1. An overview of data protection
2019-V1.1 from June 25.06.2019, XNUMX
The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data is all data with which you can be personally identified. Detailed information on the subject of data protection can be found in our data protection declaration listed under this text.
Data collection on our website
Who is the responsible party for the recording of data on this website (i.e., the “controller”)?
The data processing on this website is carried out by the website operator. You can find their contact details in the imprint of this website.
How do we record your data?
On the one hand, your data is collected when you communicate it to us. This can, for example, be data that you enter in a contact form.
Other data is automatically recorded by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of the page call). This data is collected automatically as soon as you enter our website.
What are the purposes we use your data for?
A portion of the information is generated to guarantee the error free provision of the website. Other data may be used to analyze your user patterns.
What rights do you have as far as your information is concerned?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking or deletion of this data. You can contact us at any time at the address given in the imprint if you have any further questions on the subject of data protection. You also have the right to lodge a complaint with the competent supervisory authority.
2. General information and mandatory information
Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected.
But please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third parties cannot be entirely guaranteed.
Information about the responsible party (referred to as the “controller” in the GDPR)
The data processing controller on this website is:
Hotel Goldener Stern Abtenau
The Wageneder family
A-5441 Abtenau - Market 29
Telephone: 0043 (0) 6243 / 2240-0
The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).
Revocation of your consent to the processing of data
Many data processing operations are only possible with your express consent. You can revoke consent that you have already given at any time. An informal message by e-mail to us is sufficient. The legality of the data processing that took place up until the revocation remains unaffected by the revocation.
Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)
If the data is processed on the basis of Article 6 Paragraph 1 Letter e or f GDPR, you have the right at any time to object to the processing of your personal data for reasons that arise from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims ( Objection according to Art. 21 Para. 1 GDPR).
If your personal data is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object, your personal data will then no longer be used for direct advertising purposes (objection according to Art. 21 Para. 2 GDPR).
Right to log a complaint with the competent supervisory agency
In the event of violations of the GDPR, the data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation.
You have the right to complain about the processing of personal data by us at a data protection supervisory authority.
For Austria this is the
Austrian Data Protection Authority
1080 Vienna / Austria
Phone: +43 1 521 52-25 69
The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.
SSL and/or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses an SSL or. TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Encrypted payment transactions on this website
If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.
Payment transactions using common modes of paying (Visa/MasterCard, debit to your bank account) are processed exclusively via encrypted SSL or TLS connections. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.
If the communication with us is encrypted, third parties will not be able to read the payment information you share with us.
Information, blocking, deletion and correction
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data at any time. You can contact us at any time at the address given in the imprint if you have any further questions on the subject of personal data.
Right to demand processing restrictions
You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:
If you deny the accuracy of your personal information stored with us, we usually need time to verify this. For the duration of the audit you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data is unlawful, you may request the restriction of data processing instead of deletion.
If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data instead of demanding the eradication of this data.
If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its eradication.
If you have restricted the processing of your personal data, these data may be - except for their storage - only with your consent or for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest the European Union or a Member State.
Opposition to advertising emails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.
3. Data Protection Officer
Statutory data protection officer
We have appointed a data protection officer for our company.
Project 29 GmbH & Co. KG
Phone: + 49 941 / 698 778 24
4. Data collection on our website
Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
Cookies that are required to carry out the electronic communication process or to provide certain functions you want (e.g. shopping cart function) are stored on the basis of Article 6 Paragraph 1 Letter f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies for analyzing your surfing behaviour) are stored, these are treated separately in this data protection declaration.
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:
The type and version of browser used
The used operating system
The hostname of the accessing computer
The time of the server inquiry
The IP address
This data is not merged with other data sources.
This data is recorded on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.
If you submit inquiries to us via our contact form, the information provided in the contact form as well as any contact information provided therein will be stored by us in order to handle your inquiry and in the event that we have further questions. We will not share this information without your consent.
The processing of the data entered in the contact form is therefore exclusively based on your consent (Article 6 (1) (a) GDPR). You can revoke this consent at any time. An informal message by e-mail to us is sufficient. The legality of the data processing operations that took place up until the revocation remains unaffected by the revocation.
The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.
Processing of data (customer and contract data)
We collect, process and use personal data only insofar as they are necessary for the establishment, content or change of the legal relationship (inventory data). This is based on Article 6 Paragraph 1 Letter b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures. We collect, process and use personal data about the use of our website (usage data) only to the extent necessary to enable the user to use the service or to bill the user.
Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Data transfer upon closing of contracts for services and digital content
We share personal data with third parties only if this is necessary in conjunction with the handling of the contract; for instance, with the financial institution tasked with the processing of payments.
Any further transfer of data shall not occur or shall only occur if you have expressly consented to the transfer. Any sharing of your data with third parties in the absence of your express consent, for instance for advertising purposes, shall not occur.
The basis for the processing of data is Art. 6(1)(b) GDPR, which permits the processing of data for the fulfilment of a contract or for pre-contractual actions.
5. Social Media
Social media plugins
On our pages plugins are used by social media (eg Facebook, Twitter, Google+, Instagram, Pinterest, XING, LinkedIn, Tumblr).
