Privacy Policy

Privacy Policy

Volkshaus Basel
Status: March 2026

1. Controller and Content of this Privacy Policy

We, Volkshaus Basel Betriebs AG, Rebgasse 12, 4058 Basel, Switzerland, are the operator of Volkshaus Basel, including the hotel, the gastronomy services, as well as the website accessible at www.volkshaus-basel.ch, and – unless otherwise stated in this privacy policy – are responsible under data protection law for the processing of personal data described herein.

With this privacy policy, we inform you about which personal data we process in connection with our operations, our services and our website, for what purposes this is carried out, on what legal basis this is done, and what rights you are entitled to.

We primarily base our processing on Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and the corresponding ordinance. Where applicable, we also comply with the General Data Protection Regulation of the European Union (GDPR).

Please note that this privacy policy may be amended from time to time. The version published on our website shall apply in each case.

 

 

2. Contact for Data Protection Matters

If you have any questions regarding data protection or wish to exercise your rights, you may contact us as follows:

Volkshaus Basel Betriebs AG
Attn. Data Protection
Ms. Manuela Voser
Rebgasse 12–14
CH – 4058 Basel
Switzerland
E-mail: info@volkshaus-basel.ch

 

3. Scope, Purposes and Legal Bases of Our Data Processing

3.1 Contacting Us

If you contact us by e-mail, telephone, contact form or by other means, we process the personal data you provide. This includes in particular:

  • Name
  • E-mail address
  • Telephone number
  • Content of your request
  • Time and circumstances of the contact

We process this data in order to handle your request, respond to inquiries, prepare or execute bookings or reservations, as well as for quality assurance and documentation.

Legal bases are:

  • Performance of pre-contractual measures or fulfilment of a contract, insofar as your request is aimed at this
  • Our legitimate interest in orderly communication and processing of inquiries
  • Your consent, where such consent is obtained in individual cases

 

3.2 Use of Our Concierge Service (straiv)

If you use our concierge service, we process the data you provide, in particular:

  • Name
  • Company and function
  • E-mail address
  • Billing address
  • Payment method
  • Order or request content
  • Further information that you provide to us

We process this data to provide the concierge service, to handle your requests and orders, and for the performance of the contract.

For technical provision, we use a software solution from straiv GmbH, Industriestrasse 23, 70565 Stuttgart, Germany. It cannot be excluded that straiv may have access to personal data within the scope of support or hosting services.

To the extent that straiv processes data for its own purposes, straiv is itself responsible for such processing. The privacy notices of straiv shall apply in addition.

Legal bases are:

  • Contract initiation and contract performance
  • Our legitimate interest in an efficient, modern digital service

 

 

3.3 Bookings

3.3.1 Booking via Our Website

If you book accommodation via our website, we process the data collected as part of the booking process. Depending on the booking, this includes in particular:

  • Title
  • First and last name
  • Billing address
  • Date of birth
  • Company, company address and UID number in the case of corporate customers
  • Telephone number
  • E-mail address
  • Payment method
  • Booking details
  • Comments
  • Confirmations in connection with terms and conditions and data protection

We process this data to receive, manage and execute your booking, to fulfil our contractual obligations, to communicate with you before, during and after your stay, for invoicing, and for internal documentation.

Where additional information is not mandatory, it is provided voluntarily. We use such information to better tailor our services to your needs and to facilitate processing.

For the online booking system, we currently use TravelClick or services from Amadeus Hospitality Americas, Inc., 75 New Hampshire Avenue, Portsmouth, NH 03801, USA. The data required for booking may be transmitted to or processed by Amadeus.

To the extent that Amadeus processes data for its own purposes, in particular for its own service, analysis or compliance purposes, Amadeus is responsible for such processing. The privacy notices of Amadeus shall apply in addition.

Legal bases are:

  • Contract initiation and contract performance
  • Your consent, where optional additional information or communication options are concerned

 

 

3.3.2 Booking via Third Platforms

If you book via booking platforms such as Booking.com, Expedia, HRS, Tablet Hotels, Tripadvisor, Trivago or other third-party providers, we receive from the respective platform operators the data required to process the booking. This includes in particular master data, contact data, booking data and, where applicable, payment or communication data.

