This Data Protection Policy was prepared and published by Humansa Suisse AG, Thiersteinerallee 29, 4053 Basel, Switzerland, registered in the Commercial Register of the Canton of Basel Stadt under the number CH-270.3.017.199-0
We, i.e. Humansa Suisse AG, are responsible in terms of data protection law for the collection, processing and use of your personal data and for data processing that is in conformity with the law.
The term “personal data” means all information that relates to an identified or identifiable natural person. This includes information that makes it possible to draw conclusions about your identity (e.g. information such as name, postal address, email address, and phone numbers).
Because your trust is important to us, we take data protection very seriously and pay special attention to security. We comply with the statutory provisions of the Swiss Federal Act on Data Protection (Bundesgesetz über den Datenschutz, DSG), the Swiss Ordinance to the Federal Act on Data Protection (Verordnung zum Bundesgesetz über den Datenschutz, VDSG), the Swiss Telecommunications Act (Fernmeldegesetz, FMG), and all other applicable data protection provisions of Swiss law.
We ask that you take note of the following information so that you will know what personal data we collect from you and the purposes for which we use them. Please note that the following information will be reviewed and amended from time to time. We therefore recommend that you read this Data Protection Policy regularly. Furthermore, for individual instances of data processing listed below, other companies are responsible under data protection law, either solely or jointly with us, meaning that in such cases, the data protection policies of those providers may also be relevant.
If you have any questions about data protection or would like to exercise your rights, please contact our data protection officer:
Humansa Suisse AG
Datenschutz
Thiersteinerallee 29
4053 Basel
Schweiz
datenschutz@humansa.ch
To enable you to establish a connection to our websites or to any microsites, your browser transfers certain data to the servers of our hosting provider, which temporarily records every access in a log file. The following data will be collected without any action on your part and stored by us until it is automatically deleted:
These data are collected and processed for the purpose of facilitating the use of our websites, ensuring continuous system security and stability, and facilitating the optimisation of our website, as well as for statistical purposes.
In addition, in the event of attacks on the network infrastructure or other unauthorised use or misuse of our websites, the IP address is analysed together with other data for the purpose of investigation and defence and, if necessary, is also used in connection with criminal proceedings for the purpose of identifying the user in question and holding him or her civilly or criminally liable.
The purposes described above are to be considered our legitimate interest in data processing.
The contact form feature on our websites enables you to get in contact with us at various points (e.g. for general contact, asking for advice or booking requests). For this feature, we require the following information; mandatory information is marked with an asterisk (*):
We use these data, as well as data voluntarily provided by you, only so that we can respond to your contact enquiry as best as possible and in a personalised manner. The processing of these data is therefore necessary in order to take steps prior to entering into a contract.
At various points on our websites, you have the option to contact us by telephone or email, such as to ask us questions about website functionality, bookings or services.
We collect only the data that you disclose to us. Therefore, you are responsible for the content of your message and are in control of what information you transmit to us. We recommend that you do not transmit any sensitive information. In order to answer your questions, we may ask you to provide us with additional information (e.g. your postal address, your email address, etc.). We will collect from you only the data that are necessary to answer your questions or to provide the services you desire.
Processing your request is to be considered our legitimate interest.
You are able to contact us using WhatsApp, such as to ask us questions about bookings or services. In doing so, we collect the following data; mandatory information in the registration form is marked with an asterisk (*):
We collect only the personal data that you disclose to us. Therefore, you are responsible for the content of your message and are in control of what information you transmit to us. We recommend that you do not transmit any sensitive information. In order to answer your chat questions, we may ask you to provide us with additional information. We will collect from you only the personal data that are necessary to answer your questions or to provide the services you desire.
The company address of the subprocessor is: WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. The chat data are stored on servers within the EEA.
Processing your chat request or message is to be considered our legitimate interest.
If you make bookings either personally, by correspondence (email or postal mail), or by phone, we require the following data in order to process the service; mandatory information is marked with an asterisk (*):
We will use these data and other information voluntarily provided by you (e.g. expected arrival time, preferences, comments) only for processing the contract, unless this Data Protection Policy specifies otherwise or you have given your separate consent for this purpose. We will process the data particularly in order to provide services to you in accordance with your wishes, to contact you in the event that something is unclear or problems arise, and to give you access to your data.
If necessary, personal data are disclosed to companies involved in the performance of this contract, e.g. service providers such as cloud operators (AWS). Personal data is stored in Swiss or EEA cloud instances only.
For certain services (i.e. Future Light) we open a user account for you on our websites. For a user account, we need to collect the following data; mandatory information is marked with an asterisk (*):
We collect these data, as well as other data voluntarily entered by you, for the purpose of providing you with direct, password-protected access to your basic data stored with us. In the account, you can, for example, download your personal health report. Finally, you can request the deletion of the customer account in full.
Humansa Suisse AG also processes personal data from you outside of the websites. This may be the case, e.g. where we collect and process health data.
The legal basis for data processing is the satisfaction of your service enquiries and thus a legitimate interest.
