Copyright © The Yarn Hotel. All rights reserved.
Thank you for your interest in our website www.theyarn.ch (‘website’) The website is operated by THE YARN (‘THE YARN’) and offer you, the user (‘user’), the option of learning about the room offerings and the various hotel locations, booking a room if you are interested and there is a vacancy, and contacting us if you have any questions.
We take the protection of your personal data seriously and abide by the provisions of data protection laws and other relevant data protection requirements. In the sections below, we will explain to you, as a user of our website or our app, how we handle your data and provide you with an overview of the measures we implement to protect personal data.
You may revoke any consent you may have granted at any time with future effect. If you have any questions regarding our use of your personal data, please contact us.
The controller pursuant to the EU General Data Protection Regulation (‘GDPR’) and other national data protection laws of member states as well as other data protection provisions is:
The Yarn Hotel
Bahnhofstrasse 4
8810 Horgen
hello@theyarn.ch
This privacy policy applies to the websites of THE YARN which can be accessed via the domains www.theyarn.ch
The controller’s external data protection officer is THE YARN.
Personal data refers to all information related to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behaviour. Information that we cannot use to identify you personally (or that would involve a disproportionate effort to do so), for example, by anonymising the information, does not constitute personal data. The processing of personal data (e.g. collecting, accessing, using, storing or transmitting such data) always requires a legal basis or your consent. Processed personal data will be deleted as soon as the purpose of the processing has been achieved and there is no longer any statutory obligation to retain the data.
If we process your personal data in order to provide certain services, the sections below will inform you of the specific processes, the scope and the purpose of the data processing activity, the legal basis for the processing activity and the relevant storage period.
Provision and use of the websites and the THE YARN app:
When you access and use our websites or the THE YARN app, we collect personal data that your browser or the app automatically sends to our server. This information is temporarily saved in a log file. When you use our websites, we collect the following information, which we need for technical reasons in order to display our websites to you and ensure stability and security.
Every time a user accesses one of the websites or the app and every time a file is accessed, access data related to this action is stored in a log file on our server. This data includes:
This data is used to generate pseudonymised internal statistics that help us to analyse the use of the websites or the THE YARN app, correct errors and improve our services. It is not used for any other purpose related to you individually. In particular, this data is not merged with other data sources. This data is automatically deleted after the statistical analysis. You can prevent your pseudonymised data from being used for statistical purposes at any time by adjusting your browser settings to prevent cookies from being stored on your computer (see section 7).
The legal basis for the specified data processing is Article 6(1)(f) GDPR. The processing of the specified personal data is necessary to provide the websites and the THE YARN app and therefore serves to safeguard the legitimate interests of our company.
The temporary storage of the IP address by the system is necessary in order to display the website on the user’s computer. The user’s IP address has to be stored for the duration of the session.
As soon as the specified data is no longer necessary to display the websites, it will be deleted. The collection of data to provide the websites and the storage of data in log files is necessary for the operation of the websites and the THE YARN app. Consequently, the user does not have the right to object to such use. The data may be stored for longer periods in individual cases if required by law.
You can make a reservation and/or booking on our websites and in the app. You can also buy vouchers. When you do this, the following personal data will be entered into a form and processed by us:
In order to process payments, we share your payment details with the financial institution responsible for processing the payment and with any payment service providers commissioned by us or the payment service selected by you when you place the order. These companies may only use your personal data to process the order and not for any other purpose.
To process payments, it is also necessary for our payment service provider Computop Wirtschaftsinformatik GmbH to process personal data for the 3D Secure 2.0 protocol. 3D Secure 2.0 is a protocol for secure and enhanced customer authentication, carried out in accordance with Directive (EU) 2015/2366 (Payment Services Directive 2, PSD 2).
For this purpose, the following personal data, in particular, is also processed:
Personal data is processed for the completion of a booking/reservation or the purchase of a voucher in order to fulfil a contract between you and THE YARN in accordance with Article 6(1)(b) GDPR. This also applies to data processing required for the implementation of pre-contractual measures.
