Data Protection Policy

Swiss Youth Hostels Data Protection Policy

May 2018

Protection of your privacy is an absolute priority for Swiss Youth Hostels. We strive to guarantee the highest possible data protection and security.

Of course, we follow the legal requirements of the Swiss Federal Act on Data Protection (FADP), the Ordinance to the Federal Act on Data Protection (DPO), the Telecommunications Act (TCA) and other data protection provisions that may apply under Swiss or EU law, and in particular the European General Data Protection Regulation (GDPR).

Please note the information below so that you know what personal data we collect about you and for which purposes we use it.

We have appointed a data protection officer for our organisation. Please contact them via email at for any questions about data privacy in general or issues about your personal data.

The address of our data protection representative in the EU is:
VGS Datenschutzpartner UG, Am Kaiserkai 69, 20457 Hamburg, Germany. It can be contacted at

A)    Data processing related to our website

1)    Access our site

When you visit our website, our server temporarily stores every access in a log file. The following technical data is collected, without any action on your part, on every connection with a web server and saved by us until it is deleted automatically after a month at the latest:

-    browser types and versions
-    operating system used by the accessing system
-    internet site from which an accessing system reaches our site (referrer)
-    sub-websites visited by a system accessing our website
-    fonts and maps integrated in Google Fonts and Google Maps
-    date and time of access to the internet site
-    internet protocol (IP) address
-    internet service provider of the accessing system 
-    other similar data and information that serve as hazard prevention in case of an attack on our IT systems

This data is collected and processed to enable use of our website (connection set-up), ensure permanent system security and stability, help us enhance our internet offer and for internal statistical purposes.

In the event of attacks on the network infrastructure or other unauthorised or improper website use, the IP address and other data are also evaluated for information and defence, and could be used in criminal proceedings for identification or for civil or criminal action against the user in question.

2)    Use of our contact form

You can get in touch with us by using the contact form. For this, we require the following information:

-    First name
-    Surname
-    Email address
-    Message

We use this data and any telephone number that you give voluntarily in order to be able to answer your contact question in the best possible and personalised manner.

3)    Website bookings

If you make a booking using our website, we require the following information to process the order:

-    First name
-    Surname
-    Street
-    Postcode
-    Place
-    Country
-    Email address
-    Credit card details

We use this data and any other information that you give voluntarily (e.g. telephone number, age of children and other comments) only to process the order, unless otherwise stated in this data protection policy or where you have not specifically given your consent. We process this data in particular to record your booking requirements, to provide the services booked, to contact you with any queries or issues, and to ensure the correct payment.

4)    Cookies

Cookies help us to make your visit to our website simpler, more pleasant and more meaningful. Cookies are information files that your web browser saves automatically on the hard drive of your computer when you visit our internet site.

For example, we use cookies in the online shop so that visitors do not have to enter their data again; this is done by the internet site and the cookie on the user’s computer system. Another example is the cookie in a basket for the online shop. The online shop remembers the article that a customer has put in the virtual basket using a cookie.

Most internet browsers accept cookies automatically. However, you can configure your browser so that no cookies are saved on your computer or a pop-up message appears when you receive a new cookie. Disabling cookies may mean that you are not able to use all the functions of our website.

5)    Tracking tools

a)    General information

We use various tracking tools on our website. Your behaviour on our website is monitored using these tracking tools. This monitoring is for the purposes of needs-based design and ongoing optimisation of our website. In this context, pseudonymised user profiles are created and small text files that are saved on your computer (‘cookies’) are used. The information generated by the cookies about your use of this site is transferred to the service provider’s server, saved and prepared for us. 

b)    Google Analytics

Google Analytics sets a cookie on the IT system of the person in question. Section 4 explains what cookies are. Cookies enable Google to analyse use of our website. For every page view of this website, which is operated by the controller and has a Google Analytics plug-in, the Google Analytics plug-in automatically prompts the internet browser on the relevant person’s IT system to transfer data for online analysis to Google.

As part of this technical procedure, Google receives personal data information, such as the IP address of the person in question, which among other things helps Google understand the origin of visitors and clicks.

