Last updated: May 2022
The use of our website is usually possible without providing personal information. If personal data (for example name, address or e-mail addresses) is raised on our pages, this takes place, as far as possible, on voluntary basis only. This data will not be disclosed to third parties without your explicit consent.
Please note that data transmission over the Internet (for example, when communicating via e-mail) may have security vulnerabilities. A complete protection of your data, from access by third parties, is not possible.
- a) personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject" or "user"). A natural person is considered to be identifiable who, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, expresses the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified.
- b) affected person
Affected person is any identified or identifiable natural person whose personal data is processed by the controller.
- c) processing
- Processing means any process or series of operations related to personal data, such as gathering, collecting, organizing, arraning, storing, adapting or modifying, reading, querying, using, with or without the aid of automated procedures; disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.
- d) limitation of processing
Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.
- e) Profiling
Profiling is any kind of automated processing of personal data that consists of using that personal information to evaluate certain personal aspects relating to a natural person, in particular aspects relating to job performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or relocation of that natural person.
- f) pseudonymisation
Pseudonymisation is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the need for additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data not assigned to an identified or identifiable natural person.
- g) controller or person in charge of controlling
The controller or person in charge of controlling is the natural or legal person, public authority, agency or body that, alone or in concert with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for his designation may be provided under Union or national law.
- h) processor
The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
- i) recipient
Recipient is a natural or legal person, public authority, agency or other body to whom Personal Data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or national law in connection with a particular mission are not considered as beneficiaries.
- j) third parties
Third is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or the processor to process the personal data.
- k) consent
Consent is any voluntarily given and unambiguously expressed in the form of a statement or other unambiguous confirmatory act by the data subject for the particular case, by which the data subject indicates that they consent to the processing of the personal data concerning him / her is.
2. Rights of the user
It is also our intention to make you aware of the rights that you have under GDPR with regard to the processing of your data:
- a) Right to confirm (Article 15 (1) GDPR)
Each data subject has the right to ask the person responsible for a confirmation of the processing of the personal data concerned. If an affected person wishes to make use of this confirmation right, they may at any time turn to the address given in the imprint or this data protection declaration or contact another employee of the person in charge.
- b) Right to information (Article 15 (1) and (3) GDPR)
Each person (user) affected by the processing of personal data has the right to receive free information from the person responsible about the personal data stored about him and a copy of this information at any time. Furthermore, the responsible person has to inform the person concerned about the following information:
In addition, the data subject has a right of access as to whether personal data has been transmitted to a third country or to an international organization. If that is the case, then the data subject has the right to obtain information about the appropriate guarantees in connection with the transfer.
- the processing purposes
- the categories of personal data being processed
- the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations
- if possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration
- the right of rectification or erasure of the personal data concerning them or restriction of processing by the controller or a right to object to such processing
- the existence of a right of appeal to a supervisory authority
- if the personal data are not collected from the data subject: all available information on the source of the data
- the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) of the GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended impact of such processing on the data subject
- c) Right to rectification (Art. 16 GDPR)
Any person affected by the processing of personal data is entitled to demand the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
- d) Right to cancellation (right to be forgotten) (Art. 17 GDPR)
Any person affected by the processing of personal data shall have the right to require the controller to immediately delete the personal data concerning him, provided that one of the following reasons is satisfied and the processing is not required:
If the personal data has been made public by the person responsible and if our company is responsible for deleting personal data as the person responsible pursuant to Art. 17 (1) DS-GVO, the person responsible shall take appropriate measures, including technical ones, taking into account the available technology and the implementation costs. to inform other data controllers processing the published personal data that the data subject has requested that these other data controllers delete all links to such personal data or copies or replications of such personal data, as far as the processing is not necessary.
- The personal data has been collected or otherwise processed for such purposes for which they are no longer necessary.
- The person concerned revokes the consent on which the processing was based on Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR and lacks any other legal basis for the processing.
- The data subject submits an objection to the processing pursuant to Art. 21 (1) GDPR, and there are no legitimate reasons for the processing, or the data subject appeals pursuant to Art. 21 (2) GDPR the processing.
- The personal data were processed unlawfully.
- The deletion of personal data is required to fulfill a legal obligation under Union or national law to which the controller is subject.
