Privacy policy

1. basics

The protection of your personal data is of particular concern to us. We process your data on the basis of the statutory provisions (GDPR, TKG 2021). With this data protection information, we inform you about the type, scope and purpose of the collection and processing of your personal data by our company.

The controller responsible for data processing is

Schloss Haindorf Hotelbetriebs GmbH

Krumpöck-Allee 21
A-3550 Langenlois

2. purposes of data processing

This data protection information relates to all processing operations that are essential for you as an interested party, customer, website visitor, newsletter subscriber and applicant.

The purposes for which we process your personal data can be summarized as follows:

• our business activities (hotel and restaurant operations)
• Voucher purchase
• Newsletter
• Contact form on the website and other inquiries (e.g. by e-mail)
• Applications
• Cookies and website tracking
• Social Media

3. business activity (hotel and restaurant operations)

We process your personal data in connection with your interest in or use of our services, namely

• Your master data (e.g. surname, first name, home address, e-mail address, telephone number, date of birth, gender, country of origin, allergies and intolerances)
• Data from submitted travel documents, e.g. passport, identity card or driver’s license (e.g. type of document, document number, date of issue, issuing authority, duration, nationality, other passport data),
• Data on the payment method and other data associated with the payment (e.g. payment method, payment amount, card number, cardholder),
• Data relating to your booking or requested service (e.g. date of booked or requested arrival and departure, your booked or requested rooms, your language, your vehicle registration number (to determine parking authorization), number of persons),
• other data provided or requested by you in connection with your booking or requested service (e.g. data of fellow travelers (if you provide us with such data), data on destinations, contact persons, conditions, special services, frequent flyer number, personal preferences, tourist guides, gastronomy, rental vehicles, transfers, registration processing, insurance, events, tours, accreditations, vouchers, billing and its verification (B2B, B2C, FIT), ticket booking.

We may also receive personal data from sources other than directly from the data subject. This is the case, for example, if a person making a booking, a travel agency or a booking platform provides us with this data. In this case, we assume that the person for whom the booking was made already has the information about the data processing in our company (due to the forwarding of the information by the person making the booking) or that the cost of providing the information separately is disproportionately high.

We base the processing of the above-mentioned data on the following legal bases:

• the necessity of the respective processing for the fulfillment of the contract or for the implementation of pre-contractual measures (Art 6 para 1 lit b GDPR),
• Your consent, if you have given us such consent (Art. 6 para. 1 lit. a GDPR),
• the fulfillment of legal obligations (e.g. according to accounting, tax and customs law, contracts, reporting, etc.) to which we are subject (Art 6 para 1 lit c GDPR),
• the protection of our overriding legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR (e.g. the improvement of our customer service or the protection of our own legal interests, etc.).

The following applies to the storage period of your data:

If there are statutory retention obligations or other legal obligations to retain data, we will store your data in accordance with these obligations. We store accounting data (“books and records” and associated documents as defined in Section 132 of the Federal Fiscal Code) or data that must be included in the guest register (Section 10 of the Registration Act) for a period of approximately 7 years.

If processing is based on your consent, we will store the data in accordance with the consent given, but for no longer than 3 years after the last contact with you.

We store data from interested parties or inquiring persons (e.g. by e-mail or via our contact form) that do not lead to bookings for a maximum period of 3 years after the last contact.

All other data will be deleted by us after 3 years at the latest.

If, after expiry of these periods, further storage is necessary for the assertion, exercise or defense of legal claims (e.g. in the context of legal proceedings), we will continue to store the data until the legally binding conclusion.

4th voucher purchase

If you purchase vouchers via our website, we process the personal data you provide (e.g. name, address, e-mail address, payment data) in order to process your order and issue the voucher.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR (contract fulfillment and initiation). We cannot process your order without this data.

Your payment data will be forwarded directly to the payment service provider we use (payone). This data is processed in accordance with the data protection provisions of the respective payment service provider. Please note the data protection information of the payment provider you have chosen.

If the voucher is sent by post, we will pass on your address details to the respective shipping service provider.

We store the data relevant to the purchase and processing of the voucher in accordance with the statutory retention obligations (e.g. tax and commercial law) for a period of 7 years.

5th Newsletter

You have the option of subscribing to our newsletter. To subscribe to the newsletter, please provide us with your first and last name and your e-mail address.

The electronic registration for the newsletter only becomes effective when you confirm a registration link that you receive by e-mail. This serves to verify that you have completed the registration. Data processing in connection with our newsletter is carried out exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR).

You have the option to revoke this consent at any time (see section “Data subject rights”). You will also find all the information you need to simply unsubscribe from the newsletter in each individual newsletter that you receive from us. The lawfulness of the processing of the data up to the time of revocation or unsubscription is not affected by a revocation.

We generally store data in connection with our newsletter until consent is withdrawn or this data is deleted at the latest 3 years after the last contact.

6. contact form on the website and other inquiries (e.g. by e-mail)

You can send us inquiries about our services or general inquiries via the contact form on our website or by email. Such inquiries may also be sent to us by third parties (e.g. from a booking platform).

We will process the contact details and other data provided by you in order to process your request. The legal basis for this processing is either Article 6(1)(b) GDPR (contract initiation, contract fulfillment) or Article 6(1)(f) GDPR (our overriding legitimate interests in smooth communication and documentation for general inquiries).

We store this data for a maximum period of 3 years after the last contact, although the storage period may be longer if the question leads to the conclusion of a contract (see section: “Business activities (hotel operations)”).

7. applications

You can send us your application documents by e-mail or other means (e.g. by post).

