Protecting your privacy is an absolute priority for Leyaya-Panama. We strive to guarantee you the highest level of data protection and security.
Please take note of the following information so that you know what personal data we collect from you and for what purposes we use it. In terms of data protection, we are primarily guided by the legal requirements of Swiss data protection law, in particular the Federal Act on Data Protection (FADP), as well as the EU GDPR, the provisions of which may be applicable in individual cases.
Please note that the following information is reviewed and amended from time to time. We therefore recommend that you consult this privacy policy regularly. Furthermore, other companies are responsible or jointly responsible with us under data protection law for individual data processing operations listed below, so that in these cases the information provided by these providers is also authoritative.
If you have any questions about data protection or would like to exercise your rights, please get in touch with our contact person for data protection. You can reach them at the following e-mail address: info@leyaya-panama.com.
If the legal requirements are met, you have the following rights as a person affected by data processing:
Right to information:
You have the right to request access to your personal data stored by us at any time free of charge if we are processing it. This gives you the opportunity to check what personal data we process about you and that we use it in accordance with the applicable data protection regulations.
Right to rectification:
You have the right to have incorrect or incomplete personal data rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort.
Right to erasure:
You have the right to have your personal data erased under certain circumstances. In individual cases, particularly in the case of statutory retention obligations, the right to erasure may be excluded. In this case, the data may be blocked instead of erased if the conditions are met.
Right to restriction of processing:
You have the right to request that the processing of your personal data be restricted.
Right to data portability:
You have the right to receive from us, free of charge, the personal data that you have provided to us in a readable format.
Right to object:
You can object to data processing at any time, in particular for data processing in connection with direct advertising (e.g. advertising emails).
Right to withdraw consent: In principle, you have the right to withdraw your consent at any time. However, processing activities based on your consent in the past will not become unlawful as a result of your withdrawal.
To exercise these rights, please send us an email to the following address: info@leyaya-panama.com
Right to lodge a complaint: You have the right to lodge a complaint with a competent supervisory authority, e.g. against the way in which your personal data is processed.
We use suitable technical and organizational security measures to protect your personal data stored by us against loss and unlawful processing, in particular unauthorized access by third parties. Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and to comply with data protection regulations. Furthermore, these persons are only granted access to personal data to the extent necessary to fulfill their tasks.
Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks and we cannot provide an absolute guarantee for the security of information transmitted in this way.
If you contact us via our contact addresses and channels (e.g. by e-mail, telephone or contact form), your personal data will be processed. The data that you have provided to us will be processed, e.g. the name of your company, your name, your function, your e-mail address or telephone number and your request. In addition, the time of receipt of the request is documented. Mandatory information is marked with an asterisk (*) in contact forms.
We process this data exclusively in order to implement your request (e.g. providing information about our properties that you can rent, support with contract processing such as questions about your booking, incorporating your feedback into the improvement of our service, etc.). The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR in the implementation of your request or, if your request is aimed at the conclusion or execution of a contract, the necessity for the implementation of the necessary measures within the meaning of Art. 6 para. 1 lit. b EU GDPR.
Central data storage and analysis in the CRM system
If a clear assignment to your person is possible, we can store and link the data described in this privacy policy, i.e. in particular your personal details, your contacts and your contract data in a central database. This serves the efficient management of customer data and allows us to respond to your request appropriately and enables the efficient provision of the services you have requested and the processing of the associated contracts. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the efficient management of user data.
We can evaluate this data in order to further develop our offers in line with your needs and to display and suggest the most relevant information and offers to you. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the implementation of marketing measures.
Without the support of other companies, we would not be able to provide our services in the desired form. In order for us to be able to use the services of these companies, it is also necessary to pass on your personal data to a certain extent. Such a transfer takes place in particular if this is necessary for the fulfillment of the contract, e.g. to restaurants or other third-party providers for which we have made a reservation. The legal basis for these transfers is the necessity to fulfill the contract within the meaning of Art. 6 para. 1 lit. b EU GDPR.
Data is also passed on to selected service providers and only to the extent necessary for the provision of the service. Various third-party service providers are also already explicitly mentioned in this privacy policy, e.g. in the sections on marketing. These are, for example, IT service providers (such as providers of software solutions), advertising agencies and consulting companies.
In addition, your data may be passed on, in particular to authorities, legal advisors or debt collection agencies, if we are legally obliged to do so or if this is necessary to protect our rights, in particular to enforce claims arising from the relationship with you. For this data transfer, our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR is the protection of our rights and compliance with our obligations.
We are also entitled to transfer your personal data to third parties abroad if this is necessary to carry out the data processing specified in this privacy policy. It goes without saying that the statutory provisions on the disclosure of personal data to third parties will be complied with. If the country in question does not have an adequate level of data protection, we ensure through contractual arrangements that your data is adequately protected by these companies.
We store the personal data in the respective data processing systems provided for this purpose. The data relating to you will be systematically recorded and, if necessary, linked for the purpose of processing your booking and handling the contractual services. This data is processed exclusively in the context of customer-friendly and efficient customer data management.
We only store personal data for as long as is necessary to carry out the processing described in this privacy policy within the scope of our legitimate interest. In the case of contractual data, storage is prescribed by statutory retention obligations. Requirements that oblige us to store data result from accounting and tax regulations. According to these regulations, business communication, concluded contracts and accounting documents must be stored for up to 10 years.
When you visit our website, our servers temporarily store every access in a log file. As with every connection to a web server, the following technical data is recorded without any action on your part and stored by us until it is automatically deleted after one month at the latest:
This data is collected and processed for the purpose of enabling the use of our website (establishing a connection), ensuring system security and stability in the long term and enabling the optimization of our website as well as for internal statistical purposes.
