DATA PRIVACY
STATEMENT
DATA PRIVACY STATEMENT
The privacy of your personal data is of the utmost importance to us. We will therefore only process your data in compliance with the pertinent legal provisions (GDPR, TA Austrian Telecommunications Act 2003). This Privacy Statement informs you about the most important aspects of data processing when you visit our website.
GETTING INTO CONTACT WITH US
If you get into contact with us using the online form on the website or via email, the data you provide is retained by us for a period of six months. We store the data for the purposes of processing your request and in case of follow-up requests. We do not pass on this data without your consent.
Cookies
Our website uses so-called cookies. Cookies are small text files that your browser stores on your device. They do not harm your system.
We use cookies to make our website and its services more user-friendly. Some cookies remain on your end device until you delete them. These cookies enable us to recognise your browser when you next visit our website.
If you do not want cookies to be stored on your device, you may set your browser to inform you before cookies are set and only allow them to be set in individual cases.
If you reject cookies, this may restrict our website’s functionality.
Cookie Einstellungen anpassenGoogle Maps
This website uses “Google Maps” provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Data privacy statement: https://www.google.com/policies/privacy/
Opt-out: https://adssettings.google.com/authenticated
Google Fonts
We use fonts (“Google Fonts”) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Data privacy statement: https://www.google.com/policies/privacy/
Opt-out: https://adssettings.google.com/authenticated
Google ReCaptcha
In order to prevent, for example, bots from making entries on online forms, we use the “ReCaptcha” service. This function is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Data privacy statement: https://www.google.com/policies/privacy/
Opt-out: https://adssettings.google.com/authenticated
Web analysis
Our website uses functions of the web analytics service Google Analytics, provided by Google Inc. with headquarters in 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. To do this, cookies are used that enable an analysis of how users use the website. The information obtained in this process will be transmitted to the Google server in the USA and stored there. However, you can prevent this by setting your browser in such a way that no cookies are stored.
We have concluded an agreement with the provider with regard to commissioned data processing.
Our aim in compliance with GDPR (legitimate interest) is to improve our services and our website. As the privacy of our users is a matter of paramount importance to us, the user data is pseudonymised.
Although your IP address will be identified, it will be instantly (e.g. by deleting the last eight bits) pseudonymised. Thus only an approximate localisation is possible.
Data is processed in compliance with the legal requirements of Sect. 96 Para. 3 TA as well as Art. 6 Para. 1 lit a (consent) and/or f (legitimate interest) GDPR.
Moreover, Google is certified under the Privacy Shield Agreement, thus ensuring its compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
The user data is retained for a period of 14 months.
For more detailed information on data used by Google, your options with regard to settings and objections, go to the following Google websites:
https://www.google.com/intl/de/policies/privacy/partners (“Use of data by Google when visiting websites or using apps of our partners”),
http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”), http://www.google.de/settings/ads (“Manage information used by Google in order to display advertisements”).
Adobe Typekit Web Fonts
We use the fonts (“Adobe Typekit Web Fonts”) provided by Adobe Systems Software Ireland Limited (Adobe Ireland).
Data privacy statement: https://www.adobe.com/privacy/policy.html
Opt-out: https://www.adobe.com/privacy/opt-out.html
Mouse Tracking
Our aim in compliance with GDPR (legitimate interest) is to optimise our services and our website. Therefore, we use Hotjar in order to better comprehend our users’ requirements and to optimise the services on this website. With the aid of the Hotjar technology, we obtain a better insight into the experiences of our users (e.g. how much time users spend on which pages, which links they click, what they like and what they dislike, etc.). This helps us to adapt our services in conformance with the feedback of our users. Hotjar uses cookies (see above) and other technologies in order to collect information on the behaviour of our users and their end devices, in particular the device’s IP address (will only be identified and stored in anonymised form), screen size, type of device (Unique Device Identifiers), information on the browser that was used, location (country only), the language preferred to display our website).
Hotjar stores this information in a pseudonymised user profile. Neither Hotjar nor we use this information in order to identify individual users or to merge it with further data on individual users.
For more information, see Hotjar’s data privacy statement: https://www.hotjar.com/legal/policies/privacy.
You can object to Hotjar’s storage of a user profile and of information pertaining to your visit to our website, and to the setting of Hotjar tracking cookies on other websites, by clicking on this Opt-Out Link.
