1. Controller and Content of this Privacy Policy

We, Volkshaus Basel Betriebs AG, Rebgasse 12, 4058 Basel, Switzerland, operate the Volkshaus Basel Hotel and the website www.volkshaus-basel.ch. Unless otherwise stated in this privacy policy, we are responsible for the data processing activities described herein.

To help you understand which personal data we collect from you and for what purposes we use it, please take note of the following information. We primarily follow the legal requirements of Swiss data protection law, in particular the Federal Act on Data Protection (FADP), as well as the GDPR, which may apply in individual cases.

Please note that the following information may be reviewed and changed from time to time. We therefore recommend that you consult this privacy policy regularly. Furthermore, for some of the data processing activities listed below, other companies may be independently or jointly responsible with us, and in such cases, the information provided by these providers is also relevant.

2. Data Protection Contact

If you have any questions regarding data protection or wish to exercise your rights, please contact:

Volkshaus Basel Betriebs AG
Ms. Manuela Voser
Rebgasse 12-14
CH – 4058 Basel
Switzerland

3. Scope and Purpose of the Collection, Processing and Use of Personal Data

3.1 Data Processing When Contacting Us

When you contact us via our contact addresses and channels (e.g. by email or phone), your personal data will be processed. We process the data you provide to us, such as your name, email address or phone number and your inquiry. In addition, the time your request is received is documented. Mandatory fields are marked with an asterisk (*) in contact forms. We process this data to address your inquiry (e.g. providing information about our hotel, support with contract processing such as questions about your booking, incorporating your feedback to improve our services, etc.).

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6(1)(f) GDPR in addressing your request or, if your request is aimed at concluding or processing a contract, the necessity for carrying out the required measures within the meaning of Art. 6(1)(b) GDPR.

3.2 Data Processing When Using Our Online Concierge Service (straiv)

When you use our online concierge service, your personal data is processed. This includes the data you provide to us, e.g. your company name, your name, your role, your email address, your billing address, payment method and your inquiry. Additionally, the time of the inquiry is recorded. Mandatory fields are marked with an asterisk (*). We process this data solely to handle your request (e.g. providing information about our hotel, supporting contract processing, processing orders, etc.).

We use a software application from straiv GmbH, Industriestrasse 23, 70565 Stuttgart, Germany to manage the online concierge service. Your data may be stored in a database of straiv GmbH, which could grant access to your data when necessary to provide the software and support its use. Information on data processing by third parties and any potential transfers abroad can be found in section 5 of this privacy policy.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6(1)(f) GDPR in using modern communication technologies, or if your inquiry is aimed at concluding or processing a contract, the necessity of the measures within the meaning of Art. 6(1)(b) GDPR.

It is possible that straiv GmbH may use some of this data for its own purposes (e.g. to send marketing emails or for statistical analysis). In such cases, straiv GmbH is the controller and is responsible for complying with data protection laws regarding such processing. Information about data processing by straiv GmbH can be found at https://straiv.io/en/legal/privacy.

3.3 Data Processing for Bookings

3.3.1 Booking via Our Website

On our website, you have the option to book an overnight stay. For this purpose, we collect the following data, with mandatory information marked with an asterisk (*) during the booking process:

Salutation
First name
Last name
Billing address
Date of birth
Company name, company address, and VAT number for business customers
Telephone number
Email
Payment method
Booking details
Comments
Confirmation of the accuracy of the information provided
Confirmation of acknowledgement and agreement to the GTC and privacy policy

We use this data to verify your identity before concluding a contract. We require your email address to confirm your booking and for future communication necessary for contract processing. We store your data together with the booking metadata (e.g. room category, duration of stay, description, price, and characteristics of services), payment data (e.g. selected payment method, payment confirmation and time; see also section 3.5.2), and information for executing and fulfilling the contract (e.g. receipt and handling of complaints) in our CRM database (see section 4), to ensure proper booking and contract fulfillment.

