the Telecommunications Act (TCA) and other data protection provisions that may apply under Swiss or EU law, and in particular the European General Data Protection Regulation (GDPR).

Please note the information below so that you know what personal data we collect about you and for which purposes we use it.

1. Data processing related to our website. Access our site.

When you visit our website, our server temporarily stores every access in a log file. The following technical data is collected, without any action on your part, on every connection with a web server and saved by us until it is deleted automatically after a month at the latest:

  • the IP address of the computer accessing the site,
  • the name of the owner of the IP space (usually your Internet Service Provider),
  • the date and time of access,
  • the website from which you accessed our site (original URL) and possibly the search keywords used,
  • the name and URL of the file being viewed,
  • the status indicator (e.g. error message),
  • your computer's operating system,
  • the browser you are using (type, version and language),
  • the communication protocol used (e.g. HTTP/1.1), and
  • possibly your username resulting from a registration/authentication.

This data is collected and processed to enable use of our website (connection set-up), ensure permanent system security and stability, help us enhance our internet offer and for internal statistical purposes. These processing operations are based on our legitimate interest in accordance with Art. 6 al. 1 let. f GDPR.

In addition, the IP address is analysed together with other data for recognition and defence purposes in the event of attacks on the network infrastructure or other unauthorised or abusive use of the website, and may be used in criminal proceedings for the purpose of identification and civil and criminal action against the user in question. These treatments are based on our legitimate interest under Art. 6 para. 1 let. f GDPR.

2. Use of our contact form

You have the possibility to write us an e-mail at mail in order to get in touch with us. For this, we need the following information:

  • first and last name
  • email address
  • message

We use this data and any telephone number that you give voluntarily in order to be able to answer your contact question in the best possible and personalised manner. The processing of this data is therefore necessary for the execution of pre-contractual measures in accordance with Art. 6 para. 1 let. b GDPR or is based on our legitimate interest in accordance with Art. 6 para. 1 let. f GDPR, respectively.

3. Reservation on the site, by mail or by phone

If you make reservations via our site, by correspondence (email or mail) or by telephone, we require the following data for the execution of the contract:

  • Title
  • first and last name
  • home address
  • date of birth
  • contact number
  • language
  • credit card information
  • email address

We use this data and any other information that you give voluntarily (e.g. telephone number, age of children and other comments) only to process the order, unless otherwise stated in this data protection policy or where you have not specifically given your consent. We process this data in particular to record your booking requirements, to provide the services booked, to contact you with any queries or issues, and to ensure the correct payment.

The execution of a contract in accordance with Art. 6 para. 1 lit. b GDPR is the legal basis for the processing of data for this purpose.

 4. Cookies

Cookies help us to make your visit to our website simpler, more pleasant and more meaningful. Cookies are information files that your web browser saves automatically on the hard drive of your computer when you visit our internet site.

For example, we use cookies in the online shop so that visitors do not have to enter their data again; this is done by the internet site and the cookie on the user’s computer system. Another example is the cookie in a basket for the online shop. The online shop remembers the article that a customer has put in the virtual basket using a cookie.

Most internet browsers accept cookies automatically. However, you can configure your browser so that no cookies are saved on your computer or a pop-up message appears when you receive a new cookie. 

  • Microsoft Windows Internet Explorer
  • Microsoft Windows Internet Explorer Mobile
  • Mozilla Firefox
  • Google Chrome pour bureau
  • Google Chrome pour mobile
  • Apple Safari pour bureau
  • Apple Safari pour mobile

Disabling cookies may mean that you are not able to use all the functions of our website.

 5. Tracking tools

We use various tracking tools on our website. Your behaviour on our website is monitored using these tracking tools. This monitoring is for the purposes of needs-based design and ongoing optimisation of our website. In this context, pseudonymised user profiles are created and small text files that are saved on your computer (‘cookies’) are used. The information generated by the cookies about your use of this site is transferred to the service provider’s server, saved and prepared for us. In addition to the data listed below, we may receive the following information:

  • navigation route taken by a visitor to the site,
  • duration of the visit on the site or on the page,
  • the page from which the visitor leaves the site,
  • the country, region or city from which access takes place,
  • device (type, version, colour depth, resolution, width and height of the navigation window) and
  • recurring or new visitor.

