DATA PROTECTION DECLARATION
RESPONSIBLE AUTHORITY IN TERMS OF DATA PROTECTION LAWS:
Family Heinz Gerhart
Junghanssstraße 157
A 8967 Haus im Ennstal
Tel: +43 664 2027487
info@gerhart.at
https://www.gerhart.at
Data Protection Officer as per GDPR: Ute Gerhart,info@gerhart.at
DATA COLLECTION WHEN VISITING OUR WEBSITE
When you visit our website, we collect the data automatically transmitted by your browser (logfiles) to our web server, including the IP address, the URLs of the websites from which you came to our websites, the browser used, the browser language, the operating system used and the interface, the device used to access the services, the date and time of access, the pages accessed and the time you spend on our websites. The legal basis for the processing of this data is our legitimate interest in accordance with Art. 6 (1f) GDPR, which follows from the purposes listed below. We use this information to: facilitate access to the website; continuously improve the website and services and further adapt them to the needs of our users; perform internal quality controls; detect, correct and prevent errors, malfunctions and possible misuse. The data is stored for a period of one year and then automatically deleted.
COOKIES, WEB BEACONS AND SIMILAR PROCESSES
Like almost all service providers, we use cookies, web beacons or similar processes when you visit our websites or use our services.
Cookies are small text files that are stored by your browser on your computer or mobile device. They enable the recognition of your computer or device, if necessary, across different websites. The cookies do not contain any personal information. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and allow us or our affiliates to recognize your browser on your next visit (persistent cookies).
You can prevent the use of cookies by setting your browser software accordingly. However, it is possible that certain areas of the sites or offers may not work as intended.
Web beacons are small graphics files (“pixels”), integrated into our website. They can be used to record user behaviour. Similar procedures include Flash cookies, HTML5 cookies or other local (browser or device) storage methods in which ‒ similar to cookies ‒ data can be stored in your browser or on your device in order to recognize your browser or device on the next visit.
The use of cookies and similar methods enables us to collect information about users in order to make the use of the websites easier, more comfortable and to enable certain offers.
We use cookies for the following purposes: booking function, login/customer areas.
We also use cookies for web analytics, retargeting and conversion tracking services (see below).
CONTACT FORM
If you contact us through the available contact options, some of your personal data (e.g. name, address, contact and communication data like telephone number and email address) will be collected, so that we can process and respond to your request as well as follow up on any other questions you might have. Data processing takes place in accordance with Art. 6 (1b) GDPR. We only store personal data that we process as part of a general contact request by email or contact form as long as necessary for the respective correspondence ‒ usually a period of [one year] after answering your request.
DIRECT BOOKING OPTION AND BOOKING REQUESTS ON THE HOTEL WEBSITE
Personal data that we collect related to a room reservation will only be stored for as long as is necessary for the execution of the contract and any subsequent contract-related correspondence (usually one year) or in the case of commercial and/or tax-relevant documents containing personal data, as long as the statutory periods of the Commercial Code and the Tax Code provide for the retention of these documents (usually 6 to 10 years). Legal basis for the processing of personal data in connection with a room reservation: The processing of personal data is necessary to fulfil the relevant contract in connection with a room reservation (Art. 6 (1b) GDPR). In addition, we process booking data in accordance with Art. 6 (1f) GDPR on the basis of our legitimate interests for fraud prevention, the enforcement of our legal claims, accounting purposes and risk management, as well as pursuant to Art. 6 (1c) GDPR for the fulfilment of legal obligations, e.g. to comply with commercial and tax law retention obligations or to fulfil obligations to publish data on the basis of a final court order or official order.
DIRECT BOOKING OPTION ON A HOTEL WEBSITE, COMBINED WITH DIRECT MAILING VIA NEWSLETTER
If you have subscribed to our newsletter, you will receive regular newsletter and marketing emails related to offers and news from our company. The legal basis in this case is your consent in accordance with Art. 6 (1a) GDPR. In addition, we will use your email address (provided during a booking) for the purpose of direct mailing for similar offers, unless you have already objected to this. The legal basis in this case is our legitimate interest in direct advertising according to Art. 6 (1f) GDPR.
You can revoke your consent to receive such emails at any time and free of charge or object to the receipt of such emails, e.g. via the unsubscribe link in our emails. Your email address will be saved for the newsletter as long as you do not object.
USE OF GOOGLE ANALYTICS
This website uses Google Analytics, a web analytics service provided by Google LLC (in the following: Google). The legal basis is our legitimate interest in the analysis and evaluation of the use of our website as per Art. 6 (1f) GDPR.
