- Preamble – Our position on data protection and which websites it applies to
- Cookies – What are cookies and where we use them
- Log data – websites also collect information about your web accesses
- Location Info – systems save your location when you access our services
- Tracking tools – re-marketing/re-targeting with Google Analytics and Facebook Pixel
- Social media plugins – What it means when you click on one of these buttons
- Direct marketing – Which of your data is stored, how, why, where and for how long
- Data transmission – Here you can read transparently who receives your data from us and why
- Contact us – Information on how you can get in touch with us
- Data security – what we do to protect your data as much as possible
- Your rights – we take these very seriously, more on this in this section
With the following data protection declaration, we would like to inform you about the type, scope and purpose of the collection, processing and use of personal data in the context of the use of the website offered by VIVAT Touristik und Managementservice GmbH (hereinafter “SEEHOTEL RUST“) and the services offered in each case.
Your trust and the protection of your personal data is very important to SEEHOTEL RUST. We would therefore like to show you transparently how and for what purpose your data is used. We process your data exclusively on the basis of the current legal provisions in accordance with the EU General Data Protection Regulation (GDPR) and the Telecommunications Act (TKG 2003).
We work according to these principles when processing your personal data:
- You only provide us with the data that is necessary for the respective service
- Your data will only be stored for as long as is necessary for these services
- We only use your data for the purposes that we have mutually agreed upon
- We only share your data with third parties who are necessary for the operation of these services
- Your data will only be transmitted and stored by us in encrypted form
SEEHOTEL RUST uses so-called cookies on this website. This is small text information that is stored on your end device with the help of the Internet browser. They do not cause any damage. Cookies make it possible to speed up navigation on our website, to adapt it to your needs and interests and to prevent misuse of the services. As soon as you reconnect to our website, our server can identify your device in this way so that you do not have to log in every time you visit our website, for example.
SEEHOTEL RUST uses so-called session cookies, which are deleted when you close your web browser because they only contain information that was required for the one visit to SEEHOTEL RUST. In addition to session cookies, we also use so-called permanent cookies. These enable the service to maintain and offer you your personal settings or advertisements over a longer period of time (depending on the respective service). Permanent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
You can configure your browser settings according to your wishes and also refuse to accept cookies. However, we would like to point out that you may then not be able to use all the functions of the website.
Our concern with regard to these cookies within the meaning of GDPR Art. 6 Para1 lit. f is the legitimate interest on our part for the improvement of our offer and our overall web presence.
Use of script libraries (FontAwesome & Google Webfonts)
In order to display our content correctly and graphically appealing across browsers, we use script libraries and font libraries on this website, such as FontAwesome Web Fonts, which are provided by Fonticons, Inc. or also Google Webfonts (https://www.google.com/webfonts/). Google web fonts are transferred to the cache of your browser to avoid multiple loading. If the browser does not support Google Web Fonts or prevents access, content will be displayed in a standard font.
Calling script libraries or font libraries automatically triggers a connection to the library operator. It is theoretically possible – but currently also unclear whether and for what purposes – that operators of such libraries collect data.
3. LOG DATA
We may also collect information that your browser sends when you visit our Service or when you access the Service from a mobile device (“Log Data”).
This log data may include information such as browser type, browser version, device IP address, the pages you visit on our Services, the time and date of your visit, and the time spent on those pages and other statistics.
When you access the Service from or through a mobile device, this Log Data may include information such as the type of mobile device used, the mobile device’s unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser and other statistics.
4. LOCATION INFORMATION
We may use and store information about your location if you allow us to do so in your device settings. We use this information to provide features to improve and customize our service. You can activate or deactivate location services at any time via the settings of your mobile device when you use our service.
5. RE-MARKETING/RE-TARGETING THROUGH TRACKING TOOLS
We use tracking tools on our websites to measure user behavior on our websites in order to better understand it and further develop our offers in a customer-oriented manner. This also enables us to use targeted advertising in the online area. This is done in accordance with GDPR Art. 6 Para1 lit. f (for our legitimate interest).
For this purpose, we have installed a so-called “cookie banner” on all our websites, by means of which you give us your consent (GDPR Art.6 Para1 lit. a) or, of course, reject this as well. You can change this decision at any time by clicking on the link “Revoke cookie decision” (in the browser window at the bottom right).