We process this data for the purpose of recording your booking, providing the booked services, communicating with you, and handling inquiries, changes, complaints or disputes.

To the extent that we exchange data with platform operators in connection with complaints, refunds or cases of misuse, this is done to safeguard our legitimate interests in proper contract execution and legal enforcement.

Legal bases are:

  • Contract initiation and contract performance
  • Our legitimate interest in handling complaints, misuse and legal disputes

 

3.4 Table Reservations

If you reserve a table in one of our restaurants via our website or other communication channels, we process in particular the following data:

  • First and last name
  • Number of guests
  • E-mail address
  • Telephone number
  • Date and time of the reservation
  • Menu or offer type
  • Comments or special requests

We process this data to receive, manage and carry out your reservation, as well as to contact you in case of questions or changes.

For the processing of table reservations, we use a software solution from Aleno AG, Zurich, Switzerland. Aleno may have access to personal data within the scope of technical provision or support.

To the extent that Aleno processes data for its own purposes, Aleno is responsible for such processing. The privacy notices of Aleno shall apply in addition.

Legal basis is contract initiation and contract performance.

 

 

3.5 Payment Transactions

3.5.1 Payments on Site

If you pay with electronic payment methods, the data required for payment processing is transmitted directly to the involved payment service providers, card issuers and acquirers. This includes in particular:

  • Name of the cardholder
  • Card data or tokenised card data
  • Transaction amount
  • Time of transaction
  • Acceptance point

As a rule, we only receive information as to whether a payment was successful, and the transaction data required for accounting.

Legal basis is contract performance.

 

3.5.2 Payments in Connection with Online Bookings and Orders

In the case of chargeable online bookings or orders, we additionally process the information required for payment and transmit it to the payment service providers used.

Where we store a credit card to secure bookings or carry out a pre-authorisation, this is done exclusively to the extent necessary and in compliance with applicable security requirements. Where technically possible, we use tokenised or otherwise protected procedures and do not store complete credit card data in plain text.

To prevent payment defaults, we may, where necessary and permissible, carry out credit checks or involve external service providers. In this context, master data and contract data may be transmitted to such providers.

Legal bases are:

  • Contract performance
  • Our legitimate interest in preventing payment defaults and misuse

 

3.6 Recording and Billing of Services Used

If you make use of additional services during your stay, such as additional overnight stays, gastronomic services, activities or other additional services, we process the data required for this, in particular:

  • Booking and contract data
  • Services used
  • Time of use
  • Prices and billing information
  • Any comments or special requests

This processing is carried out for service provision, internal allocation, invoicing and follow-up processing.

Legal basis is contract performance.

 

 

3.7 E-mail Marketing

If you register for our marketing e-mails (e.g. at opening, within your customer account or as part of an order, booking or reservation), the following data is collected. Mandatory fields are marked with an asterisk (*) during registration:

  • E-mail address
  • Title
  • First and last name

If you subscribe to our newsletter or other marketing e-mails, we process in particular:

  • E-mail address
  • Title
  • First and last name

We generally use the double opt-in procedure for registration. This means that we only activate your registration after you have verified your e-mail address via a confirmation link.

We process this data to send you information about our hotel, our gastronomy, events, offers or other services. Where you have given your consent, we may personalise content and carry out statistical evaluations, for example whether e-mails are opened or links are clicked.

Our marketing e-mails may contain tracking pixels or comparable technologies to measure openings and interactions. Such evaluations are carried out only where permitted under data protection law and where you have given your consent where required.

For sending marketing e-mails, we use Mailchimp, a service of Intuit / The Rocket Science Group LLC, Atlanta, USA. Data may be processed on servers outside Switzerland or the EEA.

You may withdraw your consent at any time with effect for the future, in particular via the unsubscribe link in each marketing e-mail or by contacting us.

Legal basis is your consent.

 

 

3.8 Reviews

If you submit reviews or comments on our website or via integrated functions, we process the data you provide, in particular:

  • Content of the review
  • Name or pseudonym, where applicable
  • Time of the review
  • Additional comments, where applicable

We process this data for publication of the review, quality assurance, handling of feedback and prevention of misuse.