Google Analytics uses so-called “cookies”; these are text files that are stored on your computer and that enable the analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, since IP anonymisation is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies via your browser settings; however, please note that if you do this, you may not be able to use this website to the fullest extent possible. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing this browser plug-in: The current link is http://tools.google.com/dlpage/gaoptout?hl=en
In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking this link:
[OPT-OUT-BUTTON] Deactivate google analytics
An opt-out cookie will be installed on your device. This will prevent data collection by Google Analytics on this website and for this browser in the future, as long as the cookie remains installed in your browser.
Google automatically deletes personal information associated with cookies, user ID or promotional ID (e.g. DoubleClick cookies, Android Advertising ID, Apple’s promotional ID) after 14 months.
Google also processes your personal information in the US and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
USE OF GOOGLE WEB FONTS
For the purpose of the needs-based design and optimization of our pages, we use external, embedded fonts from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA (“Google”) based on Art. 6 (1f) GDPR. In doing so, your Internet browser automatically establishes a connection to Google’s servers to transfer the information listed under section Data collection. If you have an account with Google and you are logged in to Google, your data may be associated with your account by Google. We have no control over this data transfer and the further processing of data by Google.
For more information on the purpose and scope of Google’s data collection and processing, your rights, and privacy preferences, please visit https://www.google.com/intl/en/policies/privacy. Google also processes your personal data in the US and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
USE OF GOOGLE MAPS
For the purpose of the needs-based design of our website, we use the “Google Maps” component provided by Google in accordance with Art. 6 (1f) GDPR.
Each time Google Maps is accessed, Google sets a cookie to process user settings and data when viewing the page that has the Google Maps component integrated. This cookie is usually not deleted by closing the browser, but will expire after a certain amount of time unless it is manually deleted by you.
When you visit the website, Google receives the information that you have accessed the corresponding sub-page of our website. In addition, the information listed in Data collection is transferred to Google by your browser. This is done regardless of whether Google provides a user account that you are logged in to, or if there is no user account. When you are logged in to Google, your data will be assigned directly to your account. If you do not wish the information to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and/or needs-based website design. Such an evaluation takes place in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about your activities on our website. You have a right to object to the formation of these user profiles; you must forward this objection directly to Google.
For more information on the purpose and scope of Google’s data collection and processing, your rights, and privacy preferences, please visit https://www.google.com/intl/en/policies/privacy. Google also processes your personal data in the US and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
EMBEDDED YOUTUBE VIDEOS
This website includes a “YouTube plug-in”. This YouTube software uses cookies for data collection and statistical data analysis. YouTube uses cookies to capture reliable video statistics, prevent fraud, and improve usability, among other things. The operator of the website receives statistical values from the YouTube cookies about the retrieval of individual videos embedded in the website without reference to the respective user. The legal basis for the use of YouTube plug-ins is our legitimate interest in an interesting and needs-based design of our website as per Art. 6 (1f) GDPR.
We use embedded YouTube videos in enhanced privacy mode. This means that if you do not play the videos, you will not transfer any data about you as a user to YouTube. The data transfer only takes place when you watch the videos. We have no influence on this data transfer.
When you play the video, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the data mentioned above under “server log files” are transmitted. This happens regardless of whether YouTube provides a user account that you are logged in to, or if there is no user account. When you are logged in to Google, your data will be assigned directly to your account. If you do not wish the information to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation takes place in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users about your activities on our website. You have a right to object to the creation of these user profiles; you must forward this objection directly to YouTube.
Further information on the purpose and scope of the data collection and its processing by YouTube can be found in the privacy policy. You will also get more information about your rights and privacy settings here: https://www.google.com/intl/en/policies/privacy. Google also processes your personal information in the US and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
SOCIAL PLUG-INS
We use sharing features on our website with the following social media providers:
Facebook: Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA, http://en-gb.facebook.com/about/privacy/
For more information about data collection: http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo.
Facebook is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
Google+: Google LLC, 1600 Amphitheater Parkway, Mountainview, California 94043, USA, https://www.google.com/policies/privacy/partners/?hl=en
Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
Instagram: Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA, https://help.instagram.com/155833707900388/
Instagram is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
Pinterest Inc., 808 Brannan St., San Francisco, CA 94103, USA (“Pinterest”), https://developers.pinterest.com/docs/getting-started/introduction/
Pinterest is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
Through the plug-ins, we offer you the opportunity to interact with the social networks and other users, so that we can improve our site and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 (1f) GDPR.