As soon as the processed personal data is no longer necessary for the execution of the contract, it will be deleted. Even after the conclusion of the contract, it may be necessary to store your personal data in order to comply with contractual or statutory obligations. The data may be stored for longer periods in individual cases if required by law.
Please feel free to contact us electronically via the form provided. The personal data you enter in the form will be transferred to us. If you use the contact form, the following personal data will be processed:
Additionally, the following personal data will be stored when the message is sent:
Alternatively, you can contact us at the email address provided. In this case, the personal data transmitted with the email will also be stored. In this case, the personal data will not be shared with third parties. The personal data will only be used to process your enquiry.
The legal basis for the processing of personal data is Article 6(1)(f) GDPR. We have a legitimate interest in responding to enquiries that you send to us by email or via the contact form. Additionally, pursuant to Article 6(1)(f) GDPR, we have a legitimate interest in processing personal data during the sending process in order to prevent misuse of the contact form and protect our IT systems.
After we have processed your enquiry, the personal data will be deleted unless deletion is prevented by contractual or statutory retention periods. You have the right to withdraw your consent to the processing of personal data at any time. If you contact us by email, you can object to the processing of your personal data at any time. In this case, it will not be possible to process your enquiry any further. All personal data collected in the course of this correspondence will be deleted in this case unless deletion is prevented by contractual or statutory retention periods.
If you have any questions, please contact: THE YARN AG.
However, if the processed data is required for the execution of a contract or for the implementation of pre-contractual measures, the data can only be deleted early if doing so does not contradict a contractual or statutory obligation.
In collaboration with our partner m3 connect, we offer beOne members the opportunity to take advantage of the beConnected service, whereby you log into our hotel wifi once with a device (laptop, smartphone, tablet, etc.) and then have permanent wifi access (over multiple stays) with this device. Your MAC address is processed by m3 connect and can be assigned to your beOne account by us. The legal basis for the processing of personal data that is required for the fulfilment of a contract to which you are a party is Article 6(1)(b) GDPR. Your data will be stored for as long as you use the beConnected service.
After staying at a THE YARN or The Cloud One hotel, customers will receive an email asking them to rate their stay and suggest improvements.
The legal basis for the data processing activity carried out with respect to the use of your email address is Art. 6(1)(f) GDPR. The processing of email addresses and the collection of ratings is necessary to ensure the quality of the hotel and to optimise hotel services, and therefore helps to safeguard the legitimate interests of our company. This evaluation email is not used for any other purpose.
As soon as this data (email address and rating) is no longer required for the specified optimisation purposes, it will be deleted immediately.
When registering for the THE YARN newsletter, the user declared their consent to regularly receive a newsletter email containing news, campaigns and offers from THE YARN and The Cloud One hotels (as well as articles related to the topic of hotels, travel and overnight accommodation). The personal data processed by THE YARN in order to send the newsletter is not shared with other companies. You can revoke your consent to the use of your email address at any time with future effect (newsletter@theyarn.ch). You can also unsubscribe from the newsletter via a separate link located at the bottom of each newsletter email.
You, the user, expressly accepted the following declaration of consent when you subscribed to the newsletter on our website and we have logged this consent:
‘I would like to subscribe to the free THE YARN newsletter and receive regular news and information about campaigns and offers from THE YARN related to the topic of hotels and travel. My email address will not be disclosed to other companies. I can revoke my consent to receive the newsletter with future effect at any time via the website theyarn.ch.
In the app, you can sign up to receive push notifications. For this purpose, THE YARN and The Cloud One hotels use the Firebase Cloud Messaging service, which is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). For detailed information about how Google uses personal data, please visit https://policies.google.com/privacy and https://firebase.google.com/support/privacy.
The push notifications can provide you with information about your next booking, or news and offers from THE YARN and The Cloud One hotels.
To sign up for push notifications on iOS, you must opt in when your browser or device asks whether you would like to receive push notifications.
We evaluate anonymised push notifications for statistical purposes and can therefore determine whether and when push notifications have been displayed and clicked on. This enables us to determine which push notifications are of interest to recipients and tailor future notifications to the presumed interests of all recipients in order to increase the level of interest in our service.
