FADP · GDPR

Privacy Policy

Last update: 13 juin 2026

Cari'Stay is an aparthotel located in Portalban, on the shores of Lake Neuchâtel. We place paramount importance on protecting your privacy. This policy details how we process your data in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the General Data Protection Regulation (GDPR) for our European clients.

01.Data controller

The Cari'Stay aparthotel is located at Route du Port 23, 1568 Portalban.

The data controller within the meaning of data protection legislation is the operating company:

Heiwa Solution SA
Route de Vermala 45
3963 Crans-Montana, Suisse
E-mail: Info@heiwa-solution.com

02.Data collection and processing purposes

We process the personal data you provide us as part of your booking and stay:

  • · Booking process: first name, last name, address, e-mail, phone. This data is collected to manage your stay at the aparthotel.
  • · Check-in and legal obligations: through our online check-in tool, we collect the identity data necessary for establishing police records and calculating the city tax (legal obligations in the canton of Fribourg).
  • · Payment: your transactions are secured by our PCI-DSS Level 1 certified provider (Stripe). We never have access to your complete banking information.
  • · Technical data: IP address, browser type, pages visited (server logs, for security and performance purposes).
  • · Marketing and analytics: subject to your consent via our cookie banner, we use audience measurement tools to optimize our offerings.

We do not engage in any automated decision-making or profiling that produces legal effects on you.

03.Third-party sharing and international transfers

Your data is shared only with our technical service providers necessary for the operation of the service:

  • · Hostaway (EU): centralized booking management and calendar synchronization.
  • · Stripe (USA): payment processing. Stripe is certified under the Swiss-U.S. Data Privacy Framework, ensuring processing compliant with Swiss requirements.
  • · Duve (Israel): guest experience and online check-in. Israel benefits from an adequacy decision from Switzerland ensuring a high level of protection.
  • · Cloudflare (USA): network infrastructure, DDoS protection and SSL certificates. Certified Swiss-U.S. Data Privacy Framework.
  • · Infomaniak (Switzerland): web hosting. Site data is stored in Switzerland.
  • · Google / Meta (USA): only if you consent via the cookie banner. These providers are certified under the Swiss-U.S. Data Privacy Framework.

No data is sold, rented or transmitted for commercial purposes to third parties not listed above.

04.Cookies

Our site uses four categories of cookies:

Strictly necessary (always active)

Essential for the site's operation: session, security, technical preferences. Do not require consent.

Functional

Remember your language, currency, traveler preferences. Active by default, can be disabled.

Analytics

Anonymized audience measurement (visits, time spent). Only activated with your consent.

Marketing

Advertising personalization (Google Ads, Meta Pixel). Only activated with your explicit consent via the banner.

You can modify your preferences at any time via the consent banner on the site.

05.Retention period

We retain your data only as long as necessary:

  • · Booking and billing data: 10 years (accounting obligation under Swiss Code of Obligations, art. 958f).
  • · Check-in data (police records): 2 years (Fribourg cantonal obligation).
  • · Marketing data: 3 years from last contact, then automatic deletion.
  • · Server and technical logs: 12 months maximum.
  • · Cookies: from session to 13 months maximum, depending on category.

06.Your rights

As a data subject, you have the following rights:

  • · Right of access to your stored personal data.
  • · Right of rectification or deletion.
  • · Right to restrict processing.
  • · Right to data portability.
  • · Right to object to processing.
  • · Right to withdraw your consent at any time (without retroactive effect).

To exercise these rights, contact us at Info@heiwa-solution.com. We respond within 30 days.

You also have the right to file a complaint with the Federal Data Protection and Information Commissioner (FDPIC): edoeb.admin.ch.

07.Data security

We implement appropriate technical and organizational measures to protect your data: end-to-end HTTPS/TLS encryption, restricted and authenticated access to our systems, regular audits, encrypted backups, and continuous training of our team.

08.Minors

Our services are not intended for persons under 16 years of age. If you become aware that a child has provided us with personal data without parental consent, write to us and we will proceed with immediate deletion.

09.Changes to this policy

We reserve the right to modify this policy at any time to reflect legal or service changes. Substantial changes will be announced on this page with 30 days notice. The date at the top of this page indicates the last update.

Heiwa Solution SA