You can usually recognize the plugins by their respective social media logos.
The activation of the plugin constitutes a consent within the meaning of Art. 6 para. 1 lit. a DSGVO. You can revoke this consent at any time with effect for the future.
Facebook plugins (Like & Share button)
Plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our pages. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our website. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/.
When you visit our website, the plug-in establishes a direct connection between your browser and the Facebook server. As a result, Facebook receives the information that you have visited our site with your IP address. If you click the Facebook “Like” button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This enables Facebook to assign your visit to our website to your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or their use by Facebook. You can find more information on this in Facebook's data protection declaration at: https://www.facebook.com/privacy/explanation.
Wenn Sie nicht wünschen, dass Facebook den Besuch unserer Seiten Ihrem Facebook-Nutzerkonto zuordnen kann, loggen Sie sich bitte aus Ihrem Facebook-Benutzerkonto aus.
The use of Facebook plugins is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the widest possible visibility in the social media.
Functions of the Twitter service are integrated on our sites. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Retweet” function, the websites you visit are linked to your Twitter account and made known to other users. This data is also transmitted to Twitter. We would like to point out that, as the provider of the website, we have no knowledge of the content of the data transmitted or of how it is used by Twitter. You can find more information on this in Twitter's data protection declaration at: https://twitter.com/privacy.
The use of the Twitter plugin is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the widest possible visibility in the social media.
You can change your data protection settings on Twitter in the account settings at https://twitter.com/account/settings.
Functions of the service Instagram are integrated on our sides. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, United States.
If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We point out that we as the provider of the pages do not receive knowledge of the content of the transmitted data and their use by Instagram.
The use of the Instagram plugin is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the widest possible visibility in the social media.
Our website uses features of the LinkedIn network. Provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time you visit one of our pages that contains LinkedIn functions, a connection to the LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our website to you and your user account. We would like to point out that, as the provider of the website, we have no knowledge of the content of the data transmitted or of how it is used by LinkedIn.
The use of the LinkedIn plug-in is based on Art. 6 Para. 1 lit.f GDPR. The website operator has a legitimate interest in the widest possible visibility in social media.
You can find more information on this in LinkedIn's data protection declaration at: https://www.linkedin.com/legal/privacy-policy.
On our site, we use social plugins from the Pinterest social network operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA94103-490, USA ("Pinterest").
If you call up a page that contains such a plugin, your browser establishes a direct connection to the Pinterest servers. The plugin transmits log data to the Pinterest server in the USA. This log data may include your IP address, the address of the websites visited that also contain Pinterest functions, the type and settings of the browser, the date and time of the request, how you use Pinterest and cookies.
The use of the Pinterest plugin is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the widest possible visibility in the social media.
6. Analysis tools and advertising
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
The storage of Google Analytics cookies and the use of this analysis tool are based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: https://tools.google.com/dlpage/gaoptout?hl=de.
Objection to data collection
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site:
Disable Google Analytics.
You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out, however, that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: http://tools.google.com/dlpage/gaoptout?hl=de
Demographic data collection by Google Analytics
This website uses Google Analytics' demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section "Refusal of data collection".
If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter . Further data is not collected or only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter. The data processed before we receive your request may still be legally processed.
The data you have stored with us for the purpose of acquiring the newsletter will be saved by us from the newsletter until your cancellation and will be deleted after unsubscribing the newsletter. Data stored for other purposes with us remain unaffected.
8. Plug-ins and Tools
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
Furthermore, Youtube can store various cookies on your device. With the help of these cookies, Youtube can receive information about visitors to our website. This information is used, among other things, to capture video statistics, improve user-friendliness, and prevent fraud. The cookies remain on your device until you delete them.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
Further information on handling user data can be found in YouTube's data protection declaration at: https://www.google.de/intl/de/policies/privacy.
Google Web Fonts
This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display text and fonts correctly.
For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that our website was accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offering. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR.
If your browser does not support web fonts, a standard font will be used by your computer.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's data protection declaration: https://www.google.com/policies/privacy/.
This site uses the Google Maps map service via an API. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
You can find more information on handling user data in Google's data protection declaration: https://www.google.de/intl/de/policies/privacy/.
Our social media presence
Data processing through social networks
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, Google+ etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presence triggers numerous data protection-related processing operations. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way, you can see interest-based advertising in and out of your social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or logged in.
Our social media presence is intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases that must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 Para. 1 lit. a GDPR).
Responsible and asserting rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can exercise your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against. us as well as the operator of the respective social media portal (e.g. against Facebook).
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
Duration of storage
The data collected directly from us via the social media presence will be deleted from our systems as soon as the purpose for their storage is removed, you ask us to delete it, you revoke your consent for storage or the purpose for the data storage is dropped. Saved cookies remain on your device until you delete them. Mandatory legal provisions - especially retention periods - remain unaffected.
Social networks in detail
We have a profile on Facebook. Provider is the Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US Privacy Shield.
We have concluded an agreement with Facebook on joint processing (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement under the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.