If required for contract fulfillment, we will also pass the necessary information on to third-party service providers (e.g. organizers or transport companies).

The legal basis for this data processing is the performance of a contract with you pursuant to Art. 6(1)(b) GDPR.

The provision of non-mandatory data is voluntary. We process this data to tailor our offer to your individual needs, to facilitate contract processing, to contact you via alternative means of communication if necessary for contract fulfillment, or for statistical evaluation and optimization of our services.

The legal basis for this data processing is your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time by notifying us.

For booking inquiries in our operation, we use the TravelClick booking system from Amadeus Hospitality Americas, Inc. (Amadeus), 75 New Hampshire Avenue, Portsmouth, NH 03801 USA. By submitting a booking request, you agree to the terms of use of Amadeus and acknowledge that your personal data (name, telephone number, email) will be shared with us and Amadeus.

Information about data processing by third parties and potential data transfers abroad can be found in section 5 of this privacy policy.

The legal basis for this data processing is the performance of a contract with you pursuant to Art. 6(1)(b) GDPR.

It is possible that Amadeus may use some of this data for its own purposes (e.g. to send marketing emails or for statistical analysis). Amadeus is the controller for such data processing.

Information on data processing by Amadeus can be found at https://www.amadeus-hospitality.com/privacy-policy/

3.3.2 Booking via a Booking Platform

If you book through a third-party platform (i.e. Booking, Hotel, Escapio, Expedia, Holidaycheck, Hotel Tonight, HRS, Kayak, Mr. & Mrs. Smith, Splendia, Tablet Hotels, Tripadvisor, Trivago, Weekend4Two etc.), we receive various personal data from the platform operator in connection with the booking made. This usually includes the data listed in section 3.5.2 of this privacy policy. We may also receive inquiries about your booking. We process this data in particular to correctly record your booking and to provide the booked services.

The legal basis for data processing for this purpose is the implementation of pre-contractual measures and the performance of a contract pursuant to Art. 6(1)(b) GDPR.

We may also exchange personal data with the platform operators in connection with disputes or complaints related to a booking, if necessary to protect our legitimate interests. This may include data related to the booking process on the platform or information regarding the booking or the services and stay with us.

Your data will be stored in the databases of the platform operators, giving them access to your data. Information on data processing by third parties and any possible transfer abroad can be found in section 5 of this privacy policy.

The legal basis for this data processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR.

3.4 Data Processing for Table Reservations

On our website, you have the option to reserve a table in a restaurant listed on our website. For this, we collect – depending on the offer – the following data, with mandatory fields in the online form marked with an asterisk (*):

First name
Last name
Number of guests
Email address
Phone number
Menu or offer type
Comment
Date and time of reservation

We collect and process this data to handle the reservation, particularly to make the reservation as requested and to contact you in case of questions or problems. We store your data along with reservation metadata (e.g. date and time of receipt), reservation details (e.g. assigned table), and contract fulfillment information (e.g. receipt and handling of complaints) in our CRM database (see section 4), to ensure proper reservation handling and contract fulfillment.

To manage table reservations, we use a software application from Aleno AG (Aleno), 8047 Zurich. Your data may be stored in a database of Aleno, which could grant access to your data when necessary to provide the software and support its use. Information on data processing by third parties and any potential transfers abroad can be found in section 5 of this privacy policy.

The legal basis for this data processing is the performance of a contract with you pursuant to Art. 6(1)(b) GDPR.

It is possible that Aleno may use some of this data for its own purposes (e.g. to send marketing emails or for statistical analysis). Aleno is responsible for these data processing activities and must ensure compliance with data protection laws in connection with such processing.

Information on data processing by Aleno can be found at https://www.aleno.me/imprint.