You can revoke your consent to the storage and use of your personal data to receive our push notifications at any time with future effect in accordance with Art. 6(1)(a) GDPR. You can revoke your consent by adjusting the settings on your device.
Your data will be erased as soon as it is no longer necessary for the purpose for which it was collected. As such, your data will be stored for as long as push notifications are enabled.
THE YARN may, on their own initiative or at the request of the user, complete, correct or delete incomplete, erroneous or outdated personal data that THE YARN have stored in connection with the operation of this website. If these processes are carried out at the request of the user, THE YARN may only do so if the user has sufficiently identified themselves. Identity is verified using a copy of a photo ID – which will of course be deleted immediately after the authentication has been completed – or using criteria that can only be known by the user. THE YARN cannot agree to the user’s request if they are not properly identified.
In line with statutory provisions, THE YARN will delete personal data immediately on the user’s request, provided there are no mandatory retention obligations to the contrary.
Personal data is handled confidentially and in line with the statutory data protection regulations. Data is not disclosed to third parties without the user’s consent, unless this is required to carry out orders, process payments or process requests or it is permitted in accordance with the statutory provisions. External service providers are obliged to handle data confidentially and securely, and they may only use the data as required to carry out their duties.
This is particularly true for any payments processed by external service providers, as well as the exchange of data with The user’s legitimate concerns are taken into account in line with the statutory provisions.
Otherwise, personal data is only disclosed if the user has given their express prior consent or if doing so is necessary for the prosecution of criminal offences. Personal data is only transmitted to the authorities or government agencies with the right to information if there is a statutory obligation to provide information or there has been a court ruling to this effect. Your legitimate concerns are taken into account in line with the statutory data protection provisions. Where necessary, we may disclose your data to third parties on the basis of statutory requirements. We only comply with such requests if we are required to do so in line with statutory obligations.
Any consent you may have given for us to disclose your data can be revoked at any time and without the need to provide us with a reason.
The protection of personal data is an important corporate principle at THE YARN and The Cloud One hotels. This is achieved through, among other things, training, a company data protection officer and a written agreement with all employees and external service providers to maintain the confidentiality of data and comply with data protection requirements.
All technical and organisational, physical and computer systems and measures in the area of data protection, IT and information security help to protect stored data from damage, destruction and unauthorised access and to achieve the protection objectives of confidentiality, availability and integrity.
For the sake of security, personal data is collected using an encrypted secure socket layer (SSL) connection (recognisable by the use of ‘https://’ at the beginning of the website address in the address bar of the internet browser).
In addition, THE YARN and The Cloud One hotels take all reasonable precautions to prevent unauthorised access to users’ personal data as well as the unauthorised use or falsification of this data and to minimise the corresponding risks. However, the provision of personal data, whether this is done in person, on the phone or online, always involves risks, and there is no technical system that is completely impervious to manipulation or sabotage.
We use SurveySparrow to compile online questionnaires. With SurveySparrow, we collect, analyze, compile, compare and review data from survey respondents to produce insights and make sense out of the responses. SurveySparrow is a survey software tool that strictly adheres to the GDPR. SurveySparrow process the data responses only as part of the provision of services to THE YARN and in accordance with our sole written instructions. It acts as an intermediary platform to collect the responses that you submit to us via an online questionnaire.
The SurveySparrow product is designed in such a way that they adhere to the principle, Privacy by design and default in all circumstances respecting the privacy of individuals as guaranteed under the GDPR. Therefore, they do not have access to the survey responses directly or indirectly and all survey responses and results generated within the said platform are securely stored on their servers in the EU. SurveySparrow does not sell, misuse or share your responses to third party advertisers or marketers. Further the data submitted by the survey respondents are not scanned or shared by SurveySparrow for any purpose. The results generated on the SurveySparrow platform can only be exported by THE YARN for analysis and review.
THE YARN use your answers to improve our services, and your personally identifying information will not be used unless expressly requested in a particular question. THE YARN never use your information to build an identifiable profile of you. Your data is never sold, monetised, or shared beyond the reasonable remit of carrying out brand, design, and user experience research.