The information is used to analyse the use of the website, to compile reports on website activities and to provide other services in connection with the use of the website and the use of the Internet for market research purposes and the appropriate presentation of the website. This information may also be passed on to third parties insofar as this is prescribed by law or insofar as third parties are commissioned to process this data.

Google Analytics

The provider of Google Analytics is Google Inc, a company of the US-based holding company Alphabet Inc. Prior to the transmission of data to the provider, the IP address is abbreviated by activating IP anonymization ("anonymizeIP") on this website within the Member States of the European Union or in other States that have signed the Agreement on the European Economic Area. Google will not combine the anonymized IP address transmitted by your browser with any other data collected by Google Analytics. In exceptional cases, the complete IP address is transmitted to a Google server in the USA and then abbreviated. In this case, we ensure through contractual guarantees that Google Inc. complies with a sufficient level of data protection. According to Google Inc. the IP address will not be combined with any other data concerning the user.

More information about the audience analysis service used can be found on the Google Analytics website. To find out how you can prevent the processing of your data by the audience analysis service, please visit the following address http://tools.google.com/dlpage/gaoptout?hl=en.

 6. Social media

We maintain an online presence within social networks and platforms (Facebook, Instagram, Twitter) to communicate with visitors, interested parties and users, and to be able to inform them about our services. On access to the respective networks and platforms, the business conditions and data protection policies of the operator in question apply.

Unless otherwise stated in this data protection policy or where you have not specifically given your consent, user data is processed if users communicate with us within the social networks. 

7. Data processing related to your stay Data processing to fulfil legal reporting requirements

On arrival at our youth hostels, we require the following information from you and any accompanying persons:

  • first and last name
  • postal address and canton
  • date of Birth
  • place of birth
  • nationality
  • passport number
  • day of arrival and departure
  • room number

We collect this information to meet legal reporting requirements, particularly those arising from hospitality or administrative legislation. If required by the provisions in force, we disclose this information to the relevant police authority.

We have a legitimate interest under art. 6 para. 1 let. f GDPR to fulfill the legal provisions.

8. Recording services purchased

If you receive additional services during your stay (e.g. meals), the service and, if applicable, the time at which the service is drawn will be recorded for invoicing purposes. The processing of this data is necessary for the performance of your contract with us under art. 6 para. 1 let. b GDPR.

 9. Guest feedback

If you have given us your email address for your booking, you will receive an electronic form after your departure. We collect the following data via this form:

  • With whom you were travelling
  • Gender
  • Year of birth
  • Rating
  • Comments

This information is voluntary and helps us to continually improve our range of services and adjust them to meet your needs. We use the information provided only for statistical purposes, unless otherwise stated in this data protection policy or where you have not specifically given your consent. We process this data in particular so that we can contact you with any queries or issues.

10. Booking platforms

If you prefer to book via a third-party platform, we receive a range of personal data from the platform operator in question. This generally concerns the information listed in section 3 of this data protection policy. Queries about your booking may also be forwarded to us. We process this data in particular to record your booking requirements and to provide the services booked.

Finally, we may be informed by the platform operator of any disputes related to a booking. In some circumstances, we therefore also receive data about the booking procedure, which may include a copy of the booking confirmation as proof of the actual booking closure. We process this data to protect and enforce our rights. For these treatments we rely on our legitimate interest under art. 6 para. 1 let. f GDPR.

Please also read the privacy policies of the respective providers.

 11. Centralized storage and linking of data

We store personal data in the data processing systems provided for this. Your data is thus systematically recorded and if necessary linked to the processing of your booking and performance of the contractual services. Processing of this data takes place exclusively in the context of customer-friendly and efficient client data management. For this purpose, we use software from ASSD GmbH (ASSD PMS) in Germany. The processing of this data by the software is based on our legitimate interest under Art. 6 para. 1 let. f GDPR in a customer-friendly and efficient management of customer data.

12. Retention period

We store personal data only for as long as is necessary to use the above tracking services and for further processing in our legitimate interests. We keep contractual data for longer, since this is governed by statutory retention requirements. Retention requirements that require us to store data arise from the legal provisions on notification, accounting and tax law. Under these regulations, business communications, contracts concluded and booking documents must be kept for up to 10 years. If we no longer require this data to provide services to you, the data is used only for accounting and tax purposes.