You may generally withdraw your consent to publication at any time with effect for the future, subject to statutory obligations or overriding interests in retention.

Legal bases are:

  • Your consent, insofar as publication is concerned
  • Our legitimate interest in a functioning, lawful review system and prevention of misuse

 

 

3.9 Video Surveillance

For the protection of our guests, employees, facilities and assets, as well as for the prevention and investigation of misuse, theft, violence or damage to property, certain publicly accessible areas of our premises may be subject to video surveillance. Sanitary facilities and highly personal areas are not monitored.

We ensure that surveillance is proportionate. Video surveillance is indicated on site in an appropriate manner.

Recordings are generally stored only for as long as necessary for the respective purpose. If no security-relevant event occurs, recordings are deleted within a reasonable period. In the event of incidents, recordings may be secured and transmitted to authorities, insurers or legal advisors as required.

Legal basis is our legitimate interest in security, protection of property and legal enforcement.

 

 

3.10 Use of Our WiFi Network

If you use our guest WiFi, we process the data required to provide and secure the network. This may include in particular:

  • Mobile phone number, where registration is required
  • MAC address or device identifier
  • Time and duration of use
  • Technical connection data
  • Assigned IP address
  • Log data in connection with security or misuse incidents, where applicable

This processing is carried out to provide the WiFi, ensure technical operation, prevent misuse and, where applicable, comply with legal obligations.

For technical provision, we cooperate with HPE Aruba Networking, Dübendorf, Switzerland.

Where statutory retention or disclosure obligations exist, we process the relevant data to the extent required.

Legal bases are:

  • Contract performance or provision of the requested service
  • Our legitimate interest in security and prevention of misuse
  • Legal obligations, where applicable

 

3.11 Fulfilment of Legal Reporting Obligations

Upon your arrival or in connection with your stay, we may be legally obliged to collect certain information and transmit it to authorities. This includes in particular:

  • First and last name
  • Address
  • Date of birth
  • Nationality
  • Identity card or passport data
  • Date of arrival and departure

This processing is carried out exclusively to fulfil legal reporting and documentation obligations under applicable law.

Legal bases are:

  • Fulfilment of a legal obligation
  • Contract performance in connection with your stay, where applicable

 

3.12 Applications

If you apply for a position with us, we process the application documents you submit and the personal data contained therein, in particular:

  • Master and contact data
  • CV
  • Certificates and supporting documents
  • Correspondence
  • References, where provided or lawfully obtained

We process this data to review your application, carry out the application process and fill vacant positions.

If your application is not successful, we delete or anonymise your data after completion of the process, unless statutory retention obligations exist or you have consented to longer storage.

Legal basis is the performance of pre-contractual measures.

 

 

4. Central Data Storage and Internal Analysis

We may combine personal data from various points of contact – such as bookings, reservations, inquiries, stays or marketing interactions – in central systems, insofar as this is necessary for the management of our business relationships, service provision, customer support, quality assurance, IT security or legal enforcement.

For our central hotel or CRM system, we use a software solution from protel hotelsoftware GmbH, Dortmund, Germany. It cannot be excluded that protel may have access to personal data within the scope of hosting, maintenance or support.

Where permitted under data protection law, we may analyse data internally in order to improve processes, further develop our services, better serve returning guests or tailor communication measures more effectively. Any further personalisation or marketing profiling requiring consent is carried out only where a corresponding legal basis exists.

Legal bases are:

  • Contract performance
  • Our legitimate interest in efficient administration, quality assurance and appropriate customer support
  • Your consent, where required

 

 

5. Disclosure and International Data Transfers

5.1 Disclosure to Third Parties

We disclose personal data only where this is necessary for service provision, to fulfil legal obligations, to safeguard legitimate interests or based on your consent.

