Data Protection Policy for Hotelcard

With this Data Protection Policy, we, Hotelcard International AG (hereinafter “we” or “us”) intend to explain to you, for which purposes and in which scope personal data are collected, processed and used, when you register for Hotelcard and use Hotelcard afterwards for booking accommodations. Our data protection practices are in accordance with the Federal Data Protection Act (BDSG) and the Telemediengesetz (TMG).

I. is an Internet portal (hereinafter “the Portal”), which is comprised of various services. The main services are comprised of

  • the sale of Hotelcard subscriptions,
  • the administration of user accounts and
  • the provision of online offers for accommodations at discounted terms and conditions for the Hotelcard members.

For the Hotelcard services, specific data are stored centrally in a database, including specific personal data of the Hotelcard members. You can find comprehensive information below about which data are stored and how, as well as about which data can be retrieved how and under which conditions.

II. The Hotelcard user account

We collect, process and use personal data, when you

  • register and open a user account on,
  • possibly add further data to your user account later on,
  • acquire the Hotelcard membership via the Portal and/or
  • send booking enquiries via the Portal.

1. Registration

1.1 Registration via the Portal

You can open a Hotelcard user account via the Portal.

For a registration, it is always necessary to provide a valid e-mail address and a password. These data will form your Hotelcard access data later on.

1.2 Registration via existing social media accounts

We also offer you registration and login to Hotelcard using your Facebook or Google account (hereinafter “Social Media Accounts”), if you have such accounts (“Login with Facebook”; “Login with Google”). In this way, you can use specific details from your Social Media Accounts and therefore fill in your user account for Hotelcard only once. After this, you can also always login to Hotelcard via your Social Media Accounts.

“Login with Facebook” is a service of Facebook. Accordingly, the data protection policy and terms and conditions of use of Facebook apply.


“Login with Google” is a service of Google. Accordingly, the data protection policy and terms and conditions of use of Google apply.


In addition to the information, which you can find in the data protection policies of Facebook and Google, during the course of the registration and login procedure for Hotelcard, you will be informed, to which data Facebook and Google may grant access to Hotelcard, and you are requested to grant your consent accordingly. We do not find out your access data for your Social Media Accounts during the course of this.

However, in order to create your user account for Hotelcard, independently from this, we require your e-mail address, which is why we can obtain the e-mail address for this, which you have stored with the respective social network. If it is necessary, we can contact you directly with this e-mail address. If you should cancel the connection between your profile with Facebook or Google and the Hotelcard service, you may have a Hotelcard password for your Hotelcard user account sent to you via this e-mail address using the “Forgotten password” function and thereby continue using Hotelcard without any problems.

If you have completed the registration through a different Social Media Account, Hotelcard saves the information that you have registered with Hotelcard via a Social Media Account, using an appropriate key.

2. Master data

The data, which you have entered in the registration form during registration creates the first master data record of your Hotelcard user account with us (hereinafter referred to as “the Master Data Record”).

3. Declarations of consent

In addition to the master data, for your user account, it is recorded whether you have consented to the General Terms and Conditions of Hotelcard.

4. Storage of the data

The storage of the data, as well as the additional features referred to, takes place so that the functions of Hotelcard can be used.

5. Maintenance of the data

You have the opportunity to update your data via the Hotelcard user account.

III. Payment data

Payment data, which you have provided for acquiring the Hotelcard membership (for example, credit card data, details and data about external payment service providers, such as PayPal etc.) are administered as specific data. Disclosure of the data to the partner hotels and partner accommodations does not take place by Hotelcard.

1. Identity and credit check by selection of Billpay payment methods

When choosing a payment method provided by our partner Billpay GmbH, you will be asked in the ordering process to agree to provide data required for payment processing and for identity and credit checks conducted by Billpay. After your approval, your data (first and last name, street, house number, postcode, place, date of birth, telephone number and bank account details for Direct Debit) and other data associated with your order will be transmitted to Billpay.

For the purpose of distinct identity and credit check, Billpay or a Partner company authorized by Billpay, transmits data to credit reporting agencies (credit bureaus) and obtains from these information and if necessary additional information on credit checks based on mathematical and statistical methods. This credit check is influenced by your place of residence. Detailed information on this and employed credit agencies can be found in Billpay’s (GmbH) privacy policy.

Furthermore Billpay utilizes when necessary a third party for the settlement and prevention of fraud. Data gained from this third party is encrypted so that the stored data is only accessible to Billpay. This data will only be used when you select a payment option in cooperation with Billpay, otherwise the data will automatically expire after 30 minutes.


