Questions, desires, suggestions, criticism? Gladly contact us by telephone or e-mail. We look forward to hearing from you or reading about you.
The controller for the purposes of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Das Gutenbrunn - Thermen & Sporthotel
Peter Fischerlehner
Rollettgasse 6, 2500 Baden bei Wien
Österreich, Austria
If your personal data is processed, you are the data subject within the meaning of GDPR and you have the following rights against the controller:
You may ask the controller to confirm if personal data concerning you is processed by us.
If such processing is being carried out, you can request information from the controller about the following:
You have the right to request information about whether your personal data is transferred to a third country or an international organisation. In this context, you can request the appropriate guarantees according to Article 46 GDPR in connection with the transfer.
You have a right against the controller to rectification and/or completion, if your personal data processed is incorrect or incomplete. The controller must make the correction immediately.
You have the right to obtain from the controller restriction of processing where one of the following applies:
Where processing has been restricted, such personal data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If restriction of processing has been obtained pursuant to the conditions set out above, you shall be informed by the controller before the restriction of processing is lifted.
You can demand the controller delete your personal data without delay, and the controller is required to delete that information immediately if one of the following applies:
If the controller has made the personal data concerning you public and is obliged to delete it according to Article 17 par. 1 GDPR, the controller shall, taking into account available technology and implementation costs, take appropriate measures, including technical means, to inform data controllers who process your personal data that you as data subject have requested all links to such personal data, or copies or replications of such personal data, to be deleted.
The right to erasure does not exist if the processing is necessary:
If you have the right of rectification, erasure or restriction of processing against the controller, he/she is obliged to notify all recipients to whom your personal data has been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have a right against the controller to be informed about these recipients.
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where:
In exercising this right, you shall have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. Freedoms and rights of other persons may not be affected by this right.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority which has been delegated to the controller.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6 par. 1 lit. 2 or f GDPR; this is also valid for profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing; this includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
You may, in the context of the use of information society services – notwithstanding Directive 2002/58/EC – exercise your right to object by automated means using technical specifications.
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the existence of consent prior to consent being revoked.
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
However, these decisions shall not be based on special categories of personal data referred to in Article 9 par. 1 GDPR unless Article 9 par. 2 lit. a or g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
With regard to the cases named in (1) and (3), the controller shall take appropriate measures to uphold the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person by the controller, to express his/her own position and to challenge the decision.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement if you consider the processing of your personal data to infringe the GDPR.
The supervisory authority with which the complaint is lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
In principle, we process our users’ personal data only to the extent necessary to provide a functioning website and our content and services. The processing of users’ personal data takes place regularly only with the consent of the user. An exception applies in cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.
Insofar as we obtain the consent of the data subject for processing of personal data, Article 6 par. 1 p. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as legal basis.
Article 6 par. 1 p. 1 lit. b GDPR serves as legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is a party. This also applies to processing required to carry out pre-contractual measures.
Insofar as processing of personal data is required to fulfil a legal obligation to which our company is subject, Article 6 par. 1 p. 1 lit. c GDPR serves as legal basis.
In cases where the vital interests of the data subject or another natural person require the processing of personal data, Article 6 par. 1 p. 1 lit. d GDPR serves as legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interest, fundamental rights and freedoms of the data subject do not prevail over the first interest, Article 6 par. 1 p. 1 lit. f GDPR serves as legal basis for the processing.
The data subject’s personal data shall be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, such storage may occur when provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also occurs when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
Each time our website is accessed, our system automatically collects data and information from the system of the computer accessing the website.
The following data is collected here:
The data is also stored in the log files of our system. This data is not stored together with other personal data relating to the user.
The legal basis for temporary storage of the data and log files is Article 6 par. 1 p. 1 lit. f GDPR.
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the user’s computer. For this, the user’s IP address must be kept for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. Evaluation of the data for marketing purposes does not take place in this context.
For these purposes, our legitimate interest is in the processing of data pursuant to Article 6 par. 1 p. 1 lit. f GDPR.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In cases of data collection for the provision of the website, this is the case when the respective session is completed.