Recipients may include in particular:

  • IT and hosting providers
  • Booking and reservation systems
  • Payment service providers
  • CRM and communication service providers
  • Restaurant, event or service partners
  • Authorities and courts
  • Legal advisors, insurers or debt collection agencies
  • Acquirers or interested parties in the context of corporate transactions

Where third parties process data on our behalf, we contractually oblige them to comply with data protection law. Where third parties process data for their own purposes, they are responsible for such processing.

 

 

5.2 Data Transfers Abroad

In connection with our services and the tools we use, personal data may also be transferred to recipients abroad or processed there, including in countries outside Switzerland and the EEA.

Where transfers are made to countries without an adequate level of data protection, we ensure – where required – appropriate safeguards, in particular by concluding standard contractual clauses, using recognised data protection mechanisms or relying on a statutory exception, for example where the transfer is necessary for contract performance or you have given your consent.

 

 

5.3 Special Information on Data Transfers to the USA

Some of the service providers we use are located in the USA or may process data in the USA. For certain certified US companies, an adequate level of data protection may be recognised from a Swiss perspective.

Where no such mechanism applies, we rely – where necessary – on appropriate safeguards, in particular standard contractual clauses, or on a statutory exception.

Please note that, despite protective measures, risks may remain when processing data in the USA, in particular with regard to access by authorities or the enforceability of data subject rights.

 

 

6. Data Processing on Our Website

6.1 Log Files When Visiting Our Website

When you visit our website, the servers of our hosting provider METANET AG, Hardstrasse 235, 8005 Zurich, Switzerland, automatically store technical log data. This includes in particular:

  • IP address
  • Date and time of access
  • Accessed content and URLs
  • Referrer URL
  • Browser type and version
  • Operating system
  • Device type
  • Approximate location or region
  • Name of the access provider

We process this data to provide the website, ensure system security, analyse errors, prevent misuse and optimise the website technically.

Legal basis is our legitimate interest in a secure and functional website.

 

 

6.2 Cookies and Similar Technologies

We use cookies and comparable technologies on our website. Some are technically necessary, others serve statistical, convenience or marketing purposes.

Technically necessary cookies are used to ensure the functionality of the website, for example for navigation, security, load balancing or booking and form functions.

Non-essential cookies and comparable technologies are only used where legally permissible and where you have given your consent via our consent banner. You can adjust your selection there at any time.

You may also configure your browser to block or delete cookies. Please note that this may limit certain functions of our website.

Legal bases are:

  • Our legitimate interest for technically necessary technologies
  • Your consent for non-essential cookies and comparable technologies

 

6.3 Google Programmable Search Engine

We use Google Programmable Search Engine on our website to provide a search function. The provider is Google Ireland Limited, Dublin, Ireland, or Google LLC, USA.

When you use the search function, technical usage data and your search query may be transmitted to Google. This may also involve processing outside Switzerland or the EEA.

Legal basis is our legitimate interest in an efficient search function on our website.

 

 

6.4 Tracking and Web Analysis Tools

6.4.1 General

We use web analytics and tracking services to better understand the use of our website, improve user experience, measure the reach of our content and further develop our online offerings.

Depending on the service, cookies, similar technologies or pseudonymous identifiers may be used. Information about your usage behaviour, your device, your browser, your interactions with the website and, where applicable, approximate location data may be processed.

Where consent is required for these technologies, we only use them with your consent. You may withdraw your consent at any time with effect for the future or adjust it in our consent banner.

 

6.4.2 Google Analytics

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Dublin, Ireland, or Google LLC, USA.

Google Analytics helps us understand how visitors use our website. In particular, information about page views, duration of stay, interactions, technical characteristics of the device and approximate location data may be processed.

Where activated, we may also use features such as Google Signals. These enable Google to aggregate usage data across devices, provided users are logged into their Google account and have activated corresponding personalisation settings. As a rule, we do not receive directly identifiable personal data from Google.

We use Google Analytics only where the required consent has been obtained.

Legal basis is your consent.

 

 

6.5 Social Media

6.5.1 Links to Social Media Profiles

Our website may contain links to our profiles on social networks, in particular services provided by:

  • Meta Platforms
  • LinkedIn

If you click on such a link, you leave our website or establish a direct connection with the respective service. Technical data such as your IP address and usage data may be transmitted to the respective provider.