Personal information is saved via the cookie, such as the time and location of access and the frequency of visits to our website by the person in question. This personal data, including the IP address of the internet connection used by the relevant person, is transferred to Google in the US on each visit to our internet sites. Google saves this personal data in the US. In some circumstances, Google shares this personal data collected through the technical procedure with third parties.

The person concerned can prevent the setting of cookies by our internet site, as outlined above, at any time through an adjustment of the internet browser and thus disable cookies permanently. This browser configuration will also prevent Google from setting a cookie on the person’s IT system. Additionally, a cookie set by Google Analytics can be deleted at any time via the internet browser or other software.

Furthermore, the user can object to and prevent capture of the data generated by Google Analytics in relation to use of this internet site and processing of this data by Google. To do this, the user should download and install a browser add-on via the link This browser add-on tells Google Analytics through JavaScript that no data and information about site visits may be passed on to Google Analytics. Installation of this browser add-on is considered an objection by Google. If the IT system is later deleted, formatted or reinstalled, the user must reinstall the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or deactivated by the user or another person in their sphere of influence, the browser add-on can be reinstalled or reactivated.
Further information about Google’s current data protection provisions can be found at and Google Analytics is explained in more detail at

B)    Data processing related to our webshop

6)    Orders in our webshop

You can place orders using the contact form in our webshop. For this, we require the following information:

-    Title
-    First name
-    Surname
-    Street and house number
-    Postcode and place
-    Date of birth
-    Email address

We use this data and any other information that you give voluntarily (additional address, country, telephone number and comments) only to process your order requirements.

C)    Data processing related to our newsletter

7)    Subscription to our newsletter

You are able to subscribe to our newsletter, but registration is required. The following information is needed as part of the registration process:

-    First name
-    Surname
-    Email address

The above information is needed for data processing. You can also choose to provide further information (gender, language, membership number). We use this data in order to personalise the information and offers we send you and tailor them better to your needs.

On registration, you consent to the processing of the data for regular mail-outs of the newsletter to the address specified by you and for statistical evaluation of user behaviour and optimisation of the newsletter. We are entitled to mandate third parties for technical processing of advertising and to share your data for this purpose (see section 19 (g)).

8)    Unsubscription from our newsletter

A link at the end of the newsletter enables you to unsubscribe from the newsletter at any time. After unsubscribing, your personal data related to the newsletter is deleted. Further processing is done only on an anonymous basis to improve our newsletter.

D)    Data processing related to social media

9)    Social media

We maintain an online presence within social networks and platforms (Facebook, Instagram, Twitter) to communicate with visitors, interested parties and users, and to be able to inform them about our services. On access to the respective networks and platforms, the business conditions and data protection policies of the operator in question apply.

Unless otherwise stated in this data protection policy or where you have not specifically given your consent, user data is processed if users communicate with us within the social networks. 

E)    Data processing related to your membership

10)    Your membership

The following information is required in relation to your membership (annual or day membership) of Swiss Youth Hostels:

-    Title
-    First name
-    Surname
-    Street and house number
-    Postcode and place
-    Date of birth
-    Email address

In connection with family memberships, we also collect this information for members of your family.

We use this data and any other information that you give voluntarily (additional address, country, telephone number, comments) exclusively to carry out our contractual relationships. Personalised membership is required to verify and document your entitlement to membership benefits. Unless otherwise stated in this data protection policy or where you have not specifically given your consent, the data is not used for any other purpose.

F)    Data processing related to your booking in writing or by telephone

11)    Bookings in writing or by telephone

If you make bookings by correspondence (email or post) or telephone, we require the following information to process the order:

-    Title
-    First name
-    Surname
-    Street and house number
-    Postcode and place
-    Country
-    Language
-    Email address or telephone number
-    Payment details

We use this data and any other information that you give voluntarily (e.g. expected arrival time, preferences, allergies in connection with meals, etc.) to process the order, unless otherwise stated in this data protection policy or where you have not specifically given your consent. We process this data in particular to record your booking requirements, to provide the services booked, to contact you with any queries or issues, and to ensure the correct payment.