In the case of storing the data in log files, this is after no more than seven days. Further storage is possible. In this case, the user's IP address is deleted or distorted to ensure it is no longer possible to identify the client.
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no means of objection on the part of the user.
Our website uses Cookies. Cookies are text files that are saved onto the Internet browser or by the Internet browser on the computer system of the user. If a user visits a website, a Cookie can be saved on the user’s operating system. This Cookie contains a characteristic string that allows the browser to be uniquely identified when the website is revisited.
We use Cookies to make our website more user-friendly. Some elements on our website require that the requesting browser be identified even after a change in pages.
The following data is saved and transmitted in the Cookies:
Language settings
Items in shopping cart
Log-In informations
We also use Cookies on our website that allow the user’s surfing habits to be analysed.
This allows the following data to be transmitted:
The user data collected in this way is pseudonymised by technical means. Thus, it is no longer possible to assign the data to the user. The data will not be stored together with other personal data relating to the user.
When accessing our website, users are informed of the use of Cookies for analysis purposes by means of an informational banner and are referred to this privacy policy. In this context, there is also information on how to prevent the storage of Cookies in your browser settings.
The legal basis for the processing of personal data using Cookies is Article 6 par. 1 p. 1 lit. f GDPR.
The purpose of using technically essential Cookies is to simplify the use of websites for users. Some features of our website cannot be offered without the use of Cookies. For these, it is necessary that the browser is recognised even after a change of pages.
We require Cookies for the following application(s):
The use of the analysis Cookies is for the purpose of improving the quality of our website and its contents. Through the analysis Cookies, we learn how the website is used and thus can continue to optimise our offer.
For these purposes, our legitimate interest is in the processing of personal data pursuant to Article 6 par. 1 p. 1 lit. f GDPR.
Cookies are saved on the user’s computer and are transmitted by the computer to our site. Therefore, as a user, you have full control over the use of Cookies. By changing settings on your Internet browser, you can deactivate or restrict the transfer of Cookies. This can also be done automatically. If Cookies are deactivated for our website, it may not be possible to use all features of the website to full effect.
The transmission of Flash Cookies cannot be prevented in the browser settings, but by changing settings of your Flash Player.
On our website you can subscribe to a free newsletter. When registering for our newsletter, the following data from the input mask will be sent to us:
Email address
Surname
First name
Interests
P address of the calling computer
Date and time of registration
Data is not disclosed to third parties in connection with the processing of data for the sending of newsletters. The data will be used exclusively for sending the newsletter.
The legal basis for the processing of data after a user registers and gives consent for our newsletter is Article 6 par. 1 p. 1 lit. a GDPR.
The user’s email address is collected in order to deliver the newsletter.
The collection of other personal data in the context of the registration process serves to prevent misuse of the services or the email address used.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The user’s email address is therefore stored as long as the subscription to the newsletter is active.
The other personal data collected during the registration process will typically be deleted after a period of seven days.
Subscription to the newsletter may be terminated by the user at any time. To do so, a corresponding link can be found in each newsletter.
This also allows consent to the storage of the personal data collected during the registration process to be revoked.
This website uses KunLeiSys Gäste-Club Software (regular guest area). The provider is GASTROpoint GmbH, Pommernstraße 17, 83395 Freilassing, Germany. KunLeiSys Gäste-Club Software is a service with which the guest club, offers, loyalty points, emails about events and newsletter sending are organised and managed. We use data entered for the purpose of using the respective offer or service. The required information requested during registration must be given in full. Otherwise, we must reject the registration. The processing of the data entered during registration is done on the basis of your consent (Article 6 par. 1 lit. a GDPR). You can revoke your consent at any time for free. You can do this via the unsubscribe link in the email or using the deregister option in the guest club. The data entered by you for the purpose of the guest club will be stored by us until you deregister, and deleted from both our servers and from the servers of GASTROpoint GmbH after you logoff and delete your guest club account. For important changes, for example, in the scope of the offer or in the case of technically necessary changes, we will use the email address provided at the time of registration or in your profile to inform you. Legal retention periods remain unaffected. We have concluded a contract for contract data processing with GASTROpoint GmbH and fully implement the strict requirements of the data protection authorities when using KunLeiSys Gäste-Club Software.