 13. Disclosure of information to third parties

We share your personal data only with your express consent, if there is a legal obligation to do so, or if it is required in order to exercise our rights, in particular to enforce claims resulting from the contractual relationship. We also share your data with third parties if it is required as part of website use and contract execution (including outside the website), particularly to process your booking.

Our web host infomaniak.ch is a service provider to whom we transmit the personal data collected via the website, or who has or can have access to it. The website is hosted on servers in Switzerland. The purpose of data transmission is to provide and maintain the functionality of our site. The processing is based on our legitimate interest under art. 6 para. 1 let. f GDPR.

If you make a booking via our website, the personal data collected is shared with the operator of our booking platform, ASSD GmbH, Unterhaching, Germany. The booking platform is hosted on rented servers at the data centres of Amazon AWS and Daticum Bulgaria. Both data centres meet the requirements of the EU GDPR. Data disclosure is for the purposes of recording and registering your booking.

We share your credit card details for credit card payments on the website or through a payment terminal with your credit card provider and the credit card acquirer. If you opt for credit card payment, you will be asked to input the required information each time. The legal basis for data disclosure is the contract execution. In relation to processing of your credit card details by these third parties, please read the general terms and conditions and data protection policy of your credit card provider.

 14. Disclosure of personal data abroad

We are entitled to transfer your personal data to third-party companies (contracted service providers) abroad for the purposes of data processing as described in this data protection policy. They are required to observe data protection to the same extent. If the level of data protection in a country is not the equivalent of that in Switzerland or Europe, we ensure contractually that protection of your personal data always corresponds to that in Switzerland or the EU.

15. Rights to information, correction, deletion and limitation of processing; right to data portability

You have the right to receive information on request about the personal data that we hold about you. You are also entitled to correct inaccurate data and have your personal data deleted, provided there is no legal retention obligation or statutory permission for us to process the data.

You also have the right to ask for the data you have shared with us to be returned (right to data portability). On request, we also disclose the data to a third party of your choice. You are entitled to receive the data in a standard file format.

For such matters, you can contact us at the email address mail. To process your application, we may ask for proof of identity, at our discretion.

 16. Data security

We take suitable technical and organisational safety measures to protect your data from manipulation, partial or complete loss, and unauthorised third-party access. Our security measures are continuously updated in line with technological advances.

You should close your browser window after communication with us, particularly if using a shared computer.

We also take data protection very seriously within our company. Our employees and the service providers we mandate are subject to secrecy and compliance with legal data protection provisions.

 17. Note on data transfer to the US

For reasons of completeness, we point out to users who are resident or based in Switzerland that monitoring measures by the US authorities generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the US. This happens with no differentiation, limitation or exemption on the basis of the aim pursued and without an objective criterion that enables the US authorities’ access to the data and its subsequent use to be limited to highly specific, strictly defined purposes, which may justify access to this data and intervention linked to its use. Moreover, we note that in the US no legal remedy exists for persons from Switzerland that permits them to access their data and obtain correction or deletion, and no legal protection against the US authorities’ general access rights. We point out this legal and general situation specifically to those concerned, in order that they may make an appropriate informed decision on consent to use of their data.

We point out to users resident in an EU member state that from the EU’s viewpoint, the US does not have a sufficient level of data protection due, inter alia, to the issues mentioned in this section. To the extent explained in this data protection policy that data recipients (e.g. Google) are based in the US, we shall ensure either through contractual provisions with these companies or certification of these companies within the EU or Swiss-US Privacy Shield that your data is protected at an appropriate level by our partners.

18. Right of complaint to a data protection supervisory authority

You have the right to make a complaint to a data protection supervisory authority at any time.

 

Geneva, 28.06.2020

The Geneva Hostel is located in a quiet area, surrounded by 5 stars hotels, very close to the lake and to the international organizations.

Contact Info

GENEVA HOSTEL

Rue Rothschild 28-30

1202 Genève - Suisse

Tel : +41 22 732 62 60

mail genevahostel

plan

Clean-and-safe

arzh-TWdeiwitjakonoptruestr
 
 
swiss hostels 

fifog