Table of contents
1. contact addresses
Responsibility for the processing of personal data:
We point out if in individual cases there are other persons responsible for the processing of personal data.
Data Protection Representation in the European Economic Area (EEA)
We have the following data protection representation according to Art. 27 DSGVO in the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway as an additional point of contact for supervisory authorities and interested parties for inquiries in connection with the basic data protection regulation (DSGVO):
2. Processing of personal data
2.1 Terms and definitions
Personal data is all information that relates to an identified or identifiable person. A Data subject is a person about whom personal data are processed. Editing includes every Handling of personal data, regardless of the means and procedures used, in particular the Storing, disclosing, obtaining, collecting, deleting, storing, modifying, destroying and Use of personal data.
The European Economic Area (EEA) comprises the European Union (EU) and the Principality of Liechtenstein, Iceland and Norway. The Data Protection Basic Regulation (DSGVO) refers to the Processing of personal data as the processing of personal data.
2.2 Legal basis
We process personal data under Swiss data protection law, in particular the Federal Act on Data Protection (DSG) and the Ordinance to the Federal Act on Data protection (VDSG). We also process personal data - if and insofar as applicable - under the law on information and data protection (Information and Data Protection Act, IDG) of Canton of Basel City.
We process - if and insofar as the basic data protection regulation (DSGVO) is applicable - Personal data according to at least one of the following legal bases:
- Art. 6 paragraph 1 lit. b DPA for the processing of personal data necessary for the fulfilment of a contract with the data subject and the implementation of pre-contractual measures.
- Art. 6 paragraph 1 lit. f DSGVO for the necessary processing of personal data to legitimate interests of us or of third parties, unless the fundamental freedoms and rights of the fundamental rights and interests of the data subject prevail. Legitimate interests are especially our interest, our offer durable, user-friendly, safe and reliable as well as to be able to advertise it if required, to ensure information security and protection of against abuse and unauthorized use, the enforcement of own legal claims and compliance with Swiss law.
- Art. 6 paragraph 1 lit. c DSGVO for the processing of personal data required to fulfil a legal obligation to which we are subject under any applicable law of Member States in the European Economic Area (EEA).
- Art. 6 paragraph 1 lit. e FADP for the processing of personal data necessary for the performance of a task which is in the public interest.
- Art. 6 paragraph 1 letter a DPA for the processing of personal data with the consent of the person concerned.
- Art. 6 paragraph 1 lit. d FADP for the processing of personal data required in order vital interests of the data subject or of any other natural person to protect.
2.3 Nature, scope and purpose
We process those personal data that are necessary to provide our services, including our apps and the BaselCard permanently, user-friendly, secure and reliable. Such Personal data can be divided into the categories of stock, guest and contact data, browser and Device data, content data, metadata or marginal data and usage data, location data, Accommodation, sales, contract and payment data are covered.
We process personal data for the time necessary for the respective purpose or the respective purposes or is required by law. Personal data whose processing is no longer are made anonymous or deleted. Persons whose data we process have in principle a right to deletion.
As a matter of principle, we process personal data only with the consent of the person concerned, unless the processing is permitted for other legal reasons, for example, to fulfil a contract with the person concerned and for appropriate pre-contractual measures to ensure our to safeguard overriding legitimate interests because the processing is obvious from the circumstances or after prior information.
In this context, we process in particular information that a data subject has provided to Contacting - for example, by letter post, e-mail, contact form, social media or telephone for orders, bookings and reservations, when registering for a user account or use of our Apps and BaselCard voluntarily and submitted to us yourself. We can use such
Information in an address book, in a booking system, in a customer, for example, a relationship management system (CRM system) or with comparable tools. If you transmit personal data about third parties to us, you are obliged to respect the data protection such as third parties and to ensure the accuracy of such personal data.
We also process personal data, which we receive from third parties, from publicly accessible sources or raise a fee for the provision of our offer, if and insofar as such a fee is processing is permissible for legal reasons.
Personal data from applications will only be processed if they are relevant for the assessment of the suitability for an employment relationship or are necessary for the later execution of an employment contract. The Personal data which are necessary for the execution of an application procedure result from the information requested or communicated, for example in the context of a Job description. Applicants have the opportunity to voluntarily provide additional information to submit their respective applications.