On our website you have the possibility to book and/or inquire rooms and offers. If a user uses this option, the data entered in the input mask will be transmitted to us and saved. This data is: title, first name, surname, email address, telephone number, address, number of guests, requests, date, time.
Online bookings via our website are completed using the online reservation system of websLINE Internet- & Marketing GmbH, Sägewerkstrasse 24, 83395 Freilassing, Germany. All booking data you enter shall be encrypted. websLINE commits to the data privacy-appropriate handling of your personal data. The company takes all organisational and technical measures to protect your data.
In this context, no further transfer of your data to third parties takes place. The data is used exclusively for processing your booking and for communication purposes.
The legal basis for the processing of the data is the conclusion of an accommodation contract with the user.
The processing of personal data from the input mask serves solely to process your booking request and to process payment transactions.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements have been met.
The user has the option to object to the processing of their personal data at any time.
We would like to point out that in the case of objection, the booking cannot be completed or the communication cannot be continued
Interested parties have the option to book rooms and make other arrangements via hotel reservation portals (third parties). If a user uses this option, the data entered in the input mask will be transmitted to us and saved to the extent permitted by the respective hotel reservation portal according to its own privacy policy. This data can include: first name, surname, email address, telephone number, address, number of guests, estimated time of arrival, requests, payment information (credit card).
The data provided is received via a so-called channel manager in our hotel software. All booking data received is encrypted. Seekda GmbH, Neubaugasse 10/15, A-1070 Vienna, Austria is the provider of the channel manager and has committed to data privacy-appropriate handling of transmitted personal data. It takes all organisational and technical measures to protect your data.
In this context, no further transfer of your data to third parties takes place. The data is used exclusively for processing your booking and for communication purposes.
The legal basis for the processing of the data is the conclusion of an accommodation contract with the user.
The processing of personal data from the input mask serves solely to process your booking request and to process payment transactions.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements have been met.
Hotel Esplanade Resort & Spa has no influence on the retention periods of the respective hotel reservation portal.
The user has the option to object to the processing of their personal data at any time.
We would like to point out that in the case of objection, the booking cannot be completed or the communication cannot be continued.
On our website there is the option to purchase vouchers. If a user uses this option, the data entered in the input mask will be transmitted to us and saved. This data is: title, first name, surname, address, email address, telephone number, voucher amount, personalisation of the voucher, shipping options/alternative shipping address, method of payment.
Voucher purchases on our website go through the online ordering system of websLINE Internet- & Marketing GmbH, Sägewerkstrasse 24, 83395 Freilassing, Germany. All order data you enter shall be encrypted. websLINE commits to the data privacy-appropriate handling of your personal data. The company takes all organisational and technical measures to protect your data.
In this context, no further transfer of your data to third parties takes place. The data is used exclusively for processing your booking and for communication purposes.
The legal basis for the processing of the data is the conclusion of a contract of sale with the user.
The processing of personal data from the input mask serves solely to process your voucher purchase and to process payment transactions.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements have been met.
The user has the option to object to the processing of their personal data at any time.
On our website there is the option to book a table in our restaurant. If a user uses this option, the data entered in the input mask will be transmitted to us. This data is: title, first name, surname, email address, telephone number, table reservation information (day, time, number of guests, restaurant).
Table reservations on our website go through the online reservation system of Bookatable GmbH & Co. KG, Deichstraße 48-50, D-20459 Hamburg, Germany. All data you enter shall be encrypted. Bookatable commits to the data privacy-appropriate handling of your personal data. Bookatable takes all organisational and technical measures to protect your data.
In this context, no further use or transfer of your data to third parties takes place.
The legal basis for the processing of the data is firstly our legitimate interest in the processing of data, as well as the consent of the user by acknowledging our conditions for data processing.
The processing of personal data serves solely to book your table.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection.
The user has the option to object to the processing of their personal data at any time.