- The personal data were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
Any person affected by the processing of personal data shall have the right to receive in a structured, common and machine-readable format personal data relating to him / her provided to a controller by the data subject. It also has the right to transfer this data to another person responsible without hindrance by the controller to whom the personal data was provided, provided that the processing is based on the consent pursuant to Article 6 (1) (a) of the GDPR or Article 9 (1) (b) 2 (a) of the GDPR or on a contract pursuant to Article 6 (1) (b) of the GDPR and processing by means of automated processes, unless the processing is necessary for the performance of a task of public interest or in the exercise of public authority, which has been assigned to the responsible person.
Furthermore, in exercising their right to data portability under Article 20 (1) of the GDPR, the data subject has the right to obtain that the personal data are transmitted directly from one controller to another, insofar as this is technically feasible and if so this does not affect the rights and freedoms of others.
Any person affected by the processing of personal data shall have the right, at any time and for reasons arising from his or her particular situation, to prevent the processing of personal data relating to them pursuant to Article 6 (1) (e) or (f) of the GDPR, Objection. This also applies to profiling based on these provisions.
In the event of an objection, the controller will no longer process the personal data unless we can prove that there are compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing is for the purpose of enforcing, pursuing or defending the data legal claims.
If the controller processes personal data in order to conduct direct mail, the data subject has the right to object at any time to the processing of personal data for the purposes of such advertising. This also applies to the profiling, as far as it is associated with such direct mail. If the data subject objects to processing for direct marketing purposes, the person responsible will no longer process the personal data for these purposes.
In addition, the data subject has the right, for reasons arising from their particular situation, to object against the processing of personal data relating to them, for the scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDP, unless such processing is necessary to fulfill a public interest task.
The user is also free, in the context of the use of information society services, notwithstanding Directive 2002/58 / EC, to exercise his right of opposition by means of automated procedures using technical specifications.
Any person concerned by the processing of personal data shall have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect or similarly appreciably affects it, unless Decision (1) is not necessary for the graduation or fulfillment of the contract between the person affected and the controller or (2) is permissible under Union or Member State legislation to which the controller is subject, and where such legislation provides for appropriate measures to safeguard the rights and freedoms, and the legitimate interests of the data subject or (3) with the express consent of the data subject.
If the decision (1) is required for the conclusion or performance of a contract between the data subject and the controller or (2) is made with the express consent of the data subject, the controller shall take reasonable measures to safeguard the rights and freedoms and the legitimate interests the person concerned, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and to challenge the decision.
Any person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.
- e) Right to limit processing (Art. 18 GDPR)
Any person affected by the processing of personal data shall have the right to require the controller to restrict the processing if any of the following conditions apply:
- The accuracy of the personal data is contested by the data subject for a period of time that enables the person responsible to verify the accuracy of the personal data.
- The processing is unlawful, the data subject refuses to delete the personal data and instead requests the restriction of the use of personal data.
- The data controller no longer needs the personal data for processing purposes, but the data subject requires them to assert, exercise or defend their rights.
- The person concerned has objection to the processing according to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh those of the person concerned.
- f) Data transferability (Art. 20 GDPR)
- g) Right to object (Art. 21 GDPR)
- h) Automated decisions in individual cases including profiling (Art. 22 GDPR)
- i) Right to revoke a data protection consent
The data subject can prevent the setting of cookies through our website at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict or prevent the setting of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
What types of cookies do these sites use?
Two different types of cookies can be used on these pages, so-called "session cookies" and "permanent cookies". Session cookies are temporary cookies that stay on your device until you leave the site. On the other hand, a permanent cookie will remain on your device for a certain amount of time after you leave the site, or until you manually delete it (how long a cookie stays on your device depends on the "lifespan" of that cookie).
Which cookies do these pages use?
- Mandatory cookies
These cookies are essential to the functioning of the site and allow the user to navigate the site and use its services and features. Without these mandatory cookies, the site will not function as smoothly as desired, and the person responsible may not be able to provide the site or certain services and features that the user requests.
|i18next||Saves the selected language on this page.||Session||HTML||Website|
|PHPSESSID||Associates your browser with a session on the server. This only affects the content you see and is not evaluated or processed by us.||Session||HTTP||Website|
4. Data processing when using PMS systems (widgets)
Widgets of the company zadego GmbH (easybooking) may be implemented on these pages.
It concerns the offerer to a PMS system, which represents the offerer of the hotel software of the responsible person. Depending on the tourism business, the widgets can be the following:
- request form
- booking mask
- small search (request, booking)
- category view
- room view
- packages Widget
- price overview
- price comparison
- availability Calendar
- online check-in
a. General information
In order to be able to edit your request or booking, it is necessary that the data you have provided to the person responsible are being processed.