2.4 Processing of personal data by third parties, also abroad
We may have personal data processed by third parties commissioned by us or jointly with third parties and processed with the help of third parties or transmitted to third parties. Such third parties are especially about providers whose services we use. We also guarantee for such third parties an adequate level of data protection.
Such third parties are generally located in Switzerland and the European Economic Area (EEA). However, such third parties may also be located in other states and territories on earth and elsewhere in the universe, provided that their data protection law is considered by the Swiss Federal Data Protection and Public Information Officer (EDÖB) and - if and insofar as the basic data protection regulation (DSGVO) is applicable - in the view of the European Commission - appropriate data protection is guaranteed, or if for other reasons, such as by an appropriate contractual agreement, in particular, based on standard contractual clauses, or by appropriate certification, adequate data protection is guaranteed.
EU-US Trans-Atlantic Data Privacy Framework: Within the framework of the so-called «Data Privacy Framework» (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA as safe within the framework of the adequacy decision of 10.07.2023. The list of certified companies as well as further information on the DPF can be found on the website of the US Department of Commerce. We will inform you which service providers we use are certified under the Data Privacy Framework as part of the Privacy Notice.
3. Rights of data subjects
Data subjects whose personal data we process have the rights according to Swiss data protection law. This includes the right to information and the right to correction, deletion or blocking of the processed personal data.
Data subjects whose personal data we process can - if and insofar as the data protection regulations are applicable - be informed of the Basic Regulation (DSGVO) is applicable - free of charge a confirmation whether we have stored your personal data and, if so, request information on the processing of their personal data, the processing of
of their personal data, exercise their right to data transferability and their right to Correct, delete ("right to forget"), block or complete personal data.
Data subjects whose personal data we process may - if and insofar as the DSGVO is applicable - to revoke a given consent at any time with effect for the future and to withdraw it at any time object to the processing of their personal data. Data subjects whose personal data we process have a right of appeal to a competent supervisory authority. The supervisory authority for private data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC). The supervisory authority for the public-law data protection in the canton of Basel-Stadt is the data protection commissioner of the canton Basel-City.
4. Data security
We take appropriate and suitable technical and organizational measures to guarantee data protection and in particular data security. However, the processing of Despite such measures, personal data on the Internet always has security gaps. We can, therefore, cannot guarantee absolute data security.
The access to our online offer takes place using transport encryption (SSL / TLS, in particular with the Hypertext Transfer Protocol Secure, abbreviated HTTPS). Most browsers mark Transport encryption with a padlock in the address bar.
The access to our online offer is subject - as basically every internet use - to the mass surveillance without cause and independent of suspicion as well as other surveillance by security authorities in Switzerland, the European Union (EU), the United States of America from America (USA) and in other states. We cannot directly influence the corresponding processing of personal data by secret services, police forces and other security authorities take.
5. Use of the website
Cookies can be temporarily stored in your browser when you visit our website as "session cookies" or to be stored for a certain time as so-called permanent cookies. "Session cookies" are automatically deleted when you close your browser. Enable permanent cookies, in particular, to recognize your browser the next time you visit our website and thus for example to measure the reach of our website. However, permanent cookies can also be used for online marketing, for example.
For cookies that are used to measure success and reach or for advertising, the following applies to numerous services a general contradiction ("opt-out") via the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA) possible.
5.2 Server log files
We may collect the following information for each access to our website, provided that this information is collected by your browser are transmitted to our server infrastructure or are determined by our web server can: Date and time including time zone, Internet Protocol (IP) address, access status (HTTPS status code) Operating system including user interface and version, browser including language and version, accessed individual subpage of our website including transmitted Amount of data, last web page called up in the same browser window (referrer or Referrer).
We store such information, which may also represent personal data, in server log files. The Information is required to make our online offer durable, user-friendly and to ensure data security and thus, in particular, the protection of personal data to be able to ensure the quality of the service - also by third parties or with the help of third parties.
5.3 Counting pixels
We may use tracking pixels on our website. Web beacons are also called tracking pixels is called. Counting pixels - including those of third parties whose services we use - are small, usually, not visible images, which are automatically retrieved when you visit our website. Counting pixels can be used to record the same information as in server log files.
5.4 Booking a table in a restaurant through basel.com and my.basel.com
6. Notifications and communications
We send notifications and communications such as newsletters by e-mail and via other communication channels such as instant messaging.