IV. Usage data

During the course of using our website, specific so-called usage data is generated.

Without your explicit consent, we will not use the tracking tools to collect

  • personally identifiable information about you,
  • to provide such data to third parties and marketing platforms,
  • or to link the data with your personal data (name, address, etc.).

1. Logfiles

If you visit our website or write e-mails to us, the end device, which you have used, communicates via the Internet with our servers, on which the relevant contents are filed or the relevant data are received. On the server side, so-called logfiles are created with us, in which data, such as the operating system used on your end device, the start and end of the respective utilisation of the website and the transferred data volume are recorded. We anonymise the IP address allocated to your end device at the relevant time in the logfiles; the recorded logfiles do not contain any personal data. We only use the logfiles to better analyse and rectify faults with the reachability of our servers, as well as for statistical analysis purposes. This also applies to the IP addresses contained in the logfiles.

2. Identification cookies

If you visit and use our website, cookies may be set in your browser. Cookies are small text files, which are filed on your hard disk and are saved by your browser, to which they are allocated. The party placing the cookie can record specific information using the cookie. Cookies cannot execute any programs or transfer viruses to your computer. They exclusively have the purpose of making surfing on more pleasant and user friendly.

Various cookies may be set when you visit our website. Persistent cookies are stored by us for 1 year. They are then automatically deleted.

In addition to the purpose of e.g. holding form data (particularly during the course of a booking, the set cookies essentially have statistical purposes. With these, we find out which contents on our website are particularly relevant for our users at which time and via which end devices they have been retrieved. This way, we can design the website even more conveniently for our users. The information about the browsers used enables us to adapt the design to the conventional types of browsers.

You can generally prevent cookies from being stored by preventing the acceptance of cookies in your browser settings. You can usually also set your browser, such that it asks whether you consent, prior to setting cookies. Ultimately, you can delete cookies again at any time once they have been set. Please refer to your browser manufacturer’s instructions, to see how all of this works in detail. If you do not accept any cookies, this may, however, lead to functional restrictions of the website, in an individual case.

3. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer to help the website analyse how visitors use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data (incl. your IP address) about you by Google in the manner and for the purposes set out above.

We use Google Analytics with the extension "_anonymizeIP ()". This shortens the IP addresses collected by Google Analytics. This measure is designed to prevent Google from aggregating IP addresses with personal data.

4. Hotjar

This website uses the Hotjar Analysis Service to improve the user-friendliness and customer experience of Hotjar Ltd. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Center, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe).

Mouse clicks, mouse and scroll movements can be recorded. It is also possible to record key data entered on this website. However, the recording does not take place personified and thus remains anonymous. Hotjar uses a tracking code to collect and transfer your data.

When you visit a website that uses Hotjar, the tracking code automatically collects the data that is based on your activity and stores it on the Hotjar servers (Site in Ireland). In addition, cookies placed by the website on your computer or your end device also collect data. For more information on how Hotjar works, visit:

V. Data transfer

1. Data transfer to hotels/accommodations

Within the context of the booking transactions made via our Portal, the following data are transferred to the hotel/the accommodation, to which you address your booking enquiry:

  • your first name and surname,
  • your address, including street and building number, postal code, town and country
  • your telephone number (optional),
  • your e-mail address,
  • the time period of the intended booking,
  • the number of adult guests,
  • the number of children under the age of 16
  • Your Hotelcard membership number.

The transfer of this data takes place with SSL encryption (SSL3.0, ECDSA Signature with SHA-256).

2. Data transfer to other third parties

We basically do not send inventory and usage data to third parties. Exceptions apply,

  • if and insofar as it is necessary to enforce claims to which we are entitled,
  • if we are legally obligated to do so or required to do so by a court of law,
  • if it involves enquiries from official bodies, particularly legal prosecution and supervisory authorities, if and insofar as this is necessary to defend from risks to public safety and order, as well as to prosecute crimes.

VI. Information, correction, deletion, blocking

Upon communication in written or text form, we shall provide you with information at any time regarding which personal data about you is stored by us in relation to Hotelcard. You also have the opportunity at any time to have your personal data corrected or deleted by us, within the context of your statutory rights. For this, simply write to us at:

- To

Hotelcard International AG
Betrieblicher Datenschutz
Burgstrasse 20
CH - 3600 Thun

E-mail: [email protected]

VII. Change to the Data Protection Policy

We reserve the right to update this Data Protection Policy. In case of changes, we will inform you about this with an appropriate notice period.


As of: 10 November 2017