We have concluded a Data Processing Addendum (DPA) with the above-mentioned service provider, SurveySparrow. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our survey respondents in accordance with our instructions and in compliance with the GDPR. The contract is based on standard contractual clauses of the EU and can be viewed at the following link: https://surveysparrow.com/legal/dpa/
With the help of Cookies used by SurveySparrow, we process the following personal data of our users:
The processing of your personal data with the help of SurveySparrow serves the purpose of improving our website/improving our offer/making our website more customer-friendly.
We process your personal data on the following legal basis: Your consent according to Art. 6 (1) lit. a GDPR. We require your consent for processing for this purpose. You can revoke your consent at any time via the cookie banner on our website. Please note that the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. If you set your browser software accordingly, you can generally prevent the storage of cookies. Please note, however, that in this case not all functions on our website will be available to you.
We only store your personal data for as long as the purpose requires. If you withdraw your declaration of consent, we will delete your personal data. We can view your personal data for maximum 12 months.
SurveySparrow is our data processor. For this purpose, we have concluded a data processing agreement with the service provider SurveySparrow Inc. in accordance with Art. 28 GDPR. SurveySparrow processes your personal data only on our instructions.
We transfer your personal data to SurveySparrow Inc., USA. For the transfer of your personal data to a third country, we have provided appropriate safeguards in the form of Standard Contractual Clauses pursuant to Art. 46(2)(d) GDPR, which have been adopted by a supervisory authority and approved by the CHFopean Commission in a review procedure pursuant to Art. 93(2) GDPR.
THE YARN and The Cloud One hotels use cookies (i.e. text files) or web beacons (i.e. graphics files), which are stored on the user’s device. These files are used to collect certain user-specific settings and technical information that can be used to identify users. This information shows us when and how the website is used by users and enables us to continuously improve the website. Thanks to cookies, users do not have to enter their personal details every time they complete forms on the website. The use of cookies is widespread and a feature of many websites. Cookies are stored on the user’s device, not on the website.
When a user first accesses the websites or the app of THE YARN or The Cloud One hotels, they are informed about the use of cookies. THE YARN and The Cloud One hotels only use cookies to read information stored by a cookie from the site on the user’s device. By using the website or app without adjusting the browser settings, the user agrees to the use of cookies as specified in these data protection provisions. Users who do not wish cookies to be stored on their device, who wish to delete a stored cookie or who wish to be informed when cookies are stored on their device can adjust their browser settings accordingly. For specific information about how to do this, please see the instructions provided with your browser or device.
The legal basis for processing personal data involving the use of cookies is Art. 6 (1f) GDPR. If you have granted us consent to use cookies on the basis of a notice on our website (cookie banner), the lawfulness of the use of personal data is also based on Art. 6(1)(a) GDPR.
Most browsers are configured to accept cookies by default. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. Please note, however, that you may not be able to use all of the functions of our websites if you deactivate cookies on our websites through your browser settings. You can also adjust your browser settings to delete cookies already stored in your browser or to display the storage period. In addition, you can configure your browser to notify you before cookies are stored. Since different browsers can vary in terms of their functionality, please see your browser’s help menu for the configuration options.
If you would like a comprehensive overview of all third parties that have access to your internet browser, we recommend installing a plug-in specially developed for this purpose.
We use tracking and analysis tools to ensure ongoing optimisation and needs-based design of our websites. Tracking also enables us to collect statistics regarding the use of our websites, which helps us to enhance our online presence using the resulting findings. The legal basis for the use of tracking and analysis tools is the consent you provided in the cookie banner or in the cookie and tracking tool settings pursuant to Art. 6(1)(a) GDPR.
The following description of tracking and analysis tools also outlines the respective processing purposes and the data processed.