3.5 Data Processing for Payment Transactions

3.5.1 Payment Transactions at the Hotel

When you purchase products, use services or pay for your stay at our hotel using electronic means of payment, the processing of personal data is required. By using the payment terminals, you transmit the information stored in your payment method, such as the cardholder’s name and card number, to the involved payment service providers (e.g. payment solution providers, card issuers, and card acquirers). They also receive the information that the payment method was used in our hotel, the amount, and the time of the transaction. In return, we only receive the crediting of the payment amount at the corresponding time, which we can assign to the relevant receipt number, or a notification that the transaction was not possible or was canceled. Always refer to the respective company’s privacy policy and general terms and conditions.

The legal basis for our data processing is the performance of a contract with you pursuant to Art. 6(1)(b) GDPR.

When you make paid bookings, order services or products via our website, depending on the product or service and the desired payment method – in addition to the information mentioned in section 3.3.1 – the provision of further data is required, such as your credit card information or login with your payment service provider. This information, along with the fact that you purchased a service from us at the relevant amount and time, is forwarded to the respective payment service providers (e.g. payment solution providers, credit card issuers, and card acquirers). Always refer to the respective company’s privacy policy and general terms and conditions.

The legal basis for our data processing is the performance of a contract pursuant to Art. 6(1)(b) GDPR.

We reserve the right to store a copy of credit card information as a security measure. To avoid defaults in payment, we may also transmit the necessary data, particularly your personal details, to a credit agency for the automated assessment of your creditworthiness. In this context, the credit agency may assign you a so-called score value. This is an estimate of the future risk of payment default, e.g. in percentage form. The score is determined using mathematical-statistical methods and includes data from the credit agency from other sources. Based on the information received, we may decide not to offer the payment option “invoice”.

The legal basis for this data processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR in avoiding payment defaults.

3.6 Data Processing for Capturing and Billing Consumed Services

If you use services during your stay (e.g. additional overnight stays, wellness, restaurant, activities), – in addition to your contract data – the booking data (e.g. time and comments) and data on the booked and used service (e.g. service description, price and time of use) are recorded and further processed by us to manage the service, as described in sections 3.3 and 3.4.

The legal basis for our data processing is the performance of a contract pursuant to Art. 6(1)(b) GDPR.

3.7 Data Processing for Email Marketing

If you register for our marketing emails (e.g. during registration, within your customer account or in the context of an order, booking or reservation), the following data is collected. Mandatory fields are marked with an asterisk (*):

Email address
Salutation
First and last name

To prevent abuse and to ensure that the owner of an email address has actually consented to receive marketing emails, we use the so-called double opt-in. After submitting your registration, you will receive an email from us with a confirmation link. To definitively register for the marketing emails, you must click this link. If you do not confirm your email address within the specified period, your data will be deleted and no marketing emails will be sent to that address.

By registering, you consent to the processing of this data in order to receive marketing emails from us about our hotel and related information on products and services. These marketing emails may also include invitations to participate in contests, provide feedback or rate our products and services. Collecting the salutation and first and last name allows us to associate the registration with an existing customer account if applicable, and personalize the content of the marketing emails. Linking to a customer account allows us to make the offers and content in marketing emails more relevant to you and better tailored to your potential needs.

We use your data for sending marketing emails as long as you do not withdraw your consent. You can revoke your consent at any time, in particular via the unsubscribe link included in all marketing emails.

Our marketing emails may contain a so-called web beacon, 1×1 pixel (tracking pixel), or similar technical tools. A web beacon is an invisible graphic linked to the subscriber’s user ID. For each marketing email sent, we receive information on which email addresses successfully received the message, which addresses have not yet received it, and for which addresses delivery failed. It also shows which addresses opened the email for how long and which links were clicked. Lastly, we receive information on which subscribers unsubscribed. We use this data for statistical purposes and to optimize the frequency, timing, structure and content of our marketing emails. This allows us to tailor the information and offers in our marketing emails to the individual interests of the recipients.

The web beacon is deleted when you delete the marketing email. You can prevent the use of web beacons in our emails by setting your email program to not display HTML in messages. Instructions can be found in the help section of your email software, such as here for Microsoft Outlook.