The personal data provided by you (e.g. contact details, CV, references, other information in connection with the application) will be processed by us exclusively for the purpose of processing your application and as part of the application process. The legal basis for this processing is Art. 6 para. 1 lit. b GDPR (contract initiation) or Art. 6 para. 1 lit. f GDPR (our overriding legitimate interests in the efficient and careful processing of applications).

Your application data will generally be stored by us for up to six months after completion of the application process. If your application leads to an employment relationship, your data will be further processed in the context of the employment relationship (see section: “Business activities”). Your data may be stored for longer if you have expressly consented to this (Art. 6 para. 1 lit. a GDPR), e.g. for inclusion in our applicant pool.

8. cookies and website tracking

When you visit our website, you will be asked whether you allow the use of cookies. Cookies are small text elements that are used to store information in web browsers. We use cookies to ensure the functionality of our website, to make it user-friendly and to improve IT security.

You can prevent the storage of cookies by selecting the appropriate settings in your browser or subsequently delete cookies via your browser if they have already been set. However, we would like to point out that actively deactivating such cookies may impair the functionality of our website and it may not be possible to use all the functions of our website (e.g. recognition of data entered in the event of a crash, pre-filled forms stored in your browser, calling up images or videos).

We have to use technically necessary or functional cookies to make our website usable for you. The legal basis for the setting of technically necessary cookies is our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR, namely to ensure the operability of our website and IT security.

We only use cookies that are not technically necessary if you have given us your prior consent (Art. 6 (1) (a) GDPR). These are, for example, cookies that recognize you the next time you visit our website and are stored on your end device. The information recognized and stored by cookies is also used to analyze your usage behavior. They help us to improve our website and determine which areas of our website are visited by which users and receive the most attention. This enables us to improve our website and present content that is as interesting as possible for our target groups.

9. social media

Facebook
The social network facebook.com is operated by Meta Platforms Inc (formerly Facebook Inc), 1601 S. California Ave, Palo Alto, CA 94304, USA and is used for user interaction. The controller under data protection law for users in the EU is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (both: “Facebook”). When you visit our Facebook profile and the Facebook website, their privacy policy applies.

The purpose of the data collection and processing of the data and its use by Facebook, as well as the types of data (scope of the data) can be found in the data protection information published by Facebook itself; see: http://www.facebook.com/policy.php. In the interests of the best possible transparency, we summarize the key points for the user:

The data collected in this way is used to analyze user behavior and to provide, select, evaluate and understand the advertisements that Facebook provides on and outside of Facebook (this also includes advertisements that are provided by Facebook subsidiaries or on their behalf) and to compile statistics about users. Facebook also uses the data available to it to improve its advertising and measurement systems so that Facebook can display relevant ads to users on and off Facebook services and measure the effectiveness and reach of ads and services. If the user is registered with Facebook, Facebook is able to use the collected data to provide the user with services, personalize content for the user and provide the user with links and suggestions that may be of interest to the user. Finally, the collected data is used to send the user marketing communications, to communicate with the user about its services and to inform the user about Facebook’s guidelines and conditions.

If the user has a Facebook account and visits Facebook, they have given their consent for their information to be collected, transferred, stored, disclosed and used in accordance with Facebook’s privacy policy (https://www.facebook.com/about/privacy). The user can change the privacy settings of their Facebook account in the account settings.

Further information on Facebook and the GDPR can be found at https://www.facebook.com/business/gdpr#Facebook-als-Datenverantwortlicher-vs.-Auftragsverarbeiter.

Instagram
Instagram is part of Meta Platforms Inc (formerly Facebook Inc), 1601 S. California Ave, Palo Alto, CA 94304, USA. The data controller for users in the EU is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. When you visit our Instagram profile and the Instagram website, their privacy policy applies.

The purpose of data collection and processing and the use of the data by Instagram or Facebook, as well as the types of data (scope of the data) can be found in the data protection information published by Instagram itself; see: https://help.instagram.com/519522125107875. The information provided above for Facebook also applies analogously to Instagram.

If the data subject follows the link to Instagram, data will be processed, collected, transmitted, stored, disclosed and used in accordance with Instagram’s privacy policy. Furthermore, cookies may be stored on the data subject’s device when visiting the Instagram website. The Facebook cookie policy applies here: https://www.facebook.com/policies/cookies. If the data subject is the owner of an Instagram account, the information transmitted by Instagram or Facebook can be linked to this account.

10. categories of recipients / transfer to third countries

Your personal data will be transmitted by us to the following recipients or categories of recipients:

• Processors engaged by us: IT service provider, hosting provider and marketing agency.

All contracted processors are contractually obliged to comply with the provisions of the General Data Protection Regulation (GDPR). They process your data exclusively on our instructions and take appropriate technical and organizational measures to ensure that your personal data is protected.

11. rights of data subjects / objection / contact

As a data subject within the meaning of the GDPR, you have the right to information, rectification, erasure, restriction and data portability, in each case within the framework of the statutory provisions.

If you have given us your consent to process your data, you have the right to withdraw this consent at any time. This does not affect the lawfulness of the processing of the data up to the point of withdrawal. If you withdraw your consent, we will no longer process your data for the purposes stated above or for the purposes stated in the consent.

To exercise your rights, please contact:

Schloss Haindorf Hotelbetriebs GmbH

Krumpöck-Allee 21

3550 Langenlois

Tel. +43 2734 2693

Mail office@haindorf.at

With regard to the processing of your data by us, you can also lodge a complaint with a supervisory authority at any time. In Austria, this is the Austrian Data Protection Authority(www.dsb.gv.at).