Data protection declaration
DATA PROTECTION DECLARATION
We would like to take this opportunity to inform you about the manner in which we process your data in accordance with the General Data Protection Regulation (GDPR), the German Data Protection Act (Datenschutzgesetz; DSG) and the German Telecommunications Act (Telekommunikationsgesetz; TKG).
We process your personal data in cooperation with MP Consulting GmbH, FN 244397h, Brixentaler Strasse 3, 6361 Hopfgarten im Brixental, Austria, as joint controllers in accordance with Art. 26 GDPR. Please do not hesitate to contact us should you require any further information. Our contact details are stated at the end of this Data Protection Declaration.
1. Personal data
Personal data includes all data containing information about your personal or factual circumstances, such as name, address, e-mail address, phone number, date of birth, age, gender, social insurance number, video recordings, photos, etc.
We collect, process and use your personal data only if required for the fulfilment of an agreement or if required to do so by law or you have provided us with this data on a voluntary basis. We obtain your consent for any data processing activities which exceed this scope. We may also process your data without your consent if our justified interests outweigh your right to data protection.
We usually collect the data directly from you. However, during the conclusion of an agreement, we may sometimes collect your data from third parties, such as when selling vouchers, ordering other services for you from third parties, placing bookings through tour operators, booking platforms, etc.
We use any health data provided by you during the booking process, such as allergies, disabled access needs, etc., to tailor our offer to meet your requirements. The health data entered by you is used exclusively for the contractual fulfilment and is never transferred to third parties. Your health data is only processed if you have given your explicit consent for us to do so in the accommodation agreement. We implement adequate and effective data protection measures to secure your health data.
We shall use the data provided to us primarily for the fulfilment and negotiation of agreements, compliance with legal obligations, etc.
Please notify us should your personal data change.
We would herewith like to inform you that the provision of your personal data is required by law in certain cases (e.g. tax regulations) or may result from contractual provisions (e.g. information about the contracting partner). Failure to provide the personal data may result in us being unable to conclude the agreement.
2. Your rights
You are entitled to obtain information about your personal data that has been stored and also to request the correction, data transfer, limitation of the processing activities, and blocking or deletion of, and you also have the right to object to, data that has been incorrectly or impermissibly processed. You may withdraw your consent at any time.
If you are of the opinion that the processing of your personal data by us contravenes the applicable data protection laws, you have the option to complain to the relevant supervisory authorities. The Data Protection Agency (Datenschutzbehörde) is the responsible instance in Austria. In Bavaria, complaints can be submitted to the Bavarian Data Protection Authority (firstname.lastname@example.org).
3. Data security
We implement organisational and technical measures to protect your personal data. These measures primarily relate to the protection of unauthorised, illegal and also accidental access, loss, processing, use and manipulation.
Please note that we shall not assume any form of liability whatsoever for the disclosure of information caused by data transmission errors and/or unauthorised third-party access outside our scope of control.
4. Data transfer to third parties
We may have to transfer your data to order processors or other recipients, such as primarily government agencies, to meet our contractual, statutory and reporting obligations. Order processors process your personal data as instructed and only within the scope required for the fulfilment of this task. Our order processors include tax advisors, lawyers, auditors, external service providers, etc.
Based on our justified interests (i.e. interests in the analysis, optimisation and economic operation of our contents within the meaning of Art. 6 (1) lit. f GDPR), we use third-party contents and service offers within our contents in order to include these in our contents.
This requires for the third-party provider to receive your IP address as without it the contents cannot be sent to your browser. The IP address is required for displaying these contents. Third-party providers may also use web beacons for statistical and marketing purposes. Web beacons can be used for analysing information, such as the traffic to this website. A cookie may also be placed for this purpose, which contains technical information on the browser and operating system, referrer URL, time of visit and further information on the use of our website. Below is an overview of the third-party providers used by us:
- Social Media Stream of Juicer, 1515 7th street, #424, Santa Monica, CA, 90401, USA. For further information go to: https://www.juicer.io/privacy
- If you book hotel accommodation through our Hohe Salve sports resort website, the personal data provided by you is transferred to Seekda GmbH, FN 405030h, Neubaugasse 10/15, 1070 Vienna, Austria. Seekda provides an online hotel booking platform. For further information go to: https://seekda.com/de/datenschutzerklarung/.