The person responsible as mentioned above and the zadego GmbH, (both together also called "provider") are in a contractually regulated business relationship. The person in charge receives his hotel management or booking software from zadego GmbH.
There will be a transfer of the personal data you have provided to the Administration System and to companies in business relationship with the Management System. This transfer takes place in particular at o.g. Landlords, if necessary, also to tourism associations, reporting providers, payment providers and other companies that are connected to a management system and / or a landlord and must be used to fulfill post-contractual obligations.
The use of personal information by providers is governed by applicable law and the consent you have given us to use your information.
b. Collection of data
In the context of a request or booking at the tourism business, you announce the relevant data for carrying out the same. These are usually the following:
- first and last name
- e-mail address
- payment details (bank details, credit card details)
- birth dates (to identify children)
These data are collected only to the extent permitted by law and only with your consent and through your active participation. Insofar as the consent is electronically declared in the context of the services, the legal information obligations are taken into account and this approval is recorded by suitable technical systems.
c. Purpose of this data processing
The person responsible will process your personal data in this context for the following purposes:
- online check-in
- fulfillment of the obligation to register
- payment processing
If in one of these widgets an input of personal data is required (contact information, e-mail, data of the desired stay in our house), this is always done on a voluntary basis and only for the purpose of your desire to make a corresponding offer.
If no contractual relationship is established between the parties (there is thus no stay in the operation of the person in charge), the data of the person concerned will be automatically deleted from the systems immediately. In individual cases, statutory storage and deletion periods must be observed.
5. Registration obligation
The person in charge is obliged, under the respective applicable reporting law, to register all guests resident with the person responsible with the data specified in the Registration Act.
According to the Austrian Registration Law, you are required to register with us and provide us with the data specified in § 5 and § 10 of the Austrian Registration Law. This applies to the following data:
Name, date of birth, gender, nationality, country of origin, and address with postal code. Foreign guests are also required to provide the type of travel document they are traveling with, its number, place of issue and issuing authority, as well as date of arrival and departure.
5.1. Guest register
We administer the guest register electronically and forward the data to an IT processor, where the data is saved locally. The data is not transferred to a third country.
5.2. Forwarding of data
Arrival and departure data, together with country of origin, is forwarded in accordance with § 6 of the Regulation on Tourism Statistics (Tourismus-Statistik-Verordnung) to the municipality in which our tourist accommodation establishment is located. Aggregated data about the total number of overnight stays and the names of persons required to pay a local tourist tax are also forwarded to the respective tourism association Tourismusverband Stubai Tirol Kör (Tourist Office in Stubai) to which we belong. This is done in accordance with § 9 of the Tyrolean Regulation on Local Tourist Tax (Tiroler Aufenthaltsabgabegesetz).
5.3. Legal basis for data processing
The processing of data as specified above in items 1.1 to 1.3 is based on Art. 6, para. 1, lit. c GDPR (fulfillment of legal obligation).
5.4 Additional data forwarded to the tourism association/municipality
We also forward your postal code and year of birth (in pseudonymized and anonymized form) to our municipality and our tourism association. This is done for statistical purposes so that the tourism association can create and evaluate statistics on country of origin and age. The data is forwarded in accordance with Art. 6, para. 1, lit. e (public interest) and lit. f (legitimate prevailing interests) GDPR. You can file an objection at any time for reasons resulting from your particular situation (Art. 21, para. 1 GDPR).
5.4.1 Guest card
You can make use of a guest card. A guest card offers discounts and/or services provided by various regional businesses (e.g., discounted admission). The guest card is valid for the duration of your stay with us.
5.4.2 Issuing of guest cards
Guest cards are issued by the accommodation provider upon request only. Depending on the guest card system used by the tourist association and/or tourist accommodation establishment, you will be issued one of the following:
• Electronically generated guest card,
• Manually created guest card
• Carbon copy of the registration form.
5.4.3 Processed personal data – Guest card system – Stubai Super Card
Consent via booking confirmation: Guest card system – Stubai super Card
For both the electronically generated and manually created guest card, the following personal data, which is taken from the registered data (see item 1 above), is processed:
First name, last name, date of birth and duration of stay (arrival/departure), country of origin, postal code.
If the guest card is issued as a carbon copy of the registration form, it includes information as stipulated in § 5 in conjunction with § 9 of the Austrian Registration Law (see Registration data). In this case, the data is not processed electronically for guest card purposes.
The following additional personal data is processed when the guest card is used: data about the card's usage frequency, services used, bookings, transaction logging, billing data, reference to registered data and the tourist accommodation establishment.
