Unfortunately, it is in the nature of things that these explanations sound very technical, but we have tried to describe the most important things as simply and clearly as possible when creating them.
What is Personal Data?
Personal data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.
The person responsible pursuant to the DSG and the GDPR is
Hotel Pension Haydn
Mariahilfer Straße 57-59
Telefon: +43 1 587 44 14 0
Fax: +43 1 587 44 14 700
Legal bases for processing
The processing of your personal data may be based on the following legal grounds:
- you have given your consent (Art. 6 para. 1 lit. a GDPR),
- the data is necessary for the fulfilment of a contract / pre-contractual measures (Art. 6 para. 1 lit. b GDPR),
- the data is necessary for the fulfilment of a legal obligation (Art. 6 para. 1 lit. c GDPR) or
- the data is necessary to protect the legitimate interests of our company, provided that your interests are not overridden (Art. 6 para. 1 lit. f GDPR).
You have the following rights with regard to personal data concerning you:
- Right to information (Art. 15 GDPR),
- Right to rectification or erasure (Art. 16 and Art. 17 GDPR),
- Right to restriction of processing (Art. 18 GDPR),
- Right to object to processing (Art. 6(1)(e) or (f) GDPR),
- Right to data portability (Art. 20 GDPR).
To assert these rights, please contact us at any time using the details provided.
You also have the right to lodge a complaint with your local data protection supervisory authority or the Austrian Data Protection Commission (DSB) (www.dsb.gv.at). We would, however, appreciate the chance to deal with your concerns before you approach the DSB or any other supervisory authority.
Collection of personal data when visiting our website
In the case of merely informative use of the website, i.e., if you do not make a booking or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 lit. f GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request came
- Operating system and its interface
- Language and version of the browser software.
In addition to the aforementioned data, cookies are stored on your computer when you use our website.
When you contact us, the data you provide (your e-mail address, name, and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are statutory retention obligations. The legal basis for processing is Art. 6 para. 1 lit. f GDPR and Art. 6 para. 1 lit. b GDPR
To enable you to conveniently book your stay with us online, we use the booking engines of RoomCloud. Your data will be used exclusively for the contractual relationship established with the reservation, and for any pre- and post-sales service, for any pre- and post-stay mailing, and for any pre- and post-stay mailing.
If you wish to book an overnight stay with us online, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your order. Mandatory data required for the processing of contracts are marked separately, other data are voluntary. We process the data you provide to process your order. For this purpose, we may pass on your payment data to our house bank. The legal basis for this is Art. 6 para. 1 lit. b GDPR.
Due to commercial and tax law requirements, we are obliged to store your address, payment confirmation and order data for a period of ten years. However, we will restrict processing after two years, i.e., your data will only be used to comply with legal obligations.
Extended data collection in the course of your stay
In the course of a booking at our hotel, we sometimes collect the following personal data in accordance with Art 13 GDPR:
- Master data (surname, first name, main residence, address, mail address, telephone and fax number, professional and private contact data including, place of birth, date of birth, customer number, language and, if applicable, car registration number).
- Data in identity documents (e.g., travel document, identity card, driving license etc. including issuing authority and period of validity, nationality)
- Date of arrival and departure and duration of booking, room number,
- the services you have requested and personal preferences you have made known (e.g., food or upholstery preferences), as well as allergies, intolerances, special needs and customer or special requests, date and type of services used and consumed, including special categories of data such as marriage/partnership
- data on payment methods and in connection with payments, in particular with debit cards, credit cards and bank cards
- customer feedback
The duration of storage is measured according to the duration of our business relationship, the consents you have given, and furthermore according to the statutory retention obligations and legal obligations applicable to us. We emphasize that in the case of regular cooperation for our best possible customer service, we strive to know your customer wishes already communicated to us so well that we can continuously and permanently satisfy you.
We use Google Analytics, a service provided by Google Inc. This means that the data collected can in principle be transmitted to a Google server in the USA, whereby the IP addresses are anonymized by means of IP anonymization so that an allocation is not possible. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can object to the collection and processing of this data by Google Analytics by setting an opt-out cookie that prevents the future collection of your data when you visit this website: http://tools.google.com/dlpage/gaoptout?hl=en. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR, our legitimate interest.
We use the services of Google Maps provided by Google Inc to allows us to show you interactive maps directly and to enable you to use the map function conveniently. Google receives the information that you have called up the corresponding sub-page of our website and in addition, the data your location data will be transmitted. This takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. The legal basis for this processing is our legitimate interest Art. 6 para. 1 lit. f GDPR.
Duration of data storage
We only store personal data for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 10 years, irrespective of the processing purposes.
Transfer of personal data
Hotel Pension Haydn will not disclose or otherwise distribute your personal data to third parties unless this is necessary for the performance of our services (legal basis for processing: Art. 6 para. 1 lit. b GDPR), you have consented to the disclosure (legal basis for processing: Art. 6 para. 1 lit. f GDPR) or the disclosure of data is permitted by relevant legal provisions.
Hotel Pension Haydn is entitled to outsource the processing of your personal data in whole or in part to external service providers acting as processors for Hotel Pension Haydn pursuant to Art. 4 No. 8 GDPR within the framework of the data protection provisions. External service providers support us, for example, in the technical operation and support of the website, data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.
The service providers commissioned by Hotel Pension Haydn process your data exclusively in accordance with our instructions. Hotel Pension Haydn remains responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organizational measures and additional controls by us.
Personal data may also be disclosed to third parties if we are legally obliged to do so e.g., by court order (legal basis for processing: Art. 6 para. 1 lit. c GDPR) or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil Hotel Pension Haydn’ legitimate interests (legal basis for processing: Art. 6 para. 1 lit. f GDPR).
Automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR does not take place on the part of Hotel Pension Haydn.
Direct marketing in the context of a customer relationship
We use the data you provide to fulfil and process our contract and to respond to your enquiries in accordance with Art. 6 para. 1 lit. b GDPR or on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. Insofar as you have also given us your separate consent to process your data for consulting, marketing and advertising purposes, Hotel Pension Haydn is entitled to contact you for these purposes via the communication channels you have given your consent to.
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.
Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe (or opt out).
Hotel Pension Haydn uses technical and organizational security measures to protect the data you have provided against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. These security measures are continuously improved in line with technological developments. In addition, all employees and agents are bound to data secrecy in accordance with the DSG and the GDPR.
We are present in “social media” (currently, Facebook, and Twitter) in order to communicate with our customers, interested parties and users registered there and to be able to inform them about our offers. We would like to point out that you use social media platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating). We, as the provider of our Social Media Profile, do not collect and process any data from your use of our social media platforms and beyond this. The processing of users’ personal data is based on our legitimate interests in providing users with effective information and communicating with users.
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.
Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.
Links to other providers
Our website also contains – clearly recognizable – links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.
The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal contents were not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. Such links will be removed immediately if infringements of the law become known.
Concerns and Contact
If you have any concerns about a possible compromise of your privacy or misuse of your personal information on our part, or any other questions or comments, you can contact us.
Who should I contact for more information?
Hotel Pension Haydn
Mariahilfer Straße 57-59
Tel: +43 1 587 44 14 0
Fax: +43 1 587 44 14 700