You have the opportunity to apply for a job vacancy or to send us an unsolicited application. You can do so by email or on paper. You can access our job vacancies on our website. If you take this opportunity, we will store general information about you in our administration program. This data is:
In addition, we may forward your application internally to the responsible department head. In this context, your data is not further transferred to third parties. The data will be used exclusively for processing your application and for communication purposes.
The legal basis for the processing of the data is the initiation of the contract or contractual relationship.
The processing of personal data serves solely to process your application.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection.
You as an applicant have the option to object to the processing of your personal data at any time.
We would like to point out that in the case of objection, your application cannot be completed and communication cannot be continued.
Former guests can submit a review of our hotel after they check-out. We would therefore like to send you an email within 14 days of your departure to ask you for a hotel review. Each evaluation can be published anonymously if requested. If you did not feel comfortable in our hotel, we would like to take the opportunity to contact you.
If you submit an online review via our website, your data will be saved in the rating tool of TrustYou GmbH, Agnes-Pockels-Bogen 1, D-80992 Munich, Germany. TrustYou GmbH commits to the data privacy-appropriate handling of your personal data. It takes all organisational and technical measures to protect your data.
If a former guest makes an online review, data from the former guest is stored in the evaluation mask. This data is: email address, as well as voluntary information such as first name, surname, language as well as information for the review.
In this context, no further transfer of the data to third parties takes place. The data will only be used to publish the rating and to mediate in cases of poor ratings.
The legal basis for processing the data is also our legitimate interest in data processing.
The purpose of the hotel review is to communicate and summarise the opinions of hotel guests on our website in order for interested parties to get an idea of our services. In addition, the results support our internal quality management.
The data is not deleted.
The user has the option to have their published review deleted (right to be forgotten) at any time. Please simply tell us which review is concerned.
Our website includes a contact form that can be used for electronic communication. If a user uses this option, the data entered in the input mask is transferred to us and saved. For the processing of the data in the context of the submission process, your consent shall be obtained and we hereby expressly refer you to this privacy statement.
Alternatively, you can make contact via the email address provided. In this case, the user’s personal data transmitted by email will be stored.
In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.
The basis of processing data with the user’s explicit consent is Article 6 par. 1 p. 1 lit. a GDPR.
The legal basis for the processing of the data transmitted in the course of sending an email is Article 6 par. 1 p. 1 lit. f GDPR. If the email contact is intended to conclude a contract, then additional legal basis for the processing is Article 6 par. 1 p. 1 lit. b GDPR.
The processing of the personal data from the input mask serves only to process the establishment of contact. In the case of contact via email, this also includes the required legitimate interest in the processing of the data.
The other personal data processed during the submission process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input mask of the contact form and data sent by email, this is when the respective conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the relevant facts have been clarified in full.
The additional personal data collected during the submission process will be deleted after a period of seven days at latest.
The user has the option to revoke their consent to the processing of their personal data at any time. If the user contacts us by email, they may object to the storage of their personal data at any time. In such cases, communication cannot continue.
We use “Facebook Pixel” from the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, United States; or, if you are an EU resident, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With this analysis tool, Facebook can choose users of our website as the target group for the display of ads.
The legal basis for the processing of personal data is Article 6 par. 1 p. 1 lit. f GDPR.
The use of Facebook Pixel serves to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes. As a result, future advertising measures can be optimised.
We have no information about the duration of storage.
The collected data remain anonymous for us. It is saved and processed by Facebook. There is a possibility that a connection to your Facebook profile can be made. Facebook may use this information for its own promotional purposes under the Facebook Data Use Policy (https://www.facebook.com/about/privacy/). If you do not want Facebook to associate the use of our website with your Facebook profile, then please log out of your Facebook user account. You can object to collection of data by Facebook Pixel and the use of your data for the display of Facebook ads by clicking the following link.
You can also object to the use of Facebook Pixel using our opt-out link:
We use the plugins of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, United States; or, if you are an EU resident, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Activating this plugin creates a connection between your browser and the Facebook server, allowing Facebook to learn that you visit our website with your IP address. Additionally, Facebook receives information about the date, time, browser type and version, operating system and version, and Facebook Cookies previously set on your browser. From this, Facebook can recognise which websites with Facebook content you were on. The plugin is part of Facebook and will only be displayed on our site. Any interaction with the plugin is an interaction on "facebook.com".