G)    Data processing related to your stay

12)    Data processing to fulfil legal reporting requirements

On arrival at our youth hostels, we require the following information from you and any accompanying persons:

-    Title
-    Surname
-    First name
-    Street/no.
-    Postcode, place
-    Country
-    Nationality
-    Email address
-    Telephone
-    Date of birth
-    Passport number

We collect this information to meet legal reporting requirements, particularly those arising from hospitality or administrative legislation. If required by the provisions in force, we disclose this information to the relevant police authority.

To offer you the best service on arrival, you are able to record this information conveniently via a web platform a few days before your arrival (web check-in). 

We use this data exclusively in order to meet our legal reporting requirements or to process the order in question, unless otherwise stated in this data protection policy or where you have not specifically given your consent. We also process this data in particular to provide the services you have booked. In this context, we are entitled to disclose the data to third parties (e.g. for the purchase of visitor passes or mountain railway tickets).

13)    Recording services purchased

If you receive additional services during your stay (e.g. meals or mountain railway tickets), the service and, if applicable, the time at which the service is drawn will be recorded for invoicing purposes.

14)    Guest feedback

If you have given us your email address for your booking, you will receive an electronic form after your departure. We collect the following data via this form:

-    With whom you were travelling
-    Gender
-    Year of birth
-    Rating
-    Comments

This information is voluntary and helps us to continually improve our range of services and adjust them to meet your needs. We use the information provided only for statistical purposes, unless otherwise stated in this data protection policy or where you have not specifically given your consent. We process this data in particular so that we can contact you with any queries or issues.

H)    Data retention and exchange with third parties

15)    Booking platforms

If you prefer to book via a third-party platform, we receive a range of personal data from the platform operator in question. This generally concerns the information listed in section 3 of this data protection policy. Queries about your booking may also be forwarded to us. We process this data in particular to record your booking requirements and to provide the services booked.

Finally, we may be informed by the platform operator of any disputes related to a booking. In some circumstances, we therefore also receive data about the booking procedure, which may include a copy of the booking confirmation as proof of the actual booking closure. We process this data to protect and enforce our rights.

16)    Data retention and linkage

We store personal data in the data processing systems provided for this. Your data is thus systematically recorded and if necessary linked to the processing of your booking and performance of the contractual services. Processing of this data takes place exclusively in the context of customer-friendly and efficient client data management.

17)    Retention period

We store personal data only for as long as is necessary to use the above tracking services and for further processing in our legitimate interests. We keep contractual data for longer, since this is governed by statutory retention requirements. Retention requirements that require us to store data arise from the legal provisions on notification, accounting and tax law. Under these regulations, business communications, contracts concluded and booking documents must be kept for up to 10 years. If we no longer require this data to provide services to you, the data is used only for accounting and tax purposes.

18)    Disclosure of information to third parties

a)    General information

We share your personal data only with your express consent, if there is a legal obligation to do so, or if it is required in order to exercise our rights, in particular to enforce claims resulting from the contractual relationship. We also share your data with third parties if it is required as part of website use and contract execution (including outside the website), particularly to process your booking.

In addition to the specific points below, please also see the notes on data disclosure to third parties in sections 5, 7, 9, 13, 23).

b)    Web hosting

Our web host, RTP GmbH, Josefstrasse 92, 8005 Zurich, is a service provider with which personal data collected via the website may be shared or which may have access to it. The website is hosted on servers in Switzerland. Data disclosure is for the purposes of providing and maintaining functionalities of our website.

c)    Bookings via our website

If you make a booking via our website, the personal data collected is shared with the operator of our booking platform, ASSD GmbH, Unterhaching, Germany. The booking platform is hosted on rented servers at the data centres of Amazon AWS and Daticum Bulgaria. Both data centres meet the requirements of the EU GDPR. Data disclosure is for the purposes of recording and registering your booking.

d)    Credit card details

We share your credit card details for credit card payments on the website or through a payment terminal with your credit card provider and the credit card acquirer. If you opt for credit card payment, you will be asked to input the required information each time. The legal basis for data disclosure is the contract execution. In relation to processing of your credit card details by these third parties, please read the general terms and conditions and data protection policy of your credit card provider.