The IP address is also evaluated together with the other data in the event of attacks on the network infrastructure or other unauthorized or abusive website use for clarification and defense and, if necessary, used in the context of criminal proceedings for identification and for civil and criminal proceedings against the users concerned.
The purposes described above constitute our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f EU GDPR.
Finally, when you visit our website, we use cookies as well as applications and tools that are based on the use of cookies. The data described here may also be processed in this context. You will find more detailed information on this in the following sections of this privacy policy, in particular section 13.
You have the option of using a contact form to get in touch with us. We require the following information for this:
We only use this data and the telephone number you voluntarily provide to answer your contact request in the best possible and personalized way.
Cookies are information files that your web browser stores on your computer’s hard disk or memory when you visit our website. Cookies are assigned identification numbers that identify your browser and allow the information contained in the cookie to be read.
Among other things, cookies help to make your visit to our website easier, more pleasant and more meaningful. We use cookies for various purposes that are required for your desired use of the website, i.e. are “technically necessary”. Cookies also perform other technical functions required for the operation of the website, such as load balancing, i.e. the distribution of the performance load of the site to different web servers in order to reduce the load on the servers.
Cookies are also used for security purposes, for example to prevent the unauthorized posting of content. Finally, we also use cookies as part of the design and programming of our website, e.g. to enable the uploading of scripts or codes.
The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in providing a user-friendly and up-to-date website.
Most Internet browsers accept cookies automatically. However, when you access our website, we ask for your consent to the cookies we use that are not technically necessary, especially when using third-party cookies for marketing purposes. You can make the settings you require using the corresponding buttons in the cookie banner. Details on the services and data processing associated with the individual cookies can be found within the cookie banner and in the following sections of this privacy policy.
If you make a booking via our website, we require the following data to process the contract:
This data and other information you provide voluntarily (e.g. telephone number, age of children and other comments) will only be used to process the contract, unless otherwise stated in this privacy policy or unless you have given your separate consent. We will process the data by name in order to record your booking as requested, provide the booked services, contact you in the event of ambiguities or problems and ensure correct payment.
If you make chargeable bookings or purchase products on our website, depending on the product or service and the desired payment method, you may be required to provide additional data, such as your credit card information or the login for your payment service provider. This information and the fact that you have purchased a service from us at the relevant amount and time will be forwarded to the respective payment service providers (e.g. providers of payment solutions, credit card issuers and credit card acquirers). Please always refer to the information provided by the respective company, in particular the privacy policy and general terms and conditions. The legal basis for this transfer is the fulfillment of a contract pursuant to Art. 6 para. 1 lit. b EU GDPR.
We maintain online presences within social networks and platforms (Facebook and Instagram) in order to communicate with the guests, interested parties and users active there and to inform you about our services. When accessing the respective networks and platforms, the terms and conditions and privacy policies of the respective operators apply.
We have included links to our profiles on the social networks of the following providers on our website:
If you click on the icons of the social networks, you will automatically be redirected to our profile in the respective network. This establishes a direct connection between your browser and the server of the respective social network. As a result, the network receives the information that you have visited our website with your IP address and clicked on the link.
The legal basis for any data processing attributed to us is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR in the use and advertising of our social media profiles.
If you make bookings by correspondence (e-mail or letter post) or by telephone call, we require the following data to process the contract:
We will only use this data and other information voluntarily provided by you (e.g. expected arrival time, preferences, allergies in connection with meal orders, etc.) to process the contract, unless otherwise stated in this privacy policy or unless you have given your separate consent. We will process the data by name in order to record your booking as requested, provide the booked services, contact you in the event of ambiguities or problems and ensure correct payment.
The legal basis for data processing for this purpose is the fulfillment of a contract pursuant to Art. 6 para. 1 lit. b EU GDPR or your consent pursuant to Art. 6 para. 1 lit. a EU GDPR. You can withdraw your consent at any time with effect for the future.
On arrival at our apartments, we may need the following information from you and your accompanying persons:
We collect this information to fulfill legal reporting obligations, in particular those arising from hospitality or police law. Insofar as we are obliged to do so under the applicable regulations, we forward this information to the competent police authority.
This data is processed on the basis of a legal obligation within the meaning of Art. 6 para. 1 lit. c EU GDPR.
If you receive additional services during your stay (e.g. meals, excursions, etc.), we will record the object of the service and, if applicable, the time of receipt of the service for billing purposes. The processing of this data is necessary within the meaning of Art. 6 para. 1 lit. b EU GDPR for the execution of the contract with us.
If you have provided us with your e-mail address in connection with your booking, you will receive an electronic form after your departure. We collect the following data via this form:
This information is voluntary and helps us to continuously improve our offer and services and adapt them to your needs. We will only use the information provided to us for statistical purposes, unless otherwise stated in this privacy policy or unless you have given your separate consent. We will process the data by name in order to contact you in the event of ambiguities or problems.
For the aforementioned purposes, the legal basis for processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU GDPR.
If you purchase products or services or pay for your stay in one of our youth hostels using electronic means of payment, the processing of personal data is required. By using the payment terminals, you transmit the information stored in your means of payment, such as the name of the cardholder and the card number, to the payment service providers involved (e.g. providers of payment solutions, credit card issuers and credit card acquirers). They also receive the information that the means of payment was used by one of our youth hostels, the amount and the time of the transaction. Conversely, we only receive the credit of the amount of the payment made at the relevant time, which we can assign to the relevant receipt number, or information that the transaction was not possible or was canceled. Please always refer to the information provided by the respective company, in particular the privacy policy and general terms and conditions. The legal basis for this transmission is the fulfillment of the contract with you in accordance with Art. 6 para. 1 lit. b EU GDPR.
The Wi-Fi available in our premises is provided by local providers. Consequently, their data protection guidelines also apply.
English
Deutsch 
Español 
Français