If you are signed into Facebook, your Facebook registration number is transmitted when the plugin is activated. The visit to our website can therefore be connected to your Facebook account. Depending on the settings of your Facebook account, clicking the plugin will be published on Facebook. You can prevent this by signing out of your Facebook account before you activate the plugin and deleting all Facebook Cookies after visiting websites with Facebook plugins.
The legal basis for processing is Article 6 par. 1 p. 1 lit. a GDPR.
Facebook processes this data to find errors in its own system, to improve its own products and their adaptation to user behaviour, to monitor, place and individualise advertising. In addition, the processing also serves the purposes of localisation, recording of the way websites with Facebook content are used, and for the purpose of market research.
According to their own information, Facebook stores the data for up to 90 days. After this the data is only used in anonymised form.
Find more information about the use and collection of data in Facebook's privacy policy: https://facebook.com/about/privacy/.
Our website uses Google AdWords from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. This is an online advertising program that uses conversion tracking. When you reach our website via a Google Ad, Google AdWords places a Cookie on your computer. Each Google AdWords customer will be assigned a different Cookie.
The legal basis for processing is Article 6 par. 1 p. 1 lit. f GDPR.
We only receive information about the total number of users who respond to our ad. No information will be shared with us that allows us to identify you. The use is not for purposes of traceability.
The Cookie becomes invalid after 30 days.
You can stop Google conversion tracking by turning off tracking in your browser. Find more information by visiting https://policies.google.com/privacy?hl=en
Our website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google"). Google Analytics uses Cookies, text files that are saved onto your computer and allow the use of our website to be analysed. The information generated by the Cookie about your use of this website is transmitted to a Google server in the USA and saved there. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or other signatories to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. IP anonymisation is active on this website. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity and provide other services related to website activity and Internet usage to the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data. You can prevent the storage of Cookies by activating a corresponding setting on your browser software; however, we point out that in this case you may not be able to use all the features of our website in full.
The legal basis for the processing is Article 6 par. 1 p. 1 lit. f GDPR.
The purpose of the processing of personal data is in the targeted approach of a target group that has already shown initial interest by visiting the page.
Advertisement data in server logs is anonymised by Google, according to their own information, by deleting parts of the IP address and Cookie information after 9 or 18 months.
You may additionally prevent Google from collecting the data generated by the Cookie and related to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Find more information by visiting https://policies.google.com/privacy?hl=en.
Our website uses the remarketing feature of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Together with Google, we offer you appropriate and interest-based advertisements. Google Analytics Remarketing uses Cookies. These are saved on your computer. According to information from Google, this does not involve any collection of personal data. According to Google's information, no connection to other Google services is made.
The legal basis for the processing is Article 6 par. 1 p. 1 lit. f GDPR.
The purpose of the processing of the personal data is to directly address a target group. The Cookies stored on your computer recognise you when you visit a website and can therefore show you interest-based advertising.
Advertisement data in server logs is anonymised by Google, according to their own information, by deleting parts of the IP address and Cookie information after 9 or 18 months.
You can prevent the use of the Remarketing feature by activating the appropriate settings at the following link: https://adssettings.google.com/authenticated?hl=en.
Find information by visiting: https://policies.google.com/privacy?hl=en.
Our website uses the online map service Google Maps from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. By using Google Maps on our website, information about the use of our website, your IP address and address entered in the route planner feature are transmitted to a Google server in the USA and stored there. By using our website you consent to the processing of your data collected by Google Maps.
The legal basis for the processing is Article 6 par. 1 p. 1 lit. f GDPR.
We have no information about the purpose of data processing nor of Google's use of the data.
We have no information about the duration of storage.
Find more information at https://policies.google.com/privacy?hl=en.
Our website features integrated plugins of the service Instagram. These are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
The integrated Instagram buttons are used by us to link to our Instagram profile. A widget is also integrated, which allows us to show certain photos and videos from our Instagram profile on our website.