By signing up for marketing emails, you also consent to the statistical evaluation of user behavior for the purpose of optimizing and customizing marketing emails.

We use MailChimp, a newsletter platform from the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA, to deliver marketing emails. Your data may therefore be stored in a MailChimp database, which may allow MailChimp access to your data when necessary to provide the software and support its use. Information on data processing by third parties and any transfer abroad can be found in section 5 of this privacy policy.

Your consent constitutes the legal basis for data processing pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future.

It is possible that MailChimp may use some of this data for its own purposes (e.g. to send marketing emails or for statistical analysis). MailChimp is responsible for such data processing and must ensure compliance with data protection laws in connection with it. Information on data processing by MailChimp can be found at: https://mailchimp.com/legal/.

3.8 Data Processing When Submitting Reviews

To assist other users with their decisions and support our quality management (especially in processing negative feedback), you have the opportunity to review your stay with us on our website. We process and publish the data you provide to us, i.e. your review, its timestamp, and any accompanying comment or name you may have provided.

The legal basis for data processing is your consent within the meaning of Art. 6(1)(a) GDPR. You can withdraw your consent at any time and request anonymization of your review.

We reserve the right to delete unlawful reviews and to contact you in case of suspicion and request a statement.

The legal basis for this processing is our legitimate interest within the meaning of Art. 6(1)(f) GDPR in providing a lawful and genuine comment and review function and in preventing misuse of it.

3.9 Data Processing by Video Surveillance

To protect our guests and employees, our property, and to prevent and prosecute unlawful behavior (especially theft and damage to property), the entrance area and public areas of our hotel (except restrooms) may be monitored by cameras. Video footage is only viewed if there is suspicion of unlawful conduct. Otherwise, footage is automatically deleted.

If suspicion is confirmed, data may be shared with advisors (especially law firms) and authorities to enforce claims or report incidents. For information on data processing by third parties and possible data transfers abroad, see section 5.

The legal basis is our legitimate interest within the meaning of Art. 6(1)(f) GDPR in protecting our guests, staff, and property as well as enforcing our rights.

3.10 Data Processing When Using Our WiFi Network

At our hotel, you have the option to use our WiFi network. To prevent misuse and prosecute unlawful conduct, prior registration is required. You provide the following data:

Mobile phone number
MAC address of the device (automatically collected)

In addition to this data, each use of the WiFi network records data on the time and date of use and the device used. The legal basis for this processing is your consent within the meaning of Art. 6(1)(a) GDPR. You can revoke your consent at any time.

To provide the WiFi network, we work with HPE Aruba Networking, Ueberlandstrasse 1, 8600 Dübendorf. Your data may be stored in a database of HPE Aruba Networking, which may allow them access to your data when necessary to provide and support the software. Information on data processing by third parties is in section 5. Further information on data processing by HPE Aruba Networking is available at https://www.arubanetworks.com/de/gdpr/.

HPE Aruba Networking must comply with legal obligations under the Federal Act on the Surveillance of Post and Telecommunications (BÜPF) and its associated ordinance. If legal conditions are met, the WiFi operator may be required to monitor internet usage and data traffic. The operator may also be required to disclose contact, usage, and connection data of hotel guests to authorities. These data are stored personally for 6 months and then deleted.

The legal basis for this processing is our legitimate interest within the meaning of Art. 6(1)(f) GDPR in providing a WiFi network in compliance with applicable legal regulations.

3.11 Data Processing to Fulfill Legal Reporting Obligations

Upon arrival at our hotel, we may be required to collect the following data from you and your companions. Mandatory information is marked with an asterisk (*) on the relevant form:

Salutation
First and last name
Billing address
Date of birth
Nationality
Identity card or passport
Date of arrival and departure

We collect this data to comply with legal reporting obligations under hospitality or police laws. Where required by applicable regulations, we transmit this information to the responsible authority.

The legal basis for this processing is our legal obligation pursuant to Art. 6(1)(c) GDPR.