Data storage via our web shop
In order to fulfil the contract, we store the following data: title, first and last name, address, email address and optionally entered data pertaining to the user (company name, address details, telephone number). The data provided by you is required in order to fulfil the contract or to implement pre-contractual measures. Without this data, we cannot conclude the contract with you. Data is not transmitted to third parties, with the exception of passing on credit card details to the banking institute/payment service provider for the purposes of debiting the purchase price, or to the transport company/shipping company commissioned by us to enable the delivery of the goods as well as to our chartered accountant to fulfil our obligations under fiscal law.
After the purchase process has been discontinued, the data stored with us is erased. If a contract is concluded, all data in connection with the contractual relationship is retained until the statutory retention period (seven years) has expired.
In addition, data such as name, address, purchased goods and purchase date is stored until the product liability period (10 years) has expired. Data is processed in compliance with the legal requirements of Sect. 96 Para. 3 TA as well as Art. 6 Para. 1 lit a (consent) and/or lit b (required to fulfil the contract) GDPR.
Registration and user account
Our web shop users are given the option to create a user account. As part of the registration process, we inform the users about the data required (mandatory fields and optional data). We use the data that was entered as part of the registration process for the purpose of using our services. Users may receive information via email in connection with our services or registration, e.g. a change to the scope of services or technical updates.
In the event that users decide to cancel their user account, the data stored on this account is deleted; an exception is data that must be retained for reasons related to commercial law or tax law in conformance with Art. 6 Para. 1 lit. c GDPR.
If the account was cancelled prior to the termination of the contract, it is incumbent on the users to store the data. We reserve the right to irrevocably delete all user data that was stored during the contract period.
We store the IP address and the user’s time of action if a user registers or logs into their user account, based on our legitimate interest as well as on the user’s interest in protecting against misuse and other unauthorised usage. The IP addresses will be anonymised or erased after seven days at the latest.
In principle, we do not transfer data to third parties; we make an exception in situations where we must pursue our claims or if we must fulfil our legal obligation in accordance with Art. 6 Para. 1 lit. c GDPR.
Newsletter
On our website, you are given the option to subscribe to our newsletter. In order to provide you with target-oriented information, we may collect and process data that you have voluntarily provided.
To send you our newsletter, we require your email address and your declaration that you consent to the receipt of the newsletter.
As soon as you have subscribed to our newsletter, we will send you a confirmation email containing a link to confirm the subscription.
You can cancel the subscription to the newsletter at any time. Please send your cancellation to: arthotel@blauegans.at. We will then immediately delete your data in connection with the newsletter subscription.
Google-Re/Marketing-Services
Our aim in compliance with GDPR (legitimate interest) is to improve our services and our website. Therefore we use the Marketing and Remarketing Services (for short “Google Marketing Services”) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
Moreover, Google is certified under the Privacy Shield Agreement, thus ensuring its compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
The Google Marketing Services enable us to display advertisements for and on our website in a targeted manner: i.e. so that users are only presented with those advertisements that might reflect their interests. To do this, Google executes a code and uses so-called Re/Marketing tags that help store an individual cookie in the user’s browser. For more information on the use of cookies, see above.
Google may merge the information obtained with such information from other sources. If the user then visits other websites, they may be shown advertisements that are tailored to their interests.
Moreover, Google Analytics records the users’ IP address; however, this is instantly pseudonymised (e.g. by erasing the last eight bits). Thus only an approximate localisation is possible. The advertisements will not be managed and displayed for a specific person but for the cookie owner, regardless of who this cookie owner is. It stands to reason that this does not apply if a user has expressly consented to their data being processed without this pseudonymisation. The information on the users gathered by the Google Marketing Services will be transferred to Google and stored on Google’s servers in the USA. The user’s IP address will not be merged with user data in connection with other services provided by Google.
Amongst others, we use cookies provided by the Google Marketing Services “Google AdWords”; we may display advertisements of third parties based on the Google Marketing Services “AdSense” and its cookies. For more information on data used by Google for marketing purposes, visit https://policies.google.com/technologies/ads, Google’s Data Privacy Statement is available at https://www.google.com/policies/privacy.
Furthermore, we use the “Google Tag Manager” in order to integrate the analysis and marketing services provided by Google into our website and to manage them centrally.
ONLINE PRESENCE ON SOCIAL MEDIA
We maintain an online presence on social networks and platforms in order to communicate with users, interested people and clients who are active there. When joining these networks and platforms, the terms and conditions and the data processing guidelines of the respective operators are applicable.