We use the so-called two-click solution. When you visit our site, no personal information is passed on to the provider of the plug-ins initially. The provider of the plug-in can be identified by its initial letter or logo on the button. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only after you click on the marked field and activate it does the plug-in provider receive the information that you have accessed the corresponding website of our online service. In addition, the log data mentioned above is transferred. This includes, for example:
– the address of the website where the activated link is located,
– the date and time of the visit to the website and the activation of the link,
– information about the browser and the operating system used,
– the IP address
By activating the plug-in, personal data will be transmitted by you to the respective plug-in provider and stored there (with American providers in the USA).
If you are registered with and logged in to the respective social media provider at this time, the provider can assign the visit to our website and your interaction with the social media element (e.g. clicking the “Like” button) to your user profile (e.g. to your Facebook account).
We have no control over the data collected or the processing of that data, nor are we aware of the full extent of the data collection, the purpose of the processing or the retention periods. We also have no information on the deletion of the data collected by the social media provider. For more information on the purpose and scope of the data collection and its processing by the social media provider, please refer to the privacy policies of that provider (see links above). You will also find further information about your rights and settings options for the protection of your privacy.
The servers of social media services are located in the US and other countries outside the European Union. The data can therefore also be processed by the provider of the social media service in countries outside the European Union. Please note that companies in these countries are subject to a data protection law which generally does not protect personal data to the same extent as is the case in the Member States of the European Union.
CONVERSION TRACKING
We use external advertising partners to draw attention to our site with the help of advertising material on external websites. We also use marketing tools to determine how successful the individual advertising measures are (“conversion tracking”).
We intend to show you advertisements that are of interest to you, to make our website more interesting to you and to achieve a fair calculation of advertising costs. The legal basis is Art. 6 (1f) GDPR.
To this end, our advertising partners set cookies and web beacons (see above), by means of which certain parameters can be measured to determine success, e.g. the display of ads or clicks by the users. These cookies are not intended to identify you personally. As long as the cookie is valid, the affiliate will be able to recognize that you have clicked on an ad and reached a specific landing page (e.g. form entry, confirmation page, newsletter signup). The affiliate uses the cookie to generate conversion statistics. These statistics include the number of users who clicked on one of our ads. In addition, it counts how many people have reached a landing page that has been tagged with a “conversion tag” (remarketing tag, see above). However, the statistics do not contain any data that identifies you.
We ourselves do not collect and process any personal data in the aforementioned advertising measures. We receive only statistical evaluations from our advertising partners. Based on these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material and cannot identify the users on the basis of this information.
Due to the conversion tracking tools used, your browser automatically establishes a direct connection with the server of the advertising partners. We have no control over the extent and continued use of data collected through the use of this tool by the advertising partners. By integrating the marketing tools, the advertising partner receives the information that you have accessed the relevant part of our website or have clicked on one of our ads. If you are registered with our advertising partner (e.g. Facebook or Google), the advertising partner can assign the visit to your account. Even if you are not registered or are not logged in, there is a possibility that the provider will collect your IP address and store it.
WE USE CONVERSION TRACKING FROM THE FOLLOWING ADVERTISING PARTNERS:
Google Adwords
Google LLC, 1600 Amphitheater Parkway, Mountainview, California 94043, USA
For more information about Google’s privacy policy, see http://www.google.com/intl/en/policies/privacy and https://services.google.com/sitestats.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-USFramework. You can prevent conversion tracking with Google Adwords by disabling conversion tracking cookies by setting your browser to block cookies from the www.googleadservices.com domain, https://www.google.com/settings/ads, which will be deleted if you delete your cookies or by permanent deactivation in your Firefox, Internet Explorer or Google Chrome browser under the link http://www.google.com/settings/ads/plugin
Facebook Inc., 1601 S California Ave., Palo Alto, California 94304, USA
For more information on Facebook privacy, please visit: http://www.facebook.com/about/privacy/. If you do not want Facebook to assign the collected information to your Facebook account, you can make the relevant setting adjustments here: https://www.facebook.com/settings/?tab=ads
To do this, you must be logged in to Facebook. Facebook is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
You can prevent us from providing data to conversion tracking providers at any time by clicking on the following link: [OPT-OUT BUTTON]
In doing so, we set a persistent cookie that will ensure that your opt-out will be recognized and taken into consideration during future visits to our website. Please note that it has to be reset after deleting all cookies. Opt-out cookies prevent the future collection of your data when visiting this website with a specific device or browser. However, to prevent data collection on different devices, the opt-out must be performed on all devices/browsers used.
USE OF GOOGLE REMARKETING
Our websites use so-called “retargeting tags” to place interest-based advertising on third-party websites. The legal basis is our legitimate interest in implementing advertising measures in accordance with Art. 6 (1f) GDPR.