- If you book hotel accommodation through the HolidayCheck booking platform, the data provided by you is transferred to HolidayCheck AG, Bahnweg 8, 8598 Bottighofen, Switzerland. For further information go to: https://www.holidaycheck.de/datenschutz.
- If you make your booking through the TripAdvisor booking platform, the data provided by you is transferred to TripAdvisor LLC, 400 1st Avenue, Needham, MA 02494, USA. For further information go to: https://tripadvisor.mediaroom.com/AT-privacy-policy.
- If you purchase or redeem vouchers issued by the Hohe Salve sports resort through our website, the personal data provided by you is transferred to INCERT eTourismus GmbH & Co KG, FN 287996z, Leonfeldnerstrasse 328, 4040 Linz, Austria, the provider of the voucher platform. For further information go to: https://www.incert.at/unternehmen/datenschutz/.
- If you subscribe to the Newsletter on our Hohe Salve sports resort website, the data provided by you is transferred to CleverReach GmbH & Co KG, HRB 210079, Mühlenstrasse 43, 26180 Rastede, Germany, the dispatcher. Go to section 11 for further information.
If you have further given your explicit consent, your data is transferred to the advertising partners listed in the declaration of consent and used by them for sending advertising, satisfaction surveys and customer retention programmes, etc. We only transfer your data to other recipients if you have given us or the recipient consent to transfer the data, the data transfer is required for concluding the agreement or contractual fulfilment, or we are legally obliged to transfer the data.
However, we only transfer your personal data to recipients within the European Union or countries which the EU Commission has deemed to have an adequate data protection level. Insofar as this does not apply, we issue suitable guarantees to ensure that the recipient complies with the General Data Protection Regulation.
Google Analytics, TripAdvisor, Instagram and Hotjar transfer personal data and information to the providers in the USA. This personal data is stored and processed in the USA. This data may be transferred to third parties.
HolidayCheck transfers personal data and information to the provider in Switzerland. This personal data is stored and processed in Switzerland. This data may be transferred to third parties. The data transfer is permissible in accordance with the adequacy decision (2000/518/EC).
5. Data storage
a.) Storage in compliance with contractual and legal obligations:
We store your data for as long as required for fulfilling our contractual and legal obligations. We are obliged, for instance, to store our accounting documentation for a period of seven years from the end of the calendar year to which they refer.
When storing your data, we shall ensure that it is only used to the extent required for the above purposes.
b.) Storage based on your consent:
If you have given us your consent, we shall store your data for as long as has been agreed in your declaration of consent or other form of consent, such as within the scope of an agreement concluded with you. This affects, for instance, the health data disclosed by you about facts such as allergies or need for disabled access.
c.) Storage based on justified interests:
We shall also store your data for as long as required to defend compensation and other claims within the scope of the legal statutes of limitation. In accordance with Austrian law, this period is always three years from uncovering a defect or liable party.
We store booking enquiries which did not result in the conclusion of an agreement for a period of 24 months for internal analysis purposes, such as the analysis of our contents.
We store job application documents for a period of 12 months.
d.) Obligations to delete data in accordance with the right to deletion:
The above paragraphs do not affect our obligations to delete the data should you exercise your right to deletion in accordance with Art. 17 GDPR.
6. Collection of general data and information
Our website collects a number of general data and information every time you access it. The browser, operating system, previous website visited by you, date and time, IP address, internet service provider and other similar data and information may be collected. We use this data to maintain the website and protect it against cyber attacks. The use of this data does not give any inference to personal data.