6.1 Measuring success and range
Notifications and messages can contain web links or tracking pixels that record whether an individual message was opened and which web links were clicked. Such weblinks and tracking pixels can also record the use of notifications and messages on a personal basis. We need this statistical recording of usage for measuring success and reach to Notifications and communications based on the needs and reading habits of the Recipients effective and user-friendly as well as durable, safe and reliable to be able to offer.
6.2 Consent and objection
You must always be involved in the use of your e-mail address and your other contact addresses expressly agree, unless the use is permitted for other legal reasons. For a possible consent for the receipt of e-mails, we use the "double opt-in" procedure, i.e. you will receive an e-mail with a web link that you must click on to confirm your
so that no abuse by unauthorized third parties can take place. We can Consent including Internet Protocol (IP) address and date and time from evidence and Log security reasons.
In principle, you can unsubscribe from notifications and messages such as Unsubscribe from our newsletter. We reserve the right to send notifications and messages that are relevant to our offer are necessary. You can use the logoff function in particular for the statistical recording of the use for measuring success and reach.
6.3 Service provider for notifications and messages
We send notifications and communications about third party services or with the help service providers. Cookies may also be used in this process. We guarantee also with such services provide adequate data protection.
We use Inxmail in particular to send and manage newsletters. It is a service of the German Inxmail GmbH. Information on the type, scope and purpose of data processing can be found in the data protection declaration of Inxmail.
6.4 Digital guest card "BaselCard"
AVS GmbH acts as a technical service provider and is authorized to send e-mails on behalf of Basel Tourismus for the supply of the digital guest card. There is a contract for the processing of personal data.
6.5 AI Concierge
To provide a modern chat function, we use the AI Concierge from Goodguys GmbH (Moeringgasse 20/1, Door 2, 1150 Vienna). This is an artificial intelligence (AI) from Austria that finds answers to your questions from the content of our websites, together with publicly available content.
Personal data that is generated in the course of the chats is processed exclusively on servers of the Austrian order processor of Goodguys GmbH. This data includes the user's IP address and a session ID to distinguish the chat history of different users. This data is deleted at the end of the chat session and can subsequently no longer be assigned to individual users. Query content is stored in anonymous form and can be used by Austria Advertising for function control and further development of the chat functions.
In order to formulate the answers of the AI-Concierge, components of the enquiries are also forwarded to servers of Google and OpenAI. The data transmitted to these providers do not contain any parameters with which Google or OpenAI could identify individual persons. It is therefore anonymous data. The allocation of responses to users is carried out exclusively by the IT systems of Goodguys GmbH.
However, it is not possible by technical means to filter out content that makes identification possible on the basis of the data entered by the user himself. Therefore, please make absolutely sure not to enter any personal details such as your name, e-mail address, telephone number, etc. in the chat window when using the chat.
7. Social media
We are present on social media platforms and other online platforms to communicate with interested to communicate and inform people about our offer. Personal data can be also be processed outside Switzerland and the European Economic Area (EEA).
For our social media presence on Facebook we are, if and insofar as the DSGVO is applicable, together with Facebook responsible for the so-called page insights. The Page-Insights give Find out how visitors interact with our Facebook presence. We use page insights, to provide our social media presence on Facebook in an effective and user-friendly way. Facebook has information on page insights data as well as a supplement regarding the responsibility for page insights.
8. Services of third parties
We use the services of third parties to make our offer durable, user-friendly, secure and reliably. Such services also serve to embed content into our website to be able to. Such services - such as hosting and storage services, video services and payment services - require your Internet Protocol (IP) address, as such services require the appropriate otherwise we will not be able to transmit contents. Such services may be available outside of Switzerland and the European Economic Area (EEA), provided that adequate data protection is ensured.
For their security, statistical and technical purposes, third parties whose services we use, also data in connection with our offer and from other sources - under others with cookies, log files and counting pixels - aggregated, anonymised or pseudonymised edit.
8.1 Social Media Features and Social Media Content
We use social plugins from Facebook to integrate Facebook features and Facebook content into our embed the website. Such functions are for example "Like" or "Sharing." Cookies are also used in this process. You can find more information on the page about "Social plug-ins" from Facebook.
The social plugins are an offer of Facebook Ireland Ltd. in Ireland or the American Facebook Inc. if you are logged in as a user on Facebook, you can Facebook to assign the use of our online offer to your profile. Further information about Art, the scope and purpose of data processing can be found in the Facebook data policy.
