The processing of personal data is only lawful if there is a legal basis for the processing. The legal basis for the processing may be in accordance with Article 6(1)

lit. a – f GDPR in particular:

a. The data subject has given his or her consent to the processing of personal data concerning him or her for one or more specific purposes;

b. the processing is necessary for the performance of a contract to which the data subject is a party or to take steps taken at the request of the data subject prior to entering into a contract;

c. the processing is necessary for compliance with a legal obligation to which the controller is subject;

d. the processing is necessary to protect the vital interests of the data subject or of another natural person;

e. the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;

f. the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

(1) In the following, we provide information about the collection of personal data when using our website. Personal data is e.g. name, address, e-mail addresses, user behaviour.

(2) If you contact us by e-mail or via a contact form, the data provided by you (your e-mail address, if applicable. Your name and phone number) will be stored by us to answer your questions. We delete the data generated in this context after storage is no longer necessary, or processing is restricted if there are statutory retention obligations.

Collection of personal data when you visit our website

If you use the website for informational purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

– IP address

– Date and time of the request

– Time zone difference to Greenwich Mean Time (GMT)

– Content of the request (concrete page)

– Access status/HTTP status code

– Amount of data transferred in each case

– Website from which the request comes

– Browser

– Operating system and its interface

– Language and version of the browser software.

Use of cookies

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and the corresponding consents, we use the consent tool “Real Cookie Banner”. For details on how Real Cookie Banner works, see https://devowl.io/de/rcb/datenverarbeitung/.

The legal basis for the processing of personal data in this context is Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR. Our legitimate interest is to manage the cookies and similar technologies used and the consents in this regard.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.

 

Other features and offers of our website

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do this, you will usually have to provide additional personal data that we use to provide the respective service and to which the aforementioned data processing principles apply.

(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.

(3) Furthermore, we may pass on your personal data to third parties if we offer participation in promotions, competitions, contracts or similar services together with partners. You will receive more information on this by providing your personal data or in the description of the offer below.

(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.

Newsletters

(1) With your consent, you can subscribe to our newsletter, which we use to inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.

(2) To register for our newsletter, we use the so-called double opt-in procedure. This means that after you have registered, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

(3) The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will store your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in each newsletter e-mail, by e-mail to hotel@alpenhof-oberaudorf.de or by sending a message to the contact details given in the imprint.

(5) We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent single-pixel image files that are stored on our website. For the evaluations, we link the data mentioned in § 3 and the web beacons with your e-mail address and an individual ID. The data is collected exclusively in pseudonymized form, so the IDs are not linked to your other personal data, and direct personal reference is excluded. You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us via another contact channel. The information will be stored for as long as you have subscribed to the newsletter. After a deregistration, we store the data purely statistically and anonymously.

Children

Our offer is basically aimed at adults. Persons under the age of 18 should not submit any personal data to us without the consent of their parents or guardians.

(1) Revocation of consent

If the processing of personal data is based on consent given, you have the right to withdraw consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent before the revocation.

To exercise the right of withdrawal, you can contact us at any time.

(2) Right to confirmation

You have the right to request confirmation from the controller as to whether we are processing personal data concerning you. You can request confirmation at any time using the contact details above.

(3) Right to information

If personal data is processed, you can request access to this personal data and the following information at any time:

a. the purposes of processing;

b. the categories of personal data that are processed;

c. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;

d. if possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;

e. the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the Controller or a right to object to such processing;

f. the existence of a right of appeal to a supervisory authority;

g. if the personal data is not collected from the data subject, all available information about the origin of the data;

h. the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved, as well as the scope and intended effects of such processing for the data subject.

If personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards in accordance with Article 46 of the GDPR in connection with the transfer. We provide a copy of the personal data that is the subject of the processing. For any further copies that you personally request, we may charge a reasonable fee based on administrative costs. If you submit the application electronically, the information must be provided in a commonly used electronic format, unless the applicant states otherwise. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of other persons.

(4) Right to rectification

You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

(5) Right to erasure (“right to be forgotten”)

You have the right to obtain from the controller that personal data concerning you be erased without undue delay and we are obliged to erase personal data without undue delay if one of the following grounds applies:

a. The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.

b. The data subject withdraws his/her consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal basis for the processing.

c. The data subject objects to the processing in accordance with Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in accordance with Article 21(2) of the GDPR.

d. The personal data has been processed unlawfully.

e. The erasure of the personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.

f. The personal data was collected in relation to the information society services offered in accordance with Article 8(1) of the GDPR.

If the controller has made the personal data public and is obliged to delete them in accordance with paragraph 1, it shall take appropriate measures, including technical measures, taking into account the available technology and the costs of implementation, to inform data controllers processing the personal data that a data subject of theirs requests the deletion of all links to such personal data or copies of them. or replication of such personal data.

The right to erasure (“right to be forgotten”) does not exist if the processing is necessary:

– to exercise the right to freedom of expression and information;

– to comply with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;

– for reasons of public interest in the field of public health, in accordance with Article 9(2)(h) and (i) and Article 9(3) of the GDPR;

– for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, to the extent that the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the purposes of such processing, or

– to assert, exercise or defend legal claims.

