1. General information on how we process your personal data
Data Controller within the meaning of the GDPR:
Burg-Vital-Hotel GmbH & Co KG
6764 Lech am Arlberg
Tel. +43 5583 3140
Welcome to our website and thank you for your interest in our hotel. We are serious about protecting your personal data. We strictly comply with the statutory provisions of the EU General Data Protection Regulation and the Austrian Data Protection Act as amended. Below, we would like to give you comprehensive, easy-to-understand information about how we as data controller process your personal data. Our data protection policy is kept up-to-date and thus refers to the current legal situation. That is why we expressly reserve the right to change or adapt it in the future. We therefore recommend that you read the privacy notice on a regular basis to stay informed about how we process your personal data. If you have questions or suggestions, please contact us at the address given below.
Processing and transmission of personal data
The term “processing” encompasses any kind of operation of personal data, e.g. its collection, recording, organization, storage, adaptation, retrieval, disclosure, erasure, etc. up to its final destruction. If you make personal data available to our hotel outside of a contract, we process this data for the purpose that we indicated at the moment of its collection. As a general rule, we will ask for your consent in such a case, e.g. when you subscribe to our newsletter. Transmission of your data will then only be effectuated within the limits of your consent. In certain other cases, processing of your data can be justified by a legal obligation or by our legitimate interests. Whenever possible, we will inform you about such instances in advance. If you enter into a contract with us, e.g. an accommodation agreement, we will process and transmit your personal data only to the extent that is necessary for the performance of the contract. For example, it can be necessary to transmit your data to a mail service provider if you wish to receive your booking documents by postal mail.
Deletion of personal data processed by us
We will delete your personal data as soon as there is no further legal basis to process or store it. To ensure this, we have put in place regular deletion mechanisms. Additionally, you have the right to request erasure of your data at any time (see paragraph below). If there is a legal obligation to store your data (e.g. retention periods prescribed by tax law), we will erase the data concerned upon expiry of the applicable retention period.
Rights of the data subject / Your rights regarding the protection of your personal data
You have a number of rights regarding your personal data processed by us. You may exercise all of them by contacting us via e-mail, phone or postal mail at the address given below, free of charge and without any form requirement. Please note that we might have to verify your identity. Your rights in detail:
- Right of access: You may demand information about your personal data processed by us at any time. If you do so, we will inform you in writing about which categories of personal data we store about you, the purposes of the data processing, the categories of recipients to which it is transmitted, and how long we intend to store it. We will respond to your request without undue delay, within one month at the latest.
- Right to erasure: You may demand the erasure of your personal at any time. We will comply with this request if we no longer need the data for the purpose for which it was collected, if you withdraw a consent previously given consent, if the data processing is illegal or if we must erase your data to comply with a statutory obligation.
- Right to rectification: If we erroneously process incorrect or incomplete data about you, we will obviously rectify it. Please inform us about such an incidence and we will comply with your request as soon as possible.
- Right to restriction of processing: Under certain circumstances, e.g. if your data has previously been processed unlawfully but you do not want it to be erased, we will at your request store, but not further process your personal data.
- Right to data portability: You have the right to receive, in a commonly used and machine-readable format, your personal data that you have previously provided to us based on a contract or on your consent. You can use this copy for your own purposes and forward it to future contracting partners. We will also directly transmit your data to an addressee named by you, provided that you wish this to be done and it is technically feasible. In this case, we will inform you once the transmission has been completed successfully. We will comply with your request without undue delay, within one month at the latest.
- Right to object: Under certain conditions, you are entitled to object to the further processing of your data, e.g. when we process your personal data on the basis of our legitimate interests for the purpose of direct marketing. In this case, we will cease to process your personal data for the purposes concerned.
Right to complain
The EU General Data Protection Regulation and the Austrian Data Protection Act guarantee the aforementioned rights in the area of data privacy. If you believe our company has breached data protection law, you may lodge a complaint with a data protection supervisory authority. In Austria, the Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, is competent to handle these complaints. You might also be entitled to claim damages based on other legal provisions.
2. Specific information regarding data processing on our website:
Provision of the website
Our system records data and information about the computer used by the user automatically and with every visit on our website. The following data are collected:
- Type and version of internet browser used to access the website
- Operating system
- Referrer URL
- IP address
- Date and time of each access
- Web page from which the user was redirected to our page
The data mentioned above are saved for a maximum time period of 30 days. This storing is done due to security reasons to ensure the stability and integrity of our systems.
Collection of personal data on our website / contacting us via e-mail
If you visit our website, we only collect data that does not enable us to directly retrace your identity and we only use this pseudonymized data to understand and improve our website’s performance (concerning web analysis, read more below).
We only collect non-pseudonymized personal data as long as you make it directly available to us, e.g. if you contact us via the e-mail-address that is indicated on our website. This data is only processed to handle your request and we will delete it as soon as the matter you contacted us for is resolved. In this connection, we would like to point out that due to the technical conception of e-mails, their confidentiality during transmission cannot be guaranteed.
