Data protection
Michaela Geisler, Burgstall 361 - 6290 Schwendau
We use the following data when you conclude a contract with us
Master data:
Surname and first name, full address, all contact information (e.g. e-mail address, telephone number), information about the nature and content of our contractual relationship.
Other personal data that you or third parties provide to us with your consent or otherwise permissibly when initiating the contract, during the contractual relationship (e.g. for issuing a guest card) or to fulfill legal obligations:
Date of birth or age, marital status, gender, occupation, ID data, bank details, authority to sign or represent, contract commitment, notice/cancellation periods or other information about yourself that you have provided to us yourself.
Involvement of processors
The protection of your data is important to us. Even if we use a data processor (e.g. the company Feratel - guest directory in accordance with § 19 MeldeV), we ensure that the data processing takes place within the European Union.
- Obligation to report
According to the Austrian Registration Act, you are obliged to register with us using the data specified in § 5 and § 10 of the Registration Act. This concerns the following data:
Name, date of birth, gender, nationality, country of origin, address including zip code and - in the case of foreign guests - type, number, place of issue and issuing authority of a travel document as well as the date of arrival and departure.
1.2 Guest directory
We will keep this data in a guest directory on the basis of the legal obligation imposed on us in accordance with Section 19 of the Registration Act Implementation Ordinance and store it for a period of 7 (seven) years, unless it is processed for longer for other purposes mentioned in this data protection declaration.
The guest directory is managed electronically by us, whereby we forward the data to an IT processor for this purpose. The data is stored locally by this processor. The data is not transferred to a third country.
1.3 Forwarding of data
The data categories "Arrival", "Departure" linked to country of origin are forwarded to the municipality in which our accommodation facility is located in accordance with Section 6 of the Tourism Statistics Ordinance. Aggregated data on the total number of overnight stays and the persons who are obliged to pay the tourist tax must also be transmitted to the respective Mayrhofen Hippach Tourism Association to which we belong and/or the municipality. This is done on the basis of § 9 of the Tyrolean Residence Tax Act.
1.4 Legal basis of the processing operations
The processing pursuant to points 1.1 to 1.3 above is based on Art. 6 para. 1 lit. c GDPR (fulfillment of a legal obligation).
1.5 Additional data transmission to TVB/municipality
In addition, we forward your zip code and year of birth (in pseudonymized or anonymized form) to our municipality and our TVB for statistical purposes for the creation and evaluation of origin and age statistics by the tourism association. This forwarding is based on Art. 6 para. 1 lit. e (task in the public interest) and lit. f (overriding legitimate interests) GDPR. You can object to this at any time for reasons arising from your particular situation (Art. 21 para. 1 GDPR).
- Guest card
- General information
You have the option of using a guest card. The guest card entitles you to discounts and/or services at various companies in the region (e.g. discounted admission). The guest card is valid for the duration of your stay with us.
- Issuing the guest card
The guest card is only issued by the accommodation provider at your request. Depending on the guest card system used by the TVB and/or the accommodation provider, it is issued either in the form of
- an electronically generated guest card,
- a manually created guest card or
- of the carbon copy of the registration form
issued.
2.3 Processed personal data
The following personal data, which is determined from the registration data (see point 1 above), is processed for both the electronically generated and the manually created guest card:
First name, surname, date of birth and duration of stay (arrival/departure), country of origin, zip code.
If the guest card is issued in the form of a "registration form", this contains the content in accordance with § 5 in conjunction with § 9 of the Registration Act (see "Registration data" 1.1 above). In this case, there is no electronic processing for the purposes of the guest card.
When the guest card is used, the following personal data is also processed: Data on the usage cycle of the respective card, service usage, bookings, transaction logging, billing data, reference to the registration data and the accommodation provider.
The data is required to establish the identity and the period of validity of the guest card with the respective service provider and to enable the settlement of discounts between service providers, the TVB and, if applicable, the accommodation providers.
2.4 Legal basis of the processing operations
The data is processed for the purposes of the guest card either on the basis of your consent (Art. 6 para. 1 lit a GDPR) or, if the guest card is part of the service provision within the framework of the accommodation contract, for the purposes of fulfilling the contract (Art. 6 para. 1 lit b GDPR).
You can revoke your consent at any time verbally to the accommodation provider or in writing to the e-mail address info@leuhaus.at.
2.5 Operation of the guest card system
The guest card system is operated by the local tourism association ("TVB"). Local accommodation providers and local companies ("service providers") are also involved.
The data processed for the guest card will be deleted after 48 (forty-eight) months.
2.6 Recipients of the data
The local TVB receives the data processed for the purposes of the guest card for the purpose of billing the service providers and/or accommodation providers.
