Privacy Policy

Our Business ("we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website, make a booking, or interact with our services.

We are committed to complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

We may collect and process the following categories of personal data:

Personal Information: Name, email address, telephone number, postal address, and other contact details you provide when making a booking or enquiry.

Booking Details: Check-in and check-out dates, room preferences, number of guests, and any special requests or requirements.

Payment Information: Payment card details are processed securely by our third-party payment processor and are never stored on our servers.

Technical Data: IP address, browser type and version, device information, operating system, time zone setting, and browsing actions on our website.

We use the personal information we collect for the following purposes:

• To process and manage your bookings and payments
• To send booking confirmations, reminders, and pre-arrival information
• To communicate with you about your stay, including responding to enquiries and requests
• To comply with legal and regulatory obligations, including tax and accounting requirements
• To improve our website, services, and guest experience
• To send marketing communications where you have given consent (you may opt out at any time)

All payment transactions are processed through Stripe, our trusted third-party payment processor. Stripe handles your card data in compliance with PCI DSS (Payment Card Industry Data Security Standard) requirements.

We never store, process, or have access to your full credit or debit card numbers. Payment information is transmitted directly to Stripe using industry-standard encryption.

Our website uses essential cookies that are necessary for the site to function correctly, such as maintaining your session and remembering your preferences.

We may use analytics tools to understand how visitors interact with our website. These tools use cookies to collect anonymised information about page visits and user behaviour, helping us improve our website and services.

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

We work with trusted third-party service providers to deliver our services. These may include:

• Payment Processor (Stripe): To securely process payments for bookings
• Channel Managers: To distribute availability across booking platforms
• Hosting Provider: To host and maintain our website infrastructure

We only share personal data with third parties to the extent necessary for them to provide their services. All third-party providers are contractually required to protect your data and use it only for the purposes we specify.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Booking and financial records: Retained for the period required by applicable tax and accounting regulations (typically 7 years)
• Marketing data: Retained until you withdraw your consent or unsubscribe
• Technical logs: Retained for up to 90 days for security and performance monitoring

After the applicable retention period, personal data is securely deleted or anonymised.

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right of Access: You may request a copy of the personal data we hold about you
• Right to Rectification: You may request that we correct any inaccurate or incomplete data
• Right to Erasure: You may request that we delete your personal data, subject to legal obligations
• Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format
• Right to Restrict Processing: You may request that we limit how we use your data
• Right to Object: You may object to the processing of your personal data for certain purposes
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated

To exercise any of these rights, please contact us at talang@iwyss.ch. We will respond to your request within 30 days.

Our use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Email: talang@iwyss.ch

Address: Raffael Wyss