Our websites use Google Analytics, a web analysis service of Google Inc. (‘Google’). Google Analytics uses cookies, or text files, which are stored on your device and make it possible to analyse your use of our websites. The information created by the cookie about your use of our websites is generally transmitted to a Google server in the USA and stored there. Google Analytics has been enhanced on our websites to include the code ‘gat._anonymizeIp();’ in order to ensure the anonymous collection of IP addresses. With this code, your IP address is first abbreviated by Google within member states of the CHFopean Union and in other contracting states that are party to the Agreement on the CHFopean Economic Area. The full IP address is only transmitted to a Google server in the USA and abbreviated there in exceptional cases.
The THE YARN app uses Google Analytics via the Google Firebase service. In this case, personal data is collected via Google Firebase and then displayed and processed further in Google Analytics.
On behalf of THE YARN and The Cloud One hotels, Google uses this information to assess your use of our websites, to compile reports about website activity and to provide other services related to use of the website and the internet to the website operator. The abbreviated IP address transmitted from your browser as part of the Google Analytics service will not be merged with other Google data. You can prevent cookies from being stored on your device by adjusting your browser settings; accordingly, however, if you do this, you may not be able to fully use all of the website’s functions.
You can also prevent the collection of the information generated by the cookie related to your use of the website or app (including your IP address) and the processing of this data by Google by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
Alternatively, you can prevent the collection of data by Google Analytics when you use a mobile device by clicking on the following link. Doing so will save an opt-out cookie that will prevent the future collection of your data when you visit our websites: <a href=”javascript:gaOptout()”>Click here to opt-out of Google Analytics</a>.
Further information about Google Analytics can be found here: http://www.google.com/intl/en/policies/privacy/partners/
More information about Google Firebase can be found here: https://firebase.google.com/
We use the following plug-ins from, Instagram and TripAdvisor on our websites.
Our websites contain ‘social plug-ins’ (‘plug-ins’) from the social network www.facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’). The plug-ins are marked with a Facebook logo or the appendix ‘Facebook Social Plug-in’ (http://developers.facebook.com/). The websites contain plug-ins that establish a direct connection between the user’s browser and Facebook’s servers as soon as the user accesses the websites. The content of the plug-ins is transmitted directly from Facebook to the user’s browser and integrated into the respective website by the browser. THE YARN and The Cloud One hotels have no influence over the scope of the data that Facebook collects using these plug-ins.
As a result of this integration of the plug-ins, Facebook is informed that the user has accessed the respective website. If the user is logged into Facebook, Facebook can assign the user to their Facebook account. If the user clicks the ‘Like’ button or writes a comment, the corresponding information is transmitted directly from their browser to Facebook and stored there.
According to its own information (https://www.facebook.com/help/186325668085084), Facebook saves the date and time of the visit to the site, the website visited and other technical details, such as IP address and browser-related data in order to further enhance Facebook services. The purpose and scope of the data collected and the processing and use of data by Facebook as well as the relevant rights and settings options to protect the user’s privacy can be found in Facebook’s privacy policy (https://www.facebook.com/about/privacy/).
If the user is a member of Facebook and does not want Facebook to collect data about them via THE YARN and link it with their stored membership data, they must log out of Facebook before visiting the website. However, even if the user is not logged into Facebook, it is possible that Facebook may learn about and save certain data.
If users wants to block Facebook social plug-ins in general, they can install and activate a corresponding extension on their browser.
Our websites use social plug-ins (‘plug-ins’) from Instagram, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The plug-ins are marked with an Instagram logo, e.g. in the form of an ‘Instagram camera’. When the user accesses our websites containing these plug-ins, the browser establishes a direct connection to Instagram’s servers. The content of the plug-ins is transmitted directly from Instagram to the user’s browser and integrated into the page. As a result of this integration, Instagram is informed when the user has accessed the corresponding page on our website, even if you do not have an Instagram profile or are not logged into Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there. If the user is logged into Instagram, Instagram can assign the visit to our website to the user’s Instagram account. If the user interacts with the plug-ins, for example by clicking on the Instagram button, this information will also be transmitted directly to an Instagram server and stored there. The information will also be published on your Instagram account and displayed to your contacts there. THE YARN and The Cloud One hotels have no influence over the scope of the data that Instagram collects using these plug-ins.