3.12 Data Processing for Job Applications

You may apply for a job with us spontaneously or in response to a specific job posting. We process the personal data you provide.

We use the data you provide to evaluate your application and suitability for employment. Application documents of rejected candidates are deleted after the application process ends unless you explicitly agree to longer retention or we are legally required to retain them longer.

The legal basis for processing your data for this purpose is the performance of a contract (pre-contractual phase) pursuant to Art. 6(1)(b) GDPR.

4. Central Data Storage and Analysis in CRM System

Where a clear identification is possible, we will store and link the data described in this privacy policy (especially your personal details, communications, contract data, and your browsing behavior on our websites) in a central database. This allows efficient customer data management, proper processing of your inquiries, and efficient delivery and handling of the services you request and related contracts.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6(1)(f) GDPR in efficiently managing user data.

We also evaluate this data to further develop our offerings and to present and recommend relevant information and offers. We use methods to predict possible interests and future bookings based on your use of our website.

We use a software application from protel hotelsoftware GmbH (Protel), Europaplatz 8, 44269 Dortmund, Germany, for central data storage and analysis in the CRM system. Your data may be stored in a Protel database, which may allow them access to your data when necessary to provide and support the software. Information on data processing by third parties and any transfer abroad is provided in section 5. For more information on data processing in connection with Protel, visit https://www.protel.net/de/rechtlich/privacy-policy/.

The legal basis for this processing is our legitimate interest within the meaning of Art. 6(1)(f) GDPR in carrying out marketing activities.

5. Disclosure and Transfer Abroad

5.1 Disclosure to Third Parties and Third-Party Access

Without the support of other companies, we could not provide our services in the desired form. To use the services of these companies, your personal data must be shared with them to some extent. Data is disclosed to selected third-party service providers only to the extent necessary for the optimal provision of our services.

The legal basis for such disclosures is the necessity of performing a contract pursuant to Art. 6(1)(b) GDPR.

Data is also disclosed if required to perform services you requested, e.g., to restaurants or service providers where you made a reservation through us. These third-party service providers are controllers under data protection law. They are responsible for informing you about their data processing and for complying with data protection laws.

Data may also be disclosed to authorities, legal advisors, or debt collection agencies if legally required or necessary to enforce our rights, particularly to assert claims arising from our relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof, and such disclosure is required for a due diligence review or execution of the transaction.

The legal basis for this data processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR in protecting our rights, complying with obligations, or transferring business units.

5.2 Transfer of Personal Data Abroad

We are entitled to transfer your personal data to third parties abroad if required to carry out the data processing described in this privacy policy. Some such transfers are mentioned in section 3. These transfers comply with legal provisions for international data transfers. Countries to which data may be transferred include those deemed to provide adequate data protection (e.g., EEA states or Switzerland) and those that do not (e.g., the USA). Where there is no adequate level of protection, we rely on EU Standard Contractual Clauses, consent, necessity for contract performance, or public data.

5.3 Notes on Data Transfers to the USA

Some third-party providers mentioned in this policy are based in the USA. For users residing in Switzerland or the EU, please note that U.S. authorities may conduct surveillance allowing mass storage of personal data transferred from the EU/Switzerland to the U.S., without clear limitations or judicial remedies. This may impede your rights regarding access, correction, or deletion of data.

We explicitly inform you of this legal situation to enable you to make an informed decision regarding consent to such processing.

According to the EU and Switzerland, the U.S. does not provide an adequate level of data protection. Where we refer to providers based in the U.S. (e.g., Google), we use Standard Contractual Clauses or rely on consent, contractual necessity, or legal proceedings abroad.

6. Background Data Processing on Our Website

6.1 Data Processing When Visiting Our Website (Logfile Data)

When visiting our website, the servers of our hosting provider METANET AG (Metanet), Hardstrasse 235, CH-8005 Zurich, temporarily store each access in a log file. The following data is collected without your intervention and stored by us until automated deletion:

IP address of the requesting computer;
Date and time of access;
Name and URL of the accessed file;
Website from which the access originated, including any search terms used;
Operating system of your computer and the browser you use (including type, version, and language setting);
Device type in case of access via mobile phones;
City or region from which the access occurred; and
Name of your internet access provider.