On our websites we use Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics also uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of our websites is usually transmitted to a Google server in the USA and stored there. However, by activating IP anonymization, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Google will use this information on our behalf to evaluate your use of our websites, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of our website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link for deactivation: https://tools.google.com/dlpage/gaoptout?hl=de
We have also concluded a corresponding contract with Google for commissioned data processing. You can find more information on Google Analytics’ compliance with data protection here: http://www.google.com/intl/de /analytics/privacyoverview.html
Facebook “Custom Audience”
Remarketing tags from Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA are integrated on our pages. When you visit our pages, a direct connection is established between your browser and the Facebook server via the remarketing tags. Facebook receives the information that you have visited our site with your IP address. This allows Facebook to associate your visit to our site with your user account.
If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/ praferenzmanagement/
6. USE OF PLUGINS (ICONS) FROM FACEBOOK, INSTAGRAM AND LINKEDIN ON OUR WEBSITES
Social plugins (“plugins”) from the social networks Facebook, Instagram, YouTube and LinkedIn are used on our website. Our concern in the sense of the GDPR (legitimate interest) is the improvement of our offer and our overall website, the expansion of our community (followers) and for advertising purposes.
Facebook and Instagram are operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA. An overview of the Facebook and Instagram plugins and their appearance can be found here:
LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. An overview of the Twitter buttons and their appearance can be found here:
When you access a page on our website that contains such a plugin, your browser establishes a direct connection to the Facebook, Instagram or LinkedIn servers. The content of the plugin is transmitted directly to your browser by the respective provider and integrated into the page. By integrating the plugins, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile or are not currently logged in. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider and stored there.
If you are logged in to one of the services, the providers can directly assign the visit to our website to your profile on Facebook, Instagram or LinkedIn. If you interact with the plugins, for example by clicking the Facebook “Like” button, the corresponding information is also transmitted directly to a server of the provider and stored there. The information may also be published on the social network after your consent and displayed to your contacts there.
The purpose and scope of the data collection and the further processing and use of the data by the providers as well as your rights in this regard and setting options to protect your privacy can be found in the providers’ data protection notices.
Data protection information from Facebook: https://www.facebook.com/about/privacy/
Data protection information from Instagram: https://help.instagram.com/155833707900388
Data protection information from LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
If you do not want Facebook, Instagram or LinkedIn to assign the data collected via our website directly to your profile in the respective service, you must log out of the respective service before visiting our website. You can also completely prevent the plugins from loading with add-ons for your browser, e.g. with the script blocker “NoScript”(http://noscript.net/).
7. direct marketing
You can subscribe to our newsletter on our website. The double opt-in procedure is used for registration. In the newsletters we inform you about innovations to our product/service, news and interesting information, as far as possible and known to us, tailored to your interests and vacation wishes. You will also receive our newsletter if you have given us your e-mail address when you made your booking. To send you the newsletter, we collect and store the data that you enter in the input mask or that you provide in your request of any kind (e.g. last name, first name, e-mail address, postal address) and enrich it with interests that are known to us from your vacation wishes. We use your data for direct marketing when you subscribe to the newsletter in accordance with Art. 6 para. 1 sentence 1 lit. a, f GDPR in order to provide you with customized information about our services. You can object to this use now or at any time with effect for the future. To do so, send an email to firstname.lastname@example.org or use the unsubscribe function in the newsletter sent to you.
Product recommendations and transaction communication by e-mail
If you make a booking or purchase with us, send us an inquiry or request information or brochures, we process your personal data in accordance with Art. 6 para. 1 p. 1 lit b.
As our customer, you will receive transaction communications regarding the booked product and additional products by email to the contact details provided in the booking as part of the processing of your current booking. You will also receive regular product recommendations from us by e-mail after your trip. As our existing customer, you will receive these product recommendations regardless of whether you have subscribed to a newsletter or whether you have consented to marketing communication by e-mail. In this way, we want to provide you with information about products from our range that may be of interest to you based on your recent purchases from us. In doing so, we adhere strictly to the legal requirements.
The product recommendations by e-mail to existing customers are based on the legal basis of Art. 6 para. 1 lit. f GDPR in conjunction with national laws.
- In Austria, the national basis is § 107 para. 3 TKG [AT].
- In Germany, § 7 para. 3 UWG [D]as a national legal basis.
- In Switzerland, the legal basis is Art. 3 para. 1 lit. o UWG [CH].
Whenever your contact details are used for product recommendations, we expressly draw your attention to your right to object, which you can exercise easily and unbureaucratically at any time. If you no longer wish to receive product recommendations from us by e-mail, you can object to this at any time. Of course you will find an unsubscribe link in every e-mail. If you wish to exercise this right of objection, you can contact us at any time at: email@example.com. We use the service “NumBirds” from Sports and Tourism Digital Services GmbH, 6020 Innsbruck, Brixnerstraße 3/3 to create the newsletter and product recommendations. To protect the confidentiality of your personal data, we have concluded a contract processing agreement with the company.
