Data protection statement
AS AT 23/5/2018
A – 6167 Neustift
Tel. +43 5226 36133
We strive to deliver services of outstanding quality. So that we can guarantee this objective for the future and to be able to offer you the best possible service and flawless performance, we capture and process data and activities from enquiries, reservations, voucher purchases or website visits. We process your data exclusively on the basis of the statutory regulations (GDPR, German Telecommunications Act (TKG) 2003). This data protection statement contains information about the most important aspects of data processing within our website. If you make a booking or purchase with us, send us an enquiry, request information or sales literature, we process your personal data in accordance with Article 6 Section 1 b and f of the EU's General Data Protection Regulation (GDPR).
WHICH DATA DO WE CAPTURE?
Website: If you use this website, we capture data that is required for technical purposes, which is transmitted automatically to our server, including the IP address, date and time of the session, type of end-device, access status/HTTP status code, browser type, language and version of the browser software, and the operating system.
This is a technical requirement for us to be able to display our website to you. We also use the data to be able to improve the website in accordance with your expectations and to guarantee the security and stability of the website. The legal basis for the data capture is point (f) of Article 6(1) GDPR.
Forms: If you contact us on our website using a form or get in touch with us by email, make an enquiry or a booking, you give us the personal data (e.g. your name, postal address, email address, telephone number, interests etc.) that we need to be able to process your enquiry. We store and process this data. We do not pass it on to third parties. Excepted from this are companies that work on our behalf as processors and with which we have made an agreement that they will handle your data with the same legally prescribed duty of care as we do. The companies are named below in this data protection statement.
We need cookies to make our offer user-friendly. Some cookies remain stored on your end-device until you delete them. These enable us to recognise your browser again the next time you visit our website.
If you do not wish this to happen, you can set your browser to notify you about cookie placement and allow them individually.
If you do not permit cookies, under certain circumstances not all functions of our website will be available.
WEB ANALYSIS – GOOGLE ANALYTICS
We use Google Analytics on our website to be able to analyse and improve the use of our website.
Accordingly, we have entered into an agreement for processing with the provider.
You can prevent this by setting your browser so that cookies are not stored. We would point out, however, that in this instance not all functions of our website will be available in full. In addition, you can prevent data generated by cookies and data related to the use of the website (including your IP address) being sent to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
We use Google Analytics with the extension „_anonymizeIp()“. This shortens IP addresses (IP masking). Reference to particular persons can therefore be excluded. Google participates in the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. This means that even in the exceptional cases when data is transferred to the US, this data has a reasonable level of protection.
Information about Google: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001
More detailed information on data protection by Google:
This website accesses Google Maps. This enables us to display interactive maps to you directly on our website and facilitate your use of the map function. Through the use of Google Maps, data is transmitted to Google in the US, including your IP address.
The legal basis for processing your data is point (f) of Article 6(1) GDPR. Google participates in the EU-US Privacy Shield: www.privacyshield.gov/EU-US-Framework
Information about Google:
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, US
More detailed information on data protection by Google:
We use Google Fonts on our website. This allows us to integrate certain fonts into our website. These fonts are provided by Google via servers in the US. When our website is accessed, the visitor’s web browser builds a direct connection to these servers. Amongst other things, the IP address of the visitor is transmitted to Google and stored there. Google participates in the EU-US Privacy Shield: www.privacyshield.gov/EU-US-Framework
DURATION OF STORAGE
We process and store your data only as long as it is required to do so for processing or to comply with statutory obligations. Once the purpose of processing has ended, your data is blocked or erased. Provided there are additional statutory obligations for storage, we block or erase your data upon expiry of the statutory retention periods.
OUR MEASURES FOR PROTECTING YOUR PERSONAL RIGHTS
As mentioned at the beginning, we take the protection of your personal data very seriously and use this data exclusively to remain in contact with you, to optimise our service and to adapt to your wishes and requirements.
We take appropriate measures to prevent access for the misuse, theft, sharing, changing or destruction of the stored data.
Our staff are suitably trained and are obliged to use your data confidentially and in compliance with the law.
To safeguard the confidentiality of your personal data, we have entered into processing agreements with service providers to whom we send personal data for communications purposes (newsletters, mailings etc.) or for business purposes (bookkeeping, invoicing, bookings routing, data management systems etc.)
Our website contains links to the websites of third parties. We are not responsible for the compliance of these providers with the regulations of the GDPR. We therefore recommend that you enquire about the data protection statement of these companies.
In particular, the GDPR gives you the right of access to your personal data (if we store your data and which data we store, the processing purpose and the duration of storage), the right to rectification and completion, the right to erasure, the right to the restriction of processing, the right to data portability, the right to object and the right to withdrawal of consent.
You have the right to request confirmation from us about whether we process your personal data. If you would like to exercise this right to confirmation, you can contact our Data Protection Officer at any time with regard to this.
You have the right to receive from us information at any time about the personal data of yours that we store. Furthermore, the European regulator has given you the right to information about the personal data that concerns you which we process, the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations, if possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, about the existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) GDPR and – at least in these instances – meaningful information about the logic involved as well as the consequences and effects aspired to by processing of this kind. If the personal data was not collected from you, you have the right to information about all available information about the origin of the data.
Furthermore, you have the right to information about whether personal data was transmitted to a third country or to an international organisation. Provided that this is the case, you have, besides, the right to receive information about suitable guarantees in connection with the transmission.
You have the right to request rectification without undue delay of inaccurate personal data.
You have the right to request that we erase the personal data without undue delay, provided that one of the following reasons applies and insofar as the processing is not required:
- The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), GDPR and where there is no other legal ground for the processing;
- The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR;
- The personal data has been unlawfully processed;
- The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
Provided that one of the above-mentioned reasons applies and you would like the erasure of personal data that is stored by us, you can contact our Data Protection Officers at any time. Our Data Protection Officer or other member of staff working on his/her behalf will see to it that the erasure request is complied with without undue delay.
Where we have made the personal data public and our company, as the controller, is obliged pursuant to Article 17(1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. Our Data Protection Officer or other member of staff working on his/her behalf will see to the necessary actions being taken in individual cases.
You have the right to request that we restrict processing if one of the following prerequisites is given:
- The accuracy of the personal data is contested by you for a period enabling the controller to verify the accuracy of the personal data;
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
- We, as the controller, no longer need the personal data for the purposes of processing, but it is required by you, as the data subject for the establishment, exercise or defence of legal claims;
- You have objected to processing pursuant to Article 21(1) GDPR pending verification of whether the legitimate grounds of the controller override those of the data subject.
Provided that one of the above-mentioned reasons applies and you would like the restriction of personal data that is stored by us, you can contact our Data Protection Officers at any time. Our Data Protection Officer or other member of staff working on his/her behalf will see to the restriction being carried out.
You have the right to receive the personal data that concerns you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) Article 6(1) GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising your right to data portability pursuant to Article 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that it shall not adversely affect the rights and freedoms of others.
For the establishment of the right to data portability, you can contact our Data Protection Officers at any time.
You have the right for reasons resulting from your special situation to object to the processing of personal data that concern you, pursuant to point (e) or (f) of Article 6(1) GDPR. This also applies to profiling based on these provisions.
If you have any questions about this statement or the processing of your personal data by our company, please contact us by email at firstname.lastname@example.org