Information about data processing by Metanet can be found at: https://www.metanet.ch/de/ueber-metanet/datenschutzerklaerung

The collection and processing of this data is done to enable the use of our website (establishing a connection), to permanently ensure system security and stability, to analyze errors and performance, and to optimize our website (see also section 6.4).

In the event of an attack on the network infrastructure of the website or suspicion of other unauthorized or abusive website usage, the IP address and other data are analyzed for clarification and defense, and if necessary, used for identification within civil or criminal proceedings.

Our legitimate interest under Art. 6(1)(f) GDPR in fulfilling these purposes forms the legal basis for this data processing.

Finally, we use cookies and applications and tools based on cookies during your visit. Related data may also be processed as described here. More details can be found in the following sections, particularly in section 6.2.

6.2 Cookies

Cookies are information files that your web browser stores on your computer’s hard drive or memory when you visit our website. Cookies are assigned identification numbers that identify your browser and allow the information stored in the cookie to be read.

Cookies help make your visit to our website easier, more enjoyable, and more meaningful. We use cookies for various purposes that are necessary for the use of the website you requested, i.e. they are “technically necessary.” For example, we use cookies to identify you as a registered user after logging in, so you don’t have to log in again on every subpage. Cookies also enable the ordering and booking functions. Furthermore, cookies perform other technical functions necessary for the operation of the website, such as load balancing, which distributes the website’s performance load across various web servers to reduce server strain. Cookies are also used for security purposes, e.g., to prevent unauthorized posting of content. Finally, we use cookies in the design and programming of our website, e.g., to enable the uploading of scripts or codes.

The legal basis for this data processing is our legitimate interest under Art. 6(1)(f) GDPR in providing a user-friendly and contemporary website.

Most internet browsers accept cookies automatically. When accessing our website, however, we ask for your consent to use technically non-essential cookies, especially cookies from third parties for marketing purposes. You can make your settings via the relevant buttons in the cookie banner. Details on services and data processing associated with individual cookies can be found in the cookie banner and in the following sections of this privacy policy.

You may also configure your browser so that no cookies are stored on your computer, or a message appears each time you receive a new cookie. The following pages explain how to configure cookie processing in selected browsers:

Google Chrome for desktop
Google Chrome for mobile
Apple Safari
Microsoft Internet Explorer
Microsoft Internet Explorer Mobile
Mozilla Firefox

Disabling cookies may mean you are unable to use all the features of our websit

6.3 Google Custom Search Engine

We use Google LLC’s Programmable Search Engine, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google), to provide you with an efficient search function on our website.

By pressing the enter key or clicking the search button, the search function is activated and search results from Google are displayed via an embedded iFrame. When retrieving results, a connection is established to Google’s servers, and your browser may transmit the log file data listed in section 6.1 (including your IP address) and the search term to Google. Data may also be transferred to servers abroad, such as those in the USA (see sections 5.2 and 5.3 for details on data transfer guarantees).

The legal basis for this data processing is our legitimate interest under Art. 6(1)(f) GDPR in providing an efficient search function on our website.

Please see Google’s privacy policy for further processing: www.google.com/intl/de_de/policies/privacy

6.4 Tracking and Web Analysis Tools

6.4.1 General Information

To design and continuously optimize our website to meet your needs, we use the web analysis services listed below. Pseudonymized user profiles are created and cookies used (see section 6.2). The information generated by cookies about your use of this website is usually transmitted to and stored on a server of the service provider, along with the log file data mentioned in section 6.1. Data may also be transferred to servers abroad, including the USA (see section 5.2 and 5.3).

This processed data may include:

Navigation paths on the site (including content viewed and products/services selected or booked);
Time spent on the site or subpage;
Subpage from which the site is exited;
Location (country, region, city);
Device (type, version, color depth, resolution, browser window dimensions);
Returning vs. new visitors.