(6) Right to restriction of processing

You have the right to ask us to restrict the processing of your personal data if one of the following conditions applies:

a. the accuracy of the personal data is contested by the data subject, for a period of time enabling the controller to verify the accuracy of the personal data,

b. the processing is unlawful and the data subject opposes the erasure of the personal data and instead requests the restriction of the use of the personal data;

c. the controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the establishment, exercise or defence of legal claims, or

d. the data subject has objected to the processing in accordance with Article 21 (1) GDPR, as long as it has not yet been determined whether the legitimate reasons of the controller outweigh those of the data subject.

Where processing has been restricted in accordance with the above conditions, such personal data will only be processed with the consent of the data subject, apart from their storage, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

To exercise the right to restriction of processing, the data subject may contact us at any time using the contact details provided above.

(7) Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit such data to another controller without hindrance from the controller to whom the personal data has been provided, provided that:

a. the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) of the GDPR, and

b. the processing is carried out by automated means.

When exercising the right to data portability under paragraph 1, you have the right to request that the personal data be transferred directly from one controller to another controller, to the extent technically feasible. The exercise of the right to data portability does not affect the right to erasure (“right to be forgotten”). This right does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

(8) Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. The controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to establish, exercise or defend legal claims.

If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is related to such direct advertising. If you object to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

In connection with the use of information society services, you can exercise your right to object by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1), unless the processing is necessary for the performance of a task carried out in the public interest.

You can exercise the right to object at any time by contacting the respective controller.

(9) Automated decisions in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

a. is necessary for the conclusion or performance of a contract between the data subject and the controller,

b. is permitted by Union or Member State law to which the controller is subject, and that legislation contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, or

c. with the express consent of the data subject.

The Controller shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person from the Controller, to express one’s point of view and to challenge the decision.

The data subject may exercise this right at any time by contacting the relevant data controller.

(10) Right to lodge a complaint with a supervisory authority

They also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy, if the data subject considers that the processing of personal data concerning him or her infringes this Regulation.

(11) Right to an effective judicial remedy

Without prejudice to any available administrative or extrajudicial remedy, including the right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR, they have the right to an effective judicial remedy if they consider that their rights under this Regulation have been infringed as a result of the processing of their personal data that is not in accordance with this Regulation.

(1) This website uses the web analysis service Matomo to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. The legal basis for the use of Matomo is Art. 6 para. 1 sentence 1 lit. f GDPR.

(2) Cookies are stored on your computer for this evaluation. The Controller stores the information collected in this way exclusively on its server in [Germany]. You can set the evaluation by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we would like to point out that you may not be able to use this website to its full extent. The prevention of the storage of cookies is possible by the setting in your browser. Preventing the use of Matomo is possible by unchecking the following box and thus activating the opt-out plug-in: [Matomo iFrame].

(3) This website uses Matomo with the extension “AnonymizeIP”. As a result, IP addresses are further processed in an abbreviated form, so that a direct reference to a person can be ruled out. The IP address transmitted by your browser via Matomo will not be merged with other data collected by us.

(4) The program Matomo is an open source project. Information from the third-party provider on data protection can be found at https://matomo.org/privacy-policy/.

(1) We currently use the following social media plug-ins: Facebook

We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the mark on the box by its first letter or logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it, the plug-in provider will receive the information that you have called up the corresponding website of our online offer. In addition, the data referred to in § 3 of this declaration will be transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (in the case of US providers in the USA). Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via the security settings of your browser before clicking on the greyed out box.

(2) We have no influence on the data collected and data processing processes, nor are we aware of the full scope of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.

(3) The plug-in provider stores the data collected about you as usage profiles and uses them for the purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the purpose of displaying needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this. Through the plug-ins, we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 sentence 1 lit. f GDPR.

(4) Data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the Plug-in Provider, the data you collect with us will be directly assigned to your existing account with the Plug-in Provider. If you press the activated button and, for example, link to the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will prevent you from being assigned to your profile with the plug-in provider.

(5) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers provided below. There you will also find further information about your rights in this regard and setting options to protect your privacy.

(6) Addresses of the respective plug-in providers and URL with their data protection notices:

a. Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; Further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(1) On this website we use the offer of Google Maps. This allows us to show you interactive maps directly on the website and allows you to use the map function comfortably.

(2) By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data referred to in § 3 of this declaration will be transmitted. This is done regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not want to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses it for the purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) for the purpose of providing needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this.

(3) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s data protection declarations. There you will also find further information about your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

We use external service providers (processors), e.g. for the dispatch of goods, newsletters or payment processing. A separate commissioned data processing agreement has been concluded with the service provider in order to ensure the protection of your personal data.

We work with the following service providers:

Seekda / Kognitiv, Seekda GmbH, Neubaugasse 10/15, 1070 Vienna, Austria

Silberleithen GmbH, Silberleithen 4, 6633 Biberwier, Austria