When you visit one of our pages that contain such a plugin, your browser connects directly to an Instagram server. The contents of the plugins are directly transmitted by this to your browser and are integrated into the website. This automatically transfers data to Instagram and stores it on their servers. This data includes connection information (e.g. your IP address, date and time, URL visited), the browser you are using, and the operating system. Your visit to our website can be tracked by Instagram, even if you do not actively use the plugin features.
If you are logged into your Instagram account, you can link the content of our website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to our website with your user account. If you want to prevent this instant mapping, you must sign out of Instagram before visiting our website. For more information, please see the Instagram Privacy Policy: https://help.instagram.com/155833707900388
The legal basis for the processing of the user's personal data is Article 6 par. 1 p. 1 lit. f GDPR.
Please refer to Instagram's privacy policy for information on the purpose of the processing of personal data: https://help.instagram.com/155833707900388
We have no information about the duration of storage.
Please find more information by visiting the following link: https://help.instagram.com/155833707900388.
Our website uses session Cookies from VG-Wort, Verwertungsgesellschaft WORT Rechtsfähiger Verein kraft Verleihung, Untere Weidenstrasse 5, 81543 Munich, Germany. By using this website, a Cookie is saved onto your computer. The Cookie is used to measure access to texts. This allows recording of the probability of texts being copied. Measurements are made by INFOnline GmbH (www.infonline.de) using the Scaleable Centralised Measuring System. No personal data is processed by the Cookies.
The legal basis for processing the user's personal data is Article 6 par. 1 p. 1 lit. c GDPR in conjunction with §§53, 54 I UrhG (German copyright act).
VG-Wort session Cookies are used to determine the copy probability of individual texts for remuneration of legal claims from authors and publishers.
We have no information about the duration of storage.
If you do not want Cookies to be saved, you can deactivate storage on your browser.
Find more information on VG-WORT session Cookies by visiting: https://www.vgwort.de/datenschutz.html.
Our website uses the Conversion Tracking Tool from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Bing Ads will store a Cookie on your computer if you access our website through a Microsoft Bing ad. We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user is passed on.
The legal basis for the processing of the user’s personal data is Article 6 par. 1 p. 1 lit. f GDPR.
This allows Microsoft Bing and us to see that someone clicked on an ad, was redirected to our website, and reached a previously determined landing page (conversion page).
The duration of storage depends on the respective browser settings and cannot be influenced by us. If you do not want information about your behaviour to be used as set out above, you can decline the setting of the Cookie.
Find more information by visiting the following link: https://privacy.microsoft.com/en-gb/privacystatement
You can deactivate the use by Microsoft (Blacklist) at the following link: http://choice.microsoft.com/de-DE/opt-out
To send our newsletter, we use the software CleverReach, operated by CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede, Germany. In doing so, your data is also saved by CleverReach. For subscription to our newsletter, your data is not given to third parties and CleverReach has no right to pass on your data.
The legal basis for the processing of the user’s personal data is generally Article 6 par. 1 p. 1 lit. a GDPR. If on a contractual basis, then Article 6 par. 1 p. 1 lit. b GDPR also applies.
CleverReach offers evaluation options such as how the newsletter is opened and used by the recipient.
The data is saved and evaluated until the processing of the data is objected to or the recipient unsubscribes from the newsletter.
Find more information by visiting the following website: https://www.cleverreach.com/en/privacy-policy/
Our website uses the Pinterest plugin from Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, United States. When you visit our website containing the plugin, your browser creates a connection to Pinterest’s server in the USA. Log data about your visit to the website will be forwarded to Pinterest. This can include the following data:
The legal basis for the processing of the user’s data is Article 6 par. 1 p. 1 lit. a GDPR.
We use Pinterest for the user-friendliness of our website.
We have no information about the duration of storage.
Find more information on the purpose and scope of Pinterest’s data collection by visiting: https://policy.pinterest.com/en-gb/privacy-policy
Our website uses "Social Plugins" from twitter.com.