Use of our online booking tool
The data that you make available to us via our online booking tool (date of your stay, room category, title, first and last name, company, telephone number, e-mail-address, residential address, credit card number, additional commentary) will be processed to complete your booking, to contact you in this regard and to prepare and organize your stay. By clicking on the “online booking”-button on our website, you will automatically be forwarded to our booking platform which is operated by Preferred Hotel Group Inc., 311 South Wacker Drive Suite, Suite 1900, Chicago, Illinois 60606, USA. Since this company’s place of business is located outside of the EEA, Burg Vital Hotel has entered into a Data Processing Agreement with Preferred Hotel Group Inc. which includes Standard Contractual Clauses for Data Transfers issued by the European Commission (cf. article 46 (2) lit. c GDPR; for reference, you can find the Standard Contractual Clauses here in all EU languages). We thereby ensure that the personal data indicated on the booking platform by future guests will only be processed in a way that guarantees an adequate level of data protection.
Conclusion of travel cancellation insurance policy
If during the booking process you decide on the conclusion of a travel cancellation insurance policy, we will also transmit your personal data to the insurance company (Europäische Reiseversicherung AG) to the extent necessary for the performance of the insurance contract. Concerning data processing on the basis of the insurance contract, Europäische Reiseversicherung AG is the sole controller of your personal data. Read more here.
Data security / SSL encryption
We take all necessary and adequate technical and organizational measures to protect your personal data from loss or abuse. Your data will be stored in a secure, state-of-the-art operating environment. The access to our site is secured via HTTPS if your browser supports SSL encryption. This means that all communication between your device and the web server will be encrypted and cannot easily be decrypted and read by unauthorized third parties.
The legal basis for the processing of data through cookies is art. 6 para. 1 lett. f GDPR.
Most of the cookies we use are so-called «session cookies» or temporary cookies. They are automatically deleted after the end of your website visit. Permanent cookies however remain in your internet browser according to your own specifications or until they are manually deleted.
In our cookies-note all cookies are listed, sorted according to function and explained in detail. You can adapt and individualise your settings and thus allow or reject only the necessary cookies or all cookies (incl. statistics, marketing, etc.).
This website uses Google Analytics, a web analytics service provided by Google, Inc. („Google“). Google Analytics uses so-called „cookies“, which are text files saved on your computer, to help analyse how users use the website. The information generated by the cookie concerning your use of this website including your IP address will normally be passed on to a Google server in the USA and saved there.
IP anonymisation on this website is activated, your IP address will be shortened by Google within the member states of the European Union or in other member states of the European Economic Area Treaty. Your full IP address will only be passed on to a Google server in the USA and shortened there in exceptional cases. Upon order of the website operator, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google will not associate your IP address with any other data held by Google as part of our use of Google Analytics.
Furthermore, you can avoid the transfer and tracking of data by cookies and data related to the use of the website (including your IP address) through Google by downloading and installing the following Browser-Plug-in http://tools.google.com/dlpage/gaoptout?hl=en.
On our website we use YouTube’s video embedding feature (YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA; „YouTube“). The feature enables us to show YouTube videos via an iFrame on our website. We activated the “extended data protection mode” on all videos embedded on our website which ensures that YouTube does not collect any information about users that do not watch the embedded videos. Please note that once you click on the video, information will be transmitted to and stored by YouTube. You can find more information about the collection and further processing of personal data by YouTube and about your rights and the possibilities to protect your privacy here.
On our website we use the Facebook Pixel service provided by Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, “Facebook”).
The code that is implemented on this site can analyze behavior of website users that have been directed to the website via an advertisement placed on Facebook. This feature also sets cookies. Facebook collects and stores this data and uses it to improve and optimize Facebook advertisements. We cannot access personal data collected by the Pixel feature.
By using the Facebook Pixel, your visit of our website will be registered by Facebook so that visitors will see advertisements that are relevant to them. If you own a Facebook account and are logged in, your visit of our site will be associated with your Facebook account.
Find out more about how Facebook Pixel is used for advertisement campaigns here: https://www.facebook.com/business/learn/facebook-ads-pixel
If you own a facebook account, you can change your settings concerning advertisements here: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Social Media Plug-Ins
We do not use any social media plug-ins. The buttons you can see on this site are simply linking to the social media presences of Burg Vital Hotel.
3. Information concerning our Facebook fanpage
We as operators use our Facebook fanpage and the “Page Insights” feature on the basis of our legitimate interests (article 6 (1) lit. f GDPR) to learn more about which groups of people interact with our fanpage. Due to this information, we can continually improve our online appearances and our hotel’s offers. Facebook is in charge of fulfilling most of the data controller’s responsibilities regarding the “Page Insights” feature. Therefore, Facebook provides the respective data processing information, responds to requests concerning data subject’s rights, guarantees user data security and reports data breaches to the competent authority. If you have any questions about how Facebook processes your personal data, please contact Facebook directly or consult Facebook’s data policy.