This data is required to determine, on the one hand, your identity, and on the other hand, to determine the guest card's duration of validity at the respective service provider's establishment. It also facilitates the settlement of discounts between the service providers, the tourism association, and if need be, the tourist accommodation establishments.
5.4.4 Legal basis for data processing
Data is processed for guest card purposes, based either on your consent (Art. 6, para. 1, lit. a GDPR) or, for the purpose of contractual performance (Art. 6, para. 1, lit. b GDPR), if the guest card is part of service provisioning as specified in the accommodation agreement.
You may revoke your consent at any time by notifying the accommodation provider verbally or by sending an email to the following address: firstname.lastname@example.org.
5.4.5 Guest card system administration
The guest card system is managed by the local tourism association. Other parties involved are the local tourist accommodation establishments and local companies (service providers).
Data that is processed for guest cards is deleted after forty-eight (48) months.
5.4.6 Data recipients
Data processed for guest card purposes is forwarded to the local tourism association to facilitate the billing of service providers and/or tourist accommodation establishments.
Individual service providers, who honor the guest card and offer discounted services, also receive this data when you use services provided by these establishments that are offered through the guest card.
To claim discounts, you must present the card containing this data to the service provider. The establishment then checks if the card is (still) valid, usually by scanning the barcode on the guest card and then by transferring the barcode data to our IT processor. At this time, personal data is also transfered to the establishment, in particular, data about your identity (to verify identity and date of birth).
If the guest card is a carbon copy of the registration form, the establishment verifies its validity by means of the carbon copy of the registration form.
a. Guest directory
The guest directory is managed electronically by the responsible person, whereby the data is forwarded to zadego GmbH. In this case, zadego GmbH acts as a processor, as it stores the data on your servers. A transfer to a third country is not without prior information to those affected.
6. SSL encryption
This site uses SSL encryption for security reasons and to protect the transmission of sensitive content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by changing the address line of the browser from "http: //" to "https: //" and the lock symbol in your browser line.
If SSL encryption is enabled, the data you submit to us can not be read by third parties.
The responsible person has integrated the component Google Analytics (with anonymization function) on this website. Google Analytics is a web analytics service. Web analysis is the survey, collection and analysis of data about the behaviour of visitors to websites. Among other things, a web analysis service collects data on which website an affected person has come to a website (so-called referrers), which subpages of the website were accessed or how often and for which length of stay a subpage was viewed.
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
The responsible person uses the addition "_gat._anonymizeIp" for the web analytics via Google Analytics. By means of this addendum, the IP address of the Internet access of the data subject will be shortened and anonymised by Google if the access to our website is from a Member State of the European Union or from another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile for us online reports showing the activities on our websites, and to provide other services related to the use of our website.
Google Analytics uses a cookie on the information technology system of the person concerned. What cookies are, has already been explained above. By using this cookie Google is enabled to analyze the usage of our website. Each time one of the pages of this website is accessed by the controller and a Google Analytics component has been integrated, the Internet browser on the information technology system of the person concerned is automatically initiated by the respective Google Analytics component to submit data to Google for online analysis purposes. As part of this technical process, Google will be aware of personal data, such as the IP address of the person concerned, which serve, among other things, Google to track the origin of the visitors and clicks, and subsequently make commission settlements possible.
The cookie stores personally identifiable information, such as access time, the location from which access was made, and the frequency of site visits by the data subject. Each time you visit our website, your personal information, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may transfer such personal data collected through the technical process to third parties.
The affected person can prevent the setting of cookies through our website, as shown above, at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs. Furthermore, the data subject has the option of objecting to and preventing the collection of the data generated by Google Analytics for the use of this website and the processing of this data by Google. To do this, the person must download and install a browser add-on at https://tools.google.com/dlpage/gaoptout.
9. Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- browser type and browser version
- used operating system
- referrer URL
- host name of the accessing computer
- time of the server request
These data cannot be assigned to specific persons. A merge of this data with other data sources will not be done. We reserve the right to check this data retrospectively, if we become aware of specific indications for illegal use.
10. Failure of automated decision-making
As a responsible company we refrain from automatic decision-making or profiling.
11. Note on Online Dispute Resolution
Online dispute resolution pursuant to Art. 14 (1) Regulation on consumer ODR: The European Commission provides a platform for online dispute resolution (OS), which can be found at http://ec.europa.eu/consumers/odr/.
12. Contradiction advertising mails
The use of published in the context of the imprint obligation contact information for sending unsolicited advertising and information materials is hereby rejected. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example through spam e-mails.
14. How to contact us