As of May 2020
VERBUND Tourismus GmbH, Europaplatz 2, 1150 Vienna, +43 5031 339 130, email@example.com ("we", "us"), it is of particular concern to adequately protect your personal data. We therefore observe the applicable legal provisions on the protection, lawful handling and confidentiality of personal data and data security: in particular the General Data Protection Regulation ("GDPR"), the Austrian Data Protection Act ("DSG") and the Telecommunications Act ("TKG"). This data protection declaration specifies how we collect and process personal data when you use our website www.berghotelmalta.at ("Website") and contact us. It also explains the options available to you on how to access and update this information.
1. What data do we process, for what purposes and on what legal basis?
You can always choose which and whether you want to share personal data with us. If you do not want to share certain data with us, then certain transactions with us could be affected.
1.1. Usage data
If you use our website, we collect information that also contains personal data: in particular the language settings, IP address, location, device settings, operating system of the device, access times, queried URLs, status, information about the browser, operating system, result of the visit ( Visitor or booker), browser history, previous bookings, user number of the booker, type of data viewed. We use this personal data to (i) improve our services and our website and increase user-friendliness, and (ii) to personalize the services for users of the website. The access data collected by you as part of the website use will only be used for statistical evaluations and in an aggregated form for the purpose of operating, security and optimizing the website (predominantly legitimate interests Art 6 Para 1 lit f GDPR).
We can also collect data via cookies and use social plugins on our site. You can find information on this in our cookie statement here.
1.2.1. Direct bookings
If you make a booking directly with us (e.g. by telephone, email, contact form or on-site), we process your first name, last name, email address, telephone number, address, possibly your message to us and the name of your Accompanying person (s) and credit card details (type of credit card, credit card number, name of cardholder, expiry date and security code) or other payment details to complete and manage your bookings. In addition, we process information about the guest's stay, including arrival and departure date, special requests, service requests (including room requests, equipment or other services used) in order to offer you the best possible stay with us. The processing of this personal data is necessary to fulfill the contract that you have concluded with us (Art 6 Para 1 lit b GDPR).
1.2.2. Online booking
If you make the booking using the online booking form provided on the website ("Book now" button), the booking is made via Booking.com. In this case, Booking.com processes your booking as an independent controller and provides us with the information under 1.2.1. mentioned data is available for further processing of the booking. The transmission of the data to us and the subsequent processing is therefore also carried out to fulfill our (pre-) contractual obligations towards you (Art 6 Para 1 lit b GDPR). For more information on Booking.com, see point 3 below.
1.2.3. Legal reporting data
The Berghotel Malta also collects data that is necessary due to legal obligations (registration law), such as: date of birth, place of birth, passport number or ID card number, nationality, as well as data from fellow travelers (gender, first name, last name, date of birth, place of birth, passport number or ID card number if applicable) , Nationality). The processing of this personal data is necessary in order to comply with legal obligations (Art 6 Para 1 lit c GDPR).
1.3. Package and special offers
If you make an inquiry about a package or special offer or book it, we will process the following data from you: name, email address, telephone number, travel dates and, if applicable, your message to us. If you already have a confirmed booking, we will also process the booking data. Processing takes place to answer your request and to manage your booking. The processing takes place to fulfill our (pre-) contractual obligations towards you (Art 6 Para 1 lit b GDPR).
1.4. Seminar room bookings
If you make a request for a seminar room using the online form, we will process your name, email address, possibly the telephone number, booking details and your message to us. We process this data in order to be able to answer your request and to manage the bookings. The processing takes place to fulfill our (pre-) contractual obligations towards you (Art 6 Para 1 lit b GDPR).
1.5. Event registrations
When you register for one of our events, information about you such as gender, title, name, address, information about accessibility such as telephone number and / or email address, possibly information about your company and your position and other event-related information will be processed . to manage your registration and to inform you about changes if necessary. The processing takes place to fulfill our (pre-) contractual obligations towards you (Art 6 Para 1 lit b GDPR).
If the registration is processed directly by the organizer, we receive no data from you and have no influence on the data processing by the organizer.
1.6. Image recordings (photos / videos)
If images are taken at our events, we will point this out in advance (e.g. by means of appropriate pictograms). The image recordings are processed for the purpose of documenting and presenting events, activities and events that are related to the work or task of VERBUND and thus also in printed and electronic media, especially on social media platforms (Facebook, Twitter, youtube etc.) published. This is done on the basis of our legitimate interests to increase the reputation of our company in the context of public relations and press work.
1.7. Customer service
If you contact us via the contact form, we will process your name, your email address, if necessary the telephone number and the content of your message. If you contact us by email or phone, we will process the personal data you have provided. We use this data to provide you with our customer service and to answer your inquiries. The processing takes place to fulfill our (pre-) contractual obligations towards you (Art 6 Para 1 lit b GDPR).