The anonymous server logfile data is stored separately from all other personal data.
If you wish to prevent these cookies from being stored on your computer, you can adjust your browser settings so that you receive information every time a cookie is stored and you can choose to permit it on an individual basis. If the cookies used by us require consent, we will obtain this from you in advance. Deactivating cookies may limit the functionality of our website.
The plug-in is provided by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Each time a web page containing the Facebook plug-in is accessed, the browser is automatically triggered to download an image of the plug-in from Facebook. During this technical process, Facebook obtains knowledge of the specific sub-page visited on our website. If you are logged into Facebook at the same time, Facebook recognises which specific sub-page has been visited. This information is collected and allocated to the respective Facebook account by Facebook without you having to click on the plug-in.
If you wish to prevent such data transfer to Facebook, you can do so by logging out of your Facebook account.
For further information go to: https://de-de.facebook.com/privacy/explanation. Please contact us for further information if you wish to object to this Data Protection Declaration.
9. Google Analytics
The provider is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google Analytics is a service for collecting, storing and analysing data on the conduct of website visitors. Google uses the collected data and information for activities such as analysing the use of our website and providing other services relating to the use of our website.
Google Analytics installs a cookie. This enables Google Analytics to analyse the use of our website. This cookie triggers the browser into sending data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge about personal data, such as the IP address of the affected person, which Google uses for activities such as tracing the origin of the visitors and clicks. This data is subsequently used for invoicing commission payments.
We use the extension "_gat._anonymizeIp” for web analyses via Google Analytics. With this extension, Google abbreviates and anonymises the IP address.
For further information go to: https://www.google.com/intl/de_de/analytics/ and https://www.google.de/intl/de/policies/privacy/. Please contact us for further information if you wish to object to this Data Protection Declaration.
We only mail the Newsletter to you with your consent or if permitted to do so by law. The data is used for sending advertising. The data is deleted as soon as you withdraw your consent to send the Newsletter.
To send you the Newsletter, we require your confirmation that you are the owner of the e-mail address (so-called double opt-in). This confirmation is required to ensure that you actually registered to receive the Newsletter. The Newsletter registrations are logged to provide evidence of the registration process. This process includes the storage of the registration and confirmation time and date as well as the IP address. Changes to your data stored with the service provider sending the Newsletter are also logged. You can cancel your subscription at any time by using the unsubscribe option provided in the Newsletter.
The data is transferred to CleverReach GmbH & Co KG, HRB 210079, Mühlenstrasse 43, 26180 Rastede, Germany, our dispatcher. You can read this company’s data protection policy at www.cleverreach.com/de/datenschutz. The dispatcher does not transfer your data to third parties.
The dispatcher is engaged and analyses are performed on the basis of our justified interests in accordance with Art. 6 (1) lit. f GDPR to create a user-friendly and secure newsletter system.
When accessing the Newsletter, a web beacon collects technical information, such as information on your browser and system, as well as your IP address and time of access. This information is used for technical service improvements based on the technical data, target groups and reader habits, or access times. The statistical data collected also includes information on if and when the Newsletters have been opened and which links have been clicked. This information can be allocated to individual Newsletter recipients for technical reasons.
11. Contact form
If you use the contact form, the personal data transmitted will be stored automatically for the purpose of processing and getting in touch. It is not transferred to third parties, unless you register for the Newsletter.
12. Registration data and guest cards
a) Registration data
In accordance with the Austrian Reporting Act (Meldegesetz; MeldeG), you must register with us using the data stipulated in Sections 5 and 10 MeldeG. This includes the following data: name, date of birth, gender, nationality, country of origin, address including post code and (for foreign guests) type, number, issuing country and authority of a travel document as well as date of arrival and departure.
