PRIVACY POLICY Last updated: June 2018 The operators of these pages (hereinafter only "controller" or "operator") take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. The use of our website is usually possible without providing personal information. If personal data (for example name, address or e-mail addresses) is raised on our pages, this takes place, as far as possible, on voluntary basis only. This data will not be disclosed to third parties without your explicit consent. The processing of your personal data, such as your name, address, e-mail address or telephone number, is always in accordance with national and European law, in particular the General Data Protection Regulation (hereinafter referred to as "GDPR"). By means of this privacy policy, our company wishes to inform you about the nature, scope and purpose of the personal data collected, used and processed by us. Furthermore, you will be informed about your rights by means of this privacy policy. Please note that data transmission over the Internet (for example, when communicating via e-mail) may have security vulnerabilities. A complete protection of your data, from access by third parties, is not possible. 1. Definitions The privacy policy of these pages is based on the terms of Article 4 of the GDPR, which were defined by the European Union at the time of the order of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and should be understandable for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance. We use the following terms in this privacy policy, including but not limited to: a) personal data Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject" or "user"). A natural person is considered to be identifiable who, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, expresses the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified. b) affected person Affected person is any identified or identifiable natural person whose personal data is processed by the controller. c) processing Processing means any process or series of operations related to personal data, such as gathering, collecting, organizing, arraning, storing, adapting or modifying, reading, querying, using, with or without the aid of automated procedures; disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction. d) limitation of processing Restriction of the processing is the marking of stored personal data with the aim to limit their future processing. e) Profiling Profiling is any kind of automated processing of personal data that consists of using that personal information to evaluate certain personal aspects relating to a natural person, in particular aspects relating to job performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or relocation of that natural person. f) pseudonymisation Pseudonymisation is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the need for additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data not assigned to an identified or identifiable natural person. g) controller or person in charge of controlling The controller or person in charge of controlling is the natural or legal person, public authority, agency or body that, alone or in concert with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for his designation may be provided under Union or national law. h) processor The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller. i) recipient Recipient is a natural or legal person, public authority, agency or other body to whom Personal Data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or national law in connection with a particular mission are not considered as beneficiaries. j) third parties Third is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or the processor to process the personal data. k) consent Consent is any voluntarily given and unambiguously expressed in the form of a statement or other unambiguous confirmatory act by the data subject for the particular case, by which the data subject indicates that they consent to the processing of the personal data concerning him / her is. 2. Rights of the user It is also our intention to make you aware of the rights that you have under GDPR with regard to the processing of your data: a) Right to confirm (Article 15 (1) GDPR) Each data subject has the right to ask the person responsible for a confirmation of the processing of the personal data concerned. If an affected person wishes to make use of this confirmation right, they may at any time turn to the address given in the imprint or this data protection declaration or contact another employee of the person in charge. b) Right to information (Article 15 (1) and (3) GDPR) Each person (user) affected by the processing of personal data has the right to receive free information from the person responsible about the personal data stored about him and a copy of this information at any time. Furthermore, the responsible person has to inform the person concerned about the following information: the processing purposes the categories of personal data being processed the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations if possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration the right of rectification or erasure of the personal data concerning them or restriction of processing by the controller or a right to object to such processing the existence of a right of appeal to a supervisory authority if the personal data are not collected from the data subject: all available information on the source of the data the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) of the GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended impact of such processing on the data subject In addition, the data subject has a right of access as to whether personal data has been transmitted to a third country or to an international organization. If that is the case, then the data subject has the right to obtain information about the appropriate guarantees in connection with the transfer. c) Right to rectification (Art. 16 GDPR) Any person affected by the processing of personal data is entitled to demand the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing. d) Right to cancellation (right to be forgotten) (Art. 17 GDPR) Any person affected by the processing of personal data shall have the right to require the controller to immediately delete the personal data concerning him, provided that one of the following reasons is satisfied and the processing is not required: The personal data has been collected or otherwise processed for such purposes for which they are no longer necessary. The person concerned revokes the consent on which the processing was based on Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR and lacks any other legal basis for the processing. The data subject submits an objection to the processing pursuant to Art. 21 (1) GDPR, and there are no legitimate reasons for the processing, or the data subject appeals pursuant to Art. 21 (2) GDPR the processing. The personal data were processed unlawfully. The deletion of personal data is required to fulfill a legal obligation under Union or national law to which the controller is subject. The personal data were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR. If the personal data has been made public by the person responsible and if our company is responsible for deleting personal data as the person responsible pursuant to Art. 17 (1) DS- GVO, the person responsible shall take appropriate measures, including technical ones, taking into account the available technology and the implementation costs. to inform other data controllers processing the published personal data that the data subject has requested