The provider uses this information to evaluate website usage, compile reports, and provide other services related to website and internet use for us. We and the providers may be considered joint controllers to some extent for these processes.

The legal basis for these data processing activities is your consent under Art. 6(1)(a) GDPR. You can revoke your consent at any time by rejecting cookies in your browser settings (see section 6.2) or using the service-specific opt-out options described below.

Please consult the provider’s privacy notices for information on further data processing, especially regarding sharing with third parties or authorities.

6.4.2 Google Analytics

We use Google Analytics by Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

In the version we use (“Google Analytics 4”), IP addresses are not logged or stored. For EU-originated access, IPs are only used to determine location data and then deleted. Measurement data is processed via EU servers before being forwarded to Analytics servers.

We also use “Google Signals,” which enables cross-device tracking. This links a user with different devices if logged into a Google service and personalized advertising is enabled. However, the data remains anonymous to us. You can disable “personalized advertising” in your Google account.

You can prevent Google from collecting and processing your data by installing this browser plugin: http://tools.google.com/dlpage/gaoptout?hl=de

Alternatively, click this link to opt out of future Google Analytics tracking on this site. An opt-out cookie will be stored. If you delete cookies, you must click the link again.

6.5 Social Media

6.5.1 Social Media Profiles

Our website includes links to our profiles on the following social media networks:

Meta Platforms Inc., 1601 S California Ave, Palo Alto, CA 94304, USA – Privacy Policy
LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland – Privacy Policy

Clicking the icons of these networks redirects you to our profile on the respective platform. A direct connection is established between your browser and the server of the respective social network. The network thereby receives the information that your IP address has accessed our website and clicked the link. This may result in a transfer of data to servers abroad, e.g. in the USA (see sections 5.2 and 5.3 for more details).

If you are logged into your user account on the respective network at the time of clicking, the visit to our website can be directly assigned to your account. To prevent this, log out of your account before clicking the link. If you log in to the network after clicking, the data will still be linked.

The respective provider is responsible for this data processing. Please refer to the provider’s privacy policy.

The legal basis for any data processing attributable to us is our legitimate interest under Art. 6(1)(f) GDPR in promoting our social media presence.

6.5.2 Social Media Plugins

Our website may use social media plugins from the following providers:

Meta Platforms Inc., 1601 S California Ave, Palo Alto, CA 94304, USA – Privacy Policy
LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland – Privacy Policy

These plugins allow you to share content from our website. They increase visibility and help market our offerings.

The plugin content is transmitted directly from the network to your browser and embedded in our website. As a result, the provider receives information that your browser has accessed the respective page of our website – even if you do not have an account or are not logged in. This information (including your IP address) is sent directly to the provider’s server (usually in the USA) and stored there (see sections 5.2 and 5.3). We have no control over the extent of data collected. We may be considered joint controllers to a limited extent.

If you are logged in, your visit can be directly linked to your account. Interactions with plugins are also transmitted and stored. These interactions (e.g., liking a service) may be visible to others and used by the provider to display personalized ads and content. This may involve creating profiles and using your site activity for targeting purposes.

If you do not want the provider to associate your data with your account, log out before using the plugin. The legal basis is your consent under Art. 6(1)(a) GDPR. You can withdraw consent anytime as described in the provider’s privacy policy.

6.6 Online Advertising and Targeting

6.6.1 General

We use services from various companies to present you with interesting offers online. Your user behavior on our website and on the websites of other providers is analyzed to display personalized online advertising tailored to your interests.

Most tracking and targeting technologies use cookies (see section 6.2), which allow your browser to be recognized across different websites. Depending on the provider, it may also be possible to recognize you across devices (e.g., laptop and smartphone), especially if you use a registered account with the service on multiple devices.

