Privacy policy

1. Controller

The Sharing and Caring Verein

Gewerbestrasse 20,

4123 Allschwil,

Switzerland Email: info@sharingcaring.ch

2. Scope

This policy covers personal data processing when you visit our website, make enquiries or bookings, and when you use our chatbot/communications hub. It reflects Swiss law (revDSG) and—where applicable—the EU GDPR.

3. Categories of Data

- Master data (name, address, contact details)

- Booking/contract data (stay dates, unit, party size, payment status)

- Communications data (emails, forms, chat transcripts)

- Usage/device data (pages, timestamps, referrer, IP address, browser/OS, approximate location)

- Payment and risk data for online payments: payment method, masked card data/token, scheme, expiry, issuer country, billing address, result/error codes, 3-D Secure/SCA status, fraud-/risk signals, chargeback data

- Cookie/consent data (consent status, preferences)

4. Purposes & Legal Bases

- Website provision and IT security (legitimate interests)

- Communications handling (legitimate interests/contract)

- Booking, payments, deposits, refunds, no-show/damage post-charges (contract/contract initiation; legitimate interests)

- Web analytics (consent)

- Legal obligations (e.g., retention, tax)

5. Hosting & Website Builder (Smoobu)

We operate our site with the Smoobu website builder. Smoobu acts as our processor (site delivery, forms, logs, security).

6. Bookings via Smoobu Booking

Engine We use the Smoobu Booking Engine for online reservations. Required booking data are collected and processed in our Smoobu account. External payment services may be involved for payments (see Sec. 8).

7. Chatbot & Communications Hub (HiJiffy)

We use the HiJiffy chat widget and communications hub for guest messaging. Data entered in the chat and technical usage data are processed. HiJiffy acts as our processor.

8. Payments, Deposits & Automation (Stripe and ChargeAutomation)

8.1 Payments with Stripe We use Stripe to process card payments, refunds, SCA/3-D Secure, fraud prevention and disputes. Stripe receives the necessary payment and risk data (see Sec. 3). Legal bases: contract/contract initiation and legitimate interests (fraud prevention). Stripe acts as (sub-)processor and/or payment service provider.

8.2 Orchestration/Deposits with ChargeAutomation We use ChargeAutomation to automate pre-authorisations/deposits, collect payments via payment links, run pre-arrival workflows (e.g., guest details, ID capture, optional self check-in), reminders, and no-show/damage post-charges. ChargeAutomation processes the necessary booking, contact and payment metadata. Legal bases: contract/contract initiation; legitimate interests in secure, efficient payment and deposit handling.

8.3 Data minimisation & security Card data are tokenised where possible; we do not store full PANs. Stripe/ChargeAutomation implement their own security/compliance measures (e.g., PCI-DSS).

8.4 Cookies/scripts by payment services Stripe or ChargeAutomation may use scripts/cookies during payments (e.g., for security/fraud detection). Non-essential elements load only after consent; essential security cookies may be technically necessary.

10. Google Tag Manager (GTM)

GTM manages tags; whether tags fire (e.g., GA4) depends on your consent. GTM itself does not set analytics cookies.

11. Cookies, Similar Technologies & Consent

We use essential cookies (operation/security) and optional technologies (analytics; and, if used, marketing). Non-essential technologies load only after consent. Change/withdraw consent via Cookie Settings at any time. Blocking cookies in the browser may limit functionality.

12. Recipients / Categories of Recipients

- Smoobu (website/booking engine) – processor

- HiJiffy (chat/communications hub) – processor

- Stripe (payment service provider/processor) – payments, SCA, fraud/disputes

- ChargeAutomation (payment/deposit orchestration, pre-arrival) – processor

- IT hosting/support providers

- Payment providers/acquirers/banks where required

- Authorities/third parties where legally required

13. International Transfers

Transfers to countries without an adequate level of protection (e.g., USA/Canada) may occur, especially with Stripe, ChargeAutomation and Google. We rely on Standard Contractual Clauses (SCCs) or applicable processing terms and implement additional safeguards where necessary.

14. Retention & Deletion

We retain data only as long as needed or legally required. In Switzerland, business/booking/payment records are typically kept for 10 years. GA4 data are deleted per our retention setting. Afterwards, data are deleted, anonymised or blocked.

15. Security

We apply appropriate technical and organisational measures (access controls, roles/permissions, encryption, logging, backups). Stripe and ChargeAutomation maintain additional security/compliance (e.g., PCI-DSS).

16. Rights (CH/EU)

Depending on applicable law: rights to access, rectification, erasure, restriction, portability, object (GDPR), and to withdraw consent with future effect. Contact: info@specialapartments.ch

17. Necessity of Providing Data

Data required for booking/payment are necessary; without them, reservations/payments cannot be completed. Analytics/comfort features are voluntary (consent-based).

18. Automated Decision-Making/Profiling

No solely automated decisions with legal effect; any segmentation is for statistics/optimisation only.

19. Changes

We update this policy when our processing/services or the law changes. The version published on the website applies.

20. Contact

info@specialapartments.ch

Privacy policy

About us

House rules

Terms & conditions

Privacy policy

Cancellation policy

Contact

Copyright ©2024 | Powered by Smoobu