We use the ability to embed features and content from Instagram on our website. For this we also use Flowbox. For example, we can use it to embed images that are available in Instagram published, within the framework of our website. Cookies are also used for this purpose.
For our website, we use the possibility to link to the functions and contents of LinkedIn with the help of to embed plugins. For example, we can enable you to use the "share" function of LinkedIn on our website. Cookies are also used for this purpose. Further, you can find information on the LinkedIn plugins page.
For our website, we use the possibility to embed the functions and contents of Pinterest. We can be used to send you images or pins that have been published on Pinterest, within the framework of our website. Cookies are also used for this purpose.
The offer comes from Pinterest Europe Ltd. in Ireland and the American if you are registered with Pinterest as a user, Pinterest may assign the use of our online offer to your profile. Further information about the type, scope and the purpose of the data processing can be found on the "Privacy" page of Pinterest.
For our website, we use the possibility to embed functions and contents of Twitter ("Twitter for Websites" or "Twitter for websites"). For example, we can offer you allow you to use the "share" function of Twitter on our website or to send you tweets in the Show frame of our website. Cookies are also used for this.
8.2 Map material
We use YouTube to embed videos on our website. This also includes Cookies for use. YouTube is a service of the American Google LLC. For users and Users in the European Economic Area (EEA) and Switzerland is the Irish Google Ireland Limited responsible. Information on the type, scope and purpose of data processing can be found in the
collect personalised advertising.
8.6 Measuring success and reach
8.6.1 Google Analytics
We use Google Analytics to analyse how our website is used, whereby we for example also the range of our website and the success of links from third parties to our website can measure. It is a service of the American Google LLC. For users in the European Economic Area (EEA) and Switzerland, it is Google Ireland Limited.
Google also tries to record individual visitors to our website if they use different browsers or devices (cross-device tracking). Cookies are also used for Cue. For Google Analytics your Internet Protocol (IP) address is required, but it is not associated with other data is merged by Google.
In any case, we will have your Internet Protocol (IP) address anonymised by Google before the analysis. As a result, your complete IP address will not be transmitted to Google in the USA.
8.6.2 Google Tag Manager
8.7.1 Facebook Ads
We use Facebook ads to advertise our offer on Facebook. Facebook Ads is an offer from Facebook Ireland Ltd. in Ireland and the American Facebook Inc. cookies are also used with Facebook Ads. With such advertising, we would like to reach in particular persons who are interested in our online offer interested or already use our online offer. For this purpose we transmit, in particular with the so-called Facebook pixels, corresponding - possibly also personal - information to Facebook (Custom audiences including lookalike audiences). We can also determine whether our advertising is successful, that is, whether it leads to visits to our website (conversion tracking).
Further information on the nature, scope and purpose of data processing can be found in the Data Directive from Facebook. Besides, Facebook users can use the advertising preferences which ads they see on Facebook and which ads they see on Facebook in the future is displayed.
8.7.2 Google Ads
We would like to reach with such advertisement in particular persons who are interested in our online offer interested or already use our online offer. For this purpose, we will transmit the corresponding - if necessary also personal - information to Google (Remarketing). We can also determine whether our advertising is successful, i.e. whether it leads to visits to our website (Conversion Tracking).
8.7.3 LinkedIn Ads
We use LinkedIn Marketing Solutions to advertise on LinkedIn specifically for our offer to (LinkedIn Ads). This is an offer from the LinkedIn Ireland Unlimited Company in Ireland and the American LinkedIn Corporation. Cookies are also used.
We would like to reach with such advertisement in particular persons who are interested in our online offer interested or already use our online offer. For this purpose, we transmit in particular with the so-called LinkedIn Insight Tag, corresponding - possibly also personal - information to LinkedIn (retargeting). We can also determine whether our advertising is successful, that is, whether it leads to visits on our website (conversion tracking). If you are a user or users are registered with LinkedIn, LinkedIn can restrict the use of our online services to your profile assign.
The usage data generated by acceptance of the BaselCard is used anonymously for statistical purposes and made available to members of Basel Tourism, in particular hotels and service providers such as museums, for statistical purposes.
9. Final provisions
We can adapt and supplement this data protection declaration at any time. We will inform you about such inform adjustments and additions in an appropriate form, in particular by publishing the current data protection declaration on our website.