The respective provider is responsible for data processing. The privacy policies of the respective networks apply.

Legal basis is our legitimate interest in communication, visibility and marketing.

 

6.5.2 Social Media Plugins

Where we use social media plugins or similar integrations on our website, these are only activated where technically necessary or legally permissible. When such plugins are used, data may be transmitted directly to the respective providers.

Where consent is required for the use of such plugins, we obtain it in advance.

Legal bases are:

  • Your consent, where required
  • Otherwise our legitimate interest in a functional and modern online presence

 

 

6.6 Online Advertising and Targeting

6.6.1 General

We use online advertising services to promote our offerings on our website and on third-party websites. Usage data, technical identifiers, cookie information and interactions with advertisements may be processed to measure the reach and effectiveness of our advertising and to address target groups.

Where non-essential cookies or comparable technologies are used, this is only done on the basis of your consent.

Legal basis is your consent.

 

6.6.2 Google Ads

We use Google Ads and related functions of Google Ireland Limited, Dublin, Ireland, or Google LLC, USA, to place advertisements, measure conversions, perform remarketing and analyse the effectiveness of our campaigns.

Google may process information about your use of our website, your interaction with advertisements and technical device data. This may include the use of cookies or similar technologies.

Where consent is required for Google Ads, it is only used after corresponding consent has been obtained via our consent management system.

Legal basis is your consent.

6.6.3 Use of Customer Match (Google Ads)

We may use the “Customer Match” function of Google Ads to target our advertising more precisely to existing customers or similar audiences. The provider is Google Ireland Limited, Dublin, Ireland. Where data is also processed by Google LLC, USA, section 5 applies.

In this context, we may transmit customer data that you have provided to us, in particular:

  • E-mail address
  • First and last name
  • Postal code
  • Country
  • Other identification data required by Google

The data is generally pseudonymised using a hashing procedure before transmission. An automated matching with Google data then takes place.

We use Customer Match only where you have given your consent.

You may withdraw your consent at any time with effect for the future.

Legal basis is your consent.

 

 

7. Retention Periods

We retain personal data only for as long as this is necessary for the respective purposes or as we are legally obliged to do so.

In particular, we retain data:

  • For as long as this is necessary for contract processing, customer support or communication
  • For as long as statutory retention and documentation obligations exist, for example under commercial, tax, hospitality or other mandatory laws
  • For as long as legitimate interests in retention exist, for example for legal enforcement, evidentiary purposes or IT security

After expiry of the respective retention periods, the data is deleted or anonymised, unless a further legal obligation or an overriding legitimate interest in retention exists.

 

 

8. Data Security

We take appropriate technical and organisational security measures to protect personal data against unauthorised access, loss, misuse, alteration or unlawful disclosure.

Our employees and commissioned service providers only have access to personal data to the extent necessary for the performance of their tasks.

Please note that the transmission of information via the internet and electronic communication methods is never completely secure. Absolute security cannot therefore be guaranteed.

9. Your Rights

Where the legal requirements are met, you have the following rights in connection with the processing of your personal data:

  • Right of access to the personal data we process
  • Right to rectification of incorrect or incomplete data
  • Right to deletion, provided there is no legal retention obligation or other overriding reason
  • Right to restriction of processing, where provided by law
  • Right to receive or transfer your data in a commonly used format, where applicable
  • Right to object to processing based on legitimate interests, in particular to direct marketing
  • Right to withdraw consent at any time with effect for the future

To exercise your rights, please contact:

Volkshaus Basel Betriebs AG
Attn. Data Protection
Rebgasse 12–14
CH – 4058 Basel
Switzerland
E-mail: info@volkshaus-basel.ch

If you are of the opinion that the processing of your personal data violates applicable data protection law, you may also lodge a complaint with the competent supervisory authority. In Switzerland, this is in particular the Federal Data Protection and Information Commissioner (FDPIC).

10. Final Provisions

If individual provisions of this privacy policy are or become invalid, the validity of the remaining provisions shall remain unaffected.

The version published on our website shall apply.

Status: March 2026