We would like to inform you here about the processing of your personal data within the scope of the General Data Protection Regulations (GDPR), the Austrian Data Protection Act (DSG) and the Austrian Telecommunications Act (TKG).
Personal Data is all data which contains information about personal or factual matters, such as name, address, email address, telephone number, date of birth, age, gender, social security number, video recordings, photos, etc.
We collect, process and use your personal data only where this is necessary for the performance of the contract or we have a legal duty to do so or you have provided these to us voluntarily. We will obtain your consent for any form of data processing going beyond this. Where our legitimate interest in the processing of the data outweighs your interest in data protection, processing will also take place in certain circumstances without your consent.
We generally collect your data directly from you. In the course of concluding a contract, however, it may be the case that we obtain your data from third parties, such as for the purchase of vouchers, the ordering of other services on your behalf by third parties, bookings through travel agencies or booking platforms, etc.
Where you provide information during the booking process about your health, such as allergies, the requirement for barrier-free access, etc., we use these to adapt our service to your needs. The data about your health is used exclusively for the purposes of performing the contract and is not passed to third parties. It is a requirement for the processing of data about your health that you provide your express consent to this in the accommodation agreement. We adopt effective and proportionate data protection measures in order to guarantee the protection of data about your health.
We will use data provided to us especially for the purposes of performing the contract, entering into the contract, the fulfilment of statutory requirements, etc.
We ask that you inform us about any changes to your personal data.
We are sometimes required by law to provide personal data (e.g. tax regulations) or it may take place because of contractual provisions (e.g. provision of information to a contractual partner). Failure to provide personal data may lead to us being unable to enter into contract with you.
You have the right to information about your stored personal data and a right to correction, data transfer, opposition, restriction of processing and blocking or deletion of incorrect data or data which has been processed unlawfully. You have the right to withdraw your consent at any time.
If you are of the opinion that our processing of your personal data violates the applicable data protection law, you have the opportunity to lodge a complaint with the relevant supervisory authority. In Austria, the Austrian Data Protection Authority (Datenschutzbehörde) is responsible for this. In Bavaria (Germany), complaints should be made to the Bavarian Data Protection Office (Bayerische Landesamt für Datenschutzaufsicht) (firstname.lastname@example.org).
We take appropriate organisational and technical measures to protect your personal data. In particular, these precautions relate to protection against unauthorised, unlawful or accidental access, loss, processing, use and manipulation.
Please note that we do not accept liability of any kind for the disclosure of information resulting from errors during the transfer of data which are not caused by us and/or unauthorised access by third parties.
It is sometimes necessary for us to transfer your data to contract data processors or other recipients, in order to fulfil our contractual or legal obligations, e.g. to the authorities in order to comply with our reporting duties. Contract data processors process your personal data in accordance with our instructions and only to the extent necessary for performance of this task. Our contract data processors are, for example, tax advisors, lawyers, auditors, external service providers, etc.
We make use of the content or service offerings of third party business in the provision of our service, on the basis of our legitimate interest (i.e. interest in the analysis, optimisation and commercial operation of our service within the meaning of Art. 6(1)(f) GDPR) in order to incorporate content and services.
This requires the transfer of your IP address to the third party service provider, since without the IP address, the content cannot be sent to your browser. The IP address is necessary for the display of this content. Third party service providers may also use so-called web beacons for statistical or marketing purposes. Web beacons allow the evaluation of information, such as user traffic to the website. In certain circumstances, a cookie is also placed which contains technical information on the browser and operating system, referring websites, visit duration and other information about the use of our website. The following is a summary of the third party service providers we use:
- Social Media Stream provided by Juicer, 1515 7th Street, Santa Monica, CA, 90401, USA. Further information available from: https://www.juicer.io/privacy
- When you book a hotel stay through our website for Das Hohe Salve Sportresort, the personal data you provide will be passed to Kognitiv GmbH, Austrian company reg. no. 405030h, Neubaugasse 10/15, 1070 Vienna, Austria. Kognitiv offers a platform for online hotel bookings.
- Where you book a hotel stay through the booking platform HolidayCheck, the data you provide will be transferred to HolidayCheck AG, Bahnweg 8, 8598 Bottighofen, Switzerland. Further information available from: https://www.holidaycheck.de/datenschutz (in German).
- Where you book using the booking platform TripAdvisor, the data you provide will be transferred to TripAdvisor LLC, 400 1st Avenue, Needham, MA 02494, USA. Further information available from: https://tripadvisor.mediaroom.com/AT-privacy-policy.
- Where you buy or redeem a gift voucher through our website for Das Hove Salve Sportresort, the personal data you provide will be passed to our voucher platform provider, INCERT eTourismus GmbH & Co KG, Austrian company reg. no. 287996z, Leonfeldnerstrasse 328, 4040 Linz, Austria. Further information available from: https://www.incert.at/unternehmen/datenschutz/ (in German).