A retargeting tag is a JavaScript element that is placed in the source code of the website. If a user visits a page on a website that contains a retargeting tag, an online advertising provider (“retargeting provider”, e.g. Google, Facebook) places a cookie on that user’s computer and assigns the user to retargeting target group lists. The respective retargeting providers use the cookie to collect interest data (e.g. the pages visited on our website or search queries that have been entered) using pseudonyms. This information is then used by the retargeting providers to display interest-based advertising. In doing so, no direct personal data will be stored and no user profiles with your personal data will be created. However, the retargeting provider may be able to identify you and associate your usage behaviour on our website with you, especially if you are a registered user of the retargeting provider (e.g. if you have a Google or Facebook account).
We use the following retargeting providers:
Facebook Retargeting
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA
Your IP address and the pages you view on the GoEuro website are sent to Facebook. You can find more information about the data processing by Facebook and your rights and ways to protect your personal data in Facebook’s privacy policy at: http://en-gb.facebook.com/about/privacy/
If you do not want Facebook to assign the collected information to your Facebook account, you can deactivate the retargeting features here: https://www.facebook.com/settings/?tab=ads
To do this, you must be logged in to Facebook.
Facebook is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
Google Remarketing
Google LLC, 1600 Amphitheater Parkway, Mountainview, California 94043, USA
Users of this website may disable the use of cookies by Google and retargeting by making the relevant adjustments to their “Google Ads Preferences” (http://www.google.com/ads/preferences/). For more information about Google’s data processing, please visit https://www.google.com/intl/en/policies/technologies/ads/ and https://policies.google.com/privacy/partners
Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
In doing so, we set a persistent cookie that will ensure that your opt-out will be recognized and taken into consideration during future visits to our website. Please note that it has to be reset after deleting all cookies. Opt-out cookies prevent the future collection of your data when visiting this website with a specific device or browser. However, to prevent data collection on different devices, the opt-out must be performed on all devices/browsers used.
NEWSLETTER
When you sign up for our newsletter, the information you provide will be used exclusively to send you periodic newsletters and marketing emails and providing advertising and information about our offers. Subscribers may also be notified by email about circumstances relevant to the service or registration (such as changes to the newsletter or technical conditions).
For an effective registration we need a valid email address. In order to verify that an application is actually made by the owner of an email address, we use the “double-opt-in” procedure. For this purpose, we record the registration for the newsletter (data that are entered during the registration in the input mask, such as salutation, first name, name, email), the sending of a confirmation email and the receipt of the requested response. No further data is collected. The data will be used exclusively for newsletter delivery.
The legal basis for data processing is your consent in accordance with Art. 6 (1a) GDPR.
You can revoke your consent to the storage of your personal data and its use for the newsletter email at any time. Each newsletter contains a link to unsubscribe from the emails. In addition, the revocation can be made via the other contact options indicated on the website. Your data will be deleted from our system immediately.
CONTESTS
Our website offers you the chance to compete in our contest. The data given in the contest form will be used solely to identify a winner. To do this, we record the completed participation form (data entered in the input mask, such as salutation, first name, name, email, postal address), the delivery of a confirmation email and the receipt of the requested response. No further data is collected. The data will be used exclusively for the duration of the contest and will not be passed on to third parties. After the end of the contest your data will be deleted. The legal basis is Art. 6 (1b) GDPR.
DATA RECIPIENTS
We may use external service providers, especially technical and commercial service providers. These include, in particular, hosting providers, statistics and analysis services, service providers for managing service desk and support data, service providers for the provision of CRM systems, newsletter delivery, voucher ordering, spam and abuse prevention, and IT maintenance and service development service providers. The service providers work exclusively on our behalf and may not process personal data for their own purposes. As part of a booking, we send data to Payment services providers, Financial authorities and Cities/municipalities. The data processing may also effect a transfer of information to data recipients outside the European Union. The data transfer takes place in this respect according to the principles of the so-called Privacy Shield (https://www.privacyshield.gov/welcome) or on the basis of so-called standard contractual clauses of the European Commission (http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm).
YOUR RIGHTS
In addition to the right of revocation of your consent granted to us, you have the right of access to information according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR, the right to object according to Art. 21 GDPR and the right to data portability according to Art. 20 GDPR.
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1f) GDPR (Art. 21 (1) GDPR).
Where we process your personal data based on Art. 6 (1f) GDPR for direct marketing purposes, you have the right to object at any time to such processing without giving a reason (Art. 21 (2) GDPR).
In addition, you have the right to lodge a complaint with a supervisory authority according to Art. 77 GDPR.
QUESTIONS ABOUT PRIVACY
If you have questions about privacy, please contact us by email:
info@gerhart.at