The individual service providers who grant discounted services on the basis of the guest card will also receive the data if you make use of the guest card services from these companies.
In order to claim benefits, you must present the respective guest card, on which the data is displayed, to the service provider and thus disclose it yourself. The service provider then checks whether the guest card is (still) valid, usually by reading the barcode on the guest card and transmitting the barcode data to our IT processor. In the process, personal data is also transmitted to the entrepreneur, in particular your identity data (to verify your identity and date of birth).
If the guest card is issued in the form of a "registration form", he will check its validity by means of the carbon copy of the "registration form".
- Other processing of your data
In principle, we only process data that is absolutely necessary for the conclusion or fulfillment of the contract. If you have also given us your consent to do so, we will process your data in order to send you information about our services until you withdraw your consent. We use the following communication channels for this purpose, provided you have named them to us:
Telephone, e-mail, SMS, post or social media channels.
- Data deletion
Your master data and other personal data will be deleted when they are no longer required to fulfill the purpose for which they were stored - usually after 7 (seven) years - or if storage becomes inadmissible for legal reasons.
Instead of deletion, the data can also be anonymized, which means that any personal reference is irretrievably removed.
- Cookies
Our website uses so-called cookies. These are small text files that are stored on your end device with the help of the browser. They do not cause any damage.
We use cookies to make our website more user-friendly. Some cookies remain stored on your end device until you delete them. They enable us to recognize your browser on your next visit.
If you do not want this, you can set up your browser so that it informs you about the setting of cookies and you only allow this in individual cases.
If cookies are deactivated, the functionality of our website may be restricted.
- Web analysis
Our website uses functions of the web analysis service Google Analytics. Cookies are used for this purpose, which enable your use of the website to be analyzed. The information generated in this way is transferred to the provider's server and stored there.
You can prevent this by setting up your browser so that no cookies are stored. We have concluded a corresponding contract with the provider for order processing.
- Newsletter
You have the option of subscribing to our newsletter via our website. To do this, we need your e-mail address and your declaration that you agree to receive the newsletter.
In order to provide you with targeted information, we also collect and process information voluntarily provided on areas of interest, date of birth and zip code [...].
As soon as you have registered for the newsletter, we will send you a confirmation e-mail with a link to confirm your registration.
You can cancel your subscription to the newsletter at any time. Please send your cancellation to the following e-mail address: info@leuhaus.at We will then immediately delete your data in connection with the newsletter mailing.
- Social media plug-ins
The operator uses so-called "embedded" social media plug-ins (interfaces to social networks) on the website. When you visit the website, the system automatically establishes a connection with the respective social network due to the integration of the plug-ins and transmits data (IP address, visit to the website, etc.).
The data transfer takes place without the intervention and outside the responsibility of the operator. The user can prevent this data transfer by logging out of the respective social networks before visiting the website. Only when "logged in" can the social network assign specific data to the user's activity profile through automatic data transmission.
The automatically transmitted data is used exclusively by the operators of the social networks and not by the operator. Further information on this, including the content of data collection by the social networks, can be found directly on the website of the relevant social network. The privacy settings can also be adjusted there.
The social networks integrated on the website are:
- Facebook ("like")
Facebook Inc, 1601 S California Ave, Palo Alto, CA, 94304, USA
Further information can be found at https://de-de.facebook.com/policy.php
Instagram, LLC Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA
Further information can be found at https://help.instagram.com/155833707900388
- You can assert the following rights with regard to the processing of your data:
- Right to information: You have the right to find out from us whether and to what extent we process your data.
Contact / responsible person:
Michaela Geisler | Burgstall 361 - 6290 Schwendau
- Your rights
In principle, you have the rights to information, correction, deletion, restriction, data portability, revocation and objection. If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the data protection authority.
- Right to lodge a complaint: If you believe that the processing of your personal data violates Austrian or European data protection law, please contact us to clarify any questions you may have. Of course, you have the right to lodge a complaint with the Austrian data protection authority or a supervisory authority within the EU.
- Confirmation of identity:
To protect your rights and your privacy, we are entitled to request proof of identity in case of doubt.
- Excessive use of rights:
If you make a manifestly unfounded or particularly frequent request for one of the aforementioned rights, we are entitled to charge a reasonable processing fee or to refuse to process the request.
- Obligation to cooperate:
As part of our duty to cooperate, we are obliged to hand over data in accordance with the statutory provisions (e.g. BAO, Registration Act, ZPO, StPO, ...) on request.
- Period of validity:
This privacy policy applies from May 25, 2018 and replaces the existing privacy policy.