that these other data controllers delete all links to such personal data or copies or replications of such personal data, as far as the processing is not necessary. e) Right to limit processing (Art. 18 GDPR) Any person affected by the processing of personal data shall have the right to require the controller to restrict the processing if any of the following conditions apply: The accuracy of the personal data is contested by the data subject for a period of time that enables the person responsible to verify the accuracy of the personal data. The processing is unlawful, the data subject refuses to delete the personal data and instead requests the restriction of the use of personal data. The data controller no longer needs the personal data for processing purposes, but the data subject requires them to assert, exercise or defend their rights. The person concerned has objection to the processing according to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh those of the person concerned. f) Data transferability (Art. 20 GDPR) Any person affected by the processing of personal data shall have the right to receive in a structured, common and machine-readable format personal data relating to him / her provided to a controller by the data subject. It also has the right to transfer this data to another person responsible without hindrance by the controller to whom the personal data was provided, provided that the processing is based on the consent pursuant to Article 6 (1) (a) of the GDPR or Article 9 (1) (b) 2 (a) of the GDPR or on a contract pursuant to Article 6 (1) (b) of the GDPR and processing by means of automated processes, unless the processing is necessary for the performance of a task of public interest or in the exercise of public authority, which has been assigned to the responsible person. Furthermore, in exercising their right to data portability under Article 20 (1) of the GDPR, the data subject has the right to obtain that the personal data are transmitted directly from one controller to another, insofar as this is technically feasible and if so this does not affect the rights and freedoms of others. g) Right to object (Art. 21 GDPR) Any person affected by the processing of personal data shall have the right, at any time and for reasons arising from his or her particular situation, to prevent the processing of personal data relating to them pursuant to Article 6 (1) (e) or (f) of the GDPR, Objection. This also applies to profiling based on these provisions. In the event of an objection, the controller will no longer process the personal data unless we can prove that there are compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing is for the purpose of enforcing, pursuing or defending the data legal claims. If the controller processes personal data in order to conduct direct mail, the data subject has the right to object at any time to the processing of personal data for the purposes of such advertising. This also applies to the profiling, as far as it is associated with such direct mail. If the data subject objects to processing for direct marketing purposes, the person responsible will no longer process the personal data for these purposes. In addition, the data subject has the right, for reasons arising from their particular situation, to object against the processing of personal data relating to them, for the scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDP, unless such processing is necessary to fulfill a public interest task. The user is also free, in the context of the use of information society services, notwithstanding Directive 2002/58 / EC, to exercise his right of opposition by means of automated procedures using technical specifications. h) Automated decisions in individual cases including profiling (Art. 22 GDPR) Any person concerned by the processing of personal data shall have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect or similarly appreciably affects it, unless Decision (1) is not necessary for the graduation or fulfillment of the contract between the person affected and the controller or (2) is permissible under Union or Member State legislation to which the controller is subject, and where such legislation provides for appropriate measures to safeguard the rights and freedoms, and the legitimate interests of the data subject or (3) with the express consent of the data subject. If the decision (1) is required for the conclusion or performance of a contract between the data subject and the controller or (2) is made with the express consent of the data subject, the controller shall take reasonable measures to safeguard the rights and freedoms and the legitimate interests the person concerned, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and to challenge the decision. i) Right to revoke a data protection consent Any person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time. 3. Cookies The internet pages partly use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and stored by your browser. Most of the cookies we use are so-called "session cookies". They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser the next time you visit. You can set your browser so that you are informed about the setting of cookies and cookies only in individual cases allow, the acceptance of cookies for certain cases or generally exclude and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website. 4. Data processing when using PMS systems (widgets) Widgets of the company zadego GmbH (easybooking) may be implemented on these pages. zadego GmbH Hypo-Passage 2 6020 Innsbruck Austria It concerns the offerer to a PMS system, which represents the offerer of the hotel software of the responsible person. Depending on the tourism business, the widgets can be the following: request form booking mask small search (request, booking) category view room view packages Widget price overview price comparison availability Calendar online check-in a. General information In order to be able to edit your request or booking, it is necessary that the data you have provided to the person responsible are being processed. The person responsible as mentioned above and the zadego GmbH, (both together also called "provider") are in a contractually regulated business relationship. The person in charge receives his hotel management or booking software from zadego GmbH. There will be a transfer of the personal data you have provided to the Administration System and to companies in business relationship with the Management System. This transfer takes place in particular at o.g. Landlords, if necessary, also to tourism associations, reporting providers, payment providers and other companies that are connected to a management system and / or a landlord and must be used to fulfill post-contractual obligations. The use of personal information by providers is governed by applicable law and the consent you have given us to use your information. b. Collection of data In the context of a request or booking at the tourism business, you announce the relevant data for carrying out the same. These are usually the following: first and last name e-mail address address telephone payment details (bank details, credit card details) birth dates (to identify children) These data are collected only to the extent permitted by law and only with your consent and through your active participation. Insofar as the consent is electronically declared in the context of the services, the legal information obligations are taken into account and this approval is recorded by suitable technical systems. c. Purpose of this data processing The person responsible will process your personal data in this context for the following purposes: tenders online check-in fulfillment of the obligation to register payment processing accounting If in one of these widgets an input of personal data is required (contact information, e-mail, data of the desired stay in our house), this is always done on a voluntary basis and only for the purpose of your desire to make a corresponding offer. If no contractual relationship is established between the parties (there is thus no stay in the operation of the person in charge), the data of the person concerned will be automatically deleted from the systems immediately. In individual cases, statutory storage and deletion periods must be observed. 