In addition to the data already mentioned, which may be transmitted when accessing websites (logfile data, see section 6.1) and using cookies (see section 6.2), the following data may also be used to identify the ads most relevant to you:

Personal details you provided to advertising partners when registering or using a service (e.g., gender, age group);
User behavior (e.g., search queries, interaction with ads, types of websites visited, products/services viewed or purchased, newsletter subscriptions).

We and our service providers use this data to determine whether you belong to our target audience and consider this when selecting advertisements. For example, after visiting our website, you may see ads for our products or services on other websites (re-targeting).

Depending on the volume of data, a user profile may be created and evaluated automatically to tailor advertisements to your demographic group, potential interests, or behaviors. Such ads may be shown across various channels, including our website or app (onsite and in-app marketing), and ads served through online advertising networks such as Google.

This data may also be used for billing purposes with the service provider and to evaluate the effectiveness of advertising campaigns, enabling us to better understand our users’ and customers’ needs and improve future campaigns. This may include information that confirms a specific action (e.g., visiting a page or submitting information) was triggered by an ad. Additionally, we receive aggregated reports about ad activities and how users interact with our website and ads.

The legal basis for this data processing is your consent under Art. 6(1)(a) GDPR. You can revoke your consent at any time by configuring your browser settings to reject or disable cookies (see section 6.2). Additional options for blocking advertising are provided by individual service providers (e.g., Google).

6.6.2 Google Ads

This website uses services from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google), for online advertising, as described in section 6.6.1. Google uses cookies (see full list here) that allow your browser to be recognized when you visit other websites. The information generated by these cookies about your visits (including your IP address) is transmitted to a Google server in the USA and stored there (see also section 5.2 and 5.3 regarding the lack of an adequate data protection level and safeguards in place). More information about data protection at Google is available here.

The legal basis for this data processing is your consent under Art. 6(1)(a) GDPR. You can revoke your consent at any time by rejecting cookies in your browser settings (see section 6.2). Additional options for blocking advertising can be found here.

7. Data Retention Periods

We store personal data only for as long as necessary to carry out the processing described in this privacy policy in the context of our legitimate interests. Contract-related data is stored in accordance with legal retention obligations. Legal requirements for data retention arise, in particular, from accounting regulations and tax law. According to these regulations, business communications, concluded contracts, and booking records must be retained for up to 10 years.

Once we no longer need this data to perform the services for you, it is blocked. This means that the data may only be used if necessary to comply with retention obligations or to assert and defend our legal claims. The data is deleted as soon as no retention obligation or legitimate interest in its continued storage exists.

8. Data Security

We use appropriate technical and organizational security measures to protect your personal data stored with us against loss and unlawful processing, particularly unauthorized access by third parties.

Our employees and the service providers we commission are obligated by us to maintain confidentiality and comply with data protection regulations. In addition, access to personal data is only granted to the extent necessary for the performance of their duties.

Our security measures are continuously improved in line with technological developments. However, transmitting information over the internet and other electronic means always involves certain security risks, and we cannot provide an absolute guarantee for the security of information transmitted in this way.

9. Your Rights

If the legal requirements are met, you have the following rights as a person affected by data processing:

Right of access: You have the right to request, at any time and free of charge, information about your personal data stored with us.
Right to rectification: You may correct inaccurate or incomplete personal data.
Right to erasure: You may request the deletion of your personal data under certain conditions. In some cases (e.g., legal retention obligations), this may be replaced by a restriction of processing.
Right to restriction of processing: You may request that the processing of your data be limited.
Right to data portability: You may receive the personal data you have provided to us in a readable format.
Right to object: You may object to data processing at any time, particularly for direct marketing.
Right to withdraw consent: You may revoke any consent given at any time. Past processing remains lawful despite the withdrawal. To exercise these rights, please contact:
Volkshaus Basel Betriebs AG
Rebgasse 12, 4058 Basel, Switzerland
Right to lodge a complaint: You also have the right to lodge a complaint with a competent supervisory authority, for example, if you are dissatisfied with how your personal data is being processed.

Version: April 2025