The provider of this service is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
By using Twitter and the "Re-Tweet" feature, the webpages you visit will be linked to your Twitter account and shared with third parties. We do not receive any information about the content of the transmitted data and its use by Twitter. For details about how Twitter treats your data, as well as your rights and information on how to protect your personal data, please refer to the Twitter privacy policy:
http://twitter.com/privacy
If you do not wish for Twitter to assign the data collected via our website directly to your Twitter account, you must log out of Twitter before visiting our website.
The legal basis for the processing is Article 6 par. 1 p. 1 lit. a GDPR.
Information about which data is processed by Twitter and for what purposes it is used can be found in Twitter's privacy policy: https://twitter.com/en/privacy
Please refer to Twitter's data privacy policy for information on the retention period: https://twitter.com/en/privacy
Please refer to Twitter's data privacy policy for information on Twitter services:
https://twitter.com/en/privacy
Our website uses the online booking tool DIRS21 (hereinafter “OBT”) provided by the company TourOnline AG, Borsigstrasse 26, 73249 Wernau, Germany (www.dirs21.de, hereinafter “TOAG”) to enable online booking of accommodation and other travel services, and to process enquiries. As part of the operation of the OBT, TOAG processes data as the controller. The information and provisions on data protection can be found in TOAG’s data protection policy for the OBT, which can be accessed at any time on the OBT or at www.dirs21.de/en/privacy/
Product concerned:
https://www.hubermedia.de
After opening the app, the following data is collected from the user’s device:
Wireless network / internet connection information
When the app is started, it first tries to determine whether the device has access to the internet or is logged into a wireless network. Using this information, the app can send usage information (e.g. when downloading maps: “Pause download if not connected to a Wi-Fi network”) or offer use of the app in an online or offline mode.
Free up internal memory
The app also checks whether the device has freed up memory for external applications. If possible, the app can store downloaded maps, as well as text and images of POIs on the user’s device.
Access to camera
If the user has allowed access to the camera, the app can provide an augmented reality view, in which POIs can be displayed by the camera in their natural environment.
Access to phone call function
The app checks whether the phone call function can be used. This allows calls to be made directly from the app when the user clicks on a phone number. The app also uses this function to ensure that it doesn’t crash when the user makes a call and the user can continue searching in the app after making a phone call without losing the data.
GPS location
The app requires access to the location of the user’s device. When the app is called up, it determines the current location using GPS in order to be able to provide information on the immediate surroundings. Data about the user’s location is only used to process the request. Location data is transmitted via an encrypted connection. Location data is anonymised after use of the app is finished and is statistically evaluated to improve the service. The location is queried regularly during use (the use of location data can also be seen on mobile devices via the location arrow shown at the top of the screen).
Wishlist
If the user creates a wishlist, it is also saved as a cookie so that the list can be displayed the next time it is used.
This information is not stored by the app but only requested in order to be able to offer the service. The user can control the use of this function or access it via the app on their device. Settings can be changed under Settings/Apps/App Name/Permissions.
There the user can
– prevent access to wireless network information,
– prevent access to the camera, internal memory (for maps, pictures and text) and the phone call function, and
– prohibit access to GPS location by switching off the location service.
The wishlist can be deleted by using the “Reset settings” function in the app.
“Report problem” contact form
The data provided by the user is used to process their request to the author responsible for the offer. For this purpose, we pass on the data entered to the responsible author in the form of an e-mail. The data entered will also be stored on our servers in a log file for three months, and then automatically and irrevocably deleted. This data is not passed on to third parties, and the contact form is encrypted using SSL technology to prevent unauthorised access by third parties to the data provided.
You can purchase vouchers on our website. If you choose to do so, the data entered into the form will be transmitted to us and saved. This data includes: salutation, first name, surname, address, e-mail address, telephone, voucher value, personalisations made to the voucher, shipping options/alternative delivery address, payment method.
If you purchase a voucher on our website, this is done through LiveTable GmbH’s online ordering platform (LiveTable GmbH, Stiftgasse 31, 1070 Vienna, Austria). All order-relevant data you enter will be transmitted in encrypted form. LiveTable is committed to handling your data in accordance with data protection regulations. LiveTable takes all organisational and technical steps to protect your data.
The data will not be passed on to third parties. The data is only used to process orders and for communication purposes.
The legal basis for processing this data is the conclusion of a purchase contract.