1.8. Marketing activities
We also use your data for marketing activities. This includes your name and email address and information that you provide regarding your marketing preferences or when participating in surveys, competitions and promotions. We process this data only on the basis of your voluntarily given consent (Art 6 Para 1 lit a GDPR) and to the extent you have chosen:
• Sending electronic direct marketing messages: commercial newsletters and marketing communications about new products and services or other offers that we think may be of interest to you;
• Surveys: If you use our service, we will send you a survey or invite you to leave a review of your experience on our website. This enables us to improve our website and our service based on your feedback.
You can revoke your consent to marketing activities at any time without giving reasons for all or individual purposes and with future effect (e.g. via a link at the end of each electronic message).
1.9. Analysis, improvements and research
We use personal data for research and analysis purposes. We can involve third parties to do this for us. We can share or disclose the results of this research in anonymous and summarized form, also to third parties. We use personal data for analysis purposes based on our legitimate interests (Art 6 Para 1 lit f GDPR), to improve our services and to improve the functionality and quality of our travel service.
1.10. Security, fraud detection and prevention
We use information, which may also include personal data, to prevent fraud and other illegal or other infringing activities. We use this information based on our legitimate interests (Art 6 Para 1 lit f GDPR) to investigate and determine cases of fraud. We can use personal data for risk assessment and security purposes, including user authentication. For these purposes, personal data may be shared with third parties, such as law enforcement agencies and external advisors, where permitted by law.
2nd Data transfer
We provide your personal data to the following external service providers (processors) to the extent necessary:
• to IT service providers and / or providers of data hosting or data processing or similar services;
• Service provider and provider of tools and software solutions. (For example, to enable booking payments, to send marketing materials or to provide analytical support services).
All of our processors process your data only on our behalf and on the basis of our instructions for the provision of the above-mentioned services. These service providers are bound by confidentiality clauses and are not permitted to use your personal data for their own or any other purpose.
We also transmit your personal data to the following recipients to the extent necessary:
• to any third parties who contribute to the fulfillment of our obligations towards you (e.g. parcel service providers for the delivery of postal items, payment service providers or banks for payment processing);
• to other external third parties to the extent necessary based on our legitimate interests (e.g. auditors, insurance in the event of insurance, legal representatives in the event of an event, etc.);
• Responsible authorities and other public bodies to the extent required by law (e.g. tax authorities).
2.1. International data transfers:
The transfer of personal data as described in this data protection declaration may include the transfer of the data to countries where the data protection laws are not as comprehensive as in the countries of the European Union. European legislation obliges us to only send personal data to recipients who can offer an adequate level of data protection. In these situations, we contractually oblige the recipient to ensure that your personal data is still protected in accordance with European standards. You can request a copy of the relevant contractual clauses from us using the contact details below.
3rd Third party
On the basis of our legitimate interests in the provision, optimization and economic operation of our online offer, we use other services and content from third parties within our online offer to integrate their content and services.
We use Booking.com BV, Herengracht 597, 1017 CE Amsterdam, the Netherlands (www.booking.com) (hereinafter referred to as Booking.com) to offer you an online booking service. We offer the content for this website and you book directly with us, but the bookings are processed by Booking.com on their own responsibility. The information you enter on this website is therefore shared with Booking.com and its affiliate partners. The information includes, for example, personal data such as your name, contact details, payment details, the names of the accompanying guests and other information that you entered during the booking.
3.2. Guest reviews on Booking.com
Your personal data could be shared with BookingSuite BV, Herengracht 597, 1017 CE Amsterdam, The Netherlands. BookingSuite operates this website and suite.booking.com. BookingSuite uses reasonable procedures to prevent unauthorized access and misuse of information, including personal data. Information on the handling of your personal data by BookingSuite can be found here: [Link https://www.booking.com/suite_privacy_policy.de.html?]
We use appropriate operational systems and procedures to secure and protect your personal information. We also use security procedures and technical and physical access restrictions and keep the personal data on our servers. Only authorized employees have access to personal data as part of their work. In addition, we and our employees are obliged to maintain data secrecy.
5. Storage period
We store your personal data only as long as it is necessary to fulfill our obligations to you. However, due to the retention requirements that apply to us, we usually save your data provided in connection with bookings
How do we share your personal information with third parties?
- Booking.com: We have teamed up with Booking.com B.V., located at Herengracht 597, 1017 CE Amsterdam, The Netherlands (www.booking.com) (hereafter Booking.com) to offer you our online reservation services. While we provide the content to this website and you make a reservation directly with us, the reservations are processed through Booking.com. The information you enter into this website will therefore also be shared with Booking.com and its affiliates. This information may include personal data such as your name, your contact details, your payment details, the names of guests traveling with you and any preferences you specified when making a booking. To find out more about the Booking.com corporate family, visit About Booking.com.
- BookingSuite: Your personal data may be shared with BookingSuite B.V. located at Herengracht 597, 1017 CE Amsterdam, the Netherlands, the company which operates this website and the website suite.booking.com.