In accordance with our legal obligations stipulated in Section 19 of the Austrian Reporting Act Implementation Ordinance (Meldegesetz-Durchführungs-Verordnung ), we record this data in a guest list and store it for a period of 7 (seven) years, unless it is processed over a longer period for other purposes stated in this Data Protection Declaration. We may keep the guest list in electronic format and may transfer the data to an IT order processor where the data is stored locally. The data is not transferred to third countries.
In accordance with Section 6 of the Austrian Tourism Statistics Ordinance (Tourismus-Statistik-Verordnung) the ‘Arrival’ and ‘Departure’ data categories are linked to the country of origin and transferred to the municipality in which the accommodation is located. Aggregated data on the total number of overnight stays and the persons who are liable to pay tourist tax must also be transferred to the respective tourism association of which we are a member and/or the municipality. This transfer complies with Section 19 of the Tyrol Tourist Tax Act (Tiroler Aufenthaltsabgabegesetz).
The data is processed in accordance with Art. 6 (1) lit. c GDPR.
We also transfer your post code and date of birth (in pseudonymised and/or anonymised form) to our municipality and our tourism association for statistical purposes, namely the preparation and analysis of origin and age statistics by the tourism association. This transfer complies with Art. 6 (1) lit. e (Task in Public Interest) and lit. f (Task for the Purposes of Legitimate Interests) GDPR. You can object to this at any time for reasons arising from your specific situation (Art. 21 (1) GDPR).
b) Guest card
You have the option to request a guest card. This guest card provides you with discounts and/or services from various companies in the region (such as discounted entry fees). The guest card remains valid for the period of your stay.
The accommodation provider only issues you with a guest card upon request. The tourism association and/or accommodation provider issues this card in the form of
• an electronically generated guest card,
• a manually generated guest card, or
• a copy of the registration form,
depending on the guest card system used by them.
The following personal data, which is determined from the registration data (see Section 1 above), is processed for generating the electronic and manual guest card: forename, surname, date of birth, country of origin / post code and duration of stay (arrival / departure).
If the guest card is issued in the form of a registration form, it comprises the content in accordance with Section 5 in conjunction with Section 9 MeldeG (see Section 1.1 ‘Registration data’ above). In this case, the data is not electronically processed for generating the guest card.
The following additional personal data is processed when using the guest card: data on the usage cycle of the respective card, use of services, bookings, transaction logging, reference to the registration data and accommodation provider.
The data is required for determining the identity as well as validity period of the guest card for the respective service provider and for invoicing the discounts between service providers, the tourism association and the accommodation provider, if required.
The data is processed for the guest card transactions on the basis of your consent (Art. 6 (1) lit. a GDPR). You may withdraw your consent at any time.
The guest card system is operated by the local tourism association. Local accommodation providers and companies (service providers) are also involved. The data processed for the guest card is deleted after 40 (forty) months, unless it continues to be processed for other legitimate purposes (such as regulatory reporting).
The data processed for the guest card is transferred to the local tourism association for settling payments with the service providers and/or accommodation providers. The individual service providers which grant discounts on their services based on the guest card also receive the data if you use the guest card services from these companies. You must show the respective guest card containing the data to the service provider if you wish to claim the discounts. By doing so, you voluntarily disclose the information. The company then checks the validity of the guest card, usually by scanning the barcode on the guest card and transferring the barcode data to our IT order processor. Personal data is also transferred to the company during this process, particularly your identity data (to check your identity and date of birth). If the guest card has been issued in the form of a registration form, its validity is checked by comparing the copy of the registration form.
13. Job applications
Current vacancies in our company are advertised on our website. During the application process, you have the opportunity to send us your application documents in electronic form per e-mail or in printed form in the post. Your data is used and stored for evaluations and contact during the application process and also for justifying an employment contract, if applicable. With your permission, we use your data to offer you other vacancies within our Group.
14. Contact details:
Sportresort Hohe Salve GmbH
6361 Hopfgarten im Brixental
Hopfgarten +43 5335 2420
Hopfgarten im Brixental, 30th of May 2018