- If you have registered to receive our newsletter via our website Hohe Salve Sportresort, the data you provide will be passed to our email marketing provide, CleverReach GmbH & Co KG, German company reg. no. HRB 210079, Mühlenstrasse 43, 26180 Rastede, Germany. Further details are available under clause 11.
Where you have also provided your express consent, your data will be transferred to the marketing partners specified in the declaration of consent and used by them for the purposes of sending you adverts, customer satisfaction surveys or customer loyalty programmes and similar material. We only transfer your data to other recipients if you have provided either us or the recipient with your consent to the data transfer, the data transfer is necessary for the conclusion or performance of the contract or we are required by law to carry out the data transfer.
However, we only transfer your personal data to recipients within the European Union or in countries which the EU Commission has declared to have an adequate level of data protection. Where this does not apply, we use suitable guarantees to ensure that the recipient of the data will comply with the GDPR.
Personal data is transferred to service providers in the United States of America through Google Analytics, TripAdvisor, Instagram and Hotjar. This personal data is stored and processed in the United States of America. In certain circumstances, this data is passed on to third parties.
Personal data and information is transferred to service providers in the Swiss Confederation through HolidayCheck. This personal data is stored and processed in Switzerland. In certain circumstances, this data is passed on to third parties. The data transfer is permitted on the basis of the adequacy decision (2000/518/EC).
a.) Storage for the performance of contractual or legal obligations:
We store your data for as long as is necessary to fulfil our contractual or statutory obligations. We are required to keep our accounting documents and records for a period of 7 years from the end of the relevant calendar year. In the course of storing your data, we will ensure that your data will only continue to be used to the extent that it is necessary for the reasons specified above.
b.) Storage on the basis of your consent:
Where you have given us your consent, we will store your data for as long as is specified in the declaration of consent or other form of consent that you provide us with, such as within the contract between us. This may include the storage of personal data you have provided us about your health, such as allergies or the need for barrier-free access.
c.) Storage on the basis of legitimate interests:
In addition, we will store your data for as long as we need these to defend any liability or other claims, within the period of limitation set out by law. Under Austrian law, this is generally 3 years from the loss becoming known to the injuring party. Booking enquiries which have not resulted in us entering into a contract with you will be saved by us for 24 months in order that we can use them for internal analysis purposes, such as evaluating our offering. Job applications will be stored for a period of 12 months.
d.) Obligation to delete on the basis of the right to deletion:
Our obligation to delete in the event of you exercising your right to deletion under Art. 17 GDPR is not affected by the foregoing clauses.
Our website collects a range of general data and information each time you access it. Information collected may include the browser, operating system, previously visited websites, the date and time, IP address, internet service provider and other similar data and information. This data is used by us to maintain the website and protect it from threats. Using this data does not allow us to identify any personal data.
The anonymous data from the server log files is stored separately from all other personal data.
If you do not want these cookies to be placed on your device, you can change the settings on your browser so that it informs you about the placement of cookies and you can allow these in individual cases. Where we need your consent to place cookies used by us, we will obtain your prior consent. Deactivating cookies may restrict the functionality of our website.
The provider of the plug-in is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Each time you access a page of this website with an integrated Facebook plug-in, your internet browser is automatically prompted to download the plug-in from Facebook. During the course of this technical procedure, Facebook receives information about exactly which sub-pages of our website are being accessed. If you are logged into Facebook at the same time, Facebook detects precisely which sub-pages are being visited. This information is collected and matched by Facebook to the relevant Facebook account without you needing to click on the plug-in.
If you do not wish for such a transfer to be made to Facebook, you can prevent the transfer by logging out of your Facebook account.
Further details are available at: https://www.facebook.com/privacy/explanation. Please contact us for further information if you want to object to this processing of your data.
The provider of this service is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google Analytics is a service which captures, collects and evaluates data about visitor behaviour on websites. Google uses the data and information obtained for purposes including the evaluation of our website and to perform other services connected to the use of our website.
Google Analytics places a cookie. The placement of the cookie allows Google to analyse the use of our website. This cookie prompts the internet browser to transfer data to Google for the purposes of the online analysis. During the course of this technical procedure, Google receives information about personal data such as the IP address of the person affected, which Google uses to trace the origin of the visitor and what they click on and as a result allows a commission to be charged.
We use the add-on "_gat._anonymizeIp” for the web analysis through Google Analytics. Google uses this add-on to shorten and anonymise IP addresses.
Further details are available at: https://marketingplatform.google.com/about/ and https://policies.google.com/privacy?hl=en-GB. Please contact us for further information if you want to object to this processing of your data.
We will send you our newsletter if we have your consent or legal authority to do so. The data is used for the purposes of sending marketing material. The data is deleted as soon as you revoke your consent to the sending of the newsletter.