The purpose and scope of the data collected and the processing and use of data by Instagram as well as the relevant rights and settings options to protect the user’s privacy can be found in Instagram’s privacy policy:
https://help.instagram.com/155833707900388.
If the user does not want Instagram to assign the data collected on our website to their Instagram account, they must first log out of Instagram before visiting our website. The user can block the Instagram plug-in from loading with the help of browser add-ons, such as the script blocker ‘NoScript’ (http://noscript.net/).
Pinterest social plug-ins
Our websites use social plug-ins (‘plug-ins’) from the social network Pinterest, which is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA (‘Pinterest’). The plug-ins can be identified, for example, on buttons with the ‘Pin it’ icon on a white or red background. When the user accesses our website containing these plug-ins, the browser establishes a direct connection to Pinterest’s servers. The content of the plug-ins is transmitted directly from Pinterest to the user’s browser and integrated into the page. As a result of this integration, Pinterest is informed when the user has accessed the corresponding page on our website, even if you do not have a Pinterest profile or are not logged into Pinterest.
This information (including your IP address) is transmitted directly from the user’s browser to a Pinterest server in the USA and stored there. If the user is logged into Pinterest, Pinterest can assign the visit to our websites to the user’s Pinterest profile. If the user interacts with the plug-ins, for example by clicking on the ‘Pin it’ button, the corresponding information will also be transmitted directly to a Pinterest server and stored there. The information will also be published on Pinterest and displayed to the user’s contacts there. The purpose and scope of the data collected and the processing and use of data by Pinterest as well as the relevant rights and settings options to protect the user’s privacy can be found in Pinterest’s privacy policy at about.pinterest.com/en/privacy-policy. If the user does not want Pinterest to assign the data collected on our website to their Pinterest profile, they must first log out of Pinterest before visiting our website. The user can block the Pinterest plug-in from loading with the help of browser add-ons, such as the script blocker ‘NoScript’ (http://noscript.net/).
Our websites use the Hotel Partner service.
Our websites occasionally provide links (interactive references) to third-party websites for which THE YARN are not responsible. THE YARN have no influence over the content and design of the linked external sites or the websites that the user accesses via these links. The respective providers are solely responsible for the content and design of these websites as well as for compliance with data protection regulations.
The GDPR provides you, as the data subject of personal data processing, with the following rAccording to Art. 15 GDPR, you can request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom the personal data has been or will be disclosed, the planned storage period, the existence of the right to request correction or deletion of personal data or restriction of processing of personal data or to object to such processing, the right to lodge a complaint, any available information as to its source when personal data is not collected by us, transmission to a third country or to an international organisation, and about the existence of automated decision-making, including profiling and, in such cases, meaningful information about the logic involved.
In the case of the processing of your personal data on the basis of a legitimate interest pursuant to Art. 6(1)(f) GDPR, you have the right pursuant to Art. 21 GDPR to object to the processing of your personal data if there are grounds for doing so based on your personal situation or if you object to direct advertising. In the case of direct advertising, you have a general right to object that must be adhered to by us without the need to specify a particular situation.
We undertake to protect your privacy and to treat your personal data as confidential. In order to prevent the manipulation, loss or misuse of your data stored by us, we implement comprehensive technical and organisational security measures, which are reviewed regularly and adapted in line with technical improvements. These include, among other things, the use of recognised encryption methods (SSL or TLS). Please note, however, that due to the structure of the Internet it is possible that the data protection regulations and the above-mentioned security measures may not be observed by persons or institutions that are not within our area of responsibility. In particular, data disclosed in an unencrypted manner – e.g. data disclosed by email – may be read by third parties. We have no technical control over this. It is the user’s responsibility to prevent the misuse of the data they provide through encryption or another method.
THE YARN may change these data protection provisions or the content of the websites at any time without prior notice, or change or block access to their websites.
Users can contact THE YARN at any time if they would like their personal data corrected, blocked or deleted. In addition, THE YARN share information about the user data stored as well as the origin and recipients of such data and the purpose for which it has been stored.
For questions about data protection, please contact THE YARN AG.
Copyright © The Yarn Hotel. All rights reserved.