Insofar as otherwise declared in our Data Privacy Statement, we process the users’ data if they communicate with us on social networks and on platforms.
Use of Facebook Social Plugins
Our aim in compliance with GDPR (legitimate interest) is to improve our services, as well as the analysis, optimisation and economic operation of our website. Therefore we use social plugins (“plugins”) of the social network facebook.com that is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
The plugins facilitate the display of content on the website such as graphics, text files or videos or interactive elements. You can identify them by one of the Facebook logos (“f” on the respective background, the “thumbs up” sign or the term “like”) or the label with the additional specification “Facebook Social Plugin”. You can view the list and the appearance of the Facebook social plugins here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield Agreement, thus ensuring its compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
For further information on data collection by Facebook, the further processing and usage of data as well as user rights and setting options to protect privacy, go to Facebook’s privacy notice: https://www.facebook.com/about/privacy/.
Our online services may comprise content and functions provided by Twitter, Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This may also include, for example, pictures, videos or texts and buttons that enable users to react to content. If users are members of Twitter, Twitter will be able to assign the calling up of content and functions to the relevant user profiles. Twitter’s data privacy statement: https://twitter.com/de/privacy.
Twitter is certified under the Privacy Shield Agreement, thus ensuring its compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).
Our online services may comprise content and functions provided by Instagram, Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.
This may also include, for example, images, videos or texts and buttons that enable users to react to content. If users are members of Instagram, Instagram will be able to assign the content and functions that were called up to the relevant user profiles. Instagram’s data privacy statement: http://instagram.com/about/legal/privacy/.
Our online services may comprise content and functions provided by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA.
This may also include, for example, images, videos or texts and buttons that enable users to react to content. If users are members of Pinterest, Pinterest will be able to assign the content and functions that were called up to the relevant user profiles. Pinterest’s data privacy statement: https://about.pinterest.com/de/privacy-policy.
Our online services may comprise content and functions provided by Xing, XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
This may also include, for example, images, videos or texts and buttons that enable users to react to content. If users are members of Xing, Xing will be able to assign the content and functions that were called up to the relevant user profiles. Xing’s data privacy statement: https://www.xing.com/app/share?op=data_protection.
Our online services may comprise content and functions provided by LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
This may also include, for example, images, videos or texts and buttons that enable users to react to content. If users are members of LinkedIn, LinkedIn will be able to assign the content and functions that were called up to the relevant user profiles. LinkedIn’s data privacy statement: https://www.linkedin.com/legal/privacy-policy.
LinkedIn is certified under the Privacy Shield Agreement, thus ensuring its compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).
Vimeo
Our online services may comprise content and functions provided by the platform “Vimeo”, Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA.
Data privacy statement: https://vimeo.com/privacy.
Youtube
Our website may comprise content and functions of the platform “YouTube”, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Data privacy statement: https://www.google.com/policies/privacy/
Opt-out: https://adssettings.google.com/authenticated
Quandoo
Our website may comprise content and functions of the platform “Quandoo”. These services are provided by Quandoo Austria GmbH, Neubaugasse 21, Stiege 2, Tür 10, 1070 Vienna.
Data privacy statement: https://restaurants.quandoo.com/de-at/datenschutzerklaerung
Opt-out: https://publisher.tradedoubler.com/include/functions/optout.html
Soundcloud
Our website may comprise content and functions of the platform “Soundcloud”. These services are provided by SoundCloud Global Limited & Co. KG, SoundCloud Inc. and Repost Network Inc.
Data privacy statement: https://soundcloud.com/pages/privacy
Opt-out: https://soundcloud.com/signin?redirect_url=/settings/privacy
Your rights
In principle, you have the right to information, rectification, deletion, restriction, data portability, the right to withdraw your consent and the right to object. If you believe that the processing of your data is in violation of applicable data privacy law or that your data privacy rights are violated in any other way, you may file a complaint with the supervisory authority. In Austria, the competent body is the Austrian Data Protection Authority.
Feel free to contact us. Our contact data is:
G&G GFRERER U. GFRERER HOTEL- UND RESTAURANT BETRIEBSGMBH
Herbert von Karajanplatz 3
5020 Salzburg
t +43 (0)662 8424910
f +43 662 84 24 91 – 9
Telephone: +43 (0)662 8424910
Email: arthotel@blauegans.at
Source: WKO’s Data Privacy Statement template served as a basis for this Data Privacy Statement.
As of 28 October 2019