In order to send you the newsletter, we need your confirmation that you are the owner of the email address (so-called double opt-in). This confirmation is necessary in order to ensure that you have actually registered for the newsletter. Registrations for the newsletter are logged in order to be able to evidence the registration process. This includes storing the time of registration and confirmation on the one hand and the IP address on the other. Changes to your data held by the email marketing service provider are also logged. You may end your subscription to the newsletter at any time using the unsubscribe option in the newsletter.
We rely on our legitimate interest under Art. 6(1)(f) GDPR in engaging our email marketing service provider and carrying out analysis, in order to make out newsletter system more secure and user friendly.
Technical information, such as information about your browser and system, as well as your IP address and the time of access, is collected using a web beacon when you access the newsletter. This information is used to make technical improvements to the service using the technical data or the target group and the reading behaviour or access times. The statistical data which is collected also includes confirmation of whether the newsletter is opened, when it is opened and what links are clicked. This information may be matched to individual newsletter recipients for technical reasons.
Where the contact form is used, the personal data you provide is saved automatically. Such data is used for the purpose of processing your enquiry or getting in touch with you. We do not pass your personal data on to third parties, unless you have registered to receive our newsletter.
a) Registration data:
You are required under the Austrian Police Registration Act (Meldegesetz) to provide the information specified in sections 5 and 10 of that Act. This concerns the following data: Name, date of birth, gender, nationality, country of origin, address including postcode, and – for foreign guests – type, number, period of issue and issuing authority of a travel document as well as the dates of arrival and departure.
Data in the categories “arrival”, “departure” and “country of origin” are passed to the local authority in which our accommodation business is located, in accordance with section 6 of the Austrian Tourism Statistics Regulations (Tourismus-Statistik-Verordnung). Aggregated data about the total number of overnight stays and the persons required to pay the tourism/city tax require to be transferred to the relevant tourism board to which we belong and/or the local authority This takes place on the basis of section 19 of the Tyrolean Tourism Tax Act (Aufenthaltsabgabegesetz).
Processing takes place on the basis of Art 6(1)(c) GDPR.
In addition, we pass on your postcode and your year of birth (in pseudonomised or anonymised format) to our local authority and our tourism board for statistical purposes for the preparation and analysis of statistics about origin and age by the tourist board. This transfer is based on Art 6(1)(e) (tasks in the public interest) and Art 6(1)(f) (legitimate interests) GDPR. You may object to this any time for reasons arising out of your particular situation (Art. 21(1) GDPR).
b) Guest cards:
You have the opportunity to make use of a guest card. The guest card grants you discounts and/or services with different business in the region (e.g. discounted entry). The guest card is valid for the duration of your stay with us.
The guest card will be created and issued by the accommodation provider only upon your request. It will be created using the guest card system employed by the tourism board and/or the accommodation provider either in the form of:
- an electronically generated guest card;
- a hand-made guest card; or
- a copy of the guest registration form.
For both the electronically generated and hand-made guest cards, the following personal data will be processed from that collected upon check-in (see clause 1 above): First name, surname, date of birth, country of origin/post code and length of stay (arrival/departure).
If the guest card is created in the form of a “guest registration form”, this will contain the contents required under section 5 in conjunction with section 9 of the Austrian Police Registration Act (Meldegesetz) (also see clause 1.1 “registration data” above). In this event, no electronic processing will be carried out for the purposes of the guest card.
In using the guest card, the following additional personal data will be processed: data about the life cycle of the relevant card, use of services, bookings, transaction logs, reference to the registration data and accommodation provider.
The data is necessary, on the one hand, to confirm identity and, on the other hand, to determine the period of validity of the guest card when providing the relevant services and in order to carry out a financial reconciliation between the service providers, the tourism board and, in any event, the accommodation provider.
The processing of data for the purposes of the guest card is carried out on the basis of your consent (Art. 6(1)(a) GDPR). You may revoke your consent at any time.
The guest card system is operated by the local tourism board (“TVB”). The local accommodation provider and local businesses (“Service Providers”) are also involved. The data which is processed for the guest card is deleted after 40 (forty) months unless processing is being carried out for other legitimate purposes (e.g. regulatory reporting).
The local TVB obtains the data processed for the purposes of the guest card in order that it can carry out a financial reconciliation with the Service Providers and/or accommodation providers. The individual Service Providers who provide reduced services on the basis of the guest card also receive the data whenever you use the Service Providers’ guest card services. In order to make use of the discounts, you are required to show the guest card on which the data is contained to the Service Provider and thereby disclose this yourself. The business then checks whether this is (still) valid, usually by scanning the barcode on the guest card and transferring the barcode data to our IT contract data processor. By doing so, personal data, in particular data about your identity, is also transferred to the business (to check the identity and date of birth). If the guest card has been created in the form of the “guest registration form”, it will check the validity using the copy of the “guest registration form”.
Hopfgarten im Brixental, 30 May 2018