5. Registration requirement The person in charge is obliged, under the respective applicable reporting law, to register all guests resident with the person responsible with the data specified in the Registration Act. This affects, among other things, the following data: surname name of accompanying persons date of birth gender nationality country of origin address travel document (type, number, date of issue, issuing authority, state) date of the travel period a. Guest directory According to a legal obligation, the person responsible has to lead all guest data transmitted to him for a booking in a so-called guest directory. This guest directory is subject to the automatic deletion and anonymization periods stored in the system. The providers provide suitable technical and organizational measures to store personal data in the system in accordance with the law. In individual cases, legally prescribed storage and retention periods must be observed and noted. The storage periods set are valid, as long as the data concerned are not processed for any other purposes mentioned in this privacy policy. The guest directory is managed electronically by the responsible person, whereby the data is forwarded to zadego GmbH. In this case, zadego GmbH acts as a processor, as it stores the data on your servers. A transfer to a third country is not without prior information to those affected. 6. SSL encryption This site uses SSL encryption for security reasons and to protect the transmission of sensitive content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by changing the address line of the browser from "http: //" to "https: //" and the lock symbol in your browser line. If SSL encryption is enabled, the data you submit to us can not be read by third parties. 7. Privacy Policy Google Maps This website uses the Google Maps product of Google Inc. By using this website, you consent to the collection, processing and use of the data collected by Google Inc., its agents and third parties. You can find the terms of use of Google Maps under "Terms of Use of Google Maps". 8. Privacy Policy for the use and use of Google Analytics (with anonymization function) The responsible person has integrated the component Google Analytics (with anonymization function) on this website. Google Analytics is a web analytics service. Web analysis is the survey, collection and analysis of data about the behaviour of visitors to websites. Among other things, a web analysis service collects data on which website an affected person has come to a website (so-called referrers), which subpages of the website were accessed or how often and for which length of stay a subpage was viewed. The operating company of the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. The responsible person uses the addition "_gat._anonymizeIp" for the web analytics via Google Analytics. By means of this addendum, the IP address of the Internet access of the data subject will be shortened and anonymised by Google if the access to our website is from a Member State of the European Union or from another state party to the Agreement on the European Economic Area. The purpose of the Google Analytics component is to analyze visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile for us online reports showing the activities on our websites, and to provide other services related to the use of our website. Google Analytics uses a cookie on the information technology system of the person concerned. What cookies are, has already been explained above. By using this cookie Google is enabled to analyze the usage of our website. Each time one of the pages of this website is accessed by the controller and a Google Analytics component has been integrated, the Internet browser on the information technology system of the person concerned is automatically initiated by the respective Google Analytics component to submit data to Google for online analysis purposes. As part of this technical process, Google will be aware of personal data, such as the IP address of the person concerned, which serve, among other things, Google to track the origin of the visitors and clicks, and subsequently make commission settlements possible. The cookie stores personally identifiable information, such as access time, the location from which access was made, and the frequency of site visits by the data subject. Each time you visit our website, your personal information, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may transfer such personal data collected through the technical process to third parties. The affected person can prevent the setting of cookies through our website, as shown above, at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs. Furthermore, the data subject has the option of objecting to and preventing the collection of the data generated by Google Analytics for the use of this website and the processing of this data by Google. To do this, the person must download and install a browser add-on at https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as a contradiction. If the data subject's information technology system is later deleted, formatted or reinstalled, the data subject must re-install the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or disabled by the data subject or any other person within their sphere of control, it is possible to reinstall or reactivate the browser add-on. 9. Server log files The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: browser type and browser version used operating system referrer URL host name of the accessing computer time of the server request These data cannot be assigned to specific persons. A merge of this data with other data sources will not be done. We reserve the right to check this data retrospectively, if we become aware of specific indications for illegal use. 10. Failure of automated decision-making As a responsible company we refrain from automatic decision-making or profiling. 11. Note on Online Dispute Resolution Online dispute resolution pursuant to Art. 14 (1) Regulation on consumer ODR: The European Commission provides a platform for online dispute resolution (OS), which can be found at http://ec.europa.eu/consumers/odr/. 12. Contradiction advertising mails The use of published in the context of the imprint obligation contact information for sending unsolicited advertising and information materials is hereby rejected. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example through spam e-mails. 13. Changes to this Privacy Policy We may update our privacy policy from time to time. Therefore, it is recommended that you check this page regularly for changes. We will inform you about changes by posting the new privacy policy on this page. These changes will take effect immediately after publication on this page. 14. How to contact us If you have any questions, suggestions or concerns about this Policy or the use of your information, please contact us at the address provided in the Imprint or this Privacy Policy.