It will not be passed on to third parties.
8. TRANSFER OF PERSONAL DATA TO THIRD PARTIES FOR THIS PURPOSE
We use third-party companies to provide our services, to perform service-related services within the framework of concluded contracts or to support us in analyzing how our service is used.
These third parties only have access to your personal data in order to carry out these tasks on our behalf and are obliged not to disclose or use it for any other purpose. We have concluded corresponding contracts for commissioned data processing with all third-party providers. In this way, we want to ensure that these data processors are also fully committed to the applicable legal provisions on data protection (GDPR).
We store personal data (names, job titles in the company, address, telephone number, e-mail address) for the fulfillment of contractual agreements and for customer support.
For this data storage, we use the Microsoft Office 365 Business software environment (MS Outlook, MS Office, MS Skype for Business, MS OneDrive cloud services) from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Disclosure of personal data when purchasing vouchers
If you purchase a voucher on our website, we use Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, The Netherlands, VAT number, as payment provider. NL81.58.39.091.B01, commercial register no. 302.04.462, Amsterdam (referred to as “mollie.com” for short). When the purchase amount is paid, the following personal data is processed by mollie.com:
- Your payment details (e.g. bank account number or credit card number)
- Your IP address
- Your internet browser and device type
- In some cases your first and last name
- In some cases your address data
- In some cases, your e-mail address and/or telephone number
- In some cases, information about the product or service you have purchased from our customer
Data processing is carried out on the basis of the statutory provisions of §96 para. 3 TKG and Art.6 Para1 lit. a (your consent) and lit. b (necessary for the performance of a contract) of the GDPR.
On our website, you have the option of using our contact form to get in touch with us personally. This requires at least the entry of your name and e-mail address. Data processing is carried out on the basis of the statutory provisions of §96 para. 3 TKG and Art.6 Para1 lit. a (your consent) of the GDPR.
The personal data you provide here is used to contact you directly. In the event of a business cooperation resulting from your inquiry, we will store your data for the duration of the cooperation, otherwise this data will be deleted after 12 months. During this period, we take the liberty of contacting you about our products to the usual business extent.
Google reCaptcha v3
We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on our websites. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). For the European area, the company Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, is responsible for all Google services.
The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. With the new Invisible reCAPTCHA version used on this website, you do not have to take any action (e.g. solve a puzzle, check a box). The tool runs in the background and calculates a so-called captcha score from user actions. This score calculates the probability that you are human. Website visitors are not made aware that an analysis is taking place.
Data processing is carried out on the basis of Art. 6 para. 1 lit. f (Legitimate interest) of the GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and SPAM.
If you have consented to the use of Google reCAPTCHA, data processing is also carried out on the basis of Art. 6 para. 1 lit. a (your consent) of the GDPR.
and https://www.google.com/recaptcha/intro/android.html .
10. DATA SECURITY
Data protection and children
Our service is not intended for persons under the age of 14 (“children”). We do not knowingly or intentionally collect personal data from children under the age of 14. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we are aware that we have collected personal information from children under the age of 14 without the consent of their legal guardians, we will take steps to remove this information from our servers.
Technical and organizational measures for data security
The security of your personal information is very important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
We take these technical and organizational measures to ensure the security of your personal data:
- Different passwords for all software tools
- Virus protection for all IT hardware used
- SSL encryption for secure data transmission
- Firewall for our internal company network
- Regular training on data security and protection for all employees
- Regular updates of all software components
- Regular data backups to ensure availability
- Regular risk analyses of the corresponding IT systems
11. WE ARE HAPPY TO BE THERE FOR YOU TO FULFILL YOUR RIGHTS
You can contact us at any time if you have questions about our data protection precautions or wish to have your profile and all personal data stored about you deleted or corrected. You also have the right to free information about your stored data at any time, as well as the right to restriction, data transfer of your data and to revocation or objection. If a third party has registered with us using your e-mail address, please notify us accordingly and, if you wish, we will delete your profile immediately.
If you believe that the processing of your data violates data protection law or that your data protection claims have been violated in any other way, you can bring this to the attention of the supervisory authority in the form of a complaint. In Austria, this is the Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, telephone: +43 1 52 152-0, e-mail: firstname.lastname@example.org
Data protection is important to us!
With best regards
VIVAT Touristik und Managementservice GmbH