The processing of the personal data from the form serves solely to process the purchase of the voucher, and to process payment transactions.
Data will be deleted as soon as it is no longer required to fulfill the purpose for which it was collected. In the case of a contractual relationship, we will delete the data as soon as national, commercial, statutory or contractual retention requirements have been met.
The user is entitled to object to the processing of their personal data at any time.
We use the following webshops and reservation systems:
You have the right to access, rectification, erasure, restriction, portability, revocation and objection to data processing. If you have any questions, comments or other enquiries regarding this Data Privacy Policy, please contact us at: H2O-Hoteltherme GmbH / Sebersdorf 300 / 8271 Bad Waltersdorf; e-mail: datenschutz(at)hoteltherme.at
Find more information on our legal notice page.
If you believe the processing of your data violates data protection law, or that your data protection rights have otherwise been violated in any way, you can contact the supervisory authority: <Österreichische Datenschutzbehörde; Wickenburggasse 8, 1080 Vienna; Phone: +43 1 521520; E-mail: dsb(at)dsb.gv.at>
We reserve the right to change this data privacy policy at any time and to update it according to new developments. The new version comes into effect as soon as it is made available on our website. We therefore encourage you to check it regularly for updates or changes.
Status: 31/7/2018
The following information is presented in accordance with Article13/14 GDPR: When you visit one of our events, we collect and process personal data in the form of photos and videos. The General Data Protection Regulation (GDPR) stipulates that we must inform you about the type and scope of processing, and your rights at the time the data is collected. We provide you with this information in accordance with Article 13/14 GDPR as follows:
The data controller is the Bayerische Hotel- und Gaststättenverband DEHOGA Bayern e. V., represented by president Angela Inselkammer, Türkenstrasse 7, 80333 Munich; phone: 089 / 28760-0, e-mail: info@dehoga-bayern.de.
Our data protection officer can be reached by mail, telephone or fax under the contact name of the controller. The e-mail address is: datenschutzbeauftragter@dehoga-bayern.de
During the event, please direct any data protection queries to our data protection officer: Rita Mautz, DEHOGA Bayern e. V. - Lower Bavaria District Office, Schwimmschulstrasse 17, 84034 Landshut; phone: 0871 / 640 389 or by e-mail: datenschutzbeauftragter@dehoga-bayern.de
Photographs and film footage from this event will be used for reporting and marketing purposes and will subsequently be used and published in various forms of media such as radio, social media, websites, our association’s media, in particular “Gastgeber Bayern”, as well as in press releases, newsletters, brochures, print material, etc. This is allowed by Article 6 paragraph 1 sentence 1 lit. f GDPR because we have a legitimate interest in our public relations work.
Because you are attending a public event, we assume that you have no general reasons against photography and film recording and their processing for the purposes described. Should this not be the case, please immediately contact the data controller named in point 1 at the event.
In addition, we keep an association archive in which we store such material. This is allowed by Article 6 paragraph 1f GDPR because we have a legitimate interest in documenting our association’s activities.
We will obtain your consent to process images regarding which we must assume you have a high personal interest in not being taken and not being published (Article 6 paragraph 1a GDPR).
We process photos and film recordings of your image for the purpose mentioned in point 2.
When processing personal data, employees and volunteers of the association are transmitted to the extent that is necessary to fulfill the purpose of the data processing.
Depending on what is required, personal data will also be passed on to third parties for processing. With regard to photos and film recordings, this applies in particular to local and national press. We also publish photos and film recordings on the internet.
Personal data will be deleted as soon as it is no longer required for the purpose of processing, unless statutory retention periods determine otherwise.
You have the following rights:
Insofar as the processing of personal data is based on a weighing of interests for the association’s purposes, you can object to processing as outlined in Article 21 GDPR. We would like to point out that you can object to processing in accordance with Article 21 (1) GDPR on grounds relating to your particular situation. This objection must be met in whole or in part if there are valid reasons that prevent processing. Please inform us of these reasons at the time you file your objection. We will then examine the situation and either stop or adjust processing, or inform you of the justified reasons for continuing the processing of your data.