To the extent that you purchase services (e.g. TCM massage) in the course of your stay, the nature of the service and the time at which it is purchased are recorded by us for billing purposes.
The processing of these data is necessary for the purpose of performing the contract with us.
The personal data described in this Data Protection Policy are stored and processed by Humansa Suisse at a central location. The specified data are stored in central electronic data processing systems. The data relating to you will be collected, linked and evaluated systematically for the processing of your services (e.g. in order to be able to offer you health insights, personalised services or products). In connection with these analyses, user profiles may be created about you. Within the framework of data protection regulations, we also enrich the data with data from statistical models. For this purpose we use the cloud infrastructure of AWS from Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg. Further we use the software Future Light and Zenoti, both hosted on the Swiss AWS platform. The processing of these data using the software is based on our legitimate interest.
Among many other things, cookies help to make your visit to our websites easier, more convenient, and more meaningful. Cookies are information files that your web browser automatically stores on your device’s hard drive when you visit our website.
We use cookies, for instance, in order to temporarily store the services you selected and the entries you made when filling out a form on the website so that you don’t have to enter them again when you access a different subpage. In some cases, cookies are also used in order to be able to identify you as a registered user following registration on the website without you having to log in again when accessing a different subpage.
Most internet browsers automatically accept cookies. However, you can configure your browser in such a way that no cookies are stored on your computer or that a message is displayed when you receive a new cookie.
We have included links to our profiles on the social networks operated by the following providers on our websites:
If you click on the icons of the social networks, you will be automatically re-directed to our profile on the respective network. This creates a direct connection between your browser and the server of the respective social network. This will inform the network that you have visited our websites with your IP address and have clicked on the link.
If you click on a link to a network while you are logged into your account on that network, the content of our websites can be linked to your profile so that the network can link your visit to our website directly to your account. If you want to prevent this, you should log out before clicking on the corresponding links. A connection between your access to our websites and your user account will always take place when you log in to the respective network after clicking on the link. The respective provider is the controller in terms of data protection law for the data processing associated with this. Therefore, please refer to the information on the network’s website.
The legal basis for any data processing that may be attributed to us is our legitimate interest in the use and promotion of our social media profiles.
We store personal data only for as long as is necessary for implementing the processing in connection with our legitimate interest explained in this Data Protection Policy. In the case of contract data, storage is required by statutory retention obligations. Provisions that obligate us to retain data result from accounting provisions and tax law. In accordance with these provisions and laws, business communications, concluded contracts, and booking receipts in particular must be retained for a period of up to 10 years. If we no longer need these data for performing the services for you, they are blocked. This means that the data may be used only if this is necessary to fulfil the retention obligations or to defend and enforce our legal interests. Data will be deleted as soon as there is no longer any obligation to retain them or any legitimate interest in doing so.
We disclose your personal data only if you have expressly consented to it, if there is a statutory obligation to do so, or if this is necessary for the purpose of enforcing our rights, including the enforcement of claims under the contractual relationship. We also transfer your data if we are obliged by law to do so (e.g. request of a law enforcement authority) or if this is necessary for the enforcement of our claims within the scope of the contractual relationship (e.g. debt collection procedures). The third party’s use of the data passed on is strictly limited to the stated purposes.
We make use of appropriate technical and organisational security measures in order to protect your data that are stored with us against manipulation, total or partial loss, and unauthorised access by third parties. Our security measures are continuously improved in keeping with technological developments.
You should always keep your login data confidential and close the browser window once you end communication with us, particularly where you share the computer with others.
We also take internal data protection very seriously. Our employees and the service companies commissioned by us have been obliged by us to maintain confidentiality and to comply with data protection regulations.
You can object to data processing at any time. You also have the following rights:
Right of access: You have the right to request access to your personal data stored by us free of charge at any time when we process them. This gives you the opportunity to check what personal data we process about you and that we are using them in accordance with applicable data protection regulations.
Right to rectification: You have the right to have inaccurate or incomplete personal data corrected and to be informed of the correction. In this case, we will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort.
Right to erasure: You have the right to have your personal data erased under certain circumstances. The right to erasure may be excluded in a given case.
Right to restriction of processing: You have the right, under certain conditions, to request that the processing of your personal data be restricted.
Right to data portability: In certain circumstances, users outside Switzerland have the right to receive from us the personal data that you have provided to us free of charge in a readable format.
Right to lodge a complaint: You have the right to lodge a complaint with a competent supervisory authority about the way in which your personal data are processed.
Right of withdrawal: As a rule, you have the right to withdraw a given consent at any time with prospective effect. Past processing activities performed on the basis of your consent will not become unlawful by your withdrawal.
To enforce your rights, you can contact us at datenschutz@humansa.ch. If we so choose, we may require proof of identity for processing your request.
We do not seek to collect any personal data of minors. However, we are not always able to verify the age of those who visit and use our websites/apps. If a minor transmits his or her data to us without the permission of his or her parent or guardian, we ask that the parent or guardian contact us so that these data can be erased and the minor will stop receiving any advertising material from us in the future.
Version of March 2026
-01.png){kind=logo}