e)    Web check-in and guest feedback

The data recorded as part of web check-in and guest feedback is stored on servers at Hetzner Online GmbH, Gunzenhausen, Germany. The servers are located in a member state of the European Union or in another member state party to the agreement on the European Economic Area. Data disclosure is for the purposes of storage only. All data processing is at the request of Swiss Youth Hostels and for the purposes defined in section 13 (web check-in) and section 15 (guest feedback).

f)    International bookings

Swiss Youth Hostels is a member of the international network Hostelling International. You can reach the Hostelling International website via the international hostels link on our website. The website is operated by the International Youth Hostel Federation (IYHF), YHA England & Wales, under the name Hostelling International. The general terms and conditions and data protection guidelines apply to use of this website, and can be consulted at Swiss Youth Hostels bears no liability for use of this website.

g)    Newsletter

We use software from CleverReach GmbH & Co. KG, Rastede, Germany, to send out our newsletter. Data required to send the newsletter is shared within the data processing contract with CleverReach GmbH. The data is stored on rented servers in the data centres of Amazon Web Services, Inc. in Germany and Ireland. This data is used only to send the newsletter, unless otherwise stated in this data protection policy or where you have not specifically given your consent.

h)    Visitor passes

Many destinations issue guest passes for visitors. The passes are often linked to collection of data for visitor’s tax. We share your personal data only if this is specifically required for issuance of visitor passes or settlement of the visitor tax, unless otherwise stated in this data protection policy or where you have not specifically given your consent.

i)    WLAN use

The WLAN available in our youth hostels is operated by Monzoon Networks AG, Spinnerei-Lettenstrasse, Riverside, 8192 Zweidlen. The data protection policy can be consulted at .

19)    Disclosure of personal data abroad

We are entitled to transfer your personal data to third-party companies (contracted service providers) abroad for the purposes of data processing as described in this data protection policy. They are required to observe data protection to the same extent. If the level of data protection in a country is not the equivalent of that in Switzerland or Europe, we ensure contractually that protection of your personal data always corresponds to that in Switzerland or the EU.

I)    Further information

20)    Rights to information, correction, deletion and limitation of processing; right to data portability

You have the right to receive information on request about the personal data that we hold about you. You are also entitled to correct inaccurate data and have your personal data deleted, provided there is no legal retention obligation or statutory permission for us to process the data.

You also have the right to ask for the data you have shared with us to be returned (right to data portability). On request, we also disclose the data to a third party of your choice. You are entitled to receive the data in a standard file format.

For such matters, you can contact us at the email address To process your application, we may ask for proof of identity, at our discretion.

21)    Data security

We take suitable technical and organisational safety measures to protect your data from manipulation, partial or complete loss, and unauthorised third-party access. Our security measures are continuously updated in line with technological advances.

You should close your browser window after communication with us, particularly if using a shared computer.

22)    Note on data transfer to the US

For reasons of completeness, we point out to users who are resident or based in Switzerland that monitoring measures by the US authorities generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the US. This happens with no differentiation, limitation or exemption on the basis of the aim pursued and without an objective criterion that enables the US authorities’ access to the data and its subsequent use to be limited to highly specific, strictly defined purposes, which may justify access to this data and intervention linked to its use. Moreover, we note that in the US no legal remedy exists for persons from Switzerland that permits them to access their data and obtain correction or deletion, and no legal protection against the US authorities’ general access rights. We point out this legal and general situation specifically to those concerned, in order that they may make an appropriate informed decision on consent to use of their data.

We point out to users resident in an EU member state that from the EU’s viewpoint, the US does not have a sufficient level of data protection due, inter alia, to the issues mentioned in this section. To the extent explained in this data protection policy that data recipients (e.g. Google) are based in the US, we shall ensure either through contractual provisions with these companies or certification of these companies within the EU or Swiss-US Privacy Shield that your data is protected at an appropriate level by our partners.

23)    Right of complaint to a data protection supervisory authority

You have the right to make a complaint to a data protection supervisory authority at any time.

Zurich, 23 May 2018